Snort - Network Intrusion Detection & Prevention System

Talos Rules 2021-12-07

This release adds and modifies rules in several categories.

In this release a number of rules have been added to the security policy as part of ongoing policy rebalancing efforts.

Talos has added and modified multiple rules in the app-detect, browser-firefox, browser-ie, browser-plugins, browser-webkit, exploit-kit, file-flash, file-image, file-multimedia, file-office, file-other, file-pdf, malware-cnc, malware-other, netbios, os-mobile, os-other, os-solaris, os-windows, policy-other, protocol-dns, protocol-rpc, protocol-scada, protocol-snmp, protocol-telnet, protocol-tftp, server-apache, server-mail, server-mysql, server-oracle, server-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

29190

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)

29181

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)

Modified Rules:


 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)

29171

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)

29170

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)

29161

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)

29160

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)

Modified Rules:


 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)

29151

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)

29141

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)

29130

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)

Modified Rules:


 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)

29111

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)
 * 3:58690 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58689 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt (file-other.rules)
 * 3:58692 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58691 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58693 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt (server-webapp.rules)
 * 3:58699 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)
 * 3:58698 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)

3000

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (snort3-server-webapp.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (snort3-os-other.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (snort3-server-webapp.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (snort3-file-other.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (snort3-server-webapp.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (snort3-server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (snort3-server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (snort3-server-webapp.rules)
 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (snort3-file-other.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (snort3-server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (snort3-server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (snort3-server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (snort3-malware-other.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (snort3-server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (snort3-server-webapp.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (snort3-malware-cnc.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (snort3-os-windows.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (snort3-server-webapp.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (snort3-file-flash.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (snort3-os-windows.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (snort3-server-other.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (snort3-os-windows.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (snort3-file-pdf.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (snort3-os-solaris.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (snort3-os-solaris.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (snort3-os-windows.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (snort3-browser-plugins.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (snort3-browser-firefox.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (snort3-file-flash.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (snort3-server-webapp.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (snort3-netbios.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (snort3-protocol-scada.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (snort3-server-webapp.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (snort3-netbios.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (snort3-server-webapp.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (snort3-server-mail.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (snort3-protocol-dns.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (snort3-file-flash.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (snort3-os-windows.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (snort3-server-webapp.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (snort3-file-image.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (snort3-os-windows.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (snort3-os-windows.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (snort3-netbios.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (snort3-netbios.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (snort3-netbios.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (snort3-server-mail.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (snort3-file-flash.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (snort3-exploit-kit.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (snort3-server-mail.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (snort3-os-mobile.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (snort3-server-other.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (snort3-server-webapp.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (snort3-server-oracle.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (snort3-server-other.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (snort3-os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (snort3-os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (snort3-os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (snort3-os-windows.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (snort3-server-oracle.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (snort3-server-oracle.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (snort3-server-oracle.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (snort3-os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (snort3-os-windows.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (snort3-server-other.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (snort3-server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (snort3-server-other.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (snort3-protocol-rpc.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (snort3-netbios.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (snort3-server-other.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (snort3-server-other.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (snort3-protocol-rpc.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (snort3-os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (snort3-server-other.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (snort3-server-other.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (snort3-os-windows.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (snort3-os-windows.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (snort3-server-other.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (snort3-exploit-kit.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (snort3-server-other.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (snort3-os-windows.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (snort3-netbios.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (snort3-file-flash.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (snort3-exploit-kit.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (snort3-server-other.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (snort3-server-other.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (snort3-server-webapp.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (snort3-server-apache.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (snort3-exploit-kit.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (snort3-os-windows.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (snort3-os-windows.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (snort3-protocol-rpc.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (snort3-exploit-kit.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (snort3-exploit-kit.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (snort3-exploit-kit.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (snort3-file-other.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (snort3-exploit-kit.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (snort3-exploit-kit.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (snort3-file-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (snort3-exploit-kit.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (snort3-server-other.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (snort3-exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (snort3-server-webapp.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (snort3-exploit-kit.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (snort3-exploit-kit.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (snort3-exploit-kit.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (snort3-exploit-kit.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (snort3-server-other.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (snort3-exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (snort3-exploit-kit.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (snort3-browser-ie.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (snort3-server-other.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (snort3-exploit-kit.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (snort3-exploit-kit.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (snort3-file-other.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (snort3-exploit-kit.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (snort3-exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (snort3-exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (snort3-server-other.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (snort3-os-windows.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (snort3-server-other.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (snort3-exploit-kit.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (snort3-browser-ie.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (snort3-exploit-kit.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (snort3-file-flash.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (snort3-exploit-kit.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (snort3-exploit-kit.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (snort3-file-multimedia.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (snort3-os-windows.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (snort3-server-webapp.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (snort3-file-flash.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (snort3-file-pdf.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (snort3-netbios.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (snort3-server-other.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (snort3-os-windows.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (snort3-server-other.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (snort3-server-other.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (snort3-os-windows.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (snort3-protocol-rpc.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (snort3-server-webapp.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (snort3-server-other.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (snort3-netbios.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (snort3-browser-ie.rules)
 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (snort3-file-pdf.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (snort3-os-windows.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (snort3-browser-firefox.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (snort3-protocol-rpc.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (snort3-server-webapp.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (snort3-os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (snort3-os-windows.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (snort3-netbios.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (snort3-os-windows.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (snort3-netbios.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (snort3-netbios.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (snort3-os-solaris.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (snort3-os-windows.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (snort3-file-other.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (snort3-server-other.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (snort3-netbios.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (snort3-protocol-rpc.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (snort3-os-windows.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (snort3-server-other.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (snort3-netbios.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (snort3-os-windows.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (snort3-browser-plugins.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (snort3-browser-plugins.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (snort3-netbios.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (snort3-netbios.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (snort3-protocol-snmp.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (snort3-os-windows.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (snort3-os-windows.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (snort3-server-other.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (snort3-server-webapp.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (snort3-protocol-snmp.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (snort3-netbios.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (snort3-os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (snort3-netbios.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (snort3-protocol-tftp.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (snort3-os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (snort3-os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (snort3-netbios.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (snort3-os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (snort3-os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (snort3-file-image.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (snort3-server-samba.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (snort3-server-other.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (snort3-server-other.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (snort3-server-mail.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (snort3-protocol-rpc.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (snort3-server-other.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (snort3-os-windows.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (snort3-protocol-tftp.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (snort3-server-webapp.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (snort3-file-flash.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (snort3-browser-plugins.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (snort3-os-windows.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (snort3-os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (snort3-netbios.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (snort3-server-mysql.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (snort3-server-webapp.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (snort3-protocol-telnet.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (snort3-server-samba.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (snort3-server-other.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (snort3-os-windows.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (snort3-netbios.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (snort3-file-other.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (snort3-server-other.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (snort3-netbios.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (snort3-server-webapp.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (snort3-protocol-rpc.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (snort3-os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (snort3-os-windows.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (snort3-server-webapp.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (snort3-server-other.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (snort3-os-solaris.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (snort3-server-webapp.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (snort3-server-mail.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (snort3-file-flash.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (snort3-protocol-scada.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (snort3-file-pdf.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (snort3-protocol-rpc.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (snort3-protocol-rpc.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (snort3-os-mobile.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (snort3-protocol-tftp.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (snort3-exploit-kit.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (snort3-protocol-rpc.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (snort3-policy-other.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (snort3-server-mysql.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (snort3-server-other.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (snort3-server-other.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (snort3-protocol-telnet.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (snort3-server-other.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (snort3-server-other.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (snort3-server-webapp.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (snort3-exploit-kit.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (snort3-os-windows.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (snort3-os-windows.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (snort3-server-other.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (snort3-exploit-kit.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (snort3-file-flash.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (snort3-protocol-tftp.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (snort3-netbios.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (snort3-file-flash.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (snort3-protocol-rpc.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (snort3-file-pdf.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (snort3-os-windows.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (snort3-server-mysql.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (snort3-server-mysql.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (snort3-server-mysql.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (snort3-browser-plugins.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (snort3-file-other.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (snort3-server-other.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (snort3-file-other.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (snort3-server-other.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (snort3-file-office.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (snort3-file-flash.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (snort3-file-flash.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (snort3-server-oracle.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (snort3-server-other.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (snort3-protocol-tftp.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (snort3-browser-firefox.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (snort3-file-flash.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (snort3-file-other.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (snort3-server-mail.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (snort3-file-other.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (snort3-browser-firefox.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (snort3-server-other.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (snort3-server-mysql.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (snort3-protocol-rpc.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (snort3-server-mail.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (snort3-os-windows.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (snort3-server-other.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (snort3-server-other.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (snort3-server-webapp.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (snort3-netbios.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (snort3-server-mysql.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (snort3-server-mail.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (snort3-app-detect.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (snort3-browser-plugins.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (snort3-server-other.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (snort3-server-webapp.rules)

2983

2021-12-07 17:31:55 UTC

Snort Subscriber Rules Update

Date: 2021-12-07

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:58686 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58705 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58700 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt (malware-other.rules)
 * 1:58685 <-> DISABLED <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt (file-other.rules)
 * 1:58704 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58703 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:58694 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58701 <-> ENABLED <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt (malware-other.rules)
 * 1:58697 <-> DISABLED <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt (os-other.rules)
 * 1:58702 <-> ENABLED <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt (malware-cnc.rules)
 * 1:58696 <-> DISABLED <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt (server-webapp.rules)
 * 1:58707 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58688 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58706 <-> DISABLED <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt (server-webapp.rules)
 * 1:58695 <-> DISABLED <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt (server-webapp.rules)
 * 1:58687 <-> DISABLED <-> SERVER-WEBAPP Movable Type CMS command injection attempt (server-webapp.rules)
 * 1:58708 <-> ENABLED <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt (server-webapp.rules)

Modified Rules:


 * 1:32856 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt (file-pdf.rules)
 * 1:45856 <-> DISABLED <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt (file-other.rules)
 * 1:28904 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:37650 <-> DISABLED <-> FILE-OTHER CA BrightStor stack buffer overflow attempt (file-other.rules)
 * 1:33572 <-> DISABLED <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt (file-other.rules)
 * 1:36534 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt (browser-plugins.rules)
 * 1:48185 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:39406 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:26496 <-> DISABLED <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt (file-other.rules)
 * 1:36156 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:28704 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:26346 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit payload requested (exploit-kit.rules)
 * 1:6706 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt (netbios.rules)
 * 1:3591 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:3590 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (os-windows.rules)
 * 1:27072 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26227 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26643 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt (os-windows.rules)
 * 1:53431 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:45310 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt (file-flash.rules)
 * 1:32356 <-> DISABLED <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt (protocol-rpc.rules)
 * 1:32152 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:3171 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:32816 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt (file-pdf.rules)
 * 1:29521 <-> DISABLED <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt (file-multimedia.rules)
 * 1:28906 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28393 <-> DISABLED <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt (server-other.rules)
 * 1:28903 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29453 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)
 * 1:29525 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:35848 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:29607 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:32150 <-> DISABLED <-> FILE-OTHER Microsoft System.Uri heap corruption attempt (file-other.rules)
 * 1:27814 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:28907 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:3114 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt (os-windows.rules)
 * 1:45179 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:40282 <-> DISABLED <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt (file-office.rules)
 * 1:3665 <-> ENABLED <-> SERVER-MYSQL server greeting (server-mysql.rules)
 * 1:49586 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt (file-flash.rules)
 * 1:654 <-> DISABLED <-> SERVER-MAIL RCPT TO overflow (server-mail.rules)
 * 1:50642 <-> DISABLED <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt (file-other.rules)
 * 1:25388 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:27598 <-> DISABLED <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt (server-webapp.rules)
 * 1:51082 <-> DISABLED <-> FILE-FLASH Adobe Flash player memory corruption attempt (file-flash.rules)
 * 1:33016 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:36533 <-> DISABLED <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt (browser-plugins.rules)
 * 1:28905 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:29527 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:28974 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:28792 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:52289 <-> DISABLED <-> OS-MOBILE Google Android libstagefright integer underflow attempt (os-mobile.rules)
 * 1:29621 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:49901 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:3967 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt (os-windows.rules)
 * 1:42423 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:49584 <-> DISABLED <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt (file-flash.rules)
 * 1:3670 <-> DISABLED <-> SERVER-MYSQL secure client overflow attempt (server-mysql.rules)
 * 1:48181 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48188 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:37628 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:4072 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt (os-windows.rules)
 * 1:3671 <-> DISABLED <-> SERVER-MYSQL protocol 41 client overflow attempt (server-mysql.rules)
 * 1:45182 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:41423 <-> DISABLED <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt (browser-plugins.rules)
 * 1:48180 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:25138 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection (exploit-kit.rules)
 * 1:38246 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:51026 <-> DISABLED <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt (file-pdf.rules)
 * 1:39407 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:39936 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:43347 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt (browser-firefox.rules)
 * 1:39910 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:51862 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:25972 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request (exploit-kit.rules)
 * 1:25611 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:41046 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt (file-flash.rules)
 * 1:52080 <-> DISABLED <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt (file-flash.rules)
 * 1:3667 <-> DISABLED <-> SERVER-MYSQL protocol 41 client authentication bypass attempt (server-mysql.rules)
 * 1:3669 <-> DISABLED <-> SERVER-MYSQL protocol 41 secure client overflow attempt (server-mysql.rules)
 * 1:25650 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt (browser-ie.rules)
 * 1:44735 <-> DISABLED <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt (server-mail.rules)
 * 1:3672 <-> DISABLED <-> SERVER-MYSQL client overflow attempt (server-mysql.rules)
 * 1:4642 <-> DISABLED <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt (server-oracle.rules)
 * 1:51226 <-> DISABLED <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt (file-flash.rules)
 * 1:44473 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:40335 <-> DISABLED <-> APP-DETECT OpenVAS Scanner User-Agent attempt (app-detect.rules)
 * 1:45184 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:58201 <-> ENABLED <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt (server-webapp.rules)
 * 1:36658 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:6712 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt (netbios.rules)
 * 1:52101 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:53432 <-> DISABLED <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt (server-mail.rules)
 * 1:3668 <-> DISABLED <-> SERVER-MYSQL client authentication bypass attempt (server-mysql.rules)
 * 1:6713 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt (netbios.rules)
 * 1:51859 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:8426 <-> DISABLED <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:8428 <-> DISABLED <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt (server-other.rules)
 * 1:9027 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt (os-windows.rules)
 * 1:9621 <-> DISABLED <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt (protocol-tftp.rules)
 * 1:48184 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:37511 <-> DISABLED <-> OS-SOLARIS XMDCP double-free attempt (os-solaris.rules)
 * 1:9769 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (os-windows.rules)
 * 1:43307 <-> DISABLED <-> SERVER-WEBAPP csSearch setup attempt (server-webapp.rules)
 * 1:39408 <-> DISABLED <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt (server-other.rules)
 * 1:38247 <-> DISABLED <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt (server-other.rules)
 * 1:26808 <-> DISABLED <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request (exploit-kit.rules)
 * 1:5485 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:39387 <-> DISABLED <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt (server-webapp.rules)
 * 1:45180 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt (browser-firefox.rules)
 * 1:51863 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48182 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:58362 <-> DISABLED <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt (server-webapp.rules)
 * 1:29617 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt (browser-firefox.rules)
 * 1:29522 <-> DISABLED <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt (server-webapp.rules)
 * 1:29610 <-> DISABLED <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt (server-other.rules)
 * 1:45501 <-> DISABLED <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt (file-flash.rules)
 * 1:33826 <-> DISABLED <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt (server-samba.rules)
 * 1:3818 <-> DISABLED <-> PROTOCOL-TFTP PUT transfer mode overflow attempt (protocol-tftp.rules)
 * 1:25568 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:26295 <-> DISABLED <-> FILE-OTHER Watering Hole Campaign applet download (file-other.rules)
 * 1:48179 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:50900 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:48186 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:49903 <-> DISABLED <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt (browser-plugins.rules)
 * 1:51162 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt (file-pdf.rules)
 * 1:40819 <-> DISABLED <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt (file-flash.rules)
 * 1:6707 <-> DISABLED <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt (netbios.rules)
 * 1:36660 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:51866 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:28478 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit landing page request (exploit-kit.rules)
 * 1:43291 <-> DISABLED <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt (server-webapp.rules)
 * 1:45172 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt (browser-firefox.rules)
 * 1:42413 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:48183 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt (server-other.rules)
 * 1:48190 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:36659 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:51861 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:48187 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:26339 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php (exploit-kit.rules)
 * 1:27071 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval (exploit-kit.rules)
 * 1:29597 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:48189 <-> DISABLED <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt (server-other.rules)
 * 1:29513 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:35435 <-> DISABLED <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt (os-mobile.rules)
 * 1:29596 <-> DISABLED <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt (server-webapp.rules)
 * 1:33017 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:29536 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:28975 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt (browser-ie.rules)
 * 1:36157 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt (file-flash.rules)
 * 1:27646 <-> DISABLED <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt (server-other.rules)
 * 1:26806 <-> DISABLED <-> EXPLOIT-KIT Redkit exploit kit short JNLP request (exploit-kit.rules)
 * 1:28793 <-> DISABLED <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt (file-flash.rules)
 * 1:32370 <-> DISABLED <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt (server-other.rules)
 * 1:11265 <-> DISABLED <-> SERVER-OTHER Sentinel license manager buffer overflow attempt (server-other.rules)
 * 1:10136 <-> DISABLED <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt (os-solaris.rules)
 * 1:10900 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt (os-windows.rules)
 * 1:11963 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt (netbios.rules)
 * 1:11443 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt (netbios.rules)
 * 1:10603 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt (os-windows.rules)
 * 1:11958 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt (netbios.rules)
 * 1:12317 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt (netbios.rules)
 * 1:11964 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt (netbios.rules)
 * 1:11957 <-> DISABLED <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt (netbios.rules)
 * 1:12198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getbulk request attempt (os-windows.rules)
 * 1:12940 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
 * 1:12627 <-> DISABLED <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:12069 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:1277 <-> DISABLED <-> PROTOCOL-RPC portmap ypupdated request UDP (protocol-rpc.rules)
 * 1:13162 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt (netbios.rules)
 * 1:12984 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:12628 <-> DISABLED <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt (protocol-rpc.rules)
 * 1:13161 <-> DISABLED <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt (server-other.rules)
 * 1:14037 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access (browser-plugins.rules)
 * 1:13222 <-> DISABLED <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt (server-other.rules)
 * 1:12985 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt (netbios.rules)
 * 1:13927 <-> DISABLED <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt (protocol-tftp.rules)
 * 1:14647 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14038 <-> DISABLED <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access (browser-plugins.rules)
 * 1:13619 <-> DISABLED <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt (os-windows.rules)
 * 1:1422 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion (protocol-snmp.rules)
 * 1:14651 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14648 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:1409 <-> DISABLED <-> PROTOCOL-SNMP community string buffer overflow attempt (protocol-snmp.rules)
 * 1:14650 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt (os-windows.rules)
 * 1:14725 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14652 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14649 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt (os-windows.rules)
 * 1:14654 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14988 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:14726 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt (os-windows.rules)
 * 1:14653 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt (os-windows.rules)
 * 1:14900 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt (netbios.rules)
 * 1:15198 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:14989 <-> DISABLED <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt (server-webapp.rules)
 * 1:14737 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt (os-windows.rules)
 * 1:15197 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15202 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15199 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt (os-windows.rules)
 * 1:15196 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt (os-windows.rules)
 * 1:15201 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15206 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15203 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt (os-windows.rules)
 * 1:15200 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15205 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15210 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15207 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt (os-windows.rules)
 * 1:15204 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15209 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15214 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15211 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt (os-windows.rules)
 * 1:15208 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15213 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15218 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15215 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt (os-windows.rules)
 * 1:15212 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt (os-windows.rules)
 * 1:15217 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15222 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15219 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt (os-windows.rules)
 * 1:15216 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt (os-windows.rules)
 * 1:15221 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt (os-windows.rules)
 * 1:15226 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15223 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15220 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt (os-windows.rules)
 * 1:15225 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt (os-windows.rules)
 * 1:15508 <-> DISABLED <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt (server-other.rules)
 * 1:15227 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15224 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt (os-windows.rules)
 * 1:15262 <-> DISABLED <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt (server-oracle.rules)
 * 1:15881 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt (netbios.rules)
 * 1:15554 <-> DISABLED <-> SERVER-ORACLE Application Server 10g OPMN service format string vulnerability exploit attempt (server-oracle.rules)
 * 1:15261 <-> DISABLED <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt (server-oracle.rules)
 * 1:15708 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:15972 <-> DISABLED <-> SERVER-OTHER single byte encoded name response (server-other.rules)
 * 1:15911 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt (netbios.rules)
 * 1:15701 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt (os-windows.rules)
 * 1:15971 <-> DISABLED <-> SERVER-OTHER CVS Argumentx command double free attempt (server-other.rules)
 * 1:16080 <-> DISABLED <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt (server-other.rules)
 * 1:16015 <-> DISABLED <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt (server-other.rules)
 * 1:15930 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt (os-windows.rules)
 * 1:16049 <-> DISABLED <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt (server-other.rules)
 * 1:16329 <-> DISABLED <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt  (server-other.rules)
 * 1:16198 <-> DISABLED <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt (server-apache.rules)
 * 1:16029 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt (os-windows.rules)
 * 1:16239 <-> DISABLED <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:17046 <-> DISABLED <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt (server-other.rules)
 * 1:16515 <-> DISABLED <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt (server-mail.rules)
 * 1:16238 <-> DISABLED <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt (os-windows.rules)
 * 1:16796 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt (protocol-rpc.rules)
 * 1:17224 <-> DISABLED <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt (server-mail.rules)
 * 1:17056 <-> DISABLED <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (server-other.rules)
 * 1:16705 <-> DISABLED <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt (protocol-rpc.rules)
 * 1:17205 <-> DISABLED <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp (protocol-rpc.rules)
 * 1:18190 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:17609 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:17057 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18189 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18319 <-> DISABLED <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (server-samba.rules)
 * 1:18191 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:1762 <-> DISABLED <-> SERVER-WEBAPP phf arbitrary command execution attempt (server-webapp.rules)
 * 1:18248 <-> DISABLED <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt (server-other.rules)
 * 1:18557 <-> DISABLED <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt (protocol-rpc.rules)
 * 1:18462 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:18192 <-> DISABLED <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt (netbios.rules)
 * 1:18526 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt (file-pdf.rules)
 * 1:18613 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18589 <-> DISABLED <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (server-other.rules)
 * 1:18472 <-> DISABLED <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt (netbios.rules)
 * 1:18612 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:19013 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ (protocol-tftp.rules)
 * 1:18768 <-> DISABLED <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt (server-mail.rules)
 * 1:18611 <-> DISABLED <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:18994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt (os-windows.rules)
 * 1:19208 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt (server-other.rules)
 * 1:19014 <-> DISABLED <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ (protocol-tftp.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:19173 <-> DISABLED <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt (protocol-rpc.rules)
 * 1:20052 <-> DISABLED <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt (protocol-scada.rules)
 * 1:19323 <-> ENABLED <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt (server-other.rules)
 * 1:19136 <-> DISABLED <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt (server-webapp.rules)
 * 1:19677 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:20614 <-> DISABLED <-> SERVER-MAIL Axigen POP3 server remote format string exploit (server-mail.rules)
 * 1:20176 <-> DISABLED <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt (protocol-scada.rules)
 * 1:19649 <-> DISABLED <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt (server-other.rules)
 * 1:20611 <-> DISABLED <-> SERVER-OTHER BOOTP overflow (server-other.rules)
 * 1:20812 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt (protocol-telnet.rules)
 * 1:20671 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest (os-windows.rules)
 * 1:20242 <-> DISABLED <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt (protocol-dns.rules)
 * 1:20725 <-> DISABLED <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt (os-solaris.rules)
 * 1:21041 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page= (exploit-kit.rules)
 * 1:20813 <-> DISABLED <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt (protocol-telnet.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:2089 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP (protocol-rpc.rules)
 * 1:21343 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit pdf request (exploit-kit.rules)
 * 1:21141 <-> DISABLED <-> EXPLOIT-KIT Blackhole exploit kit control panel access (exploit-kit.rules)
 * 1:2088 <-> DISABLED <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP (protocol-rpc.rules)
 * 1:21236 <-> DISABLED <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21529 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt (os-windows.rules)
 * 1:21348 <-> ENABLED <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page= (exploit-kit.rules)
 * 1:21234 <-> DISABLED <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt (server-webapp.rules)
 * 1:21458 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption (file-flash.rules)
 * 1:2278 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:21766 <-> DISABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:21407 <-> DISABLED <-> SERVER-OTHER Symantic multiple products VRTSweb code execution (server-other.rules)
 * 1:21952 <-> DISABLED <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt (server-other.rules)
 * 1:23241 <-> DISABLED <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt (server-other.rules)
 * 1:22949 <-> ENABLED <-> EXPLOIT-KIT Blackhole redirection attempt (exploit-kit.rules)
 * 1:2185 <-> DISABLED <-> PROTOCOL-RPC mountd UDP mount path overflow attempt (protocol-rpc.rules)
 * 1:23233 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23950 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:23355 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt (server-other.rules)
 * 1:23232 <-> DISABLED <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt (os-windows.rules)
 * 1:23939 <-> DISABLED <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt (server-oracle.rules)
 * 1:24501 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download (exploit-kit.rules)
 * 1:23951 <-> DISABLED <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt (os-windows.rules)
 * 1:2381 <-> DISABLED <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt (server-webapp.rules)
 * 1:24336 <-> DISABLED <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt (os-windows.rules)
 * 1:24608 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt (exploit-kit.rules)
 * 1:24503 <-> DISABLED <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt (protocol-rpc.rules)
 * 1:23997 <-> DISABLED <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt (file-flash.rules)
 * 1:24544 <-> DISABLED <-> EXPLOIT-KIT Blackhole admin page outbound access attempt (exploit-kit.rules)
 * 1:24741 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24636 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure (exploit-kit.rules)
 * 1:24513 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt (server-other.rules)
 * 1:24703 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24745 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24742 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24638 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful (exploit-kit.rules)
 * 1:24744 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24749 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24746 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24743 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24748 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24753 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24750 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24747 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24752 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24757 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24754 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24751 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24756 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24762 <-> DISABLED <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt (file-other.rules)
 * 1:24758 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24755 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24760 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24865 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:24802 <-> DISABLED <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt (server-other.rules)
 * 1:24759 <-> DISABLED <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt (server-other.rules)
 * 1:24863 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25381 <-> DISABLED <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt (server-other.rules)
 * 1:25003 <-> DISABLED <-> SERVER-OTHER HP Archive Query Server stack overflow attempt (server-other.rules)
 * 1:24861 <-> DISABLED <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email (exploit-kit.rules)
 * 1:25139 <-> DISABLED <-> EXPLOIT-KIT Styx exploit kit eot outbound connection (exploit-kit.rules)

3031

2021-12-07 17:39:18 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt

3034

2021-12-07 17:39:18 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt

3100

2021-12-07 17:39:18 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt

3101

2021-12-07 17:39:18 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt

3110

2021-12-07 17:39:18 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt

3130

2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt

3140

2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt

3150

2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt

3170

2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt

3190

2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt

31110

2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt

31150

2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt

31180

2021-12-07 17:39:19 UTC

Snort Subscriber Rules Update

Date: 2021-12-07-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:58685 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58686 <-> FILE-OTHER HP Multi-Function Printer memory corruption attempt
* 1:58687 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 1:58688 <-> SERVER-WEBAPP Movable Type CMS command injection attempt
* 3:58689 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58690 <-> FILE-OTHER TRUFFLEHUNTER TALOS-2021-1419 attack attempt
* 3:58691 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58692 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 3:58693 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1424 attack attempt
* 1:58694 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58695 <-> SERVER-WEBAPP Mitsubishi Electric SmartRTU command injection attempt
* 1:58696 <-> SERVER-WEBAPP Zoho ManageEngine Service Desk arbitrary file upload attempt
* 1:58697 <-> OS-OTHER IGEL OS Secure Terminal and Shadow Service command injection attempt
* 3:58698 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 3:58699 <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1423 attack attempt
* 1:58700 <-> MALWARE-OTHER Php.Webshell.PhpJackal upload attempt
* 1:58701 <-> MALWARE-OTHER Php.Webshell.PhpJackal download attempt
* 1:58702 <-> MALWARE-CNC Php.Webshell.PhpJackal outbound connection attempt
* 1:58703 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58704 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58705 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58706 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58707 <-> SERVER-WEBAPP FaceSentry Access Control Remote Command Injection command injection attempt
* 1:58708 <-> SERVER-WEBAPP IBM Data Risk Manager command execution attempt

Modified Rules:

* 1:10136 <-> OS-SOLARIS Oracle Solaris login environment variable authentication bypass attempt
* 1:10603 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvUpdateRecord2 overflow attempt
* 1:10900 <-> OS-WINDOWS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt
* 1:11265 <-> SERVER-OTHER Sentinel license manager buffer overflow attempt
* 1:11443 <-> NETBIOS DCERPC NCADG-IP-UDP lsarpc LsarAddPrivilegesToAccount overflow attempt
* 1:11957 <-> NETBIOS SMB Trans2 OPEN2 maximum param count overflow attempt
* 1:11958 <-> NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt
* 1:11963 <-> NETBIOS SMB Trans2 OPEN2 andx maximum param count overflow attempt
* 1:11964 <-> NETBIOS SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt
* 1:12069 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:12198 <-> OS-WINDOWS Microsoft Windows getbulk request attempt
* 1:12317 <-> NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect-earthagent RPCFN_CopyAUSrc attempt
* 1:12627 <-> PROTOCOL-RPC Solaris TCP portmapper sadmin port query attempt
* 1:12628 <-> PROTOCOL-RPC Solaris UDP portmapper sadmin port query attempt
* 1:1277 <-> PROTOCOL-RPC portmap ypupdated request UDP
* 1:12940 <-> NETBIOS DCERPC NCACN-IP-TCP brightstor-arc2 CA call 269 overflow attempt
* 1:12984 <-> NETBIOS DCERPC NCACN-IP-TCP srvsvc NetSetFileSecurity integer overflow attempt
* 1:12985 <-> NETBIOS DCERPC NCADG-IP-UDP srvsvc NetSetFileSecurity integer overflow attempt
* 1:13161 <-> SERVER-OTHER HP OpenView CGI parameter buffer overflow attempt
* 1:13162 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:13222 <-> SERVER-OTHER Motorola Timbuktu crafted login request buffer overflow attempt
* 1:13619 <-> OS-WINDOWS Microsoft Windows getBulkRequest memory corruption attempt
* 1:13927 <-> PROTOCOL-TFTP Open TFTP Server log generation buffer overflow attempt
* 1:14037 <-> BROWSER-PLUGINS Novell iPrint ActiveX clsid access
* 1:14038 <-> BROWSER-PLUGINS Novell iPrint ActiveX function call access
* 1:1409 <-> PROTOCOL-SNMP community string buffer overflow attempt
* 1:1422 <-> PROTOCOL-SNMP community string buffer overflow attempt with evasion
* 1:14647 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14648 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14649 <-> OS-WINDOWS Microsoft Windows SMB Search Search filename size integer underflow attempt
* 1:14650 <-> OS-WINDOWS Microsoft Windows SMB Search unicode Search filename size integer underflow attempt
* 1:14651 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14652 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14653 <-> OS-WINDOWS Microsoft Windows SMB Search andx Search filename size integer underflow attempt
* 1:14654 <-> OS-WINDOWS Microsoft Windows SMB Search unicode andx Search filename size integer underflow attempt
* 1:14725 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt
* 1:14726 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt
* 1:14737 <-> OS-WINDOWS DCERPC NCACN-IP-TCP host-integration bind attempt
* 1:14900 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt
* 1:14988 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt
* 1:14989 <-> SERVER-WEBAPP Novell eDirectory SOAP Accept Language header overflow attempt
* 1:15196 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15197 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15198 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode param_count underflow attempt
* 1:15199 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE param_count underflow attempt
* 1:15200 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15201 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15202 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx param_count underflow attempt
* 1:15203 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx param_count underflow attempt
* 1:15204 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15205 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode max_param_count underflow attempt
* 1:15206 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15207 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE max_param_count underflow attempt
* 1:15208 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15209 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE unicode andx max_param_count underflow attempt
* 1:15210 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15211 <-> OS-WINDOWS Microsoft Windows SMB NT Trans NT CREATE andx max_param_count underflow attempt
* 1:15212 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15213 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15214 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 max_param_count underflow attempt
* 1:15215 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode max_param_count underflow attempt
* 1:15216 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15217 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15218 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx max_param_count underflow attempt
* 1:15219 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx max_param_count underflow attempt
* 1:15220 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15221 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15222 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 param_count underflow attempt
* 1:15223 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode param_count underflow attempt
* 1:15224 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15225 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15226 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 andx param_count underflow attempt
* 1:15227 <-> OS-WINDOWS Microsoft Windows SMB Trans2 OPEN2 unicode andx param_count underflow attempt
* 1:15261 <-> SERVER-ORACLE Secure Backup exec_qr command injection attempt
* 1:15262 <-> SERVER-ORACLE Secure Backup POST exec_qr command injection attempt
* 1:15508 <-> SERVER-OTHER DCERPC NCADG-IP-UDP lsarpc LsarLookupSids translated_names overflow attempt
* 1:15701 <-> OS-WINDOWS Microsoft Windows 2000 domain authentication bypass attempt
* 1:15708 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:15881 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters Name Field attempt
* 1:15911 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt
* 1:15930 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field remote code execution attempt
* 1:15971 <-> SERVER-OTHER CVS Argumentx command double free attempt
* 1:15972 <-> SERVER-OTHER single byte encoded name response
* 1:16015 <-> SERVER-OTHER Norton Internet Security NBNS response processing stack overflow attempt
* 1:16029 <-> OS-WINDOWS Microsoft Windows DNS client ATMA buffer overrun attempt
* 1:16049 <-> SERVER-OTHER GNU Radius SQL accounting format string exploit attempt
* 1:16080 <-> SERVER-OTHER KAME racoon X509 certificate verification bypass attempt
* 1:16198 <-> SERVER-APACHE Apache mod_auth_pgsql module logging facility format string exploit attempt
* 1:16238 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16239 <-> OS-WINDOWS DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:16329 <-> SERVER-OTHER Microsoft Internet Authentication Service EAP-MSCHAPv2 authentication bypass attempt 
* 1:16515 <-> SERVER-MAIL Novell Groupwise Internet Agent RCPT command overflow attempt
* 1:16705 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP array size buffer overflow attempt
* 1:16796 <-> PROTOCOL-RPC Oracle Solaris sadmind UDP data length integer overflow attempt
* 1:17046 <-> SERVER-OTHER CA ARCserve Backup for Laptops and Desktops LGServer handshake buffer overflow attempt
* 1:17056 <-> SERVER-OTHER Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt
* 1:17057 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:17205 <-> PROTOCOL-RPC Multiple vendors librpc.dll stack buffer overflow attempt - udp
* 1:17224 <-> SERVER-MAIL McAfee WebShield SMTP bounce message format string attempt
* 1:17609 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:1762 <-> SERVER-WEBAPP phf arbitrary command execution attempt
* 1:18189 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18190 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18191 <-> NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt
* 1:18192 <-> NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt
* 1:18248 <-> SERVER-OTHER Unisys Business Information Server stack buffer overflow attempt
* 1:18319 <-> SERVER-SAMBA Samba DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18462 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:18472 <-> NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarLookupSids lsa_io_trans_name heap overflow attempt
* 1:18526 <-> FILE-PDF Adobe Acrobat Reader shell metacharacter code execution attempt
* 1:18557 <-> PROTOCOL-RPC IBM Informix Dynamic Server librpc.dll buffer overflow attempt
* 1:18589 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:18611 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18612 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18613 <-> SERVER-WEBAPP Oracle Java Web Server WebDAV Stack Buffer Overflow attempt
* 1:18768 <-> SERVER-MAIL Novell GroupWise Internet Agent RRULE parsing buffer overflow attempt
* 1:18958 <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt
* 1:18994 <-> OS-WINDOWS Microsoft Windows 2003 browser election remote heap overflow attempt
* 1:19013 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - WRQ
* 1:19014 <-> PROTOCOL-TFTP HP Intelligent Management Center TFTP server MODE remote code execution attempt - RRQ
* 1:19136 <-> SERVER-WEBAPP CA XOsoft Multiple Products entry_point.aspx buffer overflow attempt
* 1:19173 <-> PROTOCOL-RPC CDE Calendar Manager service memory corruption attempt
* 1:19208 <-> SERVER-OTHER Citrix Provisioning Services streamprocess.exe buffer overflow attempt
* 1:19323 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:19649 <-> SERVER-OTHER HP Intelligent Management Center dbman buffer overflow attempt
* 1:19677 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:20052 <-> PROTOCOL-SCADA IntelliCom NetBiter config utility hostname overflow attempt
* 1:20176 <-> PROTOCOL-SCADA DAQFactory NETB protcol stack overflow attempt
* 1:20242 <-> PROTOCOL-DNS Oracle Secure Backup observice.exe dns response overflow attempt
* 1:20611 <-> SERVER-OTHER BOOTP overflow
* 1:20614 <-> SERVER-MAIL Axigen POP3 server remote format string exploit
* 1:20671 <-> OS-WINDOWS Microsoft Windows Active Directory Crafted LDAP ModifyRequest
* 1:20691 <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt
* 1:20725 <-> OS-SOLARIS Oracle Solaris in.rwhod hostname denial of service attempt
* 1:20812 <-> PROTOCOL-TELNET FreeBSD telnetd enc_keyid overflow attempt
* 1:20813 <-> PROTOCOL-TELNET FreeBSD telnetd dec_keyid overflow attempt
* 1:2088 <-> PROTOCOL-RPC ypupdated arbitrary command attempt UDP
* 1:2089 <-> PROTOCOL-RPC ypupdated arbitrary command attempt TCP
* 1:21041 <-> EXPLOIT-KIT Blackhole exploit kit URL - main.php?page=
* 1:21141 <-> EXPLOIT-KIT Blackhole exploit kit control panel access
* 1:21234 <-> SERVER-WEBAPP MKCOL Webdav Stack Buffer Overflow attempt
* 1:21236 <-> SERVER-WEBAPP UNLOCK Webdav Stack Buffer Overflow attempt
* 1:21343 <-> EXPLOIT-KIT Blackhole exploit kit pdf request
* 1:21348 <-> EXPLOIT-KIT Blackhole exploit kit URL - search.php?page=
* 1:21407 <-> SERVER-OTHER Symantic multiple products VRTSweb code execution
* 1:21458 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption
* 1:21529 <-> OS-WINDOWS Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt
* 1:21766 <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt
* 1:2185 <-> PROTOCOL-RPC mountd UDP mount path overflow attempt
* 1:21952 <-> SERVER-OTHER ISC dhcpd discover hostname overflow attempt
* 1:2278 <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt
* 1:22949 <-> EXPLOIT-KIT Blackhole redirection attempt
* 1:23232 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23233 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:23241 <-> SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt
* 1:23355 <-> SERVER-OTHER Trend Micro Control Manager AddTask stack buffer overflow attempt
* 1:2381 <-> SERVER-WEBAPP Checkpoint Firewall-1 HTTP parsing format string vulnerability attempt
* 1:23939 <-> SERVER-ORACLE Oracle Business Transaction Management FlashTunnelService directory traversal attempt
* 1:23950 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23951 <-> OS-WINDOWS Microsoft Windows DNS NAPTR remote unauthenticated code execution vulnerability attempt
* 1:23997 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:24336 <-> OS-WINDOWS Microsoft Windows SMB RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:24501 <-> EXPLOIT-KIT Blackholev2 exploit kit fallback executable download
* 1:24503 <-> PROTOCOL-RPC xdrDecodeString caller_name stack overflow attempt
* 1:24513 <-> SERVER-OTHER Citrix Provisioning Services opcode buffer overflow attempt
* 1:24544 <-> EXPLOIT-KIT Blackhole admin page outbound access attempt
* 1:24608 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page download attempt
* 1:24636 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection page - specific structure
* 1:24638 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:24703 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24741 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24742 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24743 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24744 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24745 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24746 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24747 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24748 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24749 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24750 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24751 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24752 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24753 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24754 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24755 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24756 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24757 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24758 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24759 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24760 <-> SERVER-OTHER Citrix Provisioning Services multiple opcode integer overflow attempt
* 1:24762 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:24802 <-> SERVER-OTHER HP Database Archiving Software GIOP parsing buffer overflow attempt
* 1:24861 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24863 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:24865 <-> EXPLOIT-KIT Blackholev2 exploit kit landing page in an email
* 1:25003 <-> SERVER-OTHER HP Archive Query Server stack overflow attempt
* 1:25138 <-> EXPLOIT-KIT Styx exploit kit pdf outbound connection
* 1:25139 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:25381 <-> SERVER-OTHER Microsoft Threat Management Gateway heap buffer overflow attempt
* 1:25388 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25568 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:25611 <-> EXPLOIT-KIT Blackholev2 exploit kit redirection successful
* 1:25650 <-> BROWSER-IE Microsoft Internet Explorer malformed iframe buffer overflow attempt
* 1:25972 <-> EXPLOIT-KIT Redkit exploit kit three number PDF Request
* 1:26227 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:26295 <-> FILE-OTHER Watering Hole Campaign applet download
* 1:26339 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval - ff.php
* 1:26346 <-> EXPLOIT-KIT Redkit exploit kit payload requested
* 1:26496 <-> FILE-OTHER WellinTech KingView KingMessage log file parsing buffer overflow attempt
* 1:26643 <-> OS-WINDOWS Microsoft Windows SMB malformed process ID high field denial of service attempt
* 1:26806 <-> EXPLOIT-KIT Redkit exploit kit short JNLP request
* 1:26808 <-> EXPLOIT-KIT Goon/Infinity/Redkit exploit kit short jar request
* 1:27071 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27072 <-> EXPLOIT-KIT Blackhole exploit kit landing page retrieval
* 1:27598 <-> SERVER-WEBAPP Oracle Secure Backup Admin Server command injection attempt
* 1:27646 <-> SERVER-OTHER HP LeftHand Virtual SAN hydra login request buffer overflow attempt
* 1:27814 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28393 <-> SERVER-OTHER EMC Replication Manager irccd remote command execution attempt
* 1:28478 <-> EXPLOIT-KIT Styx exploit kit landing page request
* 1:28704 <-> FILE-FLASH Adobe Flash Player ActionScript float index array memory corruption attempt
* 1:28792 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28793 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:28903 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28904 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28905 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28906 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28907 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:28974 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:28975 <-> BROWSER-IE Microsoft Internet Explorer malformed GIF double-free remote code execution attempt
* 1:29453 <-> EXPLOIT-KIT Styx exploit kit eot outbound connection
* 1:29513 <-> OS-WINDOWS Microsoft Windows SMB Microsoft Windows RAP API NetServerEnum2 long comment buffer overflow attempt
* 1:29521 <-> FILE-MULTIMEDIA Flip4Mac Windows media components WMV parsing memory corruption attempt
* 1:29522 <-> SERVER-WEBAPP Alcatel-Lucent OmniPCX Office remote code execution attempt
* 1:29525 <-> FILE-FLASH Adobe Flash Player loadPCMFromByteArray bad sample count attempt
* 1:29527 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:29536 <-> SERVER-OTHER Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt
* 1:29596 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29597 <-> SERVER-WEBAPP HP SiteScope soap request code execution attempt
* 1:29607 <-> SERVER-OTHER Novell ZENworks Handheld Management ZfHIPCND.exe buffer overflow attempt
* 1:29610 <-> SERVER-OTHER IBM Cognos TM1 Server tm1admsd.exe buffer overflow attempt
* 1:29617 <-> BROWSER-FIREFOX Mozilla Firefox nsTreeRange Use After Free attempt
* 1:29621 <-> NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt
* 1:3114 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc LlsrConnect overflow attempt
* 1:3171 <-> OS-WINDOWS DCERPC NCADG-IP-UDP msqueue function 4 overflow attempt
* 1:32150 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32152 <-> FILE-OTHER Microsoft System.Uri heap corruption attempt
* 1:32356 <-> PROTOCOL-RPC mountd UDP unmount path overflow attempt
* 1:32370 <-> SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt
* 1:32816 <-> FILE-PDF Adobe Acrobat Reader raster image memory corruption attempt
* 1:32856 <-> FILE-PDF Adobe Acrobat Reader graphics module crash attempt
* 1:33016 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33017 <-> OS-WINDOWS Microsoft Windows NT DHCP client identifier length overflow attempt
* 1:33572 <-> FILE-OTHER Adobe Reader ETB baseurl memory corruption attempt
* 1:33826 <-> SERVER-SAMBA Samba smbd _netr_ServerPasswordSet deprecated vulnerable function access attempt
* 1:35435 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:35848 <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt
* 1:3590 <-> OS-WINDOWS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt
* 1:3591 <-> OS-WINDOWS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt
* 1:36156 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36157 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:36533 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX clsid access attempt
* 1:36534 <-> BROWSER-PLUGINS Quest InTrust Annotation Objects ActiveX function call access attempt
* 1:36658 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36659 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:36660 <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt
* 1:37511 <-> OS-SOLARIS XMDCP double-free attempt
* 1:37628 <-> FILE-FLASH Adobe Flash Player ByteArray domainMemory use after free attempt
* 1:37650 <-> FILE-OTHER CA BrightStor stack buffer overflow attempt
* 1:3818 <-> PROTOCOL-TFTP PUT transfer mode overflow attempt
* 1:38246 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:38247 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39387 <-> SERVER-WEBAPP D-Link DAP-1160 authentication bypass attempt
* 1:39406 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39407 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:39408 <-> SERVER-OTHER D-LINK DAP-1160 unauthenticated remote configuration attempt
* 1:3967 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_QueryResConfList attempt
* 1:39910 <-> SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
* 1:39936 <-> OS-SOLARIS XMDCP double-free attempt
* 1:40282 <-> FILE-OFFICE Microsoft Office Wordpad font conversion buffer overflow attempt
* 1:40335 <-> APP-DETECT OpenVAS Scanner User-Agent attempt
* 1:4072 <-> OS-WINDOWS DCERPC NCACN-IP-TCP umpnpmgr PNP_DetectResourceConflict attempt
* 1:40819 <-> FILE-FLASH Adobe Flash Player TextField text use after free attempt
* 1:41046 <-> FILE-FLASH Adobe Flash Player TextField setter use after free attempt
* 1:41423 <-> BROWSER-PLUGINS Mozilla Firefox generatecrmfrequest policy function call access attempt
* 1:42413 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:42423 <-> FILE-OTHER Adobe Director rcsL chunk parsing denial of service attempt
* 1:43291 <-> SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt
* 1:43307 <-> SERVER-WEBAPP csSearch setup attempt
* 1:43347 <-> BROWSER-FIREFOX Mozilla Firefox domFuzzLite3 table use after free attempt
* 1:44473 <-> FILE-OTHER ZIP file name overflow attempt
* 1:44735 <-> SERVER-MAIL Microsoft Outlook Express mhtml code execution attempt
* 1:45172 <-> BROWSER-FIREFOX Mozilla Firefox buffer overflow attempt
* 1:45179 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45180 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45182 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45184 <-> BROWSER-FIREFOX Mozilla Firefox SOAPParameter integer overflow attempt
* 1:45310 <-> FILE-FLASH Adobe Flash Player ConvolutionFilter Matrix use after free attempt
* 1:45501 <-> FILE-FLASH Adobe Flash Player movieclip startdrag use-after-free attempt
* 1:45856 <-> FILE-OTHER Adobe Acrobat Pro EMF out of bounds write attempt
* 1:4642 <-> SERVER-ORACLE sys.pbsde.init buffer overflow attempt
* 1:48179 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48180 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48181 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48182 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48183 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48184 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm stack buffer overflow attempt
* 1:48185 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48186 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48187 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48188 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48189 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:48190 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:49584 <-> FILE-FLASH Adobe Flash Player byteArray inflate information disclosure attempt
* 1:49586 <-> FILE-FLASH Adobe Flash Player byteArray uncompress information disclosure attempt
* 1:49901 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:49903 <-> BROWSER-PLUGINS HP OPOS ToneIndicator stack buffer overflow attempt
* 1:50642 <-> FILE-OTHER Adobe Director rscL chunk parsing denial of service attempt
* 1:50900 <-> SERVER-OTHER HPE Intelligent Management Center imcwlandm buffer overflow attempt
* 1:51026 <-> FILE-PDF Adobe Reader SFNT out of bounds memory read attempt
* 1:51082 <-> FILE-FLASH Adobe Flash player memory corruption attempt
* 1:51162 <-> FILE-PDF Adobe Acrobat Reader RGB color table out of bounds read attempt
* 1:51226 <-> FILE-FLASH Adobe Flash Player malformed ATF heap overflow attempt
* 1:51859 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51861 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51862 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51863 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:51866 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52080 <-> FILE-FLASH Adobe Flash Player FLV Nellymoser audio codec stack overflow attempt
* 1:52101 <-> OS-MOBILE Android Stagefright MP4 buffer overflow attempt
* 1:52289 <-> OS-MOBILE Google Android libstagefright integer underflow attempt
* 1:53431 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:53432 <-> SERVER-MAIL OpenSMTPD smtp_mailaddr command injection attempt
* 1:5485 <-> OS-WINDOWS DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
* 1:58201 <-> SERVER-WEBAPP Zoho ManageEngine ADSelfService Plus RestAPI authentication bypass attempt
* 1:58362 <-> SERVER-WEBAPP Advantech WebAccess Node BWSCADASoap ProjectName SQL injection attempt
* 1:654 <-> SERVER-MAIL RCPT TO overflow
* 1:6706 <-> NETBIOS SMB NT Trans Secondary Param Count overflow attempt
* 1:6707 <-> NETBIOS SMB NT Trans Secondary unicode Param Count overflow attempt
* 1:6712 <-> NETBIOS SMB NT Trans Secondary andx Param Count overflow attempt
* 1:6713 <-> NETBIOS SMB NT Trans Secondary unicode andx Param Count overflow attempt
* 1:8426 <-> SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
* 1:8428 <-> SERVER-OTHER SSLv2 openssl get shared ciphers overflow attempt
* 1:9027 <-> OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc NetrJoinDomain2 overflow attempt
* 1:9621 <-> PROTOCOL-TFTP 3COM server transport mode buffer overflow attempt
* 1:9769 <-> OS-WINDOWS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt