Update Details

Update #2543 (10/07/2015)

246 new signatures:

HIGH	HTTP:XSS:TYPO3-LOCALURL-CMS	HTTP: Typo3 CMS SanitizeLocalUrl Cross-Site Scripting
MEDIUM	HTTP:STATIC-SERVER-BOF1	HTTP: Static HTTP Server ini File Parsing Buffer Overflow1
HIGH	HTTP:XSS:NOVELL-ZENWORKS-XSS	HTTP: Novell ZENworks Mobile Management Cross-Site Scripting
MEDIUM	HTTP:INTEGARD-VERSION-CHECK1	HTTP: Integard Home and Pro Password Remote Version Check1
MEDIUM	HTTP:VLCFS1	HTTP: VLC HTTPD Connection Header Format String1
HIGH	HTTP:XSS:OPENFIRE-SEARCH	HTTP: Ignite Realtime Openfire group-summary.jsp Cross-Site Scripting
MEDIUM	HTTP:NTOP-BASIC-AUTHORIZATION1	HTTP: ntop Basic Authorization Denial of Service1
MEDIUM	HTTP:PHPWIKI-PLOTICUS-ACE1	HTTP: PHPWiki CVE-2014-5519 Ploticus Arbitratu Code Execution1
MEDIUM	HTTP:JAVA-JSP-SRC-CODE-DISC1	HTTP: Sun Java System Web Server JSP Source Code Disclosure1
MEDIUM	HTTP:ESTSOFT-ALZIP-MIM-BO1	HTTP: ESTsoft ALZip MIM File Processing Buffer Overflow1
MEDIUM	HTTP:MAXTHON-HISTORY-XSS1	HTTP: Maxthon History Cross Site Scripting1
MEDIUM	HTTP:DIGIUM-ASTERISK-BO1	HTTP: Digium Asterisk Management Interface HTTP Digest Authentication Stack Buffer Overflow1
MEDIUM	HTTP:ADOBE-FLASHPLYR-PRIV-ESC1	HTTP: Adobe Flash Player Privilege Escalation1
MEDIUM	HTTP:SONICWALL-GMS-RCE1	HTTP: SonicWALL GMS skipSessionCheck Remote Code Execution1
MEDIUM	HTTP:WORDPRESS-W3PLUGIN-RCE1	HTTP: Wordpress W3 Total Cache Plugin Remote Code Execution1
MEDIUM	HTTP:MICROSOFT-ASPNET-POST-DOS1	HTTP: Microsoft ASP.NET Post Request Parameters Handling Denial of Service1
MEDIUM	HTTP:WIPER-SHAMOON-FILE-DWNLD1	HTTP: Suspicious WIPER/SHAMOON Infected File Download1
MEDIUM	HTTP:XNVIEW-MBM-FILE-BO1	HTTP: XnView mbm File Parsing Buffer Overflow1
MEDIUM	HTTP:MS-TELNET-INSECURE-LOADIN1	HTTP: Microsoft Telnet Protocol Handler Insecure Loading1
MEDIUM	HTTP:INOUT-ARTICLE-BASE-CSRF1	HTTP: Inout Article Base Ultimate Cross Site Request Forgery1
MEDIUM	HTTP:SYSAX-SERVER-BOF1	HTTP: Sysax Multi Server Function Buffer Overflow1
MEDIUM	HTTP:ALTNWADMIN11	HTTP: Alt-N WebAdmin USER Buffer Overflow1
MEDIUM	HTTP:RUBY-GEM-SEMICOLON1	HTTP: Ruby Gem Multiple Wrappers Command Injection1
MEDIUM	HTTP:ROBOHELP-SQL-INJ1	HTTP: Adobe RoboHelp Server SQL Injection Vulnerability1
MEDIUM	HTTP:BROWSER-WINDOW-INJECTION1	HTTP: Multiple Web Browsers Window Injection1
MEDIUM	HTTP:MS-DOT-NET-HEAP-CORRUPT1	HTTP: Microsoft .NET Framework Heap Corruption1
MEDIUM	HTTP:LOCALHOST-ON-INTERNET1	HTTP: Localhost Host Header in Trans-Internet Request1
MEDIUM	HTTP:MS-WIN-FOLDER-GUID-CE1	HTTP: Microsoft Windows Folder GUID Code Execution1
MEDIUM	HTTP:APPLE-SGI-BOF1	HTTP: Apple CUPS SGI Image Format Decoding imagetops Filter Buffer Overflow1
MEDIUM	HTTP:RUBYONRAILS-XMLYAML-RCE1	HTTP: Ruby on Rails XML Parameter Parsing Remote Code Execution1
MEDIUM	HTTP:EASYLAN-REG-BOF1	HTTP: Easy LAN Folder Share .reg FIle Parsing Buffer Overflow1
MEDIUM	HTTP:RUBYONRAILS-JSONYAML-RCE1	HTTP: Ruby on Rails JSON YAML Parsing Remote Code Execution1
MEDIUM	HTTP:EK-ANGLER-JAVA1	HTTP: Oracle Exploit Kit Angler Java1
MEDIUM	HTTP:MS-DOT-NET-XAML-RCE1	HTTP: Microsoft .NET Framework XAML Browser Applications Stack Corruption1
MEDIUM	HTTP:XAMPP-REQUEST-FORGERY1	HTTP: XAMPP Request Forgery Attempt1
MEDIUM	HTTP:HP-PRINTER-INFO-DISCLOSUR1	HTTP: HP LaserJet Pro Printers Remote Information Disclosure1
MEDIUM	HTTP:GD-GRAPHICS-PNG1	HTTP: GD Graphics Library PNG Buffer Overflow1
MEDIUM	HTTP:WP-FGALLERY-MAL-FILE-HOST1	HTTP: Wordpress FGallery Plugin Malicious File Hosting1
MEDIUM	HTTP:ULTRAVNC-VNCLOG-BO1	HTTP: UltraVNC VNCLog Buffer Overflow1
MEDIUM	HTTP:WIRELURKER-SNUPLOAD1	HTTP: WireLurker Serial Number Upload Detected1
MEDIUM	HTTP:MANAGENGINE-INF-DISC1	HTTP: ManageEngine Multiple Products FailOverHelperServlet copyfile Information Disclosure1
MEDIUM	HTTP:FTP-ACTIVEX-CE1	HTTP: Attachmate Reflection FTP Client ActiveX CE1
HIGH	DNS:EXPLOIT:BIND-OPENPGPKEY-DOS	DNS: ISC BIND openpgpkey Denial of Service
MEDIUM	HTTP:STC:DL:APPLE-QT-JPEG-OF2	HTTP: Apple QuickTime JPEG Atom Buffer Overflow 2
MEDIUM	HTTP:STC:DL:APPLE-QT-JPEG-OF3	HTTP: Apple QuickTime JPEG Atom Buffer Overflow 3
HIGH	HTTP:STC:DL:PUB-PLC1	HTTP: Microsoft Publisher PLC Objects Remote Code Execution 1
HIGH	HTTP:STC:DL:PUB-PLC2	HTTP: Microsoft Publisher PLC Objects Remote Code Execution 2
HIGH	HTTP:STC:DL:PUB-PLC3	HTTP: Microsoft Publisher PLC Objects Remote Code Execution 3
MEDIUM	HTTP:STC:IMG:ANI-BLOCK-STR22	HTTP: Invalid ANI Block Size Parameter in Stream (2)2
MEDIUM	HTTP:STC:IMG:ANI-BLOCK-STR23	HTTP: Invalid ANI Block Size Parameter in Stream (2)3
HIGH	HTTP:STC:ADOBE:FLASHPLR-NUL-MC1	HTTP: Adobe Flash Player null Reference Memory Corruption1
HIGH	HTTP:STC:DL:PPT-FB1-ATOM-OF1	HTTP: Microsoft PowerPoint 0xFB1 Parsing Buffer Overflow1
HIGH	HTTP:STC:ADOBE:FLASHPLR-NUL-MC2	HTTP: Adobe Flash Player null Reference Memory Corruption2
HIGH	HTTP:STC:ADOBE:FLASHPLR-NUL-MC3	HTTP: Adobe Flash Player null Reference Memory Corruption3
HIGH	HTTP:STC:DL:PPT-FB1-ATOM-OF2	HTTP: Microsoft PowerPoint 0xFB1 Parsing Buffer Overflow2
HIGH	HTTP:STC:DL:PPT-FB1-ATOM-OF3	HTTP: Microsoft PowerPoint 0xFB1 Parsing Buffer Overflow3
MEDIUM	HTTP:STC:CHROME:RESPONSE-MC2	HTTP: Google Chrome HTTP Response Handling Memory Corruption 2
MEDIUM	HTTP:STC:CHROME:RESPONSE-MC3	HTTP: Google Chrome HTTP Response Handling Memory Corruption 3
HIGH	HTTP:STC:DL:ONENOTE-INFO-DISC2	HTTP: Microsoft Office OneNote 2010 Buffer Size Validation2
HIGH	HTTP:MISC:AVIRA-MGNT-HEADER-BOF	HTTP: Avira Management Console Server HTTP Header Processing Heap Buffer Overflow
HIGH	DNS:EXPLOIT:BIND-KEYPARSE-DOS	DNS: ISC BIND DNSSEC Key Parsing Buffer Denial of Service
HIGH	HTTP:STC:IE:DHTML-HANDLER-RACE1	HTTP: DHTML Object Handling Race Condition1
HIGH	HTTP:STC:ACTIVEX:KVIEW-KCHARTX1	HTTP: KingView KChartXY.ocx Unsafe ActiveX Control1
MEDIUM	HTTP:MS-IE-MHTMLFILE-DOS1	HTTP: Microsoft IE MHTMLFile NULL Dereference1
HIGH	HTTP:MISC:GE-PULSENET-RCE	HTTP: GE MDS PulseNET Hidden Support Account Remote Code Execution
INFO	HTTP:AUDIT:PDF-SCIIHEXDECODE	HTTP: Adobe PDF SCIIHexDecode Evasion Method Detection
MEDIUM	HTTP:XML-EXTERNAL-ENTITY-INJ1	HTTP:Multiple Product XML External Entity Injection1
CRITICAL	SHELLCODE:WIN:SHIKATAGANAI-HTTP	SHELLCODE: Shikata Ga Nai Encoder Routine Over HTTP (1)
HIGH	HTTP:INFO-LEAK:WFCHAT2	HTTP: WFChat Information Disclosure2
HIGH	HTTP:INFO-LEAK:WFCHAT3	HTTP: WFChat Information Disclosure3
HIGH	HTTP:INFO-LEAK:WFCHAT4	HTTP: WFChat Information Disclosure4
HIGH	HTTP:INFO-LEAK:WFCHAT5	HTTP: WFChat Information Disclosure5
HIGH	HTTP:INFO-LEAK:WFCHAT6	HTTP: WFChat Information Disclosure6
HIGH	HTTP:INFO-LEAK:WFCHAT7	HTTP: WFChat Information Disclosure7
HIGH	HTTP:INFO-LEAK:WFCHAT8	HTTP: WFChat Information Disclosure8
HIGH	HTTP:INFO-LEAK:WFCHAT9	HTTP: WFChat Information Disclosure9
HIGH	HTTP:SQL:INJ:S9Y-SERENDIPITY2	HTTP: S9Y Serendipity SQL injection2
HIGH	HTTP:SQL:INJ:S9Y-SERENDIPITY3	HTTP: S9Y Serendipity SQL injection3
HIGH	HTTP:SQL:INJ:S9Y-SERENDIPITY4	HTTP: S9Y Serendipity SQL injection4
HIGH	HTTP:STC:ACTIVEX:WEBVIEWER3D2	HTTP: SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite2
HIGH	HTTP:STC:ACTIVEX:WEBVIEWER3D3	HTTP: SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite3
HIGH	HTTP:STC:ACTIVEX:WEBVIEWER3D4	HTTP: SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite4
HIGH	HTTP:STC:CLSID:ACTIVEX:MACRO-A2	HTTP: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability2
HIGH	HTTP:STC:CLSID:ACTIVEX:MACRO-A3	HTTP: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability3
HIGH	HTTP:STC:CLSID:ACTIVEX:MACRO-A4	HTTP: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability4
HIGH	HTTP:STC:DL:ULTRAISO-CUE2	HTTP: UltraISO Cue File Remote Code Execution2
HIGH	HTTP:STC:DL:ULTRAISO-CUE3	HTTP: UltraISO Cue File Remote Code Execution3
HIGH	HTTP:STC:DL:ULTRAISO-CUE4	HTTP: UltraISO Cue File Remote Code Execution4
HIGH	HTTP:IIS:SHARE-ID2	HTTP: Microsoft SharePoint Team Information Disclosure2
HIGH	HTTP:IIS:SHARE-ID3	HTTP: Microsoft SharePoint Team Information Disclosure3
HIGH	HTTP:IIS:SHARE-ID4	HTTP: Microsoft SharePoint Team Information Disclosure4
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI2	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion2
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI3	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion3
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI4	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion4
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI5	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion5
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI6	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion6
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI7	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion7
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI8	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion8
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI9	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion9
HIGH	HTTP:STC:ACTIVEX:EASEWE-FTP2	HTTP: Easewe FTP And EastFTP Unsafe ActiveX Control1 1
HIGH	HTTP:STC:ACTIVEX:EASEWE-FTP3	HTTP: Easewe FTP And EastFTP Unsafe ActiveX Control1 2
HIGH	HTTP:CGI:WEBSCADA2	HTTP: Netbiter webSCADA2
HIGH	HTTP:CGI:WEBSCADA3	HTTP: Netbiter webSCADA3
HIGH	HTTP:SQL:INJ:TOLINET-AGNCIA-I12	HTTP: Tolinet Agencia id Parameter SQL Injection1 Description 2
HIGH	HTTP:SQL:INJ:TOLINET-AGNCIA-I11	HTTP: Tolinet Agencia id Parameter SQL Injection1 Description 1
HIGH	HTTP:XSS:PHPNUKE-BOOKMARKS2	HTTP: PHP-Nuke Cross Site Script Attack via Bookmark2
HIGH	HTTP:XSS:PHPNUKE-BOOKMARKS3	HTTP: PHP-Nuke Cross Site Script Attack via Bookmark3
HIGH	HTTP:XSS:PHPNUKE-BOOKMARKS4	HTTP: PHP-Nuke Cross Site Script Attack via Bookmark4
HIGH	HTTP:XSS:PHPNUKE-BOOKMARKS5	HTTP: PHP-Nuke Cross Site Script Attack via Bookmark5
HIGH	HTTP:XSS:PHPNUKE-BOOKMARKS6	HTTP: PHP-Nuke Cross Site Script Attack via Bookmark6
HIGH	HTTP:XSS:PHPNUKE-BOOKMARKS7	HTTP: PHP-Nuke Cross Site Script Attack via Bookmark7
HIGH	HTTP:XSS:PHPNUKE-BOOKMARKS8	HTTP: PHP-Nuke Cross Site Script Attack via Bookmark8
HIGH	HTTP:STC:DL:OPENOFFICE-CSV-DOS2	HTTP: OpenOffice csv File Remote Denial of Service2
HIGH	HTTP:STC:DL:OPENOFFICE-CSV-DOS3	HTTP: OpenOffice csv File Remote Denial of Service3
HIGH	HTTP:STC:DL:OPENOFFICE-CSV-DOS4	HTTP: OpenOffice csv File Remote Denial of Service4
HIGH	HTTP:MISC:RAILS-ROUTING2	HTTP: Rails Routing Vulnerability2
HIGH	HTTP:MISC:RAILS-ROUTING3	HTTP: Rails Routing Vulnerability3
HIGH	HTTP:MISC:RAILS-ROUTING4	HTTP: Rails Routing Vulnerability4
HIGH	HTTP:PHP:JOOMLA-COM-PHOCADL-LF2	HTTP: Joomla com_phocadownload Component Local File Inclusion2
HIGH	HTTP:PHP:JOOMLA-COM-PHOCADL-LF3	HTTP: Joomla com_phocadownload Component Local File Inclusion3
HIGH	HTTP:PHP:JOOMLA-COM-PHOCADL-LF4	HTTP: Joomla com_phocadownload Component Local File Inclusion4
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY2	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 2
HIGH	HTTP:PHP:YABBSE-PKG-EXEC2	HTTP: YabbSE Packages.php Code Execution2
HIGH	HTTP:PHP:YABBSE-PKG-EXEC3	HTTP: YabbSE Packages.php Code Execution3
HIGH	HTTP:PHP:YABBSE-PKG-EXEC4	HTTP: YabbSE Packages.php Code Execution4
HIGH	HTTP:PHP:YABBSE-PKG-EXEC5	HTTP: YabbSE Packages.php Code Execution5
HIGH	HTTP:PHP:YABBSE-PKG-EXEC6	HTTP: YabbSE Packages.php Code Execution6
HIGH	HTTP:PHP:YABBSE-PKG-EXEC7	HTTP: YabbSE Packages.php Code Execution7
HIGH	HTTP:PHP:YABBSE-PKG-EXEC8	HTTP: YabbSE Packages.php Code Execution8
HIGH	HTTP:PHP:YABBSE-PKG-EXEC9	HTTP: YabbSE Packages.php Code Execution9
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY3	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 3
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY4	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 4
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY5	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 5
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY6	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 6
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY7	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 7
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY8	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 8
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY9	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 9
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE2	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 2
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE3	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 3
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE4	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 4
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE5	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 5
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE6	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 6
HIGH	HTTP:EXT:SCR2	HTTP: Dangerous Extension Download (SCR)2
HIGH	HTTP:EXT:SCR3	HTTP: Dangerous Extension Download (SCR)3
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE7	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 7
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE8	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 8
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE9	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 9
HIGH	HTTP:STC:ACTIVEX:MS-DEBUGDIAG2	HTTP: Microsoft DebugDiag CrashHangExt.dll Unsafe ActiveX Control2
HIGH	HTTP:STC:ACTIVEX:MS-DEBUGDIAG3	HTTP: Microsoft DebugDiag CrashHangExt.dll Unsafe ActiveX Control3
HIGH	HTTP:STC:ACTIVEX:MS-DEBUGDIAG4	HTTP: Microsoft DebugDiag CrashHangExt.dll Unsafe ActiveX Control4
HIGH	HTTP:XSS:AWAUCTIONSCRIPT-CMS2	HTTP: AWAuctionScript CMS Cross Site Scripting2
HIGH	HTTP:XSS:AWAUCTIONSCRIPT-CMS3	HTTP: AWAuctionScript CMS Cross Site Scripting3
HIGH	HTTP:STC:ADOBE:READER-PLUGIN2	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption2
HIGH	HTTP:STC:ADOBE:READER-PLUGIN3	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption3
HIGH	HTTP:STC:ADOBE:READER-PLUGIN4	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption4
HIGH	HTTP:STC:ADOBE:READER-PLUGIN5	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption5
HIGH	HTTP:STC:ADOBE:READER-PLUGIN6	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption6
HIGH	HTTP:STC:ADOBE:READER-PLUGIN7	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption7
HIGH	HTTP:STC:ADOBE:READER-PLUGIN8	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption8
HIGH	HTTP:STC:ADOBE:READER-PLUGIN9	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption9
HIGH	HTTP:STC:DL:XLS-SERIES2	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution2
HIGH	HTTP:STC:DL:XLS-SERIES3	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution3
HIGH	HTTP:STC:DL:XLS-SERIES4	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution4
HIGH	HTTP:STC:DL:XLS-SERIES5	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution5
HIGH	HTTP:STC:DL:XLS-SERIES6	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution6
HIGH	HTTP:STC:DL:XLS-SERIES7	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution7
HIGH	HTTP:STC:DL:XLS-SERIES8	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution8
HIGH	HTTP:STC:DL:XLS-SERIES9	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution9
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC2	HTTP: .NET Framework Buffer Allocation Vulnerability2
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC3	HTTP: .NET Framework Buffer Allocation Vulnerability3
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC4	HTTP: .NET Framework Buffer Allocation Vulnerability4
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC5	HTTP: .NET Framework Buffer Allocation Vulnerability5
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC6	HTTP: .NET Framework Buffer Allocation Vulnerability6
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC7	HTTP: .NET Framework Buffer Allocation Vulnerability7
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC8	HTTP: .NET Framework Buffer Allocation Vulnerability8
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC9	HTTP: .NET Framework Buffer Allocation Vulnerability9
CRITICAL	SHELLCODE:X86:X86-NOOP1-CTS	SHELLCODE: x86 NOOP (1) Over TCP-CTS
CRITICAL	SHELLCODE:X86:X86-NOOP1-STC	SHELLCODE: x86 NOOP (1) Over TCP-STC
HIGH	HTTP:STC:ACTIVEX:GOMPLAYER2	HTTP: Gretech GOM Player Unsafe ActiveX Control 2
HIGH	HTTP:STC:ACTIVEX:GOMPLAYER3	HTTP: Gretech GOM Player Unsafe ActiveX Control 3
HIGH	HTTP:STC:ACTIVEX:GOMPLAYER4	HTTP: Gretech GOM Player Unsafe ActiveX Control 4
HIGH	HTTP:STC:ACTIVEX:GOMPLAYER5	HTTP: Gretech GOM Player Unsafe ActiveX Control 5
HIGH	HTTP:STC:ACTIVEX:GOMPLAYER6	HTTP: Gretech GOM Player Unsafe ActiveX Control 6
HIGH	HTTP:STC:ACTIVEX:GOMPLAYER7	HTTP: Gretech GOM Player Unsafe ActiveX Control 7
HIGH	HTTP:STC:ACTIVEX:GOMPLAYER8	HTTP: Gretech GOM Player Unsafe ActiveX Control 8
HIGH	HTTP:STC:ACTIVEX:GOMPLAYER9	HTTP: Gretech GOM Player Unsafe ActiveX Control 9
HIGH	HTTP:STC:DIRECT-AVI-WAV-PARSE-1	HTTP: Microsoft DirectX WAV and AVI File Parsing Code Execution (1)
HIGH	SHELLCODE:X86:ALPHA-GETEIP-80S1	SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-1
HIGH	SHELLCODE:X86:ALPHA-GETEIP-80S2	SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-2
HIGH	SHELLCODE:X86:ALPHA-GETEIP-80S3	SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-3
HIGH	SHELLCODE:X86:ALPHA-GETEIP-80S4	SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-4
HIGH	SHELLCODE:X86:ALPHA-GETEIP-80S5	SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-5
HIGH	SHELLCODE:X86:ALPHA-GETEIP-80S6	SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-6
HIGH	SHELLCODE:X86:ALPHA-GETEIP-80S7	SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-7
HIGH	HTTP:DIR:MANAGEENGINE-DIR-TRA	HTTP: ManageEngine ServiceDesk File Upload Directory Traversal
HIGH	HTTP:XSS:OPENFIRE-USER-CREATE	HTTP: Ignite Realtime Openfire user-create.jsp Cross-Site Request Forgery
HIGH	APP:IBM:TIV-OP1331-CMDINJ	APP: IBM Tivoli Storage Manager FastBack Opcode 1331 Command Injection
HIGH	LDAP:BERGET-NXT-DOS	LDAP: OpenLDAP ber_get_next Denial of Service
MEDIUM	HTTP:WINAMP-WLZ-BO1	HTTP: Winamp wlz File Parsing Buffer Overflow1
MEDIUM	HTTP:INTELLITAMPER-DEFER-BO1	HTTP: IntelliTamper defer Attribute Buffer Overflow Vulnerability1
MEDIUM	HTTP:MICROSOFT-WORKS-WKSSS-BO1	HTTP: Microsoft Works wksss Buffer Overflow1
MEDIUM	HTTP:ACMS-ASSETS-INFODISC1	HTTP: aCMS Assets Page Information Disclosure1
MEDIUM	HTTP:FOXIT-PNG-PDF-BO11	HTTP: Foxit Multiple Products PNG To PDF Conversion Heap Buffer Overflow1
MEDIUM	HTTP:SYMANTEC-EP-POLICY-BYPAS1	HTTP: Symantec Endpoint Protection Console Servlet Policy Bypass1
MEDIUM	HTTP:SOLARWINDS-POLICYBYPASS1	HTTP: SolarWinds Firewall Security Manager userlogin.jsp Policy Bypass1
MEDIUM	HTTP:ADOBE-INDESIGN-SOAP-RCE1	HTTP: Adobe IndesignServer SOAP Server Arbitrary Script Execution1
MEDIUM	HTTP:MAMBO-MYSQL-INF-DISCLOSUR1	HTTP: Mambo MySQL Database Info Disclosure1
MEDIUM	HTTP:MS-WINDOWS-HYPERLINK-BO1	HTTP: Microsoft Windows Hyperlink Buffer Overflow1
MEDIUM	HTTP:WIRELURKER-VRUPDATE1	HTTP: WireLurker Version Update Detected1
MEDIUM	HTTP:OFFICESCAN-CGIRECVFILE1	HTTP: Trend Micro OfficeScan Server cgiRecvFile Buffer Overflow1
MEDIUM	HTTP:SUN-DIGEST-OF1	HTTP: Sun Java Web Digest Buffer Overflow1
MEDIUM	HTTP:KASPERSKY-URI-PARSING-DOS1	HTTP: Kaspersky Products URI Parsing Denial of Service1
MEDIUM	HTTP:REALTEK-MEDIAPLAYER-PLA-B1	HTTP: Realtek Media Player pla File Parsing Buffer Overflow1
MEDIUM	HTTP:IESHIMS-DLL-HIJACK1	HTTP: Microsoft Internet Explorer IESHIMS.DLL Insecure Library Loading1
MEDIUM	HTTP:MANAGENGINE-APP1	HTTP: ManageEngine Applications Manager SQL Injection1
MEDIUM	HTTP:MONGOOSE-HTTPD-URI-OF1	HTTP: Mongoose HTTP Server URI Handling Overflow1
MEDIUM	HTTP:HP-INSIGHT-DIAGNOSTICS-LF1	HTTP: HP Insight Diagnostics CVE-2013-3575 Local File Inclusion1
MEDIUM	HTTP:DLL-REQ-VIA-WEBDAV1	HTTP: DLL File Download via WebDAV1
MEDIUM	HTTP:PFSENSE-ZONE-CSS1	HTTP: pfSense WebGUI Zone Parameter Cross-Site Scripting1
MEDIUM	HTTP:FIREFLY-MEDIA-SERVER-DOS1	HTTP: Firefly Media Server Denial Of Service1
MEDIUM	HTTP:NOVELL-NETIQ-MOD-POLBYPAS1	HTTP: Novell NetIQ Privileged User Manager modifyAccounts Policy Bypass1
MEDIUM	HTTP:JAVA-UPDATE-RCE1	HTTP: Oracle Java Software Update Weakness1
MEDIUM	HTTP:MS-IE-MEMORY-CORRUPTION1	HTTP: Microsoft Internet Explorer CVE-2014-2782 Use After Free1
MEDIUM	HTTP:INTEGARD-PASSWORD-BOF1	HTTP: Integard Web Interface Password Parameter Buffer Overflow1
MEDIUM	HTTP:FORTINET-HELLO-MSG-DOS1	HTTP: Fortinet Single Sign On Hello Message Denial Of Service1
MEDIUM	HTTP:NGINX-RQST-URI-SECBYPASS1	HTTP: Nginx Request URI Verification Security Bypass1
MEDIUM	HTTP:JABBER-SERVER-BYPASS1	HTTP: Jive Software Openfire Jabber Server Authentication Bypass1
MEDIUM	HTTP:SAP-MGT-CON-OSEXEC1	HTTP: SAP Management Console SOAP Interface Code Execution1
MEDIUM	HTTP:ADOBE-ROBOHELP-FILE-UPLOA1	HTTP: Adobe RoboHelp Server Arbitrary File Upload and Execute1
MEDIUM	HTTP:SPRING-XMLENTITY-INFODISC1	HTTP: SpringSource Spring Framework XML External Entity Parsing Information Disclosure1
MEDIUM	HTTP:WIRESHARK-MPEG-BOF11	HTTP: Wireshark MPEG Dissector Stack Buffer Overflow11
MEDIUM	HTTP:W3C-AMAYA-BOF1	HTTP: W3C Amaya Stack Based Buffer Overflow1
MEDIUM	HTTP:RESIN-INFO-DISCLOSURE1	HTTP: Resin Application Server Source Code Disclosure1
MEDIUM	HTTP:UNUSUAL-REFERER1	HTTP: Unusual Value In HTTP Referer Header1
MEDIUM	HTTP:C99-SHELL-BACKDOOR1	TROJAN: C99 Backdoor Actiivity1
MEDIUM	HTTP:GOOGLE-SKETCHUP-BMP-BO1	HTTP: Google SketchUp BMP File Buffer Overflow (CVE-2013-3664)1
MEDIUM	HTTP:TRENDMICRO-CTRLMGR-SQLINJ1	HTTP: Trend Micro Control Manager ad hoc query Module SQL Injection1
MEDIUM	HTTP:ORACLE-ID-MANAGER-REDIREC1	HTTP: Oracle Identity Manager backUrl Parameter Open Redirect1
MEDIUM	HTTP:FOXIT-FF-URL-STG-BO1	HTTP: Foxit Reader Plugin for Firefox URL String Stack Buffer Overflow1
MEDIUM	HTTP:SUN-GLASSFISH-AUTH-BP1	HTTP: Sun Goldfish AUthentication Bypass1
MEDIUM	HTTP:EMC-DPA-EJBSERVLET-RCE1	HTTP: EMC Data Protection Advisor Illuminator EJBInvokerServlet Remote Code Execution1
MEDIUM	HTTP:HP-SITESCOPE-INF-DISC1	HTTP: HP SiteScope Log Analyzer Information Disclosure1
MEDIUM	HTTP:JAVA-EXPRESS-HTML-INJ1	HTTP: Sun Java System Communications Express HTML Injection1
MEDIUM	HTTP:VMWARE-VSPHERE-DOS1	HTTP: Vmware Vsphere Host Daemon Denial Of Service1
MEDIUM	HTTP:MULTIPLE-WEBSER-INFO-LEAK1	HTTP: Multiple Werserver Unauthorized Access Attempt1
MEDIUM	HTTP:AVIRA-SECURE-BCKUP-REG-BO1	HTTP: Avira Secure Backup Registry Value Parsing Buffer Overflow1

41 updated signatures:

CRITICAL	SHELLCODE:X86:WIN32-ENUM-80C	SHELLCODE: X86 Microsoft Win32 Export Table Enumeration Variant Detection Over HTTP-CTS
HIGH	HTTP:STC:REPRISE-PARAM-PARSE-BO	HTTP: Reprise License Manager HTTP Parameter Parsing Buffer Overflow
HIGH	HTTP:STC:SCRIPT:HEAPSPRAY	HTTP: Javascript Heap Spray Attempt Detection
MEDIUM	HTTP:STC:DL:APPLE-QT-JPEG-OF1	HTTP: Apple QuickTime JPEG Atom Buffer Overflow 1
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC1	HTTP: .NET Framework Buffer Allocation Vulnerability1
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE1	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 1
HIGH	HTTP:STC:ACTIVEX:KVIEW-KCHARTXY	HTTP: KingView KChartXY.ocx Unsafe ActiveX Control
HIGH	HTTP:STC:DL:XLS-SERIES1	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution1
HIGH	HTTP:STC:ADOBE:MEMDSC-2014-0552	HTTP: Adobe Flash Player Memory Disclosure (CVE-2014-0552)
HIGH	HTTP:XSS:AWAUCTIONSCRIPT-CMS1	HTTP: AWAuctionScript CMS Cross Site Scripting1
HIGH	HTTP:STC:ADOBE:PDF-COOLTYPE-RCE	HTTP: Adobe Reader CoolType.dll Remote Code Execution
HIGH	HTTP:SQL:INJ:TOLINET-AGENCIA-I1	HTTP: Tolinet Agencia id Parameter SQL Injection1
HIGH	HTTP:STC:CLSID:ACTIVEX:MACRO-A1	HTTP: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability1
HIGH	HTTP:PHP:JOOMLA-COM-PHOCADL-LF1	HTTP: Joomla com_phocadownload Component Local File Inclusion1
HIGH	HTTP:XSS:PHPNUKE-BOOKMARKS1	HTTP: PHP-Nuke Cross Site Script Attack via Bookmark1
MEDIUM	HTTP:STC:CHROME:RESPONSE-MC1	HTTP: Google Chrome HTTP Response Handling Memory Corruption 1
HIGH	HTTP:STC:SCRIPT:STRFMCC-MUL-BAS	HTTP: Javascript Obfuscator
HIGH	HTTP:STC:DL:OPENOFFICE-CSV-DOS1	HTTP: OpenOffice csv File Remote Denial of Service1
HIGH	HTTP:PHP:YABBSE-PKG-EXEC1	HTTP: YabbSE Packages.php Code Execution1
MEDIUM	HTTP:ORACLE:COPYFILE-DIR-TRAV	HTTP: Oracle Endeca CopyFile Directory Traversal
HIGH	HTTP:STC:DL:ULTRAISO-CUE1	HTTP: UltraISO Cue File Remote Code Execution1
HIGH	HTTP:STC:DL:ONENOTE-INFO-DISC1	HTTP: Microsoft Office OneNote 2010 Buffer Size Validation1
HIGH	HTTP:IIS:SHARE-ID1	HTTP: Microsoft SharePoint Team Information Disclosure1
HIGH	HTTP:INFO-LEAK:WFCHAT1	HTTP: WFChat Information Disclosure1
HIGH	HTTP:PHP:REDHAT-PIRANHA-PASSWD1	HTTP: RedHat 6.2 Piranha passwd.php31
HIGH	HTTP:STC:ACTIVEX:MS-DEBUGDIAG1	HTTP: Microsoft DebugDiag CrashHangExt.dll Unsafe ActiveX Control1
HIGH	HTTP:STC:ACTIVEX:EASEWE-FTP1	HTTP: Easewe FTP And EastFTP Unsafe ActiveX Control1
CRITICAL	SHELLCODE:X86:DWORD-ADITIVE-80C	SHELLCODE: X86 OS agnostic Dword Additive Feedback Decoder Routine Over HTTP-CTS
HIGH	HTTP:SQL:INJ:S9Y-SERENDIPITY1	HTTP: S9Y Serendipity SQL injection1
CRITICAL	SHELLCODE:X86:XOR-DWORD-80C	SHELLCODE: X86 OS agnostic XOR Dword Decoder Routine Over HTTP-CTS
MEDIUM	HTTP:STC:DL:SOPHOS-ZIPDOS1	HTTP: Sophos Anti-Virus Zip File Handling Denial of Service1
HIGH	HTTP:CGI:WEBSCADA1	HTTP: Netbiter webSCADA1
HIGH	HTTP:MISC:RAILS-ROUTING1	HTTP: Rails Routing Vulnerability1
MEDIUM	HTTP:STC:IMG:ANI-BLOCK-STR21	HTTP: Invalid ANI Block Size Parameter in Stream (2)1
HIGH	HTTP:EXT:SCR1	HTTP: Dangerous Extension Download (SCR)1
HIGH	HTTP:STC:ADOBE:READER-PLUGIN1	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption1
HIGH	HTTP:STC:IE:CVE-2015-2487-CE	HTTP: Microsoft Internet Explorer CVE-2015-2487 Code Execution
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI1	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion1
HIGH	HTTP:STC:ACTIVEX:WEBVIEWER3D1	HTTP: SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite1
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY1	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection1
CRITICAL	SHELLCODE:X86:REVERS-CONECT-80C	SHELLCODE: X86 Linux Reverse Connect Detection Over HTTP-CTS

1 renamed signature:

HTTP:STC:DL:PPT-FB1-ATOM-OF2

HTTP:STC:DL:PPT-FB1-ATOM-OF

Details of the signatures included within this bulletin:

HTTP:XSS:TYPO3-LOCALURL-CMS - HTTP: Typo3 CMS SanitizeLocalUrl Cross-Site Scripting

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Typo3 CMS. A remote unauthenticated attacker can leverage the vulnerability to achieve cross-site scripting attacks.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004

References:

cve: CVE-2015-5956

HTTP:STATIC-SERVER-BOF1 - HTTP: Static HTTP Server ini File Parsing Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Static HTTP server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted server.

Supported On:

References:

HTTP:XSS:NOVELL-ZENWORKS-XSS - HTTP: Novell ZENworks Mobile Management Cross-Site Scripting

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Novell ZENworks Mobile Management.This can lead to arbitrary script code execution in the context of the affected user.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004

HTTP:INTEGARD-VERSION-CHECK1 - HTTP: Integard Home and Pro Password Remote Version Check1

Severity: MEDIUM

Description:

This signature detects attempts to check the version of Integard web interface. Depending upon the version known, their corresponding security threats may be exploited by a malicious attacker.

Supported On:

HTTP:VLCFS1 - HTTP: VLC HTTPD Connection Header Format String1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against VLC HTTP Daemon. A successful attack allows an attacker to execute arbitrary commands with the privileges of the VLC application.

Supported On:

HTTP:XSS:OPENFIRE-SEARCH - HTTP: Ignite Realtime Openfire group-summary.jsp Cross-Site Scripting

Severity: HIGH

Description:

This signature detects attempts to exploit a cross-site scripting vulnerability in Ignite Realtime Openfire Server. A successful attack can exploit the XSS vulnerability to execute arbitrary scripts in the user's browser session with the security context of the affected server.

Supported On:

References:

cve: CVE-2015-6972

HTTP:NTOP-BASIC-AUTHORIZATION1 - HTTP: ntop Basic Authorization Denial of Service1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in ntop basic Authorization. This could lead to a Denial of Service condition.

Supported On:

HTTP:PHPWIKI-PLOTICUS-ACE1 - HTTP: PHPWiki CVE-2014-5519 Ploticus Arbitratu Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against PHPWIKI Ploticus. A successful exploit can lead to arbitrary code execution.

Supported On:

HTTP:JAVA-JSP-SRC-CODE-DISC1 - HTTP: Sun Java System Web Server JSP Source Code Disclosure1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Sun Java System Web Server. A successful attack can lead to unauthorized source code disclosure.

Supported On:

References:

bugtraq: 38615
url: http://www.microsoft.com/technet/security/advisory/981374.mspx
cve: CVE-2010-0806

HTTP:ESTSOFT-ALZIP-MIM-BO1 - HTTP: ESTsoft ALZip MIM File Processing Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the ESTsoft ALZip product. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

HTTP:MAXTHON-HISTORY-XSS1 - HTTP: Maxthon History Cross Site Scripting1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Maxthon. A successful attack can lead to Arbitrary Command Execution

Supported On:

srx-branch-11.4, mx-11.4, idp-4.1.0, mx-9.4, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, srx-10.0, srx-branch-10.0, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004, srx-11.4

HTTP:DIGIUM-ASTERISK-BO1 - HTTP: Digium Asterisk Management Interface HTTP Digest Authentication Stack Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Digium Asterisk Management Interface. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

HTTP:ADOBE-FLASHPLYR-PRIV-ESC1 - HTTP: Adobe Flash Player Privilege Escalation1

Severity: MEDIUM

Description:

Adobe Flash Player allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions.

Supported On:

HTTP:SONICWALL-GMS-RCE1 - HTTP: SonicWALL GMS skipSessionCheck Remote Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against SoniWALL GMS. A successful attack can lead to arbitrary code execution.

Supported On:

References:

HTTP:WORDPRESS-W3PLUGIN-RCE1 - HTTP: Wordpress W3 Total Cache Plugin Remote Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Wordpress W3 Total Cache plugin. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:MICROSOFT-ASPNET-POST-DOS1 - HTTP: Microsoft ASP.NET Post Request Parameters Handling Denial of Service1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known issue in Microsoft ASP.NET. Attacker could exploit this issue by sending crafted HTTP requests with high number of parameters without any values.

Supported On:

HTTP:WIPER-SHAMOON-FILE-DWNLD1 - HTTP: Suspicious WIPER/SHAMOON Infected File Download1

Severity: MEDIUM

Description:

This signature detects attempts to download a file that is infected by Wiper or Shamoon malware. These malware are known to erase the local disk contents of the targeted victim system.

Supported On:

HTTP:XNVIEW-MBM-FILE-BO1 - HTTP: XnView mbm File Parsing Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in XnView. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application. Failed exploit attempts could result in a denial of service condition.

Supported On:

References:

HTTP:MS-TELNET-INSECURE-LOADIN1 - HTTP: Microsoft Telnet Protocol Handler Insecure Loading1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known remote code execution vulnerability in the Microsoft telnet.exe service. It is due to a design weakness in the way telnet protocol handler is implemented. Remote attackers can exploit this by enticing target users to download a malicious dll file. A successful attack can result in loading the attacker-controlled library and execution of arbitrary code with the privileges of the logged-in user. If a user is logged-on with administrative user rights, an attacker can take complete control of the affected system.

Supported On:

HTTP:INOUT-ARTICLE-BASE-CSRF1 - HTTP: Inout Article Base Ultimate Cross Site Request Forgery1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known cross-site Request Forgery vulnerability against Inout Article Base. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Supported On:

References:

HTTP:SYSAX-SERVER-BOF1 - HTTP: Sysax Multi Server Function Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Sysax Multi Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

HTTP:ALTNWADMIN11 - HTTP: Alt-N WebAdmin USER Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Alt-N Webadmin. A successful attack can lead to a buffer overflow and arbitrary remote code execution with system level privileges.

Supported On:

HTTP:RUBY-GEM-SEMICOLON1 - HTTP: Ruby Gem Multiple Wrappers Command Injection1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Ruby Gem Minimagic, Curl and Fastreader 1.0.8 wrappers. A successful attack can lead to command injection and arbitrary code execution.

Supported On:

HTTP:ROBOHELP-SQL-INJ1 - HTTP: Adobe RoboHelp Server SQL Injection Vulnerability1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe RoboHelp Server. A successful SQL injection attack can lead to arbitrary code execution.

Supported On:

HTTP:BROWSER-WINDOW-INJECTION1 - HTTP: Multiple Web Browsers Window Injection1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against multiple web browsers. The issue arises when victim visits a malicious site via their browser and follows a link to a trusted site. Once the link to the trusted site is followed, the victim must open a popup window from the trusted site that can be influenced by the attacker's site. A successful exploit may allow a remote attacker to carry out phishing attacks.

Supported On:

HTTP:MS-DOT-NET-HEAP-CORRUPT1 - HTTP: Microsoft .NET Framework Heap Corruption1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft's .NET Framework. It is due to an error in calculating a buffer length for percent-encoded URI components of a UTF-8 encoded URI. Remote attackers could exploit this vulnerability by enticing a target user to either download and execute a malicious XAML browser application, or download and execute a malicious .NET application. A successful exploitation attempt could result in the execution of arbitrary code in the security context in which the .NET application runs.

Supported On:

HTTP:LOCALHOST-ON-INTERNET1 - HTTP: Localhost Host Header in Trans-Internet Request1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against several HTTP-based Web Interfaces for network devices (such as VOIP Phones). An attacker can send a crafted message to the server allowing them to bypass security restrictions and reconfigure or make arbitrary use of the device.

Supported On:

HTTP:MS-WIN-FOLDER-GUID-CE1 - HTTP: Microsoft Windows Folder GUID Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft Windows. The vulnerability is caused by an error during the handling of directories containing CLSID extensions. An attacker can exploit this vulnerability by enticing a user into executing a malicious HTA file via a specially crafted web page or file share. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user.

Supported On:

HTTP:APPLE-SGI-BOF1 - HTTP: Apple CUPS SGI Image Format Decoding imagetops Filter Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in Apple's Common Unix Printing System (CUPS) distributed by multiple vendors. It is due to a boundary error in handling SGI Image format files. A remote attacker can exploit this vulnerability to compromise a vulnerable system. In an attack case where code injection is not successful, the affected application will terminate abnormally. In a more sophisticated attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service, with the privileges of the printer user, normally lp.

Supported On:

References:

url: http://www.gmail.com

HTTP:RUBYONRAILS-XMLYAML-RCE1 - HTTP: Ruby on Rails XML Parameter Parsing Remote Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against applications developed using Ruby on Rails. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:EASYLAN-REG-BOF1 - HTTP: Easy LAN Folder Share .reg FIle Parsing Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Easy LAN Folder Share. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Supported On:

References:

HTTP:RUBYONRAILS-JSONYAML-RCE1 - HTTP: Ruby on Rails JSON YAML Parsing Remote Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against applications developed using Ruby on Rails. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 32718
cve: CVE-2008-4841

HTTP:EK-ANGLER-JAVA1 - HTTP: Oracle Exploit Kit Angler Java1

Severity: MEDIUM

Description:

This signature detects to attempt a known vulnerability in Oracle Java. A successful attack can lead to remote code execution.

Supported On:

HTTP:MS-DOT-NET-XAML-RCE1 - HTTP: Microsoft .NET Framework XAML Browser Applications Stack Corruption1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework. It is due to memory corruption when handling method calls that take structures with misaligned fields as parameters. Remote attackers could exploit this vulnerability by either enticing target users to visit a malicious web page containing an XBAP (XAML browser application), or by uploading an ASP.NET application to a vulnerable server. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful exploit attempt may terminate the PresentationHost.exe .NET component.

Supported On:

HTTP:XAMPP-REQUEST-FORGERY1 - HTTP: XAMPP Request Forgery Attempt1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in XAMPP. An attacker can craft a url that when followed by a user can modify user accounts and administrator privileges. A remote attacker can exploit this vulnerability by enticing a user to follow crafted URI, upon successful exploitation the attacker can perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

Supported On:

HTTP:HP-PRINTER-INFO-DISCLOSUR1 - HTTP: HP LaserJet Pro Printers Remote Information Disclosure1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against HP LaserJet Pro Printers. A successful attack may lead to unauthorized information disclosure.

Supported On:

HTTP:GD-GRAPHICS-PNG1 - HTTP: GD Graphics Library PNG Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the GD Graphics Library. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

HTTP:WP-FGALLERY-MAL-FILE-HOST1 - HTTP: Wordpress FGallery Plugin Malicious File Hosting1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known flaw in Wordpress FGallery Plugin that allows any arbitrary file to be downloaded. A successful attack could result in download of malicious files on the client machine.

Supported On:

HTTP:ULTRAVNC-VNCLOG-BO1 - HTTP: UltraVNC VNCLog Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the UltraVNC server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

HTTP:WIRELURKER-SNUPLOAD1 - HTTP: WireLurker Serial Number Upload Detected1

Severity: MEDIUM

Description:

This signature detects attempts from WireLurker malware to upload the serial number of an infected client system.

Supported On:

HTTP:MANAGENGINE-INF-DISC1 - HTTP: ManageEngine Multiple Products FailOverHelperServlet copyfile Information Disclosure1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against ManageEngine OpManager, Applications Manager and IT360. A successful attack can lead to unauthorized information disclosure and loss of sensitive information.

Supported On:

References:

bugtraq: 46290

HTTP:FTP-ACTIVEX-CE1 - HTTP: Attachmate Reflection FTP Client ActiveX CE1

Severity: MEDIUM

Description:

This signature detects attempts to use unsafe ActiveX controls in FTP. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Supported On:

DNS:EXPLOIT:BIND-OPENPGPKEY-DOS - DNS: ISC BIND openpgpkey Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against ISC BIND. Attackers can send crafted malicious data to cause denial of service condition to the target service.

Supported On:

References:

url: https://kb.isc.org/article/aa-01291
cve: CVE-2015-5986
url: http://securitytracker.com/id?1033453

HTTP:STC:DL:APPLE-QT-JPEG-OF2 - HTTP: Apple QuickTime JPEG Atom Buffer Overflow 2

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Mov file format. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

HTTP:STC:DL:APPLE-QT-JPEG-OF3 - HTTP: Apple QuickTime JPEG Atom Buffer Overflow 3

Severity: MEDIUM

Description:

Supported On:

HTTP:STC:DL:PUB-PLC1 - HTTP: Microsoft Publisher PLC Objects Remote Code Execution 1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Publisher. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:PUB-PLC2 - HTTP: Microsoft Publisher PLC Objects Remote Code Execution 2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Publisher. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:PUB-PLC3 - HTTP: Microsoft Publisher PLC Objects Remote Code Execution 3

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Publisher. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:IMG:ANI-BLOCK-STR22 - HTTP: Invalid ANI Block Size Parameter in Stream (2)2

Severity: MEDIUM

Description:

This signature detects invalid animated icon (ANI) files that contain an incorrect block size parameter. Malicious Web sites can post icon files that, when viewed in Internet Explorer Web browser, crash the browser's system. In some cases, attackers might be able to execute arbitrary code.

Supported On:

HTTP:STC:IMG:ANI-BLOCK-STR23 - HTTP: Invalid ANI Block Size Parameter in Stream (2)3

Severity: MEDIUM

Description:

Supported On:

HTTP:STC:ADOBE:FLASHPLR-NUL-MC1 - HTTP: Adobe Flash Player null Reference Memory Corruption1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution. Failed exploit attempts could trigger a denial-of-service condition.

Supported On:

HTTP:STC:DL:PPT-FB1-ATOM-OF1 - HTTP: Microsoft PowerPoint 0xFB1 Parsing Buffer Overflow1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft PowerPoint. A successful attack can result in arbitrary code execution on the user's computer.

Supported On:

HTTP:STC:ADOBE:FLASHPLR-NUL-MC2 - HTTP: Adobe Flash Player null Reference Memory Corruption2

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:FLASHPLR-NUL-MC3 - HTTP: Adobe Flash Player null Reference Memory Corruption3

Severity: HIGH

Description:

Supported On:

HTTP:STC:DL:PPT-FB1-ATOM-OF2 - HTTP: Microsoft PowerPoint 0xFB1 Parsing Buffer Overflow2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft PowerPoint. A successful attack can result in arbitrary code execution on the user's computer.

Supported On:

HTTP:STC:DL:PPT-FB1-ATOM-OF3 - HTTP: Microsoft PowerPoint 0xFB1 Parsing Buffer Overflow3

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft PowerPoint. A successful attack can result in arbitrary code execution on the user's computer.

Supported On:

HTTP:STC:CHROME:RESPONSE-MC2 - HTTP: Google Chrome HTTP Response Handling Memory Corruption 2

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Google Chrome. A successful attack can lead to memory corruption and arbitrary code execution.

Supported On:

srx-branch-11.4, mx-11.4, mx-9.4, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, srx-10.0, srx-branch-10.0, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004, srx-11.4

HTTP:STC:CHROME:RESPONSE-MC3 - HTTP: Google Chrome HTTP Response Handling Memory Corruption 3

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Google Chrome. A successful attack can lead to memory corruption and arbitrary code execution.

Supported On:

HTTP:STC:DL:ONENOTE-INFO-DISC2 - HTTP: Microsoft Office OneNote 2010 Buffer Size Validation2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Office OneNote 2010. A successful attack can lead to unauthorized information disclosure.

Supported On:

HTTP:MISC:AVIRA-MGNT-HEADER-BOF - HTTP: Avira Management Console Server HTTP Header Processing Heap Buffer Overflow

Severity: HIGH

Description:

A heap buffer overflow vulnerability has been reported in Avira Management Console Server. The vulnerability exists in the way Update Manager Service handles overly long HTTP headers. A remote unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests to the server. Successful exploitation could lead to arbitrary code execution in the security context of System.

Supported On:

DNS:EXPLOIT:BIND-KEYPARSE-DOS - DNS: ISC BIND DNSSEC Key Parsing Buffer Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against ISC BIND. Attackers can send crafted malicious data to cause denial of service condition to the target service.

Supported On:

References:

url: http://securitytracker.com/id?1033452
cve: CVE-2015-5722

HTTP:PHP:YABBSE-PKG-EXEC1 - HTTP: YabbSE Packages.php Code Execution1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Packages.php in YabbSE. YabbSE 1.5.0 and earlier are vulnerable. Attackers can include remote malicious code in Packages.php that can allow them to execute arbitrary commands with Web server privileges.

Supported On:

HTTP:STC:IE:DHTML-HANDLER-RACE1 - HTTP: DHTML Object Handling Race Condition1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. Attackers can create a malicious HTML file that, when downloaded, exploits a race condition and might allow arbitrary code execution.

Supported On:

HTTP:STC:ACTIVEX:KVIEW-KCHARTX1 - HTTP: KingView KChartXY.ocx Unsafe ActiveX Control1

Severity: HIGH

Description:

This signature detects attempts to use unsafe ActiveX controls in the KingView. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the client application.

Supported On:

idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004

References:

cve: CVE-2013-6128

HTTP:STC:DL:ULTRAISO-CUE1 - HTTP: UltraISO Cue File Remote Code Execution1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against UltraISO. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:MS-IE-MHTMLFILE-DOS1 - HTTP: Microsoft IE MHTMLFile NULL Dereference1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft IE MHTMLFile. A successful attack can result in a denial-of-service condition.

Supported On:

idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, isg-3.4.0, isg-3.5.0, srx-9.2, srx-branch-9.4, j-series-9.5, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, srx-11.4, srx-branch-11.4, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004

References:

url: http://tools.ietf.org/html/rfc2246

HTTP:STC:DL:ONENOTE-INFO-DISC1 - HTTP: Microsoft Office OneNote 2010 Buffer Size Validation1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Office OneNote 2010. A successful attack can lead to unauthorized information disclosure.

Supported On:

HTTP:IIS:SHARE-ID1 - HTTP: Microsoft SharePoint Team Information Disclosure1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint Team Services. A successful attack can lead to arbitrary information disclosure.

Supported On:

HTTP:INFO-LEAK:WFCHAT1 - HTTP: WFChat Information Disclosure1

Severity: HIGH

Description:

This signature detects attempts to access the files "!pwds.txt" or "!nicks.txt" on a WF-Chat server. Because access to these files is not restricted, attackers can obtain usernames and their associated passwords for the chat.

Supported On:

HTTP:PHP:REDHAT-PIRANHA-PASSWD1 - HTTP: RedHat 6.2 Piranha passwd.php31

Severity: HIGH

Description:

This signature detects attempts to exploit the vulnerable passwd.php3 cgi-bin script in the Piranha virtual server package (RedHat Linux 6.2). Because the script does not validate input properly, attackers can authenticate to the Piranha package with the effective ID of the Web server and execute arbitrary commands.

Supported On:

References:

bugtraq: 48173
cve: CVE-2011-1266

HTTP:STC:ACTIVEX:MS-DEBUGDIAG1 - HTTP: Microsoft DebugDiag CrashHangExt.dll Unsafe ActiveX Control1

Severity: HIGH

Description:

This signature detects attempts to use an unsafe ActiveX control in Microsoft DebugDiag. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Supported On:

HTTP:STC:ACTIVEX:EASEWE-FTP1 - HTTP: Easewe FTP And EastFTP Unsafe ActiveX Control1

Severity: HIGH

Description:

This signature detects attempts to exploit multiple known vulnerabilities in Easewe FTP and EastFTP ActiveX Control. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Supported On:

HTTP:SQL:INJ:S9Y-SERENDIPITY1 - HTTP: S9Y Serendipity SQL injection1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against S9Y Serendipity. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Supported On:

HTTP:CGI:WEBSCADA1 - HTTP: Netbiter webSCADA1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Intellicom Netbiter webSCADA Products. An attacker can exploit these issues to upload and execute arbitrary script code on an affected computer with the privileges of the Web-server process, view arbitrary local files, or obtain sensitive data that can aid in further attacks.

Supported On:

HTTP:RESIN-INFO-DISCLOSURE1 - HTTP: Resin Application Server Source Code Disclosure1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Resin application server. This may allow a remote attacker to gain access to arbitrary JSP files.

Supported On:

HTTP:MISC:RAILS-ROUTING1 - HTTP: Rails Routing Vulnerability1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Rails v1.1.5 and earlier. A successful attack can result in a denial-of-service condition.

Supported On:

HTTP:EXT:SCR1 - HTTP: Dangerous Extension Download (SCR)1

Severity: HIGH

Description:

This signature detects files being downloaded with an SCR extension. SCR files are Windows Screen Saver executable files and are not normally transferred through HTTP. Several malware authors use files with SCR extensions to spread viruses.

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN1 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader 7.0 through 7.0.8. A successful attack can result in a denial-of-service condition or possible arbitrary code execution.

Supported On:

HTTP:XSS:AWAUCTIONSCRIPT-CMS1 - HTTP: AWAuctionScript CMS Cross Site Scripting1

Severity: HIGH

Description:

This signature detects attempts to exploit a known cross-site scripting vulnerability in AWAuctionScript CMS. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Supported On:

HTTP:PHP:PHPSECUREPAGE-RFI1 - HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion1

Severity: HIGH

Description:

This signature detects attempts to exploit a known remote file inclusion vulnerability in phpSecurePages. It is due to insufficient validation of user-supplied input. A remote attacker can exploit this by enticing a target to open a malicious URL link. A successful attack can result in arbitrary code execution and loss of sensitive information.

Supported On:

HTTP:STC:ACTIVEX:WEBVIEWER3D1 - HTTP: SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite1

Severity: HIGH

Description:

This signature detects attempts to use unsafe ActiveX controls in SAP GUI WebViewer3D. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to read and write arbitrary files on the victim's computer, allowing for arbitrary code execution or a denial of service condition.

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY1 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection1

Severity: HIGH

Description:

This signature detects attempts to exploit a known SQL injection vulnerability in the WordPress Ajax Category Dropdown Plugin. It is due to insufficient validation of a parameter sent to the dhat-ajax-cat-dropdown-request.php script. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Supported On:

HTTP:STC:DL:PPT-FB1-ATOM-OF - HTTP: Microsoft PowerPoint 0xFB1 Parsing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft PowerPoint. A successful attack can result in arbitrary code execution on the user's computer.

Supported On:

srx-branch-11.4, idp-4.1.110110719, idp-4.0.0, mx-11.4, isg-3.4.140032, idp-4.1.0, idp-4.2.0, idp-5.0.0, mx-9.4, idp-5.0.110130325, isg-3.1.135801, isg-3.4.0, isg-3.5.0, idp-4.0.110090831, srx-9.2, srx-branch-9.4, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, srx-10.0, srx-branch-10.0, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, isg-3.4.139899, isg-3.1.134269, vsrx-15.1, idp-4.1.110110609, isg-3.5.141414, idp-5.1.110150921, isg-3.5.141421, idp-5.1.110151004, srx-11.4

References:

cve: CVE-2010-2572
bugtraq: 44626

Affected Products:

Microsoft PowerPoint 2002 SP2
Microsoft PowerPoint 2003
Microsoft PowerPoint 2002 SP3
Microsoft PowerPoint 2002
Microsoft PowerPoint 2002 SP1
Microsoft PowerPoint 2003 SP1
Microsoft PowerPoint 2003 SP2
Microsoft PowerPoint 2003 SP3

HTTP:STC:DOTNET-BUFF-ALLOC1 - HTTP: .NET Framework Buffer Allocation Vulnerability1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against .NET runtime environment. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:MISC:GE-PULSENET-RCE - HTTP: GE MDS PulseNET Hidden Support Account Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against GE MDS. A successful exploit can lead to remote code execution.

Supported On:

References:

cve: CVE-2015-6456

HTTP:STC:SAFARI:X-MAN-PAGE-RCE1 - HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Mac OS X Safari. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:ACTIVEX:KVIEW-KCHARTXY - HTTP: KingView KChartXY.ocx Unsafe ActiveX Control

Severity: HIGH

Description:

Supported On:

References:

cve: CVE-2013-6128
bugtraq: 62419

Affected Products:

wellintech kingview up to 6.52

HTTP:STC:DL:XLS-SERIES1 - HTTP: Microsoft Excel Malformed Series Record Remote Code Execution1

Severity: HIGH

Description:

This signature detects attempts to exploit a known issue with Microsoft Excel. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:AUDIT:PDF-SCIIHEXDECODE - HTTP: Adobe PDF SCIIHexDecode Evasion Method Detection

Severity: INFO

Description:

This signature detects attempts to bypass security devices using the SCIIHexDecodemethod in a PDF document. Attackers can bypass security devices by using this method.

Supported On:

HTTP:ORACLE:COPYFILE-DIR-TRAV - HTTP: Oracle Endeca CopyFile Directory Traversal

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Oracle Endeca while sending a specially crafted request to the target web application service. Attackers can gain access to sensitive information and could launch further attacks.

Supported On:

References:

cve: CVE-2015-4745
url: http://www.zerodayinitiative.com/advisories/zdi-15-355/
cve: CVE-2015-2602
url: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
cve: CVE-2015-2604
url: http://www.zerodayinitiative.com/advisories/zdi-15-354/

HTTP:STC:DL:OPENOFFICE-CSV-DOS1 - HTTP: OpenOffice csv File Remote Denial of Service1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the OpenOffice csv File. A successful attack can result in a denial-of-service condition.

Supported On:

HTTP:STC:IMG:ANI-BLOCK-STR21 - HTTP: Invalid ANI Block Size Parameter in Stream (2)1

Severity: MEDIUM

Description:

Supported On:

HTTP:STC:ADOBE:PDF-COOLTYPE-RCE - HTTP: Adobe Reader CoolType.dll Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2011-2441
bugtraq: 49581

Affected Products:

Adobe Reader 8.2.6
Adobe Reader 8.3
Adobe Reader 9.4.5
Adobe Acrobat Professional 9.4.5
Adobe Acrobat 9.3.4
Adobe Reader 9.1.2
Adobe Acrobat Standard 9.1.2
Adobe Acrobat Professional 8.1.6
Adobe Acrobat Professional 9.1.2
Adobe Acrobat Standard 8.1.6
Adobe Reader 8.1.6
Adobe Acrobat Professional 9.2
Adobe Acrobat 9.3.4
Adobe Acrobat 10.0.1
Adobe Acrobat 9.4.2
Adobe Acrobat Professional 10.0.1
Adobe Acrobat Professional 9.4.2
Adobe Acrobat Standard 10.0.1
Adobe Acrobat Standard 9.4.2
Adobe Reader 10.0.1
Adobe Reader 9.4.2
Adobe Acrobat Professional 8.0
Adobe Acrobat Professional 8.2
Adobe Acrobat Standard 8.2
Adobe Acrobat Standard 9.3
Adobe Acrobat 9.3
Adobe Reader 9.3
Adobe Acrobat Professional 9.3
Adobe Reader 8.2
Adobe Acrobat Professional 8.1.3
SuSE SUSE Linux Enterprise Desktop 10 SP4
Adobe Reader 8.1.3
Adobe Reader 9
Adobe Acrobat Standard 9
Adobe Acrobat Standard 8.1.3
Adobe Acrobat Standard 9.2
Adobe Reader 8.0
Adobe Acrobat Professional 8.1.7
Adobe Acrobat Standard 8.0
Adobe Reader 8.1.7
Adobe Acrobat Standard 8.1.7
Adobe Acrobat 9.3.3
Adobe Acrobat Professional 9.1
Adobe Acrobat 9.4.1
Adobe Acrobat Professional 9.4.1
Adobe Acrobat Standard 9.4.1
Adobe Reader 9.4.1
Adobe Acrobat 8
Adobe Acrobat 8.0
Adobe Acrobat 9
Adobe Acrobat Standard 9.3.2
Adobe Acrobat Professional 9.3.2
Adobe Acrobat 9.3.2
Adobe Acrobat 8.2.2
Adobe Acrobat Professional 8.2.2
Adobe Acrobat Standard 8.2.2
Adobe Reader 8.2.2
Adobe Acrobat 8.2.4
Adobe Acrobat 8.2.5
Adobe Acrobat Professional 8.2.5
Adobe Acrobat Standard 8.2.5
Adobe Reader 8.2.5
Adobe Reader 9.4
Adobe Acrobat 9.1.1
Adobe Acrobat Standard 9.4
Adobe Acrobat Professional 9.4
Adobe Acrobat Standard 9.3.4
Adobe Acrobat Professional 9.3.4
Adobe Reader 9.3.4
Adobe Reader 8.2.4
Adobe Acrobat Standard 8.2.4
Adobe Acrobat Professional 8.2.4
Adobe Acrobat 9.4
Adobe Acrobat Standard 8.1.1
Adobe Acrobat 9.4.3
Adobe Reader 9.1
SuSE openSUSE 11.4
Adobe Acrobat Standard 9.1
Adobe Reader 9.3.3
Adobe Acrobat 9.3.3
Adobe Acrobat Professional 9.3.3
Adobe Acrobat Standard 9.3.3
Adobe Acrobat Professional 10.0
Adobe Reader 8
Adobe Reader 9.3.1
Adobe Reader 8.2.1
Adobe Acrobat Standard 8.2.1
Adobe Acrobat Professional 8.2.1
Adobe Acrobat Professional 9.3.1
Adobe Acrobat Standard 9.3.1
Adobe Acrobat Professional 9 Extended
Adobe Reader 8.1.5
Adobe Reader 9.1.1
SuSE SUSE Linux Enterprise Desktop 11 SP1
Adobe Reader 8.2.3
Adobe Acrobat 8.2.3
Adobe Reader 9.1.3
Adobe Acrobat Professional 9.1.3
Adobe Acrobat Standard 9.1.3
Gentoo Linux
Adobe Acrobat Professional 8.1.2
Adobe Acrobat 8.1.5
SuSE openSUSE 11.3
Adobe Reader 8.1.1
Adobe Acrobat Professional 8.1.1
Adobe Reader 8.1.2
Adobe Reader 9.2
Adobe Acrobat 10.0
Adobe Reader 8.1.2 Security Update 1
Adobe Acrobat Professional 8.1.2 Security Update 1
Adobe Acrobat Standard 9.3.4
Adobe Reader 9.3.4
Adobe Reader 8.1
Adobe Acrobat Professional 8.1
Adobe Acrobat Standard 8.1
Adobe Reader 8.1.4
Adobe Acrobat Professional 8.1.4
Adobe Acrobat Standard 8.1.4
Adobe Reader 9.3.2
Adobe Acrobat 10.0.3
Adobe Acrobat Professional 10.0.3
Adobe Acrobat Standard 10.0.3
Adobe Reader 10.0.3
Adobe Reader 9.4.3
Adobe Reader 9.4.4
Adobe Acrobat Standard 9.4.3
Adobe Acrobat Standard 9.4.4
Adobe Acrobat Professional 9.4.3
Adobe Acrobat Professional 9.4.4
Adobe Acrobat Standard 8.1.2
Adobe Acrobat 9.4.4
Adobe Acrobat Standard 10.0
Adobe Acrobat Professional 9
Adobe Acrobat Professional 8.3
Adobe Acrobat 9.3.1
Adobe Acrobat 10.0.2
Adobe Acrobat Professional 10.0.2
Adobe Acrobat Standard 10.0.2
Adobe Reader 10.0.2
Adobe Acrobat 9.2
Adobe Acrobat 10.1
Adobe Acrobat Professional 10.1
Adobe Acrobat Standard 10.1
Adobe Reader 10.1
Adobe Acrobat 8.2.6
Adobe Acrobat 8.3
Adobe Acrobat 9.4.5
Adobe Acrobat Professional 8.2.6
Adobe Reader 10.0
Adobe Reader 9
Adobe Acrobat Standard 8.2.6
Adobe Acrobat Standard 8.3
Adobe Acrobat Standard 9.4.5

HTTP:STC:SCRIPT:HEAPSPRAY - HTTP: Javascript Heap Spray Attempt Detection

Severity: HIGH

Description:

This signature detects attempts to trigger an exploit that leverages a precise Heap Spraying technique referred to as "js_property_spray". Such exploits are part of an attack that, if successful, could allow an attacker to execute arbitrary code on the targeted system.

Supported On:

HTTP:SQL:INJ:TOLINET-AGENCIA-I1 - HTTP: Tolinet Agencia id Parameter SQL Injection1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Tolinet Agencia. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Supported On:

SHELLCODE:X86:DWORD-ADITIVE-80C - SHELLCODE: X86 OS agnostic Dword Additive Feedback Decoder Routine Over HTTP-CTS

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been encoded using x86 dword additive feedback decoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

SHELLCODE:X86:XOR-DWORD-80C - SHELLCODE: X86 OS agnostic XOR Dword Decoder Routine Over HTTP-CTS

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been encoded using x86 XOR dword decoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

HTTP:STC:DL:SOPHOS-ZIPDOS1 - HTTP: Sophos Anti-Virus Zip File Handling Denial of Service1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Sophos Anti-Virus. A successful attack can result in a denial-of-service condition.

Supported On:

HTTP:STC:REPRISE-PARAM-PARSE-BO - HTTP: Reprise License Manager HTTP Parameter Parsing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Reprise License Manager. A successful exploit can lead to buffer overflow and arbitrary remote code execution within the context of the application.

Supported On:

HTTP:STC:IE:CVE-2015-2487-CE - HTTP: Microsoft Internet Explorer CVE-2015-2487 Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2015-2487

SHELLCODE:X86:REVERS-CONECT-80C - SHELLCODE: X86 Linux Reverse Connect Detection Over HTTP-CTS

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been using x86 linux reserve connect. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

SHELLCODE:X86:WIN32-ENUM-80C - SHELLCODE: X86 Microsoft Win32 Export Table Enumeration Variant Detection Over HTTP-CTS

Severity: CRITICAL

Description:

This signature detects payloads being transferred over network that have been using x86 Microsoft Win32 export table enumeration variant. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

HTTP:STC:CLSID:ACTIVEX:MACRO-A1 - HTTP: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Macrovision FLEXnet. An attacker can create a malicious Web site containing dangerous Active X calls, which if accessed by a victim, can allow the attacker to gain control of the victim's client browser.

Supported On:

HTTP:STC:DL:APPLE-QT-JPEG-OF1 - HTTP: Apple QuickTime JPEG Atom Buffer Overflow 1

Severity: MEDIUM

Description:

Supported On:

HTTP:STC:ADOBE:MEMDSC-2014-0552 - HTTP: Adobe Flash Player Memory Disclosure (CVE-2014-0552)

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability against Adobe Flash player. Successful exploitation could allow an attacker to read memory contents of a process address space.

Supported On:

References:

cve: CVE-2014-0552

HTTP:PHP:JOOMLA-COM-PHOCADL-LF1 - HTTP: Joomla com_phocadownload Component Local File Inclusion1

Severity: HIGH

Description:

This signature detects attempts to exploit a known local file inclusion vulnerability in Joomla. It is due to insufficient validation of user-supplied input in the com_phocadownload component. A remote attacker can exploit this by enticing a target to open a malicious URL link. A successful attack can result in arbitrary code execution and loss of sensitive information.

Supported On:

HTTP:XSS:PHPNUKE-BOOKMARKS1 - HTTP: PHP-Nuke Cross Site Script Attack via Bookmark1

Severity: HIGH

Description:

This signature detects a cross site script attack against PHPNuke. PHPNuke 5.0.2 and earlier versions are vulnerable. Attackers can exploit the bookmark module.

Supported On:

References:

url: http://www.metasploit.com/

HTTP:STC:CHROME:RESPONSE-MC1 - HTTP: Google Chrome HTTP Response Handling Memory Corruption 1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Google Chrome. A successful attack can lead to memory corruption and arbitrary code execution.

Supported On:

HTTP:STC:SCRIPT:STRFMCC-MUL-BAS - HTTP: Javascript Obfuscator

Severity: HIGH

Description:

This signature detects scripts obfuscated (made unclear) with JavaScript. This is a technique commonly used by malicious Web sites to hide the malicious nature of the Web pages being downloaded by a user. A successful attack allows the Web page creator to take control of the victim's system.

Supported On:

SHELLCODE:WIN:SHIKATAGANAI-HTTP - SHELLCODE: Shikata Ga Nai Encoder Routine Over HTTP (1)

Severity: CRITICAL

Description:

This signature detects payloads being transferred over HTTP protocol that have been encoded using Shikata Ga Nai encoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

HTTP:INFO-LEAK:WFCHAT2 - HTTP: WFChat Information Disclosure2

Severity: HIGH

Description:

Supported On:

HTTP:INFO-LEAK:WFCHAT3 - HTTP: WFChat Information Disclosure3

Severity: HIGH

Description:

Supported On:

HTTP:INFO-LEAK:WFCHAT4 - HTTP: WFChat Information Disclosure4

Severity: HIGH

Description:

Supported On:

HTTP:INFO-LEAK:WFCHAT5 - HTTP: WFChat Information Disclosure5

Severity: HIGH

Description:

Supported On:

HTTP:INFO-LEAK:WFCHAT6 - HTTP: WFChat Information Disclosure6

Severity: HIGH

Description:

Supported On:

HTTP:INFO-LEAK:WFCHAT7 - HTTP: WFChat Information Disclosure7

Severity: HIGH

Description:

Supported On:

HTTP:INFO-LEAK:WFCHAT8 - HTTP: WFChat Information Disclosure8

Severity: HIGH

Description:

Supported On:

HTTP:INFO-LEAK:WFCHAT9 - HTTP: WFChat Information Disclosure9

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:S9Y-SERENDIPITY2 - HTTP: S9Y Serendipity SQL injection2

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:S9Y-SERENDIPITY3 - HTTP: S9Y Serendipity SQL injection3

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:S9Y-SERENDIPITY4 - HTTP: S9Y Serendipity SQL injection4

Severity: HIGH

Description:

Supported On:

HTTP:STC:ACTIVEX:WEBVIEWER3D2 - HTTP: SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite2

Severity: HIGH

Description:

Supported On:

HTTP:STC:ACTIVEX:WEBVIEWER3D3 - HTTP: SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite3

Severity: HIGH

Description:

Supported On:

HTTP:STC:ACTIVEX:WEBVIEWER3D4 - HTTP: SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite4

Severity: HIGH

Description:

Supported On:

HTTP:STC:CLSID:ACTIVEX:MACRO-A2 - HTTP: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability2

Severity: HIGH

Description:

Supported On:

HTTP:STC:CLSID:ACTIVEX:MACRO-A3 - HTTP: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability3

Severity: HIGH

Description:

Supported On:

HTTP:STC:CLSID:ACTIVEX:MACRO-A4 - HTTP: Macrovision FLEXnet boisweb.dll ActiveX Control Buffer Overflow Vulnerability4

Severity: HIGH

Description:

Supported On:

HTTP:STC:DL:ULTRAISO-CUE2 - HTTP: UltraISO Cue File Remote Code Execution2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against UltraISO. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:ULTRAISO-CUE3 - HTTP: UltraISO Cue File Remote Code Execution3

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against UltraISO. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:ULTRAISO-CUE4 - HTTP: UltraISO Cue File Remote Code Execution4

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against UltraISO. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:IIS:SHARE-ID2 - HTTP: Microsoft SharePoint Team Information Disclosure2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint Team Services. A successful attack can lead to arbitrary information disclosure.

Supported On:

HTTP:IIS:SHARE-ID3 - HTTP: Microsoft SharePoint Team Information Disclosure3

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint Team Services. A successful attack can lead to arbitrary information disclosure.

Supported On:

HTTP:IIS:SHARE-ID4 - HTTP: Microsoft SharePoint Team Information Disclosure4

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft SharePoint Team Services. A successful attack can lead to arbitrary information disclosure.

Supported On:

HTTP:PHP:PHPSECUREPAGE-RFI2 - HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion2

Severity: HIGH

Description:

Supported On:

HTTP:PHP:PHPSECUREPAGE-RFI3 - HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion3

Severity: HIGH

Description:

Supported On:

HTTP:PHP:PHPSECUREPAGE-RFI4 - HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion4

Severity: HIGH

Description:

Supported On:

HTTP:PHP:PHPSECUREPAGE-RFI5 - HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion5

Severity: HIGH

Description:

Supported On:

HTTP:PHP:PHPSECUREPAGE-RFI6 - HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion6

Severity: HIGH

Description:

Supported On:

HTTP:PHP:PHPSECUREPAGE-RFI7 - HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion7

Severity: HIGH

Description:

Supported On:

HTTP:PHP:PHPSECUREPAGE-RFI8 - HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion8

Severity: HIGH

Description:

Supported On:

HTTP:PHP:PHPSECUREPAGE-RFI9 - HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion9

Severity: HIGH

Description:

Supported On:

HTTP:STC:ACTIVEX:EASEWE-FTP2 - HTTP: Easewe FTP And EastFTP Unsafe ActiveX Control1 1

Severity: HIGH

Description:

Supported On:

HTTP:STC:ACTIVEX:EASEWE-FTP3 - HTTP: Easewe FTP And EastFTP Unsafe ActiveX Control1 2

Severity: HIGH

Description:

Supported On:

HTTP:CGI:WEBSCADA2 - HTTP: Netbiter webSCADA2

Severity: HIGH

Description:

Supported On:

HTTP:CGI:WEBSCADA3 - HTTP: Netbiter webSCADA3

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:TOLINET-AGNCIA-I12 - HTTP: Tolinet Agencia id Parameter SQL Injection1 Description 2

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:TOLINET-AGNCIA-I11 - HTTP: Tolinet Agencia id Parameter SQL Injection1 Description 1

Severity: HIGH

Description:

Supported On:

HTTP:XSS:PHPNUKE-BOOKMARKS2 - HTTP: PHP-Nuke Cross Site Script Attack via Bookmark2

Severity: HIGH

Description:

This signature detects a cross site script attack against PHPNuke. PHPNuke 5.0.2 and earlier versions are vulnerable. Attackers can exploit the bookmark module.

Supported On:

HTTP:XSS:PHPNUKE-BOOKMARKS3 - HTTP: PHP-Nuke Cross Site Script Attack via Bookmark3

Severity: HIGH

Description:

This signature detects a cross site script attack against PHPNuke. PHPNuke 5.0.2 and earlier versions are vulnerable. Attackers can exploit the bookmark module.

Supported On:

HTTP:XSS:PHPNUKE-BOOKMARKS4 - HTTP: PHP-Nuke Cross Site Script Attack via Bookmark4

Severity: HIGH

Description:

This signature detects a cross site script attack against PHPNuke. PHPNuke 5.0.2 and earlier versions are vulnerable. Attackers can exploit the bookmark module.

Supported On:

HTTP:XSS:PHPNUKE-BOOKMARKS5 - HTTP: PHP-Nuke Cross Site Script Attack via Bookmark5

Severity: HIGH

Description:

This signature detects a cross site script attack against PHPNuke. PHPNuke 5.0.2 and earlier versions are vulnerable. Attackers can exploit the bookmark module.

Supported On:

HTTP:XSS:PHPNUKE-BOOKMARKS6 - HTTP: PHP-Nuke Cross Site Script Attack via Bookmark6

Severity: HIGH

Description:

This signature detects a cross site script attack against PHPNuke. PHPNuke 5.0.2 and earlier versions are vulnerable. Attackers can exploit the bookmark module.

Supported On:

HTTP:XSS:PHPNUKE-BOOKMARKS7 - HTTP: PHP-Nuke Cross Site Script Attack via Bookmark7

Severity: HIGH

Description:

This signature detects a cross site script attack against PHPNuke. PHPNuke 5.0.2 and earlier versions are vulnerable. Attackers can exploit the bookmark module.

Supported On:

HTTP:XSS:PHPNUKE-BOOKMARKS8 - HTTP: PHP-Nuke Cross Site Script Attack via Bookmark8

Severity: HIGH

Description:

This signature detects a cross site script attack against PHPNuke. PHPNuke 5.0.2 and earlier versions are vulnerable. Attackers can exploit the bookmark module.

Supported On:

HTTP:STC:DL:OPENOFFICE-CSV-DOS2 - HTTP: OpenOffice csv File Remote Denial of Service2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the OpenOffice csv File. A successful attack can result in a denial-of-service condition.

Supported On:

HTTP:STC:DL:OPENOFFICE-CSV-DOS3 - HTTP: OpenOffice csv File Remote Denial of Service3

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the OpenOffice csv File. A successful attack can result in a denial-of-service condition.

Supported On:

HTTP:STC:DL:OPENOFFICE-CSV-DOS4 - HTTP: OpenOffice csv File Remote Denial of Service4

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the OpenOffice csv File. A successful attack can result in a denial-of-service condition.

Supported On:

HTTP:MISC:RAILS-ROUTING2 - HTTP: Rails Routing Vulnerability2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Rails v1.1.5 and earlier. A successful attack can result in a denial-of-service condition.

Supported On:

HTTP:MISC:RAILS-ROUTING3 - HTTP: Rails Routing Vulnerability3

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Rails v1.1.5 and earlier. A successful attack can result in a denial-of-service condition.

Supported On:

HTTP:MISC:RAILS-ROUTING4 - HTTP: Rails Routing Vulnerability4

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Rails v1.1.5 and earlier. A successful attack can result in a denial-of-service condition.

Supported On:

HTTP:PHP:JOOMLA-COM-PHOCADL-LF2 - HTTP: Joomla com_phocadownload Component Local File Inclusion2

Severity: HIGH

Description:

Supported On:

HTTP:PHP:JOOMLA-COM-PHOCADL-LF3 - HTTP: Joomla com_phocadownload Component Local File Inclusion3

Severity: HIGH

Description:

Supported On:

HTTP:PHP:JOOMLA-COM-PHOCADL-LF4 - HTTP: Joomla com_phocadownload Component Local File Inclusion4

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY2 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 2

Severity: HIGH

Description:

Supported On:

HTTP:PHP:YABBSE-PKG-EXEC2 - HTTP: YabbSE Packages.php Code Execution2

Severity: HIGH

Description:

Supported On:

HTTP:PHP:YABBSE-PKG-EXEC3 - HTTP: YabbSE Packages.php Code Execution3

Severity: HIGH

Description:

Supported On:

HTTP:PHP:YABBSE-PKG-EXEC4 - HTTP: YabbSE Packages.php Code Execution4

Severity: HIGH

Description:

Supported On:

HTTP:PHP:YABBSE-PKG-EXEC5 - HTTP: YabbSE Packages.php Code Execution5

Severity: HIGH

Description:

Supported On:

HTTP:PHP:YABBSE-PKG-EXEC6 - HTTP: YabbSE Packages.php Code Execution6

Severity: HIGH

Description:

Supported On:

HTTP:PHP:YABBSE-PKG-EXEC7 - HTTP: YabbSE Packages.php Code Execution7

Severity: HIGH

Description:

Supported On:

HTTP:PHP:YABBSE-PKG-EXEC8 - HTTP: YabbSE Packages.php Code Execution8

Severity: HIGH

Description:

Supported On:

HTTP:PHP:YABBSE-PKG-EXEC9 - HTTP: YabbSE Packages.php Code Execution9

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY3 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 3

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY4 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 4

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY5 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 5

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY6 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 6

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY7 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 7

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY8 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 8

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY9 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 9

Severity: HIGH

Description:

Supported On:

HTTP:STC:SAFARI:X-MAN-PAGE-RCE2 - HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Mac OS X Safari. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:SAFARI:X-MAN-PAGE-RCE3 - HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 3

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Mac OS X Safari. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:SAFARI:X-MAN-PAGE-RCE4 - HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 4

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Mac OS X Safari. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:SAFARI:X-MAN-PAGE-RCE5 - HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 5

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Mac OS X Safari. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:SAFARI:X-MAN-PAGE-RCE6 - HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 6

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Mac OS X Safari. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:EXT:SCR2 - HTTP: Dangerous Extension Download (SCR)2

Severity: HIGH

Description:

Supported On:

HTTP:EXT:SCR3 - HTTP: Dangerous Extension Download (SCR)3

Severity: HIGH

Description:

Supported On:

HTTP:STC:SAFARI:X-MAN-PAGE-RCE7 - HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 7

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Mac OS X Safari. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:SAFARI:X-MAN-PAGE-RCE8 - HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 8

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Mac OS X Safari. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:SAFARI:X-MAN-PAGE-RCE9 - HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 9

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Mac OS X Safari. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:ACTIVEX:MS-DEBUGDIAG2 - HTTP: Microsoft DebugDiag CrashHangExt.dll Unsafe ActiveX Control2

Severity: HIGH

Description:

Supported On:

HTTP:STC:ACTIVEX:MS-DEBUGDIAG3 - HTTP: Microsoft DebugDiag CrashHangExt.dll Unsafe ActiveX Control3

Severity: HIGH

Description:

Supported On:

HTTP:STC:ACTIVEX:MS-DEBUGDIAG4 - HTTP: Microsoft DebugDiag CrashHangExt.dll Unsafe ActiveX Control4

Severity: HIGH

Description:

Supported On:

HTTP:XSS:AWAUCTIONSCRIPT-CMS2 - HTTP: AWAuctionScript CMS Cross Site Scripting2

Severity: HIGH

Description:

Supported On:

HTTP:XSS:AWAUCTIONSCRIPT-CMS3 - HTTP: AWAuctionScript CMS Cross Site Scripting3

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN2 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption2

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN3 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption3

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN4 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption4

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN5 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption5

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN6 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption6

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN7 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption7

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN8 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption8

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN9 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption9

Severity: HIGH

Description:

Supported On:

HTTP:STC:DL:XLS-SERIES2 - HTTP: Microsoft Excel Malformed Series Record Remote Code Execution2

Severity: HIGH

Description:

This signature detects attempts to exploit a known issue with Microsoft Excel. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:XLS-SERIES3 - HTTP: Microsoft Excel Malformed Series Record Remote Code Execution3

Severity: HIGH

Description:

This signature detects attempts to exploit a known issue with Microsoft Excel. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:XLS-SERIES4 - HTTP: Microsoft Excel Malformed Series Record Remote Code Execution4

Severity: HIGH

Description:

This signature detects attempts to exploit a known issue with Microsoft Excel. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:XLS-SERIES5 - HTTP: Microsoft Excel Malformed Series Record Remote Code Execution5

Severity: HIGH

Description:

This signature detects attempts to exploit a known issue with Microsoft Excel. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:XLS-SERIES6 - HTTP: Microsoft Excel Malformed Series Record Remote Code Execution6

Severity: HIGH

Description:

This signature detects attempts to exploit a known issue with Microsoft Excel. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:XLS-SERIES7 - HTTP: Microsoft Excel Malformed Series Record Remote Code Execution7

Severity: HIGH

Description:

This signature detects attempts to exploit a known issue with Microsoft Excel. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:XLS-SERIES8 - HTTP: Microsoft Excel Malformed Series Record Remote Code Execution8

Severity: HIGH

Description:

This signature detects attempts to exploit a known issue with Microsoft Excel. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:XLS-SERIES9 - HTTP: Microsoft Excel Malformed Series Record Remote Code Execution9

Severity: HIGH

Description:

This signature detects attempts to exploit a known issue with Microsoft Excel. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DOTNET-BUFF-ALLOC2 - HTTP: .NET Framework Buffer Allocation Vulnerability2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against .NET runtime environment. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DOTNET-BUFF-ALLOC3 - HTTP: .NET Framework Buffer Allocation Vulnerability3

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against .NET runtime environment. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DOTNET-BUFF-ALLOC4 - HTTP: .NET Framework Buffer Allocation Vulnerability4

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against .NET runtime environment. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DOTNET-BUFF-ALLOC5 - HTTP: .NET Framework Buffer Allocation Vulnerability5

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against .NET runtime environment. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DOTNET-BUFF-ALLOC6 - HTTP: .NET Framework Buffer Allocation Vulnerability6

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against .NET runtime environment. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DOTNET-BUFF-ALLOC7 - HTTP: .NET Framework Buffer Allocation Vulnerability7

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against .NET runtime environment. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DOTNET-BUFF-ALLOC8 - HTTP: .NET Framework Buffer Allocation Vulnerability8

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against .NET runtime environment. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DOTNET-BUFF-ALLOC9 - HTTP: .NET Framework Buffer Allocation Vulnerability9

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against .NET runtime environment. A successful attack can lead to arbitrary code execution.

Supported On:

SHELLCODE:X86:X86-NOOP1-CTS - SHELLCODE: x86 NOOP (1) Over TCP-CTS

Severity: CRITICAL

Description:

This signature detects payloads being transferred over HTTP protocol that have been encoded using x86/avoid_utf8_tolower encoder routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

SHELLCODE:X86:X86-NOOP1-STC - SHELLCODE: x86 NOOP (1) Over TCP-STC

Severity: CRITICAL

Description:

Supported On:

HTTP:STC:ACTIVEX:GOMPLAYER2 - HTTP: Gretech GOM Player Unsafe ActiveX Control 2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Gretech GOM Player ActiveX Control. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the browser user.

Supported On:

HTTP:STC:ACTIVEX:GOMPLAYER3 - HTTP: Gretech GOM Player Unsafe ActiveX Control 3

Severity: HIGH

Description:

Supported On:

HTTP:STC:ACTIVEX:GOMPLAYER4 - HTTP: Gretech GOM Player Unsafe ActiveX Control 4

Severity: HIGH

Description:

Supported On:

HTTP:STC:ACTIVEX:GOMPLAYER5 - HTTP: Gretech GOM Player Unsafe ActiveX Control 5

Severity: HIGH

Description:

Supported On:

HTTP:STC:ACTIVEX:GOMPLAYER6 - HTTP: Gretech GOM Player Unsafe ActiveX Control 6

Severity: HIGH

Description:

Supported On:

HTTP:STC:ACTIVEX:GOMPLAYER7 - HTTP: Gretech GOM Player Unsafe ActiveX Control 7

Severity: HIGH

Description:

Supported On:

HTTP:STC:ACTIVEX:GOMPLAYER8 - HTTP: Gretech GOM Player Unsafe ActiveX Control 8

Severity: HIGH

Description:

Supported On:

HTTP:STC:ACTIVEX:GOMPLAYER9 - HTTP: Gretech GOM Player Unsafe ActiveX Control 9

Severity: HIGH

Description:

Supported On:

HTTP:STC:DIRECT-AVI-WAV-PARSE-1 - HTTP: Microsoft DirectX WAV and AVI File Parsing Code Execution (1)

Severity: HIGH

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft DirectX application framework. It is due to the way certain DirectX libraries handle specially crafted WAV and AVI files. A remote attacker can exploit this by persuading a user to open a specially crafted WAV or AVI file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user. In a successful code injection attack, the behavior of the target host is entirely dependent on the intended function of the injected code and execute within the security context of the current user. In an unsuccessful attack, the application utilizing the vulnerable DirectX library terminates.

Supported On:

SHELLCODE:X86:ALPHA-GETEIP-80S1 - SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-1

Severity: HIGH

Description:

This signature detects payloads being transferred over network that have been using x86 Alpha2 GetEIPs Encoder Routine. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.

Supported On:

SHELLCODE:X86:ALPHA-GETEIP-80S2 - SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-2

Severity: HIGH

Description:

Supported On:

SHELLCODE:X86:ALPHA-GETEIP-80S3 - SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-3

Severity: HIGH

Description:

Supported On:

SHELLCODE:X86:ALPHA-GETEIP-80S4 - SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-4

Severity: HIGH

Description:

Supported On:

SHELLCODE:X86:ALPHA-GETEIP-80S5 - SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-5

Severity: HIGH

Description:

Supported On:

SHELLCODE:X86:ALPHA-GETEIP-80S6 - SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-6

Severity: HIGH

Description:

Supported On:

SHELLCODE:X86:ALPHA-GETEIP-80S7 - SHELLCODE: X86 Alpha2 GetEIPs Encoder Routine Over HTTP-STC-7

Severity: HIGH

Description:

Supported On:

HTTP:DIR:MANAGEENGINE-DIR-TRA - HTTP: ManageEngine ServiceDesk File Upload Directory Traversal

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in ManageEngine ServiceDesk. A successful attack can result in directory traversal attacks.

Supported On:

HTTP:XSS:OPENFIRE-USER-CREATE - HTTP: Ignite Realtime Openfire user-create.jsp Cross-Site Request Forgery

Severity: HIGH

Description:

A cross-site request forgery vulnerability has been reported in Openfire's user-create.jsp script. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user with administrator privileges to visit a page which sends a request to user-create.jsp. Successful exploitation can result in adding arbitrary users.

Supported On:

References:

cve: CVE-2015-6973

APP:IBM:TIV-OP1331-CMDINJ - APP: IBM Tivoli Storage Manager FastBack Opcode 1331 Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against IBM Tivoli Storage Manager. A successful attack can lead to arbitrary command execution.

Supported On:

References:

cve: CVE-2015-1938
url: http://www-01.ibm.com/support/docview.wss?uid=swg21959398
cve: CVE-2015-1923
url: http://www.zerodayinitiative.com/advisories/zdi-15-264/

LDAP:BERGET-NXT-DOS - LDAP: OpenLDAP ber_get_next Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OpenLDAP. Attackers can send crafted malicious data to cause denial of service condition to the target service.

Supported On:

References:

HTTP:WINAMP-WLZ-BO1 - HTTP: Winamp wlz File Parsing Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Winamp. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Supported On:

HTTP:INTELLITAMPER-DEFER-BO1 - HTTP: IntelliTamper defer Attribute Buffer Overflow Vulnerability1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the IntelliTamper application. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Supported On:

HTTP:MICROSOFT-WORKS-WKSSS-BO1 - HTTP: Microsoft Works wksss Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft Works. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Supported On:

HTTP:ACMS-ASSETS-INFODISC1 - HTTP: aCMS Assets Page Information Disclosure1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known issue in aCMS. A successful exploit could allow the attacker to get access to sensitive information.

Supported On:

HTTP:FOXIT-PNG-PDF-BO11 - HTTP: Foxit Multiple Products PNG To PDF Conversion Heap Buffer Overflow1

Severity: MEDIUM

Description:

A heap buffer overflow vulnerability exists in Foxit Reader. Successful exploitation would result in execution of arbitrary code in the security context of the target user.

Supported On:

HTTP:SYMANTEC-EP-POLICY-BYPAS1 - HTTP: Symantec Endpoint Protection Console Servlet Policy Bypass1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Symantec Endpoint Protection. A successful exploit can lead to policy bypass.

Supported On:

HTTP:SOLARWINDS-POLICYBYPASS1 - HTTP: SolarWinds Firewall Security Manager userlogin.jsp Policy Bypass1

Severity: MEDIUM

Description:

A policy bypass vulnerability exists in SolarWinds Log and Event Manager. A successful attack could lead to a policy bypass condition on the server.

Supported On:

References:

cve: CVE-2015-2446

HTTP:ADOBE-INDESIGN-SOAP-RCE1 - HTTP: Adobe IndesignServer SOAP Server Arbitrary Script Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe IndesignServer. A successful attack can lead to arbitrary script code execution.

Supported On:

HTTP:MAMBO-MYSQL-INF-DISCLOSUR1 - HTTP: Mambo MySQL Database Info Disclosure1

Severity: MEDIUM

Description:

Mambo CMS is prone to a password disclosure vulnerability. Local attackers can exploit this issue to disclose sensitive information.

Supported On:

HTTP:MS-WINDOWS-HYPERLINK-BO1 - HTTP: Microsoft Windows Hyperlink Buffer Overflow1

Severity: MEDIUM

Description:

A buffer overflow exists in the Microsoft Windows system library used to handle hyperlink objects. An unchecked buffer in the Microsoft Object Library is vulnerable to attack when malformed hyperlinks are processed when a user clicks on a hyperlink in a browser or in HTML-rendered email. An attacker who successfully exploits this vulnerability can execute code with the privileges of the currently logged in user. In a simple attack case, the attacker can terminate the application that is using the ActiveX hyperlink library. In a sophisticated attack, he can inject arbitrary code into the target. The behaviour of the target is dependent on the nature of the malicious code. The exploit executes with the privileges of the currently logged in user. If this account has elevated privileges, an attacker may take control of the target system.

Supported On:

HTTP:WIRELURKER-VRUPDATE1 - HTTP: WireLurker Version Update Detected1

Severity: MEDIUM

Description:

This signature detects attempts from WireLurker malware to update itself from an infected client system.

Supported On:

HTTP:OFFICESCAN-CGIRECVFILE1 - HTTP: Trend Micro OfficeScan Server cgiRecvFile Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in Trend Micro's OfficeScan. It is due to a boundary error when handling HTTP requests. An unauthenticated remote attacker can leverage this to inject and execute arbitrary code with System level privileges on the target system. In a successful code injection and execution attack, the behavior of the target is entirely dependent on the intended function of the injected code. In an unsuccessful attack, the CGI process initiated for the session terminates abnormally.

Supported On:

HTTP:SUN-DIGEST-OF1 - HTTP: Sun Java Web Digest Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Sun Java System Web Server. A successful attack can lead to arbitrary remote code execution within the context of the server.

Supported On:

HTTP:KASPERSKY-URI-PARSING-DOS1 - HTTP: Kaspersky Products URI Parsing Denial of Service1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Kaspersky Products. A successful attack can result in a denial-of-service condition.

Supported On:

HTTP:REALTEK-MEDIAPLAYER-PLA-B1 - HTTP: Realtek Media Player pla File Parsing Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Realtek Media Player. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Supported On:

HTTP:IESHIMS-DLL-HIJACK1 - HTTP: Microsoft Internet Explorer IESHIMS.DLL Insecure Library Loading1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known remote code execution vulnerability in Microsoft Internet Explorer. It is due to a design weakness in loading Dynamically Linked Libraries. Remote attackers can exploit this by enticing target users to download a malicious "IESHIMS.DLL" file. A successful attack can result in loading the attacker-controlled library and execution of arbitrary code with the privileges of the logged-in user. If a user is logged-on with administrative user rights, an attacker can take complete control of the affected system.

Supported On:

HTTP:MANAGENGINE-APP1 - HTTP: ManageEngine Applications Manager SQL Injection1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in ManageEngine. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Supported On:

HTTP:MONGOOSE-HTTPD-URI-OF1 - HTTP: Mongoose HTTP Server URI Handling Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known flaw in SHTTPD (now known as Mongoose HTTPD). A successful exploit results in arbitrary code execution.

Supported On:

References:

bugtraq: 44638
cve: CVE-2010-4091

HTTP:HP-INSIGHT-DIAGNOSTICS-LF1 - HTTP: HP Insight Diagnostics CVE-2013-3575 Local File Inclusion1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known local file inclusion vulnerability in HP Insight Diagnostics. It is due to insufficient validation of user-supplied input. A successful attack can result in loss of sensitive information.

Supported On:

HTTP:DLL-REQ-VIA-WEBDAV1 - HTTP: DLL File Download via WebDAV1

Severity: MEDIUM

Description:

This signature detects Microsoft Windows Dynamically Link Libraries (DLL's) transferred via WebDAV. Vulnerabilities in Microsoft Windows allow an attacker to reference a malicious remote DLL file through a Web page, which when the page is accessed, overwrites a local DLL, resulting in arbitrary code execution.

Supported On:

HTTP:PFSENSE-ZONE-CSS1 - HTTP: pfSense WebGUI Zone Parameter Cross-Site Scripting1

Severity: MEDIUM

Description:

A cross-site scripting vulnerability has been reported in pfSense. The vulnerability is due to services_captiveportal_zones.php not validating the zone parameter when the act parameter is set to del. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted link. Successful exploitation will result in the attacker-controlled script code being executed in the target user's browser in the context of the affected site.

Supported On:

HTTP:FIREFLY-MEDIA-SERVER-DOS1 - HTTP: Firefly Media Server Denial Of Service1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Firefly Media Server. A successful attack can result in a denial-of-service condition.

Supported On:

HTTP:NOVELL-NETIQ-MOD-POLBYPAS1 - HTTP: Novell NetIQ Privileged User Manager modifyAccounts Policy Bypass1

Severity: MEDIUM

Description:

This signature detects a known policy bypass vulnerability in the Novell NetIQ Privileged User Manager. It is due to an access control weakness when handling a modifyAccounts request. A remote, unauthenticated attacker can exploit this vulnerability by sending a malicious request to a vulnerable server. Successful exploitation could result in code execution under the context of SYSTEM.

Supported On:

HTTP:JAVA-UPDATE-RCE1 - HTTP: Oracle Java Software Update Weakness1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Oracle Java. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2015-2443

HTTP:MS-IE-MEMORY-CORRUPTION1 - HTTP: Microsoft Internet Explorer CVE-2014-2782 Use After Free1

Severity: MEDIUM

Description:

Microsoft Internet Explorer has been reported with memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

Supported On:

HTTP:INTEGARD-PASSWORD-BOF1 - HTTP: Integard Web Interface Password Parameter Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Integard web interface. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the SYSTEM user, possibly leading to a complete compromise of the targeted server.

Supported On:

HTTP:FORTINET-HELLO-MSG-DOS1 - HTTP: Fortinet Single Sign On Hello Message Denial Of Service1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Fortinet. A successful exploit can lead to denial of service in the context of the application.

Supported On:

HTTP:NGINX-RQST-URI-SECBYPASS1 - HTTP: Nginx Request URI Verification Security Bypass1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Nginx. The vulnerability is caused by improper handling of unescaped space characters within URIs. A successful attack could bypass security restrictions in certain configurations.

Supported On:

HTTP:JABBER-SERVER-BYPASS1 - HTTP: Jive Software Openfire Jabber Server Authentication Bypass1

Severity: MEDIUM

Description:

An authentication bypass vulnerability exists in Openfire Server product by Jive Software. The vulnerability is due to an insecure design in the Tomcat filter where all functions in the admin web-interface are not protected from unauthorized access. Remote attackers could exploit this vulnerability to access functions in the admin web-interface without supplying valid credentials. A successful attack attempt will bypass the server authentication and the attacker can have full access to all functions in the admin webinterface without providing any user credentials. Thus the attacker can gain full control of the Openfire Jabber server and cause disclosure of sensitive information.

Supported On:

References:

cve: CVE-2004-1908
url: http://www.kb.cert.org/vuls/id/312510
bugtraq: 10392
url: http://theinsider.deep-ice.com/texts/advisory54.txt
cve: CVE-2004-0487

HTTP:SAP-MGT-CON-OSEXEC1 - HTTP: SAP Management Console SOAP Interface Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against SAP Management Console SOAP Interface. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:ADOBE-ROBOHELP-FILE-UPLOA1 - HTTP: Adobe RoboHelp Server Arbitrary File Upload and Execute1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe RoboHelp. It is due to insufficient validation of POST requests sent to the management web server. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:SPRING-XMLENTITY-INFODISC1 - HTTP: SpringSource Spring Framework XML External Entity Parsing Information Disclosure1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a know vulnerability against SpringSource Spring Framework. The vulnerability is due to incorrectly configured XML parsing which accepts XML external entities from untrusted sources. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the target server. Successful exploitation would result in the disclosure of information from arbitrary files available to the security context of the server application.

Supported On:

HTTP:WIRESHARK-MPEG-BOF11 - HTTP: Wireshark MPEG Dissector Stack Buffer Overflow11

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Wireshark. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Supported On:

HTTP:W3C-AMAYA-BOF1 - HTTP: W3C Amaya Stack Based Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against W3C Amaya. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

HTTP:XML-EXTERNAL-ENTITY-INJ1 - HTTP:Multiple Product XML External Entity Injection1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability through External Entity Injection in variuos products. A successful attack can lead to unauthorized information disclosure, denial of service, request forgery and security policies bypass.

Supported On:

HTTP:UNUSUAL-REFERER1 - HTTP: Unusual Value In HTTP Referer Header1

Severity: MEDIUM

Description:

This signature detects unusual values for the "Referer" field in an HTTP request. Some malware will hard-code illegal or unusual values in their requests to Command & Control servers, while others will use such headers in their HTTP DDoS requests to victims. The source IP may be infected with a bot and should be investigated.

Supported On:

HTTP:C99-SHELL-BACKDOOR1 - TROJAN: C99 Backdoor Actiivity1

Severity: MEDIUM

Description:

This signature detects access to the backdoor placed in the C99 PHP shell. It was found that the C99 PHP Shell that is used to backdoor web servers, has a backdoor itself. This signature indicates that someone is logging into a C99 shell using the backdoor.

Supported On:

HTTP:GOOGLE-SKETCHUP-BMP-BO1 - HTTP: Google SketchUp BMP File Buffer Overflow (CVE-2013-3664)1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Trimble Navigation (formerly Google) SketchUp. A successful attack may lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

HTTP:TRENDMICRO-CTRLMGR-SQLINJ1 - HTTP: Trend Micro Control Manager ad hoc query Module SQL Injection1

Severity: MEDIUM

Description:

This signature detects attempts to exploit known vulnerability against Trend Micro Control Manager. An attacker can exploit this vulnerability to submit crafted SQL queries to the underlying database.

Supported On:

HTTP:ORACLE-ID-MANAGER-REDIREC1 - HTTP: Oracle Identity Manager backUrl Parameter Open Redirect1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle Identity Manager WebUI. It is due to insufficient validation of user-supplied input. A successful exploit may aid in phishing attacks, other attacks are possible.

Supported On:

References:

bugtraq: 68599
cve: CVE-2014-4262

HTTP:FOXIT-FF-URL-STG-BO1 - HTTP: Foxit Reader Plugin for Firefox URL String Stack Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known flaw in Foxit Reader Plugin for Firefox. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Supported On:

HTTP:SUN-GLASSFISH-AUTH-BP1 - HTTP: Sun Goldfish AUthentication Bypass1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Sun Goldfish. A successful exploit can lead to Authentication Bypass.

Supported On:

HTTP:EMC-DPA-EJBSERVLET-RCE1 - HTTP: EMC Data Protection Advisor Illuminator EJBInvokerServlet Remote Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against EMC Data Protection Advisor. A successful attack can lead to arbitrary code execution with SYSTEM privileges.

Supported On:

HTTP:HP-SITESCOPE-INF-DISC1 - HTTP: HP SiteScope Log Analyzer Information Disclosure1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in HP SiteScope. Successful exploitation would allow the authenticated attacker to gain administrator role privileges.

Supported On:

HTTP:JAVA-EXPRESS-HTML-INJ1 - HTTP: Sun Java System Communications Express HTML Injection1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Sun Java System Communications Express. Attackers can create malicious Web pages containing dangerous web script or HTML, which if accessed by a victim, can allow the attacker to gain control of the victim's client browser.

Supported On:

HTTP:VMWARE-VSPHERE-DOS1 - HTTP: Vmware Vsphere Host Daemon Denial Of Service1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Vmware Vsphere host daemon. A successful attack can result in a denial-of-service condition.

Supported On:

HTTP:MULTIPLE-WEBSER-INFO-LEAK1 - HTTP: Multiple Werserver Unauthorized Access Attempt1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Multiple Werserver. A successful attack can allow attackers to gain administrative privileges.

Supported On:

References:

bugtraq: 36622
cve: CVE-2009-1547

HTTP:AVIRA-SECURE-BCKUP-REG-BO1 - HTTP: Avira Secure Backup Registry Value Parsing Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Avira Secure Backup. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Supported On: