Talos Rules 2022-04-19
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the file-multimedia, file-office, file-other, protocol-dns, protocol-imap, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2022-04-19 13:16:56 UTC

Snort Subscriber Rules Update

Date: 2022-04-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091900.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59570 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt (server-other.rules)
 * 1:59571 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt (server-other.rules)
 * 1:59572 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt (server-other.rules)
 * 1:59573 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules)
 * 1:59574 <-> DISABLED <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt (server-oracle.rules)
 * 1:59575 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59576 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59577 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59578 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
 * 1:59580 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59581 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59582 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59583 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59584 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59585 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59586 <-> DISABLED <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt (server-other.rules)
 * 1:59597 <-> DISABLED <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt (server-other.rules)
 * 1:59600 <-> DISABLED <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt (protocol-dns.rules)
 * 1:59606 <-> DISABLED <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt (server-webapp.rules)

Modified Rules:


 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:58522 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt (server-webapp.rules)
 * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)

2022-04-19 13:16:56 UTC

Snort Subscriber Rules Update

Date: 2022-04-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091801.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59586 <-> DISABLED <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt (server-other.rules)
 * 1:59597 <-> DISABLED <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt (server-other.rules)
 * 1:59570 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt (server-other.rules)
 * 1:59575 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59574 <-> DISABLED <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt (server-oracle.rules)
 * 1:59576 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59573 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules)
 * 1:59580 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59581 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59582 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59583 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59584 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59585 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59600 <-> DISABLED <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt (protocol-dns.rules)
 * 1:59606 <-> DISABLED <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt (server-webapp.rules)
 * 1:59571 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt (server-other.rules)
 * 1:59572 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt (server-other.rules)
 * 1:59577 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
 * 1:59578 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)

Modified Rules:


 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:58522 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt (server-webapp.rules)
 * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)

2022-04-19 13:16:56 UTC

Snort Subscriber Rules Update

Date: 2022-04-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091701.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59585 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59574 <-> DISABLED <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt (server-oracle.rules)
 * 1:59600 <-> DISABLED <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt (protocol-dns.rules)
 * 1:59606 <-> DISABLED <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt (server-webapp.rules)
 * 1:59570 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt (server-other.rules)
 * 1:59571 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt (server-other.rules)
 * 1:59573 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules)
 * 1:59575 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59576 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59577 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59578 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59586 <-> DISABLED <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt (server-other.rules)
 * 1:59597 <-> DISABLED <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt (server-other.rules)
 * 1:59572 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt (server-other.rules)
 * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
 * 1:59581 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59580 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59583 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59582 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59584 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)

Modified Rules:


 * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:58522 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt (server-webapp.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)

2022-04-19 13:16:56 UTC

Snort Subscriber Rules Update

Date: 2022-04-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091700.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59606 <-> DISABLED <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt (server-webapp.rules)
 * 1:59576 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59582 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59577 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59586 <-> DISABLED <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt (server-other.rules)
 * 1:59572 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt (server-other.rules)
 * 1:59571 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt (server-other.rules)
 * 1:59583 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59585 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59584 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59578 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59597 <-> DISABLED <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt (server-other.rules)
 * 1:59575 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59600 <-> DISABLED <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt (protocol-dns.rules)
 * 1:59573 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules)
 * 1:59570 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt (server-other.rules)
 * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
 * 1:59580 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59574 <-> DISABLED <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt (server-oracle.rules)
 * 1:59581 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)

Modified Rules:


 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:58522 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt (server-webapp.rules)

2022-04-19 13:16:56 UTC

Snort Subscriber Rules Update

Date: 2022-04-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59580 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59597 <-> DISABLED <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt (server-other.rules)
 * 1:59575 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59586 <-> DISABLED <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt (server-other.rules)
 * 1:59572 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt (server-other.rules)
 * 1:59574 <-> DISABLED <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt (server-oracle.rules)
 * 1:59600 <-> DISABLED <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt (protocol-dns.rules)
 * 1:59584 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
 * 1:59582 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59583 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59585 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59570 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt (server-other.rules)
 * 1:59571 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt (server-other.rules)
 * 1:59576 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59578 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59577 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59581 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59573 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules)
 * 1:59606 <-> DISABLED <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt (server-webapp.rules)

Modified Rules:


 * 1:58522 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt (server-webapp.rules)
 * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)

2022-04-19 13:16:56 UTC

Snort Subscriber Rules Update

Date: 2022-04-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59600 <-> DISABLED <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt (protocol-dns.rules)
 * 1:59585 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59586 <-> DISABLED <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt (server-other.rules)
 * 1:59582 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
 * 1:59606 <-> DISABLED <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt (server-webapp.rules)
 * 1:59575 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59572 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt (server-other.rules)
 * 1:59570 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt (server-other.rules)
 * 1:59577 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59571 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt (server-other.rules)
 * 1:59580 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59573 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules)
 * 1:59578 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59576 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59584 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59581 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59597 <-> DISABLED <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt (server-other.rules)
 * 1:59583 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59574 <-> DISABLED <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt (server-oracle.rules)

Modified Rules:


 * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:58522 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt (server-webapp.rules)
 * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)

2022-04-19 13:16:56 UTC

Snort Subscriber Rules Update

Date: 2022-04-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59570 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt (server-other.rules)
 * 1:59572 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt (server-other.rules)
 * 1:59600 <-> DISABLED <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt (protocol-dns.rules)
 * 1:59597 <-> DISABLED <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt (server-other.rules)
 * 1:59571 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt (server-other.rules)
 * 1:59582 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59577 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59606 <-> DISABLED <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt (server-webapp.rules)
 * 1:59583 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59575 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59580 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59574 <-> DISABLED <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt (server-oracle.rules)
 * 1:59578 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59585 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59586 <-> DISABLED <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt (server-other.rules)
 * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
 * 1:59576 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59584 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59581 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59573 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules)

Modified Rules:


 * 1:58522 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt (server-webapp.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)

2022-04-19 13:16:56 UTC

Snort Subscriber Rules Update

Date: 2022-04-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59572 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt (server-other.rules)
 * 1:59586 <-> DISABLED <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt (server-other.rules)
 * 1:59571 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt (server-other.rules)
 * 1:59582 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59578 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59570 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt (server-other.rules)
 * 1:59573 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules)
 * 1:59575 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59576 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59597 <-> DISABLED <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt (server-other.rules)
 * 1:59574 <-> DISABLED <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt (server-oracle.rules)
 * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
 * 1:59585 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59606 <-> DISABLED <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt (server-webapp.rules)
 * 1:59583 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59577 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59581 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59580 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59584 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59600 <-> DISABLED <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt (protocol-dns.rules)

Modified Rules:


 * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:58522 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt (server-webapp.rules)
 * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)

2022-04-19 13:16:56 UTC

Snort Subscriber Rules Update

Date: 2022-04-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59585 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59570 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt (server-other.rules)
 * 1:59578 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59576 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
 * 1:59573 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules)
 * 1:59600 <-> DISABLED <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt (protocol-dns.rules)
 * 1:59572 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt (server-other.rules)
 * 1:59606 <-> DISABLED <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt (server-webapp.rules)
 * 1:59584 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59577 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59580 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59575 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59581 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59582 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59597 <-> DISABLED <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt (server-other.rules)
 * 1:59571 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt (server-other.rules)
 * 1:59586 <-> DISABLED <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt (server-other.rules)
 * 1:59574 <-> DISABLED <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt (server-oracle.rules)
 * 1:59583 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)

Modified Rules:


 * 1:58522 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt (server-webapp.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)
 * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)

2022-04-19 13:16:56 UTC

Snort Subscriber Rules Update

Date: 2022-04-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59606 <-> DISABLED <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt (server-webapp.rules)
 * 1:59600 <-> DISABLED <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt (protocol-dns.rules)
 * 1:59574 <-> DISABLED <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt (server-oracle.rules)
 * 1:59572 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt (server-other.rules)
 * 1:59597 <-> DISABLED <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt (server-other.rules)
 * 1:59573 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules)
 * 1:59577 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59575 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59582 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59571 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt (server-other.rules)
 * 1:59585 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59583 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59576 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59578 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
 * 1:59580 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59570 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt (server-other.rules)
 * 1:59581 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59584 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59586 <-> DISABLED <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt (server-other.rules)

Modified Rules:


 * 1:58522 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt (server-webapp.rules)
 * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)

2022-04-19 13:16:56 UTC

Snort Subscriber Rules Update

Date: 2022-04-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59586 <-> DISABLED <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt (snort3-server-other.rules)
 * 1:59583 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (snort3-file-other.rules)
 * 1:59600 <-> DISABLED <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt (snort3-protocol-dns.rules)
 * 1:59575 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (snort3-file-multimedia.rules)
 * 1:59574 <-> DISABLED <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt (snort3-server-oracle.rules)
 * 1:59584 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (snort3-file-office.rules)
 * 1:59571 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt (snort3-server-other.rules)
 * 1:59606 <-> DISABLED <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt (snort3-server-webapp.rules)
 * 1:59570 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt (snort3-server-other.rules)
 * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (snort3-protocol-dns.rules)
 * 1:59572 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt (snort3-server-other.rules)
 * 1:59578 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (snort3-server-webapp.rules)
 * 1:59576 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (snort3-file-multimedia.rules)
 * 1:59582 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (snort3-file-other.rules)
 * 1:59585 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (snort3-file-office.rules)
 * 1:59577 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (snort3-server-webapp.rules)
 * 1:59581 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (snort3-file-other.rules)
 * 1:59573 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (snort3-protocol-imap.rules)
 * 1:59580 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (snort3-file-other.rules)
 * 1:59597 <-> DISABLED <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt (snort3-server-other.rules)

Modified Rules:


 * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (snort3-file-other.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (snort3-server-other.rules)
 * 1:58522 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt (snort3-server-webapp.rules)
 * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (snort3-file-other.rules)

2022-04-19 13:16:56 UTC

Snort Subscriber Rules Update

Date: 2022-04-19

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:59577 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59579 <-> DISABLED <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt (protocol-dns.rules)
 * 1:59576 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59575 <-> DISABLED <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt (file-multimedia.rules)
 * 1:59597 <-> DISABLED <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt (server-other.rules)
 * 1:59572 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt (server-other.rules)
 * 1:59585 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59600 <-> DISABLED <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt (protocol-dns.rules)
 * 1:59570 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt (server-other.rules)
 * 1:59578 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt (server-webapp.rules)
 * 1:59580 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59606 <-> DISABLED <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt (server-webapp.rules)
 * 1:59574 <-> DISABLED <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt (server-oracle.rules)
 * 1:59581 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59584 <-> DISABLED <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt (file-office.rules)
 * 1:59583 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59586 <-> DISABLED <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt (server-other.rules)
 * 1:59573 <-> DISABLED <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt (protocol-imap.rules)
 * 1:59582 <-> DISABLED <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt (file-other.rules)
 * 1:59571 <-> DISABLED <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt (server-other.rules)

Modified Rules:


 * 1:59475 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:59474 <-> DISABLED <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt (file-other.rules)
 * 1:58522 <-> DISABLED <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt (server-webapp.rules)
 * 1:52450 <-> DISABLED <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt (server-other.rules)

2022-04-19 13:21:01 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:01 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.0.3.4.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:01 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:01 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.0.1.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:01 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.1.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:01 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.3.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:01 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.4.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:01 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.5.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:01 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.7.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:02 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.9.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:02 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.11.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:02 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.15.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:02 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.18.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:02 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.20.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt


2022-04-19 13:21:02 UTC

Snort Subscriber Rules Update

Date: 2022-04-18-001

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3.1.21.0.

The format of the file is:

gid:sid <-> Message

New Rules:

* 1:59570 <-> SERVER-OTHER Trend Micro Control Manager TVCSCommander SQL injection attempt
* 1:59571 <-> SERVER-OTHER Trend Micro Control Manager mdHandlerLicenseManager SQL injection attempt
* 1:59572 <-> SERVER-OTHER Trend Micro Control Manager cmdHandlerStatusMonitor SQL injection attempt
* 1:59573 <-> PROTOCOL-IMAP Dovecot Pigeonhole string parsing remote code execution attempt
* 1:59574 <-> SERVER-ORACLE Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL injection attempt
* 1:59575 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59576 <-> FILE-MULTIMEDIA libsndfile PAF file integer overflow attempt
* 1:59577 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59578 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php directory traversal attempt
* 1:59579 <-> PROTOCOL-DNS Microsoft DNS server denial of service attempt
* 1:59580 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59581 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59582 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59583 <-> FILE-OTHER Delta Industrial Automation CNCSoft ScreenEditor dpb PanelName stack buffer overflow attempt
* 1:59584 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59585 <-> FILE-OFFICE Microsoft Office XML nested num tag double-free attempt
* 1:59586 <-> SERVER-OTHER TightVNC viewer rfbServerCutText handler integer overflow attempt
* 1:59597 <-> SERVER-OTHER WolfSSL PSK extension buffer overflow attempt
* 1:59600 <-> PROTOCOL-DNS Systemd resolved dns_packet_new buffer overflow attempt
* 1:59606 <-> SERVER-WEBAPP Smart Software Solutions CODESYS ControlService stack buffer overflow attempt

Modified Rules:

* 1:52450 <-> SERVER-OTHER Squid Reverse Proxy malformed Host header buffer overflow attempt
* 1:58522 <-> SERVER-WEBAPP rConfig ajaxAddTemplate.php command injection attempt
* 1:59474 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt
* 1:59475 <-> FILE-OTHER FreeBSD bspatch utility remote code execution attempt