Update Details

Update #3038 (02/20/2018)

11 new signatures:

HIGH	HTTP:STC:ADOBE:CVE-2018-4902RCE	HTTP: Acrobat Reader CVE-018-4902 Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2018-4895RCE	HTTP: Adobe Acrobat and Reader CVE-2018-4895 Remote Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2018-4884RCE	HTTP: Adobe Reader CVE-2018-4884 Remote Code Execution
MEDIUM	HTTP:STC:MS-EOT-INFO-DIS	HTTP: Microsoft Windows EOT Component Info Disclosure
HIGH	HTTP:STC:ADOBE:CVE-2018-4878UAF	HTTP: Adobe Flash Player CVE-2018-4878 Use After Free
HIGH	HTTP:WORDPRESS-LS-DOS	HTTP: WordPress load-scripts.php Denial Of Service
MEDIUM	SSH:OPENSSH:SFTP-DOS	SSH: OpenSSH SFTP Server Denial of Service
HIGH	SSL:CISCO-ASA-WEBVPN-CE	SSL: Cisco Adaptive Security Appliance Webvpn XML Parser Double Free
HIGH	HTTP:STC:ADOBE:CVE-2018-4890CE	HTTP: Adobe Reader CVE-2018-4890 Arbitrary Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2018-4886RCE	HTTP: Adobe Reader CVE-2018-4886 Remote Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2018-4879-CE	HTTP: Adobe Reader CVE-2018-4879 Arbitrary Code Execution

342 updated signatures:

HIGH	HTTP:PROXY:SQUID-PROXY-ESI-DOS	HTTP: Squid Proxy ESI Response Processing Denial of Service
HIGH	HTTP:MISC:HP-OPENVIEW-CE	HTTP: HP OpenView Network Node Manager Arbitrary Code Execution
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI5	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion5
MEDIUM	HTTP:STC:STREAM:WINAMP-META-OF	HTTP: Nullsoft Winamp Ultravox Streaming Metadata Parsing Overflow
HIGH	HTTP:PHP:WP-MRKPLC-UPLOADIFY	HTTP: WP Marketplace Plugin uploadify.php Arbitrary File Upload
HIGH	HTTP:PHP:WP-DOUPLOAD-FU	HTTP: WordPress Member Conversation Plugin doupload.php Arbitrary File Upload
HIGH	HTTP:STC:STREAM:QT-MPEG-PAD	HTTP: Apple QuickTime MPEG Stream Padding Buffer Overflow
MEDIUM	HTTP:IIS:WEBDAV:XML-HANDLER-DOS	HTTP: Microsoft WebDAV XML Message Handler Denial of Service
HIGH	HTTP:LEXMARK-LIB-FILE-DIR-TRAV	HTTP: Lexmark Markvision LibraryFileUploadServlet Directory Traversal
CRITICAL	APP:HP-PROCURVE-FILE-UPLOAD	APP: HP ProCurve Manager SNAC UpdateCertificatesServlet Code Execution (HTTP)
MEDIUM	HTTP:ADOBE-ROBOHELP-FILE-UPLOA2	HTTP: Adobe RoboHelp Server Arbitrary File Upload and Execute2
HIGH	HTTP:PHP:YABBSE-PKG-EXEC10	HTTP: YabbSE Packages.php Code Execution10
HIGH	HTTP:NOVELL-NETIQ-MOD-POLBYPAS	HTTP: Novell NetIQ Privileged User Manager modifyAccounts Policy Bypass
CRITICAL	APP:HP-PROCRVE-SNAC-FILE-UPLD	APP: HP ProCurve Manager SNAC UpdateDomainControllerServlet Code Execution
HIGH	HTTP:MISC:MS-USERS-PWD-INFO-DI1	HTTP: Microsoft FrontPage Extensions File Information Disclosure1
HIGH	HTTP:INFO-LEAK:WFCHAT10	HTTP: WFChat Information Disclosure10
MEDIUM	HTTP:NGINX-RQST-URI-SECBYPASS3	HTTP: Nginx Request URI Verification Security Bypass3
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-CE10	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 10
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI10	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion10
HIGH	HTTP:STC:DL:XLS-SERIES10	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution10
HIGH	HTTP:STC:ADOBE:READER-PLUGIN10	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption10
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY10	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 10
HIGH	HTTP:STC:CHROME:TABLE-CSS-MC2	HTTP: Google Chrome Table Webkit Appearance CSS Property Memory Corruption2
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY11	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 11
HIGH	APP:MCAFEE-WR-JBOSS-RCE	APP: McAfee Web Reporter JBoss EJBInvokerServlet Marshalled Object Remote Code Execution
HIGH	HTTP:STC:DL:GIMP-XWD-BO1	HTTP: GIMP XWD File Handling Stack Buffer Overflow1
HIGH	HTTP:STC:DL:GIMP-XWD-BO2	HTTP: GIMP XWD File Handling Stack Buffer Overflow2
HIGH	APP:AVAYA-CCRWEBCLIENT-RCE	APP: Avaya IP Office Customer Call Reporter ImageUpload.ashx Remote Code Execution
HIGH	HTTP:HP-SITESCOPE-INF-DISC	HTTP: HP SiteScope Log Analyzer Information Disclosure
HIGH	APP:HP-PM-EXP-DATA-LOGS	APP: HP Power Manager formExportDataLogs Buffer Overflow
HIGH	APP:VMWARE-ISAPI-DOS	APP: VMware Server ISAPI Extension Remote Denial Of Service
CRITICAL	HTTP:APACHE:MOD-ISAPI-RCE	HTTP: Apache HTTP Server mod_isapi Dangling Pointer Remote Code Execution
HIGH	HTTP:NOVELL-NETIQ-EVAL-POLBYPAS	HTTP: Novell NetIQ Privileged User Manager Eval Policy Bypass
HIGH	HTTP:STC:ADOBE:READER-PLUGIN3	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption3
HIGH	APP:MISC:HP-SITESCOPE-CE	APP: HP SiteScope issueSiebelCmd SOAP Request Handling
MEDIUM	HTTP:STC:DL:ARJ-BO1	HTTP: NOD32 AntiVirus ARJ Archive Handling Buffer Overflow1
MEDIUM	APP:MISC:HP-SSC-APIMONITORIMPL	APP: HP SiteScope SOAP Call APIMonitorImpl Security Bypass
HIGH	HTTP:STC:ADOBE:READER-PLUGIN6	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption6
HIGH	HTTP:CGI:OFFICESCAN-CGI-BO	HTTP: Trend Micro OfficeScan Multiple CGI Modules HTTP Form Processing Buffer Overflow
HIGH	HTTP:INFO-LEAK:WFCHAT1	HTTP: WFChat Information Disclosure1
MEDIUM	HTTP:DIR:APJS-PORTAL-DIRTRAV	HTTP: Apache Jetspeed Portal Site Manager ZIP File Upload Directory Traversal
HIGH	APP:REAL:RAM-FILE-OF	APP: RealMedia RAM File Processing Buffer Overflow
HIGH	HTTP:CA-XOSOFT-XOSOAP	HTTP: Computer Associates XOsoft xosoapapi.asmx Buffer Overflow
HIGH	HTTP:STC:IE:CSRSS-HE-MSG	HTTP: Microsoft Windows CSRSS HardError Message Box Vulnerability
MEDIUM	APP:HP-DATA-PROTECTOR-GET-SQL	APP: HP Data Protector Multiple Products GetPolicies SQL Injection
MEDIUM	APP:HP-DATA-PROTECTOR-REQ-SQL	APP: HP Data Protector Multiple Products RequestCopy SQL Injection
MEDIUM	APP:HP-DATA-PROTECTOR-FIN-SQL	APP: HP Data Protector Multiple Products FinishedCopy SQL Injection
HIGH	HTTP:STC:SWF:SWAVE-TSAC-CHUNK	HTTP: Adobe Shockwave tSAC Chunk Invalid Seek Memory Corruption
HIGH	APP:CITRIX:XENAPP-XML-RCE	APP: Citrix XenApp and XenDesktop XML Service Interface Remote Code Execution
HIGH	APP:MCAFEE-EPOLICY-XML	APP: McAfee ePolicy Orchestrator XML External Entity Injection
INFO	HTTP:AUDIT:PDF-SCIIHEXDECODE	HTTP: Adobe PDF SCIIHexDecode Evasion Method Detection
CRITICAL	HTTP:IIS:SHAREPOINT-CONVERT	HTTP: Microsoft Sharepoint Document Conversion Remote Code Execution
HIGH	HTTP:STC:IMG:XP-MAL-TIFF	HTTP: Microsoft Office XP Malicious TIFF
MEDIUM	HTTP:MICROSOFT-WORKS-WKSSS-BO1	HTTP: Microsoft Works wksss Buffer Overflow1
HIGH	HTTP:XSS:FRONTPAGE-EXT	HTTP: FrontPage Server Extensions XSS
MEDIUM	HTTP:SPRING-XMLENTITY-INFODISC1	HTTP: SpringSource Spring Framework XML External Entity Parsing Information Disclosure1
HIGH	HTTP:STC:IE:UNICODE-EVSN-UTF-1	HTTP: Unicode Evasion Detected 1
HIGH	HTTP:DIR:ORACLE-INFO-DISCOVERY	HTTP: Oracle Endeca Information Discovery Integrator ETL Server RenameFile Directory Traversal
HIGH	APP:NOVELL:IMANAGER-FILE-UPLOAD	APP: Novell iManager getMultiPartParameters Unauthorized File Upload
HIGH	APP:ZLIB-COMPRES-LIB-DOS-2	APP: Zlib Compression Library Denial Of Service (2)
HIGH	HTTP:HPE-ACCESS-DESERIALIZATION	HTTP: HPE Intelligent Management Center accessMgrServlet Insecure Deserialization
MEDIUM	HTTP:ORACLE:EVNTPRO-DIR-TRAV	HTTP:Oracle Event Processing FileUploadServlet Directory Traversal
HIGH	HTTP:STC:DL:WNDPROC-INFO-DISC1	HTTP: Microsoft wndproc Credentials Disclosure1
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC1	HTTP: .NET Framework Buffer Allocation Vulnerability1
HIGH	HTTP:MS-MDAC-RCE1	HTTP: Microsoft MDAC Components Remote Code Execution1
HIGH	HTTP:INFO-LEAK:MS-VISIO-XML1	HTTP: Microsoft Visio Crafted XML File Information Disclosure1
HIGH	HTTP:STC:MS-OFFICE-WRITEAV-RCE1	HTTP: Microsoft Office OneNote File Processing Remote Code Execution1
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE1	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 1
HIGH	HTTP:INFO-LEAK:DOT-NET-CODE1	HTTP: Microsoft .NET Framework Code Access Security Info Disclosure Vulnerability1
HIGH	HTTP:STC:DL:XLS-SERIES1	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution1
HIGH	HTTP:STC:DL:PPT-SLIDEATOM1	HTTP: Microsoft PowerPoint SlideAtom Vulnerability1
MEDIUM	HTTP:ADOBE-ROBOHELP-FILE-UPLOA3	HTTP: Adobe RoboHelp Server Arbitrary File Upload and Execute3
HIGH	HTTP:INFO-LEAK:WFCHAT11	HTTP: WFChat Information Disclosure11
MEDIUM	HTTP:KASPERSKY-URI-PARSING-DOS3	HTTP: Kaspersky Products URI Parsing Denial of Service3
HIGH	HTTP:STC:ACTIVEX:ICONICS-WEBHM1	HTTP: ICONICS IcoSetServer Unsafe ActiveX Control1
MEDIUM	HTTP:PFSENSE-ZONE-CSS3	HTTP: pfSense WebGUI Zone Parameter Cross-Site Scripting3
HIGH	HTTP:PHP:YABBSE-PKG-EXEC11	HTTP: YabbSE Packages.php Code Execution11
HIGH	HTTP:TOMCAT:SERVLET-DEVICE-DOS1	HTTP: Apache Tomcat Device Servlet Request DoS1
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI11	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion11
HIGH	HTTP:STC:ADOBE:READER-PLUGIN11	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption11
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC11	HTTP: .NET Framework Buffer Allocation Vulnerability11
HIGH	HTTP:STC:CHROME:TABLE-CSS-MC3	HTTP: Google Chrome Table Webkit Appearance CSS Property Memory Corruption3
HIGH	HTTP:STC:DL:XLS-SERIES11	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution11
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-CE11	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 11
HIGH	HTTP:STC:MOZILLA:FF-IMG-TAG-DO1	HTTP: Mozilla Firefox IMG Tag Parsing Denial of Service1
HIGH	HTTP:TM-IWSVA-LS-CI	HTTP: Trend Micro IWSVA LogSettingHandler doPostMountDevice Command Injection
HIGH	HTTP:STC:WIN-CCL-BOF	HTTP:Microsoft Windows Common Control Library Vulnerability
HIGH	HTTP:PHP:HORDE-HREF-BACKDOOR1	HTTP: Horde Href Backdoor1
HIGH	HTTP:STC:ACTIVEX:INDUSOFT-ISSY1	HTTP: InduSoft Web Studio ISSymbol Unsafe ActiveX Control1
HIGH	HTTP:PHP:YABBSE-PKG-EXEC1	HTTP: YabbSE Packages.php Code Execution1
HIGH	HTTP:INFO:HTML5-CONTENT1	HTTP: HTML Version 5 Content1
HIGH	HTTP:STC:DL:SWF-ACTIONPUSH1	HTTP: Adobe Flash Player ActionScript ActionPush Memory Corruption 1
HIGH	HTTP:EXPLOIT:D-LINK-ADMIN-PW1	HTTP: D-Link Admin Password Probe1
HIGH	HTTP:STC:SCRIPT:DOUBLE-BACKSLA1	HTTP: JavaScript Double BackSlash Hex Obfuscated Heap Spray1
MEDIUM	APP:MISC:HP-SITESCOPE-LOADFILE	APP: HP SiteScope loadFileContent SOAP Request Information Disclosure
HIGH	HTTP:STC:IE:DESIGNMODE-INFO1	HTTP: Microsoft Internet Explorer DesignMode Information Disclosure1
HIGH	APP:NOVELL:IPRINT-ATTRIB-BO	APP: Novell iPrint Server attributes-natural-language Buffer Overflow
HIGH	HTTP:WIRESHARK-MPEG-BOF1	HTTP: Wireshark MPEG Dissector Stack Buffer Overflow1
HIGH	HTTP:SQL:INJ:JOOMLA-COM-JCE1	HTTP: Joomla JCE Component Itemid Parameter SQL Injection1
HIGH	HTTP:STC:ADOBE:READER-PLUGIN1	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption1
HIGH	HTTP:STC:CLSID:ACTIVEX:NESSCAN1	HTTP: Nessus Vulnerability Scanner 3.0.6 ActiveX Vulnerability1
HIGH	HTTP:INFO:FACEBOOK1	HTTP: Facebook Access1
HIGH	HTTP:STC:CHROME:TABLE-CSS-MC1	HTTP: Google Chrome Table Webkit Appearance CSS Property Memory Corruption1
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI1	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion1
HIGH	HTTP:CISCO:VOIP:PORT-INFO-DOS1	HTTP: Cisco VoIP Phone PortInformation DOS1
MEDIUM	HTTP:INFO-LEAK:CA-TOTAL-DEFENSE	HTTP: CA Total Defense Suite UNCWS getDBConfigSettings Credential Information Disclosure
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY1	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection1
HIGH	HTTP:STC:IMG:OFFICE-FLASHPIX1	HTTP: Microsoft Office Malicious FlashPix Graphics File1
HIGH	APP:LANDESK-THINKMGT-DIRTRVRSAL	APP: LANDesk ThinkManagement Suite SetTaskLogByFile Directory Traversal
HIGH	HTTP:PHP:VS-NEWS-RFI1	HTTP: VirtualSystem VS-News-System Show_News_Inc.PHP Remote File Inclusion1
HIGH	HTTP:STC:IE:SETCAPTURE-UAF1	HTTP: Microsoft Internet Explorer SetCapture Use After Free1
HIGH	HTTP:STC:IE:MDAO-RCE1	HTTP: Microsoft Data Access Object Memory Corruption Remote Code Execution1
HIGH	HTTP:STC:DL:HEX-WORKSHP-CMAP-C1	HTTP: BreakPoint Software Hex Workshop ".CMAP" File Arbitrary Code Execution1
HIGH	HTTP:STC:DL:OPEN-TYPE-RCE11	HTTP: Open Type Font Parsing Remote Code Execution1
HIGH	HTTP:STC:ADOBE:CVE-2015-3122-C1	HTTP: Adobe Flash CVE-2015-3122 Remote Code Execution1
HIGH	HTTP:STC:SCRIPT:GARBLE-JS-OBFU1	HTTP: Garble Javascript Obfuscation Detected1
HIGH	HTTP:STC:CHROME:JS-MSGBOX-DOS1	HTTP: Google Chrome Java Script Message Box Denial of Service1
HIGH	HTTP:STC:ADOBE:CVE-2015-5133-C1	HTTP: Adobe Flash CVE-2015-5133 Remote Code Execution1
HIGH	HTTP:STC:IE:CVE-2014-4134-MC1	HTTP: Microsoft Internet Explorer CVE-2014-4134 Memory Corruption1
HIGH	HTTP:STC:IE:CVE-2014-4086-UAF1	HTTP: Microsoft Internet Explorer Use After Free (CVE-2014-4086)1
HIGH	HTTP:STC:IE:CVE-2014-0267-MC1	HTTP: Microsoft Internet Explorer CVE-2014-0267 Memory Corruption1
HIGH	HTTP:STC:IE:MHTML-HREF-OF1	HTTP: MHTML HREF Overflow1
HIGH	HTTP:STC:IE:CVE-2014-4126-MC1	HTTP: Microsoft Internet Explorer CVE-2014-4126 Memory Corruption1
HIGH	HTTP:STC:IE:HTML-HELP-ZONE-BP1	HTTP: Internet Explorer HTML Help Zone Bypass1
HIGH	HTTP:STC:IE:OBJECT-TAG-XML1	HTTP: Microsoft Internet Explorer Object Tag XML RCE1
HIGH	HTTP:STC:IE:ONBEFORECOPY-UAF1	HTTP: Microsoft Internet Explorer onBeforeCopy Use After Free1
HIGH	HTTP:STC:IE:CVE-2014-4140-CE1	HTTP: Microsoft Internet Explorer CVE-2014-4140 Arbitrary Code Execution1
HIGH	HTTP:STC:SWF:OPENTYPE-FONT-OF1	HTTP: Adobe Flash Player OpenType Font Parsing Integer Overflow1
HIGH	HTTP:STC:SWF:COPYRAWDATATO1	HTTP: Adobe Flash Player copyRawDataTo Out of Bounds Array Indexing1
MEDIUM	HTTP:STC:STREAM:VLC-REALINDEX1	HTTP: VideoLAN VLC real.c ReadRealIndex Real Demuxer Integer Overflow1
MEDIUM	HTTP:STC:STREAM:QT-MOV-FILE-BO1	HTTP: Apple QuickTime Movie File Clipping Region Handling Heap Buffer Overflow1
MEDIUM	HTTP:STC:STREAM:FLASH-MEMORY1	HTTP: Macromedia Flash Player Improper Memory Access1
MEDIUM	HTTP:STC:STREAM:DIRECTSHOW-MJP1	HTTP: Microsoft Windows MJPEG Media Decompression Code Execution1
MEDIUM	HTTP:STC:SCHNEIDER-CFG-FILE-BO1	HTTP: Schneider Electric VAMPSET CFG File Handling Buffer Overflow 1
MEDIUM	HTTP:STC:OLE-SHELL1	HTTP: Malicious OLE Object in Office Document1
MEDIUM	HTTP:STC:MOZILLA:OGG-VORBIS1	HTTP: Multiple Mozilla Products Ogg Vorbis Decoding Memory Corruption1
MEDIUM	HTTP:STC:MOZILLA:NNTP-URL1	HTTP: Mozilla NNTP URL Handling Buffer Overflow1
MEDIUM	HTTP:STC:JAVA:PRVDR-SKLTON-SB1	HTTP: Oracle Java ProviderSkeleton Sandbox Bypass1
MEDIUM	HTTP:STC:JAVA:GIF-MEMCORRUPT1	HTTP: Sun Java GIF File Handling Memory Corruption1
HIGH	HTTP:DOS:DRUPAL-XML-RPC-IEE	HTTP: Drupal Core XML-RPC Endpoint Internal Entity Expansion Denial of Service
MEDIUM	HTTP:STC:IMG:OFFICE-FLASHPIX21	HTTP: Microsoft Office Malicious FlashPix Image (2)1
MEDIUM	HTTP:STC:IMG:KODAK-TIFF1	HTTP: Microsoft Windows Kodak Image Viewer Code Execution1
MEDIUM	HTTP:STC:IMG:JPEG-WIDTH-OF1	HTTP: Internet Explorer Overlarge JPEG (Width)1
MEDIUM	HTTP:STC:IMG:ICO-SIZE-OF1	HTTP: Overlarge ICO Size Parameter1
MEDIUM	HTTP:STC:IE:XML-HANDLE-EXEC1	HTTP: Internet Explorer XML Handling Exploit Attempt1
MEDIUM	HTTP:STC:IE:URL-FILE-BOF1	HTTP: Microsoft Windows Explorer Invalid URL File1
MEDIUM	HTTP:STC:IE:SAMEID-RCE1	HTTP: Microsoft Internet Explorer Same ID Property Remote Code Execution1
MEDIUM	HTTP:STC:IE:PRINT-PREVIEW-CE1	HTTP: Microsoft Internet Explorer Print Preview Handling Command Execution1
MEDIUM	HTTP:STC:DL:WORD-REC-LEN-OF1	HTTP: Microsoft Word Record Parsing Length Field Overflow1
HIGH	HTTP:STC:DL:APPLE-QT-RNET-OF	HTTP: Apple QuickTime rnet Box Parsing Heap Buffer Overflow
MEDIUM	HTTP:STC:DL:WMP-DVR-MS1	HTTP: Microsoft Windows Media Player DVR-MS File Remote Code Execution1
MEDIUM	HTTP:STC:DL:VLC-TY-BO1	HTTP: VideoLAN VLC Media Player TY Processing Buffer Overflow1
MEDIUM	HTTP:STC:DL:VISIO-VSD-MEM1	HTTP: Microsoft Visio VSD File Format Memory Corruption Remote Code Execution1
MEDIUM	HTTP:STC:DL:VISIO-OBJ-CONFUSIO1	HTTP: Microsoft Visio Object Type Confusion Remote Code Execution1
MEDIUM	HTTP:STC:DL:SOPHOS-ZIPDOS1	HTTP: Sophos Anti-Virus Zip File Handling Denial of Service1
MEDIUM	HTTP:STC:DL:SANDWORM-RCE1	HTTP: Microsoft Office SandWorm Remote Code Execution1
MEDIUM	HTTP:STC:DL:REALPLAYER-SWF-BO1	HTTP: RealPlayer SWF Frame Handling Buffer Overflow1
MEDIUM	HTTP:STC:DL:QUICKTIME-QTVR-BOF1	HTTP: Apple QuickTime QTVR QTVRStringAtom Parsing Buffer Overflow (CVE-2012-0667)1
MEDIUM	HTTP:STC:DL:QT-STSC-ATOM-MC1	HTTP: Microsoft DirectShow QuickTime stsc Atom Parsing Memory Corruption1
MEDIUM	HTTP:STC:DL:QT-PDAT1	HTTP: Apple QuickTime PDAT Atom Parsing Buffer Overflow1
MEDIUM	HTTP:STC:WIN-SHELLHNDL1	HTTP: Microsoft Windows Shell Handler URL Validation1
MEDIUM	HTTP:STC:DL:QT-JVTCOMPENCODE1	HTTP: Apple QuickTime MOV File JVTCompEncodeFrame Heap Overflow1
MEDIUM	HTTP:STC:DL:QT-CRGN-ATOM1	HTTP: Apple QuickTime crgn Atom Parsing Memory Corruption1
MEDIUM	HTTP:STC:DL:QT-COLOR-ATOM1	HTTP: Apple QuickTime Color Table Atom Movie File Handling Heap Corruption1
MEDIUM	HTTP:STC:DL:PPT-VIEWER-MEMALLO1	HTTP: Microsoft PowerPoint Viewer Memory Allocation Code Execution1
MEDIUM	HTTP:STC:DL:PPT-TEXTBYTESATM-B1	HTTP: Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow1
MEDIUM	HTTP:STC:DL:PPT-PP7-MC1	HTTP: Microsoft Office PowerPoint PP7 File Handling Memory Corruption1
MEDIUM	HTTP:STC:DL:PPT-OFFICEART1	HTTP: Microsoft Powerpoint OfficeArtClient Remote Code Execution1
HIGH	HTTP:DOS:DRUPAL-XMLRPC-TAGS	HTTP: Drupal Core XML-RPC Endpoint Tags Denial of Service
MEDIUM	HTTP:STC:DL:OTF-DOS1	HTTP: Microsoft Windows OpenType Font (OTF) Denial of Service1
MEDIUM	HTTP:STC:DL:OFFICE-PICT-MC1	HTTP: Microsoft Office PICT Filter Invalid Length Memory Corruption1
MEDIUM	HTTP:STC:DL:OFF-GDI-HOF1	HTTP: Microsoft Office GDI+ Heap Overflow Vulnerability 1
MEDIUM	HTTP:STC:DL:NETOP-DWS-BOF1	HTTP: Netop Remote Control dws File Buffer Overflow1
MEDIUM	HTTP:STC:DL:MS-PUB-RCE1	HTTP: Microsoft Publisher Pubconv.dll Function Pointer Overwrite1
HIGH	APP:ORACLE:VIRTUAL-AGENT-CMDINJ	APP: Oracle Virtual Server Agent Command Injection
MEDIUM	HTTP:STC:DL:MS-OFFICE-STRING1	HTTP: Microsoft Office Malformed String Parsing Code Execution1
MEDIUM	HTTP:STC:DL:MS-OBJ-PACKAGER-RC1	HTTP: Microsoft Windows Object Packager ClickOnce Object Handling Code Execution1
MEDIUM	HTTP:STC:DL:MSHTML-HELP1	HTTP: Microsoft HTML Help '.chm' File Stack Buffer Overflow Vulnerability1
MEDIUM	HTTP:STC:DL:MSDOTNET-FUNC-PTR1	HTTP: Microsoft .NET Framework Improper Execution of Function Pointer1
MEDIUM	HTTP:STC:DL:MS-DOC-STREAM-CE1	HTTP: Microsoft Word Document Stream Handling Code Execution1
MEDIUM	HTTP:STC:DL:MAL-MEDIA-RCE1	HTTP: Malformed Media Files Processing Remote Code Execution1
MEDIUM	HTTP:STC:DL:LIBXML2-ENTRY-NAME1	HTTP: libxml2 XML File Processing Long Entity Name Buffer Overflow1
MEDIUM	HTTP:STC:DL:FAX-EDITOR-RCE1	HTTP: Fax Cover Page Editor Remote Code Execution1
MEDIUM	HTTP:STC:DL:EMF-EMR-INT1	HTTP: OpenOffice EMF File EMR Record Parsing Integer Overflow1
MEDIUM	HTTP:STC:DL:EICAR1	HTTP: EICAR Antivirus Test File Download1
MEDIUM	HTTP:STC:DL:DS-ATOM-TABLE1	HTTP: Microsoft DirectShow Remote Code Execution1
MEDIUM	HTTP:STC:DL:CAB-VULNS1	HTTP: Cab File Multiple Vulnerabilities1
MEDIUM	HTTP:STC:DL:ASF-DF1	HTTP: ASF Header Parsing Invalid Free1
MEDIUM	HTTP:XSS:REDHAT-JBOSS-XSS	HTTP: Red Hat JBoss BPM Suite BRMS Tasks List Cross-Site Scripting
MEDIUM	HTTP:STC:DL:APPLE-QT-MOV-DOS1	HTTP: Apple QuickTime Player MOV File Handling Denial of Service1
MEDIUM	HTTP:STC:DL:APPLE-QT-IMAGE-MC1	HTTP: Apple QuickTime Image Description Atom Sign Extension Memory Corruption1
MEDIUM	HTTP:STC:DL:APPLE-QT-H264-BOF1	HTTP: Apple QuickTime H.264 Crafted Movie Buffer Overflow1
HIGH	HTTP:NOVELL:ZENWORKS-RTRLET-COM	HTTP: Novell ZENWorks Asset Management 'rtrlet' Component Remote Code Execution
MEDIUM	HTTP:STC:DL:ACE-BO1	HTTP: Avast! Antivirus ACE File Handling Buffer Overflow1
MEDIUM	HTTP:STC:ACTIVEX:MS-AGENT-LIB1	HTTP: Microsoft Agent Unsafe ActiveX Control1
MEDIUM	HTTP:STC:IE:MHTML-REDIR1	HTTP: Internet Explorer MHTML Redirection Information Disclosure1
MEDIUM	HTTP:STC:IE:MAL-JPEG1	HTTP: Microsoft Internet Explorer Malformed JPEG File1
MEDIUM	HTTP:STC:IE:EOT-WEBFONTS-DL1	HTTP: Internet Explorer WebFonts File Download1
MEDIUM	HTTP:STC:DL:XLS-SERIES-TYPE-RC1	HTTP: Microsoft Excel Series Record Parsing Type Mismatch Remote Code Execution1
MEDIUM	HTTP:STC:DL:XLS-RTWINDOW1	HTTP: Microsoft Excel rtWindow1 Record Handling Code Execution1
MEDIUM	HTTP:STC:DL:XLS-INT-OR1	HTTP: Microsoft Excel Integer Overrun Vulnerability1
MEDIUM	HTTP:STC:DL:XLS-FRTWRAPPER1	HTTP: Microsoft Excel FRTWrapper Record Buffer Overflow1
MEDIUM	HTTP:SQL:INJ:TIVOLI-USER-UPDAT1	HTTP: IBM Tivoli Provisioning Manager Express User.updateUserValue SQL Injection1
MEDIUM	HTTP:ORACLE:OUTSIDEIN-MET-BOF1	HTTP: Oracle Outside In OS 2 Metafile Parser Stack Buffer Overflow1
MEDIUM	HTTP:MISC:AV-INVALID-CHKSUM1	HTTP: Multiple AV Vendor Invalid Archive Checksum Bypass1
MEDIUM	HTTP:EXPLOIT:MAL-LNK1	HTTP: Malformed Microsoft LNK File Download1
MEDIUM	HTTP:APACHE:MOD-ISAPI-RCE1	HTTP: Apache HTTP Server mod_isapi Dangling Pointer Remote Code Execution1
MEDIUM	HTTP:STC:ADOBE:WRTE-WAT-WHRE-C1	HTTP: Adobe Flash Player Shader Object Processing Remote Code Execution1
MEDIUM	HTTP:STC:ADOBE:TEXTLINE-OB-CE1	HTTP: Adobe Flash TextLine OpaqueBackground Property Remote Code Execution1
MEDIUM	HTTP:STC:ADOBE:SWF-INVALID-OBF1	HTTP: Adobe Flash Player Invalid Object Reference Code Execution1
MEDIUM	HTTP:STC:ADOBE:SWF-DMNMEM-CP1	HTTP: Adobe Flash Player CVE-2015-0311 DomainMemory Use-after-Free1
MEDIUM	HTTP:STC:ADOBE:READER-ICC-RCE1	HTTP: Adobe Acrobat Reader ICC Stream Remote Code Execution (APSB10-21)1
MEDIUM	HTTP:STC:ADOBE:PDF-BITDEF-OF1	HTTP: BitDefender Antivirus PDF Processing Memory Corruption1
HIGH	HTTP:MISC:MANAGENGINE-EVNTLG-CE	HTTP: ManageEngine EventLog Analyzer agentUpload Directory Traversal
HIGH	HTTP:INFO-LEAK:WFCHAT2	HTTP: WFChat Information Disclosure2
HIGH	HTTP:INFO-LEAK:WFCHAT3	HTTP: WFChat Information Disclosure3
HIGH	HTTP:INFO-LEAK:WFCHAT4	HTTP: WFChat Information Disclosure4
HIGH	HTTP:INFO-LEAK:WFCHAT5	HTTP: WFChat Information Disclosure5
HIGH	HTTP:INFO-LEAK:WFCHAT6	HTTP: WFChat Information Disclosure6
HIGH	HTTP:INFO-LEAK:WFCHAT7	HTTP: WFChat Information Disclosure7
HIGH	HTTP:INFO-LEAK:WFCHAT8	HTTP: WFChat Information Disclosure8
HIGH	HTTP:INFO-LEAK:WFCHAT9	HTTP: WFChat Information Disclosure9
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI2	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion2
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI3	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion3
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI4	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion4
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC10	HTTP: .NET Framework Buffer Allocation Vulnerability10
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI6	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion6
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI7	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion7
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI8	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion8
HIGH	HTTP:PHP:PHPSECUREPAGE-RFI9	HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion9
HIGH	HTTP:STC:IE:COMPRESSED-URL	HTTP: Microsoft Internet Explorer Compressed Content URL Heap Overflow
HIGH	HTTP:MISC:ENDIAN-PRX-CMDEXEC	HTTP: Endian Firewall Proxy Password Change Command Execution
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY2	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 2
HIGH	HTTP:PHP:YABBSE-PKG-EXEC2	HTTP: YabbSE Packages.php Code Execution2
HIGH	HTTP:PHP:YABBSE-PKG-EXEC3	HTTP: YabbSE Packages.php Code Execution3
HIGH	HTTP:PHP:YABBSE-PKG-EXEC4	HTTP: YabbSE Packages.php Code Execution4
HIGH	HTTP:PHP:YABBSE-PKG-EXEC5	HTTP: YabbSE Packages.php Code Execution5
HIGH	HTTP:PHP:YABBSE-PKG-EXEC6	HTTP: YabbSE Packages.php Code Execution6
HIGH	HTTP:PHP:YABBSE-PKG-EXEC7	HTTP: YabbSE Packages.php Code Execution7
HIGH	HTTP:PHP:YABBSE-PKG-EXEC8	HTTP: YabbSE Packages.php Code Execution8
HIGH	HTTP:PHP:YABBSE-PKG-EXEC9	HTTP: YabbSE Packages.php Code Execution9
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY3	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 3
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY4	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 4
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY5	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 5
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY6	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 6
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY7	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 7
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY8	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 8
HIGH	HTTP:SQL:INJ:WP-AJAX-CATEGORY9	HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 9
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE2	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 2
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE3	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 3
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE4	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 4
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE5	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 5
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE6	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 6
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE7	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 7
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE8	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 8
HIGH	HTTP:STC:SAFARI:X-MAN-PAGE-RCE9	HTTP: Mac OS X Safari x-man-page URI Terminal Escape Command Execution 9
HIGH	HTTP:STC:ADOBE:READER-PLUGIN2	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption2
HIGH	HTTP:DIR:VISUALMINING-NETCHARTS	HTTP: Visual Mining NetCharts Server File Upload Directory Traversal
HIGH	HTTP:STC:ADOBE:READER-PLUGIN4	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption4
HIGH	HTTP:STC:ADOBE:READER-PLUGIN5	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption5
HIGH	APP:ORACLE:GOLDENGATE-SOAP-OF	APP: Oracle GoldenGate Veridata Server XML SOAP Request Buffer Overflow
HIGH	HTTP:STC:ADOBE:READER-PLUGIN7	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption7
HIGH	HTTP:STC:ADOBE:READER-PLUGIN8	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption8
HIGH	HTTP:STC:ADOBE:READER-PLUGIN9	HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption9
HIGH	HTTP:STC:DL:XLS-SERIES2	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution2
HIGH	HTTP:STC:DL:XLS-SERIES3	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution3
HIGH	HTTP:STC:DL:XLS-SERIES4	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution4
HIGH	HTTP:STC:DL:XLS-SERIES5	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution5
HIGH	HTTP:STC:DL:XLS-SERIES6	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution6
HIGH	HTTP:STC:DL:XLS-SERIES7	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution7
HIGH	HTTP:STC:DL:XLS-SERIES8	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution8
HIGH	HTTP:STC:DL:XLS-SERIES9	HTTP: Microsoft Excel Malformed Series Record Remote Code Execution9
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC2	HTTP: .NET Framework Buffer Allocation Vulnerability2
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC3	HTTP: .NET Framework Buffer Allocation Vulnerability3
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC4	HTTP: .NET Framework Buffer Allocation Vulnerability4
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC5	HTTP: .NET Framework Buffer Allocation Vulnerability5
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC6	HTTP: .NET Framework Buffer Allocation Vulnerability6
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC7	HTTP: .NET Framework Buffer Allocation Vulnerability7
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC8	HTTP: .NET Framework Buffer Allocation Vulnerability8
HIGH	HTTP:STC:DOTNET-BUFF-ALLOC9	HTTP: .NET Framework Buffer Allocation Vulnerability9
MEDIUM	HTTP:STC:DL:PPT-FF-BOF1	HTTP: PowerPoint File Multiples Buffer Overflow1
HIGH	HTTP:DIR:APACHE-OPENMEETINGS	HTTP: Apache OpenMeetings ZIP File Path Traversal
HIGH	HTTP:DIR:MANAGEENGINE-DIR-TRA	HTTP: ManageEngine ServiceDesk File Upload Directory Traversal
MEDIUM	HTTP:WINAMP-WLZ-BO1	HTTP: Winamp wlz File Parsing Buffer Overflow1
MEDIUM	HTTP:INTELLITAMPER-DEFER-BO1	HTTP: IntelliTamper defer Attribute Buffer Overflow Vulnerability1
HIGH	HTTP:MISC:NETCHARTS-SER-RCE	HTTP: Visual Mining NetCharts Server Path Traversal File Upload Remote Code Execution
MEDIUM	HTTP:ACMS-ASSETS-INFODISC1	HTTP: aCMS Assets Page Information Disclosure1
MEDIUM	HTTP:FOXIT-PNG-PDF-BO11	HTTP: Foxit Multiple Products PNG To PDF Conversion Heap Buffer Overflow1
MEDIUM	HTTP:ADOBE-INDESIGN-SOAP-RCE1	HTTP: Adobe IndesignServer SOAP Server Arbitrary Script Execution1
MEDIUM	HTTP:MAMBO-MYSQL-INF-DISCLOSUR1	HTTP: Mambo MySQL Database Info Disclosure1
MEDIUM	HTTP:MS-WINDOWS-HYPERLINK-BO1	HTTP: Microsoft Windows Hyperlink Buffer Overflow1
MEDIUM	HTTP:WIRELURKER-VRUPDATE1	HTTP: WireLurker Version Update Detected1
MEDIUM	HTTP:OFFICESCAN-CGIRECVFILE1	HTTP: Trend Micro OfficeScan Server cgiRecvFile Buffer Overflow1
MEDIUM	HTTP:KASPERSKY-URI-PARSING-DOS1	HTTP: Kaspersky Products URI Parsing Denial of Service1
MEDIUM	HTTP:REALTEK-MEDIAPLAYER-PLA-B1	HTTP: Realtek Media Player pla File Parsing Buffer Overflow1
MEDIUM	HTTP:IESHIMS-DLL-HIJACK1	HTTP: Microsoft Internet Explorer IESHIMS.DLL Insecure Library Loading1
MEDIUM	HTTP:MANAGENGINE-APP1	HTTP: ManageEngine Applications Manager SQL Injection1
MEDIUM	HTTP:HP-INSIGHT-DIAGNOSTICS-LF1	HTTP: HP Insight Diagnostics CVE-2013-3575 Local File Inclusion1
MEDIUM	HTTP:PFSENSE-ZONE-CSS1	HTTP: pfSense WebGUI Zone Parameter Cross-Site Scripting1
MEDIUM	HTTP:FIREFLY-MEDIA-SERVER-DOS1	HTTP: Firefly Media Server Denial Of Service1
MEDIUM	HTTP:NOVELL-NETIQ-MOD-POLBYPAS1	HTTP: Novell NetIQ Privileged User Manager modifyAccounts Policy Bypass1
MEDIUM	HTTP:MS-IE-MEMORY-CORRUPTION1	HTTP: Microsoft Internet Explorer CVE-2014-2782 Use After Free1
MEDIUM	HTTP:INTEGARD-PASSWORD-BOF1	HTTP: Integard Web Interface Password Parameter Buffer Overflow1
MEDIUM	HTTP:FORTINET-HELLO-MSG-DOS1	HTTP: Fortinet Single Sign On Hello Message Denial Of Service1
MEDIUM	HTTP:NGINX-RQST-URI-SECBYPASS1	HTTP: Nginx Request URI Verification Security Bypass1
MEDIUM	HTTP:SAP-MGT-CON-OSEXEC1	HTTP: SAP Management Console SOAP Interface Code Execution1
MEDIUM	HTTP:ADOBE-ROBOHELP-FILE-UPLOA1	HTTP: Adobe RoboHelp Server Arbitrary File Upload and Execute1
MEDIUM	HTTP:STC:DL:MS-PP-PRESENT-RCE1	HTTP: Microsoft PowerPoint Presentation Handling Remote Code Execution1
MEDIUM	HTTP:WIRESHARK-MPEG-BOF11	HTTP: Wireshark MPEG Dissector Stack Buffer Overflow11
MEDIUM	HTTP:W3C-AMAYA-BOF1	HTTP: W3C Amaya Stack Based Buffer Overflow1
MEDIUM	HTTP:RESIN-INFO-DISCLOSURE1	HTTP: Resin Application Server Source Code Disclosure1
MEDIUM	HTTP:UNUSUAL-REFERER1	HTTP: Unusual Value In HTTP Referer Header1
MEDIUM	HTTP:C99-SHELL-BACKDOOR1	TROJAN: C99 Backdoor Actiivity1
MEDIUM	HTTP:GOOGLE-SKETCHUP-BMP-BO1	HTTP: Google SketchUp BMP File Buffer Overflow (CVE-2013-3664)1
MEDIUM	HTTP:TRENDMICRO-CTRLMGR-SQLINJ1	HTTP: Trend Micro Control Manager ad hoc query Module SQL Injection1
MEDIUM	HTTP:FOXIT-FF-URL-STG-BO1	HTTP: Foxit Reader Plugin for Firefox URL String Stack Buffer Overflow1
MEDIUM	HTTP:SUN-GLASSFISH-AUTH-BP1	HTTP: Sun Goldfish AUthentication Bypass1
MEDIUM	HTTP:EMC-DPA-EJBSERVLET-RCE1	HTTP: EMC Data Protection Advisor Illuminator EJBInvokerServlet Remote Code Execution1
MEDIUM	HTTP:HP-SITESCOPE-INF-DISC1	HTTP: HP SiteScope Log Analyzer Information Disclosure1
MEDIUM	HTTP:JAVA-EXPRESS-HTML-INJ1	HTTP: Sun Java System Communications Express HTML Injection1
MEDIUM	HTTP:VMWARE-VSPHERE-DOS1	HTTP: Vmware Vsphere Host Daemon Denial Of Service1
MEDIUM	HTTP:AVIRA-SECURE-BCKUP-REG-BO1	HTTP: Avira Secure Backup Registry Value Parsing Buffer Overflow1
HIGH	HTTP:PROXY:SQUID-ESI-BO	HTTP: Squid Proxy ESI Component Stack Buffer Overflow
HIGH	APP:CUPS:HPGL-PC-OF	APP: CUPS HPGL Filter Overflow
HIGH	HTTP:STC:DL:ONENOTE-INFO-DISC2	HTTP: Microsoft Office OneNote 2010 Buffer Size Validation2
HIGH	HTTP:STC:IE:CVE-2015-6052-RCE	HTTP: Microsoft Internet Explorer CVE-2015-6052 Remote Code Execution
CRITICAL	APP:NOVELL:IMANAGER-ARB-UPLOAD	APP: Novell iManager getMultiPartParameters Arbitrary File Upload
HIGH	HTTP:DIR:NOVELL-GROUPWSE-DIRTRA	HTTP: Novell GroupWise Admin Service FileUploadServlet Directory Traversal
MEDIUM	HTTP:STC:DL:APPLE-QT-FLIC-BO1	HTTP: Apple QuickTime FLIC Animation File Buffer Overflow1
HIGH	HTTP:EK-ORACLE-JAVA-DWNLD	HTTP: Unknown Exlpoit Downloads Oracle Java Jar file
HIGH	HTTP:DIR:MANAGEENGINE	HTTP: ManageEngine Multiple Products File Attachment Directory Traversal
HIGH	HTTP:EK-REDKIT-OBFUS-PE	HTTP: Redkit Exploit Kit Obfuscated Portable Executable
HIGH	HTTP:NGINX-CHUNKED-BO	HTTP: Nginx Parsed Chunked Buffer Overflow
CRITICAL	HTTP:MISC:HPE-IMC-RCE	HTTP: HPE Intelligent Management Center WebDMServlet Insecure Deserialization
CRITICAL	HTTP:MISC:RED-HAT-JBOSS-CE	HTTP: Red Hat JBoss Application Server doFilter Insecure Deserialization
HIGH	HTTP:EK-NUCLEAR-JAR-DWNLD	HTTP: Nuclear Exploit Kit Jar File Download
HIGH	HTTP:EK-NUCLEAR-FLASH-FILE1	HTTP: Nuclear Exploit Kit Flash File Download 1
HIGH	HTTP:EK-NECLEAR-OBFU-FILE	HTTP: Nuclear Exploit Kit Obfuscated File Download
HIGH	HTTP:EK-MUL-PE-DOWNLOAD	HTTP: Multiple Exploit Kit Portable Executable Download
HIGH	HTTP:ORACLE:WEBLOGIC-WLSWSAT-ID	HTTP: Oracle WebLogic Server WorkContextXmlInputAdapter Insecure Deserialization
HIGH	HTTP:EK-ANGLER-RELAY-TRAFFIC	HTTP: Angler Exploit Kit Relay Traffic Detected1
HIGH	HTTP:APACHE:MOD-DAV-MERGE-DOS	HTTP: Apache HTTP Server mod_dav MERGE Request Denial of Service

1 renamed signature:

SSL:CISCO-ASA-CE

SSL:CISCO-ASA-WEBVPN-CE

Details of the signatures included within this bulletin:

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Mac OS X Safari. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:INFO-LEAK:DOT-NET-CODE1 - HTTP: Microsoft .NET Framework Code Access Security Info Disclosure Vulnerability1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework. A successful attack can result in the attacker gaining unauthorized information about the target system without the victim's knowledge.

Supported On:

HTTP:PROXY:SQUID-PROXY-ESI-DOS - HTTP: Squid Proxy ESI Response Processing Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Edge Side Includes (ESI) component of the Squid proxy. Successful exploitation allows the attacker to cause a denial of service condition for all clients accessing the Squid service.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

cve: CVE-2016-4555

Affected Products:

Squid-cache squid 3.4.3
Squid-cache squid 3.1.22
Squid-cache squid 3.2.0.5
Squid-cache squid 3.3.1
Squid-cache squid 3.2.0.15
Squid-cache squid 3.2.0.3
Squid-cache squid 4.0.6
Squid-cache squid 3.1.0.10
Squid-cache squid 3.1.12.2
Squid-cache squid 3.3.2
Canonical ubuntu_linux 12.04
Squid-cache squid 3.2.0.1
Squid-cache squid 3.1.19
Squid-cache squid 4.0.4
Squid-cache squid 3.4.14
Squid-cache squid 3.4.9
Squid-cache squid 3.1.0.15
Squid-cache squid 3.4.12
Squid-cache squid 4.0.2
Squid-cache squid 3.4.10
Squid-cache squid 3.2.0.13
Squid-cache squid 3.1.0.7
Squid-cache squid 3.3.9
Squid-cache squid 3.2.12
Squid-cache squid 3.1.0.17
Squid-cache squid 3.1.0.1
Squid-cache squid 3.1.2
Squid-cache squid 3.5.8
Squid-cache squid 3.2.0.9
Squid-cache squid 3.1.0.3
Squid-cache squid 3.1.3
Squid-cache squid 3.2.0.17
Squid-cache squid 3.2.3
Squid-cache squid 3.1.0.16
Squid-cache squid 3.2.1
Squid-cache squid 4.0.8
Squid-cache squid 3.2.7
Squid-cache squid 3.1.0.9
Canonical ubuntu_linux 14.04
Squid-cache squid 3.4.0.3
Squid-cache squid 3.2.5
Squid-cache squid 3.5.2
Squid-cache squid 3.5.11
Squid-cache squid 3.5.4
Squid-cache squid 3.2.9
Squid-cache squid 3.5.13
Squid-cache squid 3.4.4.1
Squid-cache squid 3.5.6
Squid-cache squid 3.5.15
Squid-cache squid 3.1.5
Squid-cache squid 3.5.0.2
Squid-cache squid 3.2.0.19
Squid-cache squid 3.5.17
Squid-cache squid 3.4.4
Squid-cache squid 3.5.0.4
Squid-cache squid 3.2.11
Squid-cache squid 3.3.14
Squid-cache squid 3.4.8
Squid-cache squid 3.1.16
Squid-cache squid 3.3.6
Squid-cache squid 3.3.12
Squid-cache squid 3.2.0.18
Squid-cache squid 3.2.0.6
Squid-cache squid 3.1.10
Squid-cache squid 3.1.0.12
Squid-cache squid 3.1.14
Squid-cache squid 3.3.10
Squid-cache squid 3.4.2
Squid-cache squid 3.1.21
Squid-cache squid 3.2.0.4
Squid-cache squid 3.1.12
Squid-cache squid 3.1.0.14
Squid-cache squid 3.2.0.14
Squid-cache squid 3.2.0.2
Squid-cache squid 3.2.0.11
Squid-cache squid 3.2.10
Squid-cache squid 4.0.7
Squid-cache squid 3.3.0
Squid-cache squid 3.4.0.1
Squid-cache squid 3.2.0.16
Squid-cache squid 3.4.11
Squid-cache squid 4.0.5
Squid-cache squid 3.1.0.18
Squid-cache squid 3.1.9
Squid-cache squid 3.2.0.10
Squid-cache squid 3.1.0.5
Squid-cache squid 4.0.3
Squid-cache squid 3.1.12.1
Squid-cache squid 3.1
Squid-cache squid 3.2.0.12
Squid-cache squid 4.0.1
Squid-cache squid 3.1.17
Squid-cache squid 3.0
Canonical ubuntu_linux 16.04
Canonical ubuntu_linux 15.10
Squid-cache squid 3.1.6
Squid-cache squid 3.3.8
Squid-cache squid 3.3.7
Squid-cache squid 3.1.0.8
Squid-cache squid 3.5.9
Squid-cache squid 3.2.0.8
Squid-cache squid 3.1.0.4
Squid-cache squid 3.1.4
Squid-cache squid 3.2.2
Squid-cache squid 3.1.0.2
Squid-cache squid 3.2.13
Squid-cache squid 4.0.9
Oracle linux 6.0
Squid-cache squid 3.2.6
Squid-cache squid 3.1.5.1
Squid-cache squid 3.1.7
Squid-cache squid 3.1.12.3
Squid-cache squid 3.5.1
Squid-cache squid 3.2.4
Squid-cache squid 3.1.8
Squid-cache squid 3.3.0.3
Squid-cache squid 3.5.3
Squid-cache squid 3.4.13
Squid-cache squid 3.1.0.13
Squid-cache squid 3.5.5
Squid-cache squid 3.2.8
Squid-cache squid 3.5.10
Squid-cache squid 3.1.0.6
Squid-cache squid 3.5.0.1
Squid-cache squid 3.5.7
Squid-cache squid 3.5.12
Squid-cache squid 3.4.4.2
Squid-cache squid 3.4.1
Squid-cache squid 3.5.0.3
Squid-cache squid 3.5.14
Oracle linux 7.0
Squid-cache squid 3.3.4
Squid-cache squid 3.1.18
Squid-cache squid 3.1.15
Squid-cache squid 3.5.16
Squid-cache squid 3.1.1
Squid-cache squid 3.4.0.2
Squid-cache squid 3.1.0.11
Squid-cache squid 3.3.13
Squid-cache squid 3.3.0.1
Squid-cache squid 3.1.11
Squid-cache squid 3.3.5
Squid-cache squid 3.3.11
Squid-cache squid 3.3.0.2
Squid-cache squid 3.1.20
Squid-cache squid 3.2.0.7
Squid-cache squid 3.1.13
Squid-cache squid 3.3.3

bugtraq: 56535
cve: CVE-2012-5930

Affected Products:

Netiq privileged_user_manager 2.3.0
Netiq privileged_user_manager 2.3.1

HTTP:MISC:MS-USERS-PWD-INFO-DI1 - HTTP: Microsoft FrontPage Extensions File Information Disclosure1

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability against Microsoft FrontPage. A successful attack could lead to the disclosure of sensitive information.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:NOVELL-NETIQ-EVAL-POLBYPAS - HTTP: Novell NetIQ Privileged User Manager Eval Policy Bypass

Severity: HIGH

Description:

A policy-bypass vulnerability has been reported in Novell NetIQ Privileged User Manager, which could allow remote attackers to compromise a system. The vulnerability is due to an access control weakness when handling calls to the eval method within POST requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a malicious eval request to the vulnerable server. Successful exploitation could result in command execution under the context of the SYSTEM.

Supported On:

References:

bugtraq: 56539
cve: CVE-2012-5932

Affected Products:

Netiq privileged_user_manager 2.3.0
Netiq privileged_user_manager 2.3.1

Severity: HIGH

Description:

This signature detects attempts to exploit a known remote file inclusion vulnerability in phpSecurePages. It is due to insufficient validation of user-supplied input. A remote attacker can exploit this by enticing a target to open a malicious URL link. A successful attack can result in arbitrary code execution and loss of sensitive information.

Supported On:

References:

bugtraq: 45762
cve: CVE-2011-0263

Affected Products:

Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.53

HTTP:STC:WIN-CCL-BOF - HTTP:Microsoft Windows Common Control Library Vulnerability

Severity: HIGH

Description:

This signature detects Web pages containing a dangerous SVG module. A malicious Web site can exploit a known vulnerability in Microsoft Windows Internet Explorer and gain control of the client browser.

Supported On:

References:

Affected Products:

Microsoft windows_7_for_32-bit_systems
Microsoft windows_7_for_x64-based_systems
Microsoft windows_vista SP1
Microsoft windows_server_2008_for_x64-based_systems R2
Microsoft windows_server_2008_for_itanium-based_systems R2
Microsoft windows_vista SP2
Microsoft windows_vista_x64_edition SP2
Microsoft windows_server_2008_for_32-bit_systems SP2
Avaya messaging_application_server
Microsoft windows_server_2008_for_x64-based_systems SP2
Avaya messaging_application_server MM 3.0
Avaya messaging_application_server MM 3.1
Microsoft windows_server_2008_for_itanium-based_systems SP2
Microsoft windows_server_2003_x64 SP2
Microsoft windows_xp_embedded SP3
Avaya messaging_application_server MM 1.1
Avaya meeting_exchange-client_registration_server
Avaya meeting_exchange-recording_server
Avaya meeting_exchange-streaming_server
Avaya meeting_exchange-web_conferencing_server
Avaya callpilot_unified_messaging
Microsoft windows_vista_x64_edition SP1
Avaya messaging_application_server 4
Avaya messaging_application_server 5
Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
Microsoft windows_xp_tablet_pc_edition SP3
Microsoft windows_xp_professional_x64_edition SP3
Microsoft windows_xp_professional SP3
Microsoft windows_xp_media_center_edition SP3
Microsoft windows_xp_home SP3
Avaya messaging_application_server MM 2.0
Microsoft windows_server_2003 SP2
Avaya communication_server_1000_telephony_manager
Avaya aura_conferencing 6.0 Standard
Avaya meeting_exchange-webportal
Avaya aura_conferencing 6.0
Microsoft windows_xp_professional_x64_edition SP2
Microsoft windows_server_2003_itanium SP2
Microsoft windows_server_2008_for_32-bit_systems
Microsoft windows_server_2008_for_x64-based_systems
Microsoft windows_server_2008_for_itanium-based_systems

HTTP:PHP:HORDE-HREF-BACKDOOR1 - HTTP: Horde Href Backdoor1

Severity: HIGH

Description:

This signature detects attempts to exploit a known backdoor vulnerability in Horde. A successful attack can lead to arbitrary code execution in the context of the application.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:ACTIVEX:INDUSOFT-ISSY1 - HTTP: InduSoft Web Studio ISSymbol Unsafe ActiveX Control1

Severity: HIGH

Description:

This signature detects attempts to use unsafe ActiveX controls in InduSoft Web Studio. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:PHP:YABBSE-PKG-EXEC1 - HTTP: YabbSE Packages.php Code Execution1

Severity: HIGH

Description:

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

cve: CVE-2018-4886

HTTP:EXPLOIT:D-LINK-ADMIN-PW1 - HTTP: D-Link Admin Password Probe1

Severity: HIGH

Description:

This signature detects attempts to use an admin password on a D-Link network device. A successful attack can lead to an attacker controlling the router. This activity is often used by a worm called "TheMoon" to find new D-Link devices to infect - the source is most likely compromised by this worm.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:STREAM:WINAMP-META-OF - HTTP: Nullsoft Winamp Ultravox Streaming Metadata Parsing Overflow

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Nullsoft Winamp Ultravox. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the process's user.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 27344
cve: CVE-2008-0065

Affected Products:

Nullsoft winamp 5.21
Nullsoft winamp 5.51
Nullsoft winamp 5.5

HTTP:INFO-LEAK:WFCHAT1 - HTTP: WFChat Information Disclosure1

Severity: HIGH

Description:

This signature detects attempts to access the files "!pwds.txt" or "!nicks.txt" on a WF-Chat server. Because access to these files is not restricted, attackers can obtain usernames and their associated passwords for the chat.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:ADOBE:CVE-2018-4890CE - HTTP: Adobe Reader CVE-2018-4890 Arbitrary Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to Arbitrary Code execution.

Supported On:

References:

cve: CVE-2018-4890

HTTP:PHP:WP-MRKPLC-UPLOADIFY - HTTP: WP Marketplace Plugin uploadify.php Arbitrary File Upload

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against WordPress WP Marketplace Plugin. A successful attack can lead to the upload of an arbitrary file.

Supported On:

References:

bugtraq: 53789
url: http://wordpress.org/extend/plugins/wpmarketplace/
url: http://wordpress.org/extend/plugins/email-newsletter/

Affected Products:

Wordpress wp_marketplace_plugin 1.5.0
Wordpress wp_marketplace_plugin 1.6.1

APP:NOVELL:IPRINT-ATTRIB-BO - APP: Novell iPrint Server attributes-natural-language Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Novell iPrint Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected user.

Supported On:

References:

bugtraq: 51791
cve: CVE-2011-4194

Affected Products:

Novell open_enterprise_server 2.0.3
Novell iprint

HTTP:WIRESHARK-MPEG-BOF1 - HTTP: Wireshark MPEG Dissector Stack Buffer Overflow1

Severity: HIGH

bugtraq: 53790
url: http://wordpress.org/extend/plugins/wordpress-member-private-conversation/
url: http://www.wordpress.org/

Affected Products:

Wordpress nmedia_wordpress_member_conversation 1.35.0

HTTP:STC:STREAM:QT-MPEG-PAD - HTTP: Apple QuickTime MPEG Stream Padding Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Apple QuickTime MPEG Stream. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 53467
cve: CVE-2012-0659

Affected Products:

Apple mac_os_x_server 10.7.1
Apple mac_os_x_server 10.7.2
Apple quicktime_player 7.1
Apple mac_os_x_server 10.6.7
Apple mac_os_x 10.6.6
Apple mac_os_x_server 10.6.6
Apple quicktime_player 7.7.1
Apple quicktime_player 7.2.1
Apple quicktime_player 7.2
Apple quicktime_player 7.3.1.70
Apple mac_os_x 10.6.5
Apple mac_os_x_server 10.6.5
Apple quicktime_player 7.0.1
Apple quicktime_player 7.0.4
Apple quicktime_player 7.6.6 (1671)
Apple quicktime_player 7.6.7
Apple quicktime_player 7.6
Apple quicktime_player 7.6.8
Apple quicktime_player 7.4
Apple quicktime_player 7.1.4
Apple quicktime_player 7.1.5
Apple quicktime_player 7.0.3
Apple quicktime_player 7.4.1
Apple quicktime_player 7.5.5
Apple quicktime_player 7.3
Apple quicktime_player 7.2.0
Apple quicktime_player 7.1.3
Apple mac_os_x 10.7
Apple mac_os_x_server 10.6.3
Apple quicktime_player 7.6.4
Apple quicktime_player 7.1.1
Apple quicktime_player 7.1.2
Apple mac_os_x 10.6.8
Apple mac_os_x_server 10.6.8
Apple mac_os_x 10.6.2
Apple mac_os_x_server 10.6.2
Apple quicktime_player 7.6.5
Apple mac_os_x 10.6.4
Apple quicktime_player 7.1.6
Apple mac_os_x 10.6.5
Apple mac_os_x_server 10.6.5
Apple mac_os_x_server 10.7
Apple mac_os_x_server 10.6.1
Apple mac_os_x 10.6.1
Apple quicktime_player 7.64.17.73
Apple mac_os_x 10.6
Apple mac_os_x_server 10.6
Apple mac_os_x 10.6.7
Apple mac_os_x 10.7.2
Apple mac_os_x_server 10.6.4
Apple mac_os_x 10.6.3
Apple quicktime_player 7.6.9
Apple quicktime_player 7.0.8
Apple quicktime_player 7.4.5
Apple quicktime_player 7.6.2
Apple mac_os_x 10.7.3
Apple mac_os_x_server 10.7.3
Apple quicktime_player 7.3.1
Apple quicktime_player 7.6.1
Apple quicktime_player 7.7
Apple quicktime_player 7.0.0
Apple quicktime_player 7.6.6
Apple quicktime_player 7.5
Apple mac_os_x 10.7.1
Apple quicktime_player 7.0.2

HTTP:STC:SWF:COPYRAWDATATO1 - HTTP: Adobe Flash Player copyRawDataTo Out of Bounds Array Indexing1

Severity: HIGH

Description:

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an out of bounds array copy in the copyRawDataTo() method of Matrix3D class. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted file. This can lead to code execution in the context of the affected application.

Supported On:

HTTP:STC:ADOBE:CVE-2018-4902RCE - HTTP: Acrobat Reader CVE-018-4902 Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2018-4902

HTTP:STC:ADOBE:CVE-2018-4895RCE - HTTP: Adobe Acrobat and Reader CVE-2018-4895 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader.A successful attack can lead to Remote Code Execution.

Supported On:

References:

bugtraq: 102994
cve: CVE-2018-4895

HTTP:STC:ADOBE:CVE-2018-4884RCE - HTTP: Adobe Reader CVE-2018-4884 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to Remote Code Execution.

Supported On:

References:

cve: CVE-2018-4884

HTTP:INFO:FACEBOOK1 - HTTP: Facebook Access1

Severity: HIGH

Description:

This signature detects an attempt to reach the Facebook social networking Web site. Use of this service may violate your organization's acceptable use policy. This signature can be used to identify these violations.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:MS-EOT-INFO-DIS - HTTP: Microsoft Windows EOT Component Info Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows EOT component. Successful exploitation could result in information disclosure

Supported On:

References:

cve: CVE-2018-0855

HTTP:STC:ADOBE:CVE-2018-4878UAF - HTTP: Adobe Flash Player CVE-2018-4878 Use After Free

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2018-4878
bugtraq: 102893
url: https://helpx.adobe.com/security/products/flash-player/apsb18-03.html

HTTP:STC:CHROME:TABLE-CSS-MC1 - HTTP: Google Chrome Table Webkit Appearance CSS Property Memory Corruption1

Severity: HIGH

Description:

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:WORDPRESS-LS-DOS - HTTP: WordPress load-scripts.php Denial Of Service

Severity: HIGH

Description:

This signature detects attempt to exploit denial of service vulnerability which is present in WordPress. A remote attacker could exploit this vulnerability by sending crafted requests to a vulnerable server. Successful exploitation would exhaust the resources of the target server, possibly resulting in denial-of-service conditions.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

cve: CVE-2018-6389

SSH:OPENSSH:SFTP-DOS - SSH: OpenSSH SFTP Server Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against OpenSSH, SFTP server. A successful attack can result in a denial-of-service condition.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

bugtraq: 101552
cve: CVE-2017-15906

Affected Products:

Openbsd openssh 5.1
Openbsd openssh 4.1p1
Openbsd openssh 3.9
Openbsd openssh 2.2
Openbsd openssh 3.0.2p1
Openbsd openssh 2.9p2
Openbsd openssh 3.3p1
Openbsd openssh 4.7
Openbsd openssh 4.3p2
Openbsd openssh 3.3
Openbsd openssh 4.0p1
Openbsd openssh 3.1
Openbsd openssh 4.8
Openbsd openssh 3.5p1
Openbsd openssh 3.7
Openbsd openssh 2.5
Openbsd openssh 4.6
Openbsd openssh 3.0p1
Openbsd openssh 3.2.3p1
Openbsd openssh 3.5
Openbsd openssh 5.9
Openbsd openssh 4.7p1
Openbsd openssh 3.9.1p1
Openbsd openssh 6.9
Openbsd openssh 5.5
Openbsd openssh 5.7
Openbsd openssh 4.4
Openbsd openssh 7.4
Openbsd openssh 2.9.9p2
Openbsd openssh 1.2
Openbsd openssh 6.3
Openbsd openssh 5.3
Openbsd openssh 3.6.1p2
Openbsd openssh 3.0.1
Openbsd openssh 6.1
Openbsd openssh 5.8p2
Openbsd openssh 1.2.27
Openbsd openssh 7.2
Openbsd openssh 2.5.1
Openbsd openssh 6.0
Openbsd openssh 3.7.1p1
Openbsd openssh 7.0
Openbsd openssh 3.2.2
Openbsd openssh 1.5.8
Openbsd openssh 2.9p1
Openbsd openssh 3.0.1p1
Openbsd openssh 3.6.1
Openbsd openssh 1.2.3
Openbsd openssh 6.7
Openbsd openssh 3.8.1
Openbsd openssh 1.2.1
Openbsd openssh 3.8
Openbsd openssh 2.3
Openbsd openssh 3.7.1
Openbsd openssh 3.4p1
Openbsd openssh 2.1
Openbsd openssh 6.6
Openbsd openssh 3.8.1p1
Openbsd openssh 2.1.1
Openbsd openssh 4.3p1
Openbsd openssh 3.2
Openbsd openssh 4.1
Openbsd openssh 2.9.9
Openbsd openssh 3.0
Openbsd openssh 4.9
Openbsd openssh 2.3.1
Openbsd openssh 3.6
Openbsd openssh 3.2.2p1
Openbsd openssh 6.5
Openbsd openssh 2.9
Openbsd openssh 4.2p1
Openbsd openssh 4.0
Openbsd openssh 3.9.1
Openbsd openssh 5.8
Openbsd openssh 6.4
Openbsd openssh 5.4
Openbsd openssh 4.3
Openbsd openssh 3.1p1
Openbsd openssh 6.8
Openbsd openssh 5.6
Openbsd openssh 4.5
Openbsd openssh 3.4
Openbsd openssh 3.0.2
Openbsd openssh 5.2
Openbsd openssh 4.2
Openbsd openssh 1.3
Openbsd openssh 6.2
Openbsd openssh 2.5.2
Openbsd openssh 3.6.1p1
Openbsd openssh 3.7.1p2
Openbsd openssh 2
Openbsd openssh 1.5
Openbsd openssh 7.5
Openbsd openssh 1.5.7
Openbsd openssh 7.3
Openbsd openssh 5.0
Openbsd openssh 4.4p1
Openbsd openssh 7.1
Openbsd openssh 1.2.2

SSL:CISCO-ASA-WEBVPN-CE - SSL: Cisco Adaptive Security Appliance Webvpn XML Parser Double Free

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Cisco Adaptive Security Appliance. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

bugtraq: 102845
cve: CVE-2018-0101

HTTP:INFO-LEAK:CA-TOTAL-DEFENSE - HTTP: CA Total Defense Suite UNCWS getDBConfigSettings Credential Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known information disclosure vulnerability in CA Total Defense Suite. Its due to insufficient access control when handling requests for the web service getDBConfigSettings. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Supported On:

References:

bugtraq: 47356
cve: CVE-2011-1655

Affected Products:

Computer_associates total_defense 12

HTTP:SQL:INJ:WP-AJAX-CATEGORY1 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection1

Severity: HIGH

Description:

Supported On:

HTTP:STC:IMG:OFFICE-FLASHPIX1 - HTTP: Microsoft Office Malicious FlashPix Graphics File1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against the Microsoft Office FlashPix Graphics Filter. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

APP:LANDESK-THINKMGT-DIRTRVRSAL - APP: LANDesk ThinkManagement Suite SetTaskLogByFile Directory Traversal

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against LANDesk ThinkManagement Suite. Attackers can traverse arbitrary directories on the server resulting in the attacker accessing areas of the system otherwise unintended to be accessed externally.

Supported On:

References:

bugtraq: 52023
cve: CVE-2012-1196

Affected Products:

Landesk_software lenovo_thinkmanagement_console 9.0.3

HTTP:STC:DL:QUICKTIME-QTVR-BOF1 - HTTP: Apple QuickTime QTVR QTVRStringAtom Parsing Buffer Overflow (CVE-2012-0667)1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Apple QuickTime. It is due to a signedness error, which leads to a stack-based buffer overflow when processing a QTVR string atom having an overly large stringLength parameter. A remote attacker can exploit this vulnerability by enticing a user to download and process a specially crafted QuickTime VR file with the vulnerable software. This can lead to code execution in the context of the vulnerable application.

Supported On:

HTTP:IIS:WEBDAV:XML-HANDLER-DOS - HTTP: Microsoft WebDAV XML Message Handler Denial of Service

Severity: MEDIUM

Description:

This signature detects denial-of-service (DoS) attempts against the WebDAV XML Message Handler in Microsoft IIS. Attackers can send a malicious HTTP request to a WebDAV enabled IIS server to cause it to consume all system resources. A machine reboot is required to resume service.

Supported On:

isg-3.5.141652, idp-5.1.110161014, DI-Server, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, DI-Base, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 11384
cve: CVE-2003-0718

Affected Products:

Microsoft windows_xp_professional
Microsoft windows_xp_home
Microsoft windows_2000_server
Microsoft windows_2000_datacenter_server
Microsoft windows_2000_professional SP3
Microsoft windows_2000_server SP3
Microsoft windows_2000_advanced_server SP3
Microsoft windows_xp_64-bit_edition
Microsoft windows_2000_datacenter_server SP3
Microsoft windows_xp_64-bit_edition SP1
Avaya definityone_media_servers R10
Microsoft windows_2000_datacenter_server SP1
Avaya ip600_media_servers R10
Avaya s3400_message_application_server
Avaya s8100_media_servers
Avaya s8100_media_servers R11
Avaya definityone_media_servers R11
Avaya ip600_media_servers R11
Microsoft windows_2000_professional
Microsoft windows_2000_advanced_server
Microsoft windows_2000_advanced_server SP1
Microsoft windows_2000_advanced_server SP4
Microsoft windows_2000_datacenter_server SP4
Microsoft windows_2000_professional SP4
Microsoft windows_2000_server SP4
Microsoft iis 5.0
Microsoft windows_xp_64-bit_edition_version_2003
Microsoft windows_2000_server SP1
Microsoft windows_server_2003_standard_edition
Microsoft iis 5.1
Microsoft windows_2000_professional SP1
Microsoft windows_xp_64-bit_edition_version_2003 SP1
Microsoft windows_xp_home SP1
Microsoft windows_xp_professional SP1
Microsoft windows_server_2003_enterprise_edition_itanium
Microsoft windows_2000_server SP2
Avaya modular_messaging_(mss) 1.1.0
Microsoft windows_2000_advanced_server SP2
Microsoft windows_2000_datacenter_server SP2
Microsoft windows_2000_professional SP2
Avaya modular_messaging_(mss) 2.0.0
Avaya s8100_media_servers R10
Microsoft windows_server_2003_enterprise_edition
Microsoft windows_server_2003_datacenter_edition
Microsoft windows_server_2003_web_edition
Avaya definityone_media_servers
Microsoft windows_server_2003_datacenter_edition_itanium
Avaya ip600_media_servers
Microsoft iis 6.0

HTTP:DIR:MANAGEENGINE - HTTP: ManageEngine Multiple Products File Attachment Directory Traversal

Severity: HIGH

Description:

This signature detects directory traversal attack attempts on ManageEngine ServiceDesk Plus, AssetExplorer, SupportCenter and IT360. A successful attack scenario, the attacker can execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.

Supported On:

References:

cve: CVE-2014-5301

HTTP:STC:OLE-SHELL1 - HTTP: Malicious OLE Object in Office Document1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Windows Shell. Attackers can use this vulnerability to exploit a system if a user is logged on with administrative privileges. The attacker could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.

Supported On:

HTTP:LEXMARK-LIB-FILE-DIR-TRAV - HTTP: Lexmark Markvision LibraryFileUploadServlet Directory Traversal

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Lexmark Markvision Enterprise . A successful attack can result in directory traversal attacks.

Supported On:

References:

cve: CVE-2014-9375

HTTP:PHP:VS-NEWS-RFI1 - HTTP: VirtualSystem VS-News-System Show_News_Inc.PHP Remote File Inclusion1

Severity: HIGH

Description:

This signature detects attempts to exploit a known remote file inclusion vulnerability in the VirtualSystem VS-News-System. It is due to insufficient validation of user-supplied input in Show_News_Inc.php. A remote attacker can exploit this by enticing a target to open a malicious URL link. A successful attack can result in arbitrary code execution and loss of sensitive information.

Supported On:

HTTP:STC:IE:SETCAPTURE-UAF1 - HTTP: Microsoft Internet Explorer SetCapture Use After Free1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

APP:HP-PROCURVE-FILE-UPLOAD - APP: HP ProCurve Manager SNAC UpdateCertificatesServlet Code Execution (HTTP)

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against HP ProCurve Manager. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2013-4812

Affected Products:

Hp procurve_manager 3.20 (:~~~plus~~)
Hp procurve_manager 4.0 (:~~~plus~~)
Hp identity_driven_manager 4.0

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:PHP:YABBSE-PKG-EXEC10 - HTTP: YabbSE Packages.php Code Execution10

Severity: HIGH

Description:

Supported On:

Supported On:

HTTP:ADOBE-ROBOHELP-FILE-UPLOA3 - HTTP: Adobe RoboHelp Server Arbitrary File Upload and Execute3

Severity: MEDIUM

Description:

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

APP:HP-PROCRVE-SNAC-FILE-UPLD - APP: HP ProCurve Manager SNAC UpdateDomainControllerServlet Code Execution

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against HP ProCurve Manager. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2013-4811
bugtraq: 62349

Affected Products:

Hp procurve_manager 3.20 (:~~~plus~~)
Hp procurve_manager 4.0 (:~~~plus~~)
Hp identity_driven_manager 4.0

HTTP:STC:MOZILLA:OGG-VORBIS1 - HTTP: Multiple Mozilla Products Ogg Vorbis Decoding Memory Corruption1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Mozilla Firefox, Thunderbird and Seamonkey. A successful attack can lead to memory corruption and arbitrary code execution.

Supported On:

HTTP:STC:MOZILLA:NNTP-URL1 - HTTP: Mozilla NNTP URL Handling Buffer Overflow1

Severity: MEDIUM

Description:

A vulnerability has been reported in the way the Mozilla browser handles NNTP URLs. Due to insufficient input validation, a specially crafted URI using the scheme news:// can overflow a heap buffer. By enticing a user to follow a specially crafted NNTP URI, an attacker can remotely exploit this vulnerability in a way that allows for code injection and execution with the privileges of the currently logged in user. In a simple exploit attempt, an instance of a vulnerable Mozilla browser will open a connection with the server listening at the address and the port provided in the specially crafted news:// URI. When the vulnerable function is called to process the commands embedded in the URI, the application will terminate with a memory access violation error. In a more sophisticated attack case, the process flow can be diverted allowing for arbitrary code execution. In such a case, the behaviour of the target is dependent on the nature of the injected code.

Supported On:

HTTP:INFO-LEAK:WFCHAT11 - HTTP: WFChat Information Disclosure11

Severity: HIGH

Description:

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:JAVA:GIF-MEMCORRUPT1 - HTTP: Sun Java GIF File Handling Memory Corruption1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Sun Java SDK and Java Runtime Environment. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:DOS:DRUPAL-XML-RPC-IEE - HTTP: Drupal Core XML-RPC Endpoint Internal Entity Expansion Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Drupal Core XML-RPC. The vulnerability is due to an input validation error when an XML-RPC endpoint handles Internal Entity Expansion. This can cause a very high CPU load and memory exhaustion. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2014-5265

Affected Products:

Drupal drupal 7.28
Wordpress wordpress 3.9.0
Wordpress wordpress 3.0.2
Drupal drupal 7.9
Wordpress wordpress 3.0.4
Drupal drupal 7.22
Wordpress wordpress 3.0.6
Wordpress wordpress 3.3.3
Drupal drupal 7.13
Wordpress wordpress 3.4.1
Drupal drupal 7.20
Wordpress wordpress 3.8
Wordpress wordpress 3.3.1
Drupal drupal 7.11
Drupal drupal 7.26
Drupal drupal 6.21
Drupal drupal 7.17
Drupal drupal 7.24
Drupal drupal 7.15
Wordpress wordpress 3.5.1
Wordpress wordpress 3.0
Wordpress wordpress 3.8.1
Drupal drupal 6.22
Drupal drupal 7.19
Wordpress wordpress 3.1.4
Wordpress wordpress 3.2
Drupal drupal 6.24
Drupal drupal 7.5
Drupal drupal 6.26
Drupal drupal 6.19
Wordpress wordpress 3.6
Drupal drupal 6.28
Wordpress wordpress 3.1.2
Drupal drupal 6.15
Wordpress wordpress 3.6.1
Drupal drupal 6.1
Drupal drupal 6.32
Drupal drupal 6.17
Drupal drupal 7.4
Drupal drupal 6.30
Drupal drupal 6.11
Drupal drupal 7.30
Drupal drupal 6.3
Drupal drupal 6.13
Drupal drupal 7.7
Drupal drupal 7.0
Wordpress wordpress 3.7.1
Drupal drupal 6.7
Wordpress wordpress 3.0.1
Drupal drupal 6.9
Drupal drupal 7.29
Wordpress wordpress 3.0.3
Drupal drupal 7.6
Wordpress wordpress 3.9.1
Wordpress wordpress 3.0.5
Drupal drupal 7.8
Wordpress wordpress 3.3.2
Drupal drupal 7.23
Drupal drupal 7.1
Drupal drupal 7.12
Wordpress wordpress 3.4.0
Drupal drupal 7.21
Drupal drupal 7.10
Wordpress wordpress 3.4.2
Drupal drupal 7.27
Drupal drupal 7.16
Drupal drupal 7.25
Drupal drupal 6.5
Wordpress wordpress 3.5.0
Drupal drupal 7.14
Drupal drupal 6.20
Wordpress wordpress 3.1
Drupal drupal 6.23
Wordpress wordpress 3.3
Drupal drupal 6.25
Drupal drupal 7.18
Drupal drupal 7.3
Drupal drupal 6.27
Drupal drupal 6.18
Wordpress wordpress 3.7
Wordpress wordpress 3.2.1
Drupal drupal 6.29
Wordpress wordpress 3.1.1
Drupal drupal 6.14
Wordpress wordpress 3.1.3
Drupal drupal 7.2
Drupal drupal 6.16
Drupal drupal 6.0
Drupal drupal 6.10
Drupal drupal 7.x-dev
Drupal drupal 6.2
Drupal drupal 6.31
Drupal drupal 6.12
Drupal drupal 6.4
Drupal drupal 6.6
Drupal drupal 6.8

HTTP:STC:IMG:OFFICE-FLASHPIX21 - HTTP: Microsoft Office Malicious FlashPix Image (2)1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against the Microsoft Office FlashPix Graphics filter. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:INFO-LEAK:WFCHAT10 - HTTP: WFChat Information Disclosure10

Severity: HIGH

Description:

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:IMG:KODAK-TIFF1 - HTTP: Microsoft Windows Kodak Image Viewer Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Kodak Image Viewer. A successful attack can lead to arbitrary code execution.

Supported On:

Supported On:

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:PHP:PHPSECUREPAGE-RFI10 - HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion10

Severity: HIGH

Description:

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:DL:XLS-SERIES10 - HTTP: Microsoft Excel Malformed Series Record Remote Code Execution10

Severity: HIGH

Description:

This signature detects attempts to exploit a known issue with Microsoft Excel. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:ADOBE:READER-PLUGIN10 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption10

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY10 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 10

Severity: HIGH

Description:

Supported On:

HTTP:STC:DL:VISIO-VSD-MEM1 - HTTP: Microsoft Visio VSD File Format Memory Corruption Remote Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Visio. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:VISIO-OBJ-CONFUSIO1 - HTTP: Microsoft Visio Object Type Confusion Remote Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Visio. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:SOPHOS-ZIPDOS1 - HTTP: Sophos Anti-Virus Zip File Handling Denial of Service1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Sophos Anti-Virus. A successful attack can result in a denial-of-service condition.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:DL:SANDWORM-RCE1 - HTTP: Microsoft Office SandWorm Remote Code Execution1

Severity: MEDIUM

Description:

This signature detects an attempt to exploit a known vulnerability against Microsoft Office PowerPoint presentation show based files. Successful exploitation could allow an attacker to execute arbitrary commands into the context of the running application.

Supported On:

HTTP:STC:DOTNET-BUFF-ALLOC10 - HTTP: .NET Framework Buffer Allocation Vulnerability10

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against .NET runtime environment. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:CHROME:TABLE-CSS-MC2 - HTTP: Google Chrome Table Webkit Appearance CSS Property Memory Corruption2

Severity: HIGH

Description:

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

APP:NOVELL:IMANAGER-FILE-UPLOAD - APP: Novell iManager getMultiPartParameters Unauthorized File Upload

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Novell iManager. A successful attack can lead to the upload of an arbitrary file.

Supported On:

References:

bugtraq: 43635

Affected Products:

Novell imanager 2.5.0
Novell imanager 2.0.2
Novell imanager 2.7.3
Novell imanager 2.7.0
Novell imanager 2.7.1
Novell imanager 2.7.3.2
Novell imanager 2.7.3 FTF2
Novell imanager 2.0.0
Novell imanager 2.6.0

HTTP:STC:DL:QT-STSC-ATOM-MC1 - HTTP: Microsoft DirectShow QuickTime stsc Atom Parsing Memory Corruption1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft DirectShow QuickTime Movie Parser filter. It is due to improper input validation when parsing crafted stsc atoms in QuickTime format files. A successful attack can lead to memory corruption and arbitrary code execution.

Supported On:

HTTP:STC:DL:QT-PDAT1 - HTTP: Apple QuickTime PDAT Atom Parsing Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Apple Quicktime. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Supported On:

HTTP:STC:WIN-SHELLHNDL1 - HTTP: Microsoft Windows Shell Handler URL Validation1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Shell Handler. Attackers can trick victims into visiting hostile Web pages, which if successful, can result in remote code execution on the victim's system.

Supported On:

Supported On:

Supported On:

References:

cve: CVE-2014-5266

Affected Products:

Drupal drupal 7.28
Wordpress wordpress 3.9.0
Wordpress wordpress 3.0.2
Drupal drupal 7.9
Wordpress wordpress 3.0.4
Drupal drupal 7.22
Wordpress wordpress 3.0.6
Wordpress wordpress 3.3.3
Drupal drupal 7.13
Wordpress wordpress 3.4.1
Drupal drupal 7.20
Wordpress wordpress 3.8
Wordpress wordpress 3.3.1
Drupal drupal 7.11
Drupal drupal 7.26
Drupal drupal 6.21
Drupal drupal 7.17
Drupal drupal 7.24
Drupal drupal 7.15
Wordpress wordpress 3.5.1
Wordpress wordpress 3.0
Wordpress wordpress 3.8.1
Drupal drupal 6.22
Drupal drupal 7.19
Wordpress wordpress 3.1.4
Wordpress wordpress 3.2
Drupal drupal 6.24
Drupal drupal 7.5
Drupal drupal 6.26
Drupal drupal 6.19
Wordpress wordpress 3.6
Drupal drupal 6.28
Wordpress wordpress 3.1.2
Drupal drupal 6.15
Wordpress wordpress 3.6.1
Drupal drupal 6.1
Drupal drupal 6.32
Drupal drupal 6.17
Drupal drupal 7.4
Drupal drupal 6.30
Drupal drupal 6.11
Drupal drupal 7.30
Drupal drupal 6.3
Drupal drupal 6.13
Drupal drupal 7.7
Drupal drupal 7.0
Wordpress wordpress 3.7.1
Drupal drupal 6.7
Wordpress wordpress 3.0.1
Drupal drupal 6.9
Drupal drupal 7.29
Wordpress wordpress 3.0.3
Drupal drupal 7.6
Wordpress wordpress 3.9.1
Wordpress wordpress 3.0.5
Drupal drupal 7.8
Wordpress wordpress 3.3.2
Drupal drupal 7.23
Drupal drupal 7.1
Drupal drupal 7.12
Wordpress wordpress 3.4.0
Drupal drupal 7.21
Drupal drupal 7.10
Wordpress wordpress 3.4.2
Drupal drupal 7.27
Drupal drupal 7.16
Drupal drupal 7.25
Drupal drupal 6.5
Wordpress wordpress 3.5.0
Drupal drupal 7.14
Drupal drupal 6.20
Wordpress wordpress 3.1
Drupal drupal 6.23
Wordpress wordpress 3.3
Drupal drupal 6.25
Drupal drupal 7.18
Drupal drupal 7.3
Drupal drupal 6.27
Drupal drupal 6.18
Wordpress wordpress 3.7
Wordpress wordpress 3.2.1
Drupal drupal 6.29
Wordpress wordpress 3.1.1
Drupal drupal 6.14
Wordpress wordpress 3.1.3
Drupal drupal 7.2
Drupal drupal 6.16
Drupal drupal 6.0
Drupal drupal 6.10
Drupal drupal 7.x-dev
Drupal drupal 6.2
Drupal drupal 6.31
Drupal drupal 6.12
Drupal drupal 6.4
Drupal drupal 6.6
Drupal drupal 6.8

References:

cve: CVE-2010-3582
bugtraq: 44031
bugtraq: 44047
cve: CVE-2010-3585

Affected Products:

Oracle oracle_vm 2.2.1

HTTP:STC:JAVA:PRVDR-SKLTON-SB1 - HTTP: Oracle Java ProviderSkeleton Sandbox Bypass1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Oracle Java. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:MS-OBJ-PACKAGER-RC1 - HTTP: Microsoft Windows Object Packager ClickOnce Object Handling Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Object Packager. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:MSHTML-HELP1 - HTTP: Microsoft HTML Help '.chm' File Stack Buffer Overflow Vulnerability1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft HTML Help. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.

Supported On:

HTTP:STC:DL:MSDOTNET-FUNC-PTR1 - HTTP: Microsoft .NET Framework Improper Execution of Function Pointer1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft's .NET Framework. A successful attack can lead to arbitrary code execution.

Supported On:

Supported On:

References:

bugtraq: 56438
cve: CVE-2012-3756

Affected Products:

Apple quicktime 6.5.0
Apple quicktime 7.1.6
Apple quicktime 6.3.0
Apple quicktime 7.6.9
Apple quicktime 4.1.2
Apple quicktime 6.4.0
Apple quicktime 7.4.0
Apple quicktime 6.2.0
Apple quicktime 7.1.1
Apple quicktime 7.1.2
Apple quicktime 7.1.3
Apple quicktime 7.0.0
Apple quicktime 6.5.1
Apple quicktime 7.3.0
Apple quicktime 7.3.1.70
Apple quicktime 5.0.2
Apple quicktime 7.6.8
Apple quicktime 7.0.3
Apple quicktime 7.6.7
Apple quicktime 7.3.1
Apple quicktime 7.0.2
Apple quicktime 6.0.0
Apple quicktime 7.6.6
Apple quicktime 7.7.0
Apple quicktime 7.4.5
Apple quicktime 7.0.4
Apple quicktime 7.2.0
Apple quicktime 7.5.0
Apple quicktime 5.0.1
Apple quicktime 7.1.0
Apple quicktime 6.0.2
Apple quicktime 6.1
Apple quicktime 7.7.1
Apple quicktime 7.6.2
Apple quicktime 7.6.5
Apple quicktime 6.5
Apple quicktime 7.6.1
Apple quicktime 6.1.1
Apple quicktime 7.4.1
Apple quicktime 6.0.1
Apple quicktime 7.2.1
Apple quicktime 7.6.0
Apple quicktime 7.5.5
Apple quicktime 3.0
Apple quicktime 7.1.4
Apple quicktime 6.0
Apple quicktime 7.1.5
Apple quicktime up to 7.7.2
Apple quicktime 6.5.2
Apple quicktime 7.0.1
Apple quicktime 5.0

HTTP:STC:DL:ARJ-BO1 - HTTP: NOD32 AntiVirus ARJ Archive Handling Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the NOD32 AntiVirus. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service.

Supported On:

HTTP:STC:DL:APPLE-QT-MOV-DOS1 - HTTP: Apple QuickTime Player MOV File Handling Denial of Service1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Apple QuickTime Player. A successful attack can result in a denial-of-service condition.

Supported On:

HTTP:STC:DL:APPLE-QT-IMAGE-MC1 - HTTP: Apple QuickTime Image Description Atom Sign Extension Memory Corruption1

Severity: MEDIUM

Description:

Supported On:

HTTP:STC:DL:APPLE-QT-H264-BOF1 - HTTP: Apple QuickTime H.264 Crafted Movie Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the MP4/MP4V/M4V file format. A successful attack can lead arbitrary remote code execution within the context of the user.

Supported On:

HTTP:NOVELL:ZENWORKS-RTRLET-COM - HTTP: Novell ZENWorks Asset Management 'rtrlet' Component Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Novell ZENWorks Asset Management 'rtrlet' Component. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 50966
url: http://download.novell.com/Download?buildid=hPvHtXeNmCU~
url: http://www.novell.com/products/zenworks/assetmanagement/overview.html
cve: CVE-2011-2653

Affected Products:

Novell zenworks_asset_management 7.5

HTTP:STC:ADOBE:WRTE-WAT-WHRE-C1 - HTTP: Adobe Flash Player Shader Object Processing Remote Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.

Supported On:

Supported On:

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 69482
cve: CVE-2014-6037

Affected Products:

Zohocorp manageengine_eventlog_analyzer 9.0
Zohocorp manageengine_eventlog_analyzer 8.2

APP:AVAYA-CCRWEBCLIENT-RCE - APP: Avaya IP Office Customer Call Reporter ImageUpload.ashx Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Avaya IP Office Customer Call Reporter. A successful attack can lead to arbitrary remote code execution within the context of the server.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 54225
cve: CVE-2012-3811

Affected Products:

Avaya ip_office_customer_call_reporter 7.0
Avaya ip_office_customer_call_reporter 8.0

HTTP:STC:DL:REALPLAYER-SWF-BO1 - HTTP: RealPlayer SWF Frame Handling Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in RealNetworks RealPlayer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

HTTP:STC:IE:COMPRESSED-URL - HTTP: Microsoft Internet Explorer Compressed Content URL Heap Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer. A successful attack can lead to a heap overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

bugtraq: 19987
cve: CVE-2006-3873

Affected Products:

Microsoft internet_explorer 6.0
Microsoft internet_explorer 5.0.1 SP4
Microsoft internet_explorer 6.0 SP1

HTTP:HP-SITESCOPE-INF-DISC - HTTP: HP SiteScope Log Analyzer Information Disclosure

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in HP SiteScope. Successful exploitation would allow the authenticated attacker to gain administrator role privileges.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

cve: CVE-2015-2120

Affected Products:

Hp sitescope 11.30.521
Hp sitescope 11.13
Hp sitescope 11.24.391

HTTP:MISC:ENDIAN-PRX-CMDEXEC - HTTP: Endian Firewall Proxy Password Change Command Execution

Severity: HIGH

Description:

This signature detects an attempt to exploit a known vulnerability against Endian Firewall Proxy application. Successful exploitation could allow an attacker to perform remote code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

cve: CVE-2015-5082

Affected Products:

Endian_firewall endian_firewall 2.5.1

APP:HP-PM-EXP-DATA-LOGS - APP: HP Power Manager formExportDataLogs Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in HP Power Manager. It is due to insufficient bounds checking in the HP Power Manager while processing URL parameters. In a successful code execution attack the injected code is executed within the security context of the SYSTEM user. An unsuccessful exploit attempt can terminate the affected service abnormally and result in a denial-of-service condition.

Supported On:

References:

bugtraq: 37866
cve: CVE-2009-3999

Affected Products:

Hp power_manager 4.0Build10
Hp power_manager 4.0Build11
Hp power_manager 4.2.9
Hp power_manager 4.2.7
Hp power_manager

HTTP:SQL:INJ:WP-AJAX-CATEGORY2 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 2

Severity: HIGH

Description:

Supported On:

HTTP:STC:SCHNEIDER-CFG-FILE-BO1 - HTTP: Schneider Electric VAMPSET CFG File Handling Buffer Overflow 1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Schneider. A successful exploit can lead to buffer overflow and remote code execution.

Supported On:

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY5 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 5

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY6 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 6

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY7 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 7

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY8 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 8

Severity: HIGH

Description:

Supported On:

HTTP:SQL:INJ:WP-AJAX-CATEGORY9 - HTTP: WordPress Ajax Category Dropdown Plugin SQL Injection 9

Severity: HIGH

Description:

Supported On:

References:

bugtraq: 30935
cve: CVE-2008-3697

Affected Products:

Vmware server 1.0.7
Vmware server 1.0.7 Build 108231

HTTP:STC:ADOBE:READER-PLUGIN2 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption2

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN3 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption3

Severity: HIGH

Description:

Supported On:

HTTP:STC:DL:PPT-VIEWER-MEMALLO1 - HTTP: Microsoft PowerPoint Viewer Memory Allocation Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft PowerPoint Viewer. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN5 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption5

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN6 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption6

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN7 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption7

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN8 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption8

Severity: HIGH

Description:

Supported On:

HTTP:STC:ADOBE:READER-PLUGIN9 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption9

Severity: HIGH

Description:

Supported On:

HTTP:STC:DL:XLS-SERIES2 - HTTP: Microsoft Excel Malformed Series Record Remote Code Execution2

Severity: HIGH

Description:

This signature detects attempts to exploit a known issue with Microsoft Excel. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:APACHE:MOD-ISAPI-RCE - HTTP: Apache HTTP Server mod_isapi Dangling Pointer Remote Code Execution

Severity: CRITICAL

Description:

Supported On:

References:

bugtraq: 38494
cve: CVE-2010-0425

Affected Products:

Apache_software_foundation apache 2.2.5
Ibm websphere_application_server 7.0.0.7
Apache_software_foundation apache 2.2.7-Dev
Fujitsu interstage_application_server_standard-j_edition 9.0.0A
Ibm websphere_application_server 6.1.0.2
Avaya aura_application_enablement_services 4.2.1
Sun opensolaris Build Snv 99
Ibm websphere_application_server 7.0.0.9
Avaya aura_application_enablement_services 4.1
Sun opensolaris Build Snv 74
Apache_software_foundation apache 2.0.63
Ibm websphere_application_server 6.1.0
Sun opensolaris Build Snv 101A
Apache_software_foundation apache 2.0.62-Dev
Sun opensolaris Build Snv 91
Sun opensolaris Build Snv 57
Sun opensolaris Build Snv 28
Sun opensolaris Build Snv 103
Sun opensolaris Build Snv 50
Kolab kolab_groupware_server 2.2-Rc1
Ibm websphere_application_server 7.0.0.5
Apache_software_foundation apache 2.0.52
Apache_software_foundation apache 2.2
Ibm websphere_application_server 7.0.0.8
Ibm websphere_application_server 6.1.0.22
Apache_software_foundation apache 2.0.40
Apache_software_foundation apache 2.0.49
Ibm websphere_application_server 7.0
Ibm websphere_application_server 7.0.0.1
Apache_software_foundation apache 2.2.14
Sun opensolaris Build Snv 71
Sun solaris 10 Sparc
Apache_software_foundation apache 2.2.13
Sun opensolaris Build Snv 49
Red_hat fedora 11
Slackware linux 13.0
Apache_software_foundation apache 2.0.55
Sun opensolaris Build Snv 108
Avaya intuity_audix_lx 2.0 SP1
Avaya intuity_audix_lx 2.0 SP2
Sun opensolaris Build Snv 67
Apache_software_foundation apache 2.0.57
Avaya aura_session_manager 1.1
Avaya communication_manager 5.1.2
Ibm websphere_application_server 6.1.0.9
Fujitsu interstage_application_server_enterprise_edition 9.0.0
Ibm websphere_application_server 6.1.0.23
Ibm websphere_application_server 6.1.0.13
Ibm websphere_application_server 7.0.0.3
Ibm websphere_application_server 6.1.0.3
Kolab kolab_groupware_server 2.2 Beta3
Fujitsu interstage_studio_enterprise_edition 9.0.0
Fujitsu interstage_studio_standard-j_edition 9.0.0
Apache_software_foundation apache 2.2.11
Apache_software_foundation apache 2.2.6
Apache_software_foundation apache 2.0.54
Slackware linux 13.0 X86 64
Sun opensolaris Build Snv 22
Avaya voice_portal 4.1 SP1
Avaya voice_portal 4.1 SP2
Sun opensolaris Build Snv 19
Avaya voice_portal 5.0
Avaya meeting_exchange 5.0 SP1
Avaya meeting_exchange 5.0 SP2
Avaya meeting_exchange 5.1 SP1
Red_hat jboss_enterprise_web_server_for_rhel_5_server 1.0.0
Apache_software_foundation apache 2.0.59
Apache_software_foundation apache 2.0.45
Sun opensolaris Build Snv 64
Sun opensolaris Build Snv 13
Apache_software_foundation apache 2.0.56 -Dev
Ibm websphere_application_server 6.1.0.25
Sun opensolaris Build Snv 110
Sun opensolaris Build Snv 111
Kolab kolab_groupware_server 2.2.2
Apache_software_foundation apache 2.2.4
Avaya meeting_exchange 5.2
Avaya communication_manager 5.0 SP3
Apache_software_foundation apache 2.2.9
Apache_software_foundation apache 2.2.8
Avaya communication_manager 5.1
Vmware ace_management_server_(ams)_for_windows
Avaya communication_manager 4.0.3 SP1
Avaya communication_manager 5.0
Avaya intuity_audix_lx 2.0
Ibm http_server 2.0.47
Sun opensolaris Build Snv 68
Sun opensolaris Build Snv 36
Sun opensolaris Build Snv 54
Sun opensolaris Build Snv 51
Ibm websphere_application_server 6.1.0.17
Avaya communication_manager 5.2
Avaya aura_sip_enablement_services 5.2
Ibm http_server 2.0.47 .1
Sun opensolaris Build Snv 101
Avaya aura_sip_enablement_services 4.0
Avaya aura_application_enablement_services 4.2
Avaya aura_application_enablement_services 4.2.2
Apache_software_foundation apache 2.0.39
Apache_software_foundation apache 2.0.38
Apache_software_foundation apache 2.0.37
Sun opensolaris Build Snv 100
Apache_software_foundation apache 2.0.51
Avaya meeting_exchange 5.1
Avaya message_networking 5.2
Apache_software_foundation apache 2.2.1
Ibm websphere_application_server 6.1.0.5
Avaya message_networking 3.1
Apache_software_foundation apache 2.0.46
Slackware linux 12.1
Sun opensolaris Build Snv 84
Sun solaris 10 X86
Ibm websphere_application_server 6.1.0.4
Apache_software_foundation apache 2.0.58
Kolab kolab_groupware_server 2.2 Beta1
Avaya aura_application_enablement_services 4.0.1
Rpath rpath_linux 1
Apache_software_foundation apache 2.0.44
Apache_software_foundation apache 2.0.50
Fujitsu interstage_application_server_standard-j_edition 9.1.0
Avaya aura_application_enablement_services 4.0
Sun opensolaris Build Snv 80
Sun opensolaris Build Snv 01
Sun opensolaris
Sun opensolaris Build Snv 93
Fujitsu interstage_application_server_enterprise_edition 9.2.0
Fujitsu interstage_application_server_standard-j_edition 9.2.0
Fujitsu interstage_studio_enterprise_edition 9.1.0
Fujitsu interstage_studio_enterprise_edition 9.1.0 B
Fujitsu interstage_studio_enterprise_edition 9.2.0
Fujitsu interstage_studio_standard-j_edition 9.1.0
Fujitsu interstage_studio_standard-j_edition 9.1.0 B
Fujitsu interstage_studio_standard-j_edition 9.2.0
Apache_software_foundation apache 2.2.3
Ibm websphere_application_server 6.1.0.29
Ibm websphere_application_server 6.1.0.6
Ibm websphere_application_server 6.1.0.7
Sun opensolaris Build Snv 88
Apache_software_foundation apache 2.2.2
Apache_software_foundation apache 2.0.43
Apache_software_foundation apache 2.2.0
Sun opensolaris Build Snv 02
Slackware linux X86 64 -Current
Fujitsu interstage_application_server_standard-j_edition 9.0.0
Slackware linux 12.0
Fujitsu interstage_application_server_enterprise_edition 9.0.0A
Kolab kolab_groupware_server 2.2.3
Sun opensolaris Build Snv 38
Kolab kolab_groupware_server 2.2-Rc3
Ibm websphere_application_server 6.1.0.11
Sun opensolaris Build Snv 87
Sun opensolaris Build Snv 89
Slackware linux -Current
Sun opensolaris Build Snv 59
Blue_coat_systems director 5.5
Sun opensolaris Build Snv 86
Sun opensolaris Build Snv 35
Sun opensolaris Build Snv 56
Sun opensolaris Build Snv 94
Blue_coat_systems director 4.2.2.4
Blue_coat_systems director 5.2.2.5
Sun opensolaris Build Snv 45
Sun opensolaris Build Snv 111A
Apache_software_foundation apache 2.2.10
Gentoo linux
Apache_software_foundation apache 2.0.48
Sun opensolaris Build Snv 109
Apache_software_foundation apache 2.0.61-Dev
Apache_software_foundation apache 2.2.6-Dev
Rpath appliance_platform_linux_service 1
Ibm websphere_application_server 6.1.0.8
Sun opensolaris Build Snv 96
Red_hat jboss_enterprise_web_server_for_rhel_4_es 1.0.0
Kolab kolab_groupware_server 2.2 -Rc2
Avaya aura_sip_enablement_services 3.1
Sun opensolaris Build Snv 90
Sun opensolaris Build Snv 48
Ibm websphere_application_server 6.1.0.27
Apache_software_foundation apache 2.0.41
Apache_software_foundation apache 2.0.42
Avaya meeting_exchange 5.2 SP1
Red_hat certificate_server 7.3
Avaya aura_session_manager 5.2
Red_hat jboss_enterprise_web_server_for_rhel_4_as 1.0.0
Sun opensolaris Build Snv 81
Apache_software_foundation apache 2.0.53
Fujitsu interstage_application_server_enterprise_edition 9.1.0
Sun opensolaris Build Snv 95
Sun opensolaris Build Snv 47
Sun opensolaris Build Snv 83
Sun opensolaris Build Snv 82
Avaya communication_manager 4.0
Ibm websphere_application_server 6.1.0.19
Ibm websphere_application_server 6.1.0.14
Avaya aura_application_enablement_services 5.2
Apache_software_foundation apache 2.0.60-Dev
Sun opensolaris Build Snv 98
Ibm websphere_application_server 6.1.0.12
Apache_software_foundation apache 2.2.5-Dev
Sun opensolaris Build Snv 37
Avaya aura_sip_enablement_services 5.1
Blue_coat_systems director
Avaya meeting_exchange 5.0
Avaya voice_portal 4.0
Avaya voice_portal 4.1
Kolab kolab_groupware_server 2.2.0
Sun opensolaris Build Snv 111B
Sun opensolaris Build Snv 102
Sun opensolaris Build Snv 39
Sun opensolaris Build Snv 92
Sun opensolaris Build Snv 76
Sun opensolaris Build Snv 77
Ibm websphere_application_server 6.1.0.1
Apache_software_foundation apache 2.2.12
Avaya voice_portal 5.1
Sun opensolaris Build Snv 78
Blue_coat_systems director 5.4
Avaya aura_sip_enablement_services 5.0
Sun opensolaris Build Snv 85
Apache_software_foundation apache 2.0.47
Sun opensolaris Build Snv 104
Sun opensolaris Build Snv 105
Ibm websphere_application_server 6.1.0.15
Slackware linux 12.2
Sun opensolaris Build Snv 58
Sun opensolaris Build Snv 41
Fujitsu interstage_application_server_enterprise_edition 9.1.0B
Fujitsu interstage_application_server_standard-j_edition 9.1.0B
Ibm websphere_application_server 6.1.0.18
Sun opensolaris Build Snv 29
Ibm websphere_application_server 6.1.0.20
Ibm websphere_application_server 6.1.0.21
Fujitsu interstage_application_server_standard-j_edition 9.0.0 B
Ibm websphere_application_server 6.1.0.10
Ibm http_server 6.1.0
Sun opensolaris Build Snv 61
Sun opensolaris Build Snv 106
Sun opensolaris Build Snv 107

References:

Affected Products:

Apache jetspeed 2.3.0

HTTP:STC:DL:XLS-SERIES8 - HTTP: Microsoft Excel Malformed Series Record Remote Code Execution8

Severity: HIGH

Description:

This signature detects attempts to exploit a known issue with Microsoft Excel. A successful attack can lead to arbitrary code execution.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:DL:XLS-SERIES9 - HTTP: Microsoft Excel Malformed Series Record Remote Code Execution9

Severity: HIGH

Description:

This signature detects attempts to exploit a known issue with Microsoft Excel. A successful attack can lead to arbitrary code execution.

Supported On:

Supported On:

References:

bugtraq: 45868
cve: CVE-2010-4416

Affected Products:

Oracle goldengate_veridata 3.0.0.4

HTTP:DIR:APACHE-OPENMEETINGS - HTTP: Apache OpenMeetings ZIP File Path Traversal

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability againstApache OpenMeetings. A successful attack can lead to allow traversing outside of a restricted path.

Supported On:

References:

cve: CVE-2016-0784

Affected Products:

Apache openmeetings 3.1.0

HTTP:DIR:VISUALMINING-NETCHARTS - HTTP: Visual Mining NetCharts Server File Upload Directory Traversal

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Visual Mining NetCharts Server. A remote attacker can exploit this vulnerability to execute arbitrary code on the affected system by uploading arbitrary files to certain locations.

Supported On:

References:

cve: CVE-2014-8516

APP:MISC:HP-SITESCOPE-CE - APP: HP SiteScope issueSiebelCmd SOAP Request Handling

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against HP SiteScope. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2013-4835

Affected Products:

Hp sitescope 11.21
Hp sitescope 11.01
Hp sitescope 11.1
Hp sitescope 11.12
Hp sitescope 10.13
Hp sitescope 11.11
Hp sitescope 11.20
Hp sitescope 11.10
Hp sitescope 10.11

HTTP:STC:ADOBE:READER-PLUGIN4 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption4

Severity: HIGH

Description:

Supported On:

HTTP:DIR:MANAGEENGINE-DIR-TRA - HTTP: ManageEngine ServiceDesk File Upload Directory Traversal

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in ManageEngine ServiceDesk. A successful attack can result in directory traversal attacks.

Supported On:

APP:MISC:HP-SSC-APIMONITORIMPL - APP: HP SiteScope SOAP Call APIMonitorImpl Security Bypass

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against HP SiteScope. A successful attack can lead to unauthorized information disclosure.

Supported On:

References:

cve: CVE-2012-3260

Affected Products:

Hp sitescope 11.12
Hp sitescope 11.10
Hp sitescope 11.11

Severity: HIGH

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in Trend Micro's OfficeScan. It is due to a boundary error when handling HTTP requests. An unauthenticated remote attacker can leverage this to inject and execute arbitrary code with System level privileges on the target system. In a successful code injection and execution attack, the behavior of the target is entirely dependent on the intended function of the injected code. If the code execution is not achieved, the CGI process initiated for the session terminates abnormally.

Supported On:

References:

bugtraq: 31859
cve: CVE-2008-3862

Affected Products:

Trend_micro officescan 7.3
Trend_micro officescan 8.0
Trend_micro officescan 8.0 SP 1 Patch 1

HTTP:HP-INSIGHT-DIAGNOSTICS-LF1 - HTTP: HP Insight Diagnostics CVE-2013-3575 Local File Inclusion1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known local file inclusion vulnerability in HP Insight Diagnostics. It is due to insufficient validation of user-supplied input. A successful attack can result in loss of sensitive information.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:PFSENSE-ZONE-CSS1 - HTTP: pfSense WebGUI Zone Parameter Cross-Site Scripting1

Severity: MEDIUM

Description:

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:FIREFLY-MEDIA-SERVER-DOS1 - HTTP: Firefly Media Server Denial Of Service1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Firefly Media Server. A successful attack can result in a denial-of-service condition.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:NOVELL-NETIQ-MOD-POLBYPAS1 - HTTP: Novell NetIQ Privileged User Manager modifyAccounts Policy Bypass1

Severity: MEDIUM

Description:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

APP:MISC:HP-SITESCOPE-LOADFILE - APP: HP SiteScope loadFileContent SOAP Request Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against HP SiteScope. A successful attack can lead to unauthorized information disclosure.

Supported On:

References:

bugtraq: 55269

HTTP:STC:IMG:JPEG-WIDTH-OF1 - HTTP: Internet Explorer Overlarge JPEG (Width)1

Severity: MEDIUM

Description:

This signature detects JPEG files wider than the maximum limit allowed by Microsoft's Internet Explorer. This limit affects IE 6 and below. Attempting to view JPEG files exceeding this limit crashes Internet Explorer and could allow an attacker to run arbitrary code on the viewing computer.

Supported On:

HTTP:SPRING-XMLENTITY-INFODISC1 - HTTP: SpringSource Spring Framework XML External Entity Parsing Information Disclosure1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a know vulnerability against SpringSource Spring Framework. The vulnerability is due to incorrectly configured XML parsing which accepts XML external entities from untrusted sources. A remote, unauthenticated attacker can leverage this vulnerability by sending a malicious request to the target server. Successful exploitation would result in the disclosure of information from arbitrary files available to the security context of the server application.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:WIRESHARK-MPEG-BOF11 - HTTP: Wireshark MPEG Dissector Stack Buffer Overflow11

Severity: MEDIUM

Description:

Supported On:

cve: CVE-2016-4054

Affected Products:

Squid-cache squid 3.4.3
Squid-cache squid 3.1.22
Squid-cache squid 3.2.0.5
Squid-cache squid 3.3.1
Squid-cache squid 3.2.0.15
Squid-cache squid 3.2.0.3
Squid-cache squid 4.0.6
Squid-cache squid 3.1.0.10
Squid-cache squid 3.1.12.2
Squid-cache squid 3.3.2
Canonical ubuntu_linux 12.04
Squid-cache squid 3.2.0.1
Squid-cache squid 3.1.19
Squid-cache squid 4.0.4
Squid-cache squid 3.4.14
Squid-cache squid 3.4.9
Squid-cache squid 3.1.0.15
Squid-cache squid 3.4.12
Squid-cache squid 4.0.2
Squid-cache squid 3.4.10
Squid-cache squid 3.2.0.13
Squid-cache squid 3.1.0.7
Squid-cache squid 3.3.9
Squid-cache squid 3.2.12
Squid-cache squid 3.1.0.17
Squid-cache squid 3.1.0.1
Squid-cache squid 3.1.2
Squid-cache squid 3.5.8
Squid-cache squid 3.2.0.9
Squid-cache squid 3.1.3
Squid-cache squid 3.2.0.17
Squid-cache squid 3.2.3
Squid-cache squid 3.1.0.16
Squid-cache squid 3.2.1
Squid-cache squid 4.0.8
Squid-cache squid 3.2.7
Squid-cache squid 3.1.0.9
Canonical ubuntu_linux 14.04
Squid-cache squid 3.4.0.3
Squid-cache squid 3.2.5
Squid-cache squid 3.5.2
Squid-cache squid 3.5.11
Squid-cache squid 3.5.4
Squid-cache squid 3.2.9
Squid-cache squid 3.5.13
Squid-cache squid 3.4.4.1
Squid-cache squid 3.5.6
Squid-cache squid 3.5.15
Squid-cache squid 3.1.5
Squid-cache squid 3.5.0.2
Squid-cache squid 3.2.0.19
Squid-cache squid 3.4.4
Squid-cache squid 3.5.0.4
Squid-cache squid 3.2.11
Squid-cache squid 3.3.14
Squid-cache squid 3.4.8
Squid-cache squid 3.1.16
Squid-cache squid 3.3.6
Squid-cache squid 3.3.12
Squid-cache squid 3.2.0.18
Squid-cache squid 3.2.0.6
Squid-cache squid 3.1.10
Squid-cache squid 3.1.0.12
Squid-cache squid 3.1.14
Squid-cache squid 3.3.10
Squid-cache squid 3.4.2
Squid-cache squid 3.1.21
Squid-cache squid 3.2.0.4
Squid-cache squid 3.1.12
Squid-cache squid 3.1.0.14
Squid-cache squid 3.2.0.14
Squid-cache squid 3.2.0.2
Squid-cache squid 3.2.0.11
Squid-cache squid 3.2.10
Squid-cache squid 4.0.7
Squid-cache squid 3.3.0
Squid-cache squid 3.4.0.1
Squid-cache squid 3.2.0.16
Squid-cache squid 3.4.11
Squid-cache squid 4.0.5
Squid-cache squid 3.1.0.18
Squid-cache squid 3.1.9
Squid-cache squid 3.2.0.10
Squid-cache squid 3.1.0.5
Squid-cache squid 4.0.3
Squid-cache squid 3.1.12.1
Squid-cache squid 3.1
Squid-cache squid 3.2.0.12
Squid-cache squid 4.0.1
Squid-cache squid 3.1.17
Squid-cache squid 3.0
Canonical ubuntu_linux 16.04
Canonical ubuntu_linux 15.10
Squid-cache squid 3.1.6
Squid-cache squid 3.3.8
Squid-cache squid 3.3.7
Squid-cache squid 3.1.0.8
Squid-cache squid 3.5.9
Squid-cache squid 3.2.0.8
Squid-cache squid 3.1.0.4
Squid-cache squid 3.1.4
Squid-cache squid 3.1.0.3
Squid-cache squid 3.2.2
Squid-cache squid 3.1.0.2
Squid-cache squid 3.2.13
Oracle linux 6.0
Squid-cache squid 3.2.6
Squid-cache squid 3.1.5.1
Squid-cache squid 3.1.7
Squid-cache squid 3.1.12.3
Squid-cache squid 3.5.1
Squid-cache squid 3.2.4
Squid-cache squid 3.1.8
Squid-cache squid 3.3.0.3
Squid-cache squid 3.5.3
Squid-cache squid 3.4.13
Squid-cache squid 3.1.0.13
Squid-cache squid 3.5.5
Squid-cache squid 3.2.8
Squid-cache squid 3.5.10
Squid-cache squid 3.1.0.6
Squid-cache squid 3.5.0.1
Squid-cache squid 3.5.7
Squid-cache squid 3.5.12
Squid-cache squid 3.4.4.2
Squid-cache squid 3.4.1
Squid-cache squid 3.5.0.3
Squid-cache squid 3.5.14
Oracle linux 7.0
Squid-cache squid 3.3.4
Squid-cache squid 3.1.18
Squid-cache squid 3.1.15
Squid-cache squid 3.5.16
Squid-cache squid 3.1.1
Squid-cache squid 3.4.0.2
Squid-cache squid 3.1.0.11
Squid-cache squid 3.3.13
Squid-cache squid 3.3.0.1
Squid-cache squid 3.1.11
Squid-cache squid 3.3.5
Squid-cache squid 3.3.11
Squid-cache squid 3.3.0.2
Squid-cache squid 3.1.20
Squid-cache squid 3.2.0.7
Squid-cache squid 3.1.13
Squid-cache squid 3.3.3

References:

bugtraq: 13264
url: http://pb.specialised.info/all/adv/real-ram-adv.txt
url: http://service.real.com/help/faq/security/050419_player/EN/
cve: CVE-2005-0755
cve: CVE-2004-0550
cve: CVE-2004-0258

Affected Products:

Real_networks realone_player 6.0.11 .830
Real_networks realone_player 6.0.11 .853
Real_networks realone_player_for_osx 9.0.0 .297
Real_networks realone_player_for_osx 9.0.0 .288
Red_hat enterprise_linux_es 3
Red_hat enterprise_linux_ws 3
Real_networks realplayer 8.0.0 Unix
Real_networks realone_player 1.0.0
Real_networks realone_player 6.0.11 .868
Real_networks realplayer 10.0.0
Red_hat enterprise_linux_as 3
Real_networks realplayer 8.0.0 Mac
Real_networks realplayer_10_for_mac_os 10.0.0.305
Red_hat desktop 3.0.0
Real_networks realplayer 10.5.0 V6.0.12.1056
Real_networks realplayer_10_for_mac_os 10.0.0.325
Real_networks realplayer 10.5.0 V6.0.12.1053
Real_networks realplayer 10.5.0 V6.0.12.1040
Real_networks realplayer_10_for_mac_os
Real_networks realplayer_10_for_linux
Real_networks helix_player_for_linux 1.0.0
Real_networks realplayer_enterprise 1.7.0
Real_networks realplayer_enterprise 1.1.0
Real_networks realplayer_enterprise 1.2.0
Real_networks realplayer_enterprise 1.5.0
Real_networks realplayer_enterprise 1.6.0
Real_networks realplayer_enterprise
Real_networks realone_player 6.0.11 .840
Real_networks realplayer_for_unix 10.0.3
Real_networks helix_player_for_linux 1.0.3
Real_networks helix_player_for_linux 1.0.2
Real_networks helix_player_for_linux 1.0.1
Real_networks realone_player 6.0.11 .872
Real_networks realplayer 8.0.0 Win32
Real_networks realone_player 6.0.11 .818

HTTP:KASPERSKY-URI-PARSING-DOS3 - HTTP: Kaspersky Products URI Parsing Denial of Service3

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Kaspersky Products. A successful attack can result in a denial-of-service condition.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:CA-XOSOFT-XOSOAP - HTTP: Computer Associates XOsoft xosoapapi.asmx Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in CA XOsoft Multiple Products. It is due to insufficient boundary checking when handling certain HTTP requests sent to the ws_man.exe process. A remote unauthenticated attacker can exploit this by sending a malicious HTTP request to a target server. In a successful attack, where arbitrary code is injected and executed on the vulnerable target host, the behavior of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the service. In an unsuccessful attack, the application can terminate abnormally.

Supported On:

References:

bugtraq: 39238
cve: CVE-2010-1223

Affected Products:

Computer_associates xosoft_content_distribution r12
Computer_associates xosoft_content_distribution r12.5
Computer_associates xosoft_high_availability r12.5
Computer_associates xosoft_replication r12.5
Computer_associates xosoft_replication r12
Computer_associates xosoft_high_availability r12

APP:CUPS:HPGL-PC-OF - APP: CUPS HPGL Filter Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Common Unix Printing System (CUPS) HP Graphic Language (HPGL) Filter. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server, usually the line printer daemon.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 31688
url: http://en.wikipedia.org/wiki/Common_Unix_Printing_System
cve: CVE-2008-3641

Affected Products:

Avaya proactive_contact 4.0
Apple mac_os_x 10.5.1
Apple mac_os_x_server 10.5.1
Apple mac_os_x 10.4.7
Apple mac_os_x_server 10.4.7
Avaya messaging_storage_server 1.0
Avaya messaging_storage_server 2.0
Avaya messaging_storage_server
Avaya message_networking
Sun opensolaris Build Snv 99
Easy_software_products cups 1.1.14
Easy_software_products cups 1.1.17
Ubuntu ubuntu_linux 6.06 LTS Powerpc
Ubuntu ubuntu_linux 6.06 LTS I386
Ubuntu ubuntu_linux 6.06 LTS Amd64
Easy_software_products cups 1.2.8
Easy_software_products cups 1.3.2
Suse novell_linux_pos 9
Sun opensolaris Build Snv 101A
Easy_software_products cups 1.1.19
Sun opensolaris Build Snv 91
Debian linux 4.0 Arm
Ubuntu ubuntu_linux 8.04 LTS Amd64
Ubuntu ubuntu_linux 8.04 LTS I386
Ubuntu ubuntu_linux 8.04 LTS Lpia
Ubuntu ubuntu_linux 8.04 LTS Powerpc
Ubuntu ubuntu_linux 8.04 LTS Sparc
Red_hat desktop 3.0.0
Ubuntu ubuntu_linux 7.10 Lpia
Easy_software_products cups 1.1.22
Easy_software_products cups 1.1.23
Gentoo linux
Turbolinux turbolinux_server 10.0.0 X64
Suse opensuse 10.3
Apple mac_os_x 10.5
Easy_software_products cups 1.3.3
Red_hat desktop 4.0.0
Easy_software_products cups 1.1.12
Suse suse_linux_enterprise_server 8
Red_hat enterprise_linux_desktop 5 Client
Turbolinux wizpy
Turbolinux turbolinux_server 11 X64
Easy_software_products cups 1.1.18
Mandriva corporate_server 4.0.0 X86 64
Rpath appliance_platform_linux_service 1
Easy_software_products cups 1.2.2
Slackware linux 12.1
Apple mac_os_x 10.4.1
Apple mac_os_x_server 10.4.1
Suse open-enterprise-server
Easy_software_products cups 1.3.6
Suse opensuse 11.0
Sun opensolaris Build Snv 92
Easy_software_products cups 1.1.13
Turbolinux multimedia
Turbolinux personal
Easy_software_products cups 1.1.16
Easy_software_products cups 1.2.4
Easy_software_products cups 1.1.23 Rc1
Mandriva linux_mandrake 2008.0
Mandriva linux_mandrake 2008.0 X86 64
Sun opensolaris Build Snv 90
Turbolinux appliance_server 2.0
Turbolinux appliance_server 3.0
Turbolinux appliance_server 3.0 X64
Apple mac_os_x 10.4.6
Apple mac_os_x_server 10.4.6
Ubuntu ubuntu_linux 7.10 I386
Turbolinux appliance_server_hosting_edition 1.0.0
Turbolinux appliance_server_workgroup_edition 1.0.0
Debian linux 4.0 Amd64
Easy_software_products cups 1.1.10
Easy_software_products cups 1.1.7
Avaya intuity_audix_lx 2.0
Apple mac_os_x 10.4.4
Apple mac_os_x_server 10.4.4
Apple mac_os_x 10.4.5
Easy_software_products cups 1.1.6
Easy_software_products cups 1.0.4 -8
Easy_software_products cups 1.1.22 Rc1
Apple mac_os_x_server 10.4.5
Mandriva linux_mandrake 2008.1
Apple mac_os_x 10.4.10
Apple mac_os_x_server 10.4.10
Pardus linux_2008
Easy_software_products cups 1.1.1
Debian linux 4.0 M68k
Ubuntu ubuntu_linux 7.10 Powerpc
Easy_software_products cups 1.1.4
Easy_software_products cups 1.1.15
Sun opensolaris Build Snv 101
Sun opensolaris Build Snv 100
Easy_software_products cups 1.1.20
Apple mac_os_x 10.4.3
Avaya messaging_storage_server 3.1
Avaya message_networking 3.1
Apple mac_os_x 10.4.9
Ubuntu ubuntu_linux 7.10 Sparc
Red_hat enterprise_linux_as 3
Red_hat enterprise_linux_es 3
Red_hat enterprise_linux_ws 3
Rpath rpath_linux 1
Easy_software_products cups 1.2.10
Easy_software_products cups 1.2.9
Sun opensolaris Build Snv 93
Sun opensolaris Build Snv 94
Mandriva linux_mandrake 2009.0
Mandriva linux_mandrake 2009.0 X86 64
Mandriva corporate_server 4.0
Sun opensolaris Build Snv 88
Apple mac_os_x_server 10.4.8
Mandriva linux_mandrake 2008.1 X86 64
Sun opensolaris Build Snv 89
Mandriva corporate_server 3.0.0
Red_hat enterprise_linux 5 Server
Sun opensolaris Build Snv 95
Apple mac_os_x_server 10.5
Ubuntu ubuntu_linux 7.04 Amd64
Sun opensolaris Build Snv 87
Ubuntu ubuntu_linux 7.04 Powerpc
Ubuntu ubuntu_linux 7.04 Sparc
Suse novell_linux_desktop 9.0.0
Red_hat enterprise_linux_desktop_workstation 5 Client
Red_hat fedora 8
Rpath rpath_linux 2
Easy_software_products cups 1.3.7
Suse opensuse 10.2
Easy_software_products cups 1.2.12
Apple mac_os_x 10.4.0
Apple mac_os_x_server 10.4.0
Turbolinux turbolinux_server 11
Sun opensolaris Build Snv 96
Easy_software_products cups 1.1.21
Turbolinux client 2008
Ubuntu ubuntu_linux 7.10 Amd64
Debian linux 4.0 Alpha
Easy_software_products cups 1.1.4 -5
Easy_software_products cups 1.1.4 -3
Debian linux 4.0 Hppa
Debian linux 4.0 Ia-32
Debian linux 4.0 Ia-64
Turbolinux appliance_server 1.0.0 Workgroup Edition
Debian linux 4.0 Mips
Debian linux 4.0 Mipsel
Debian linux 4.0 Powerpc
Debian linux 4.0 S/390
Debian linux 4.0 Sparc
Debian linux 4.0
Mandriva linux_mandrake 2007.1 X86 64
Apple mac_os_x 10.4.8
Easy_software_products cups 1.3.5
Suse suse_linux_enterprise_desktop 10 SP2
Apple mac_os_x 10.4.11
Avaya messaging_storage_server MM3.0
Suse suse_linux_enterprise_server 10 SP2
Suse suse_linux_enterprise_server 9
Apple mac_os_x_server 10.4.3
Apple mac_os_x 10.5.4
Avaya voice_portal 3.0
Red_hat enterprise_linux_as 4
Apple mac_os_x_server 10.5.4
Red_hat enterprise_linux_ws 4
Apple mac_os_x 10.4.2
Apple mac_os_x_server 10.4.2
Avaya message_networking MN 3.1
Easy_software_products cups 1.1.4 -2
Easy_software_products cups 1.0.4
Mandriva linux_mandrake 2007.1
Ubuntu ubuntu_linux 7.04 I386
Turbolinux appliance_server 1.0.0 Hosting Edition
Sun opensolaris Build Snv 102
Apple mac_os_x 10.5.5
Apple mac_os_x_server 10.5.5
Ubuntu ubuntu_linux 6.06 LTS Sparc
Turbolinux turbolinux_server 10.0.0
Suse suse_linux_enterprise_desktop 10 SP1
Suse suse_linux_enterprise_server 10 SP1
Mandriva corporate_server 3.0.0 X86 64
Apple mac_os_x_server 10.4.9
Avaya messaging_storage_server 4.0
Avaya proactive_contact
Apple mac_os_x_server 10.5.2
Red_hat enterprise_linux_es 4
Apple mac_os_x 10.5.3
Turbolinux fuji
Rpath appliance_platform_linux_service 2
Apple mac_os_x 10.5.2
Apple mac_os_x_server 10.5.3
Easy_software_products cups 1.1.19 Rc5
Apple mac_os_x_server 10.4.11
Red_hat fedora 9
Suse opensuse 11.1
Avaya proactive_contact 3.0

HTTP:STC:IE:CSRSS-HE-MSG - HTTP: Microsoft Windows CSRSS HardError Message Box Vulnerability

Severity: HIGH

Description:

This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Windows. It due to improper handling of "HardError" messages in Windows Client/Server Runtime Server Subsystem (CSRSS). A remote unauthenticated attacker can exploit this by enticing the target user to visit a malicious Web site using Internet Explorer. A successful attack allows the remote attackers to execute arbitrary code with the privileges of the System. The behavior of the target is entirely dependent on the intended function of the injected code. An unsuccessful attack results in a kernel error condition, which is also known as the "Blue Screen of Death." The vulnerable system can reboot or halt, which results in a denial-of-service condition.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 21688
cve: CVE-2006-6696

Affected Products:

Microsoft windows_xp_professional
Microsoft windows_xp_home
Microsoft windows_xp_embedded
Microsoft windows_xp_embedded SP1
Nortel_networks centrex_ip_client_manager 7.0.0
Nortel_networks centrex_ip_client_manager 8.0.0
Avaya enterprise_management
Avaya interaction_center
Microsoft windows_vista_x64_edition
Avaya integrated_management
Microsoft windows_xp_professional_x64_edition SP2
Microsoft windows_server_2003_itanium
Microsoft windows_server_2003_itanium SP1
Microsoft windows_server_2003_itanium SP2
Microsoft windows_server_2003_datacenter_x64_edition SP2
Microsoft windows_server_2003_enterprise_x64_edition SP2
Microsoft windows_server_2003_standard_edition SP2
Microsoft windows_xp_tablet_pc_edition SP1
Hp storage_management_appliance 2.1
Microsoft windows_server_2003_web_edition SP2
Avaya agent_access
Avaya cms_supervisor
Avaya computer_telephony
Microsoft windows_2000_professional
Avaya messaging_application_server
Avaya basic_call_management_system_reporting_desktop
Avaya basic_call_management_system_reporting_desktop server
Microsoft windows_2000_server SP1
Microsoft windows_2000_professional SP1
Avaya interaction_center-voice_quick_start
Avaya ip_agent
Avaya ip_softphone
Avaya octelaccess(r)_server
Avaya octeldesignertm
Avaya operational_analyst
Avaya outbound_contact_management
Avaya speech_access
Avaya unified_messenger_(r)
Avaya visual_messenger_tm
Avaya visual_vector_client
Avaya vpnmanagertm_console
Avaya web_messenger
Microsoft windows_xp_64-bit_edition_version_2003
Microsoft windows_xp_media_center_edition
Microsoft windows_xp_tablet_pc_edition
Microsoft windows_xp_64-bit_edition
Microsoft windows_xp_home SP1
Microsoft windows_xp_professional SP1
Microsoft windows_server_2003_datacenter_edition SP1
Microsoft windows_server_2003_datacenter_edition_itanium SP1
Microsoft windows_server_2003_enterprise_edition_itanium SP1
Microsoft windows_server_2003_enterprise_edition SP1
Microsoft windows_server_2003_standard_edition SP1
Microsoft windows_server_2003_web_edition SP1
Microsoft windows_2000_datacenter_server SP4
Microsoft windows_server_2003_enterprise_edition
Microsoft windows_server_2003_datacenter_edition
Microsoft windows_server_2003_web_edition
Microsoft windows_server_2003_enterprise_edition_itanium
Microsoft windows_server_2003_datacenter_edition_itanium
Microsoft windows_xp_64-bit_edition_version_2003 SP1
Microsoft windows_2000_professional SP3
Microsoft windows_2000_server SP3
Microsoft windows_2000_advanced_server SP3
Microsoft windows_2000_datacenter_server SP3
Microsoft windows_xp_64-bit_edition SP1
Microsoft windows_2000_datacenter_server SP1
Microsoft windows_xp_tablet_pc_edition SP2
Microsoft windows_2000_server
Microsoft windows_2000_advanced_server
Microsoft windows_2000_advanced_server SP4
Avaya network_reporting
Microsoft windows_2000_professional SP4
Microsoft windows_2000_server SP4
Avaya unified_communication_center
Avaya modular_messaging_(mas)
Microsoft windows_server_2003_datacenter_edition SP1 Beta 1
Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
Microsoft windows_server_2003_enterprise_edition_itanium SP1 Beta 1
Microsoft windows_server_2003_enterprise_edition SP1 Beta 1
Microsoft windows_server_2003_standard_edition SP1 Beta 1
Microsoft windows_server_2003_web_edition SP1 Beta 1
Avaya customer_interaction_express_(cie)_server 1.0
Avaya customer_interaction_express_(cie)_user_interface 1.0
Avaya messaging_application_server MM 2.0
Microsoft windows_xp_gold
Nortel_networks centrex_ip_client_manager 9.0
Microsoft windows_xp_home SP2
Microsoft windows_xp_professional SP2
Microsoft windows_xp_media_center_edition SP1
Microsoft windows_xp_media_center_edition SP2
Microsoft windows_2000_datacenter_server
Avaya cvlan
Avaya contact_center_express
Microsoft windows_vista Ultimate
Microsoft windows_vista Home Premium
Microsoft windows_vista Home Basic
Microsoft windows_vista Business
Microsoft windows_vista Enterprise
Microsoft windows_server_2003_standard_edition
Avaya messaging_application_server MM 3.0
Microsoft windows_2000_advanced_server SP1
Avaya messaging_application_server MM 3.1
Microsoft windows_server_2003_standard_x64_edition
Microsoft windows_server_2003_enterprise_x64_edition
Microsoft windows_server_2003_datacenter_x64_edition
Microsoft windows_xp_professional_x64_edition
Microsoft windows_vista
Microsoft windows_2000_advanced_server SP2
Microsoft windows_2000_datacenter_server SP2
Microsoft windows_2000_professional SP2
Microsoft windows_2000_server SP2
Microsoft windows_xp

HTTP:SQL:INJ:JOOMLA-COM-JCE1 - HTTP: Joomla JCE Component Itemid Parameter SQL Injection1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Joomla's JCE component. It is due to insufficient validation of Itemid parameter of the index.php script. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

APP:HP-DATA-PROTECTOR-GET-SQL - APP: HP Data Protector Multiple Products GetPolicies SQL Injection

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in HP Data Protector Notebook Extension and HP Data Protector for Personal Computers. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Supported On:

References:

Affected Products:

Hp data_protector_for_personal_computers 7.0
Hp data_protector_notebook_extension 6.20

APP:HP-DATA-PROTECTOR-REQ-SQL - APP: HP Data Protector Multiple Products RequestCopy SQL Injection

Severity: MEDIUM

Description:

Supported On:

References:

Affected Products:

Hp data_protector_for_personal_computers 7.0
Hp data_protector_notebook_extension 6.20

HTTP:STC:IE:CVE-2015-6052-RCE - HTTP: Microsoft Internet Explorer CVE-2015-6052 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2015-6052

Affected Products:

Microsoft jscript 5.8
Microsoft jscript 5.7
Microsoft internet_explorer 11
Microsoft vbscript 5.8
Microsoft vbscript 5.7
Microsoft internet_explorer 10
Microsoft internet_explorer 9
Microsoft internet_explorer 8

APP:HP-DATA-PROTECTOR-FIN-SQL - APP: HP Data Protector Multiple Products FinishedCopy SQL Injection

Severity: MEDIUM

Description:

Supported On:

References:

Affected Products:

Hp data_protector_for_personal_computers 7.0
Hp data_protector_notebook_extension 6.20

HTTP:STC:SWF:SWAVE-TSAC-CHUNK - HTTP: Adobe Shockwave tSAC Chunk Invalid Seek Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known code execution vulnerability in Adobe Shockwave. It is due to a signedness error while parsing tSAC chunks in Adobe Director fields. The vulnerable code does not properly validate an offset value provided in the chunk data before using it to calculate a memory address. Remote attackers can exploit this by enticing target users to open a malicious DIR file using a vulnerable version of the product. A successful attack can result in arbitrary code execution in the security context of the logged in user. In an unsuccessful attack, the affected application can terminate abnormally.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 42668
cve: CVE-2010-2875

Affected Products:

Adobe shockwave_player 11.5.0.601
Adobe shockwave_player 11.5.0.596
Adobe shockwave_player 11.5.0.600
Adobe shockwave_player 11.5.2.606
Adobe shockwave_player 11.5.6.606
Adobe shockwave_player 11.5.7.609
Adobe shockwave_player 11.5.1.601
Adobe shockwave_player 11.5.2.602

APP:NOVELL:IMANAGER-ARB-UPLOAD - APP: Novell iManager getMultiPartParameters Arbitrary File Upload

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known flaw in Novell's iManager 2.7 that allows an arbitrary file to be uploaded to the server via iManager/Tomcat. A successful attack could result in arbitrary code execution, data corruption, or a denial of service.

Supported On:

References:

url: http://www.novell.com/support/viewContent.do?externalId=7006515&sliceId=2

HTTP:STC:DL:PPT-FF-BOF1 - HTTP: PowerPoint File Multiples Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft PowerPoint file format. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:DL:ASF-DF1 - HTTP: ASF Header Parsing Invalid Free1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Media ASF file format. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:XSS:REDHAT-JBOSS-XSS - HTTP: Red Hat JBoss BPM Suite BRMS Tasks List Cross-Site Scripting

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Red Hat JBoss BPM Suite and JBoss BRMS. Successful exploitation would result in the execution of arbitrary script code in the target user's browser.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

cve: CVE-2017-2674

APP:CITRIX:XENAPP-XML-RCE - APP: Citrix XenApp and XenDesktop XML Service Interface Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Citrix XenApp and XenDesktop XML Service. A successful attack can lead to a stack overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

References:

bugtraq: 48898

Affected Products:

Citrix xenapp 4.5
Citrix xenapp 4.5 Feature Pack 1
Citrix xenapp 5.0
Citrix xenapp 6.0
Citrix xenapp_fundamentals 3.0
Citrix xenapp_fundamentals 6.0
Citrix xendesktop 4
Citrix xenapp_fundamentals 2.0

HTTP:STC:ADOBE:READER-PLUGIN1 - HTTP: Adobe Acrobat Reader plug-in AcroPDF.dll Resource Consumption1

Severity: HIGH

Description:

Supported On:

HTTP:STC:CLSID:ACTIVEX:NESSCAN1 - HTTP: Nessus Vulnerability Scanner 3.0.6 ActiveX Vulnerability1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against the Nessus Vulnerability Scanner. An attacker can create malicious Web pages, which if visited by a victim, can lead to the attacker gaining control of the victim's client browser.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:DL:APPLE-QT-FLIC-BO1 - HTTP: Apple QuickTime FLIC Animation File Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in QuickTime FLIC Animation File handling function. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Supported On:

APP:MCAFEE-EPOLICY-XML - APP: McAfee ePolicy Orchestrator XML External Entity Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in the McAfee ePolicy Orchestrato. A successful attack may result in data exposure and/or arbitrary command injection.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 65771
cve: CVE-2014-2205

Affected Products:

Mcafee epolicy_orchestrator 4.6.7
Mcafee epolicy_orchestrator 4.6.3
Mcafee epolicy_orchestrator 4.6.6
Mcafee epolicy_orchestrator 4.6.2
Mcafee epolicy_orchestrator 4.6.5
Mcafee epolicy_orchestrator 4.6.1
Mcafee epolicy_orchestrator 4.6.4
Mcafee epolicy_orchestrator 4.6.0

HTTP:STC:ACTIVEX:MS-AGENT-LIB1 - HTTP: Microsoft Agent Unsafe ActiveX Control1

Severity: MEDIUM

Description:

This signature detects attempts to use unsafe ActiveX control in the Microsoft Agent library. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.

Supported On:

HTTP:PHP:PHPSECUREPAGE-RFI1 - HTTP: phpSecurePages cfgProgDir Parameter Remote File Inclusion1

Severity: HIGH

Description:

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:IE:MHTML-REDIR1 - HTTP: Internet Explorer MHTML Redirection Information Disclosure1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Internet Explorer. A malicious Web site can exploit a redirection bug in IE, to force a user to view a Web page that was not intentionally requested by that user.

Supported On:

Description:

This signature detects attempts to bypass security devices using the SCIIHexDecodemethod in a PDF document. Attackers can bypass security devices by using this method.

Supported On:

HTTP:EK-ORACLE-JAVA-DWNLD - HTTP: Unknown Exlpoit Downloads Oracle Java Jar file

Severity: HIGH

Description:

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:IIS:SHAREPOINT-CONVERT - HTTP: Microsoft Sharepoint Document Conversion Remote Code Execution

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Sharepoint. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2010-3964
bugtraq: 45264

Affected Products:

Microsoft sharepoint_server_2007
Microsoft sharepoint_server_2007 SP2
Microsoft sharepoint_server_2007_x64 SP2
Microsoft sharepoint_server_2007 SP1
Microsoft sharepoint_server_2007_x64 SP1
Microsoft sharepoint_server_2007_x64

HTTP:STC:IMG:XP-MAL-TIFF - HTTP: Microsoft Office XP Malicious TIFF

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Office XP. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2010-3947
bugtraq: 45274

Affected Products:

Microsoft office_xp SP3
Microsoft office_xp SP1
Microsoft office_converter_pack
Microsoft office_xp SP2
Microsoft office_xp

HTTP:EK-REDKIT-OBFUS-PE - HTTP: Redkit Exploit Kit Obfuscated Portable Executable

Severity: HIGH

Description:

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:DL:XLS-RTWINDOW1 - HTTP: Microsoft Excel rtWindow1 Record Handling Code Execution1

Severity: MEDIUM

Description:

A memory corruption vulnerability exists in the way Microsoft Excel handles XLS files that contain invalid values within the rtWindow1 records. A remote attacker can exploit this vulnerability by persuading a target user to open a specially crafted XLS file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Excel will terminate resulting in the loss of any unsaved data from the current session.

Supported On:

HTTP:MISC:NETCHARTS-SER-RCE - HTTP: Visual Mining NetCharts Server Path Traversal File Upload Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Visual Mining NetCharts Server. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 114127
cve: CVE-2014-8516

HTTP:STC:SCRIPT:DOUBLE-BACKSLA1 - HTTP: JavaScript Double BackSlash Hex Obfuscated Heap Spray1

Severity: HIGH

Description:

This signature detects attempts to trigger an exploit that leverages a precise Heap Spraying technique referred to as "js_property_spray". Such exploits are part of an attack that, if successful, could allow an attacker to execute arbitrary code on the targeted system.

Supported On:

References:

Affected Products:

Adobe acrobat 8.1 (:windows)
Adobe acrobat 8.1
Adobe acrobat_reader 8.1
Adobe acrobat_reader 8.1 (:windows)

HTTP:XSS:FRONTPAGE-EXT - HTTP: FrontPage Server Extensions XSS

Severity: HIGH

Description:

This signature detects HTTP POST requests to a Microsoft FrontPage Server containing script elements. A successful attack can lead to information disclosure or execution of arbitrary code.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

url: http://msdn.microsoft.com/library/?url=/library/en-us/dnservext02/fpse2002ovrw.asp
bugtraq: 17452
cve: CVE-2006-0015

Affected Products:

Microsoft windows_xp_professional
Microsoft windows_server_2003_standard_x64_edition
Microsoft windows_server_2003_enterprise_x64_edition
Microsoft frontpage_server_extensions_2002
Microsoft windows_server_2003_enterprise_edition_itanium
Microsoft windows_server_2003_datacenter_edition_itanium
Microsoft windows_xp_professional_x64_edition
Microsoft windows_xp_professional SP2
Microsoft sharepoint_team_services_2002
Microsoft windows_server_2003_datacenter_edition_itanium SP1
Microsoft windows_server_2003_enterprise_edition_itanium SP1
Microsoft windows_server_2003_enterprise_edition SP1
Microsoft windows_server_2003_standard_edition SP1
Microsoft windows_xp_home SP2

HTTP:STC:DL:ONENOTE-INFO-DISC2 - HTTP: Microsoft Office OneNote 2010 Buffer Size Validation2

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Office OneNote 2010. A successful attack can lead to unauthorized information disclosure.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:STC:DL:MS-PP-PRESENT-RCE1 - HTTP: Microsoft PowerPoint Presentation Handling Remote Code Execution1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft PowerPoint. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:NGINX-CHUNKED-BO - HTTP: Nginx Parsed Chunked Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Nginx HTTP Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

cve: CVE-2013-2028

Affected Products:

Igor_sysoev nginx 1.4.0
Igor_sysoev nginx 1.3.9

HTTP:MISC:HPE-IMC-RCE - HTTP: HPE Intelligent Management Center WebDMServlet Insecure Deserialization

Severity: CRITICAL

Description:

An insecure deserialization vulnerability has been reported in HPE Intelligent Management Center. A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted serialized object. Successful exploitation results in arbitrary code execution under the context of the SYSTEM or root user.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

cve: CVE-2017-12558

HTTP:MISC:RED-HAT-JBOSS-CE - HTTP: Red Hat JBoss Application Server doFilter Insecure Deserialization

Severity: CRITICAL

Description:

An insecure deserialization vulnerability has been reported in Red Hat JBoss Application Server.A remote, unauthenticated attacker can exploit this vulnerability by sending a maliciously crafted serialized object.Successful exploitation can result in arbitrary code execution in the security context of the SYSTEM/root user.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 100591
cve: CVE-2017-12149

Affected Products:

Redhat jboss_enterprise_application_platform 5.2.2
Redhat jboss_enterprise_application_platform 5.1.1
Redhat jboss_enterprise_application_platform 5.1.0
Redhat jboss_enterprise_application_platform 5.0.0
Redhat jboss_enterprise_application_platform 5.2.0
Redhat jboss_enterprise_application_platform 5.0.1
Redhat jboss_enterprise_application_platform 5.2.1
Redhat jboss_enterprise_application_platform 5.1.2

HTTP:STC:SWF:OPENTYPE-FONT-OF1 - HTTP: Adobe Flash Player OpenType Font Parsing Integer Overflow1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:SAP-MGT-CON-OSEXEC1 - HTTP: SAP Management Console SOAP Interface Code Execution1

HTTP:STC:IE:UNICODE-EVSN-UTF-1 - HTTP: Unicode Evasion Detected 1

Severity: HIGH

Description:

When char-set value set at server is different from what the unicode encoding payload is following. This may allows attackers to bypass security rule intended to restrict malicious traffic.

Supported On:

HTTP:EK-NUCLEAR-FLASH-FILE1 - HTTP: Nuclear Exploit Kit Flash File Download 1

Severity: HIGH

Description:

Supported On:

HTTP:EK-NECLEAR-OBFU-FILE - HTTP: Nuclear Exploit Kit Obfuscated File Download

Severity: HIGH

Description:

Supported On:

HTTP:W3C-AMAYA-BOF1 - HTTP: W3C Amaya Stack Based Buffer Overflow1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against W3C Amaya. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:DIR:ORACLE-INFO-DISCOVERY - HTTP: Oracle Endeca Information Discovery Integrator ETL Server RenameFile Directory Traversal

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in Oracle Endeca Information Discovery Integrator ETL Server.. A successful attack can result in directory traversal attacks.

Supported On:

References:

cve: CVE-2015-2606

Affected Products:

Oracle fusion_middleware 2.2.2
Oracle fusion_middleware 3.0
Oracle fusion_middleware 3.1
Oracle fusion_middleware 2.4
Oracle fusion_middleware 2.3

HTTP:DIR:NOVELL-GROUPWSE-DIRTRA - HTTP: Novell GroupWise Admin Service FileUploadServlet Directory Traversal

Severity: HIGH

Description:

This signature detects directory traversal attempts in Administration Service of Novell GroupWise 2014.A successful attack can lead to gain access to restricted files. This may lead to disclosure of sensitive information.

Supported On:

References:

cve: CVE-2014-0600

Affected Products:

Novell groupwise 2014

HTTP:GOOGLE-SKETCHUP-BMP-BO1 - HTTP: Google SketchUp BMP File Buffer Overflow (CVE-2013-3664)1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Trimble Navigation (formerly Google) SketchUp. A successful attack may lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

isg-3.5.141652, idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-5.0.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:EK-MUL-PE-DOWNLOAD - HTTP: Multiple Exploit Kit Portable Executable Download

Severity: HIGH

Description:

Supported On:

APP:ZLIB-COMPRES-LIB-DOS-2 - APP: Zlib Compression Library Denial Of Service (2)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Zlib Compression Library. A successful attack can result in a denial-of-service condition.

Supported On:

References:

bugtraq: 11051
cve: CVE-2004-0797

Affected Products:

Gnu zlib 1.2.1

HTTP:ORACLE:WEBLOGIC-WLSWSAT-ID - HTTP: Oracle WebLogic Server WorkContextXmlInputAdapter Insecure Deserialization

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Oracle WebLogic Server. Successful exploitation can result in arbitrary code execution in the context of the user running WebLogic.

Supported On:

References:

bugtraq: 101304
cve: CVE-2017-10271

Affected Products:

Oracle weblogic_server 12.1.3.0.0
Oracle weblogic_server 12.2.1.2.0
Oracle weblogic_server 10.3.6.0.0
Oracle weblogic_server 12.2.1.1.0

HTTP:EK-ANGLER-RELAY-TRAFFIC - HTTP: Angler Exploit Kit Relay Traffic Detected1

Severity: HIGH

Description:

Supported On:

HTTP:APACHE:MOD-DAV-MERGE-DOS - HTTP: Apache HTTP Server mod_dav MERGE Request Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the mod_dav component of Apache HTTP Server. It is due to a NULL pointer deference when processing a MERGE request with a URI whose source href points to a non-DAV configured URI. A remote attacker may send a crafted HTTP request to cause a denial of service condition.

Supported On:

References:

cve: CVE-2013-1896

Affected Products:

Apache http_server 2.2.16
Apache http_server 2.2.19
Apache http_server 2.2.18
Apache http_server 2.2.1
Apache http_server 2.2.0
Apache http_server 2.2.20
Apache http_server 2.2.3
Apache http_server 2.2.21
Apache http_server 2.2.2
Apache http_server 2.2.22
Apache http_server 2.2.23
Apache http_server 2.2.4
Apache http_server 2.2.11
Apache http_server 2.2.6
Apache http_server 2.2.10
Apache http_server 2.2.9
Apache http_server 2.2.13
Apache http_server 2.2.8
Apache http_server 2.2.12
Apache http_server 2.2.15
Apache http_server up to 2.2.24
Apache http_server 2.2.14
Apache http_server 2.2.17

HTTP:HPE-ACCESS-DESERIALIZATION - HTTP: HPE Intelligent Management Center accessMgrServlet Insecure Deserialization

Severity: HIGH

Description:

An insecure deserialization vulnerability has been reported in HPE Intelligent Management Center. Successful exploitation results in arbitrary code execution under the context of the SYSTEM or root user.

Supported On:

References:

cve: CVE-2017-5790

HTTP:ORACLE:EVNTPRO-DIR-TRAV - HTTP:Oracle Event Processing FileUploadServlet Directory Traversal

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known directory traversal vulnerability in Oracle Application Server. It is due to improper handling of user data when processing several request parameter values. A remote attacker can exploit this by sending specially crafted request to the target system. A successful attack can allow disclosure of sensitive information.