In this release a number of rules have been added to the security policy as part of ongoing policy rebalancing efforts.
Microsoft Vulnerability CVE-2021-41379: A coding deficiency exists in Microsoft Windows Installer that may lead to an escalation of privilege.
Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 58635 through 58636.
Talos also has added and modified multiple rules in the browser-chrome, browser-firefox, browser-plugins, file-java, file-other, netbios, os-mobile, os-other, os-solaris, os-windows, policy-other, protocol-imap, protocol-nntp, protocol-pop, protocol-rpc, protocol-scada, protocol-services, protocol-snmp, server-apache, server-iis, server-mysql, server-oracle, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57938 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:57939 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58601 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58602 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58603 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58604 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58605 <-> DISABLED <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt (server-webapp.rules) * 1:58606 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58607 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58608 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58609 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58610 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58611 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58613 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58614 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58616 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58617 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58618 <-> DISABLED <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt (server-other.rules) * 1:58619 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58620 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58621 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58622 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58623 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58624 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58625 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58626 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58630 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58631 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58632 <-> ENABLED <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt (server-other.rules) * 1:58635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 3:58633 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules) * 3:58634 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules)
* 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29627 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP APPEND overflow attempt (protocol-imap.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP STATUS overflow attempt (protocol-imap.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:3078 <-> DISABLED <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (protocol-nntp.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:31368 <-> DISABLED <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt (server-webapp.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:31375 <-> DISABLED <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:31438 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32462 <-> DISABLED <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt (server-webapp.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:36542 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:36877 <-> DISABLED <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt (netbios.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:37657 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37658 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37659 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37660 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37661 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37662 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37732 <-> ENABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:42120 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:42121 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:47470 <-> DISABLED <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt (server-webapp.rules) * 1:49252 <-> DISABLED <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt (server-other.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49891 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49892 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules) * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:52268 <-> DISABLED <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt (server-webapp.rules) * 1:52333 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:52334 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:52478 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:57931 <-> ENABLED <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt (file-other.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (server-other.rules) * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24693 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:24704 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24705 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:27006 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:27123 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:27657 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27658 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:2927 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (os-windows.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:29505 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt (netbios.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (server-other.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (server-webapp.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (server-webapp.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (server-webapp.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (server-webapp.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (server-other.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (server-webapp.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (server-webapp.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:19938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:20134 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20177 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:20240 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20241 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20532 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091800.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58626 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58613 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58610 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58611 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58608 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58620 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58619 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58631 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58607 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58624 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58617 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58604 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58601 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58602 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58618 <-> DISABLED <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt (server-other.rules) * 1:57939 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58616 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58614 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58621 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58609 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58630 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58622 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58603 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:57938 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58632 <-> ENABLED <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt (server-other.rules) * 1:58623 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58625 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58605 <-> DISABLED <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt (server-webapp.rules) * 1:58606 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 3:58633 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules) * 3:58634 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules)
* 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt (netbios.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (server-other.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:31368 <-> DISABLED <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt (server-webapp.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:31375 <-> DISABLED <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32462 <-> DISABLED <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt (server-webapp.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:36542 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:36877 <-> DISABLED <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt (netbios.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:37657 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37658 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37659 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37660 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37661 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37662 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37732 <-> ENABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:42120 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:42121 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:47470 <-> DISABLED <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt (server-webapp.rules) * 1:49252 <-> DISABLED <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt (server-other.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49891 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49892 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules) * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:52268 <-> DISABLED <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt (server-webapp.rules) * 1:52333 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:52334 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:52478 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:57931 <-> ENABLED <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt (file-other.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (server-other.rules) * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:31438 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (server-webapp.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (server-webapp.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (server-webapp.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (server-webapp.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (server-other.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (server-webapp.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (server-webapp.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:19938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:20134 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20177 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:20240 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20241 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20532 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24693 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:24704 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24705 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:27006 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:27123 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:27657 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27658 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:2927 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (os-windows.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:29505 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29627 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP APPEND overflow attempt (protocol-imap.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP STATUS overflow attempt (protocol-imap.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:3078 <-> DISABLED <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (protocol-nntp.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58621 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58606 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58626 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58610 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58608 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58613 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58631 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58619 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58620 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58616 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58617 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58607 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58624 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58601 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58604 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58630 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58618 <-> DISABLED <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt (server-other.rules) * 1:57939 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58602 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58609 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58614 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58603 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58622 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58623 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:57938 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58632 <-> ENABLED <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt (server-other.rules) * 1:58605 <-> DISABLED <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt (server-webapp.rules) * 1:58636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58625 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58611 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 3:58633 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules) * 3:58634 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules)
* 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31368 <-> DISABLED <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt (server-webapp.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:31438 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:32462 <-> DISABLED <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt (server-webapp.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:36542 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:36877 <-> DISABLED <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt (netbios.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:37657 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37658 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37659 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:37660 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37661 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37662 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37732 <-> ENABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:47470 <-> DISABLED <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt (server-webapp.rules) * 1:31375 <-> DISABLED <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:42120 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:42121 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:49252 <-> DISABLED <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt (server-other.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49891 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49892 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules) * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:52268 <-> DISABLED <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt (server-webapp.rules) * 1:52333 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:52334 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:52478 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:57931 <-> ENABLED <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt (file-other.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (server-other.rules) * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt (netbios.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (server-other.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (server-webapp.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (server-webapp.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (server-webapp.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (server-webapp.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (server-webapp.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (server-webapp.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:19938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:20177 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20134 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:20241 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20240 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:20532 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24693 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:24705 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24704 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:27123 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:27006 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:27658 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27657 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:2927 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (os-windows.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29505 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29627 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP APPEND overflow attempt (protocol-imap.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP STATUS overflow attempt (protocol-imap.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:3078 <-> DISABLED <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (protocol-nntp.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:57938 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58601 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58623 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58622 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58616 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58625 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58614 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58630 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58626 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58620 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58624 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58607 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58606 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58605 <-> DISABLED <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt (server-webapp.rules) * 1:57939 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58632 <-> ENABLED <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt (server-other.rules) * 1:58618 <-> DISABLED <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt (server-other.rules) * 1:58609 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58604 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58621 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58602 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58611 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58619 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58603 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58610 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58608 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58631 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58617 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58613 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 3:58633 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules) * 3:58634 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules)
* 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:49252 <-> DISABLED <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt (server-other.rules) * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (server-other.rules) * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:57931 <-> ENABLED <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt (file-other.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:52334 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:37662 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:42121 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:37732 <-> ENABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:42120 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:32462 <-> DISABLED <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt (server-webapp.rules) * 1:36877 <-> DISABLED <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt (netbios.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:52478 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:37659 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:52333 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:37660 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37661 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:49891 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:37657 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (server-webapp.rules) * 1:31368 <-> DISABLED <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt (server-webapp.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt (netbios.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (server-other.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:49892 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules) * 1:47470 <-> DISABLED <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt (server-webapp.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:37658 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:52268 <-> DISABLED <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt (server-webapp.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:36542 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:31375 <-> DISABLED <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:31438 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (server-webapp.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (server-webapp.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (server-webapp.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (server-other.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (server-webapp.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (server-webapp.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:19938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:20134 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:20177 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20240 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:20532 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:20241 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24693 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24705 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24704 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:27006 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules) * 1:27657 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27123 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:27658 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:2927 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (os-windows.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:29505 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29627 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP APPEND overflow attempt (protocol-imap.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP STATUS overflow attempt (protocol-imap.rules) * 1:3078 <-> DISABLED <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (protocol-nntp.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58632 <-> ENABLED <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt (server-other.rules) * 1:58626 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58623 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58604 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58622 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58609 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58603 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58621 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58620 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58619 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58607 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58617 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58630 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58610 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:57938 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58605 <-> DISABLED <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt (server-webapp.rules) * 1:58625 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58602 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58618 <-> DISABLED <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt (server-other.rules) * 1:57939 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58608 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58631 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58624 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58613 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58616 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58606 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58601 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58611 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58614 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 3:58633 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules) * 3:58634 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules)
* 1:37657 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:31368 <-> DISABLED <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt (server-webapp.rules) * 1:31375 <-> DISABLED <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (server-other.rules) * 1:31438 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:27006 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:27657 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:27658 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:2927 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (os-windows.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:29505 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:27123 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:29627 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP APPEND overflow attempt (protocol-imap.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP STATUS overflow attempt (protocol-imap.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:3078 <-> DISABLED <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (protocol-nntp.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:49892 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:52334 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:32462 <-> DISABLED <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt (server-webapp.rules) * 1:47470 <-> DISABLED <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt (server-webapp.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:57931 <-> ENABLED <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt (file-other.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:37658 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:37662 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:36877 <-> DISABLED <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt (netbios.rules) * 1:37732 <-> ENABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:37661 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:52333 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:42121 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49252 <-> DISABLED <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt (server-other.rules) * 1:37660 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:37659 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:52268 <-> DISABLED <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt (server-webapp.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:42120 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:49891 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:52478 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:36542 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt (netbios.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (server-other.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (server-webapp.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (server-webapp.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (server-webapp.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (server-webapp.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (server-other.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (server-webapp.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (server-webapp.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:20177 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20134 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:20241 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:19938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:20532 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:20240 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24704 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24705 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:24693 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58625 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58632 <-> ENABLED <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt (server-other.rules) * 1:58623 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58614 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58604 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58631 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58611 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58605 <-> DISABLED <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt (server-webapp.rules) * 1:58606 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:57938 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58616 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58609 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58630 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58622 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58621 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58603 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:57939 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58618 <-> DISABLED <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt (server-other.rules) * 1:58613 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58619 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58607 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58617 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58624 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58620 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58610 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58608 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58602 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58601 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58626 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 3:58633 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules) * 3:58634 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules)
* 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:37662 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37661 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules) * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:42121 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:52333 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:37658 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:36542 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:49892 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:36877 <-> DISABLED <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt (netbios.rules) * 1:37732 <-> ENABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:37657 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:37660 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:47470 <-> DISABLED <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt (server-webapp.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (server-webapp.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (server-webapp.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:31375 <-> DISABLED <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:31368 <-> DISABLED <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt (server-webapp.rules) * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (server-other.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt (netbios.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (server-webapp.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (server-other.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:52478 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (server-webapp.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:42120 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:37659 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:31438 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (server-other.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (server-webapp.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (server-webapp.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:20177 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:19938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:20134 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:20241 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20240 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:20532 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:24693 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24705 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:24704 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:27657 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:27006 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:29505 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:27123 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:2927 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (os-windows.rules) * 1:27658 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29627 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP APPEND overflow attempt (protocol-imap.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP STATUS overflow attempt (protocol-imap.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:3078 <-> DISABLED <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (protocol-nntp.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:57931 <-> ENABLED <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt (file-other.rules) * 1:52334 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:52268 <-> DISABLED <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt (server-webapp.rules) * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:49252 <-> DISABLED <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt (server-other.rules) * 1:32462 <-> DISABLED <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt (server-webapp.rules) * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:49891 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58608 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58611 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:57938 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58630 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58616 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58625 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58618 <-> DISABLED <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt (server-other.rules) * 1:58603 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58609 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58602 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58619 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58631 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58601 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58613 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58626 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58606 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58632 <-> ENABLED <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt (server-other.rules) * 1:58636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58610 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58614 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58605 <-> DISABLED <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt (server-webapp.rules) * 1:58612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58624 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58604 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58617 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:57939 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58607 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58620 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58621 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58623 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58622 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 3:58633 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules) * 3:58634 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules)
* 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:49252 <-> DISABLED <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt (server-other.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt (netbios.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:52334 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:3078 <-> DISABLED <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (protocol-nntp.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP APPEND overflow attempt (protocol-imap.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:57931 <-> ENABLED <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt (file-other.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:32462 <-> DISABLED <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt (server-webapp.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (server-other.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:47470 <-> DISABLED <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt (server-webapp.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:49891 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:36542 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:31438 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:31375 <-> DISABLED <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:31368 <-> DISABLED <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt (server-webapp.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:36877 <-> DISABLED <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt (netbios.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:52333 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:42121 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (server-other.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:52268 <-> DISABLED <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt (server-webapp.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (server-webapp.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (server-webapp.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (server-webapp.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (server-webapp.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (server-other.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (server-webapp.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (server-webapp.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:20134 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:20177 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:20240 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:20532 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:20241 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:24693 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24705 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:24704 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:27123 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:27658 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:27006 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:2927 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (os-windows.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:27657 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29505 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29627 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:37657 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37658 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37659 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:42120 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:37660 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37661 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37662 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules) * 1:37732 <-> ENABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP STATUS overflow attempt (protocol-imap.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:49892 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:52478 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58609 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:57939 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58622 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58603 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58626 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58606 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:57938 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58625 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58608 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58619 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58613 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58607 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58632 <-> ENABLED <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt (server-other.rules) * 1:58620 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58617 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58604 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58614 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58623 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58621 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58618 <-> DISABLED <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt (server-other.rules) * 1:58605 <-> DISABLED <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt (server-webapp.rules) * 1:58630 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58602 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58611 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58610 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58616 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58631 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58624 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58601 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 3:58633 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules) * 3:58634 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules)
* 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP APPEND overflow attempt (protocol-imap.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:42121 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:31368 <-> DISABLED <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt (server-webapp.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:57931 <-> ENABLED <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt (file-other.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:52478 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29627 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:49892 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt (netbios.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (server-other.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (server-webapp.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (server-webapp.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (server-webapp.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (server-webapp.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (server-webapp.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (server-webapp.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:20241 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:19938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:20177 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:20134 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:20240 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:20532 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:24704 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:24705 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:24693 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:32462 <-> DISABLED <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt (server-webapp.rules) * 1:42120 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:31438 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules) * 1:37659 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:31375 <-> DISABLED <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:52334 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:36542 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:37661 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules) * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:52268 <-> DISABLED <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt (server-webapp.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:36877 <-> DISABLED <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt (netbios.rules) * 1:37732 <-> ENABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:52333 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:37662 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:49252 <-> DISABLED <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt (server-other.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:47470 <-> DISABLED <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt (server-webapp.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:37660 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:49891 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:37658 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:27006 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:27657 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:2927 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (os-windows.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:29505 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:27123 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:27658 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:3078 <-> DISABLED <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (protocol-nntp.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP STATUS overflow attempt (protocol-imap.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:37657 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58623 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58622 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58620 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58625 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58630 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58613 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58605 <-> DISABLED <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt (server-webapp.rules) * 1:57939 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58618 <-> DISABLED <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt (server-other.rules) * 1:58606 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58602 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58603 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58608 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:57938 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58614 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58631 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58621 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58624 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58617 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58609 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58616 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58619 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58626 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58604 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58601 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58607 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58632 <-> ENABLED <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt (server-other.rules) * 1:58610 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58611 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 3:58633 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules) * 3:58634 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules)
* 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:42121 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:47470 <-> DISABLED <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt (server-webapp.rules) * 1:20241 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP APPEND overflow attempt (protocol-imap.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:31375 <-> DISABLED <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:36877 <-> DISABLED <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt (netbios.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:31438 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:42120 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:37732 <-> ENABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:57931 <-> ENABLED <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt (file-other.rules) * 1:32462 <-> DISABLED <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt (server-webapp.rules) * 1:27123 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:49891 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:37660 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:37662 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:49252 <-> DISABLED <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt (server-other.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:37658 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37661 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt (netbios.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:31368 <-> DISABLED <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt (server-webapp.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:52268 <-> DISABLED <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt (server-webapp.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:29627 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:3078 <-> DISABLED <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (protocol-nntp.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:20532 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:20134 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:19938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:20240 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:52334 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:27658 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:27657 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:27006 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (server-other.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:52478 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:24704 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:24705 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24693 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:52333 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:36542 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:49892 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:37659 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:37657 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (server-other.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:20177 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (server-webapp.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (server-webapp.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (server-other.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (server-webapp.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (server-webapp.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (server-webapp.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (server-webapp.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules) * 1:29505 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:2927 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (os-windows.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP STATUS overflow attempt (protocol-imap.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58623 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58630 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58605 <-> DISABLED <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt (server-webapp.rules) * 1:58611 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58604 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:57939 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58601 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58618 <-> DISABLED <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt (server-other.rules) * 1:58632 <-> ENABLED <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt (server-other.rules) * 1:58625 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58622 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58602 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58617 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58616 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58621 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58614 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58607 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58626 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58619 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58608 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:57938 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58609 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58631 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58603 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58620 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58606 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58624 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58613 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58610 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 3:58633 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules) * 3:58634 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt (file-other.rules)
* 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:31375 <-> DISABLED <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:52268 <-> DISABLED <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt (server-webapp.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:24705 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:27123 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:27658 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:37659 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:31438 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:2927 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (os-windows.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP STATUS overflow attempt (protocol-imap.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:24704 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:29505 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:3078 <-> DISABLED <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (protocol-nntp.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:29627 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:24693 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:36542 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:52333 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:52334 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:32462 <-> DISABLED <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt (server-webapp.rules) * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:42121 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:42120 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:37662 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:37657 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:27006 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP APPEND overflow attempt (protocol-imap.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:31368 <-> DISABLED <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt (server-webapp.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:37658 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:49252 <-> DISABLED <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt (server-other.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:52478 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:37661 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:47470 <-> DISABLED <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt (server-webapp.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt (netbios.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (server-other.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (server-webapp.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (server-webapp.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (server-webapp.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (server-webapp.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (server-other.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (server-webapp.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (server-webapp.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:19938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:20134 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:20240 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:20241 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:20177 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20532 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (server-other.rules) * 1:49891 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:37660 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:49892 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:57931 <-> ENABLED <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt (file-other.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:36877 <-> DISABLED <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt (netbios.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:27657 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:37732 <-> ENABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58620 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (snort3-os-other.rules) * 1:57939 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (snort3-browser-chrome.rules) * 1:58626 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (snort3-server-other.rules) * 1:58617 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (snort3-os-windows.rules) * 1:58615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (snort3-os-windows.rules) * 1:58612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (snort3-browser-firefox.rules) * 1:58621 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (snort3-file-other.rules) * 1:58630 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (snort3-file-other.rules) * 1:58604 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (snort3-os-mobile.rules) * 1:57938 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (snort3-browser-chrome.rules) * 1:58602 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (snort3-server-webapp.rules) * 1:58618 <-> DISABLED <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt (snort3-server-other.rules) * 1:58614 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (snort3-browser-chrome.rules) * 1:58619 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (snort3-os-other.rules) * 1:58623 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (snort3-server-other.rules) * 1:58632 <-> ENABLED <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt (snort3-server-other.rules) * 1:58635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (snort3-os-windows.rules) * 1:58622 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (snort3-file-other.rules) * 1:58603 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (snort3-os-mobile.rules) * 1:58611 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (snort3-browser-firefox.rules) * 1:58636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (snort3-os-windows.rules) * 1:58605 <-> DISABLED <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt (snort3-server-webapp.rules) * 1:58610 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (snort3-os-other.rules) * 1:58613 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (snort3-browser-chrome.rules) * 1:58631 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (snort3-file-other.rules) * 1:58606 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (snort3-server-webapp.rules) * 1:58616 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (snort3-os-windows.rules) * 1:58601 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (snort3-server-webapp.rules) * 1:58608 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (snort3-server-webapp.rules) * 1:58609 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (snort3-os-other.rules) * 1:58625 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (snort3-server-other.rules) * 1:58624 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (snort3-server-other.rules) * 1:58607 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (snort3-server-webapp.rules)
* 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (snort3-protocol-imap.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (snort3-server-other.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (snort3-server-webapp.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (snort3-server-other.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (snort3-server-other.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (snort3-server-webapp.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (snort3-protocol-rpc.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (snort3-protocol-services.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (snort3-protocol-imap.rules) * 1:52333 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (snort3-os-solaris.rules) * 1:52334 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (snort3-os-solaris.rules) * 1:49891 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (snort3-server-other.rules) * 1:49252 <-> DISABLED <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt (snort3-server-other.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (snort3-server-webapp.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (snort3-server-webapp.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (snort3-server-webapp.rules) * 1:47470 <-> DISABLED <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt (snort3-server-webapp.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (snort3-server-other.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (snort3-server-webapp.rules) * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (snort3-server-other.rules) * 1:52478 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (snort3-protocol-scada.rules) * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (snort3-server-webapp.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (snort3-server-webapp.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (snort3-server-webapp.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (snort3-server-other.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (snort3-server-other.rules) * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (snort3-server-webapp.rules) * 1:42121 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (snort3-server-webapp.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (snort3-server-webapp.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (snort3-server-webapp.rules) * 1:36542 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (snort3-server-webapp.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (snort3-server-other.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (snort3-server-other.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (snort3-server-webapp.rules) * 1:36877 <-> DISABLED <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt (snort3-netbios.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (snort3-netbios.rules) * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (snort3-server-other.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (snort3-server-webapp.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (snort3-server-webapp.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (snort3-server-other.rules) * 1:37657 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (snort3-server-webapp.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (snort3-server-webapp.rules) * 1:49892 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (snort3-server-other.rules) * 1:31375 <-> DISABLED <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:37658 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (snort3-server-webapp.rules) * 1:37659 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (snort3-server-webapp.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (snort3-server-webapp.rules) * 1:32462 <-> DISABLED <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt (snort3-server-webapp.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (snort3-policy-other.rules) * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (snort3-server-webapp.rules) * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (snort3-server-other.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (snort3-server-other.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (snort3-netbios.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (snort3-netbios.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (snort3-policy-other.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (snort3-server-other.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (snort3-netbios.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (snort3-netbios.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (snort3-server-other.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt (snort3-netbios.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (snort3-server-other.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (snort3-server-other.rules) * 1:57931 <-> ENABLED <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt (snort3-file-other.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (snort3-netbios.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (snort3-server-other.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (snort3-server-webapp.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (snort3-os-windows.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (snort3-server-other.rules) * 1:37660 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (snort3-server-webapp.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (snort3-netbios.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (snort3-netbios.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (snort3-netbios.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (snort3-netbios.rules) * 1:37661 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (snort3-server-webapp.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (snort3-netbios.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (snort3-netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (snort3-netbios.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (snort3-server-other.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (snort3-server-other.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (snort3-netbios.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (snort3-netbios.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (snort3-netbios.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (snort3-netbios.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (snort3-netbios.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (snort3-netbios.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (snort3-server-webapp.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (snort3-protocol-rpc.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (snort3-protocol-rpc.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (snort3-protocol-services.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (snort3-server-other.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (snort3-server-other.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (snort3-server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (snort3-server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (snort3-server-other.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (snort3-netbios.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (snort3-netbios.rules) * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (snort3-server-webapp.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (snort3-netbios.rules) * 1:31438 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (snort3-protocol-scada.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (snort3-server-webapp.rules) * 1:37662 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (snort3-server-webapp.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (snort3-netbios.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (snort3-netbios.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (snort3-server-other.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (snort3-server-webapp.rules) * 1:31368 <-> DISABLED <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt (snort3-server-webapp.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (snort3-server-other.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (snort3-server-other.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (snort3-server-other.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (snort3-server-iis.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (snort3-server-other.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (snort3-protocol-scada.rules) * 1:37732 <-> ENABLED <-> POLICY-OTHER eicar test string download attempt (snort3-policy-other.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (snort3-server-other.rules) * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (snort3-server-webapp.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (snort3-server-webapp.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (snort3-protocol-imap.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (snort3-os-solaris.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (snort3-file-java.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (snort3-server-other.rules) * 1:42120 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (snort3-server-webapp.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (snort3-server-other.rules) * 1:52268 <-> DISABLED <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt (snort3-server-webapp.rules) * 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (snort3-server-webapp.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (snort3-netbios.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (snort3-server-webapp.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (snort3-server-other.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (snort3-os-solaris.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (snort3-server-webapp.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (snort3-server-webapp.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (snort3-server-other.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (snort3-server-webapp.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (snort3-server-other.rules) * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (snort3-netbios.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (snort3-server-other.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (snort3-server-iis.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (snort3-protocol-snmp.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (snort3-protocol-snmp.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (snort3-server-other.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (snort3-server-other.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (snort3-server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (snort3-server-other.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (snort3-server-other.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (snort3-server-oracle.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (snort3-server-other.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (snort3-server-other.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (snort3-server-other.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (snort3-server-webapp.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (snort3-server-other.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (snort3-server-other.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (snort3-protocol-imap.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (snort3-os-windows.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (snort3-server-other.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (snort3-server-other.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (snort3-server-webapp.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (snort3-server-webapp.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (snort3-server-other.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (snort3-server-other.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (snort3-server-mysql.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (snort3-server-other.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (snort3-server-webapp.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (snort3-server-samba.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (snort3-server-samba.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (snort3-server-other.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (snort3-server-other.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (snort3-server-other.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (snort3-server-oracle.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (snort3-server-other.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (snort3-protocol-pop.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (snort3-server-oracle.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (snort3-server-other.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (snort3-server-webapp.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (snort3-server-webapp.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (snort3-server-other.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (snort3-protocol-rpc.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (snort3-server-webapp.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (snort3-server-webapp.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (snort3-protocol-rpc.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (snort3-server-other.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (snort3-server-apache.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (snort3-protocol-rpc.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (snort3-server-webapp.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (snort3-server-other.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (snort3-server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (snort3-server-webapp.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (snort3-server-other.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (snort3-server-oracle.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (snort3-server-other.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (snort3-netbios.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (snort3-netbios.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (snort3-netbios.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (snort3-os-windows.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (snort3-server-iis.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (snort3-server-other.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (snort3-server-other.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (snort3-server-other.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (snort3-server-webapp.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (snort3-server-webapp.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (snort3-os-windows.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (snort3-protocol-scada.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (snort3-protocol-imap.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (snort3-server-webapp.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (snort3-server-webapp.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (snort3-server-webapp.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (snort3-server-other.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (snort3-server-other.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (snort3-server-other.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (snort3-protocol-rpc.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (snort3-server-webapp.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (snort3-server-other.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (snort3-server-other.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (snort3-server-other.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (snort3-protocol-scada.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (snort3-protocol-scada.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (snort3-protocol-scada.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (snort3-protocol-scada.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (snort3-protocol-scada.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (snort3-protocol-scada.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (snort3-server-webapp.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (snort3-server-webapp.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (snort3-server-other.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (snort3-server-webapp.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (snort3-server-webapp.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (snort3-server-webapp.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (snort3-server-other.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (snort3-server-other.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (snort3-server-webapp.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (snort3-server-webapp.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (snort3-server-webapp.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (snort3-server-webapp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (snort3-protocol-snmp.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (snort3-server-webapp.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (snort3-server-webapp.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (snort3-server-webapp.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (snort3-server-other.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (snort3-server-other.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (snort3-server-webapp.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (snort3-server-webapp.rules) * 1:19938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (snort3-server-other.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (snort3-protocol-scada.rules) * 1:20134 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (snort3-server-other.rules) * 1:20177 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (snort3-protocol-scada.rules) * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (snort3-protocol-scada.rules) * 1:20240 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:20241 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:20532 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (snort3-server-webapp.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (snort3-server-webapp.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (snort3-server-webapp.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (snort3-server-other.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (snort3-server-webapp.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (snort3-server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (snort3-server-other.rules) * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (snort3-server-other.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (snort3-server-other.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (snort3-server-other.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (snort3-server-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (snort3-protocol-scada.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (snort3-server-webapp.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (snort3-server-other.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (snort3-server-other.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (snort3-server-other.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (snort3-protocol-scada.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (snort3-server-other.rules) * 1:24693 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:24704 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (snort3-server-webapp.rules) * 1:24705 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (snort3-server-webapp.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (snort3-server-webapp.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (snort3-server-webapp.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (snort3-server-other.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (snort3-server-webapp.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (snort3-server-webapp.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (snort3-server-other.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (snort3-server-other.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (snort3-server-other.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (snort3-server-other.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (snort3-server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (snort3-server-other.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (snort3-server-other.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (snort3-server-webapp.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (snort3-server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (snort3-server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (snort3-server-other.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (snort3-protocol-scada.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (snort3-os-windows.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (snort3-server-other.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (snort3-server-webapp.rules) * 1:27006 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (snort3-server-webapp.rules) * 1:27123 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (snort3-server-other.rules) * 1:27657 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (snort3-browser-plugins.rules) * 1:27658 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (snort3-browser-plugins.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (snort3-server-webapp.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (snort3-server-webapp.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (snort3-server-webapp.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (snort3-server-webapp.rules) * 1:2927 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (snort3-os-windows.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (snort3-server-webapp.rules) * 1:29505 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (snort3-protocol-scada.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (snort3-server-webapp.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (snort3-protocol-scada.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (snort3-server-other.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (snort3-server-other.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (snort3-server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (snort3-server-other.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (snort3-server-other.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (snort3-server-other.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (snort3-server-other.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (snort3-protocol-scada.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (snort3-server-webapp.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (snort3-server-other.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (snort3-server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (snort3-server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (snort3-server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (snort3-server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (snort3-server-other.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (snort3-server-other.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (snort3-server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (snort3-server-other.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules) * 1:29627 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (snort3-server-other.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (snort3-server-other.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (snort3-protocol-imap.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (snort3-server-webapp.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (snort3-server-other.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (snort3-server-other.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (snort3-server-other.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (snort3-server-other.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (snort3-server-other.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (snort3-server-other.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP APPEND overflow attempt (snort3-protocol-imap.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (snort3-protocol-imap.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP STATUS overflow attempt (snort3-protocol-imap.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (snort3-server-other.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (snort3-protocol-imap.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (snort3-protocol-imap.rules) * 1:3078 <-> DISABLED <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (snort3-protocol-nntp.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (snort3-server-other.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (snort3-server-other.rules) * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (snort3-server-webapp.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (snort3-server-webapp.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (snort3-server-webapp.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (snort3-server-other.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (snort3-server-other.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (snort3-server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:58620 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58635 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58604 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58625 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58624 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58611 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58603 <-> DISABLED <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt (os-mobile.rules) * 1:58618 <-> DISABLED <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt (server-other.rules) * 1:58623 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58632 <-> ENABLED <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt (server-other.rules) * 1:58636 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt (os-windows.rules) * 1:58616 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58607 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58605 <-> DISABLED <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt (server-webapp.rules) * 1:57939 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58615 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58609 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:57938 <-> DISABLED <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt (browser-chrome.rules) * 1:58601 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58614 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58622 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58612 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt (browser-firefox.rules) * 1:58626 <-> DISABLED <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt (server-other.rules) * 1:58619 <-> DISABLED <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt (os-other.rules) * 1:58610 <-> DISABLED <-> OS-OTHER Apple macOS kernel memory leak attempt (os-other.rules) * 1:58613 <-> ENABLED <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt (browser-chrome.rules) * 1:58631 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58621 <-> DISABLED <-> FILE-OTHER Apple iOS Webkit universal XSS attempt (file-other.rules) * 1:58630 <-> DISABLED <-> FILE-OTHER VMware Fusion privilege escalation attempt (file-other.rules) * 1:58608 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules) * 1:58602 <-> DISABLED <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt (server-webapp.rules) * 1:58617 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:58606 <-> DISABLED <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt (server-webapp.rules)
* 1:39459 <-> DISABLED <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt (server-webapp.rules) * 1:12335 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt (netbios.rules) * 1:5702 <-> DISABLED <-> PROTOCOL-IMAP subscribe directory traversal attempt (protocol-imap.rules) * 1:57931 <-> ENABLED <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt (file-other.rules) * 1:46330 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:4681 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:31771 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:29603 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:12362 <-> DISABLED <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt (server-webapp.rules) * 1:13522 <-> DISABLED <-> SERVER-OTHER Firebird Database Server username handling buffer overflow (server-other.rules) * 1:51686 <-> DISABLED <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt (server-webapp.rules) * 1:49890 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:24221 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:5704 <-> DISABLED <-> PROTOCOL-IMAP SELECT overflow attempt (protocol-imap.rules) * 1:6414 <-> DISABLED <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:49893 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:52268 <-> DISABLED <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt (server-webapp.rules) * 1:3078 <-> DISABLED <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt (protocol-nntp.rules) * 1:5316 <-> DISABLED <-> SERVER-OTHER CA CAM log_security overflow attempt (server-other.rules) * 1:44312 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:49892 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:11960 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:51974 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:49252 <-> DISABLED <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt (server-other.rules) * 1:31148 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:591 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request TCP (protocol-rpc.rules) * 1:37446 <-> DISABLED <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt (server-other.rules) * 1:44151 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:30555 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:30554 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt (server-other.rules) * 1:11961 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:8441 <-> DISABLED <-> SERVER-WEBAPP McAfee header buffer overflow attempt (server-webapp.rules) * 1:30553 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:29105 <-> DISABLED <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt (server-webapp.rules) * 1:6512 <-> DISABLED <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt (server-other.rules) * 1:12341 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt (netbios.rules) * 1:11196 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:3072 <-> DISABLED <-> PROTOCOL-IMAP STATUS overflow attempt (protocol-imap.rules) * 1:43068 <-> DISABLED <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt (server-other.rules) * 1:47470 <-> DISABLED <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt (server-webapp.rules) * 1:28052 <-> DISABLED <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt (server-webapp.rules) * 1:46329 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:3457 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt (server-other.rules) * 1:51975 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:43067 <-> ENABLED <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt (protocol-imap.rules) * 1:32349 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:49891 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:32462 <-> DISABLED <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt (server-webapp.rules) * 1:50828 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:31373 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:52478 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:9632 <-> DISABLED <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt (server-other.rules) * 1:42120 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:24222 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:23096 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:24693 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:24480 <-> DISABLED <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt (protocol-scada.rules) * 1:24704 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:24914 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:24705 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt (server-webapp.rules) * 1:25059 <-> DISABLED <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt (server-other.rules) * 1:25334 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25318 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:25335 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25338 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25339 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25336 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:25654 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:25655 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:2589 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt (os-windows.rules) * 1:25340 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:26394 <-> DISABLED <-> SERVER-OTHER Bopup Communications server buffer overflow attempt (server-other.rules) * 1:25656 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt (server-other.rules) * 1:42110 <-> DISABLED <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt (server-webapp.rules) * 1:31337 <-> DISABLED <-> SERVER-OTHER Nagios NRPE command execution attempt (server-other.rules) * 1:11680 <-> DISABLED <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt (server-webapp.rules) * 1:51976 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:12596 <-> DISABLED <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt (server-other.rules) * 1:12916 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt (netbios.rules) * 1:37660 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:12784 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:51972 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:36542 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:31438 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:51973 <-> DISABLED <-> SERVER-WEBAPP SolarWinds Storage Manager directory traversal attempt (server-webapp.rules) * 1:4126 <-> DISABLED <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash (server-other.rules) * 1:51582 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt (server-webapp.rules) * 1:44672 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:46331 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:42121 <-> DISABLED <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt (server-webapp.rules) * 1:12458 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt (protocol-rpc.rules) * 1:52334 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:21752 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt (server-other.rules) * 1:12786 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:37804 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:31368 <-> DISABLED <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt (server-webapp.rules) * 1:44671 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:12347 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt (netbios.rules) * 1:31375 <-> DISABLED <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:42226 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:3454 <-> DISABLED <-> SERVER-OTHER Arkeia client backup generic info probe (server-other.rules) * 1:32348 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:3453 <-> DISABLED <-> SERVER-OTHER Arkeia client backup system info probe (server-other.rules) * 1:3517 <-> DISABLED <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt (server-other.rules) * 1:3697 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt (netbios.rules) * 1:37659 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:610 <-> DISABLED <-> PROTOCOL-SERVICES rsh root (protocol-services.rules) * 1:29534 <-> DISABLED <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt (protocol-scada.rules) * 1:37732 <-> ENABLED <-> POLICY-OTHER eicar test string download attempt (policy-other.rules) * 1:38271 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt (server-other.rules) * 1:31238 <-> DISABLED <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt (server-other.rules) * 1:29502 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:29516 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29529 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt (server-other.rules) * 1:23330 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29586 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:29630 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:29628 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29590 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:24223 <-> DISABLED <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt (server-other.rules) * 1:27657 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:29505 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:29584 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt (server-webapp.rules) * 1:29517 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt (server-other.rules) * 1:29611 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules) * 1:3074 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt (protocol-imap.rules) * 1:27658 <-> DISABLED <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt (browser-plugins.rules) * 1:29531 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt (server-other.rules) * 1:12785 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:29589 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:11684 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS overflow attempt (os-windows.rules) * 1:27797 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt (server-webapp.rules) * 1:29530 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt (server-other.rules) * 1:29588 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt (server-other.rules) * 1:3007 <-> DISABLED <-> PROTOCOL-IMAP command overflow attempt (protocol-imap.rules) * 1:29591 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt (server-other.rules) * 1:3070 <-> DISABLED <-> PROTOCOL-IMAP fetch overflow attempt (protocol-imap.rules) * 1:3073 <-> DISABLED <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt (protocol-imap.rules) * 1:29532 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt (server-other.rules) * 1:27123 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt (server-other.rules) * 1:26548 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:3066 <-> DISABLED <-> PROTOCOL-IMAP APPEND overflow attempt (protocol-imap.rules) * 1:29511 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt (server-webapp.rules) * 1:29528 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt (server-other.rules) * 1:12332 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt (netbios.rules) * 1:2927 <-> DISABLED <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt (os-windows.rules) * 1:31149 <-> DISABLED <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt (server-webapp.rules) * 1:24147 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:29515 <-> DISABLED <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt (protocol-scada.rules) * 1:29626 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:29585 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt (server-other.rules) * 1:30507 <-> DISABLED <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt (server-other.rules) * 1:30556 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt (server-other.rules) * 1:29587 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt (server-other.rules) * 1:12667 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt (server-other.rules) * 1:29629 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:12922 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt (netbios.rules) * 1:37805 <-> DISABLED <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt (file-java.rules) * 1:44311 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:50829 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt (server-other.rules) * 1:32056 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:6507 <-> DISABLED <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt (server-webapp.rules) * 1:12910 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt (netbios.rules) * 1:9806 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt (netbios.rules) * 1:12424 <-> DISABLED <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt (protocol-rpc.rules) * 1:10998 <-> DISABLED <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow (server-other.rules) * 1:12326 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt (netbios.rules) * 1:39875 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:3084 <-> DISABLED <-> SERVER-OTHER Veritas backup overflow attempt (server-other.rules) * 1:44310 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt (server-webapp.rules) * 1:21914 <-> DISABLED <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt (server-other.rules) * 1:11959 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules) * 1:11670 <-> DISABLED <-> SERVER-OTHER Symantec Discovery logging buffer overflow (server-other.rules) * 1:37657 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:44202 <-> DISABLED <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt (server-other.rules) * 1:604 <-> DISABLED <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt (protocol-services.rules) * 1:37661 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:29627 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules) * 1:9790 <-> DISABLED <-> SERVER-OTHER HP-UX lpd command execution attempt (server-other.rules) * 1:36803 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt (server-other.rules) * 1:33875 <-> DISABLED <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt (policy-other.rules) * 1:37662 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:36877 <-> DISABLED <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt (netbios.rules) * 1:3458 <-> DISABLED <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt (server-other.rules) * 1:40880 <-> DISABLED <-> SERVER-WEBAPP Multiple products invalid HTTP request attempt (server-webapp.rules) * 1:38270 <-> DISABLED <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt (server-other.rules) * 1:32347 <-> DISABLED <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt (server-webapp.rules) * 1:37658 <-> DISABLED <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt (server-webapp.rules) * 1:52333 <-> DISABLED <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt (os-solaris.rules) * 1:46332 <-> DISABLED <-> SERVER-WEBAPP SearchBlox unauthorized access attempt (server-webapp.rules) * 1:24512 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules) * 1:25319 <-> DISABLED <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt (server-webapp.rules) * 1:24913 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt (server-webapp.rules) * 1:25534 <-> DISABLED <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt (server-webapp.rules) * 1:25337 <-> DISABLED <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt (server-other.rules) * 1:27006 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:25849 <-> DISABLED <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt (protocol-scada.rules) * 1:27796 <-> DISABLED <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt (server-webapp.rules) * 1:51045 <-> DISABLED <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt (server-other.rules) * 1:44673 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:31365 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:10018 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt (netbios.rules) * 1:21233 <-> DISABLED <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt (server-webapp.rules) * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules) * 1:10010 <-> DISABLED <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt (server-other.rules) * 1:10407 <-> DISABLED <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt (server-other.rules) * 1:10187 <-> DISABLED <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow (server-other.rules) * 1:10202 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt (netbios.rules) * 1:10030 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt (netbios.rules) * 1:11955 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:10486 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt (netbios.rules) * 1:11442 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules) * 1:10208 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt (netbios.rules) * 1:12079 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt (server-other.rules) * 1:11956 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules) * 1:11962 <-> DISABLED <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules) * 1:11945 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules) * 1:13221 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules) * 1:12307 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt (netbios.rules) * 1:12928 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt (netbios.rules) * 1:12078 <-> DISABLED <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow (server-other.rules) * 1:13519 <-> DISABLED <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt (server-other.rules) * 1:13363 <-> DISABLED <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt (server-other.rules) * 1:13365 <-> DISABLED <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt (server-other.rules) * 1:12934 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt (netbios.rules) * 1:13804 <-> DISABLED <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt (server-other.rules) * 1:13613 <-> DISABLED <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt (os-solaris.rules) * 1:13656 <-> DISABLED <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt (server-webapp.rules) * 1:13476 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:13922 <-> DISABLED <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt (server-iis.rules) * 1:13819 <-> DISABLED <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt (server-webapp.rules) * 1:13839 <-> DISABLED <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt (server-other.rules) * 1:13715 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt (server-webapp.rules) * 1:14769 <-> DISABLED <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt (server-other.rules) * 1:1412 <-> DISABLED <-> PROTOCOL-SNMP public access tcp (protocol-snmp.rules) * 1:1414 <-> DISABLED <-> PROTOCOL-SNMP private access tcp (protocol-snmp.rules) * 1:13843 <-> DISABLED <-> SERVER-OTHER MaxDB WebDBM get buffer overflow (server-other.rules) * 1:15255 <-> DISABLED <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt (server-oracle.rules) * 1:14773 <-> DISABLED <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt (server-other.rules) * 1:15186 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:14768 <-> DISABLED <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt (server-other.rules) * 1:15437 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt (server-other.rules) * 1:15422 <-> DISABLED <-> SERVER-OTHER Sun One web proxy server overflow attempt (server-other.rules) * 1:15434 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt (server-webapp.rules) * 1:15188 <-> DISABLED <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt (server-other.rules) * 1:15484 <-> DISABLED <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt (protocol-imap.rules) * 1:15477 <-> DISABLED <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt (server-webapp.rules) * 1:15479 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt (server-other.rules) * 1:15436 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt (server-other.rules) * 1:15726 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt (server-webapp.rules) * 1:15527 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt (os-windows.rules) * 1:15571 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt (server-other.rules) * 1:15482 <-> DISABLED <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt (server-other.rules) * 1:15951 <-> DISABLED <-> SERVER-MYSQL MaxDB Webtool GET command overflow attempt (server-mysql.rules) * 1:15908 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt (server-webapp.rules) * 1:15942 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:15573 <-> DISABLED <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt (server-other.rules) * 1:16034 <-> DISABLED <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt (server-samba.rules) * 1:15970 <-> DISABLED <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt (server-other.rules) * 1:15978 <-> DISABLED <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt (server-webapp.rules) * 1:15943 <-> DISABLED <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt (server-other.rules) * 1:16309 <-> DISABLED <-> SERVER-ORACLE auth_sesskey buffer overflow attempt (server-oracle.rules) * 1:16196 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:16216 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:15986 <-> DISABLED <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt (server-samba.rules) * 1:16444 <-> DISABLED <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt (server-other.rules) * 1:16332 <-> DISABLED <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt (server-other.rules) * 1:1634 <-> DISABLED <-> PROTOCOL-POP PASS overflow attempt (protocol-pop.rules) * 1:16217 <-> DISABLED <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt (server-other.rules) * 1:16685 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt (server-other.rules) * 1:16555 <-> DISABLED <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt (server-webapp.rules) * 1:16604 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt (server-webapp.rules) * 1:16438 <-> DISABLED <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt (server-oracle.rules) * 1:16797 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt (protocol-rpc.rules) * 1:16706 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt (protocol-rpc.rules) * 1:16712 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET (server-webapp.rules) * 1:16674 <-> DISABLED <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt (server-webapp.rules) * 1:17295 <-> DISABLED <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt (server-webapp.rules) * 1:17045 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules) * 1:17156 <-> DISABLED <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt (server-apache.rules) * 1:16713 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST (server-webapp.rules) * 1:17577 <-> DISABLED <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access (server-other.rules) * 1:17445 <-> DISABLED <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt (server-other.rules) * 1:17530 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow (server-other.rules) * 1:17206 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp (protocol-rpc.rules) * 1:17714 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17625 <-> DISABLED <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt (server-oracle.rules) * 1:17706 <-> DISABLED <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt (server-other.rules) * 1:17536 <-> DISABLED <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt (server-webapp.rules) * 1:18285 <-> DISABLED <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt (server-other.rules) * 1:17715 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt (netbios.rules) * 1:17723 <-> DISABLED <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected (os-windows.rules) * 1:17707 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt (netbios.rules) * 1:18311 <-> DISABLED <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt (server-webapp.rules) * 1:18291 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt (server-other.rules) * 1:18292 <-> DISABLED <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt (server-other.rules) * 1:18243 <-> DISABLED <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt (server-iis.rules) * 1:18475 <-> DISABLED <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow (server-webapp.rules) * 1:18320 <-> DISABLED <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt (os-windows.rules) * 1:18327 <-> DISABLED <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt (protocol-scada.rules) * 1:18293 <-> DISABLED <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt (server-webapp.rules) * 1:18525 <-> DISABLED <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt (server-other.rules) * 1:18480 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter (server-webapp.rules) * 1:18481 <-> DISABLED <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter (server-webapp.rules) * 1:1842 <-> DISABLED <-> PROTOCOL-IMAP login buffer overflow attempt (protocol-imap.rules) * 1:18581 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18555 <-> DISABLED <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt (server-other.rules) * 1:18558 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules) * 1:18487 <-> DISABLED <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt (server-other.rules) * 1:18649 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt (protocol-scada.rules) * 1:18582 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt (server-other.rules) * 1:18587 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt (server-other.rules) * 1:18579 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt (server-webapp.rules) * 1:18659 <-> DISABLED <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt (protocol-scada.rules) * 1:18651 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt (protocol-scada.rules) * 1:18656 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt (protocol-scada.rules) * 1:18648 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt (protocol-scada.rules) * 1:18759 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST (server-webapp.rules) * 1:18745 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt (server-webapp.rules) * 1:18751 <-> DISABLED <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt (server-webapp.rules) * 1:18657 <-> DISABLED <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt (protocol-scada.rules) * 1:18791 <-> DISABLED <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt (server-other.rules) * 1:18760 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET (server-webapp.rules) * 1:18764 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt (server-webapp.rules) * 1:18754 <-> DISABLED <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt (server-other.rules) * 1:18902 <-> DISABLED <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt (server-webapp.rules) * 1:18793 <-> DISABLED <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt (server-webapp.rules) * 1:18795 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt (server-webapp.rules) * 1:18769 <-> DISABLED <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt (server-other.rules) * 1:18999 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt (server-webapp.rules) * 1:18926 <-> DISABLED <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt (protocol-snmp.rules) * 1:18930 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt (server-webapp.rules) * 1:18802 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt (server-webapp.rules) * 1:19138 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt (server-webapp.rules) * 1:19104 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt (server-other.rules) * 1:19105 <-> DISABLED <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt (server-other.rules) * 1:18998 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt (server-webapp.rules) * 1:19826 <-> DISABLED <-> SERVER-WEBAPP HP Power Manager remote code execution attempt (server-webapp.rules) * 1:19139 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt (server-webapp.rules) * 1:19140 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt (server-webapp.rules) * 1:19137 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt (server-webapp.rules) * 1:20177 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:19938 <-> DISABLED <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt (server-other.rules) * 1:20030 <-> DISABLED <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt (protocol-scada.rules) * 1:19813 <-> DISABLED <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt (server-webapp.rules) * 1:20215 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt (protocol-scada.rules) * 1:20179 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt (server-webapp.rules) * 1:20180 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt (server-webapp.rules) * 1:20134 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20628 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt (server-webapp.rules) * 1:20240 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20241 <-> DISABLED <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt (server-webapp.rules) * 1:20214 <-> DISABLED <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt (protocol-scada.rules) * 1:21349 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules) * 1:20635 <-> DISABLED <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt (server-webapp.rules) * 1:20761 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt (server-other.rules) * 1:20532 <-> DISABLED <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt (server-webapp.rules) * 1:22952 <-> DISABLED <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt (server-other.rules) * 1:21350 <-> DISABLED <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt (server-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.
The format of the file is:
gid:sid <-> Message
* 1:57938 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:57939 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:58601 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58602 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58603 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58604 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58605 <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt * 1:58606 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58607 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58608 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58609 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58610 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58611 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58612 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58613 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58614 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58615 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58616 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58617 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58618 <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt * 1:58619 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58620 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58621 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58622 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58623 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58624 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58625 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58626 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58630 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58631 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58632 <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt * 3:58633 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 3:58634 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 1:58635 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt * 1:58636 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt * 1:10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt * 1:10130 <-> POLICY-OTHER VERITAS NetBackup system - execution function call access * 1:10187 <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow * 1:10202 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt * 1:10208 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt * 1:10407 <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt * 1:10486 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt * 1:10998 <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow * 1:11196 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:11442 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:11670 <-> SERVER-OTHER Symantec Discovery logging buffer overflow * 1:11680 <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt * 1:11684 <-> OS-WINDOWS Microsoft Windows WINS overflow attempt * 1:11945 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt * 1:11955 <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt * 1:11956 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt * 1:11959 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt * 1:11960 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:11961 <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt * 1:11962 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:12078 <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow * 1:12079 <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt * 1:12307 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt * 1:12326 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt * 1:12332 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt * 1:12335 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt * 1:12341 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt * 1:12347 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt * 1:12362 <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt * 1:12424 <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt * 1:12458 <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt * 1:12596 <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt * 1:12667 <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt * 1:12784 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12785 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12786 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12910 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt * 1:12916 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt * 1:12922 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt * 1:12928 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt * 1:12934 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt * 1:13221 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt * 1:13363 <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt * 1:13365 <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:13519 <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt * 1:13522 <-> SERVER-OTHER Firebird Database Server username handling buffer overflow * 1:13613 <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt * 1:13656 <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt * 1:13715 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:13804 <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt * 1:13819 <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt * 1:13839 <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt * 1:13843 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:13922 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:1412 <-> PROTOCOL-SNMP public access tcp * 1:1414 <-> PROTOCOL-SNMP private access tcp * 1:14768 <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt * 1:14769 <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt * 1:14773 <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt * 1:15186 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15188 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15255 <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt * 1:15422 <-> SERVER-OTHER Sun One web proxy server overflow attempt * 1:15434 <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt * 1:15436 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt * 1:15437 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt * 1:15477 <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt * 1:15479 <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt * 1:15482 <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt * 1:15484 <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt * 1:15527 <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt * 1:15571 <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt * 1:15573 <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt * 1:15726 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:15908 <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt * 1:15942 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15943 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15970 <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt * 1:15978 <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt * 1:15986 <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt * 1:16034 <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt * 1:16196 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:16216 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:16217 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt * 1:16309 <-> SERVER-ORACLE auth_sesskey buffer overflow attempt * 1:16332 <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt * 1:1634 <-> PROTOCOL-POP PASS overflow attempt * 1:16438 <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt * 1:16444 <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt * 1:16555 <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt * 1:16604 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt * 1:16674 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:16685 <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt * 1:16706 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt * 1:16712 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET * 1:16713 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST * 1:16797 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt * 1:17045 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt * 1:17156 <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt * 1:17206 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp * 1:17295 <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt * 1:17445 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:17530 <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow * 1:17536 <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt * 1:17577 <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access * 1:17625 <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt * 1:17706 <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt * 1:17707 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt * 1:17714 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17715 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17723 <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected * 1:18243 <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt * 1:18285 <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt * 1:18291 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt * 1:18292 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt * 1:18293 <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt * 1:18311 <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt * 1:18320 <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt * 1:18327 <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt * 1:1842 <-> PROTOCOL-IMAP login buffer overflow attempt * 1:18475 <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow * 1:18480 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter * 1:18481 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter * 1:18487 <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt * 1:18525 <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt * 1:18555 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:18558 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt * 1:18579 <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt * 1:18581 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18582 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18587 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt * 1:18648 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt * 1:18649 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt * 1:18651 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt * 1:18656 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt * 1:18657 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:18659 <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt * 1:18745 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt * 1:18751 <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt * 1:18754 <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt * 1:18759 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST * 1:18760 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET * 1:18764 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:18769 <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt * 1:18791 <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt * 1:18793 <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt * 1:18795 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt * 1:18802 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt * 1:18902 <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt * 1:18926 <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt * 1:18930 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt * 1:18998 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:18999 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:19104 <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt * 1:19105 <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt * 1:19137 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt * 1:19138 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt * 1:19139 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt * 1:19140 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:19813 <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt * 1:19826 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:19938 <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt * 1:20030 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt * 1:20134 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:20177 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt * 1:20179 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt * 1:20180 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt * 1:20214 <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt * 1:20215 <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt * 1:20240 <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt * 1:20241 <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt * 1:20532 <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt * 1:20628 <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt * 1:20635 <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt * 1:20761 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:21233 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:21349 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21350 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21752 <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt * 1:21914 <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt * 1:22952 <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt * 1:23096 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:23330 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:24147 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:24221 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24222 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24223 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24480 <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt * 1:24512 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt * 1:24693 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:24704 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24705 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24913 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:24914 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:25059 <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt * 1:25318 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25319 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25334 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25335 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25336 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25337 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25338 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25339 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25340 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25534 <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt * 1:25654 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25655 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25656 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25849 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26394 <-> SERVER-OTHER Bopup Communications server buffer overflow attempt * 1:26548 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:27006 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:27123 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt * 1:27657 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27658 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27796 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt * 1:27797 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt * 1:28052 <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt * 1:29105 <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt * 1:2927 <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt * 1:29502 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:29505 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:29511 <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt * 1:29515 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:29516 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29517 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29528 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt * 1:29529 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt * 1:29530 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt * 1:29531 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt * 1:29532 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt * 1:29534 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:29584 <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt * 1:29585 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt * 1:29586 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29587 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29588 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29589 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29590 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29591 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29603 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:29611 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt * 1:29626 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29627 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29628 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29629 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29630 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:3007 <-> PROTOCOL-IMAP command overflow attempt * 1:30507 <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt * 1:30553 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:30554 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30555 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30556 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:3066 <-> PROTOCOL-IMAP APPEND overflow attempt * 1:3070 <-> PROTOCOL-IMAP fetch overflow attempt * 1:3072 <-> PROTOCOL-IMAP STATUS overflow attempt * 1:3073 <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt * 1:3074 <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt * 1:3078 <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt * 1:3084 <-> SERVER-OTHER Veritas backup overflow attempt * 1:31148 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31149 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31238 <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt * 1:31337 <-> SERVER-OTHER Nagios NRPE command execution attempt * 1:31365 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:31368 <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt * 1:31373 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:31375 <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt * 1:31438 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:32056 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32347 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32348 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32349 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32462 <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt * 1:33875 <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt * 1:3453 <-> SERVER-OTHER Arkeia client backup system info probe * 1:3454 <-> SERVER-OTHER Arkeia client backup generic info probe * 1:3457 <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt * 1:3458 <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt * 1:3517 <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt * 1:36542 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:36803 <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt * 1:36877 <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt * 1:3697 <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt * 1:37446 <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt * 1:37657 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37658 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37659 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37660 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37661 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37662 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37732 <-> POLICY-OTHER eicar test string download attempt * 1:37805 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:38270 <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt * 1:38271 <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt * 1:39459 <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt * 1:39875 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:4126 <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash * 1:42110 <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt * 1:42120 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42121 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42226 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:43067 <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt * 1:43068 <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt * 1:44151 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:44202 <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt * 1:44310 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44311 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44312 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44671 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44672 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44673 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:46329 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46330 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46331 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46332 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:4681 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:47470 <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt * 1:49252 <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt * 1:49890 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49891 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49892 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49893 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50828 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50829 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:51045 <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt * 1:51582 <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt * 1:51686 <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt * 1:52268 <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt * 1:52333 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52334 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52478 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:5316 <-> SERVER-OTHER CA CAM log_security overflow attempt * 1:5702 <-> PROTOCOL-IMAP subscribe directory traversal attempt * 1:5704 <-> PROTOCOL-IMAP SELECT overflow attempt * 1:57931 <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt * 1:591 <-> PROTOCOL-RPC portmap ypupdated request TCP * 1:604 <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt * 1:610 <-> PROTOCOL-SERVICES rsh root * 1:6414 <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt * 1:6507 <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt * 1:6512 <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt * 1:8441 <-> SERVER-WEBAPP McAfee header buffer overflow attempt * 1:9632 <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt * 1:9790 <-> SERVER-OTHER HP-UX lpd command execution attempt * 1:9806 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.
The format of the file is:
gid:sid <-> Message
* 1:57938 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:57939 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:58601 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58602 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58603 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58604 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58605 <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt * 1:58606 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58607 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58608 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58609 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58610 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58611 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58612 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58613 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58614 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58615 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58616 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58617 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58618 <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt * 1:58619 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58620 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58621 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58622 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58623 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58624 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58625 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58626 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58630 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58631 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58632 <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt * 3:58633 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 3:58634 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 1:58635 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt * 1:58636 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt * 1:10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt * 1:10130 <-> POLICY-OTHER VERITAS NetBackup system - execution function call access * 1:10187 <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow * 1:10202 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt * 1:10208 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt * 1:10407 <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt * 1:10486 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt * 1:10998 <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow * 1:11196 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:11442 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:11670 <-> SERVER-OTHER Symantec Discovery logging buffer overflow * 1:11680 <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt * 1:11684 <-> OS-WINDOWS Microsoft Windows WINS overflow attempt * 1:11945 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt * 1:11955 <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt * 1:11956 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt * 1:11959 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt * 1:11960 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:11961 <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt * 1:11962 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:12078 <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow * 1:12079 <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt * 1:12307 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt * 1:12326 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt * 1:12332 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt * 1:12335 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt * 1:12341 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt * 1:12347 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt * 1:12362 <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt * 1:12424 <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt * 1:12458 <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt * 1:12596 <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt * 1:12667 <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt * 1:12784 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12785 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12786 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12910 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt * 1:12916 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt * 1:12922 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt * 1:12928 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt * 1:12934 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt * 1:13221 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt * 1:13363 <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt * 1:13365 <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:13519 <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt * 1:13522 <-> SERVER-OTHER Firebird Database Server username handling buffer overflow * 1:13613 <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt * 1:13656 <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt * 1:13715 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:13804 <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt * 1:13819 <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt * 1:13839 <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt * 1:13843 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:13922 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:1412 <-> PROTOCOL-SNMP public access tcp * 1:1414 <-> PROTOCOL-SNMP private access tcp * 1:14768 <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt * 1:14769 <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt * 1:14773 <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt * 1:15186 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15188 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15255 <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt * 1:15422 <-> SERVER-OTHER Sun One web proxy server overflow attempt * 1:15434 <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt * 1:15436 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt * 1:15437 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt * 1:15477 <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt * 1:15479 <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt * 1:15482 <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt * 1:15484 <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt * 1:15527 <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt * 1:15571 <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt * 1:15573 <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt * 1:15726 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:15908 <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt * 1:15942 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15943 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15970 <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt * 1:15978 <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt * 1:15986 <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt * 1:16034 <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt * 1:16196 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:16216 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:16217 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt * 1:16309 <-> SERVER-ORACLE auth_sesskey buffer overflow attempt * 1:16332 <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt * 1:1634 <-> PROTOCOL-POP PASS overflow attempt * 1:16438 <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt * 1:16444 <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt * 1:16555 <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt * 1:16604 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt * 1:16674 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:16685 <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt * 1:16706 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt * 1:16712 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET * 1:16713 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST * 1:16797 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt * 1:17045 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt * 1:17156 <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt * 1:17206 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp * 1:17295 <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt * 1:17445 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:17530 <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow * 1:17536 <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt * 1:17577 <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access * 1:17625 <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt * 1:17706 <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt * 1:17707 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt * 1:17714 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17715 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17723 <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected * 1:18243 <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt * 1:18285 <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt * 1:18291 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt * 1:18292 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt * 1:18293 <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt * 1:18311 <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt * 1:18320 <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt * 1:18327 <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt * 1:1842 <-> PROTOCOL-IMAP login buffer overflow attempt * 1:18475 <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow * 1:18480 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter * 1:18481 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter * 1:18487 <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt * 1:18525 <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt * 1:18555 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:18558 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt * 1:18579 <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt * 1:18581 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18582 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18587 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt * 1:18648 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt * 1:18649 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt * 1:18651 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt * 1:18656 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt * 1:18657 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:18659 <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt * 1:18745 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt * 1:18751 <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt * 1:18754 <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt * 1:18759 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST * 1:18760 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET * 1:18764 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:18769 <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt * 1:18791 <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt * 1:18793 <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt * 1:18795 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt * 1:18802 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt * 1:18902 <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt * 1:18926 <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt * 1:18930 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt * 1:18998 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:18999 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:19104 <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt * 1:19105 <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt * 1:19137 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt * 1:19138 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt * 1:19139 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt * 1:19140 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:19813 <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt * 1:19826 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:19938 <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt * 1:20030 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt * 1:20134 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:20177 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt * 1:20179 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt * 1:20180 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt * 1:20214 <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt * 1:20215 <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt * 1:20240 <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt * 1:20241 <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt * 1:20532 <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt * 1:20628 <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt * 1:20635 <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt * 1:20761 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:21233 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:21349 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21350 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21752 <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt * 1:21914 <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt * 1:22952 <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt * 1:23096 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:23330 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:24147 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:24221 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24222 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24223 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24480 <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt * 1:24512 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt * 1:24693 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:24704 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24705 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24913 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:24914 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:25059 <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt * 1:25318 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25319 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25334 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25335 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25336 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25337 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25338 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25339 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25340 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25534 <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt * 1:25654 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25655 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25656 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25849 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26394 <-> SERVER-OTHER Bopup Communications server buffer overflow attempt * 1:26548 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:27006 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:27123 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt * 1:27657 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27658 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27796 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt * 1:27797 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt * 1:28052 <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt * 1:29105 <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt * 1:2927 <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt * 1:29502 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:29505 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:29511 <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt * 1:29515 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:29516 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29517 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29528 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt * 1:29529 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt * 1:29530 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt * 1:29531 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt * 1:29532 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt * 1:29534 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:29584 <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt * 1:29585 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt * 1:29586 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29587 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29588 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29589 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29590 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29591 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29603 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:29611 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt * 1:29626 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29627 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29628 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29629 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29630 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:3007 <-> PROTOCOL-IMAP command overflow attempt * 1:30507 <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt * 1:30553 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:30554 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30555 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30556 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:3066 <-> PROTOCOL-IMAP APPEND overflow attempt * 1:3070 <-> PROTOCOL-IMAP fetch overflow attempt * 1:3072 <-> PROTOCOL-IMAP STATUS overflow attempt * 1:3073 <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt * 1:3074 <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt * 1:3078 <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt * 1:3084 <-> SERVER-OTHER Veritas backup overflow attempt * 1:31148 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31149 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31238 <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt * 1:31337 <-> SERVER-OTHER Nagios NRPE command execution attempt * 1:31365 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:31368 <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt * 1:31373 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:31375 <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt * 1:31438 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:32056 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32347 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32348 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32349 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32462 <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt * 1:33875 <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt * 1:3453 <-> SERVER-OTHER Arkeia client backup system info probe * 1:3454 <-> SERVER-OTHER Arkeia client backup generic info probe * 1:3457 <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt * 1:3458 <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt * 1:3517 <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt * 1:36542 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:36803 <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt * 1:36877 <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt * 1:3697 <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt * 1:37446 <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt * 1:37657 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37658 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37659 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37660 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37661 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37662 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37732 <-> POLICY-OTHER eicar test string download attempt * 1:37805 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:38270 <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt * 1:38271 <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt * 1:39459 <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt * 1:39875 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:4126 <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash * 1:42110 <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt * 1:42120 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42121 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42226 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:43067 <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt * 1:43068 <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt * 1:44151 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:44202 <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt * 1:44310 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44311 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44312 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44671 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44672 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44673 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:46329 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46330 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46331 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46332 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:4681 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:47470 <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt * 1:49252 <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt * 1:49890 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49891 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49892 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49893 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50828 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50829 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:51045 <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt * 1:51582 <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt * 1:51686 <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt * 1:52268 <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt * 1:52333 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52334 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52478 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:5316 <-> SERVER-OTHER CA CAM log_security overflow attempt * 1:5702 <-> PROTOCOL-IMAP subscribe directory traversal attempt * 1:5704 <-> PROTOCOL-IMAP SELECT overflow attempt * 1:57931 <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt * 1:591 <-> PROTOCOL-RPC portmap ypupdated request TCP * 1:604 <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt * 1:610 <-> PROTOCOL-SERVICES rsh root * 1:6414 <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt * 1:6507 <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt * 1:6512 <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt * 1:8441 <-> SERVER-WEBAPP McAfee header buffer overflow attempt * 1:9632 <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt * 1:9790 <-> SERVER-OTHER HP-UX lpd command execution attempt * 1:9806 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.
The format of the file is:
gid:sid <-> Message
* 1:57938 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:57939 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:58601 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58602 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58603 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58604 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58605 <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt * 1:58606 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58607 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58608 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58609 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58610 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58611 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58612 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58613 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58614 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58615 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58616 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58617 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58618 <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt * 1:58619 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58620 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58621 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58622 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58623 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58624 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58625 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58626 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58630 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58631 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58632 <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt * 3:58633 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 3:58634 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 1:58635 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt * 1:58636 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt * 1:10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt * 1:10130 <-> POLICY-OTHER VERITAS NetBackup system - execution function call access * 1:10187 <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow * 1:10202 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt * 1:10208 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt * 1:10407 <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt * 1:10486 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt * 1:10998 <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow * 1:11196 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:11442 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:11670 <-> SERVER-OTHER Symantec Discovery logging buffer overflow * 1:11680 <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt * 1:11684 <-> OS-WINDOWS Microsoft Windows WINS overflow attempt * 1:11945 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt * 1:11955 <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt * 1:11956 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt * 1:11959 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt * 1:11960 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:11961 <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt * 1:11962 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:12078 <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow * 1:12079 <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt * 1:12307 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt * 1:12326 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt * 1:12332 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt * 1:12335 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt * 1:12341 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt * 1:12347 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt * 1:12362 <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt * 1:12424 <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt * 1:12458 <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt * 1:12596 <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt * 1:12667 <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt * 1:12784 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12785 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12786 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12910 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt * 1:12916 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt * 1:12922 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt * 1:12928 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt * 1:12934 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt * 1:13221 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt * 1:13363 <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt * 1:13365 <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:13519 <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt * 1:13522 <-> SERVER-OTHER Firebird Database Server username handling buffer overflow * 1:13613 <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt * 1:13656 <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt * 1:13715 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:13804 <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt * 1:13819 <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt * 1:13839 <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt * 1:13843 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:13922 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:1412 <-> PROTOCOL-SNMP public access tcp * 1:1414 <-> PROTOCOL-SNMP private access tcp * 1:14768 <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt * 1:14769 <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt * 1:14773 <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt * 1:15186 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15188 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15255 <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt * 1:15422 <-> SERVER-OTHER Sun One web proxy server overflow attempt * 1:15434 <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt * 1:15436 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt * 1:15437 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt * 1:15477 <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt * 1:15479 <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt * 1:15482 <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt * 1:15484 <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt * 1:15527 <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt * 1:15571 <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt * 1:15573 <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt * 1:15726 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:15908 <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt * 1:15942 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15943 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15970 <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt * 1:15978 <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt * 1:15986 <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt * 1:16034 <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt * 1:16196 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:16216 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:16217 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt * 1:16309 <-> SERVER-ORACLE auth_sesskey buffer overflow attempt * 1:16332 <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt * 1:1634 <-> PROTOCOL-POP PASS overflow attempt * 1:16438 <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt * 1:16444 <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt * 1:16555 <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt * 1:16604 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt * 1:16674 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:16685 <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt * 1:16706 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt * 1:16712 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET * 1:16713 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST * 1:16797 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt * 1:17045 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt * 1:17156 <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt * 1:17206 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp * 1:17295 <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt * 1:17445 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:17530 <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow * 1:17536 <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt * 1:17577 <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access * 1:17625 <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt * 1:17706 <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt * 1:17707 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt * 1:17714 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17715 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17723 <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected * 1:18243 <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt * 1:18285 <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt * 1:18291 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt * 1:18292 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt * 1:18293 <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt * 1:18311 <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt * 1:18320 <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt * 1:18327 <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt * 1:1842 <-> PROTOCOL-IMAP login buffer overflow attempt * 1:18475 <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow * 1:18480 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter * 1:18481 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter * 1:18487 <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt * 1:18525 <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt * 1:18555 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:18558 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt * 1:18579 <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt * 1:18581 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18582 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18587 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt * 1:18648 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt * 1:18649 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt * 1:18651 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt * 1:18656 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt * 1:18657 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:18659 <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt * 1:18745 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt * 1:18751 <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt * 1:18754 <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt * 1:18759 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST * 1:18760 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET * 1:18764 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:18769 <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt * 1:18791 <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt * 1:18793 <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt * 1:18795 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt * 1:18802 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt * 1:18902 <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt * 1:18926 <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt * 1:18930 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt * 1:18998 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:18999 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:19104 <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt * 1:19105 <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt * 1:19137 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt * 1:19138 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt * 1:19139 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt * 1:19140 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:19813 <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt * 1:19826 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:19938 <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt * 1:20030 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt * 1:20134 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:20177 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt * 1:20179 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt * 1:20180 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt * 1:20214 <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt * 1:20215 <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt * 1:20240 <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt * 1:20241 <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt * 1:20532 <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt * 1:20628 <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt * 1:20635 <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt * 1:20761 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:21233 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:21349 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21350 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21752 <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt * 1:21914 <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt * 1:22952 <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt * 1:23096 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:23330 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:24147 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:24221 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24222 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24223 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24480 <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt * 1:24512 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt * 1:24693 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:24704 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24705 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24913 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:24914 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:25059 <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt * 1:25318 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25319 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25334 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25335 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25336 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25337 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25338 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25339 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25340 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25534 <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt * 1:25654 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25655 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25656 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25849 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26394 <-> SERVER-OTHER Bopup Communications server buffer overflow attempt * 1:26548 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:27006 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:27123 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt * 1:27657 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27658 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27796 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt * 1:27797 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt * 1:28052 <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt * 1:29105 <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt * 1:2927 <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt * 1:29502 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:29505 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:29511 <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt * 1:29515 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:29516 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29517 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29528 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt * 1:29529 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt * 1:29530 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt * 1:29531 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt * 1:29532 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt * 1:29534 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:29584 <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt * 1:29585 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt * 1:29586 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29587 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29588 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29589 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29590 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29591 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29603 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:29611 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt * 1:29626 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29627 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29628 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29629 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29630 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:3007 <-> PROTOCOL-IMAP command overflow attempt * 1:30507 <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt * 1:30553 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:30554 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30555 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30556 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:3066 <-> PROTOCOL-IMAP APPEND overflow attempt * 1:3070 <-> PROTOCOL-IMAP fetch overflow attempt * 1:3072 <-> PROTOCOL-IMAP STATUS overflow attempt * 1:3073 <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt * 1:3074 <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt * 1:3078 <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt * 1:3084 <-> SERVER-OTHER Veritas backup overflow attempt * 1:31148 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31149 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31238 <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt * 1:31337 <-> SERVER-OTHER Nagios NRPE command execution attempt * 1:31365 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:31368 <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt * 1:31373 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:31375 <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt * 1:31438 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:32056 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32347 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32348 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32349 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32462 <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt * 1:33875 <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt * 1:3453 <-> SERVER-OTHER Arkeia client backup system info probe * 1:3454 <-> SERVER-OTHER Arkeia client backup generic info probe * 1:3457 <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt * 1:3458 <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt * 1:3517 <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt * 1:36542 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:36803 <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt * 1:36877 <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt * 1:3697 <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt * 1:37446 <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt * 1:37657 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37658 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37659 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37660 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37661 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37662 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37732 <-> POLICY-OTHER eicar test string download attempt * 1:37805 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:38270 <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt * 1:38271 <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt * 1:39459 <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt * 1:39875 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:4126 <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash * 1:42110 <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt * 1:42120 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42121 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42226 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:43067 <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt * 1:43068 <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt * 1:44151 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:44202 <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt * 1:44310 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44311 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44312 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44671 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44672 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44673 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:46329 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46330 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46331 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46332 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:4681 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:47470 <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt * 1:49252 <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt * 1:49890 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49891 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49892 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49893 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50828 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50829 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:51045 <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt * 1:51582 <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt * 1:51686 <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt * 1:52268 <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt * 1:52333 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52334 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52478 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:5316 <-> SERVER-OTHER CA CAM log_security overflow attempt * 1:5702 <-> PROTOCOL-IMAP subscribe directory traversal attempt * 1:5704 <-> PROTOCOL-IMAP SELECT overflow attempt * 1:57931 <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt * 1:591 <-> PROTOCOL-RPC portmap ypupdated request TCP * 1:604 <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt * 1:610 <-> PROTOCOL-SERVICES rsh root * 1:6414 <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt * 1:6507 <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt * 1:6512 <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt * 1:8441 <-> SERVER-WEBAPP McAfee header buffer overflow attempt * 1:9632 <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt * 1:9790 <-> SERVER-OTHER HP-UX lpd command execution attempt * 1:9806 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.
The format of the file is:
gid:sid <-> Message
* 1:57938 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:57939 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:58601 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58602 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58603 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58604 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58605 <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt * 1:58606 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58607 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58608 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58609 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58610 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58611 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58612 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58613 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58614 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58615 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58616 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58617 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58618 <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt * 1:58619 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58620 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58621 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58622 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58623 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58624 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58625 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58626 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58630 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58631 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58632 <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt * 3:58633 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 3:58634 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 1:58635 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt * 1:58636 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt * 1:10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt * 1:10130 <-> POLICY-OTHER VERITAS NetBackup system - execution function call access * 1:10187 <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow * 1:10202 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt * 1:10208 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt * 1:10407 <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt * 1:10486 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt * 1:10998 <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow * 1:11196 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:11442 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:11670 <-> SERVER-OTHER Symantec Discovery logging buffer overflow * 1:11680 <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt * 1:11684 <-> OS-WINDOWS Microsoft Windows WINS overflow attempt * 1:11945 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt * 1:11955 <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt * 1:11956 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt * 1:11959 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt * 1:11960 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:11961 <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt * 1:11962 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:12078 <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow * 1:12079 <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt * 1:12307 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt * 1:12326 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt * 1:12332 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt * 1:12335 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt * 1:12341 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt * 1:12347 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt * 1:12362 <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt * 1:12424 <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt * 1:12458 <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt * 1:12596 <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt * 1:12667 <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt * 1:12784 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12785 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12786 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12910 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt * 1:12916 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt * 1:12922 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt * 1:12928 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt * 1:12934 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt * 1:13221 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt * 1:13363 <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt * 1:13365 <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:13519 <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt * 1:13522 <-> SERVER-OTHER Firebird Database Server username handling buffer overflow * 1:13613 <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt * 1:13656 <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt * 1:13715 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:13804 <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt * 1:13819 <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt * 1:13839 <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt * 1:13843 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:13922 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:1412 <-> PROTOCOL-SNMP public access tcp * 1:1414 <-> PROTOCOL-SNMP private access tcp * 1:14768 <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt * 1:14769 <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt * 1:14773 <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt * 1:15186 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15188 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15255 <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt * 1:15422 <-> SERVER-OTHER Sun One web proxy server overflow attempt * 1:15434 <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt * 1:15436 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt * 1:15437 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt * 1:15477 <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt * 1:15479 <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt * 1:15482 <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt * 1:15484 <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt * 1:15527 <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt * 1:15571 <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt * 1:15573 <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt * 1:15726 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:15908 <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt * 1:15942 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15943 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15970 <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt * 1:15978 <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt * 1:15986 <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt * 1:16034 <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt * 1:16196 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:16216 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:16217 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt * 1:16309 <-> SERVER-ORACLE auth_sesskey buffer overflow attempt * 1:16332 <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt * 1:1634 <-> PROTOCOL-POP PASS overflow attempt * 1:16438 <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt * 1:16444 <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt * 1:16555 <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt * 1:16604 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt * 1:16674 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:16685 <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt * 1:16706 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt * 1:16712 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET * 1:16713 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST * 1:16797 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt * 1:17045 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt * 1:17156 <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt * 1:17206 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp * 1:17295 <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt * 1:17445 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:17530 <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow * 1:17536 <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt * 1:17577 <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access * 1:17625 <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt * 1:17706 <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt * 1:17707 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt * 1:17714 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17715 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17723 <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected * 1:18243 <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt * 1:18285 <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt * 1:18291 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt * 1:18292 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt * 1:18293 <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt * 1:18311 <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt * 1:18320 <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt * 1:18327 <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt * 1:1842 <-> PROTOCOL-IMAP login buffer overflow attempt * 1:18475 <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow * 1:18480 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter * 1:18481 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter * 1:18487 <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt * 1:18525 <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt * 1:18555 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:18558 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt * 1:18579 <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt * 1:18581 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18582 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18587 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt * 1:18648 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt * 1:18649 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt * 1:18651 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt * 1:18656 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt * 1:18657 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:18659 <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt * 1:18745 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt * 1:18751 <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt * 1:18754 <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt * 1:18759 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST * 1:18760 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET * 1:18764 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:18769 <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt * 1:18791 <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt * 1:18793 <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt * 1:18795 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt * 1:18802 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt * 1:18902 <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt * 1:18926 <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt * 1:18930 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt * 1:18998 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:18999 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:19104 <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt * 1:19105 <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt * 1:19137 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt * 1:19138 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt * 1:19139 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt * 1:19140 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:19813 <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt * 1:19826 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:19938 <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt * 1:20030 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt * 1:20134 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:20177 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt * 1:20179 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt * 1:20180 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt * 1:20214 <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt * 1:20215 <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt * 1:20240 <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt * 1:20241 <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt * 1:20532 <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt * 1:20628 <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt * 1:20635 <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt * 1:20761 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:21233 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:21349 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21350 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21752 <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt * 1:21914 <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt * 1:22952 <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt * 1:23096 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:23330 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:24147 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:24221 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24222 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24223 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24480 <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt * 1:24512 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt * 1:24693 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:24704 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24705 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24913 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:24914 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:25059 <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt * 1:25318 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25319 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25334 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25335 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25336 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25337 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25338 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25339 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25340 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25534 <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt * 1:25654 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25655 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25656 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25849 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26394 <-> SERVER-OTHER Bopup Communications server buffer overflow attempt * 1:26548 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:27006 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:27123 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt * 1:27657 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27658 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27796 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt * 1:27797 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt * 1:28052 <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt * 1:29105 <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt * 1:2927 <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt * 1:29502 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:29505 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:29511 <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt * 1:29515 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:29516 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29517 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29528 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt * 1:29529 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt * 1:29530 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt * 1:29531 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt * 1:29532 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt * 1:29534 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:29584 <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt * 1:29585 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt * 1:29586 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29587 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29588 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29589 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29590 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29591 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29603 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:29611 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt * 1:29626 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29627 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29628 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29629 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29630 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:3007 <-> PROTOCOL-IMAP command overflow attempt * 1:30507 <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt * 1:30553 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:30554 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30555 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30556 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:3066 <-> PROTOCOL-IMAP APPEND overflow attempt * 1:3070 <-> PROTOCOL-IMAP fetch overflow attempt * 1:3072 <-> PROTOCOL-IMAP STATUS overflow attempt * 1:3073 <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt * 1:3074 <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt * 1:3078 <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt * 1:3084 <-> SERVER-OTHER Veritas backup overflow attempt * 1:31148 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31149 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31238 <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt * 1:31337 <-> SERVER-OTHER Nagios NRPE command execution attempt * 1:31365 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:31368 <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt * 1:31373 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:31375 <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt * 1:31438 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:32056 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32347 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32348 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32349 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32462 <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt * 1:33875 <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt * 1:3453 <-> SERVER-OTHER Arkeia client backup system info probe * 1:3454 <-> SERVER-OTHER Arkeia client backup generic info probe * 1:3457 <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt * 1:3458 <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt * 1:3517 <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt * 1:36542 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:36803 <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt * 1:36877 <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt * 1:3697 <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt * 1:37446 <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt * 1:37657 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37658 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37659 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37660 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37661 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37662 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37732 <-> POLICY-OTHER eicar test string download attempt * 1:37805 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:38270 <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt * 1:38271 <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt * 1:39459 <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt * 1:39875 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:4126 <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash * 1:42110 <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt * 1:42120 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42121 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42226 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:43067 <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt * 1:43068 <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt * 1:44151 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:44202 <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt * 1:44310 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44311 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44312 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44671 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44672 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44673 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:46329 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46330 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46331 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46332 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:4681 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:47470 <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt * 1:49252 <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt * 1:49890 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49891 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49892 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49893 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50828 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50829 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:51045 <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt * 1:51582 <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt * 1:51686 <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt * 1:52268 <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt * 1:52333 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52334 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52478 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:5316 <-> SERVER-OTHER CA CAM log_security overflow attempt * 1:5702 <-> PROTOCOL-IMAP subscribe directory traversal attempt * 1:5704 <-> PROTOCOL-IMAP SELECT overflow attempt * 1:57931 <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt * 1:591 <-> PROTOCOL-RPC portmap ypupdated request TCP * 1:604 <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt * 1:610 <-> PROTOCOL-SERVICES rsh root * 1:6414 <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt * 1:6507 <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt * 1:6512 <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt * 1:8441 <-> SERVER-WEBAPP McAfee header buffer overflow attempt * 1:9632 <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt * 1:9790 <-> SERVER-OTHER HP-UX lpd command execution attempt * 1:9806 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.
The format of the file is:
gid:sid <-> Message
* 1:57938 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:57939 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:58601 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58602 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58603 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58604 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58605 <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt * 1:58606 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58607 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58608 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58609 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58610 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58611 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58612 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58613 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58614 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58615 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58616 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58617 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58618 <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt * 1:58619 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58620 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58621 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58622 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58623 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58624 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58625 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58626 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58630 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58631 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58632 <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt * 3:58633 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 3:58634 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 1:58635 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt * 1:58636 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt * 1:10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt * 1:10130 <-> POLICY-OTHER VERITAS NetBackup system - execution function call access * 1:10187 <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow * 1:10202 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt * 1:10208 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt * 1:10407 <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt * 1:10486 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt * 1:10998 <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow * 1:11196 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:11442 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:11670 <-> SERVER-OTHER Symantec Discovery logging buffer overflow * 1:11680 <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt * 1:11684 <-> OS-WINDOWS Microsoft Windows WINS overflow attempt * 1:11945 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt * 1:11955 <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt * 1:11956 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt * 1:11959 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt * 1:11960 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:11961 <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt * 1:11962 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:12078 <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow * 1:12079 <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt * 1:12307 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt * 1:12326 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt * 1:12332 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt * 1:12335 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt * 1:12341 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt * 1:12347 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt * 1:12362 <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt * 1:12424 <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt * 1:12458 <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt * 1:12596 <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt * 1:12667 <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt * 1:12784 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12785 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12786 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12910 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt * 1:12916 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt * 1:12922 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt * 1:12928 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt * 1:12934 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt * 1:13221 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt * 1:13363 <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt * 1:13365 <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:13519 <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt * 1:13522 <-> SERVER-OTHER Firebird Database Server username handling buffer overflow * 1:13613 <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt * 1:13656 <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt * 1:13715 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:13804 <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt * 1:13819 <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt * 1:13839 <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt * 1:13843 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:13922 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:1412 <-> PROTOCOL-SNMP public access tcp * 1:1414 <-> PROTOCOL-SNMP private access tcp * 1:14768 <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt * 1:14769 <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt * 1:14773 <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt * 1:15186 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15188 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15255 <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt * 1:15422 <-> SERVER-OTHER Sun One web proxy server overflow attempt * 1:15434 <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt * 1:15436 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt * 1:15437 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt * 1:15477 <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt * 1:15479 <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt * 1:15482 <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt * 1:15484 <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt * 1:15527 <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt * 1:15571 <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt * 1:15573 <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt * 1:15726 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:15908 <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt * 1:15942 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15943 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15970 <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt * 1:15978 <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt * 1:15986 <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt * 1:16034 <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt * 1:16196 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:16216 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:16217 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt * 1:16309 <-> SERVER-ORACLE auth_sesskey buffer overflow attempt * 1:16332 <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt * 1:1634 <-> PROTOCOL-POP PASS overflow attempt * 1:16438 <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt * 1:16444 <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt * 1:16555 <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt * 1:16604 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt * 1:16674 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:16685 <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt * 1:16706 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt * 1:16712 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET * 1:16713 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST * 1:16797 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt * 1:17045 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt * 1:17156 <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt * 1:17206 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp * 1:17295 <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt * 1:17445 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:17530 <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow * 1:17536 <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt * 1:17577 <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access * 1:17625 <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt * 1:17706 <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt * 1:17707 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt * 1:17714 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17715 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17723 <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected * 1:18243 <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt * 1:18285 <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt * 1:18291 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt * 1:18292 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt * 1:18293 <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt * 1:18311 <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt * 1:18320 <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt * 1:18327 <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt * 1:1842 <-> PROTOCOL-IMAP login buffer overflow attempt * 1:18475 <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow * 1:18480 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter * 1:18481 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter * 1:18487 <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt * 1:18525 <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt * 1:18555 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:18558 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt * 1:18579 <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt * 1:18581 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18582 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18587 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt * 1:18648 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt * 1:18649 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt * 1:18651 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt * 1:18656 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt * 1:18657 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:18659 <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt * 1:18745 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt * 1:18751 <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt * 1:18754 <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt * 1:18759 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST * 1:18760 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET * 1:18764 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:18769 <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt * 1:18791 <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt * 1:18793 <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt * 1:18795 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt * 1:18802 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt * 1:18902 <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt * 1:18926 <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt * 1:18930 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt * 1:18998 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:18999 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:19104 <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt * 1:19105 <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt * 1:19137 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt * 1:19138 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt * 1:19139 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt * 1:19140 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:19813 <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt * 1:19826 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:19938 <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt * 1:20030 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt * 1:20134 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:20177 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt * 1:20179 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt * 1:20180 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt * 1:20214 <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt * 1:20215 <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt * 1:20240 <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt * 1:20241 <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt * 1:20532 <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt * 1:20628 <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt * 1:20635 <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt * 1:20761 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:21233 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:21349 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21350 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21752 <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt * 1:21914 <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt * 1:22952 <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt * 1:23096 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:23330 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:24147 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:24221 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24222 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24223 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24480 <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt * 1:24512 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt * 1:24693 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:24704 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24705 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24913 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:24914 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:25059 <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt * 1:25318 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25319 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25334 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25335 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25336 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25337 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25338 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25339 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25340 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25534 <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt * 1:25654 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25655 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25656 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25849 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26394 <-> SERVER-OTHER Bopup Communications server buffer overflow attempt * 1:26548 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:27006 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:27123 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt * 1:27657 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27658 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27796 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt * 1:27797 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt * 1:28052 <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt * 1:29105 <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt * 1:2927 <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt * 1:29502 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:29505 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:29511 <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt * 1:29515 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:29516 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29517 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29528 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt * 1:29529 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt * 1:29530 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt * 1:29531 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt * 1:29532 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt * 1:29534 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:29584 <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt * 1:29585 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt * 1:29586 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29587 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29588 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29589 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29590 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29591 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29603 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:29611 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt * 1:29626 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29627 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29628 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29629 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29630 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:3007 <-> PROTOCOL-IMAP command overflow attempt * 1:30507 <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt * 1:30553 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:30554 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30555 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30556 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:3066 <-> PROTOCOL-IMAP APPEND overflow attempt * 1:3070 <-> PROTOCOL-IMAP fetch overflow attempt * 1:3072 <-> PROTOCOL-IMAP STATUS overflow attempt * 1:3073 <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt * 1:3074 <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt * 1:3078 <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt * 1:3084 <-> SERVER-OTHER Veritas backup overflow attempt * 1:31148 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31149 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31238 <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt * 1:31337 <-> SERVER-OTHER Nagios NRPE command execution attempt * 1:31365 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:31368 <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt * 1:31373 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:31375 <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt * 1:31438 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:32056 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32347 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32348 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32349 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32462 <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt * 1:33875 <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt * 1:3453 <-> SERVER-OTHER Arkeia client backup system info probe * 1:3454 <-> SERVER-OTHER Arkeia client backup generic info probe * 1:3457 <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt * 1:3458 <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt * 1:3517 <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt * 1:36542 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:36803 <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt * 1:36877 <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt * 1:3697 <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt * 1:37446 <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt * 1:37657 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37658 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37659 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37660 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37661 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37662 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37732 <-> POLICY-OTHER eicar test string download attempt * 1:37805 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:38270 <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt * 1:38271 <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt * 1:39459 <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt * 1:39875 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:4126 <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash * 1:42110 <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt * 1:42120 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42121 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42226 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:43067 <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt * 1:43068 <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt * 1:44151 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:44202 <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt * 1:44310 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44311 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44312 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44671 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44672 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44673 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:46329 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46330 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46331 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46332 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:4681 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:47470 <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt * 1:49252 <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt * 1:49890 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49891 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49892 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49893 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50828 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50829 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:51045 <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt * 1:51582 <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt * 1:51686 <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt * 1:52268 <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt * 1:52333 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52334 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52478 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:5316 <-> SERVER-OTHER CA CAM log_security overflow attempt * 1:5702 <-> PROTOCOL-IMAP subscribe directory traversal attempt * 1:5704 <-> PROTOCOL-IMAP SELECT overflow attempt * 1:57931 <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt * 1:591 <-> PROTOCOL-RPC portmap ypupdated request TCP * 1:604 <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt * 1:610 <-> PROTOCOL-SERVICES rsh root * 1:6414 <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt * 1:6507 <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt * 1:6512 <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt * 1:8441 <-> SERVER-WEBAPP McAfee header buffer overflow attempt * 1:9632 <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt * 1:9790 <-> SERVER-OTHER HP-UX lpd command execution attempt * 1:9806 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.
The format of the file is:
gid:sid <-> Message
* 1:57938 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:57939 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:58601 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58602 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58603 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58604 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58605 <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt * 1:58606 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58607 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58608 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58609 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58610 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58611 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58612 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58613 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58614 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58615 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58616 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58617 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58618 <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt * 1:58619 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58620 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58621 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58622 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58623 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58624 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58625 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58626 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58630 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58631 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58632 <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt * 3:58633 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 3:58634 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 1:58635 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt * 1:58636 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt * 1:10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt * 1:10130 <-> POLICY-OTHER VERITAS NetBackup system - execution function call access * 1:10187 <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow * 1:10202 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt * 1:10208 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt * 1:10407 <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt * 1:10486 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt * 1:10998 <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow * 1:11196 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:11442 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:11670 <-> SERVER-OTHER Symantec Discovery logging buffer overflow * 1:11680 <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt * 1:11684 <-> OS-WINDOWS Microsoft Windows WINS overflow attempt * 1:11945 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt * 1:11955 <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt * 1:11956 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt * 1:11959 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt * 1:11960 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:11961 <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt * 1:11962 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:12078 <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow * 1:12079 <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt * 1:12307 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt * 1:12326 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt * 1:12332 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt * 1:12335 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt * 1:12341 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt * 1:12347 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt * 1:12362 <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt * 1:12424 <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt * 1:12458 <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt * 1:12596 <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt * 1:12667 <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt * 1:12784 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12785 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12786 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12910 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt * 1:12916 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt * 1:12922 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt * 1:12928 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt * 1:12934 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt * 1:13221 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt * 1:13363 <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt * 1:13365 <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:13519 <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt * 1:13522 <-> SERVER-OTHER Firebird Database Server username handling buffer overflow * 1:13613 <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt * 1:13656 <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt * 1:13715 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:13804 <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt * 1:13819 <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt * 1:13839 <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt * 1:13843 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:13922 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:1412 <-> PROTOCOL-SNMP public access tcp * 1:1414 <-> PROTOCOL-SNMP private access tcp * 1:14768 <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt * 1:14769 <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt * 1:14773 <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt * 1:15186 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15188 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15255 <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt * 1:15422 <-> SERVER-OTHER Sun One web proxy server overflow attempt * 1:15434 <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt * 1:15436 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt * 1:15437 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt * 1:15477 <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt * 1:15479 <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt * 1:15482 <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt * 1:15484 <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt * 1:15527 <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt * 1:15571 <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt * 1:15573 <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt * 1:15726 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:15908 <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt * 1:15942 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15943 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15970 <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt * 1:15978 <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt * 1:15986 <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt * 1:16034 <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt * 1:16196 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:16216 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:16217 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt * 1:16309 <-> SERVER-ORACLE auth_sesskey buffer overflow attempt * 1:16332 <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt * 1:1634 <-> PROTOCOL-POP PASS overflow attempt * 1:16438 <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt * 1:16444 <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt * 1:16555 <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt * 1:16604 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt * 1:16674 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:16685 <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt * 1:16706 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt * 1:16712 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET * 1:16713 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST * 1:16797 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt * 1:17045 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt * 1:17156 <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt * 1:17206 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp * 1:17295 <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt * 1:17445 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:17530 <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow * 1:17536 <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt * 1:17577 <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access * 1:17625 <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt * 1:17706 <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt * 1:17707 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt * 1:17714 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17715 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17723 <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected * 1:18243 <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt * 1:18285 <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt * 1:18291 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt * 1:18292 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt * 1:18293 <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt * 1:18311 <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt * 1:18320 <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt * 1:18327 <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt * 1:1842 <-> PROTOCOL-IMAP login buffer overflow attempt * 1:18475 <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow * 1:18480 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter * 1:18481 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter * 1:18487 <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt * 1:18525 <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt * 1:18555 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:18558 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt * 1:18579 <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt * 1:18581 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18582 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18587 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt * 1:18648 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt * 1:18649 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt * 1:18651 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt * 1:18656 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt * 1:18657 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:18659 <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt * 1:18745 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt * 1:18751 <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt * 1:18754 <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt * 1:18759 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST * 1:18760 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET * 1:18764 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:18769 <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt * 1:18791 <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt * 1:18793 <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt * 1:18795 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt * 1:18802 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt * 1:18902 <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt * 1:18926 <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt * 1:18930 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt * 1:18998 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:18999 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:19104 <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt * 1:19105 <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt * 1:19137 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt * 1:19138 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt * 1:19139 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt * 1:19140 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:19813 <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt * 1:19826 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:19938 <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt * 1:20030 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt * 1:20134 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:20177 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt * 1:20179 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt * 1:20180 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt * 1:20214 <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt * 1:20215 <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt * 1:20240 <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt * 1:20241 <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt * 1:20532 <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt * 1:20628 <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt * 1:20635 <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt * 1:20761 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:21233 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:21349 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21350 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21752 <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt * 1:21914 <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt * 1:22952 <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt * 1:23096 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:23330 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:24147 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:24221 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24222 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24223 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24480 <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt * 1:24512 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt * 1:24693 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:24704 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24705 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24913 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:24914 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:25059 <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt * 1:25318 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25319 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25334 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25335 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25336 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25337 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25338 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25339 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25340 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25534 <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt * 1:25654 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25655 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25656 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25849 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26394 <-> SERVER-OTHER Bopup Communications server buffer overflow attempt * 1:26548 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:27006 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:27123 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt * 1:27657 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27658 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27796 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt * 1:27797 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt * 1:28052 <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt * 1:29105 <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt * 1:2927 <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt * 1:29502 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:29505 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:29511 <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt * 1:29515 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:29516 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29517 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29528 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt * 1:29529 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt * 1:29530 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt * 1:29531 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt * 1:29532 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt * 1:29534 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:29584 <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt * 1:29585 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt * 1:29586 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29587 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29588 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29589 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29590 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29591 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29603 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:29611 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt * 1:29626 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29627 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29628 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29629 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29630 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:3007 <-> PROTOCOL-IMAP command overflow attempt * 1:30507 <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt * 1:30553 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:30554 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30555 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30556 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:3066 <-> PROTOCOL-IMAP APPEND overflow attempt * 1:3070 <-> PROTOCOL-IMAP fetch overflow attempt * 1:3072 <-> PROTOCOL-IMAP STATUS overflow attempt * 1:3073 <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt * 1:3074 <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt * 1:3078 <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt * 1:3084 <-> SERVER-OTHER Veritas backup overflow attempt * 1:31148 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31149 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31238 <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt * 1:31337 <-> SERVER-OTHER Nagios NRPE command execution attempt * 1:31365 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:31368 <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt * 1:31373 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:31375 <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt * 1:31438 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:32056 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32347 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32348 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32349 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32462 <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt * 1:33875 <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt * 1:3453 <-> SERVER-OTHER Arkeia client backup system info probe * 1:3454 <-> SERVER-OTHER Arkeia client backup generic info probe * 1:3457 <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt * 1:3458 <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt * 1:3517 <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt * 1:36542 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:36803 <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt * 1:36877 <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt * 1:3697 <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt * 1:37446 <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt * 1:37657 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37658 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37659 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37660 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37661 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37662 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37732 <-> POLICY-OTHER eicar test string download attempt * 1:37805 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:38270 <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt * 1:38271 <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt * 1:39459 <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt * 1:39875 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:4126 <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash * 1:42110 <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt * 1:42120 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42121 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42226 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:43067 <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt * 1:43068 <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt * 1:44151 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:44202 <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt * 1:44310 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44311 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44312 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44671 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44672 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44673 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:46329 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46330 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46331 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46332 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:4681 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:47470 <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt * 1:49252 <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt * 1:49890 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49891 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49892 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49893 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50828 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50829 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:51045 <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt * 1:51582 <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt * 1:51686 <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt * 1:52268 <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt * 1:52333 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52334 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52478 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:5316 <-> SERVER-OTHER CA CAM log_security overflow attempt * 1:5702 <-> PROTOCOL-IMAP subscribe directory traversal attempt * 1:5704 <-> PROTOCOL-IMAP SELECT overflow attempt * 1:57931 <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt * 1:591 <-> PROTOCOL-RPC portmap ypupdated request TCP * 1:604 <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt * 1:610 <-> PROTOCOL-SERVICES rsh root * 1:6414 <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt * 1:6507 <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt * 1:6512 <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt * 1:8441 <-> SERVER-WEBAPP McAfee header buffer overflow attempt * 1:9632 <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt * 1:9790 <-> SERVER-OTHER HP-UX lpd command execution attempt * 1:9806 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.
The format of the file is:
gid:sid <-> Message
* 1:57938 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:57939 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:58601 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58602 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58603 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58604 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58605 <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt * 1:58606 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58607 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58608 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58609 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58610 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58611 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58612 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58613 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58614 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58615 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58616 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58617 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58618 <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt * 1:58619 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58620 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58621 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58622 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58623 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58624 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58625 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58626 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58630 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58631 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58632 <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt * 3:58633 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 3:58634 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 1:58635 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt * 1:58636 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt * 1:10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt * 1:10130 <-> POLICY-OTHER VERITAS NetBackup system - execution function call access * 1:10187 <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow * 1:10202 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt * 1:10208 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt * 1:10407 <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt * 1:10486 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt * 1:10998 <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow * 1:11196 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:11442 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:11670 <-> SERVER-OTHER Symantec Discovery logging buffer overflow * 1:11680 <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt * 1:11684 <-> OS-WINDOWS Microsoft Windows WINS overflow attempt * 1:11945 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt * 1:11955 <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt * 1:11956 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt * 1:11959 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt * 1:11960 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:11961 <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt * 1:11962 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:12078 <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow * 1:12079 <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt * 1:12307 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt * 1:12326 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt * 1:12332 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt * 1:12335 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt * 1:12341 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt * 1:12347 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt * 1:12362 <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt * 1:12424 <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt * 1:12458 <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt * 1:12596 <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt * 1:12667 <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt * 1:12784 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12785 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12786 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12910 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt * 1:12916 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt * 1:12922 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt * 1:12928 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt * 1:12934 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt * 1:13221 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt * 1:13363 <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt * 1:13365 <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:13519 <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt * 1:13522 <-> SERVER-OTHER Firebird Database Server username handling buffer overflow * 1:13613 <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt * 1:13656 <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt * 1:13715 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:13804 <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt * 1:13819 <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt * 1:13839 <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt * 1:13843 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:13922 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:1412 <-> PROTOCOL-SNMP public access tcp * 1:1414 <-> PROTOCOL-SNMP private access tcp * 1:14768 <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt * 1:14769 <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt * 1:14773 <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt * 1:15186 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15188 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15255 <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt * 1:15422 <-> SERVER-OTHER Sun One web proxy server overflow attempt * 1:15434 <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt * 1:15436 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt * 1:15437 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt * 1:15477 <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt * 1:15479 <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt * 1:15482 <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt * 1:15484 <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt * 1:15527 <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt * 1:15571 <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt * 1:15573 <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt * 1:15726 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:15908 <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt * 1:15942 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15943 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15970 <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt * 1:15978 <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt * 1:15986 <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt * 1:16034 <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt * 1:16196 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:16216 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:16217 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt * 1:16309 <-> SERVER-ORACLE auth_sesskey buffer overflow attempt * 1:16332 <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt * 1:1634 <-> PROTOCOL-POP PASS overflow attempt * 1:16438 <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt * 1:16444 <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt * 1:16555 <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt * 1:16604 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt * 1:16674 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:16685 <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt * 1:16706 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt * 1:16712 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET * 1:16713 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST * 1:16797 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt * 1:17045 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt * 1:17156 <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt * 1:17206 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp * 1:17295 <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt * 1:17445 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:17530 <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow * 1:17536 <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt * 1:17577 <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access * 1:17625 <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt * 1:17706 <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt * 1:17707 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt * 1:17714 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17715 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17723 <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected * 1:18243 <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt * 1:18285 <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt * 1:18291 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt * 1:18292 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt * 1:18293 <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt * 1:18311 <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt * 1:18320 <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt * 1:18327 <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt * 1:1842 <-> PROTOCOL-IMAP login buffer overflow attempt * 1:18475 <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow * 1:18480 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter * 1:18481 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter * 1:18487 <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt * 1:18525 <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt * 1:18555 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:18558 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt * 1:18579 <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt * 1:18581 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18582 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18587 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt * 1:18648 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt * 1:18649 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt * 1:18651 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt * 1:18656 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt * 1:18657 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:18659 <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt * 1:18745 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt * 1:18751 <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt * 1:18754 <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt * 1:18759 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST * 1:18760 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET * 1:18764 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:18769 <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt * 1:18791 <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt * 1:18793 <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt * 1:18795 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt * 1:18802 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt * 1:18902 <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt * 1:18926 <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt * 1:18930 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt * 1:18998 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:18999 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:19104 <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt * 1:19105 <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt * 1:19137 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt * 1:19138 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt * 1:19139 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt * 1:19140 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:19813 <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt * 1:19826 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:19938 <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt * 1:20030 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt * 1:20134 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:20177 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt * 1:20179 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt * 1:20180 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt * 1:20214 <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt * 1:20215 <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt * 1:20240 <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt * 1:20241 <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt * 1:20532 <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt * 1:20628 <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt * 1:20635 <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt * 1:20761 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:21233 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:21349 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21350 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21752 <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt * 1:21914 <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt * 1:22952 <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt * 1:23096 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:23330 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:24147 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:24221 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24222 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24223 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24480 <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt * 1:24512 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt * 1:24693 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:24704 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24705 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24913 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:24914 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:25059 <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt * 1:25318 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25319 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25334 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25335 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25336 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25337 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25338 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25339 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25340 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25534 <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt * 1:25654 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25655 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25656 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25849 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26394 <-> SERVER-OTHER Bopup Communications server buffer overflow attempt * 1:26548 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:27006 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:27123 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt * 1:27657 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27658 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27796 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt * 1:27797 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt * 1:28052 <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt * 1:29105 <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt * 1:2927 <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt * 1:29502 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:29505 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:29511 <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt * 1:29515 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:29516 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29517 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29528 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt * 1:29529 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt * 1:29530 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt * 1:29531 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt * 1:29532 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt * 1:29534 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:29584 <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt * 1:29585 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt * 1:29586 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29587 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29588 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29589 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29590 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29591 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29603 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:29611 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt * 1:29626 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29627 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29628 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29629 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29630 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:3007 <-> PROTOCOL-IMAP command overflow attempt * 1:30507 <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt * 1:30553 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:30554 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30555 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30556 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:3066 <-> PROTOCOL-IMAP APPEND overflow attempt * 1:3070 <-> PROTOCOL-IMAP fetch overflow attempt * 1:3072 <-> PROTOCOL-IMAP STATUS overflow attempt * 1:3073 <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt * 1:3074 <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt * 1:3078 <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt * 1:3084 <-> SERVER-OTHER Veritas backup overflow attempt * 1:31148 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31149 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31238 <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt * 1:31337 <-> SERVER-OTHER Nagios NRPE command execution attempt * 1:31365 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:31368 <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt * 1:31373 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:31375 <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt * 1:31438 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:32056 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32347 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32348 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32349 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32462 <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt * 1:33875 <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt * 1:3453 <-> SERVER-OTHER Arkeia client backup system info probe * 1:3454 <-> SERVER-OTHER Arkeia client backup generic info probe * 1:3457 <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt * 1:3458 <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt * 1:3517 <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt * 1:36542 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:36803 <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt * 1:36877 <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt * 1:3697 <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt * 1:37446 <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt * 1:37657 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37658 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37659 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37660 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37661 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37662 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37732 <-> POLICY-OTHER eicar test string download attempt * 1:37805 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:38270 <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt * 1:38271 <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt * 1:39459 <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt * 1:39875 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:4126 <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash * 1:42110 <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt * 1:42120 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42121 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42226 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:43067 <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt * 1:43068 <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt * 1:44151 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:44202 <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt * 1:44310 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44311 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44312 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44671 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44672 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44673 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:46329 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46330 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46331 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46332 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:4681 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:47470 <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt * 1:49252 <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt * 1:49890 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49891 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49892 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49893 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50828 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50829 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:51045 <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt * 1:51582 <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt * 1:51686 <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt * 1:52268 <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt * 1:52333 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52334 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52478 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:5316 <-> SERVER-OTHER CA CAM log_security overflow attempt * 1:5702 <-> PROTOCOL-IMAP subscribe directory traversal attempt * 1:5704 <-> PROTOCOL-IMAP SELECT overflow attempt * 1:57931 <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt * 1:591 <-> PROTOCOL-RPC portmap ypupdated request TCP * 1:604 <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt * 1:610 <-> PROTOCOL-SERVICES rsh root * 1:6414 <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt * 1:6507 <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt * 1:6512 <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt * 1:8441 <-> SERVER-WEBAPP McAfee header buffer overflow attempt * 1:9632 <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt * 1:9790 <-> SERVER-OTHER HP-UX lpd command execution attempt * 1:9806 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.
The format of the file is:
gid:sid <-> Message
* 1:57938 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:57939 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:58601 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58602 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58603 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58604 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58605 <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt * 1:58606 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58607 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58608 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58609 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58610 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58611 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58612 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58613 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58614 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58615 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58616 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58617 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58618 <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt * 1:58619 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58620 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58621 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58622 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58623 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58624 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58625 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58626 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58630 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58631 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58632 <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt * 3:58633 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 3:58634 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 1:58635 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt * 1:58636 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt * 1:10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt * 1:10130 <-> POLICY-OTHER VERITAS NetBackup system - execution function call access * 1:10187 <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow * 1:10202 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt * 1:10208 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt * 1:10407 <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt * 1:10486 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt * 1:10998 <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow * 1:11196 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:11442 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:11670 <-> SERVER-OTHER Symantec Discovery logging buffer overflow * 1:11680 <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt * 1:11684 <-> OS-WINDOWS Microsoft Windows WINS overflow attempt * 1:11945 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt * 1:11955 <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt * 1:11956 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt * 1:11959 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt * 1:11960 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:11961 <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt * 1:11962 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:12078 <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow * 1:12079 <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt * 1:12307 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt * 1:12326 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt * 1:12332 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt * 1:12335 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt * 1:12341 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt * 1:12347 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt * 1:12362 <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt * 1:12424 <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt * 1:12458 <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt * 1:12596 <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt * 1:12667 <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt * 1:12784 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12785 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12786 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12910 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt * 1:12916 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt * 1:12922 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt * 1:12928 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt * 1:12934 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt * 1:13221 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt * 1:13363 <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt * 1:13365 <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:13519 <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt * 1:13522 <-> SERVER-OTHER Firebird Database Server username handling buffer overflow * 1:13613 <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt * 1:13656 <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt * 1:13715 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:13804 <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt * 1:13819 <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt * 1:13839 <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt * 1:13843 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:13922 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:1412 <-> PROTOCOL-SNMP public access tcp * 1:1414 <-> PROTOCOL-SNMP private access tcp * 1:14768 <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt * 1:14769 <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt * 1:14773 <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt * 1:15186 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15188 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15255 <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt * 1:15422 <-> SERVER-OTHER Sun One web proxy server overflow attempt * 1:15434 <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt * 1:15436 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt * 1:15437 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt * 1:15477 <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt * 1:15479 <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt * 1:15482 <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt * 1:15484 <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt * 1:15527 <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt * 1:15571 <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt * 1:15573 <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt * 1:15726 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:15908 <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt * 1:15942 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15943 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15970 <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt * 1:15978 <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt * 1:15986 <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt * 1:16034 <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt * 1:16196 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:16216 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:16217 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt * 1:16309 <-> SERVER-ORACLE auth_sesskey buffer overflow attempt * 1:16332 <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt * 1:1634 <-> PROTOCOL-POP PASS overflow attempt * 1:16438 <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt * 1:16444 <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt * 1:16555 <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt * 1:16604 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt * 1:16674 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:16685 <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt * 1:16706 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt * 1:16712 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET * 1:16713 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST * 1:16797 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt * 1:17045 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt * 1:17156 <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt * 1:17206 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp * 1:17295 <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt * 1:17445 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:17530 <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow * 1:17536 <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt * 1:17577 <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access * 1:17625 <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt * 1:17706 <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt * 1:17707 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt * 1:17714 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17715 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17723 <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected * 1:18243 <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt * 1:18285 <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt * 1:18291 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt * 1:18292 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt * 1:18293 <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt * 1:18311 <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt * 1:18320 <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt * 1:18327 <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt * 1:1842 <-> PROTOCOL-IMAP login buffer overflow attempt * 1:18475 <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow * 1:18480 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter * 1:18481 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter * 1:18487 <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt * 1:18525 <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt * 1:18555 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:18558 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt * 1:18579 <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt * 1:18581 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18582 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18587 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt * 1:18648 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt * 1:18649 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt * 1:18651 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt * 1:18656 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt * 1:18657 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:18659 <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt * 1:18745 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt * 1:18751 <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt * 1:18754 <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt * 1:18759 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST * 1:18760 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET * 1:18764 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:18769 <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt * 1:18791 <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt * 1:18793 <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt * 1:18795 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt * 1:18802 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt * 1:18902 <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt * 1:18926 <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt * 1:18930 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt * 1:18998 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:18999 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:19104 <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt * 1:19105 <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt * 1:19137 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt * 1:19138 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt * 1:19139 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt * 1:19140 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:19813 <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt * 1:19826 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:19938 <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt * 1:20030 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt * 1:20134 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:20177 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt * 1:20179 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt * 1:20180 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt * 1:20214 <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt * 1:20215 <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt * 1:20240 <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt * 1:20241 <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt * 1:20532 <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt * 1:20628 <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt * 1:20635 <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt * 1:20761 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:21233 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:21349 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21350 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21752 <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt * 1:21914 <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt * 1:22952 <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt * 1:23096 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:23330 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:24147 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:24221 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24222 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24223 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24480 <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt * 1:24512 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt * 1:24693 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:24704 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24705 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24913 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:24914 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:25059 <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt * 1:25318 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25319 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25334 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25335 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25336 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25337 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25338 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25339 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25340 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25534 <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt * 1:25654 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25655 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25656 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25849 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26394 <-> SERVER-OTHER Bopup Communications server buffer overflow attempt * 1:26548 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:27006 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:27123 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt * 1:27657 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27658 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27796 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt * 1:27797 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt * 1:28052 <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt * 1:29105 <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt * 1:2927 <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt * 1:29502 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:29505 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:29511 <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt * 1:29515 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:29516 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29517 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29528 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt * 1:29529 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt * 1:29530 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt * 1:29531 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt * 1:29532 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt * 1:29534 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:29584 <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt * 1:29585 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt * 1:29586 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29587 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29588 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29589 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29590 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29591 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29603 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:29611 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt * 1:29626 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29627 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29628 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29629 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29630 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:3007 <-> PROTOCOL-IMAP command overflow attempt * 1:30507 <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt * 1:30553 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:30554 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30555 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30556 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:3066 <-> PROTOCOL-IMAP APPEND overflow attempt * 1:3070 <-> PROTOCOL-IMAP fetch overflow attempt * 1:3072 <-> PROTOCOL-IMAP STATUS overflow attempt * 1:3073 <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt * 1:3074 <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt * 1:3078 <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt * 1:3084 <-> SERVER-OTHER Veritas backup overflow attempt * 1:31148 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31149 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31238 <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt * 1:31337 <-> SERVER-OTHER Nagios NRPE command execution attempt * 1:31365 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:31368 <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt * 1:31373 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:31375 <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt * 1:31438 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:32056 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32347 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32348 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32349 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32462 <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt * 1:33875 <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt * 1:3453 <-> SERVER-OTHER Arkeia client backup system info probe * 1:3454 <-> SERVER-OTHER Arkeia client backup generic info probe * 1:3457 <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt * 1:3458 <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt * 1:3517 <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt * 1:36542 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:36803 <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt * 1:36877 <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt * 1:3697 <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt * 1:37446 <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt * 1:37657 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37658 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37659 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37660 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37661 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37662 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37732 <-> POLICY-OTHER eicar test string download attempt * 1:37805 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:38270 <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt * 1:38271 <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt * 1:39459 <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt * 1:39875 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:4126 <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash * 1:42110 <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt * 1:42120 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42121 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42226 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:43067 <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt * 1:43068 <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt * 1:44151 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:44202 <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt * 1:44310 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44311 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44312 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44671 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44672 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44673 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:46329 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46330 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46331 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46332 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:4681 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:47470 <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt * 1:49252 <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt * 1:49890 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49891 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49892 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49893 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50828 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50829 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:51045 <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt * 1:51582 <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt * 1:51686 <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt * 1:52268 <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt * 1:52333 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52334 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52478 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:5316 <-> SERVER-OTHER CA CAM log_security overflow attempt * 1:5702 <-> PROTOCOL-IMAP subscribe directory traversal attempt * 1:5704 <-> PROTOCOL-IMAP SELECT overflow attempt * 1:57931 <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt * 1:591 <-> PROTOCOL-RPC portmap ypupdated request TCP * 1:604 <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt * 1:610 <-> PROTOCOL-SERVICES rsh root * 1:6414 <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt * 1:6507 <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt * 1:6512 <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt * 1:8441 <-> SERVER-WEBAPP McAfee header buffer overflow attempt * 1:9632 <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt * 1:9790 <-> SERVER-OTHER HP-UX lpd command execution attempt * 1:9806 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.
The format of the file is:
gid:sid <-> Message
* 1:57938 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:57939 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:58601 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58602 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58603 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58604 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58605 <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt * 1:58606 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58607 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58608 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58609 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58610 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58611 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58612 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58613 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58614 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58615 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58616 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58617 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58618 <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt * 1:58619 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58620 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58621 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58622 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58623 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58624 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58625 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58626 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58630 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58631 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58632 <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt * 3:58633 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 3:58634 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 1:58635 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt * 1:58636 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt * 1:10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt * 1:10130 <-> POLICY-OTHER VERITAS NetBackup system - execution function call access * 1:10187 <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow * 1:10202 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt * 1:10208 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt * 1:10407 <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt * 1:10486 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt * 1:10998 <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow * 1:11196 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:11442 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:11670 <-> SERVER-OTHER Symantec Discovery logging buffer overflow * 1:11680 <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt * 1:11684 <-> OS-WINDOWS Microsoft Windows WINS overflow attempt * 1:11945 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt * 1:11955 <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt * 1:11956 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt * 1:11959 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt * 1:11960 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:11961 <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt * 1:11962 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:12078 <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow * 1:12079 <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt * 1:12307 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt * 1:12326 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt * 1:12332 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt * 1:12335 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt * 1:12341 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt * 1:12347 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt * 1:12362 <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt * 1:12424 <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt * 1:12458 <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt * 1:12596 <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt * 1:12667 <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt * 1:12784 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12785 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12786 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12910 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt * 1:12916 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt * 1:12922 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt * 1:12928 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt * 1:12934 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt * 1:13221 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt * 1:13363 <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt * 1:13365 <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:13519 <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt * 1:13522 <-> SERVER-OTHER Firebird Database Server username handling buffer overflow * 1:13613 <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt * 1:13656 <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt * 1:13715 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:13804 <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt * 1:13819 <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt * 1:13839 <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt * 1:13843 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:13922 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:1412 <-> PROTOCOL-SNMP public access tcp * 1:1414 <-> PROTOCOL-SNMP private access tcp * 1:14768 <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt * 1:14769 <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt * 1:14773 <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt * 1:15186 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15188 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15255 <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt * 1:15422 <-> SERVER-OTHER Sun One web proxy server overflow attempt * 1:15434 <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt * 1:15436 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt * 1:15437 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt * 1:15477 <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt * 1:15479 <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt * 1:15482 <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt * 1:15484 <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt * 1:15527 <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt * 1:15571 <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt * 1:15573 <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt * 1:15726 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:15908 <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt * 1:15942 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15943 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15970 <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt * 1:15978 <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt * 1:15986 <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt * 1:16034 <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt * 1:16196 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:16216 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:16217 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt * 1:16309 <-> SERVER-ORACLE auth_sesskey buffer overflow attempt * 1:16332 <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt * 1:1634 <-> PROTOCOL-POP PASS overflow attempt * 1:16438 <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt * 1:16444 <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt * 1:16555 <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt * 1:16604 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt * 1:16674 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:16685 <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt * 1:16706 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt * 1:16712 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET * 1:16713 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST * 1:16797 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt * 1:17045 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt * 1:17156 <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt * 1:17206 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp * 1:17295 <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt * 1:17445 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:17530 <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow * 1:17536 <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt * 1:17577 <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access * 1:17625 <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt * 1:17706 <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt * 1:17707 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt * 1:17714 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17715 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17723 <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected * 1:18243 <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt * 1:18285 <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt * 1:18291 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt * 1:18292 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt * 1:18293 <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt * 1:18311 <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt * 1:18320 <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt * 1:18327 <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt * 1:1842 <-> PROTOCOL-IMAP login buffer overflow attempt * 1:18475 <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow * 1:18480 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter * 1:18481 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter * 1:18487 <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt * 1:18525 <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt * 1:18555 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:18558 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt * 1:18579 <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt * 1:18581 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18582 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18587 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt * 1:18648 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt * 1:18649 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt * 1:18651 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt * 1:18656 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt * 1:18657 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:18659 <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt * 1:18745 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt * 1:18751 <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt * 1:18754 <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt * 1:18759 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST * 1:18760 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET * 1:18764 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:18769 <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt * 1:18791 <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt * 1:18793 <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt * 1:18795 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt * 1:18802 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt * 1:18902 <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt * 1:18926 <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt * 1:18930 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt * 1:18998 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:18999 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:19104 <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt * 1:19105 <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt * 1:19137 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt * 1:19138 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt * 1:19139 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt * 1:19140 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:19813 <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt * 1:19826 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:19938 <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt * 1:20030 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt * 1:20134 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:20177 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt * 1:20179 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt * 1:20180 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt * 1:20214 <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt * 1:20215 <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt * 1:20240 <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt * 1:20241 <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt * 1:20532 <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt * 1:20628 <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt * 1:20635 <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt * 1:20761 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:21233 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:21349 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21350 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21752 <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt * 1:21914 <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt * 1:22952 <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt * 1:23096 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:23330 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:24147 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:24221 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24222 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24223 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24480 <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt * 1:24512 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt * 1:24693 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:24704 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24705 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24913 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:24914 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:25059 <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt * 1:25318 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25319 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25334 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25335 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25336 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25337 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25338 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25339 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25340 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25534 <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt * 1:25654 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25655 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25656 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25849 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26394 <-> SERVER-OTHER Bopup Communications server buffer overflow attempt * 1:26548 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:27006 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:27123 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt * 1:27657 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27658 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27796 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt * 1:27797 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt * 1:28052 <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt * 1:29105 <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt * 1:2927 <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt * 1:29502 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:29505 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:29511 <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt * 1:29515 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:29516 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29517 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29528 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt * 1:29529 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt * 1:29530 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt * 1:29531 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt * 1:29532 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt * 1:29534 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:29584 <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt * 1:29585 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt * 1:29586 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29587 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29588 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29589 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29590 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29591 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29603 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:29611 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt * 1:29626 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29627 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29628 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29629 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29630 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:3007 <-> PROTOCOL-IMAP command overflow attempt * 1:30507 <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt * 1:30553 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:30554 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30555 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30556 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:3066 <-> PROTOCOL-IMAP APPEND overflow attempt * 1:3070 <-> PROTOCOL-IMAP fetch overflow attempt * 1:3072 <-> PROTOCOL-IMAP STATUS overflow attempt * 1:3073 <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt * 1:3074 <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt * 1:3078 <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt * 1:3084 <-> SERVER-OTHER Veritas backup overflow attempt * 1:31148 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31149 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31238 <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt * 1:31337 <-> SERVER-OTHER Nagios NRPE command execution attempt * 1:31365 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:31368 <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt * 1:31373 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:31375 <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt * 1:31438 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:32056 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32347 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32348 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32349 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32462 <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt * 1:33875 <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt * 1:3453 <-> SERVER-OTHER Arkeia client backup system info probe * 1:3454 <-> SERVER-OTHER Arkeia client backup generic info probe * 1:3457 <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt * 1:3458 <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt * 1:3517 <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt * 1:36542 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:36803 <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt * 1:36877 <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt * 1:3697 <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt * 1:37446 <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt * 1:37657 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37658 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37659 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37660 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37661 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37662 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37732 <-> POLICY-OTHER eicar test string download attempt * 1:37805 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:38270 <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt * 1:38271 <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt * 1:39459 <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt * 1:39875 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:4126 <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash * 1:42110 <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt * 1:42120 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42121 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42226 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:43067 <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt * 1:43068 <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt * 1:44151 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:44202 <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt * 1:44310 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44311 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44312 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44671 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44672 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44673 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:46329 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46330 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46331 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46332 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:4681 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:47470 <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt * 1:49252 <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt * 1:49890 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49891 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49892 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49893 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50828 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50829 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:51045 <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt * 1:51582 <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt * 1:51686 <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt * 1:52268 <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt * 1:52333 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52334 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52478 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:5316 <-> SERVER-OTHER CA CAM log_security overflow attempt * 1:5702 <-> PROTOCOL-IMAP subscribe directory traversal attempt * 1:5704 <-> PROTOCOL-IMAP SELECT overflow attempt * 1:57931 <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt * 1:591 <-> PROTOCOL-RPC portmap ypupdated request TCP * 1:604 <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt * 1:610 <-> PROTOCOL-SERVICES rsh root * 1:6414 <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt * 1:6507 <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt * 1:6512 <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt * 1:8441 <-> SERVER-WEBAPP McAfee header buffer overflow attempt * 1:9632 <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt * 1:9790 <-> SERVER-OTHER HP-UX lpd command execution attempt * 1:9806 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.
The format of the file is:
gid:sid <-> Message
* 1:57938 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:57939 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:58601 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58602 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58603 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58604 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58605 <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt * 1:58606 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58607 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58608 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58609 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58610 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58611 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58612 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58613 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58614 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58615 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58616 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58617 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58618 <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt * 1:58619 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58620 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58621 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58622 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58623 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58624 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58625 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58626 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58630 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58631 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58632 <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt * 3:58633 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 3:58634 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 1:58635 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt * 1:58636 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt * 1:10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt * 1:10130 <-> POLICY-OTHER VERITAS NetBackup system - execution function call access * 1:10187 <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow * 1:10202 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt * 1:10208 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt * 1:10407 <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt * 1:10486 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt * 1:10998 <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow * 1:11196 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:11442 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:11670 <-> SERVER-OTHER Symantec Discovery logging buffer overflow * 1:11680 <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt * 1:11684 <-> OS-WINDOWS Microsoft Windows WINS overflow attempt * 1:11945 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt * 1:11955 <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt * 1:11956 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt * 1:11959 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt * 1:11960 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:11961 <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt * 1:11962 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:12078 <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow * 1:12079 <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt * 1:12307 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt * 1:12326 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt * 1:12332 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt * 1:12335 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt * 1:12341 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt * 1:12347 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt * 1:12362 <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt * 1:12424 <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt * 1:12458 <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt * 1:12596 <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt * 1:12667 <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt * 1:12784 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12785 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12786 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12910 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt * 1:12916 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt * 1:12922 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt * 1:12928 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt * 1:12934 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt * 1:13221 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt * 1:13363 <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt * 1:13365 <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:13519 <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt * 1:13522 <-> SERVER-OTHER Firebird Database Server username handling buffer overflow * 1:13613 <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt * 1:13656 <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt * 1:13715 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:13804 <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt * 1:13819 <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt * 1:13839 <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt * 1:13843 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:13922 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:1412 <-> PROTOCOL-SNMP public access tcp * 1:1414 <-> PROTOCOL-SNMP private access tcp * 1:14768 <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt * 1:14769 <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt * 1:14773 <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt * 1:15186 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15188 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15255 <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt * 1:15422 <-> SERVER-OTHER Sun One web proxy server overflow attempt * 1:15434 <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt * 1:15436 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt * 1:15437 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt * 1:15477 <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt * 1:15479 <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt * 1:15482 <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt * 1:15484 <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt * 1:15527 <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt * 1:15571 <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt * 1:15573 <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt * 1:15726 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:15908 <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt * 1:15942 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15943 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15970 <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt * 1:15978 <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt * 1:15986 <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt * 1:16034 <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt * 1:16196 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:16216 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:16217 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 45 integer overflow attempt * 1:16309 <-> SERVER-ORACLE auth_sesskey buffer overflow attempt * 1:16332 <-> SERVER-OTHER Symantec System Center Alert Management System untrusted command execution attempt * 1:1634 <-> PROTOCOL-POP PASS overflow attempt * 1:16438 <-> SERVER-ORACLE WebLogic Server Node Manager arbitrary command execution attempt * 1:16444 <-> SERVER-OTHER HP StorageWorks storage mirroring double take service code execution attempt * 1:16555 <-> SERVER-WEBAPP HP Openview Network Node Manager OvAcceptLang overflow attempt * 1:16604 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow attempt * 1:16674 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:16685 <-> SERVER-OTHER IBM Tivoli Storage Manager Client dsmagent.exe NodeName length buffer overflow attempt * 1:16706 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP array size buffer overflow attempt * 1:16712 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - GET * 1:16713 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection buffer overflow attempt - POST * 1:16797 <-> PROTOCOL-RPC Oracle Solaris sadmind TCP data length integer overflow attempt * 1:17045 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt * 1:17156 <-> SERVER-APACHE HP Performance Manager Apache Tomcat policy bypass attempt * 1:17206 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp * 1:17295 <-> SERVER-WEBAPP Trend Micro OfficeScan Console authentication buffer overflow attempt * 1:17445 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file upload attempt * 1:17530 <-> SERVER-OTHER HP OpenView Storage Data Protector Stack Buffer Overflow * 1:17536 <-> SERVER-WEBAPP generic server HTTP Auth Header buffer overflow attempt * 1:17577 <-> SERVER-OTHER CA BightStor ARCserver Backup possible insecure method access * 1:17625 <-> SERVER-ORACLE Database Core RDBMS component denial of service attempt * 1:17706 <-> SERVER-OTHER Veritas NetBackup java user interface service format string attack attempt * 1:17707 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt * 1:17714 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17715 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt * 1:17723 <-> OS-WINDOWS possible SMB replay attempt - overlapping encryption keys detected * 1:18243 <-> SERVER-IIS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt * 1:18285 <-> SERVER-OTHER BrightStor ARCserve backup tape engine buffer overflow attempt * 1:18291 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 77 Attempt * 1:18292 <-> SERVER-OTHER Arkeia Network Backup Client Buffer Overflow Type 84 Attempt * 1:18293 <-> SERVER-WEBAPP Secure Backup login.php uname variable based command injection attempt * 1:18311 <-> SERVER-WEBAPP Novell iManager getMultiPartParameters arbitrary file upload attempt * 1:18320 <-> OS-WINDOWS Microsoft Windows WINS association context validation overflow attempt * 1:18327 <-> PROTOCOL-SCADA Kingview HMI heap overflow attempt * 1:1842 <-> PROTOCOL-IMAP login buffer overflow attempt * 1:18475 <-> SERVER-WEBAPP HP Openview OvWebHelp.exe buffer overflow * 1:18480 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - userid parameter * 1:18481 <-> SERVER-WEBAPP HP openview network node manager ovlogin.exe buffer overflow - password parameter * 1:18487 <-> SERVER-OTHER Ingres Database iidbms heap overflow attempt * 1:18525 <-> SERVER-OTHER Lotus Domino LDAP Heap Buffer Overflow Attempt * 1:18555 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:18558 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt * 1:18579 <-> SERVER-WEBAPP HP OpenView Network Node Manager OpenView5 CGI buffer overflow attempt * 1:18581 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18582 <-> SERVER-OTHER IBM Tivoli Provisioning Manager long URI request buffer overflow attempt * 1:18587 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 267 buffer overflow attempt * 1:18648 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file upload/download attempt * 1:18649 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation overflow attempt * 1:18651 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe report template overflow attempt * 1:18656 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe strep overflow attempt * 1:18657 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:18659 <-> PROTOCOL-SCADA RealWin 2.1 SCPC_INITIALIZE overflow attempt * 1:18745 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs buffer overflow attempt * 1:18751 <-> SERVER-WEBAPP Samba SWAT HTTP Authentication overflow attempt * 1:18754 <-> SERVER-OTHER HP Data Protector Backup Client Service code execution attempt * 1:18759 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - POST * 1:18760 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovwebsnmpsrv.exe displayWidth buffer overflow attempt - GET * 1:18764 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:18769 <-> SERVER-OTHER LDAP Novell eDirectory evtFilteredMonitorEventsRequest function heap overflow attempt * 1:18791 <-> SERVER-OTHER Novell ZENworks Configuration Management Preboot service code overflow attempt * 1:18793 <-> SERVER-WEBAPP Novell ZENworks Configuration Management fileupload code execution attempt * 1:18795 <-> SERVER-WEBAPP HP OpenView Network Node Manager ovet_demandpoll.exe format string execution attempt * 1:18802 <-> SERVER-WEBAPP HP Power Manager formExportDataLogs directory traversal attempt * 1:18902 <-> SERVER-WEBAPP Novell Teaming ajaxUploadImageFile remote code execution attempt * 1:18926 <-> PROTOCOL-SNMP Multiple vendors AgentX receive_agentx integer overflow attempt * 1:18930 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe Template format string code execution attempt * 1:18998 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:18999 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:19104 <-> SERVER-OTHER HP OpenView Storage Data Protector Cell Manager heap overflow attempt * 1:19105 <-> SERVER-OTHER HP Data Protector Manager MMD service buffer overflow attempt * 1:19137 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI ICount parameter buffer overflow attempt * 1:19138 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI hostname parameter buffer overflow attempt * 1:19139 <-> SERVER-WEBAPP HP OpenView NNM getnnmdata.exe CGI MaxAge parameter buffer overflow attempt * 1:19140 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:19813 <-> SERVER-WEBAPP Novell File Reporter Agent stack buffer overflow attempt * 1:19826 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:19938 <-> SERVER-OTHER IBM Tivoli Directory Server ibmslapd.exe stack buffer overflow attempt * 1:20030 <-> PROTOCOL-SCADA IGSS IGSSDataServer.exe file operation directory traversal attempt * 1:20134 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:20177 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe CGI Host parameter buffer overflow attempt * 1:20179 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe userid parameter buffer overflow attempt * 1:20180 <-> SERVER-WEBAPP HP OpenView NNM ovlogin.exe passwd parameter buffer overflow attempt * 1:20214 <-> PROTOCOL-SCADA Measuresoft ScadaPro msvcrt.dll local command execution attempt * 1:20215 <-> PROTOCOL-SCADA Measuresoft ScadaPro directory traversal file operation attempt * 1:20240 <-> SERVER-WEBAPP HP OpenView NNM nnmRptConfig.exe CGI Host parameter buffer overflow attempt * 1:20241 <-> SERVER-WEBAPP HP OpenView NNM snmp.exe CGI Host parameter buffer overflow attempt * 1:20532 <-> SERVER-WEBAPP HP OpenView Storage Data Protector get file buffer overflow attempt * 1:20628 <-> SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt * 1:20635 <-> SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt * 1:20761 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:21233 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:21349 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21350 <-> SERVER-OTHER HP OpenView Storage Data Protector stack overflow attempt * 1:21752 <-> SERVER-OTHER Novell ZENWorks configuration management preboot request buffer overflow attempt * 1:21914 <-> SERVER-OTHER Novell ZENWorks configuration management preboot opcode 6C request buffer overflow attempt * 1:22952 <-> SERVER-OTHER Iron Mountain connected backup opcode 13 processing command injection attempt * 1:23096 <-> SERVER-OTHER VERITAS NetBackup java authentication service format string exploit attempt * 1:23330 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:24147 <-> SERVER-WEBAPP HP OpenView Network Node Manager nnmRptConfig.exe multiple parameters buffer overflow attempt * 1:24221 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24222 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24223 <-> SERVER-OTHER HP Data Protector client EXEC_CMD command execution attempt * 1:24480 <-> PROTOCOL-SCADA WellinTech Kingview HMI history server buffer overflow attempt * 1:24512 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt * 1:24693 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:24704 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24705 <-> SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt * 1:24913 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:24914 <-> SERVER-WEBAPP HP OpenView NNM ovutil.dll getProxiedStorageAddress buffer overflow attempt * 1:25059 <-> SERVER-OTHER SAP Business One License Manager buffer overflow attempt * 1:25318 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25319 <-> SERVER-WEBAPP InduSoft Web Studio arbitrary file upload attempt * 1:25334 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25335 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25336 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25337 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25338 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25339 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25340 <-> SERVER-OTHER Novell File Reporter record tag parsing buffer overflow attempt * 1:25534 <-> SERVER-WEBAPP Sonicwall Global Management System authentication bypass attempt * 1:25654 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25655 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25656 <-> SERVER-OTHER HP OpenView Storage Data Protector exec_cmd buffer overflow attempt * 1:25849 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:2589 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:26394 <-> SERVER-OTHER Bopup Communications server buffer overflow attempt * 1:26548 <-> SERVER-WEBAPP HP OpenView NNM webappmon.exe buffer overflow attempt * 1:27006 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:27123 <-> SERVER-OTHER HP OpenView Storage Data Protector CRS opcode 259 buffer overflow attempt * 1:27657 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27658 <-> BROWSER-PLUGINS VMWare Remote Console format string code execution attempt * 1:27796 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt * 1:27797 <-> SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt * 1:28052 <-> SERVER-WEBAPP Linksys WRT110 ping.cgi remote command execution attempt * 1:29105 <-> SERVER-WEBAPP ManageEngine DesktopCentral agentLogUploader servlet directory traversal attempt * 1:2927 <-> OS-WINDOWS Microsoft Windows XPAT pattern overflow attempt * 1:29502 <-> SERVER-WEBAPP HP OpenView CGI parameter buffer overflow attempt * 1:29505 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:29511 <-> SERVER-WEBAPP HP OpenView NNM jovgraph.exe CGI hostname parameter bugger overflow attempt * 1:29515 <-> PROTOCOL-SCADA ScadaTec Procyon Core server password overflow attempt * 1:29516 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29517 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra information disclosure attempt * 1:29528 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 46 integer overflow attempt * 1:29529 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 47 integer overflow attempt * 1:29530 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 54 integer overflow attempt * 1:29531 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 25 integer overflow attempt * 1:29532 <-> SERVER-OTHER OpenView Network Node Manager ovalarmsrv opcode 81 integer overflow attempt * 1:29534 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:29584 <-> SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt * 1:29585 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 3 buffer overflow attempt * 1:29586 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29587 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 6 buffer overflow attempt * 1:29588 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29589 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type 7 buffer overflow attempt * 1:29590 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29591 <-> SERVER-OTHER Symantec Veritas Enterprise Administrator service vxsvc type A buffer overflow attempt * 1:29603 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:29611 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt * 1:29626 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29627 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29628 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29629 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt * 1:29630 <-> SERVER-OTHER HP OpenView Storage Data Protector buffer overflow attempt * 1:3007 <-> PROTOCOL-IMAP command overflow attempt * 1:30507 <-> SERVER-OTHER MiniUPnPd ExecuteSoapAction buffer overflow attempt * 1:30553 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:30554 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30555 <-> SERVER-OTHER HP Data Protector Backup Client Service UTF directory traversal attempt * 1:30556 <-> SERVER-OTHER HP Data Protector Backup Client Service directory traversal attempt * 1:3066 <-> PROTOCOL-IMAP APPEND overflow attempt * 1:3070 <-> PROTOCOL-IMAP fetch overflow attempt * 1:3072 <-> PROTOCOL-IMAP STATUS overflow attempt * 1:3073 <-> PROTOCOL-IMAP SUBSCRIBE literal overflow attempt * 1:3074 <-> PROTOCOL-IMAP SUBSCRIBE overflow attempt * 1:3078 <-> PROTOCOL-NNTP Microsoft Windows SEARCH pattern overflow attempt * 1:3084 <-> SERVER-OTHER Veritas backup overflow attempt * 1:31148 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31149 <-> SERVER-WEBAPP Supermicro Intelligent Management Controller login.cgi buffer overflow attempt * 1:31238 <-> SERVER-OTHER Symantec pcAnywhere remote code execution attempt * 1:31337 <-> SERVER-OTHER Nagios NRPE command execution attempt * 1:31365 <-> SERVER-WEBAPP HP Power Manager remote code execution attempt * 1:31368 <-> SERVER-WEBAPP WebBBS arbitrary system command execution attempt * 1:31373 <-> SERVER-WEBAPP HP OpenView NNM ovwebsnmpsrv.exe command line argument buffer overflow attempt * 1:31375 <-> SERVER-WEBAPP Hp OpenView CGI parameter buffer overflow attempt * 1:31438 <-> PROTOCOL-SCADA IGSS dc.exe file execution directory traversal attempt * 1:32056 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32347 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32348 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32349 <-> SERVER-WEBAPP ManageEngine FileCollector servlet directory traversal attempt * 1:32462 <-> SERVER-WEBAPP Belkin Multiple Devices buffer overflow attempt * 1:33875 <-> POLICY-OTHER SolarWinds Firewall Security Manager insecure userlogin.jsp access attempt * 1:3453 <-> SERVER-OTHER Arkeia client backup system info probe * 1:3454 <-> SERVER-OTHER Arkeia client backup generic info probe * 1:3457 <-> SERVER-OTHER Arkeia backup client type 77 overflow attempt * 1:3458 <-> SERVER-OTHER Arkeia backup client type 84 overflow attempt * 1:3517 <-> SERVER-OTHER Computer Associates license PUTOLF overflow attempt * 1:36542 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:36803 <-> SERVER-OTHER HP Intelligent Management Center img buffer overflow attempt * 1:36877 <-> NETBIOS DCERPC BrightStor ARCserve corrupt user-supplied memory location attempt * 1:3697 <-> NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt * 1:37446 <-> SERVER-OTHER BigAnt server USV command buffer overflow attempt * 1:37657 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37658 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37659 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37660 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37661 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37662 <-> SERVER-WEBAPP Headline Portal Engine HPEInc remote file include attempt * 1:37732 <-> POLICY-OTHER eicar test string download attempt * 1:37805 <-> FILE-JAVA Oracle Java IntegerInterleavedRaster integer overflow attempt * 1:38270 <-> SERVER-OTHER Wavelink Emulation License Server HTTP header overflow attempt * 1:38271 <-> SERVER-OTHER Wavelink Emulation License Server malicious URI code execution attempt * 1:39459 <-> SERVER-WEBAPP Oracle Web Cache HTTP header null byte injection attempt * 1:39875 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:4126 <-> SERVER-OTHER Veritas Backup Exec root connection attempt using default password hash * 1:42110 <-> SERVER-WEBAPP Microsoft IIS ScStoragePathFromUrl function buffer overflow attempt * 1:42120 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42121 <-> SERVER-WEBAPP Dahua IP Camera username and password disclosure attempt * 1:42226 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:43067 <-> PROTOCOL-IMAP IMAP CRAM-MD5 authentication attempt * 1:43068 <-> SERVER-OTHER IBM Lotus Domino IMAP server CRAM-MD5 authentication buffer overflow attempt * 1:44151 <-> PROTOCOL-SCADA CODESYS Gateway-Server invalid memory access attempt * 1:44202 <-> SERVER-OTHER Sybase M-Business Anywhere agSoap.exe closing tag buffer overflow attempt * 1:44310 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44311 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44312 <-> SERVER-WEBAPP Oracle Secure Backup web tool command injection attempt * 1:44671 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44672 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:44673 <-> SERVER-WEBAPP HP OpenView NNM snmpviewer.exe CGI parameter buffer overflow attempt * 1:46329 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46330 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46331 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:46332 <-> SERVER-WEBAPP SearchBlox unauthorized access attempt * 1:4681 <-> SERVER-WEBAPP Symantec Antivirus admin scan interface negative Content-Length attempt * 1:47470 <-> SERVER-WEBAPP HomeMatic CCU2 remote arbitrary code execution attempt * 1:49252 <-> SERVER-OTHER HP iNode Management Center iNodeMngChecker buffer overflow attempt * 1:49890 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49891 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49892 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:49893 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50828 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:50829 <-> SERVER-OTHER HP OpenView Storage Data Protector arbitrary command execution attempt * 1:51045 <-> SERVER-OTHER Netatalk attn_quantum authentication bypass attempt * 1:51582 <-> SERVER-WEBAPP HP SiteScope APIMonitorImpl information disclosure attempt * 1:51686 <-> SERVER-WEBAPP Schneider Electric Accutech Manager HTTP URI buffer overflow attempt * 1:52268 <-> SERVER-WEBAPP OpenMRS insecure object deserialization attempt * 1:52333 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52334 <-> OS-SOLARIS Solaris RPC XDR overflow code execution attempt * 1:52478 <-> PROTOCOL-SCADA Schneider Electric IGSS integer underflow attempt * 1:5316 <-> SERVER-OTHER CA CAM log_security overflow attempt * 1:5702 <-> PROTOCOL-IMAP subscribe directory traversal attempt * 1:5704 <-> PROTOCOL-IMAP SELECT overflow attempt * 1:57931 <-> FILE-OTHER ExifTool DjVu metadata command injection injection attempt * 1:591 <-> PROTOCOL-RPC portmap ypupdated request TCP * 1:604 <-> PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt * 1:610 <-> PROTOCOL-SERVICES rsh root * 1:6414 <-> SERVER-WEBAPP Novell GroupWise Messenger Accept-Language header buffer overflow attempt * 1:6507 <-> SERVER-WEBAPP novell edirectory imonitor overflow attempt * 1:6512 <-> SERVER-OTHER symantec antivirus realtime virusscan overflow attempt * 1:8441 <-> SERVER-WEBAPP McAfee header buffer overflow attempt * 1:9632 <-> SERVER-OTHER Tivoli Storage Manager command request buffer overflow attempt * 1:9790 <-> SERVER-OTHER HP-UX lpd command execution attempt * 1:9806 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc GetGroupStatus overflow attempt
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.
The format of the file is:
gid:sid <-> Message
* 1:57938 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:57939 <-> BROWSER-CHROME Google Chrome WebRTC addIceCandidate use after free attempt * 1:58601 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58602 <-> SERVER-WEBAPP Joomla mod_breadcrumbs Title Store cross site scripting attempt * 1:58603 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58604 <-> OS-MOBILE Apple iOS voucher release privilege escalation attempt * 1:58605 <-> SERVER-WEBAPP Citrix StoreFront Server XML external entity injection attempt * 1:58606 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58607 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58608 <-> SERVER-WEBAPP SAP NetWeaver AS JAVA CRM log injection attempt * 1:58609 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58610 <-> OS-OTHER Apple macOS kernel memory leak attempt * 1:58611 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58612 <-> BROWSER-FIREFOX Mozilla Firefox IonMonkey type confusion attempt * 1:58613 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58614 <-> BROWSER-CHROME Google Chrome V8 JavaScript Engine type confusion attempt * 1:58615 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58616 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58617 <-> OS-WINDOWS Microsoft Windows Content-Disposition CLSID command attempt * 1:58618 <-> SERVER-OTHER Amcrest Dahua NVR Camera IP2M-841 denial of service attempt * 1:58619 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58620 <-> OS-OTHER Apple IOMobileFrameBuffer local privilege escalation attempt * 1:58621 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58622 <-> FILE-OTHER Apple iOS Webkit universal XSS attempt * 1:58623 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58624 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58625 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58626 <-> SERVER-OTHER OpenLDAP slap_parse_user denial of service attempt * 1:58630 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58631 <-> FILE-OTHER VMware Fusion privilege escalation attempt * 1:58632 <-> SERVER-OTHER SolarWinds Orion MSMQ remote code execution attempt * 3:58633 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 3:58634 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1416 attack attempt * 1:58635 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt * 1:58636 <-> OS-WINDOWS Microsoft Windows Installer privilege escalation attempt
* 1:10010 <-> SERVER-OTHER Putty Server key exchange buffer overflow attempt * 1:10018 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc ReserveGroup attempt * 1:10030 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt * 1:10130 <-> POLICY-OTHER VERITAS NetBackup system - execution function call access * 1:10187 <-> SERVER-OTHER HP Mercury Loadrunner command line buffer overflow * 1:10202 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetRealTimeScanConfigInfo attempt * 1:10208 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect COMN_NetTestConnection attempt * 1:10407 <-> SERVER-OTHER Helix Server LoadTestPassword buffer overflow attempt * 1:10486 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc corrupt user-supplied memory address attempt * 1:10998 <-> SERVER-OTHER Novell GroupWise WebAccess authentication overflow * 1:11196 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:11442 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt * 1:11670 <-> SERVER-OTHER Symantec Discovery logging buffer overflow * 1:11680 <-> SERVER-WEBAPP Oracle Java web proxy sockd buffer overflow attempt * 1:11684 <-> OS-WINDOWS Microsoft Windows WINS overflow attempt * 1:11945 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt * 1:11955 <-> NETBIOS SMB-DS Trans2 OPEN2 maximum param count overflow attempt * 1:11956 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt * 1:11959 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt * 1:11960 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:11961 <-> NETBIOS SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt * 1:11962 <-> NETBIOS SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt * 1:12078 <-> SERVER-OTHER CA BrightStor ARCserve LGServer heap buffer overflow * 1:12079 <-> SERVER-OTHER CA BrightStor ARCserve LGServer stack buffer overflow attempt * 1:12307 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetPagerNotifyConfig attempt * 1:12326 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _AddTaskExportLogItem attempt * 1:12332 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _TakeActionOnAFile attempt * 1:12335 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_30010 overflow attempt * 1:12341 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect Trent_req_num_a0030 attempt * 1:12347 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect _SetSvcImpersonateUser attempt * 1:12362 <-> SERVER-WEBAPP Squid HTTP Proxy-Authorization overflow attempt * 1:12424 <-> PROTOCOL-RPC MIT Kerberos kadmind rpc RPCSEC_GSS buffer overflow attempt * 1:12458 <-> PROTOCOL-RPC Solaris TCP portmap sadmin port query request attempt * 1:12596 <-> SERVER-OTHER CA BrightStor LGServer username buffer overflow attempt * 1:12667 <-> SERVER-OTHER CA BrightStor ARCServer malicious fileupload attempt * 1:12784 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12785 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12786 <-> SERVER-OTHER CA ARCserve LGServer stack buffer overflow attempt * 1:12910 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 4 attempt * 1:12916 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 12 attempt * 1:12922 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 16 attempt * 1:12928 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 18 attempt * 1:12934 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc3 CA opcode 19 attempt * 1:13221 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt * 1:13363 <-> SERVER-OTHER Cisco Unified Communications Manager heap overflow attempt * 1:13365 <-> SERVER-OTHER Trend Micro ServerProtect TMregChange buffer overflow attempt * 1:13476 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:13519 <-> SERVER-OTHER Citrix MetaFrame IMA buffer overflow attempt * 1:13522 <-> SERVER-OTHER Firebird Database Server username handling buffer overflow * 1:13613 <-> OS-SOLARIS Oracle Solaris username overflow authentication bypass attempt * 1:13656 <-> SERVER-WEBAPP Cisco Secure Access Control Server UCP Application CSuserCGI.exe buffer overflow attempt * 1:13715 <-> SERVER-WEBAPP HP OpenView Network Node Manager HTTP handling buffer overflow attempt * 1:13804 <-> SERVER-OTHER Borland Software InterBase ibserver.exe Service Attach Request buffer overflow attempt * 1:13819 <-> SERVER-WEBAPP IBM Lotus Domino Web Server Accept-Language header buffer overflow attempt * 1:13839 <-> SERVER-OTHER CA ARCServ NetBackup remote file upload attempt * 1:13843 <-> SERVER-OTHER MaxDB WebDBM get buffer overflow * 1:13922 <-> SERVER-IIS Microsoft IIS HTMLEncode Unicode string buffer overflow attempt * 1:1412 <-> PROTOCOL-SNMP public access tcp * 1:1414 <-> PROTOCOL-SNMP private access tcp * 1:14768 <-> SERVER-OTHER Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt * 1:14769 <-> SERVER-OTHER DATAC RealWin SCADA System buffer overflow attempt * 1:14773 <-> SERVER-OTHER CA ARCserve LGServer handshake buffer overflow attempt * 1:15186 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15188 <-> SERVER-OTHER Multiple vendors CUPS HPGL filter remote code execution attempt * 1:15255 <-> SERVER-ORACLE Secure Backup msgid 0x901 username field overflow attempt * 1:15422 <-> SERVER-OTHER Sun One web proxy server overflow attempt * 1:15434 <-> SERVER-WEBAPP HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt * 1:15436 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup counter heap corruption attempt * 1:15437 <-> SERVER-OTHER IBM Tivoli Storage Manager Express Backup message length heap corruption attempt * 1:15477 <-> SERVER-WEBAPP Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt * 1:15479 <-> SERVER-OTHER RealNetworks Helix Server RTSP Request Proxy-Require header heap buffer overflow attempt * 1:15482 <-> SERVER-OTHER Oracle Java System sockd authentication buffer overflow attempt * 1:15484 <-> PROTOCOL-IMAP CRAM-MD5 authentication method buffer overflow attempt * 1:15527 <-> OS-WINDOWS Microsoft Windows Active Directory LDAP denial of service attempt * 1:15571 <-> SERVER-OTHER RealNetworks Helix Server RTSP SETUP stack buffer overflow attempt * 1:15573 <-> SERVER-OTHER RealNetworks Helix Server RTSP SET_PARAMETER heap buffer overflow attempt * 1:15726 <-> SERVER-WEBAPP HP OpenView Network Node Manager URI rping stack buffer overflow attempt * 1:15908 <-> SERVER-WEBAPP Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt * 1:15942 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15943 <-> SERVER-OTHER CA Multiple Products Console Server login credentials handling overflow attempt * 1:15970 <-> SERVER-OTHER Subversion svn pProtocol string parsing heap overflow attempt * 1:15978 <-> SERVER-WEBAPP Macromedia JRun 4 mod_jrun buffer overflow attempt * 1:15986 <-> SERVER-SAMBA Samba unicode filename buffer overflow attempt * 1:16034 <-> SERVER-SAMBA Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt * 1:16196 <-> SERVER-OTHER Symantec Backup Exec System Recovery Manager unauthorized file uplo