Update Details

Update #3223 (11/07/2019)

5 new signatures:

HIGH	HTTP:STC:ADOBE:CVE-2019-8187-CE	HTTP: Adobe Reader CVE-2019-8187 Remote Code Execution
MEDIUM	HTTP:SNS-SDC-MUL	HTTP: SeaWell Networks Spectrum SDC Multiple Vulerabilities
HIGH	HTTP:STC:ADOBE:CVE-2019-8188-CE	HTTP: Adobe Reader CVE-2019-8188 Remote Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-8196-CE	HTTP: Adobe Reader CVE-2019-8196 Remote Code Execution
HIGH	HTTP:STC:ADOBE:CVE-2019-8165-CE	HTTP: Adobe Reader CVE-2019-8165 Remote Code Execution

319 updated signatures:

HIGH	HTTP:EK-BLACKHOLE-V2-LP1	HTTP: Blackholev2/Darkleech Exploit Kit Landing Page 1
HIGH	HTTP:CGI:NAGIOS-CORE-DOS	HTTP: Nagios core CGI Process_cgivars Off-By-One
HIGH	SCADA:ABB-MICROSCADA-BOF	APP: ABB MicroSCADA Wserver Buffer Overflow
HIGH	DB:ORACLE:XDB-DROPMETADATA	DB: Oracle Database Server XDB PITRIG_DROPMETADATA Procedure Buffer Overflow
HIGH	HTTP:EK-MAGNITUDE-JNLP-REQ	HTTP: Magnitude/Popads/Nuclear Exploit Kit jnlp Request
HIGH	HTTP:MISC:CVE-2015-5718-BO	HTTP: Websense Triton Content Manager Buffer Overflow
HIGH	HTTP:EK-NUCLEAR-ORACLE-JAVA	HTTP: Nuclear/Magnitude Exploit Kit Oracle Java Exploit Download Attempt
HIGH	HTTP:IIS:ASP-DOT-NET-VSTATE	HTTP: IIS ASP .NET ViewState Input Sanitization
HIGH	HTTP:EK-NUCLEAR-POST-JAVA-COMP	HTTP: Nuclear/Magnitude Exploit Kit Post Java Compromise
HIGH	HTTP:STC:DL:MAL-VBP	HTTP: Malformed Microsoft Visual Basic Project File
HIGH	HTTP:EK-NUCLEAR-ORACLE-JAVA-1	HTTP: Nuclear/Magnitude Exploit Kit Oracle Java Exploit Download
HIGH	HTTP:EK-NUCLEAR-IE-VULN-REQ	HTTP: Nuclear Exploit Kit Microsoft Internet Explorer Vulnerability Request
HIGH	HTTP:STC:JAVA:JAVA-VM-ARGS-OF	HTTP: Sun Java JNLP java-vm-args Attribute Overflow
HIGH	APP:HPOV:OVJAVALOCALE-OF	APP: HP OpenView Network Node Manager OvJavaLocale Buffer Overflow
HIGH	HTTP:IIS:CVE-2017-7269-RCE	HTTP: Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow
HIGH	HTTP:MITSUBISHI-ELECTRIC-SBO	HTTP: Mitsubishi Electric E-Designer SetupAlarm Font Stack Buffer Overflow
MEDIUM	HTTP:RUBY-GEM-SEMICOLON1	HTTP: Ruby Gem Multiple Wrappers Command Injection1
HIGH	HTTP:STC:MITSUBISHI-E-DESIGN-BO	HTTP: Mitsubishi Electric E-Designer BEComliSlave Buffer Overflow
HIGH	HTTP:DOS:NOOP-SLED-REQ-MALF	HTTP: No Operation Sled in HTTP Request (Malformed)
HIGH	APP:REMOTE:MS-WIN-RDP-RCE	APP: Microsoft Windows Remote Desktop Remote Code Execution
CRITICAL	DB:INGRES-UUID_FROM_CHAR-OF	DB: Ingres Database uuid_from_char Overflow
HIGH	APP:MISC:PXESERVICE-UDP	APP: Fujitsu SystemcastWizard PXEService Buffer Overflow
HIGH	APP:ORACLE:GOLDENGATE-BOF	APP: Oracle GoldenGate Manager Command Stack Buffer Overflow
HIGH	HTTP:STC:WECON-HEAP-OVERRUN	HTTP: WECON Heap Buffer Overflow
HIGH	HTTP:EK-NUCLEAR-ADOBE-FLASH-1	HTTP: Nuclear/Magnitude Exploit Kit Adobe Flash Exploit Download
HIGH	HTTP:EK-ANGLER-OUT-URL	HTTP: Angler Exploit Kit Outbound URL Structure 1
HIGH	HTTP:STC:DL:WEBEX-RECORD-ATAS	HTTP: Cisco WebEx Recording Format Player atas32.dll Integer Overflow
HIGH	HTTP:EK-MUL-PAYLOAD-DOWN-1	HTTP: Multiple Exploit Kit Payload Download 1
HIGH	HTTP:EK-MULTIPLE-REDIRECTION-GT	HTTP: Multiple Exploit Kit Redirection Gate
HIGH	HTTP:EK-MAGNITUDE-ORACLE	HTTP: Magnitude Exploit Kit Oracle Java
HIGH	HTTP:EK-MAGNITUDE-JAVA	HTTP: Exploit Kit Magnitude Oracle Java
HIGH	HTTP:EK-MAGNITUDE-LANDING-PG	HTTP: Exploit Kit Magnitude Landing Page
HIGH	HTTP:STC:ADOBE:CVE-2017-11308	HTTP: Adobe Acrobat ImageConversion EMF Integer Overflow
HIGH	HTTP:CA-XOSOFT-XOSOAP	HTTP: Computer Associates XOsoft xosoapapi.asmx Buffer Overflow
HIGH	TROJAN:BACKORIFICE:BO2K-CONNECT	TROJAN: Back Orifice 2000 Client Connection
HIGH	APP:HP-MGMT-UAM-BO	APP: HP Intelligent Management Center uam Buffer Overflow
HIGH	SMTP:MULTIPLE-HYD-BOF	SMTP: Multiple SMTP Header Buffer Overflow
HIGH	HTTP:STC:CVE-2018-18993-BO	HTTP: OMRON CX-One CX-Position cdmapi32 Stack-based Buffer Overflow
INFO	SSL:AUDIT:DHEEXP-512CPHR-LOGJAM	SSL: OpenSSL Logjam 512-Bit DHE_EXPORT Cipher Suite
HIGH	HTTP:STC:EMBED-SRC-OF	HTTP: Overlarge EMBED Tag Source
HIGH	HTTP:STC:ADOBE:CVE-2018-5067-ID	HTTP: Adobe Acrobat Pro CVE-2018-5067 Information Disclosure
HIGH	HTTP:STC:WIN-CCL-BOF	HTTP:Microsoft Windows Common Control Library Vulnerability
HIGH	HTTP:EK-COTTONCASTLE-FLASH-OC	HTTP: CottonCastle Exploit Kit Flash Outbound Connection
MEDIUM	APP:HPOV:OVALARMSRV-DOS2	APP: Hewlett-Packard OpenView Alarm Denial of Service (2)
CRITICAL	APP:OBSERVICED-OF	APP: Oracle Secure Backup observiced.exe Buffer Overflow
HIGH	APP:HP-LOADRUNNER-BO	APP: HP LoadRunner Stack Buffer Overflow
HIGH	RTSP:HELIX-RN5AUTH	RTSP: RealNetworks Helix Server rn5auth Credential Parsing Buffer Overflow
HIGH	SMTP:MAL:LOTUS-APPLIX	SMTP: IBM Lotus Notes Applix Graphics Parsing Buffer Overflow
HIGH	DNS:ISC-BIND-ASSERT-DOS	DNS: ISC BIND DNS options Assertion Failure Denial of Service
HIGH	HTTP:STC:ADOBE:CVE-2017-11227CE	HTTP: Adobe Acrobate Reader CVE-2017-11227 Remote Code Execution
CRITICAL	DB:ORACLE:DBMS:AQELM-OF	DB: Oracle DBMS_AQELM Overflow
HIGH	HTTP:STC:M3U-VLC-SMB-LINK	HTTP: VideoLAN VLC Media Player SMB Link Buffer Overflow
HIGH	APP:INDUSOFT-WEB-STUDIO-BO	APP: InduSoft Web Studio Remote Agent Buffer Overflow
HIGH	HTTP:STC:ADOBE:CVE-2016-1078-CE	HTTP: Adobe Reader CVE-2016-1078 Remote Code Execution
HIGH	HTTP:STC:CVE-2018-8344-CE	HTTP: Microsoft Graphics CVE-2018-8344 Remote Code Execution
HIGH	HTTP:STC:DL:MS-GDI-EMF	HTTP: Microsoft GDI+ EMF+ Integer Wrap Remote Code Execution
HIGH	HTTP:WEBSPHERE:SERVER-OF	HTTP: WebSphere Application Server Buffer Overflow
HIGH	HTTP:DOMINO:SAMETIME-URL-OF	HTTP: Lotus Sametime URL Overflow
HIGH	APP:NOVELL:REMOTE-MGR-DOS	APP: Novell Remote Manager Off-by-One Denial of Service
MEDIUM	SMTP:SPAMASS-DOS	SMTP: SpamAssassin Content-Type Denial of Service
HIGH	HTTP:STC:ADOBE:DIRECTOR-FILE-MC	HTTP: Adobe Director file Multiple Record Memory Corruption
HIGH	HTTP:STC:STREAM:QT-MPEG-PAD	HTTP: Apple QuickTime MPEG Stream Padding Buffer Overflow
HIGH	APP:HPOV:OVTRACE	APP: Hewlett-Packard OpenView OVTrace Buffer Overflow
HIGH	APP:NOVELL:MESSENGER-BOF	APP: Novell Messenger Client Filename Parameter Stack Buffer Overflow
HIGH	APP:NOVELL:ZENWORKS-CONFMGR-BO	APP: Novell ZENworks Configuration Management PreBoot Service Overflow
HIGH	HTTP:STC:CVE-2019-6537-RCE	HTTP: WECON LeviStudio DataLogTool Multiple Remote Code Execution
HIGH	APP:CITRIX:NSEPACOM-BOF	APP: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow
HIGH	HTTP:STC:ADOBE:CVE-2018-4895RCE	HTTP: Adobe Acrobat and Reader CVE-2018-4895 Remote Code Execution
HIGH	MS-RPC:CVE-2019-6550-RCE	MS-RPC: Advantech WebAccess SCADA Remote Code Execution
HIGH	APP:IBM:TIVOLI-OF	APP: IBM Tivoli Management Framework Overflow
HIGH	HTTP:PROXY:SQUID-ESI-BO	HTTP: Squid Proxy ESI Component Stack Buffer Overflow
MEDIUM	APP:UPNP:DLINK-SEARCH-NOTIFY	APP: D-Link Router SEARCH/NOTIFY Buffer Overflow
CRITICAL	CHAT:ICQ:ISS-BLACKICE-OF	ICQ: ISS BlackIce ICQ Decoder META_USER Buffer Overflow
HIGH	HTTP:STC:IE:UNINIT-MEM-CORR	HTTP: Microsoft Internet Explorer Uninitialized Memory Corruption (CVE-2010-2559)
HIGH	APP:IBM:INFORMIX-CMD-OF	APP: IBM Informix Dynamic Server Command Argument Processing Stack Overflow
HIGH	APP:CITRIX:PROVISIONING-OPCODE	APP: Citrix Provisioning Services Opcode Stack Buffer Overflow
HIGH	APP:HPOV:NNM-DISPLAYWIDTH-BOF	APP: HP OpenView Network Node Manager displayWidth Buffer Overflow
MEDIUM	DB:ORACLE:TNS:DBMS-OF	DB: Oracle DBMS Overflow
HIGH	HTTP:STC:DL:QT-TEXML-BOF	HTTP: Apple QuickTime TeXML Parsing Buffer Overflow
HIGH	HTTP:STC:DL:GOOGLE-GO-CI	HTTP: Google Golang Get Command Injection
HIGH	APP:CITRIX:XENAPP-XML-RCE	APP: Citrix XenApp and XenDesktop XML Service Interface Remote Code Execution
HIGH	HTTP:STC:STREAM:QT-MAL-SMIL	HTTP: Apple QuickTime Malformed SMIL File
HIGH	HTTP:MISC:DLINK-CAPTCHA-BO	HTTP: D-Link Wireless Router CAPTCHA Data Processing Buffer Overflow
HIGH	APP:HPOV:NNM-LOGIN-BOF	APP: HP OpenView Network Node Manager ovsessionmgr.exe Buffer Overflow
HIGH	HTTP:STC:IE:MEMCORRUPT2	HTTP: Internet Explorer HTML Objects Memory Corruption (2)
HIGH	DB:MYSQL:COM-FIELD-LIST-BO	DB: Oracle MySQL Database COM_FIELD_LIST Buffer Overflow
HIGH	APP:HPOV:NNM-EXECVP-NC-OF	APP: HP OpenView Network Node Manager webappmon.exe execvp_nc Buffer Overflow
HIGH	HTTP:SYBASE-AGSOAP-EXE-BOF	HTTP: Sybase M-Business Anywhere agSoap.exe Closing Tag Buffer Overflow
HIGH	DB:DB2:XML-QUERY-OF	DB: IBM DB2 XML Query Overflow
HIGH	HTTP:LIBGD-HEAP-BO	HTTP: GD Library libgd gd_gd2.c Heap Buffer Overflow
CRITICAL	DB:ORACLE:ORACLE-DSI	DB: Oracle Database DBMS_SNAP_INTERNAL Package Buffer Overflow
HIGH	HTTP:EXPLOIT-KIT-STYX-PLU	HTTP: Styx Exploit Kit Plugin Detection Connection
HIGH	HTTP:FOXIT-FF-URL-STG-BO	HTTP: Foxit Reader Plugin for Firefox URL String Stack Buffer Overflow
CRITICAL	DB:ORACLE:SYS:PBSDE-INIT-OF	DB: Oracle sys.pbsde.init Procedure Buffer Overflow
HIGH	HTTP:CGI:NAGIOS-HISTORY-PRM-BO	HTTP: Nagios history.cgi Parameter Buffer Overflow
HIGH	DB:ORACLE:SDO_CS-TRANS-OF	DB: Oracle SDO_CS.TRANSFORM_LAYER Buffer Overflow
HIGH	APP:NOVELL:HTTP-NOVELL-REDIRECT	APP: Novell eDirectory HTTP Server Redirection Buffer Overflow
MEDIUM	FTP:OVERFLOW:WINFTP-DATA-OF	FTP: WinFtp Server Data Handling Denial of Service
MEDIUM	HTTP:SQL:INJ:OVERSIZE-STATEMENT	HTTP: Oversized Cast And Convert Statement Possible SQL Injection Obfuscation
HIGH	HTTP:PHP:APACHE-RQST-HEADER-BO	HTTP: PHP apache_request_headers Buffer Overflow
HIGH	NTP:CRYPTO-NAK-AUTH-BYPASS	NTP: Network Time Protocol Daemon crypto-NAK Authentication Bypass
HIGH	HTTP:MISC:HP-SYS-IPRANGE-OF	HTTP: HP System Management Homepage iprange Stack Buffer Overflow
HIGH	HTTP:OVERFLOW:HP-POWERMAN-OF	HTTP: HP Power Manager Login Buffer Overflow
HIGH	IMAP:IPSWITCH:DELETE-OF	IMAP: IPSwitch IMAP Server DELETE Overflow
HIGH	APP:MDAEMON:SEND-OF	SMTP: MDaemon Mail Server Overflow
HIGH	FTP:MS-FTP:IIS-BOF	FTP: IIS Buffer Overflow
HIGH	HTTP:EFS-FILE-SERVER-BO	HTTP: EFS Software Easy File Sharing Web Server Stack Buffer Overflow
HIGH	HTTP:STC:ITUNES-HANDLER-OF	HTTP: Apple iTunes Handler Stack Buffer Overflow
HIGH	APP:CVE-2017-5789-OV	APP: HPE LoadRunner and Performance Center libxdrutil.dll mxdr_string Heap Buffer Overflow
HIGH	TFTP:HP-MGMT-TFTP-DATA-OF	TFTP: HP Intelligent Management Center TFTP Server DATA and ERROR Packets Buffer Overflow
CRITICAL	DB:ORACLE:ODCITABLESTART-OF	DB: Oracle Database SYS.OLAPIMPL_T Package ODCITABLESTART Buffer Overflow
HIGH	HTTP:STC:ADOBE:PHOTOSHOP-ASSET	HTTP: Adobe Photoshop Asset Elements Stack Buffer Overflow
CRITICAL	HTTP:OVERFLOW:SYBASE-WEBCONSOLE	HTTP: Sybase EAServer WebConsole Buffer Overflow
HIGH	TFTP:OPEN-TFTP-SERVER-ERROR-BO	TFTP: OpenTFTP Server Error Packet Handling Buffer Overflow
HIGH	HTTP:WEBLOGIC:BEA-BOF	HTTP: BEA Weblogic Buffer Overflow
HIGH	NTP:NTPQ-DECODEARR-BO	NTP: Network Time Protocol ntpq decodearr Stack-based Buffer Overflow
CRITICAL	APP:CA:ARCSRV:BME-OP-117	APP: CA BrightStor ARCserve Backup Message Engine Opcode 117 Buffer
HIGH	HTTP:STC:DL:MSWMM-OF	HTTP: Microsoft Windows Movie Maker and Producer Buffer Overflow
HIGH	SMTP:MAL:LOTUS-MAILTO	SMTP: IBM Lotus Domino nrouter.exe iCalendar MAILTO Stack Buffer Overflow
HIGH	HTTP:STC:JAVA:DOCBASE-BOF	HTTP: Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow
HIGH	APP:REAL:RAM-FILE-OF	APP: RealMedia RAM File Processing Buffer Overflow
HIGH	HTTP:STC:ADOBE:ACROBAT-OOB	HTTP: Adobe Acrobat ImageConversion PCX Parsing Out-Of-Bounds Write
MEDIUM	SMTP:IIS:CDO-OF	SMTP: Collaboration Data Objects Vulnerability
HIGH	CHAT:IRC:MIRC-PRIVMSG	IRC: mIRC PRIVMSG Buffer Overflow
HIGH	APP:HPOV:OVWEBSNMPSRV-OF	APP: HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Buffer Overflow
HIGH	HTTP:PROXY:SQUID-NTLM-OF	HTTP: Squid NTLM Authentication Overflow
HIGH	HTTP:STC:DL:MS-VISIO-DXF-BO	HTTP: Microsoft Visio 2010 DXF File Format Buffer Overflow
HIGH	APP:UPNP:LIBUPNP-ROOT-DSN-BOF	APP: Portable SDK for UPnP Devices libupnp Root Device Service Name Stack Buffer Overflow
HIGH	APP:UPNP:LIBUPNP-UUID-BOF	APP: Portable SDK for UPnP Devices libupnp UUID Service Name Stack Buffer Overflow
HIGH	APP:UPNP:LIBUPNP-DSN-BOF	APP: Portable SDK for UPnP Devices libupnp Device Service Name Stack Buffer Overflow
CRITICAL	APP:VERITAS:NETBACKUP-BPCD	APP: Veritas Netbackup BPCD
MEDIUM	HTTP:CISCO:CSUSERCGI-BOF	HTTP: Cisco User-Changeable Password CSuserCGI.exe Buffer Overflow
HIGH	MS-RPC:OF:ADVANTECH-WEBACS-BOF	MS-RPC: Advantech WebAccess Client bwswfcfg Stack-based Buffer Overflow
HIGH	HTTP:STC:ADOBE:READER-WKT-BO	HTTP: Adobe Reader Well-Known Text Buffer Overflow
HIGH	APP:CITRIX:STREAMPROCESS-BOF	APP: Citrix Provisioning Services streamprocess.exe Component Buffer Overflow
HIGH	HTTP:STC:DL:OO-OLE	HTTP: OpenOffice OLE File Stream Buffer Overflow
HIGH	HTTP:DOS:DRUPAL-XML-RPC-IEE	HTTP: Drupal Core XML-RPC Endpoint Internal Entity Expansion Denial of Service
HIGH	HTTP:STC:DISK-PULSE-BO	HTTP: Flexense DiskPulse Client Import Stack Buffer Overflow
HIGH	HTTP:STC:IE:MOUSE-MOVE-MEM	HTTP: Microsoft Internet Explorer Uninitialized Memory Corruption (CVE-2010-0267)
HIGH	FTP:OVERFLOW:MS-IE-FTP-RES-MC	FTP: Microsoft Internet Explorer FTP Response Parsing Memory Corruption
HIGH	MS-RPC:OF:MSG-QUEUE-3	MS-RPC: Message Queue Overflow (3)
HIGH	VOIP:SIP:DIGIUM-ASTERSK-BO	VOIP: Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow
HIGH	APP:NOVELL:NMAP-NETMAIL-STOR	APP: Novell Netmail Stor Overflow
HIGH	HTTP:MISC:WAVELINK-HDR-PARSE-BO	HTTP: Wavelink Emulation License Server HTTP Header Processing Buffer Overflow
HIGH	APP:HPOV:OVDLL-OVBUILDPATH-BOF	APP: HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
HIGH	SMB:NETBIOS:CVE-2017-0004-MC	SMB: Microsoft Windows CVE-2017-0004 Memory Corruption
HIGH	FTP:OVERFLOW:FREE-FTPD-PASS	FTP: freeFTPd PASS Command Buffer Overflow
MEDIUM	APP:NOVELL:ZENWORKS-TFTPD-RCE	APP: Novell ZENworks Desktop Management on Linux TFTPD Code Execution
HIGH	FTP:OVERFLOW:CMD-OF	FTP: Command Overflow
CRITICAL	APP:HPOV:OID-OF	APP: HP OpenView NNM snmp.exe Long OID Parameter
HIGH	HTTP:STC:DL:MAL-PLF	HTTP: Malformed Play List File (PLF)
HIGH	APP:HP-DATA-PROTECTOR-SIGN-DOS	APP: HP Data Protector Media Operations SignInName Parameter Denial of Service
HIGH	HTTP:MAL-CNC-SRVREQ	HTTP: Malware Command and Control Communication Request Detected
HIGH	HTTP:STC:JAVA:JNLP-CHARSET-OF	HTTP: Sun Java Web Start Charset Encoding Overflow
HIGH	HTTP:CGI:RSA-AGENT-BOF	HTTP: RSA Agent Redirect Overflow
HIGH	HTTP:STC:DL:MAL-MIC-BICLRUSED	HTTP: Windows Graphics Rendering Engine MIC File Malformed biClrUsed Parameter
HIGH	FTP:FREEFLOAT-CMD-BO	FTP: FreeFloat FTP Server Invalid Command Buffer Overflow
HIGH	HTTP:EK-RIG-OUT-COMMUNICATION	HTTP: Rig Exploit Kit Outbound Communication Attempt
HIGH	HTTP:OVERFLOW:EFS-FILE-SERVE-BO	HTTP: EFS Software Easy File Sharing Web Server sendemail.ghp Stack Buffer Overflow
HIGH	HTTP:WEBLOGIC:ENCODING	HTTP: BEA Weblogic Encoding Value Overflow
HIGH	HTTP:OVERFLOW:OVWEBHELP-BO	HTTP: HP OpenView Network Node Manager OvWebHelp.exe CGI Buffer Overflow
HIGH	TROJAN:CRYPTOWALL-DOCS-CAMP	TROJAN: Cryptowall docs Campaign Encrypted Binary Detected
CRITICAL	HTTP:STC:DIRECTSHOW-AVI-EXEC	HTTP: Microsoft Windows DirectShow AVI File Code Execution
HIGH	MS-RPC:OF:ADVANTECH-WA-BO	MS-RPC: Advantech WebAccess SCADA Buffer Overflow
HIGH	APP:ORACLE:GOLDENGATE-SOAP-OF	APP: Oracle GoldenGate Veridata Server XML SOAP Request Buffer Overflow
CRITICAL	APP:WINMEDIASRV-RCE	APP: Microsoft Windows Media Service Remote Code Execution
HIGH	DB:POSTGRESQL:CHANGE-PASS-BO	DB: PostgreSQL Database Password Change Stack Buffer Overflow
HIGH	HTTP:OVERFLOW:MICROFOCUS-PST-OF	HTTP: Micro Focus GroupWise Post Office Agent Integer Overflow
HIGH	HTTP:OVERFLOW:WECON-LEVIS-HOF	HTTP: WECON LeviStudio Address Name Heap Buffer Overflow
HIGH	HTTP:ABB-PANEL-BLDR-BO	HTTP: ABB Panel Builder 800 Comli CommandLineOptions Stack-based Buffer Overflow
HIGH	HTTP:ALTN-SG-OF	HTTP: Alt-N Security Gateway Overflow
HIGH	APP:IBM:TIVOLI-FASTBACK-OF	APP: IBM Tivoli Storage Manager FastBack Mount Stack Buffer Overflow
HIGH	IMAP:OVERFLOW:MAILENABLE-OF	IMAP: MailEnable Status Overflow
HIGH	HTTP:DOMINO:ACCEPT-LANG-OF	HTTP: Lotus Domino Accept Language Overflow
HIGH	APP:CA:ARCSRV:SQL-OF	APP: Computer Associates BrightStor ARCserve Backup Buffer Overflow
HIGH	APP:HP-PM-EXP-DATA-LOGS	APP: HP Power Manager formExportDataLogs Buffer Overflow
HIGH	APP:IBM:LDAP-MODIFYREQUEST-BO	APP: IBM Domino LDAP Server ModifyRequest Stack Buffer Overflow
HIGH	IMAP:EMPHASISMINE	IMAP: Shadow Brokers - EMPHASISMINE
HIGH	HTTP:MISC:OMRON-CX-SBO	HTTP: OMRON CX-One CX-FLnet cdmapi32 wcscpy Stack-based Buffer Overflow
HIGH	APP:CA:ARCSRV:MEDIASERVER-BO1	APP: Computer Associates BrightStor ARCserve Media Server Buffer Overflow1
HIGH	TROJAN:BEACON-CNC	TROJAN: Beacon Command and Control Traffic
HIGH	HTTP:MISC:SUPERMICRO-LOGIN-BO	HTTP: SuperMicro IPMI login.cgi Buffer Overflow
HIGH	IMAP:OVERFLOW:MAILENABLE-OF-2	IMAP: MailEnable Select Overflow
HIGH	HTTP:MISC:ORMON-CXM-SBO	HTTP: OMRON CX-One CX-Motion Stack-based Buffer Overflow
HIGH	HTTP:STC:DL:DIRECTX-SAMI	HTTP: Microsoft DirectX SAMI File Parsing Code Execution
HIGH	APP:HPOV:SNMPVIEWER-APP-OF	APP: HP OpenView NNM snmpviewer.exe App Parameter Stack Buffer Overflow
HIGH	MS-RPC:ADVTC-WEBSCADA-BO	MS-RPC: Advantech WebAccess SCADA bwmakdir Stack-based Buffer Overflow
HIGH	HTTP:STC:SCRIPT:OBFUSCATED	HTTP: Javascript Obfuscated Page
HIGH	HTTP:WECON-LEVISTUDIO-BO	HTTP: WECON LeviStudio Multiple Buffer Overflow
HIGH	SMB:MS-CVE-2017-0144-MC	SMB: Microsoft Windows SMB Server SMBv1 Memory Corruption
HIGH	HTTP:STC:DL:MAL-ASX-OF	HTTP: ASX Malformed File Remote Stack Buffer Overflow
CRITICAL	SSL:OVERFLOW:KEY-ARG-NO-ENTROPY	SSL: OpenSSL KEY_ARG No Entropy
MEDIUM	HTTP:STC:MS-WIN-GDI-ID	HTTP: Microsoft Windows Graphics Device Interface Information Disclosure
HIGH	HTTP:PERL-TAR-ZIP-FO	HTTP: Perl Archive Tar and ZIP Arbitrary File Overwrite
HIGH	HTTP:DIGIUM-ASTERISK-BO	HTTP: Digium Asterisk Management Interface HTTP Digest Authentication Stack Buffer Overflow
HIGH	FTP:OVERFLOW:S2C-PATH-OF	FTP: FlashGet FTP PWD Command Stack Buffer Overflow
HIGH	HTTP:IIS:ASPX-URL-1	HTTP: IIS Crafted ASP URL Request1
HIGH	HTTP:STC:WECON-LEVI-SBO	HTTP: WECON LeviStudio InstallmentSet InstallmentTrigAddOpen Stack Buffer Overflow
CRITICAL	HTTP:NOVELL:NETMAIL-WEBADMIN	HTTP: Novell NetMail WebAdmin Username Stack Buffer Overflow
CRITICAL	OS:LINUXX86:NETFILTER-IPTBLE-BO	OS: Linux Kernel Netfilter iptables-restore Buffer Overflow
HIGH	HTTP:STC:NTP-DECODENETNUM-AF	HTTP: Network Time Protocol Daemon decodenetnum Assertion Failure
HIGH	SSL:OPENSSL-CVE-2017-3730	SSL: OpenSSL invalid Diffie-Hellman Parameter NULL Pointer Dereference
MEDIUM	TFTP:TRANSPORT-BOF	TFTP: Multiple Vendors TFTP Transporting Mode Remote Buffer Overflow Vulnerability
HIGH	APP:BLUECOAT-AAA-OF	APP: Blue Coat Authentication and Authorization Agent Overflow
HIGH	APP:HPOV:NNM-RPING-BOF	APP: HP OpenView Network Node Manager rping Stack Buffer Overflow
HIGH	HTTP:STC:MS-IE-IFRAME-BO	HTTP: Microsoft Internet Explorer Iframe Buffer Overflow
HIGH	HTTP:STC:DL:COOLPLAYER-PLAYLIST	HTTP: CoolPlayer Playlist File Handling Buffer Overflow
CRITICAL	FTP:SERVU:CHMOD-OVERFLOW	FTP: ServU CHMOD Filename Overflow
HIGH	IMAP:OVERFLOW:IBM-DOMINO-OF	IMAP: IBM Domino IMAP Mailbox Name Stack Buffer Overflow
HIGH	HTTP:XIPH-CAST-URL-AUTH-1	HTTP: Xiph.org Icecast Server auth_url Stack Buffer Overflow (1)
HIGH	RTSP:OVERFLOW:RTSP-CONTENT	RTSP: Apple QuickTime RTSP Content-Type Overflow
HIGH	APP:NOVELL:INTERNET-AGENT-BOF	APP: Novell GroupWise Internet Agent Buffer Overflow
HIGH	HTTP:STC:ADOBE:CVE-2017-16416CE	HTTP: Adobe Acrobat Reader CVE-2017-16416 Remote Code Execution
MEDIUM	TELNET:DOS:GAMSOFT	Telnet: GAMSoft Telsrv DoS
HIGH	HTTP:EK-ANGLER-RELAY-TRAFFIC	HTTP: Angler Exploit Kit Relay Traffic Detected1
HIGH	SMTP:OVERFLOW:MAILENABLE-BO	SMTP: MailEnable SMTP Authentication Buffer Overflow
HIGH	HTTP:STC:IMG:MAL-EMF	HTTP: Malformed EMF File
HIGH	VOIP:SIP:SDP:HDR-BOF	VOIP: Digium Asterisk SIP SDP Header Parsing Stack Buffer Overflow
MEDIUM	IMAP:OVERFLOW:MAILENABLE-APPEND	IMAP: MailEnable Append Buffer Overflow Vulnerability
HIGH	HTTP:MULTI-EK-32ALPHA-REQ	HTTP: Multiple Exploit Kit 32 Alpha JAR Request
HIGH	HTTP:DIR:FILEMGR-DIRTRV	HTTP: Responsive FileManager Zip Directory Traversal
CRITICAL	APP:CITRIX:PROVISIONINGSERV-UF	APP: Citrix Provisioning Services streamprocess.exe Integer Underflow
HIGH	DB:MYSQL:GRANT-FILE-BO	DB: Oracle MySQL Grant File Stack Buffer Overflow
HIGH	HTTP:EK-MULTIPLE-FLASH	HTTP: Multiple Exploit Kit Flash File Download
HIGH	HTTP:STC:STREAM:GDI-WMF-HEADER	HTTP: Microsoft Windows GDI WMF File HeaderSize Buffer Overflow
HIGH	DB:MYSQL:COMMANDS-BO	DB: Oracle MySQL Multiple Commands Heap Buffer Overflow
MEDIUM	HTTP:STC:DL:GDI-WMF-ID	HTTP: Microsoft Graphics Component CVE-2018-8472 Information Disclosure
HIGH	HTTP:PHP:CVE-2016-10159-IOV	HTTP: PHP phar_parse_pharfile Function filename_len Property Integer Overflow
HIGH	DB:ORACLE:XML-SCHEMA-OF	DB: Oracle XML SCHEMA Overflow
HIGH	APP:HPOV:NNMI-BO	APP: HP Network Node Manager(NNMi) ovopi.dll Options Handling Remote Buffer Overflow
HIGH	APP:NOVELL:GROUPWISE-WA	APP: Novell GroupWise WebAccess HTTP Basic Authentication Buffer Overflow
HIGH	HTTP:STC:DL:VISIO-OBJ-CONFUSION	HTTP: Microsoft Visio Object Type Confusion Remote Code Execution
HIGH	APP:EMC-AUTOSTART-BOF	APP: EMC AutoStart Error Logging Stack Buffer Overflow
MEDIUM	HTTP:STC:MOZILLA:MOZ-FLOAT-OF	HTTP: Mozilla Firefox Floating Point Number Conversion Memory Corruption
MEDIUM	HTTP:STC:RHINO-HDR-OF	HTTP: Rhino Software Serv-U Server HTTP Request Handling Buffer Overflow
CRITICAL	IMAP:OVERFLOW:MERCURY-LOGIN	IMAP: Mercury Login Buffer Overflow
HIGH	APP:ORACLE:CVE-2017-10278-OF	APP: Oracle Tuxedo Jolt Protocol CVE-2017-10278 Heap Buffer Overflow
HIGH	HTTP:STC:PPT-CRAFTED-PATH	HTTP: Microsoft Office PowerPoint File Path Handling Buffer Overflow
HIGH	HTTP:IBM-INFORMIX-DS-BO	HTTP: IBM Informix Dynamic Server index.php testconn Heap Buffer Overflow
HIGH	APP:ORACLE:OUTSIDE-JPEG2-CODCOC	APP: Oracle Outside In JPEG 2000 COD and COC Parameter Heap Buffer Overflow
HIGH	APP:MISC:AVAYA-WINPDM	APP: Avaya Windows Portable Device Manager Buffer Overflow
HIGH	APP:HPOV:NNM-GETNNMDATA-OF	APP: HP OpenView Network Node Manager getnnmdata.exe Parameter Overflow
HIGH	HTTP:NOVELL:GROUPWISE-NETAGT-BO	HTTP: Novell GroupWise Internet Agent HTTP Interface Stack Buffer Overflow
HIGH	HTTP:MISC:DISKPULSE-SERVER-BO	HTTP: Disk Pulse Enterprise Server HttpParser Buffer Overflow
HIGH	DNS:REPERR:NAPRT-IOF	DNS: Name Authority Pointer Integer Overflow
HIGH	HTTP:IIS:ISAPI-IDA-OVERFLOW	HTTP: IIS .ida ISAPI Buffer Overflow
HIGH	APP:MISC:BIGANT-DDNF-BO	APP: BigAnt Server DDNF Request Stack Buffer Overflow
HIGH	HTTP:OFFICESCAN-CGIRECVFILE	HTTP: Trend Micro OfficeScan Server cgiRecvFile Buffer Overflow
HIGH	HTTP:STC:DL:QT-SMIL-FILEHAND	HTTP: Apple QuickTime SMIL File Handling Integer Overflow
HIGH	HTTP:STC:DL:EMF-IMG-FILE-RCE	HTTP: Microsoft Windows Graphic Component EMF Image File Processing Remote Code Execution
HIGH	MS-RPC:DCE-RPC-ADVANTECH-RCE	MS-RPC: Advantech Webaccess webvrpcs Directory Traversal Remote Code Execution
HIGH	VNC:OVERFLOW:ULTRAVNC-HEAP	VNC: UltraVNC VNC Server File Transfer Offer Handler Heap-based Buffer Overflow
CRITICAL	HTTP:MISC:MCAFFEE-SRV-HDR	HTTP: McAfee Server Header Overflow
HIGH	HTTP:STC:DL:WMF-HEAPOF	HTTP: Windows Metafile Heap Overflow
CRITICAL	NNTP:OVERFLOW:XPAT-PATTERN	NNTP: XPAT Pattern Overflow
HIGH	HTTP:FLEXENSE-VX-SEARCH-BO	HTTP: Flexense VX Search Enterprise add_command Buffer Overflow
HIGH	SMTP:EMAIL:RELAY-ADDR-OF	SMTP: Relay E-Mail Address Overflow
HIGH	HTTP:STC:DL:MAL-WOFF	HTTP: Mozilla Firefox WOFF Font Processing Integer Overflow
HIGH	APP:NOVELL:GROUPWISE-ADDRESS	APP: Novell GroupWise Addressbook Heap Buffer Overflow
HIGH	APP:ABB-NETSCANHOST-OF	APP: ABB Products RobNetScanHost.exe Stack Buffer Overflow
HIGH	HTTP:STC:DL:KINGVIEW-LOGFILE-BO	HTTP: WellinTech KingView KingMess Log File Parsing Buffer Overflow
HIGH	SMTP:MAL:LOTUS-MIF-VIEWER	SMTP: IBM Lotus Notes MIF Attachment Viewer Buffer Overflow
HIGH	APP:REAL:RMP-FILE-OF	APP: RealNetworks RealPlayer RMP File Buffer Overflow
MEDIUM	HTTP:PROXY:SQUID-DOS	HTTP: Squid Proxy Processing Denial of Service
CRITICAL	IMAP:IPSWITCH:SEARCH-DATE	IMAP: Ipswitch IMail Server IMAP SEARCH Command Date String Stack Overflow
HIGH	HTTP:EK-REDKIT-LP2	HTTP: Redkit Exploit Kit Landing Page 2
HIGH	HTTP:EK-UNIX-BACKDOOR-CDORKED	HTTP: Unix Backdoor Cdorked Blackhole Request Attempt
HIGH	RPC:DCERPC:ARB-FILE-DEL	RPC: Advantech WebAccess webvrpcs Arbitrary File Deletion
HIGH	APP:CA:ARCSRV:TAPE-ENGINE-DOS	APP: CA ARCserve Backup Tape Engine Denial of Service
HIGH	HTTP:EK-COTTONCASTLE-JAVA-OC	HTTP: CottonCastle Exploit Kit Java Outbound Connection
HIGH	HTTP:EK-COTTONCASTLE-JAVA-CONN	HTTP: CottonCastle Exploit Kit Java Outbound Connection 1
HIGH	HTTP:EK-COTTONCASTLE-DECRYPT-OR	HTTP: CottonCastle Exploit Kit Decryption Page Outbound Request
HIGH	IMAP:OVERFLOW:MAILENABLE-OF-3	IMAP: MailEnable IMAP Overflow (3)
HIGH	HTTP:STC:ADOBE:CVE-2018-12788CE	HTTP: Adobe Acrobat Reader CVE-2018-12788 Remote Code Execution
HIGH	HTTP:EK-FLASHPACK-SAFE-CRITX	HTTP: Flashpack/Safe/CritX Exploit Kit Executable Download
HIGH	HTTP:EK-FLASHPACK-SAFE-JAR	HTTP: Flashpack/Safe/CritX Exploit Kit Jar File Download
HIGH	HTTP:EK-URI-MALREQ	HTTP: Exploit Kit URI Request For Known Malicious URI
HIGH	HTTP:EK-DOTKACHEF-MAL-CAMP	HTTP: DotkaChef/Rmayana/DotCache Exploit Kit Malvertising Campaign
HIGH	HTTP:NOVELL:IMANAGER-TOMCAT-BOF	HTTP: Novell iManager Tomcat Buffer Overflow
HIGH	TROJAN:FILEENCODER-CNC	TROJAN: FileEncoder Variant Outbound Connection Detected
HIGH	HTTP:NUCLEAR-EK-BIN-DL	HTTP: Nuclear Pack Exploit Kit Binary Download
HIGH	HTTP:STC:REPRISE-PARAM-PARSE-BO	HTTP: Reprise License Manager HTTP Parameter Parsing Buffer Overflow
HIGH	HTTP:STC:IE:EVENT-HANDLER-RCE	HTTP: Microsoft Internet Explorer Event Handler Remote Code Execution
HIGH	SMB:OF:MS-BROWSER-ELECT	SMB: Microsoft Windows BROWSER ELECTION Buffer Overflow
HIGH	HTTP:STC:IE:MERGE-ATTRIB	HTTP: Microsoft Internet Explorer DOM mergeAttributes Memory Corruption
HIGH	TELNET:OVERFLOW:BSD-ENCRY-KEYID	TELNET: Multiple Vendors BSD telnetd Encryption Key Buffer Overflow
HIGH	APP:HPOV:NNM-SNMP-HOST	APP: HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow
HIGH	HTTP:EK-FIESTA-REDIRECTION	HTTP: Fiesta Exploit Kit Redirection
HIGH	HTTP:MISC:BLUECOAT-HOST-HDR-OF	HTTP: Blue Coat Host Header Overflow
HIGH	APP:MISC:HICP-HOSTNAME	APP: IntelliCom NetBiter Config Utility Hostname Buffer Overflow
HIGH	HTTP:CRITX-EK-JAVA-DL	HTTP: CritX Exploit Kit Java Exploit Download Attempt
HIGH	HTTP:EK-ANGLER-JAVA-REQ	HTTP: Angler Exploit Kit Outbound Oracle Java Request
HIGH	HTTP:EK-HELLSPAWN-JAVA-REQ	HTTP: Hellspawn Exploit Kit Outbound Oracle Java Jar Request
CRITICAL	HTTP:OVERFLOW:OPENVIEW-NNM-BO	HTTP: HP OpenView Network Node Manager Buffer Overflow
HIGH	HTTP:CRITX-EK-PE-DL	HTTP: CritX Exploit Kit Portable Executable Download
HIGH	HTTP:JDB-EK-LANDPAGE	HTTP: JDB Exploit Kit Landing Page Retrieval
HIGH	HTTP:STC:IE:CVE-2014-0271-MC	HTTP: Microsoft Internet Explorer CVE-2014-0271 Memory Corruption
HIGH	DB:SYBASE:OPEN-SERVER-CE	DB: Sybase Open Server Function Pointer Array Code Execution
HIGH	HTTP:NNMRPTCONFIG-EXE-RCE	HTTP: HP OpenView Network Node Manager nnmRptConfig.exe schd_select1 Remote Code Execution
HIGH	HTTP:JAVAUA-PE-DL-EK	HTTP: Java UA PE Download Exploit Kit Behavior
CRITICAL	HTTP:STC:DL:WORDPAD-FONT-CONV	HTTP: Microsoft Wordpad Font Conversion Buffer Overflow
HIGH	IMAP:IPSWITCH:STATUS-OF	IMAP: IPSwitch IMAP Server STATUS Overflow
HIGH	HTTP:EK-ANGLER-LP-2	HTTP: Angler Exploit Kit Landing Page2
CRITICAL	RPC:EMC-LEGATO-NW-OF	RPC: EMC Legato NetWorker Overflow
HIGH	SMB:CVE-2017-11885-RCE	SMB: Windows CVE-2017-11885 Remote Code Execution
HIGH	APP:INGRES:DB-COMM-SVR-OF	APP: Ingress Database Communications Server Overflow
CRITICAL	HTTP:NOVELL:REPORTER-AGENT	HTTP: Novell File Reporter Agent XML Parsing Remote Code Execution
HIGH	APP:TMIC:OFFICESCAN-PW-OF	APP: Trend Micro OfficeScan Password Data Buffer Overflow
HIGH	RTSP:DESCRIBE-BOF	RTSP: RealNetworks Helix Server RTSP DESCRIBE Heap Buffer Overflow
HIGH	MS-RPC:OF:ADVANTECH-WEB-SCADA	MS-RPC: Advantech WebAccess SCADA bwnodeip Stack-based Buffer Overflow
HIGH	HTTP:STC:GNU-LIBEXTRACTOR-OOB	HTTP: GNU Libextractor ZIP File Comment Out-of-Bounds Read
HIGH	APP:HPOV:OPE-AGENT-CODA-BO	APP: HP Operations Agent Opcode coda.exe Buffer Overflow
HIGH	HTTP:STC:SCRIPT:EVAL-OBFUSC	HTTP: Javascript eval Obfuscation Technique
HIGH	HTTP:STC:DL:VISIO-VSD-MEM	HTTP: Microsoft Visio VSD File Format Memory Corruption Remote Code Execution
HIGH	HTTP:STC:DL:MAL-MEDIA-RCE	HTTP: Malformed Media Files Processing Remote Code Execution
HIGH	HTTP:EK-STYX-LP-3	HTTP: Styx Exploit Kit Landing Page 3
HIGH	HTTP:EK-FLASH-DWNLD	Multiple exploit kit flash file download
HIGH	APP:HPOV:NNMRPTCONG-TEMPL	APP: HP OpenView Network Node Manager nnmRptConfig.exe Template Buffer Overflow
HIGH	SMTP:OVERFLOW:NTLM-AUTH-OF	SMTP: MailEnable NTLM Authentication Buffer Overflow

Details of the signatures included within this bulletin:

HTTP:EK-BLACKHOLE-V2-LP1 - HTTP: Blackholev2/Darkleech Exploit Kit Landing Page 1

Severity: HIGH

Description:

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

HTTP:STC:REPRISE-PARAM-PARSE-BO - HTTP: Reprise License Manager HTTP Parameter Parsing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Reprise License Manager. A successful exploit can lead to buffer overflow and arbitrary remote code execution within the context of the application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2015-6946

Affected Products:

Microfocus accurev -

HTTP:EK-MAGNITUDE-JNLP-REQ - HTTP: Magnitude/Popads/Nuclear Exploit Kit jnlp Request

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:MISC:CVE-2015-5718-BO - HTTP: Websense Triton Content Manager Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Websense Triton application. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the running server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Websense content_gateway 8.0.0

HTTP:EK-NUCLEAR-ORACLE-JAVA - HTTP: Nuclear/Magnitude Exploit Kit Oracle Java Exploit Download Attempt

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

TROJAN:BACKORIFICE:BO2K-CONNECT - TROJAN: Back Orifice 2000 Client Connection

Severity: HIGH

Description:

This signature detects connections between a Back Orifice 2000 (BO2K) client and server. This indicates that a BO2K client has made a successful connection to a server that is listening on the standard BO2K port. It allows a remote attacker to take control of the infected host.

Supported On:

References:

bugtraq: 1648
url: http://secunia.com/virus_information/4619
url: http://www.sarc.com/avcenter/venc/data/back.orifice2000.trojan.html
cve: CVE-1999-0660

Affected Products:

Qssl voyager 2.0.0 1B

HTTP:SNS-SDC-MUL - HTTP: SeaWell Networks Spectrum SDC Multiple Vulerabilities

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against SeaWell Networks Spectrum SDC. A successful attack can lead to Multiple vulnerabilities.

Supported On:

References:

Affected Products:

Seawell_networks spectrum_sdc 02.05.00

HTTP:EK-NUCLEAR-ORACLE-JAVA-1 - HTTP: Nuclear/Magnitude Exploit Kit Oracle Java Exploit Download

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:EK-NUCLEAR-IE-VULN-REQ - HTTP: Nuclear Exploit Kit Microsoft Internet Explorer Vulnerability Request

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:IIS:CVE-2017-7269-RCE - HTTP: Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 97127
cve: CVE-2017-7269

Affected Products:

Microsoft internet_information_server 6.0

APP:REMOTE:MS-WIN-RDP-RCE - APP: Microsoft Windows Remote Desktop Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Remote Desktop. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 52353
cve: CVE-2012-0002

Affected Products:

Microsoft windows_xp_professional
Microsoft windows_xp_home
Microsoft windows_7_for_x64-based_systems
Microsoft windows_7_for_32-bit_systems
Microsoft windows_vista Business SP2
Microsoft windows_vista_enterprise_64-bit_edition SP2
Microsoft windows_vista Enterprise SP2
Microsoft windows_vista_home_basic_64-bit_edition SP2
Microsoft windows_vista Home Basic SP2
Microsoft windows_vista_home_premium_64-bit_edition SP2
Microsoft windows_vista Home Premium SP2
Microsoft windows_vista SP2
Microsoft windows_vista_ultimate_64-bit_edition SP2
Microsoft windows_server_2008_standard_edition X64
Microsoft windows_vista_x64_edition SP2
Microsoft windows_server_2008_datacenter_edition SP2
Microsoft windows_server_2008_standard_edition SP2
Microsoft windows_7_home_premium - Sp1 X64
Microsoft windows_server_2008_for_32-bit_systems SP2
Microsoft windows_server_2008_for_itanium-based_systems SP2
Microsoft windows_server_2008_for_x64-based_systems SP2
Microsoft windows_server_2003_x64 SP2
Avaya meeting_exchange 5.0.0.0.52
Microsoft windows_server_2008_standard_edition R2
Microsoft windows_server_2008_datacenter_edition
Microsoft windows_server_2008_enterprise_edition
Microsoft windows_server_2008_standard_edition
Microsoft windows_vista Business SP1
Microsoft windows_vista Home Basic SP1
Microsoft windows_vista Home Premium SP1
Microsoft windows_vista Enterprise SP1
Microsoft windows_vista Ultimate SP1
Microsoft windows_vista_enterprise_64-bit_edition SP1
Microsoft windows_vista_home_basic_64-bit_edition SP1
Microsoft windows_vista_home_premium_64-bit_edition SP1
Microsoft windows_vista_ultimate_64-bit_edition SP1
Microsoft windows_server_2003_x64 SP1
Avaya aura_conferencing 6.0 Standard
Microsoft windows_server_2003_enterprise_edition_itanium SP2
Microsoft windows_server_2003_enterprise_edition_itanium Sp2 Itanium
Microsoft windows_vista_home_basic_64-bit_edition Sp1 X64
Microsoft windows_vista_home_basic_64-bit_edition Sp2 X64
Microsoft windows_vista_x64_edition
Microsoft windows_xp_professional_x64_edition SP2
Microsoft windows_server_2003_itanium
Microsoft windows_server_2003_itanium SP1
Microsoft windows_server_2003_itanium SP2
Microsoft windows_server_2003_datacenter_x64_edition SP2
Microsoft windows_server_2003_enterprise_x64_edition SP2
Microsoft windows_server_2003_standard_edition SP2
Avaya meeting_exchange 5.2
Microsoft windows_server_2008_r2_datacenter
Microsoft windows_7_home_premium - Sp1 X32
Avaya callpilot 4.0
Avaya callpilot 5.0
Avaya communication_server_1000_telephony_manager 3.0
Avaya communication_server_1000_telephony_manager 4.0
Avaya messaging_application_server 5.2
Avaya meeting_exchange 5.0 SP1
Avaya meeting_exchange 5.0 SP2
Avaya meeting_exchange 5.1 SP1
Microsoft windows_vista_x64_edition SP1
Microsoft windows_xp_64-bit_edition
Microsoft windows_xp_home SP1
Microsoft windows_xp_professional SP1
Microsoft windows_xp_professional SP3
Microsoft windows_xp_home SP3
Microsoft windows_server_2003_datacenter_edition SP1
Microsoft windows_server_2003_datacenter_edition_itanium SP1
Microsoft windows_server_2003_enterprise_edition_itanium SP1
Microsoft windows_server_2003_enterprise_edition SP1
Microsoft windows_server_2003_standard_edition SP1
Microsoft windows_server_2003_enterprise_edition
Microsoft windows_server_2003_datacenter_edition
Microsoft windows_server_2003_enterprise_edition_itanium
Microsoft windows_server_2003_datacenter_edition_itanium
Microsoft windows_server_2008_r2_x64
Microsoft windows_server_2008_r2_itanium
Microsoft windows_xp_service_pack_3
Avaya meeting_exchange 5.2 SP2
Microsoft windows_server_2008_r2_datacenter SP1
Microsoft windows_server_2008_r2_itanium SP1
Microsoft windows_server_2008_r2_x64 SP1
Microsoft windows_7_for_32-bit_systems SP1
Microsoft windows_7_for_x64-based_systems SP1
Microsoft windows_xp_64-bit_edition SP1
Microsoft windows_server_2008_for_x64-based_systems R2
Microsoft windows_server_2008_for_itanium-based_systems R2
Avaya aura_conferencing 6.0 SP1 Standard
Microsoft windows_server_2008 R2 SP1
Avaya meeting_exchange-client_registration_server
Avaya meeting_exchange-recording_server
Avaya meeting_exchange-streaming_server
Avaya meeting_exchange-web_conferencing_server
Avaya meeting_exchange-webportal
Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
Microsoft windows_server_2003_enterprise_edition_itanium SP1 Beta 1
Microsoft windows_server_2003_enterprise_edition SP1 Beta 1
Microsoft windows_server_2003 SP1
Microsoft windows_server_2003 SP2
Microsoft windows_vista Ultimate SP2
Microsoft windows_xp_home SP2
Microsoft windows_xp_professional SP2
Avaya meeting_exchange 5.2 SP1
Microsoft windows_vista SP1
Microsoft windows_7_home_premium
Microsoft windows_7_starter
Microsoft windows_7_professional
Microsoft windows_7_ultimate
Microsoft windows_server_2008_r2_standard_edition
Avaya meeting_exchange 5.0
Microsoft windows_server_2008_r2_enterprise_edition
Microsoft windows_server_2008_standard_edition Itanium
Microsoft windows_vista Ultimate
Microsoft windows_vista Home Premium
Microsoft windows_vista Home Basic
Microsoft windows_vista Enterprise
Microsoft windows_server_2003_standard_edition
Microsoft windows_server_2008_standard_edition R2 SP1
Avaya messaging_application_server 4
Avaya messaging_application_server 5
Avaya meeting_exchange 5.1
Microsoft windows_server_2003_standard_x64_edition
Microsoft windows_server_2003_enterprise_x64_edition
Microsoft windows_server_2003_datacenter_x64_edition
Microsoft windows_server 2008 R2
Microsoft windows_xp_professional_x64_edition
Microsoft windows_vista_enterprise_64-bit_edition
Microsoft windows_vista_home_basic_64-bit_edition
Microsoft windows_vista_home_premium_64-bit_edition
Microsoft windows_vista_ultimate_64-bit_edition
Microsoft windows_server_2008_for_32-bit_systems
Microsoft windows_server_2008_for_x64-based_systems
Microsoft windows_server_2008_for_itanium-based_systems
Microsoft windows 7

APP:MISC:PXESERVICE-UDP - APP: Fujitsu SystemcastWizard PXEService Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Fujitsu SystemcastWizard PXEService. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

bugtraq: 33342
cve: CVE-2009-0270

Affected Products:

Fujitsu systemcast_wizard_lite 1.8
Fujitsu systemcast_wizard_lite 1.8a
Fujitsu systemcast_wizard_lite 1.9
Fujitsu systemcast_wizard_lite 2.0
Fujitsu systemcast_wizard_lite 2.0a
Fujitsu systemcast_wizard_lite 1.7

HTTP:STC:DISK-PULSE-BO - HTTP: Flexense DiskPulse Client Import Stack Buffer Overflow

Severity: HIGH

Description:

A stack buffer overflow vulnerability has been reported in the client component of Disk Pulse Enterprise Server. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to download a malicious XML file and process it with the affected application. Successful exploitation allows the attacker to execute arbitrary code in the security context of the user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.zerodayinitiative.com/advisories/zdi-18-1109/

HTTP:STC:WECON-HEAP-OVERRUN - HTTP: WECON Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against WECON LeviStudio. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

HTTP:EK-NUCLEAR-ADOBE-FLASH-1 - HTTP: Nuclear/Magnitude Exploit Kit Adobe Flash Exploit Download

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:EK-ANGLER-OUT-URL - HTTP: Angler Exploit Kit Outbound URL Structure 1

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:STC:DL:WEBEX-RECORD-ATAS - HTTP: Cisco WebEx Recording Format Player atas32.dll Integer Overflow

Severity: HIGH

Description:

A code execution vulnerability exists in Cisco WebEx Recording Format (WRF) Player. This vulnerability is due to an integer overflow leading to a heap buffer overflow when processing WRF files. A remote unauthenticated attacker can leverage this vulnerability by crafting a WRF file and enticing the target user to view the malicious file. Successful exploitation would result in execution of arbitrary code on the target host in the context of the currently logged on user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 52882
cve: CVE-2012-1336

Affected Products:

Cisco webex_(linux) T27 L SP11 EP26
Cisco webex_(linux) T27 LB SP21 EP10
Cisco webex_(linux) T27 LC SP25 EP9
Cisco webex_(linux) T27 LD SP32
Cisco webex_(mac_os_x) T27 LC SP25 EP9
Cisco webex_(mac_os_x) T27 LB SP21 EP10
Cisco webex_(mac_os_x) T27 L SP11 EP26
Cisco webex_(windows) T27 L SP11 EP26
Cisco webex_(windows) T27 LB SP21 EP10
Cisco webex_(windows) T27 LC SP25 EP9
Cisco webex_(mac_os_x) T27 LD SP32
Cisco webex_(windows) T27 LD SP32

HTTP:EK-MUL-PAYLOAD-DOWN-1 - HTTP: Multiple Exploit Kit Payload Download 1

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

HTTP:EK-MULTIPLE-REDIRECTION-GT - HTTP: Multiple Exploit Kit Redirection Gate

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:EK-MAGNITUDE-ORACLE - HTTP: Magnitude Exploit Kit Oracle Java

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:EK-MAGNITUDE-JAVA - HTTP: Exploit Kit Magnitude Oracle Java

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:EK-MAGNITUDE-LANDING-PG - HTTP: Exploit Kit Magnitude Landing Page

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

HTTP:STC:ADOBE:CVE-2017-11308 - HTTP: Adobe Acrobat ImageConversion EMF Integer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Systems Acrobat reader. A successful attack can lead to a Integer overflow and arbitrary remote code execution within the security context of the user

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Adobe acrobat_2017 2017.011.30066
Adobe acrobat_reader_dc 2017.012.20098
Adobe acrobat_dc 2015.006.30355
Adobe acrobat_reader_2017 2017.011.30066
Adobe acrobat_reader_dc 2015.006.30355
Adobe acrobat_xi 11.0.22
Adobe reader_xi 11.0.22
Adobe acrobat_dc 2017.012.20098

SMTP:MULTIPLE-HYD-BOF - SMTP: Multiple SMTP Header Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Multiple SMTP Header. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Supported On:

idp-5.1.110161014, idp-4.1.110110719, idp-4.0.110090709, idp-4.0.110090831, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, vsrx3bsd-19.2, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, srx-branch-19.1, vsrx-15.1, idp-4.1.110110609, srx-branch-19.2, srx-19.2

References:

cve: CVE-2011-2662
bugtraq: 44732
bugtraq: 7419
cve: CVE-2003-0113
cve: CVE-2010-4715
cve: CVE-2011-2663

Affected Products:

Novell groupwise 8.0 (hp1)
Novell groupwise 8.0 (hp2)

HTTP:EK-NUCLEAR-POST-JAVA-COMP - HTTP: Nuclear/Magnitude Exploit Kit Post Java Compromise

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:STC:WIN-CCL-BOF - HTTP:Microsoft Windows Common Control Library Vulnerability

Severity: HIGH

Description:

This signature detects Web pages containing a dangerous SVG module. A malicious Web site can exploit a known vulnerability in Microsoft Windows Internet Explorer and gain control of the client browser.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Microsoft windows_7_for_32-bit_systems
Microsoft windows_7_for_x64-based_systems
Microsoft windows_vista SP1
Microsoft windows_server_2008_for_x64-based_systems R2
Microsoft windows_server_2008_for_itanium-based_systems R2
Microsoft windows_vista SP2
Microsoft windows_vista_x64_edition SP2
Microsoft windows_server_2008_for_32-bit_systems SP2
Avaya messaging_application_server
Microsoft windows_server_2008_for_x64-based_systems SP2
Avaya messaging_application_server MM 3.0
Avaya messaging_application_server MM 3.1
Microsoft windows_server_2008_for_itanium-based_systems SP2
Microsoft windows_server_2003_x64 SP2
Microsoft windows_xp_embedded SP3
Avaya messaging_application_server MM 1.1
Avaya meeting_exchange-client_registration_server
Avaya meeting_exchange-recording_server
Avaya meeting_exchange-streaming_server
Avaya meeting_exchange-web_conferencing_server
Avaya callpilot_unified_messaging
Microsoft windows_vista_x64_edition SP1
Avaya messaging_application_server 4
Avaya messaging_application_server 5
Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
Microsoft windows_xp_tablet_pc_edition SP3
Microsoft windows_xp_professional_x64_edition SP3
Microsoft windows_xp_professional SP3
Microsoft windows_xp_media_center_edition SP3
Microsoft windows_xp_home SP3
Avaya messaging_application_server MM 2.0
Microsoft windows_server_2003 SP2
Avaya communication_server_1000_telephony_manager
Avaya aura_conferencing 6.0 Standard
Avaya meeting_exchange-webportal
Avaya aura_conferencing 6.0
Microsoft windows_xp_professional_x64_edition SP2
Microsoft windows_server_2003_itanium SP2
Microsoft windows_server_2008_for_32-bit_systems
Microsoft windows_server_2008_for_x64-based_systems
Microsoft windows_server_2008_for_itanium-based_systems

APP:OBSERVICED-OF - APP: Oracle Secure Backup observiced.exe Buffer Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Oracle Secure Backup daemon. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 37733
url: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
cve: CVE-2010-0072

Affected Products:

Oracle oracle10g_enterprise_edition 10.2.0 .3
Oracle oracle10g_standard_edition 10.2.0 .3
Oracle oracle10g_personal_edition 10.2.0 .3

RTSP:HELIX-RN5AUTH - RTSP: RealNetworks Helix Server rn5auth Credential Parsing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the RealNetworks Helix Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

cve: CVE-2012-0942
bugtraq: 52929

Affected Products:

Real_networks helix_mobile_server 14.0
Real_networks helix_server 14.2.0.212

HTTP:STC:ADOBE:ACROBAT-OOB - HTTP: Adobe Acrobat ImageConversion PCX Parsing Out-Of-Bounds Write

Severity: HIGH

Description:

An out of bounds write vulnerability has been reported in the ImageConversion component of Adobe Acrobat. Successful exploitation of the vulnerability could lead to remote code execution under the context of the user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2017-3036

Affected Products:

Adobe reader 11.0.19
Adobe acrobat_dc 15.023.20070
Adobe acrobat 11.0.19
Adobe acrobat_reader_dc 15.006.30280
Adobe acrobat_reader_dc 15.023.20070
Adobe acrobat_dc 15.006.30280

APP:ABB-NETSCANHOST-OF - APP: ABB Products RobNetScanHost.exe Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in ABB Product. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Supported On:

References:

cve: CVE-2012-0245
bugtraq: 52123

Affected Products:

Abb pc_sdk 5.14.01
Abb robview_5
Abb pickmaster_5 5.13
Abb pickmaster_3 3.3
Abb robot_communications_runtime 5.14.01
Abb robotstudio 5.14.01
Abb webware_server 4.6
Abb webware_server 4.91
Abb webware_sdk 4.9
Abb webware_sdk 4.6
Abb interlink_module 4.6
Abb interlink_module 4.9
Abb irc5_opc_server 5.14.01

HTTP:STC:M3U-VLC-SMB-LINK - HTTP: VideoLAN VLC Media Player SMB Link Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the VideoLAN VLC Media Player. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 35500
cve: CVE-2009-2484

Affected Products:

Videolan vlc_media_player 1.0.1
Videolan vlc_media_player 0.9.9
Videolan vlc_media_player 1.0.0

APP:INDUSOFT-WEB-STUDIO-BO - APP: InduSoft Web Studio Remote Agent Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the InduSoft Web Studio. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

bugtraq: 50677
cve: CVE-2011-4052

Affected Products:

Indusoft web_studio 7.0
Indusoft web_studio 6.1

HTTP:STC:ADOBE:CVE-2019-8188-CE - HTTP: Adobe Reader CVE-2019-8188 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Adobe acrobat_reader_dc 17.012.20093
Adobe acrobat_reader_dc 15.016.20041
Adobe acrobat_reader_dc 15.006.30434
Adobe acrobat_dc 15.016.20041
Adobe acrobat_reader_dc 15.006.30416
Adobe acrobat_reader_dc 17.000.0000
Adobe acrobat_reader_dc 17.011.30078
Adobe acrobat_reader_dc 17.011.30102
Adobe acrobat_reader_dc 15.006.30173
Adobe acrobat_dc 17.011.30106
Adobe acrobat_dc 15.010.20059
Adobe acrobat_reader_dc 15.016.20045
Adobe acrobat_reader_dc 15.017.20050
Adobe acrobat_dc 15.006.30413
Adobe acrobat_reader_dc 15.006.30418
Adobe acrobat_reader_dc 17.011.30059
Adobe acrobat_dc 15.006.30198
Adobe acrobat_dc 15.006.30498
Adobe acrobat_dc 19.008.20074
Adobe acrobat_reader_dc 17.011.30106
Adobe acrobat_dc 17.011.30110
Adobe acrobat_dc 17.011.30102
Adobe acrobat_reader_dc 18.011.20038
Adobe acrobat_dc 19.008.20081
Adobe acrobat_dc 15.006.30417
Adobe acrobat_reader_dc 15.010.20059
Adobe acrobat_dc 18.011.20058
Adobe acrobat_reader_dc 15.006.30094
Adobe acrobat_reader_dc 18.009.20050
Adobe acrobat_dc 15.017.20050
Adobe acrobat_dc 17.009.20058
Adobe acrobat_reader_dc 15.006.30198
Adobe acrobat_dc 15.006.30464
Adobe acrobat_reader_dc 15.006.30475
Adobe acrobat_dc 17.011.30059
Adobe acrobat_reader_dc 15.009.20069
Adobe acrobat_reader_dc 15.010.20060
Adobe acrobat_dc 15.006.30280
Adobe acrobat_dc 19.010.20099
Adobe acrobat_reader_dc 15.006.30498
Adobe acrobat_dc 18.011.20038
Adobe acrobat_dc 15.006.30243
Adobe acrobat_dc 17.011.30140
Adobe acrobat_dc 19.010.20100
Adobe acrobat_reader_dc 17.011.30066
Adobe acrobat_reader_dc 15.006.30280
Adobe acrobat_dc 18.009.20050
Adobe acrobat_reader_dc 15.006.30464
Adobe acrobat_reader_dc 15.006.30243
Adobe acrobat_dc 15.016.20039
Adobe acrobat_reader_dc 17.009.20058
Adobe acrobat_reader_dc 19.010.20099
Adobe acrobat_reader_dc 19.010.20100
Adobe acrobat_reader_dc 19.012.20034
Adobe acrobat_dc 15.006.30121
Adobe acrobat_reader_dc 15.020.20042
Adobe acrobat_reader_dc 17.011.30142
Adobe acrobat_dc 19.012.20034
Adobe acrobat_reader_dc 17.012.20098
Adobe acrobat_reader_dc 17.011.30080
Adobe acrobat_reader_dc 15.023.20056
Adobe acrobat_dc 19.010.20091
Adobe acrobat_reader_dc 17.011.30140
Adobe acrobat_dc 15.023.20056
Adobe acrobat_dc 15.006.30097
Adobe acrobat_reader_dc 17.011.30127
Adobe acrobat_reader_dc 15.016.20039
Adobe acrobat_dc 17.011.30080
Adobe acrobat_reader_dc 15.006.30097
Adobe acrobat_reader_dc 15.006.30121
Adobe acrobat_reader_dc 18.011.20040
Adobe acrobat_dc 17.011.30127
Adobe acrobat_dc 17.011.30142
Adobe acrobat_dc 17.011.30068
Adobe acrobat_dc 15.008.20082
Adobe acrobat_reader_dc 19.010.20091
Adobe acrobat_reader_dc 17.011.30068
Adobe acrobat_dc 15.006.30482
Adobe acrobat_reader_dc 15.006.30355
Adobe acrobat_dc 15.006.30173
Adobe acrobat_reader_dc 15.008.20082
Adobe acrobat_dc 17.012.20095
Adobe acrobat_reader_dc 17.011.30110
Adobe acrobat_dc 17.011.30099
Adobe acrobat_reader_dc 17.009.20044
Adobe acrobat_reader_dc 17.011.30099
Adobe acrobat_reader_dc 15.006.30482
Adobe acrobat_dc 17.011.30079
Adobe acrobat_dc 19.008.20071
Adobe acrobat_dc 15.006.30355
Adobe acrobat_dc 15.006.30457
Adobe acrobat_dc 15.010.20060
Adobe acrobat_reader_dc 15.006.30457
Adobe acrobat_reader_dc 19.008.20080
Adobe acrobat_reader_dc 15.006.30497
Adobe acrobat_dc 19.008.20080
Adobe acrobat_reader_dc 18.011.20063
Adobe acrobat_dc 15.006.30418
Adobe acrobat_dc 15.006.30448
Adobe acrobat_dc 17.011.30066
Adobe acrobat_reader_dc 19.010.20069
Adobe acrobat_reader_dc 15.006.30495
Adobe acrobat_dc 15.017.20053
Adobe acrobat_dc 17.009.20044
Adobe acrobat_reader_dc 17.011.30079
Adobe acrobat_dc 19.010.20069
Adobe acrobat_dc 15.006.30493
Adobe acrobat_dc 15.006.30279
Adobe acrobat_dc 17.012.20096
Adobe acrobat_reader_dc 15.006.30493
Adobe acrobat_reader_dc 15.023.20070
Adobe acrobat_reader_dc 15.006.30172
Adobe acrobat_dc 17.011.30105
Adobe acrobat_reader_dc 19.008.20071
Adobe acrobat_dc 15.006.30495
Adobe acrobat_dc 15.023.20070
Adobe acrobat_dc 15.006.30174
Adobe acrobat_dc 17.012.20098
Adobe acrobat_dc 18.011.20063
Adobe acrobat_reader_dc 15.006.30174
Adobe acrobat_dc 15.006.30475
Adobe acrobat_reader_dc 19.008.20074
Adobe acrobat_dc 15.006.30497
Adobe acrobat_dc 15.006.30172
Adobe acrobat_reader_dc 15.006.30279
Adobe acrobat_reader_dc 15.017.20053
Adobe acrobat_dc 15.006.30416
Adobe acrobat_reader_dc 17.011.30105
Adobe acrobat_reader_dc 17.011.30113
Adobe acrobat_dc 18.011.20040
Adobe acrobat_reader_dc 15.010.20056
Adobe acrobat_dc 19.010.20098
Adobe acrobat_reader_dc 15.006.30461
Adobe acrobat_reader_dc 15.006.30244
Adobe acrobat_dc 18.011.20055
Adobe acrobat_reader_dc 15.006.30201
Adobe acrobat_reader_dc 17.011.30065
Adobe acrobat_reader_dc 15.006.30417
Adobe acrobat_dc 17.000.0000
Adobe acrobat_dc 17.011.30113
Adobe acrobat_dc 15.010.20056
Adobe acrobat_dc 15.006.30244
Adobe acrobat_dc 17.011.30143
Adobe acrobat_dc 15.009.20079
Adobe acrobat_reader_dc 19.008.20081
Adobe acrobat_dc 15.023.20053
Adobe acrobat_dc 18.009.20044
Adobe acrobat_reader_dc 19.010.20098
Adobe acrobat_reader_dc 18.011.20055
Adobe acrobat_dc 15.006.30094
Adobe acrobat_dc 17.011.30065
Adobe acrobat_dc 15.009.20069
Adobe acrobat_dc 15.006.30096
Adobe acrobat_dc 15.006.30201
Adobe acrobat_reader_dc 17.011.30096
Adobe acrobat_dc 17.011.30120
Adobe acrobat_reader_dc 15.009.20079
Adobe acrobat_dc 17.011.30096
Adobe acrobat_dc 15.020.20039
Adobe acrobat_dc 15.006.30060
Adobe acrobat_dc 17.011.30070
Adobe acrobat_reader_dc 15.023.20053
Adobe acrobat_reader_dc 15.006.30096
Adobe acrobat_reader_dc 15.009.20077
Adobe acrobat_reader_dc 17.011.30120
Adobe acrobat_reader_dc 17.012.20095
Adobe acrobat_dc 15.009.20071
Adobe acrobat_reader_dc 18.009.20044
Adobe acrobat_reader_dc 15.020.20039
Adobe acrobat_dc 19.010.20064
Adobe acrobat_reader_dc 15.006.30354
Adobe acrobat_dc 15.006.30352
Adobe acrobat_reader_dc 15.006.30060
Adobe acrobat_dc 15.006.30119
Adobe acrobat_dc 15.006.30306
Adobe acrobat_reader_dc 17.011.30070
Adobe acrobat_reader_dc 15.009.20071
Adobe acrobat_reader_dc 15.006.30392
Adobe acrobat_reader_dc 15.006.30452
Adobe acrobat_dc 17.011.30078
Adobe acrobat_dc 15.009.20077
Adobe acrobat_reader_dc 19.010.20064
Adobe acrobat_dc 15.006.30394
Adobe acrobat_dc 15.006.30456
Adobe acrobat_reader_dc 15.006.30352
Adobe acrobat_reader_dc 15.006.30306
Adobe acrobat_reader_dc 15.006.30394
Adobe acrobat_reader_dc 17.011.30138
Adobe acrobat_dc 15.016.20045
Adobe acrobat_dc 15.006.30354
Adobe acrobat_dc 15.006.30392
Adobe acrobat_dc 15.006.30434
Adobe acrobat_reader_dc 15.006.30448
Adobe acrobat_reader_dc 15.006.30456
Adobe acrobat_dc 17.012.20093
Adobe acrobat_dc 15.020.20042
Adobe acrobat_reader_dc 15.006.30119
Adobe acrobat_dc 15.006.30452
Adobe acrobat_dc 17.011.30138

APP:NOVELL:REMOTE-MGR-DOS - APP: Novell Remote Manager Off-by-One Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in Novell Remote Manager. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:STC:IMG:MAL-EMF - HTTP: Malformed EMF File

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A vulnerability exists in the rendering of Enhanced Metafile (EMF) image format that could allow remote code execution. If a user opened a malicious EMF file, they could be compromised. Windows 2000, Windows 2003, Windows 2003 SP1, Windows NT4, Windows NT4 Terminal Server Edition, Windows Vista, Windows XP, and Windows XP SP2 are affected.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.zerodayinitiative.com/advisories/zdi-19-555/
cve: CVE-2019-1010
cve: CVE-2019-0616
bugtraq: 106083
cve: CVE-2018-8595
url: http://www.microsoft.com/technet/security/Bulletin/MS07-017.mspx
bugtraq: 23278
url: http://www.frsirt.com/english/advisories/2007/1215
url: http://www.securitytracker.com/id?1017844
cve: CVE-2007-1212
cve: CVE-2018-4982

Affected Products:

Microsoft windows_xp_professional
Microsoft windows_xp_home
Microsoft windows_xp_embedded
Microsoft windows_xp_embedded SP1
Nortel_networks self-service_mps_100
Nortel_networks self-service_mps_500
Nortel_networks self-service_mps_1000
Nortel_networks self-service_speech_server
Nortel_networks centrex_ip_element_manager 8.0.0
Nortel_networks centrex_ip_element_manager 7.0.0
Nortel_networks contact_center-tapi_server
Nortel_networks contact_center-agent_desktop_display
Nortel_networks contact_center_manager_server
Nortel_networks self-service_peri_application
Nortel_networks contact_center_express
Microsoft windows_vista_x64_edition
Microsoft windows_server_2003_web_edition SP2
Microsoft windows_xp_professional_x64_edition SP2
Microsoft windows_server_2003_itanium
Microsoft windows_server_2003_itanium SP1
Microsoft windows_server_2003_itanium SP2
Microsoft windows_server_2003_datacenter_x64_edition SP2
Microsoft windows_server_2003_enterprise_x64_edition SP2
Microsoft windows_xp_tablet_pc_edition SP1
Hp storage_management_appliance 2.1
Microsoft windows_2000_professional
Avaya messaging_application_server
Microsoft windows_2000_server SP1
Microsoft windows_2000_professional SP1
Microsoft windows_2000_advanced_server SP1
Avaya messaging_application_server MM 3.1
Microsoft windows_xp_media_center_edition
Microsoft windows_xp_tablet_pc_edition
Microsoft windows_xp_home SP1
Microsoft windows_xp_professional SP1
Microsoft windows_server_2003_datacenter_edition SP1
Microsoft windows_server_2003_datacenter_edition_itanium SP1
Microsoft windows_server_2003_enterprise_edition_itanium SP1
Microsoft windows_server_2003_enterprise_edition SP1
Microsoft windows_server_2003_standard_edition SP1
Microsoft windows_server_2003_web_edition SP1
Nortel_networks contact_center_administration
Nortel_networks self-service-web_centric CCXML
Microsoft windows_server_2003_enterprise_edition
Microsoft windows_server_2003_datacenter_edition
Microsoft windows_server_2003_web_edition
Microsoft windows_server_2003_enterprise_edition_itanium
Microsoft windows_server_2003_datacenter_edition_itanium
Nortel_networks self-service_peri_ivr
Nortel_networks self-service_peri_nt_server
Nortel_networks self-service_media_processing_server
Microsoft windows_2000_professional SP3
Microsoft windows_2000_server SP3
Microsoft windows_2000_advanced_server SP3
Microsoft windows_2000_datacenter_server SP3
Microsoft windows_2000_datacenter_server SP1
Microsoft windows_xp_tablet_pc_edition SP2
Microsoft windows_2000_server
Microsoft windows_2000_advanced_server
Microsoft windows_2000_advanced_server SP4
Microsoft windows_2000_datacenter_server SP4
Microsoft windows_2000_professional SP4
Microsoft windows_2000_server SP4
Nortel_networks callpilot 703T
Nortel_networks callpilot 702T
Nortel_networks callpilot 201I
Nortel_networks callpilot 200I
Nortel_networks self-service
Nortel_networks centrex_ip_element_manager 9.0.0
Avaya customer_interaction_express_(cie)_server 1.0
Avaya customer_interaction_express_(cie)_user_interface 1.0
Avaya messaging_application_server MM 2.0
Microsoft windows_xp_gold
Microsoft windows_xp_home SP2
Microsoft windows_xp_professional SP2
Microsoft windows_xp_media_center_edition SP1
Microsoft windows_xp_media_center_edition SP2
Microsoft windows_2000_datacenter_server
Nortel_networks symposium_agent
Microsoft windows_vista Ultimate
Microsoft windows_vista Home Premium
Microsoft windows_vista Home Basic
Microsoft windows_vista Business
Microsoft windows_vista Enterprise
Microsoft windows_server_2003_standard_edition
Avaya messaging_application_server MM 3.0
Nortel_networks meridian_sl-100
Microsoft windows_server_2003_standard_x64_edition
Microsoft windows_server_2003_enterprise_x64_edition
Nortel_networks contact_center_manager
Nortel_networks enterprise_network_management_system
Nortel_networks multimedia_communication_platform
Microsoft windows_xp_professional_x64_edition
Microsoft windows_vista
Microsoft windows_2000_advanced_server SP2
Microsoft windows_2000_datacenter_server SP2
Microsoft windows_2000_professional SP2
Microsoft windows_2000_server SP2
Microsoft windows_server_2003_datacenter_x64_edition
Microsoft windows_xp

HTTP:STC:STREAM:QT-MPEG-PAD - HTTP: Apple QuickTime MPEG Stream Padding Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Apple QuickTime MPEG Stream. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

bugtraq: 53467
cve: CVE-2012-0659

Affected Products:

Apple mac_os_x_server 10.7.1
Apple mac_os_x_server 10.7.2
Apple quicktime_player 7.1
Apple mac_os_x_server 10.6.7
Apple mac_os_x 10.6.6
Apple mac_os_x_server 10.6.6
Apple quicktime_player 7.7.1
Apple quicktime_player 7.2.1
Apple quicktime_player 7.2
Apple quicktime_player 7.3.1.70
Apple mac_os_x 10.6.5
Apple mac_os_x_server 10.6.5
Apple quicktime_player 7.0.1
Apple quicktime_player 7.0.4
Apple quicktime_player 7.6.6 (1671)
Apple quicktime_player 7.6.7
Apple quicktime_player 7.6
Apple quicktime_player 7.6.8
Apple quicktime_player 7.4
Apple quicktime_player 7.1.4
Apple quicktime_player 7.1.5
Apple quicktime_player 7.0.3
Apple quicktime_player 7.4.1
Apple quicktime_player 7.5.5
Apple quicktime_player 7.3
Apple quicktime_player 7.2.0
Apple quicktime_player 7.1.3
Apple mac_os_x 10.7
Apple mac_os_x_server 10.6.3
Apple quicktime_player 7.6.4
Apple quicktime_player 7.1.1
Apple quicktime_player 7.1.2
Apple mac_os_x 10.6.8
Apple mac_os_x_server 10.6.8
Apple mac_os_x 10.6.2
Apple mac_os_x_server 10.6.2
Apple quicktime_player 7.6.5
Apple mac_os_x 10.6.4
Apple quicktime_player 7.1.6
Apple mac_os_x 10.6.5
Apple mac_os_x_server 10.6.5
Apple mac_os_x_server 10.7
Apple mac_os_x_server 10.6.1
Apple mac_os_x 10.6.1
Apple quicktime_player 7.64.17.73
Apple mac_os_x 10.6
Apple mac_os_x_server 10.6
Apple mac_os_x 10.6.7
Apple mac_os_x 10.7.2
Apple mac_os_x_server 10.6.4
Apple mac_os_x 10.6.3
Apple quicktime_player 7.6.9
Apple quicktime_player 7.0.8
Apple quicktime_player 7.4.5
Apple quicktime_player 7.6.2
Apple mac_os_x 10.7.3
Apple mac_os_x_server 10.7.3
Apple quicktime_player 7.3.1
Apple quicktime_player 7.6.1
Apple quicktime_player 7.7
Apple quicktime_player 7.0.0
Apple quicktime_player 7.6.6
Apple quicktime_player 7.5
Apple mac_os_x 10.7.1
Apple quicktime_player 7.0.2

APP:NOVELL:ZENWORKS-CONFMGR-BO - APP: Novell ZENworks Configuration Management PreBoot Service Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Novell ZENworks Configuration Management. A successful attack can lead to a buffer overflow and arbitrary remote code execution with elevated privileges. Failed exploit attempts could lead to a denial of service condition.

Supported On:

References:

Affected Products:

Novell zenworks_configuration_management 11.1A
Novell zenworks_configuration_management 11.1

APP:CITRIX:NSEPACOM-BOF - APP: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Citrix Access Gateway Plug-in for Windows. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

References:

cve: CVE-2011-2592
bugtraq: 54754

Affected Products:

Citrix access_gateway_plug-in 9.3.49.5

APP:HPOV:OVJAVALOCALE-OF - APP: HP OpenView Network Node Manager OvJavaLocale Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in HP OpenView Network Node Manager (NNM). This is due to a boundary error in the webappmon.exe CGI application when processing the OvJavaLocale cookie variable sent in a crafted HTTP request. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the webappmon.exe process.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 42154
url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02446520
cve: CVE-2010-2709

Affected Products:

Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.53

APP:UPNP:DLINK-SEARCH-NOTIFY - APP: D-Link Router SEARCH/NOTIFY Buffer Overflow

Severity: MEDIUM

Description:

This signature detects possible attempts to exploit a known vulnerability in the D-Link router UPNP. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 19006
url: http://www.eeye.com/html/research/advisories/AD20060714.html
url: http://www.frsirt.com/english/advisories/2006/2829
cve: CVE-2006-3687

Affected Products:

D-link di-524 Rev B1
D-link di-524 Rev B2
D-link di-524 Rev A
D-link di-524 Rev C
D-link di-524 Rev D
D-link di-604 Rev E
D-link di-624 Rev C
D-link di-624 Rev D
D-link di-784 Rev A
D-link ebr-2310 Rev A
D-link wbr-1310 Rev A
D-link wbr-2310 Rev A

HTTP:STC:IE:UNINIT-MEM-CORR - HTTP: Microsoft Internet Explorer Uninitialized Memory Corruption (CVE-2010-2559)

Severity: HIGH

Description:

This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due an error in handling of a uninitialized or deleted object. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. A successful attack can result in arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 42290
cve: CVE-2010-2559

Affected Products:

Avaya messaging_application_server MM 3.1
Avaya messaging_application_server 4
Avaya aura_conferencing 6.0 Standard
Avaya meeting_exchange-web_conferencing_server
Microsoft internet_explorer 8
Avaya messaging_application_server 5
Avaya messaging_application_server MM 2.0
Avaya messaging_application_server MM 1.1
Avaya meeting_exchange-client_registration_server
Avaya meeting_exchange-recording_server
Avaya meeting_exchange-streaming_server
Avaya messaging_application_server
Avaya meeting_exchange-webportal
Avaya messaging_application_server MM 3.0

HTTP:STC:ADOBE:CVE-2019-8196-CE - HTTP: Adobe Reader CVE-2019-8196 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1

References:

Affected Products:

Adobe acrobat_reader_dc 17.012.20093
Adobe acrobat_reader_dc 15.016.20041
Adobe acrobat_reader_dc 15.006.30434
Adobe acrobat_dc 15.016.20041
Adobe acrobat_reader_dc 15.006.30416
Adobe acrobat_reader_dc 17.000.0000
Adobe acrobat_reader_dc 17.011.30078
Adobe acrobat_reader_dc 17.011.30102
Adobe acrobat_reader_dc 15.006.30173
Adobe acrobat_dc 17.011.30106
Adobe acrobat_dc 15.010.20059
Adobe acrobat_reader_dc 15.016.20045
Adobe acrobat_reader_dc 15.017.20050
Adobe acrobat_dc 15.006.30413
Adobe acrobat_reader_dc 15.006.30418
Adobe acrobat_reader_dc 17.011.30059
Adobe acrobat_dc 15.006.30198
Adobe acrobat_dc 15.006.30498
Adobe acrobat_dc 19.008.20074
Adobe acrobat_reader_dc 17.011.30106
Adobe acrobat_dc 17.011.30110
Adobe acrobat_dc 17.011.30102
Adobe acrobat_reader_dc 18.011.20038
Adobe acrobat_dc 19.008.20081
Adobe acrobat_dc 15.006.30417
Adobe acrobat_reader_dc 15.010.20059
Adobe acrobat_dc 18.011.20058
Adobe acrobat_reader_dc 15.006.30094
Adobe acrobat_reader_dc 18.009.20050
Adobe acrobat_dc 15.017.20050
Adobe acrobat_dc 17.009.20058
Adobe acrobat_reader_dc 15.006.30198
Adobe acrobat_dc 15.006.30464
Adobe acrobat_reader_dc 15.006.30475
Adobe acrobat_dc 17.011.30059
Adobe acrobat_reader_dc 15.009.20069
Adobe acrobat_reader_dc 15.010.20060
Adobe acrobat_dc 15.006.30280
Adobe acrobat_dc 19.010.20099
Adobe acrobat_reader_dc 15.006.30498
Adobe acrobat_dc 18.011.20038
Adobe acrobat_dc 15.006.30243
Adobe acrobat_dc 17.011.30140
Adobe acrobat_dc 19.010.20100
Adobe acrobat_reader_dc 17.011.30066
Adobe acrobat_reader_dc 15.006.30280
Adobe acrobat_dc 18.009.20050
Adobe acrobat_reader_dc 15.006.30464
Adobe acrobat_reader_dc 15.006.30243
Adobe acrobat_dc 15.016.20039
Adobe acrobat_reader_dc 17.009.20058
Adobe acrobat_reader_dc 19.010.20099
Adobe acrobat_reader_dc 19.010.20100
Adobe acrobat_reader_dc 19.012.20034
Adobe acrobat_dc 15.006.30121
Adobe acrobat_reader_dc 15.020.20042
Adobe acrobat_reader_dc 17.011.30142
Adobe acrobat_dc 19.012.20034
Adobe acrobat_reader_dc 17.012.20098
Adobe acrobat_reader_dc 17.011.30080
Adobe acrobat_reader_dc 15.023.20056
Adobe acrobat_dc 19.010.20091
Adobe acrobat_reader_dc 17.011.30140
Adobe acrobat_dc 15.023.20056
Adobe acrobat_dc 15.006.30097
Adobe acrobat_reader_dc 17.011.30127
Adobe acrobat_reader_dc 15.016.20039
Adobe acrobat_dc 17.011.30080
Adobe acrobat_reader_dc 15.006.30097
Adobe acrobat_reader_dc 15.006.30121
Adobe acrobat_reader_dc 18.011.20040
Adobe acrobat_dc 17.011.30127
Adobe acrobat_dc 17.011.30142
Adobe acrobat_dc 17.011.30068
Adobe acrobat_dc 15.008.20082
Adobe acrobat_reader_dc 19.010.20091
Adobe acrobat_reader_dc 17.011.30068
Adobe acrobat_dc 15.006.30482
Adobe acrobat_reader_dc 15.006.30355
Adobe acrobat_dc 15.006.30173
Adobe acrobat_reader_dc 15.008.20082
Adobe acrobat_dc 17.012.20095
Adobe acrobat_reader_dc 17.011.30110
Adobe acrobat_dc 17.011.30099
Adobe acrobat_reader_dc 17.009.20044
Adobe acrobat_reader_dc 17.011.30099
Adobe acrobat_reader_dc 15.006.30482
Adobe acrobat_dc 17.011.30079
Adobe acrobat_dc 19.008.20071
Adobe acrobat_dc 15.006.30355
Adobe acrobat_dc 15.006.30457
Adobe acrobat_dc 15.010.20060
Adobe acrobat_reader_dc 15.006.30457
Adobe acrobat_reader_dc 19.008.20080
Adobe acrobat_reader_dc 15.006.30497
Adobe acrobat_dc 19.008.20080
Adobe acrobat_reader_dc 18.011.20063
Adobe acrobat_dc 15.006.30418
Adobe acrobat_dc 15.006.30448
Adobe acrobat_dc 17.011.30066
Adobe acrobat_reader_dc 19.010.20069
Adobe acrobat_reader_dc 15.006.30495
Adobe acrobat_dc 15.017.20053
Adobe acrobat_dc 17.009.20044
Adobe acrobat_reader_dc 17.011.30079
Adobe acrobat_dc 19.010.20069
Adobe acrobat_dc 15.006.30493
Adobe acrobat_dc 15.006.30279
Adobe acrobat_dc 17.012.20096
Adobe acrobat_reader_dc 15.006.30493
Adobe acrobat_reader_dc 15.023.20070
Adobe acrobat_reader_dc 15.006.30172
Adobe acrobat_dc 17.011.30105
Adobe acrobat_reader_dc 19.008.20071
Adobe acrobat_dc 15.006.30495
Adobe acrobat_dc 15.023.20070
Adobe acrobat_dc 15.006.30174
Adobe acrobat_dc 17.012.20098
Adobe acrobat_dc 18.011.20063
Adobe acrobat_reader_dc 15.006.30174
Adobe acrobat_dc 15.006.30475
Adobe acrobat_reader_dc 19.008.20074
Adobe acrobat_dc 15.006.30497
Adobe acrobat_dc 15.006.30172
Adobe acrobat_reader_dc 15.006.30279
Adobe acrobat_reader_dc 15.017.20053
Adobe acrobat_dc 15.006.30416
Adobe acrobat_reader_dc 17.011.30105
Adobe acrobat_reader_dc 17.011.30113
Adobe acrobat_dc 18.011.20040
Adobe acrobat_reader_dc 15.010.20056
Adobe acrobat_dc 19.010.20098
Adobe acrobat_reader_dc 15.006.30461
Adobe acrobat_reader_dc 15.006.30244
Adobe acrobat_dc 18.011.20055
Adobe acrobat_reader_dc 15.006.30201
Adobe acrobat_reader_dc 17.011.30065
Adobe acrobat_reader_dc 15.006.30417
Adobe acrobat_dc 17.000.0000
Adobe acrobat_dc 17.011.30113
Adobe acrobat_dc 15.010.20056
Adobe acrobat_dc 15.006.30244
Adobe acrobat_dc 17.011.30143
Adobe acrobat_dc 15.009.20079
Adobe acrobat_reader_dc 19.008.20081
Adobe acrobat_dc 15.023.20053
Adobe acrobat_dc 18.009.20044
Adobe acrobat_reader_dc 19.010.20098
Adobe acrobat_reader_dc 18.011.20055
Adobe acrobat_dc 15.006.30094
Adobe acrobat_dc 17.011.30065
Adobe acrobat_dc 15.009.20069
Adobe acrobat_dc 15.006.30096
Adobe acrobat_dc 15.006.30201
Adobe acrobat_reader_dc 17.011.30096
Adobe acrobat_dc 17.011.30120
Adobe acrobat_reader_dc 15.009.20079
Adobe acrobat_dc 17.011.30096
Adobe acrobat_dc 15.020.20039
Adobe acrobat_dc 15.006.30060
Adobe acrobat_dc 17.011.30070
Adobe acrobat_reader_dc 15.023.20053
Adobe acrobat_reader_dc 15.006.30096
Adobe acrobat_reader_dc 15.009.20077
Adobe acrobat_reader_dc 17.011.30120
Adobe acrobat_reader_dc 17.012.20095
Adobe acrobat_dc 15.009.20071
Adobe acrobat_reader_dc 18.009.20044
Adobe acrobat_reader_dc 15.020.20039
Adobe acrobat_dc 19.010.20064
Adobe acrobat_reader_dc 15.006.30354
Adobe acrobat_dc 15.006.30352
Adobe acrobat_reader_dc 15.006.30060
Adobe acrobat_dc 15.006.30119
Adobe acrobat_dc 15.006.30306
Adobe acrobat_reader_dc 17.011.30070
Adobe acrobat_reader_dc 15.009.20071
Adobe acrobat_reader_dc 15.006.30392
Adobe acrobat_reader_dc 15.006.30452
Adobe acrobat_dc 17.011.30078
Adobe acrobat_dc 15.009.20077
Adobe acrobat_reader_dc 19.010.20064
Adobe acrobat_dc 15.006.30394
Adobe acrobat_dc 15.006.30456
Adobe acrobat_reader_dc 15.006.30352
Adobe acrobat_reader_dc 15.006.30306
Adobe acrobat_reader_dc 15.006.30394
Adobe acrobat_reader_dc 17.011.30138
Adobe acrobat_dc 15.016.20045
Adobe acrobat_dc 15.006.30354
Adobe acrobat_dc 15.006.30392
Adobe acrobat_dc 15.006.30434
Adobe acrobat_reader_dc 15.006.30448
Adobe acrobat_reader_dc 15.006.30456
Adobe acrobat_dc 17.012.20093
Adobe acrobat_dc 15.020.20042
Adobe acrobat_reader_dc 15.006.30119
Adobe acrobat_dc 15.006.30452
Adobe acrobat_dc 17.011.30138

HTTP:STC:ADOBE:CVE-2019-8165-CE - HTTP: Adobe Reader CVE-2019-8165 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Adobe acrobat_reader_dc 17.012.20093
Adobe acrobat_reader_dc 15.016.20041
Adobe acrobat_reader_dc 15.006.30434
Adobe acrobat_dc 15.016.20041
Adobe acrobat_reader_dc 15.006.30416
Adobe acrobat_reader_dc 17.000.0000
Adobe acrobat_reader_dc 17.011.30078
Adobe acrobat_reader_dc 17.011.30102
Adobe acrobat_reader_dc 15.006.30173
Adobe acrobat_dc 17.011.30106
Adobe acrobat_dc 15.010.20059
Adobe acrobat_reader_dc 15.016.20045
Adobe acrobat_reader_dc 15.017.20050
Adobe acrobat_dc 15.006.30413
Adobe acrobat_reader_dc 15.006.30418
Adobe acrobat_reader_dc 17.011.30059
Adobe acrobat_dc 15.006.30198
Adobe acrobat_dc 15.006.30498
Adobe acrobat_dc 19.008.20074
Adobe acrobat_reader_dc 17.011.30106
Adobe acrobat_dc 17.011.30110
Adobe acrobat_dc 17.011.30102
Adobe acrobat_reader_dc 18.011.20038
Adobe acrobat_dc 19.008.20081
Adobe acrobat_dc 15.006.30417
Adobe acrobat_reader_dc 15.010.20059
Adobe acrobat_dc 18.011.20058
Adobe acrobat_reader_dc 15.006.30094
Adobe acrobat_reader_dc 18.009.20050
Adobe acrobat_dc 15.017.20050
Adobe acrobat_dc 17.009.20058
Adobe acrobat_reader_dc 15.006.30198
Adobe acrobat_dc 15.006.30464
Adobe acrobat_reader_dc 15.006.30475
Adobe acrobat_dc 17.011.30059
Adobe acrobat_reader_dc 15.009.20069
Adobe acrobat_reader_dc 15.010.20060
Adobe acrobat_dc 15.006.30280
Adobe acrobat_dc 19.010.20099
Adobe acrobat_reader_dc 15.006.30498
Adobe acrobat_dc 18.011.20038
Adobe acrobat_dc 15.006.30243
Adobe acrobat_dc 17.011.30140
Adobe acrobat_dc 19.010.20100
Adobe acrobat_reader_dc 17.011.30066
Adobe acrobat_reader_dc 15.006.30280
Adobe acrobat_dc 18.009.20050
Adobe acrobat_reader_dc 15.006.30464
Adobe acrobat_reader_dc 15.006.30243
Adobe acrobat_dc 15.016.20039
Adobe acrobat_reader_dc 17.009.20058
Adobe acrobat_reader_dc 19.010.20099
Adobe acrobat_reader_dc 19.010.20100
Adobe acrobat_reader_dc 19.012.20034
Adobe acrobat_dc 15.006.30121
Adobe acrobat_reader_dc 15.020.20042
Adobe acrobat_reader_dc 17.011.30142
Adobe acrobat_dc 19.012.20034
Adobe acrobat_reader_dc 17.012.20098
Adobe acrobat_reader_dc 17.011.30080
Adobe acrobat_reader_dc 15.023.20056
Adobe acrobat_dc 19.010.20091
Adobe acrobat_reader_dc 17.011.30140
Adobe acrobat_dc 15.023.20056
Adobe acrobat_dc 15.006.30097
Adobe acrobat_reader_dc 17.011.30127
Adobe acrobat_reader_dc 15.016.20039
Adobe acrobat_dc 17.011.30080
Adobe acrobat_reader_dc 15.006.30097
Adobe acrobat_reader_dc 15.006.30121
Adobe acrobat_reader_dc 18.011.20040
Adobe acrobat_dc 17.011.30127
Adobe acrobat_dc 17.011.30142
Adobe acrobat_dc 17.011.30068
Adobe acrobat_dc 15.008.20082
Adobe acrobat_reader_dc 19.010.20091
Adobe acrobat_reader_dc 17.011.30068
Adobe acrobat_dc 15.006.30482
Adobe acrobat_reader_dc 15.006.30355
Adobe acrobat_dc 15.006.30173
Adobe acrobat_reader_dc 15.008.20082
Adobe acrobat_dc 17.012.20095
Adobe acrobat_reader_dc 17.011.30110
Adobe acrobat_dc 17.011.30099
Adobe acrobat_reader_dc 17.009.20044
Adobe acrobat_reader_dc 17.011.30099
Adobe acrobat_reader_dc 15.006.30482
Adobe acrobat_dc 17.011.30079
Adobe acrobat_dc 19.008.20071
Adobe acrobat_dc 15.006.30355
Adobe acrobat_dc 15.006.30457
Adobe acrobat_dc 15.010.20060
Adobe acrobat_reader_dc 15.006.30457
Adobe acrobat_reader_dc 19.008.20080
Adobe acrobat_reader_dc 15.006.30497
Adobe acrobat_dc 19.008.20080
Adobe acrobat_reader_dc 18.011.20063
Adobe acrobat_dc 15.006.30418
Adobe acrobat_dc 15.006.30448
Adobe acrobat_dc 17.011.30066
Adobe acrobat_reader_dc 19.010.20069
Adobe acrobat_reader_dc 15.006.30495
Adobe acrobat_dc 15.017.20053
Adobe acrobat_dc 17.009.20044
Adobe acrobat_reader_dc 17.011.30079
Adobe acrobat_dc 19.010.20069
Adobe acrobat_dc 15.006.30493
Adobe acrobat_dc 15.006.30279
Adobe acrobat_dc 17.012.20096
Adobe acrobat_reader_dc 15.006.30493
Adobe acrobat_reader_dc 15.023.20070
Adobe acrobat_reader_dc 15.006.30172
Adobe acrobat_dc 17.011.30105
Adobe acrobat_reader_dc 19.008.20071
Adobe acrobat_dc 15.006.30495
Adobe acrobat_dc 15.023.20070
Adobe acrobat_dc 15.006.30174
Adobe acrobat_dc 17.012.20098
Adobe acrobat_dc 18.011.20063
Adobe acrobat_reader_dc 15.006.30174
Adobe acrobat_dc 15.006.30475
Adobe acrobat_reader_dc 19.008.20074
Adobe acrobat_dc 15.006.30497
Adobe acrobat_dc 15.006.30172
Adobe acrobat_reader_dc 15.006.30279
Adobe acrobat_reader_dc 15.017.20053
Adobe acrobat_dc 15.006.30416
Adobe acrobat_reader_dc 17.011.30105
Adobe acrobat_reader_dc 17.011.30113
Adobe acrobat_dc 18.011.20040
Adobe acrobat_reader_dc 15.010.20056
Adobe acrobat_dc 19.010.20098
Adobe acrobat_reader_dc 15.006.30461
Adobe acrobat_reader_dc 15.006.30244
Adobe acrobat_dc 18.011.20055
Adobe acrobat_reader_dc 15.006.30201
Adobe acrobat_reader_dc 17.011.30065
Adobe acrobat_reader_dc 15.006.30417
Adobe acrobat_dc 17.000.0000
Adobe acrobat_dc 17.011.30113
Adobe acrobat_dc 15.010.20056
Adobe acrobat_dc 15.006.30244
Adobe acrobat_dc 17.011.30143
Adobe acrobat_dc 15.009.20079
Adobe acrobat_reader_dc 19.008.20081
Adobe acrobat_dc 15.023.20053
Adobe acrobat_dc 18.009.20044
Adobe acrobat_reader_dc 19.010.20098
Adobe acrobat_reader_dc 18.011.20055
Adobe acrobat_dc 15.006.30094
Adobe acrobat_dc 17.011.30065
Adobe acrobat_dc 15.009.20069
Adobe acrobat_dc 15.006.30096
Adobe acrobat_dc 15.006.30201
Adobe acrobat_reader_dc 17.011.30096
Adobe acrobat_dc 17.011.30120
Adobe acrobat_reader_dc 15.009.20079
Adobe acrobat_dc 17.011.30096
Adobe acrobat_dc 15.020.20039
Adobe acrobat_dc 15.006.30060
Adobe acrobat_dc 17.011.30070
Adobe acrobat_reader_dc 15.023.20053
Adobe acrobat_reader_dc 15.006.30096
Adobe acrobat_reader_dc 15.009.20077
Adobe acrobat_reader_dc 17.011.30120
Adobe acrobat_reader_dc 17.012.20095
Adobe acrobat_dc 15.009.20071
Adobe acrobat_reader_dc 18.009.20044
Adobe acrobat_reader_dc 15.020.20039
Adobe acrobat_dc 19.010.20064
Adobe acrobat_reader_dc 15.006.30354
Adobe acrobat_dc 15.006.30352
Adobe acrobat_reader_dc 15.006.30060
Adobe acrobat_dc 15.006.30119
Adobe acrobat_dc 15.006.30306
Adobe acrobat_reader_dc 17.011.30070
Adobe acrobat_reader_dc 15.009.20071
Adobe acrobat_reader_dc 15.006.30392
Adobe acrobat_reader_dc 15.006.30452
Adobe acrobat_dc 17.011.30078
Adobe acrobat_dc 15.009.20077
Adobe acrobat_reader_dc 19.010.20064
Adobe acrobat_dc 15.006.30394
Adobe acrobat_dc 15.006.30456
Adobe acrobat_reader_dc 15.006.30352
Adobe acrobat_reader_dc 15.006.30306
Adobe acrobat_reader_dc 15.006.30394
Adobe acrobat_reader_dc 17.011.30138
Adobe acrobat_dc 15.016.20045
Adobe acrobat_dc 15.006.30354
Adobe acrobat_dc 15.006.30392
Adobe acrobat_dc 15.006.30434
Adobe acrobat_reader_dc 15.006.30448
Adobe acrobat_reader_dc 15.006.30456
Adobe acrobat_dc 17.012.20093
Adobe acrobat_dc 15.020.20042
Adobe acrobat_reader_dc 15.006.30119
Adobe acrobat_dc 15.006.30452
Adobe acrobat_dc 17.011.30138

HTTP:STC:ADOBE:CVE-2019-8187-CE - HTTP: Adobe Reader CVE-2019-8187 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Adobe acrobat_reader_dc 17.012.20093
Adobe acrobat_reader_dc 15.016.20041
Adobe acrobat_reader_dc 15.006.30434
Adobe acrobat_dc 15.016.20041
Adobe acrobat_reader_dc 15.006.30416
Adobe acrobat_reader_dc 17.000.0000
Adobe acrobat_reader_dc 17.011.30078
Adobe acrobat_reader_dc 17.011.30102
Adobe acrobat_reader_dc 15.006.30173
Adobe acrobat_dc 17.011.30106
Adobe acrobat_dc 15.010.20059
Adobe acrobat_reader_dc 15.016.20045
Adobe acrobat_reader_dc 15.017.20050
Adobe acrobat_dc 15.006.30413
Adobe acrobat_reader_dc 15.006.30418
Adobe acrobat_reader_dc 17.011.30059
Adobe acrobat_dc 15.006.30198
Adobe acrobat_dc 15.006.30498
Adobe acrobat_dc 19.008.20074
Adobe acrobat_reader_dc 17.011.30106
Adobe acrobat_dc 17.011.30110
Adobe acrobat_dc 17.011.30102
Adobe acrobat_reader_dc 18.011.20038
Adobe acrobat_dc 19.008.20081
Adobe acrobat_dc 15.006.30417
Adobe acrobat_reader_dc 15.010.20059
Adobe acrobat_dc 18.011.20058
Adobe acrobat_reader_dc 15.006.30094
Adobe acrobat_reader_dc 18.009.20050
Adobe acrobat_dc 15.017.20050
Adobe acrobat_dc 17.009.20058
Adobe acrobat_reader_dc 15.006.30198
Adobe acrobat_dc 15.006.30464
Adobe acrobat_reader_dc 15.006.30475
Adobe acrobat_dc 17.011.30059
Adobe acrobat_reader_dc 15.009.20069
Adobe acrobat_reader_dc 15.010.20060
Adobe acrobat_dc 15.006.30280
Adobe acrobat_dc 19.010.20099
Adobe acrobat_reader_dc 15.006.30498
Adobe acrobat_dc 18.011.20038
Adobe acrobat_dc 15.006.30243
Adobe acrobat_dc 17.011.30140
Adobe acrobat_dc 19.010.20100
Adobe acrobat_reader_dc 17.011.30066
Adobe acrobat_reader_dc 15.006.30280
Adobe acrobat_dc 18.009.20050
Adobe acrobat_reader_dc 15.006.30464
Adobe acrobat_reader_dc 15.006.30243
Adobe acrobat_dc 15.016.20039
Adobe acrobat_reader_dc 17.009.20058
Adobe acrobat_reader_dc 19.010.20099
Adobe acrobat_reader_dc 19.010.20100
Adobe acrobat_reader_dc 19.012.20034
Adobe acrobat_dc 15.006.30121
Adobe acrobat_reader_dc 15.020.20042
Adobe acrobat_reader_dc 17.011.30142
Adobe acrobat_dc 19.012.20034
Adobe acrobat_reader_dc 17.012.20098
Adobe acrobat_reader_dc 17.011.30080
Adobe acrobat_reader_dc 15.023.20056
Adobe acrobat_dc 19.010.20091
Adobe acrobat_reader_dc 17.011.30140
Adobe acrobat_dc 15.023.20056
Adobe acrobat_dc 15.006.30097
Adobe acrobat_reader_dc 17.011.30127
Adobe acrobat_reader_dc 15.016.20039
Adobe acrobat_dc 17.011.30080
Adobe acrobat_reader_dc 15.006.30097
Adobe acrobat_reader_dc 15.006.30121
Adobe acrobat_reader_dc 18.011.20040
Adobe acrobat_dc 17.011.30127
Adobe acrobat_dc 17.011.30142
Adobe acrobat_dc 17.011.30068
Adobe acrobat_dc 15.008.20082
Adobe acrobat_reader_dc 19.010.20091
Adobe acrobat_reader_dc 17.011.30068
Adobe acrobat_dc 15.006.30482
Adobe acrobat_reader_dc 15.006.30355
Adobe acrobat_dc 15.006.30173
Adobe acrobat_reader_dc 15.008.20082
Adobe acrobat_dc 17.012.20095
Adobe acrobat_reader_dc 17.011.30110
Adobe acrobat_dc 17.011.30099
Adobe acrobat_reader_dc 17.009.20044
Adobe acrobat_reader_dc 17.011.30099
Adobe acrobat_reader_dc 15.006.30482
Adobe acrobat_dc 17.011.30079
Adobe acrobat_dc 19.008.20071
Adobe acrobat_dc 15.006.30355
Adobe acrobat_dc 15.006.30457
Adobe acrobat_dc 15.010.20060
Adobe acrobat_reader_dc 15.006.30457
Adobe acrobat_reader_dc 19.008.20080
Adobe acrobat_reader_dc 15.006.30497
Adobe acrobat_dc 19.008.20080
Adobe acrobat_reader_dc 18.011.20063
Adobe acrobat_dc 15.006.30418
Adobe acrobat_dc 15.006.30448
Adobe acrobat_dc 17.011.30066
Adobe acrobat_reader_dc 19.010.20069
Adobe acrobat_reader_dc 15.006.30495
Adobe acrobat_dc 15.017.20053
Adobe acrobat_dc 17.009.20044
Adobe acrobat_reader_dc 17.011.30079
Adobe acrobat_dc 19.010.20069
Adobe acrobat_dc 15.006.30493
Adobe acrobat_dc 15.006.30279
Adobe acrobat_dc 17.012.20096
Adobe acrobat_reader_dc 15.006.30493
Adobe acrobat_reader_dc 15.023.20070
Adobe acrobat_reader_dc 15.006.30172
Adobe acrobat_dc 17.011.30105
Adobe acrobat_reader_dc 19.008.20071
Adobe acrobat_dc 15.006.30495
Adobe acrobat_dc 15.023.20070
Adobe acrobat_dc 15.006.30174
Adobe acrobat_dc 17.012.20098
Adobe acrobat_dc 18.011.20063
Adobe acrobat_reader_dc 15.006.30174
Adobe acrobat_dc 15.006.30475
Adobe acrobat_reader_dc 19.008.20074
Adobe acrobat_dc 15.006.30497
Adobe acrobat_dc 15.006.30172
Adobe acrobat_reader_dc 15.006.30279
Adobe acrobat_reader_dc 15.017.20053
Adobe acrobat_dc 15.006.30416
Adobe acrobat_reader_dc 17.011.30105
Adobe acrobat_reader_dc 17.011.30113
Adobe acrobat_dc 18.011.20040
Adobe acrobat_reader_dc 15.010.20056
Adobe acrobat_dc 19.010.20098
Adobe acrobat_reader_dc 15.006.30461
Adobe acrobat_reader_dc 15.006.30244
Adobe acrobat_dc 18.011.20055
Adobe acrobat_reader_dc 15.006.30201
Adobe acrobat_reader_dc 17.011.30065
Adobe acrobat_reader_dc 15.006.30417
Adobe acrobat_dc 17.000.0000
Adobe acrobat_dc 17.011.30113
Adobe acrobat_dc 15.010.20056
Adobe acrobat_dc 15.006.30244
Adobe acrobat_dc 17.011.30143
Adobe acrobat_dc 15.009.20079
Adobe acrobat_reader_dc 19.008.20081
Adobe acrobat_dc 15.023.20053
Adobe acrobat_dc 18.009.20044
Adobe acrobat_reader_dc 19.010.20098
Adobe acrobat_reader_dc 18.011.20055
Adobe acrobat_dc 15.006.30094
Adobe acrobat_dc 17.011.30065
Adobe acrobat_dc 15.009.20069
Adobe acrobat_dc 15.006.30096
Adobe acrobat_dc 15.006.30201
Adobe acrobat_reader_dc 17.011.30096
Adobe acrobat_dc 17.011.30120
Adobe acrobat_reader_dc 15.009.20079
Adobe acrobat_dc 17.011.30096
Adobe acrobat_dc 15.020.20039
Adobe acrobat_dc 15.006.30060
Adobe acrobat_dc 17.011.30070
Adobe acrobat_reader_dc 15.023.20053
Adobe acrobat_reader_dc 15.006.30096
Adobe acrobat_reader_dc 15.009.20077
Adobe acrobat_reader_dc 17.011.30120
Adobe acrobat_reader_dc 17.012.20095
Adobe acrobat_dc 15.009.20071
Adobe acrobat_reader_dc 18.009.20044
Adobe acrobat_reader_dc 15.020.20039
Adobe acrobat_dc 19.010.20064
Adobe acrobat_reader_dc 15.006.30354
Adobe acrobat_dc 15.006.30352
Adobe acrobat_reader_dc 15.006.30060
Adobe acrobat_dc 15.006.30119
Adobe acrobat_dc 15.006.30306
Adobe acrobat_reader_dc 17.011.30070
Adobe acrobat_reader_dc 15.009.20071
Adobe acrobat_reader_dc 15.006.30392
Adobe acrobat_reader_dc 15.006.30452
Adobe acrobat_dc 17.011.30078
Adobe acrobat_dc 15.009.20077
Adobe acrobat_reader_dc 19.010.20064
Adobe acrobat_dc 15.006.30394
Adobe acrobat_dc 15.006.30456
Adobe acrobat_reader_dc 15.006.30352
Adobe acrobat_reader_dc 15.006.30306
Adobe acrobat_reader_dc 15.006.30394
Adobe acrobat_reader_dc 17.011.30138
Adobe acrobat_dc 15.016.20045
Adobe acrobat_dc 15.006.30354
Adobe acrobat_dc 15.006.30392
Adobe acrobat_dc 15.006.30434
Adobe acrobat_reader_dc 15.006.30448
Adobe acrobat_reader_dc 15.006.30456
Adobe acrobat_dc 17.012.20093
Adobe acrobat_dc 15.020.20042
Adobe acrobat_reader_dc 15.006.30119
Adobe acrobat_dc 15.006.30452
Adobe acrobat_dc 17.011.30138

HTTP:STC:DL:GOOGLE-GO-CI - HTTP: Google Golang Get Command Injection

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the golang client. Successful exploitation results in arbitrary command injection under the security context of the target user.

Supported On:

References:

cve: CVE-2018-7187

Affected Products:

Golang go 1.5.4
Golang go 1.1.1
Golang go 1.5
Golang go 1.9.1
Golang go 1.10
Golang go 1.6
Golang go 1.8.5
Golang go 1.5.1
Golang go 1.0.2
Golang go 1.7
Golang go 1.8.6
Golang go 1.4
Golang go 1.8.1
Golang go 1.3
Golang go 1.7.5
Golang go 1.8.7
Golang go 1.5.3
Golang go 1.0.1
Golang go 1.9.5
Golang go 1.9.3
Golang go 1.5.2
Golang go 1.2
Golang go 1.7.2
Golang go 1.3.3
Golang go 1.0.3
Golang go 1.9.7
Golang go 1.7.1
Golang go 1.3.2
Golang go 1.9.6
Golang go 1.3.1
Golang go 1.0
Golang go 1.8.2
Golang go 1.9.2
Golang go 1.4.1
Golang go 1.8.4
Golang go 1.2.2
Golang go 1.4.2
Golang go 1.7.4
Golang go 1.6.2
Golang go 1.1.2
Golang go 1.8
Golang go 1.4.3
Golang go 1.6.3
Golang go 1.9
Golang go 1.2.1
Golang go 1.6.1
Debian debian_linux 9.0
Golang go 1.1
Golang go 1.8.3
Golang go 1.7.3
Golang go 1.7.6
Golang go 1.6.4
Golang go 1.9.4
Debian debian_linux 7.0

HTTP:STC:STREAM:QT-MAL-SMIL - HTTP: Apple QuickTime Malformed SMIL File

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Apple QuickTime media player. Ir is due to a boundary error in the QuickTimeStreaming.qtx file while writing a debug log error. Remote attackers can exploit this by enticing target users to open a crafted SMIL file containing an overly long URL. Successful exploitation can result in arbitrary code injection and execution with the privileges of the logged in user. In case of an unsuccessful exploit, the application would terminate abnormally.

Supported On:

References:

bugtraq: 41962
cve: CVE-2010-1799

Affected Products:

Apple quicktime_player 7.6.6
Apple quicktime_player 7.1
Apple quicktime_player 7.2.1
Apple quicktime_player 7.3.1.70
Apple quicktime_player 7.0.2
Apple quicktime_player 7.2
Apple quicktime_player 7.0.1
Apple quicktime_player 7.0.4
Apple quicktime_player 7.6.6 (1671)
Apple quicktime_player 7.3.1
Apple quicktime_player 7.6
Apple quicktime_player 7.4
Apple quicktime_player 7.1.4
Apple quicktime_player 7.1.5
Apple quicktime_player 7.0.3
Apple quicktime_player 7.4.1
Apple quicktime_player 7.5.5
Apple quicktime_player 7.3
Apple quicktime_player 7.2.0
Apple quicktime_player 7.1.3
Apple quicktime_player 7.6.2
Apple quicktime_player 7.6.1
Apple quicktime_player 7.1.1
Apple quicktime_player 7.1.2
Apple quicktime_player 7.6.5
Apple quicktime_player 7.1.6
Apple quicktime_player 7.4.5
Apple quicktime_player 7.0.8
Apple quicktime_player 7.5
Apple quicktime_player 7.6.4
Apple quicktime_player 7.0.0

HTTP:MISC:DLINK-CAPTCHA-BO - HTTP: D-Link Wireless Router CAPTCHA Data Processing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the D-Link Wireless Router. A successful attack can lead to a buffer overflow and arbitrary remote code execution.

Supported On:

DB:MYSQL:COM-FIELD-LIST-BO - DB: Oracle MySQL Database COM_FIELD_LIST Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in MySQL database server. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 40106
cve: CVE-2010-1850

Affected Products:

Ubuntu ubuntu_linux 10.04 I386
Ubuntu ubuntu_linux 10.04 Powerpc
Ubuntu ubuntu_linux 10.04 Sparc
Mysql_ab mysql 5.0.51
Mysql_ab mysql 5.0.50
Mysql_ab mysql 5.0.49
Mysql_ab mysql 5.0.48
Mysql_ab mysql 5.0.47
Mysql_ab mysql 5.0.46
Mysql_ab mysql 5.0.88
Mysql_ab mysql 5.0.22
Mysql_ab mysql 5.0.37
Mysql_ab mysql 5.0.33
Mysql_ab mysql 5.0.27
Apple mac_os_x 10.6.4
Apple mac_os_x_server 10.6.4
Apple mac_os_x_server 10.5.5
Ubuntu ubuntu_linux 6.06 LTS Sparc
Apple mac_os_x_server 10.5.8
Ubuntu ubuntu_linux 9.04 Amd64
Mysql_ab mysql 5.1.22
Suse suse_linux_enterprise 11 SP1
Mandriva enterprise_server 5 X86 64
Suse opensuse 11.2
Suse opensuse 11.1
Mysql_ab mysql 5.0.18
Apple mac_os_x_server 10.6.1
Mysql_ab mysql 5.1.12
Mysql_ab mysql 5.1.11
Mysql_ab mysql 5.0.26
Mysql_ab mysql 5.0.52
Debian linux 5.0 Armel
Apple mac_os_x 10.5.1
Apple mac_os_x_server 10.5
Apple mac_os_x_server 10.5.1
Ubuntu ubuntu_linux 11.04 amd64
Ubuntu ubuntu_linux 11.04 ARM
Ubuntu ubuntu_linux 11.04 i386
Mysql_ab mysql 5.1.33
Mysql_ab mysql 5.1.34
Mysql_ab mysql 5.1.35
Mysql_ab mysql 5.1.36
Mysql_ab mysql 5.1.37
Mysql_ab mysql 5.1.38
Mysql_ab mysql 5.1.39
Mysql_ab mysql 5.1.41
Red_hat enterprise_linux_desktop 5 Client
Ubuntu ubuntu_linux 6.06 LTS Powerpc
Ubuntu ubuntu_linux 6.06 LTS I386
Ubuntu ubuntu_linux 6.06 LTS Amd64
Mysql_ab mysql 5.0.32
Mysql_ab mysql 5.0.4
Mysql_ab mysql 5.0.3
Mysql_ab mysql 5.0.2
Mysql_ab mysql 5.0.1
Ubuntu ubuntu_linux 8.04 LTS Amd64
Ubuntu ubuntu_linux 8.04 LTS I386
Apple mac_os_x 10.5.2
Apple mac_os_x_server 10.5.2
Ubuntu ubuntu_linux 8.04 LTS Sparc
Apple mac_os_x 10.5.4
Apple mac_os_x_server 10.5.4
Apple mac_os_x_server 10.5.0
Mysql_ab mysql 5.0.75
Apple mac_os_x 10.5
Apple mac_os_x 10.6
Apple mac_os_x_server 10.6
Mysql_ab mysql 5.1.30
Mysql_ab mysql 5.1.31
Mysql_ab mysql 5.1.32
Red_hat fedora 11
Ubuntu ubuntu_linux 9.10 Amd64
Ubuntu ubuntu_linux 9.10 I386
Mandriva corporate_server 4.0.0 X86 64
Ubuntu ubuntu_linux 9.10 Powerpc
Ubuntu ubuntu_linux 9.10 Sparc
Mysql_ab mysql 5.1.46
Mysql_ab mysql 5.1.6
Mysql_ab mysql 5.0.19
Mysql_ab mysql 5.0.60
Mysql_ab mysql 5.1.5
Mandriva linux_mandrake 2010.0
Ubuntu ubuntu_linux 9.10 Lpia
Mysql_ab mysql 5.0.38
Mysql_ab mysql 5.0.39
Mysql_ab mysql 5.0.40
Apple mac_os_x 10.5.3
Apple mac_os_x_server 10.5.3
Mandriva linux_mandrake 2008.0
Mandriva linux_mandrake 2008.0 X86 64
Apple mac_os_x 10.6.3
Apple mac_os_x_server 10.6.3
Apple mac_os_x 10.5.5
Mandriva linux_mandrake 2010.0 X86 64
Ubuntu ubuntu_linux 10.10 powerpc
Apple mac_os_x 10.6.2
Apple mac_os_x_server 10.6.2
Mysql_ab mysql 5.0.44
Mysql_ab mysql 5.0.45
Apple mac_os_x 10.5.8
Apple mac_os_x 10.5.0
Ubuntu ubuntu_linux 10.10 i386
Mysql_ab mysql 5.1.43
Red_hat fedora 12
Mysql_ab mysql 5.0.36
Mysql_ab mysql 5.0.21
Mysql_ab mysql 5.0.20
Mysql_ab mysql 5.1.9
Mysql_ab mysql 5.1.10
Mandriva linux_mandrake 2009.0 X86 64
Ubuntu ubuntu_linux 9.04 I386
Debian linux 5.0
Debian linux 5.0 Alpha
Debian linux 5.0 Amd64
Debian linux 5.0 Arm
Debian linux 5.0 Hppa
Debian linux 5.0 Ia-32
Debian linux 5.0 Ia-64
Debian linux 5.0 M68k
Debian linux 5.0 Mips
Debian linux 5.0 Mipsel
Debian linux 5.0 Powerpc
Debian linux 5.0 S/390
Debian linux 5.0 Sparc
Apple mac_os_x 10.5.7
Mysql_ab mysql 5.1.42
Ubuntu ubuntu_linux 10.04 ARM
Ubuntu ubuntu_linux 10.10 ARM
Mysql_ab mysql 5.0.24
Mysql_ab mysql 5.0.0 .0-0
Mysql_ab mysql 5.1.45
Mysql_ab mysql 5.1.44
Mandriva enterprise_server 5
Mysql_ab mysql 5.1.42
Mandriva linux_mandrake 2009.1
Mysql_ab mysql 5.0.66
Mysql_ab mysql 5.1.26
Ubuntu ubuntu_linux 9.04 Lpia
Ubuntu ubuntu_linux 9.04 Powerpc
Ubuntu ubuntu_linux 9.04 Sparc
Mandriva linux_mandrake 2009.1 X86 64
Mandriva corporate_server 4.0
Apple mac_os_x_server 10.5.7
Red_hat enterprise_linux_desktop_workstation 5 Client
Red_hat enterprise_linux 5 Server
Mandriva linux_mandrake 2009.0
Mysql_ab mysql 5.1.23
Ubuntu ubuntu_linux 8.04 LTS Lpia
Ubuntu ubuntu_linux 8.04 LTS Powerpc
Apple mac_os_x 10.6.1
Mysql_ab mysql 5.1.13
Mysql_ab mysql 5.1.14
Mysql_ab mysql 5.1.15
Mysql_ab mysql 5.1.16
Mysql_ab mysql 5.1.17
Mysql_ab mysql 5.1.18
Mysql_ab mysql 5.0.42
Gentoo linux
Mysql_ab mysql 5.0.51A
Suse suse_linux_enterprise 10 SP3
Ubuntu ubuntu_linux 11.04 powerpc
Mysql_ab mysql 5.0.22 -1-0.1
Apple mac_os_x 10.5.6
Apple mac_os_x_server 10.5.6
Red_hat fedora 13
Ubuntu ubuntu_linux 11.10 amd64
Ubuntu ubuntu_linux 11.10 i386
Ubuntu ubuntu_linux 10.10 amd64
Ubuntu ubuntu_linux 10.04 Amd64

APP:HPOV:NNM-EXECVP-NC-OF - APP: HP OpenView Network Node Manager webappmon.exe execvp_nc Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in HP OpenView Network Node Manager (NNM) ov.dll, which is invoked by the CGI program webappmon.exe. It is due to a boundary error when processing maliciously crafted HTTP requests. A remote unauthenticated attacker can exploit this by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 41829
url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02286088
cve: CVE-2010-2703
bugtraq: 40067
cve: CVE-2010-1551

Affected Products:

Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.53

HTTP:SYBASE-AGSOAP-EXE-BOF - HTTP: Sybase M-Business Anywhere agSoap.exe Closing Tag Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Sybase M-Business. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 47775

Affected Products:

Sybase m-business_anywhere 6.7
Sybase m-business_anywhere 7.0

DB:ORACLE:ORACLE-DSI - DB: Oracle Database DBMS_SNAP_INTERNAL Package Buffer Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle Database Server. It is due to a boundary error within the DBMS_SNAP_INTERNAL package of the product. A remote authenticated attacker can send an overly long input to the affected package and cause a buffer overflow. A successful attack allows arbitrary code injection and execution with the privileges of the server process, usually System/root.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 23532
url: http://www.appsecinc.com/resources/alerts/oracle/2007-07.shtml
url: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
cve: CVE-2007-2170
cve: CVE-2007-2126

Affected Products:

Oracle enterprise_manager_9i_release_2 9.2.0 8
Oracle oracle9i_application_server 9.2.0 .0.7
Hp oracle_for_openview_for_linux_ltu
Oracle oracle10g_application_server 10.1.3 .0.0
Oracle e-business_suite_11i 11.5.7
Oracle e-business_suite 12.0.0
Oracle peoplesoft_enterprise 8.48.08
Oracle oracle10g_application_server 10.1.0 .5
Oracle oracle10g_enterprise_edition 10.1.0 .5
Oracle oracle9i_application_server 9.2.0 .8
Oracle oracle9i_personal_edition 9.2.0 .8
Oracle oracle10g_application_server 10.1.0 .0.4
Oracle application_server 10.1.2.0.0
Oracle oracle10g_application_server 10.1.2 .2.0
Oracle secure_enterprise_search_10g_release_1 10.1.6
Oracle oracle10g_standard_edition 10.1.0 .0.5
Oracle oracle10g_enterprise_edition 10.2.0 .3
Oracle oracle10g_personal_edition 10.1.0 .0.2
Oracle oracle10g_personal_edition 10.2.0 .3
Oracle oracle10g_application_server 10.1.2 .0.1
Oracle oracle10g_application_server 10.1.2 .0.2
Oracle oracle10g_application_server 10.1.2 .1.0
Oracle peoplesoft_enterprise_human_capital_management 8.9
Oracle collaboration_suite_release_1 10.1.2
Oracle application_server 10.1.4.1.0
Oracle application_server 10.1.3.2.0
Oracle oracle10g_standard_edition 10.2.0.1
Oracle peoplesoft_enterprise 8.47.12
Hp oracle_for_openview 8.1.7
Hp oracle_for_openview 9.2
Ibm tivoli_compliance_insight_manager 7.0
Oracle e-business_suite_11i 11.5.10.2
Oracle oracle10g_standard_edition 10.2.0 .2
Oracle oracle10g_personal_edition 10.2.0 .2
Oracle oracle10g_personal_edition 10.2.0 .1
Oracle oracle10g_enterprise_edition 10.2.0 .1
Oracle oracle10g_enterprise_edition 10.2.0 .2
Oracle oracle9i_enterprise_edition 9.2.0.7.0
Oracle oracle9i_personal_edition 9.2.0 .7
Oracle e-business_suite_11i 11.5.8
Oracle e-business_suite_11i 11.5.9
Oracle e-business_suite_11i 11.5.10 CU2
Oracle application_server 10.1.3.0
Ibm tivoli_compliance_insight_manager 6.0
Oracle enterprise_manager_9i 9.0.1 5
Ibm tivoli_compliance_insight_manager 8.0
Oracle peoplesoft_enterprise 8.9
Oracle application_server 10.1.2.0.2
Oracle oracle9i_enterprise_edition 9.2.0 .0.5
Oracle oracle9i_personal_edition 9.2.0 .0.5
Oracle oracle10g_standard_edition 10.1.0 .0.2
Hp oracle_for_openview 9.1.01
Oracle oracle10g_enterprise_edition 10.1.0 .0.4
Oracle oracle10g_standard_edition 10.1.0 .0.4
Oracle oracle10g_standard_edition 10.2.0 .3
Oracle oracle10g_personal_edition 10.1.0 .0.4
Oracle e-business_suite_11i 11.5.10
Oracle jd_edwards_enterpriseone 8.96.11
Oracle oracle10g_enterprise_edition 10.1.0 .0.2
Oracle peoplesoft_enterprise_peopletools 8.22
Oracle application_server 9.0.4.3
Oracle peoplesoft_enterprise_peopletools 8.47
Oracle peoplesoft_enterprise_peopletools 8.48
Oracle oracle9i_enterprise_edition 9.0.1 .5
Oracle oracle9i_personal_edition 9.0.1 .5
Oracle application_server 10.1.2.2
Oracle e-business_suite_12 12.0.0
Oracle oracle9i_enterprise_edition 9.2.0.8.0
Oracle oracle10g_application_server 9.0.4 3
Oracle jd_edwards_enterpriseone 8.96
Oracle enterprise_manager_9i_release_2 9.2.0 7
Oracle application_server 7.0.4.4
Oracle oracle9i_personal_edition 9.2.0 .0.1
Oracle oracle9i_enterprise_edition 9.2.0 .0.1
Oracle jd_edwards_oneworld_tools SP23
Oracle oracle10g_application_server 10.1.3 .1.0
Oracle oracle10g_application_server 10.1.3 .2.0
Oracle oracle10g_personal_edition 10.1.0.5
Oracle peoplesoft_enterprise 8.22.14

HTTP:FOXIT-FF-URL-STG-BO - HTTP: Foxit Reader Plugin for Firefox URL String Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in Foxit Reader Plugin for Firefox. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Supported On:

HTTP:CGI:NAGIOS-HISTORY-PRM-BO - HTTP: Nagios history.cgi Parameter Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in Nagios. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 56879
cve: CVE-2012-6096

Affected Products:

Nagios nagios 3.0.1
Nagios nagios 3.0 (rc2)
Nagios nagios 3.0 (beta2)
Nagios nagios 3.0.4
Icinga icinga 1.7.2
Icinga icinga 1.7.3
Icinga icinga 1.8.3
Nagios nagios 3.0 (alpha3)
Icinga icinga 1.7.0
Nagios nagios 3.3.1
Icinga icinga 1.7.1
Icinga icinga 1.8.1
Nagios nagios 3.0 (alpha1)
Nagios nagios 3.0 (alpha4)
Nagios nagios 3.4.2
Nagios nagios up to 3.4.3
Nagios nagios 3.0 (alpha2)
Nagios nagios 3.2.1
Nagios nagios 3.4.1
Nagios nagios 3.2.0
Nagios nagios 3.0 (rc3)
Icinga icinga 1.6.0
Nagios nagios 3.0 (beta6)
Nagios nagios 3.0 (beta1)
Nagios nagios 3.2.3
Nagios nagios 3.1.2
Nagios nagios 3.2.2
Nagios nagios 3.0 (beta7)
Icinga icinga 1.8.0
Nagios nagios 3.0.6
Nagios nagios 3.0 (alpha5)
Icinga icinga 1.6.1
Nagios nagios 3.0.5
Nagios nagios 3.0 (beta3)
Nagios nagios 3.1.1
Nagios nagios 3.4.0
Nagios nagios 3.1.0
Nagios nagios 3.0 (beta5)
Nagios nagios 3.0.3
Icinga icinga 1.8.2
Nagios nagios 3.0 (rc1)
Nagios nagios 3.0 (beta4)
Nagios nagios 3.0.2

DB:ORACLE:SDO_CS-TRANS-OF - DB: Oracle SDO_CS.TRANSFORM_LAYER Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle database TNS. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf
bugtraq: 20588
url: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html
cve: CVE-2006-5344
cve: CVE-2006-5372

Affected Products:

Oracle oracle9i_application_server 9.0.3 .1
Oracle oracle9i_enterprise_edition 9.0.1 .4
Oracle oracle9i_enterprise_edition 9.0.1 .5 FIPS
Oracle oracle9i_personal_edition 9.0.1 .5 FIPS
Oracle oracle9i_standard_edition 9.0.1 .5 FIPS
Oracle oracle10g_application_server 10.1.2 .0.1
Oracle oracle10g_application_server 10.1.2 .0.2
Oracle oracle10g_application_server 10.1.2 .1.0
Oracle oracle10g_application_server 9.0.4 .2
Oracle collaboration_suite_release_1 10.1.2
Oracle jd_edwards_enterpriseone 8.95.0 F1
Oracle oracle10g_standard_edition 10.1.0 .0.5
Oracle oracle10g_standard_edition 10.2.0.1
Oracle oracle9i_standard_edition 9.2.0 .7
Oracle application_server_10g 9.0.4 .2
Oracle oracle10g_application_server 9.0.4 .0
Oracle developer_suite 9.0.4 .2
Oracle oracle9i_application_server 9.0.2 .3
Oracle jd_edwards_enterpriseone 8.95.0 B1
Oracle oracle9i_enterprise_edition 9.0.1 .5
Oracle oracle9i_personal_edition 9.0.1 .5
Oracle oracle9i_standard_edition 9.0.1 .5
Hp oracle_for_openview 9.1.01
Hp oracle_for_openview 8.1.7
Hp oracle_for_openview 9.2
Oracle html_db 1.5.0
Oracle html_db 1.6.0
Oracle html_db 1.5.1
Oracle html_db 1.6.1
Oracle html_db 2.0.0
Oracle oracle9i_standard_edition 9.0.1 .4
Oracle peoplesoft_enterprise_peopletools 8.22
Oracle peoplesoft_enterprise_peopletools 8.46
Oracle peoplesoft_enterprise_peopletools 8.47
Oracle peoplesoft_enterprise_peopletools 8.48
Oracle peoplesoft_enterprise_portal 8.8
Oracle peoplesoft_enterprise_portal 8.9
Oracle developer_suite 9.0.4 .3
Oracle developer_suite 6i
Oracle developer_suite 10.1.2.0.2
Oracle developer_suite 10.1.2.2
Oracle jd_edwards_oneworld_tools SP23
Oracle oracle10g_enterprise_edition 10.1.0 .0.3
Oracle oracle10g_personal_edition 10.1.0 .0.3
Oracle oracle10g_standard_edition 10.1.0 .0.3
Oracle oracle9i_standard_edition 9.2.0 .6
Oracle oracle9i_personal_edition 9.2.0 .6
Oracle oracle9i_enterprise_edition 9.2.0.6.0
Oracle collaboration_suite_release_2 9.0.4 .2
Oracle oracle10g_application_server 9.0.4 .1
Oracle oracle10g_application_server 10.1.2
Oracle application_server_10g 9.0.4
Oracle application_server_10g 9.0.4 .1
Oracle application_server_release_2 9.0.2 .3
Oracle e-business_suite_11i 11.5.7
Oracle e-business_suite_11i 11.5.8
Oracle e-business_suite_11i 11.5.9
Oracle e-business_suite 11.0.0
Oracle oracle9i_application_server 1.0.2 .2
Oracle developer_suite 9.0.4 .1
Oracle oracle10g_standard_edition 10.2.0 .2
Oracle oracle10g_personal_edition 10.2.0 .2
Oracle oracle10g_personal_edition 10.2.0 .1
Oracle oracle10g_enterprise_edition 10.2.0 .1
Oracle oracle10g_enterprise_edition 10.2.0 .2
Oracle oracle9i_enterprise_edition 9.2.0.7.0
Oracle oracle9i_personal_edition 9.2.0 .7
Oracle oracle10g_application_server 10.1.3 .0.0
Oracle e-business_suite_11i 11.5.10 CU2
Oracle pharmaceutical_applications 4.5.0
Oracle pharmaceutical_applications 4.5.1
Oracle jd_edwards_enterpriseone 8.95
Oracle jd_edwards_enterpriseone 8.95.J1
Oracle peoplesoft_enterprise_tools 8.47 GA
Oracle peoplesoft_enterprise_tools 8.47.01
Oracle peoplesoft_enterprise_tools 8.47.02
Oracle peoplesoft_enterprise_tools 8.47.03
Oracle peoplesoft_enterprise_tools 8.46 GA
Oracle peoplesoft_enterprise_tools 8.47.04
Oracle peoplesoft_enterprise_tools 8.46.12
Oracle oracle9i_enterprise_edition 9.2.0 .0.5
Oracle oracle9i_personal_edition 9.2.0 .0.5
Oracle oracle9i_standard_edition 9.2.0 .0.5
Oracle oracle8i_enterprise_edition 8.1.7.4.0
Oracle oracle10g_enterprise_edition 10.1.0 .0.4
Oracle oracle10g_standard_edition 10.1.0 .0.4
Oracle oracle10g_personal_edition 10.1.0 .0.4
Oracle e-business_suite_11i 11.5.10
Oracle application_server_10g 9.0.4 .3
Oracle jd_edwards_enterpriseone 8.96
Oracle oracle8i_standard_edition 8.1.7 .4
Oracle oracle9i_personal_edition 9.0.1 .4

APP:NOVELL:HTTP-NOVELL-REDIRECT - APP: Novell eDirectory HTTP Server Redirection Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Novell eDirectory HTTP Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

bugtraq: 20655
url: http://www.mnin.org/advisories/2006_novell_httpstk.pdf
cve: CVE-2006-5478

Affected Products:

Novell edirectory 8.7.3.8 pre-SP9
Novell edirectory 8.5.0
Novell edirectory 8.0.0
Novell edirectory 8.7.1 SU1
Novell edirectory 8.5.12 a
Novell edirectory 8.5.27
Novell edirectory 8.7.3.8
Novell edirectory 8.7.3
Novell edirectory 8.7.1
Novell edirectory 8.8
Novell edirectory 8.8.1
Novell edirectory 8.6.2
Novell edirectory 8.7.0

HTTP:PHP:APACHE-RQST-HEADER-BO - HTTP: PHP apache_request_headers Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in PHP. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application. Failed exploit attempts can result in a denial-of-service condition.

Supported On:

DI-Base, DI-Server, idp-4.0.0, idp-4.0.110090709, idp-5.1.110161014, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-4.0.110090831, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 53455
cve: CVE-2012-2329
url: http://www.php.net/archive/2012.php#id2012-05-08-1
url: http://www.php.net/ChangeLog-5.php#5.4.3
url: https://bugzilla.redhat.com/show_bug.cgi?id=820000

Affected Products:

Php php 5.4.0
Php php 5.4.1
Php php 5.4.2
Php php 5.4.0beta2
Php php 5.4.1RC1-DEV

NTP:CRYPTO-NAK-AUTH-BYPASS - NTP: Network Time Protocol Daemon crypto-NAK Authentication Bypass

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against NTP Daemon. The vulnerability is due to improper validation of crypto-NAK packets that leads to an NTP Symmetric association to be established with an unauthorized peer. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted crypto-NAK NTP packet to the vulnerable service. Successful exploitation will let the attacker change the time on the target system, resulting in a policy bypass and potentially other security vulnerabilities.

Supported On:

References:

cve: CVE-2015-7871

Affected Products:

Ntp ntp 4.3.43
Ntp ntp 4.3.22
Ntp ntp 4.3.38
Ntp ntp 4.3.40
Ntp ntp 4.3.11
Ntp ntp 4.3.9
Ntp ntp 4.3.41
Ntp ntp 4.3.24
Ntp ntp 4.3.36
Ntp ntp 4.3.60
Ntp ntp 4.3.8
Ntp ntp 4.3.28
Ntp ntp 4.3.46
Ntp ntp 4.3.18
Ntp ntp 4.3.35
Ntp ntp 4.3.61
Ntp ntp 4.3.7
Ntp ntp 4.3.47
Ntp ntp 4.3.59
Ntp ntp 4.3.34
Ntp ntp 4.3.62
Ntp ntp 4.3.6
Ntp ntp 4.3.71
Ntp ntp 4.3.44
Ntp ntp 4.3.58
Ntp ntp 4.3.33
Ntp ntp 4.3.63
Ntp ntp 4.3.5
Ntp ntp 4.3.45
Ntp ntp 4.3.32
Ntp ntp 4.3.64
Ntp ntp 4.3.4
Ntp ntp 4.3.31
Ntp ntp 4.3.29
Ntp ntp 4.3.3
Ntp ntp 4.3.1
Ntp ntp 4.3.17
Ntp ntp 4.3.55
Ntp ntp 4.3.30
Ntp ntp 4.3.66
Ntp ntp 4.3.37
Ntp ntp 4.2.2
Ntp ntp 4.3.65
Ntp ntp 4.3.54
Ntp ntp 4.3.69
Ntp ntp 4.3.67
Ntp ntp 4.2.4
Ntp ntp 4.2.6
Ntp ntp 4.3.13
Ntp ntp 4.3.23
Ntp ntp 4.3.57
Ntp ntp 4.3.68
Ntp ntp 4.2.5
Ntp ntp 4.2.7p444
Ntp ntp 4.3.56
Ntp ntp 4.3.48
Ntp ntp 4.3.25
Ntp ntp 4.3.19
Ntp ntp 4.3.74
Ntp ntp 4.3.51
Ntp ntp 4.3.49
Ntp ntp 4.3.26
Ntp ntp 4.3.72
Ntp ntp 4.3.50
Ntp ntp 4.3.27
Ntp ntp 4.3.12
Ntp ntp 4.2.7
Ntp ntp 4.3.16
Ntp ntp 4.3.53
Ntp ntp 4.3.0
Ntp ntp 4.3.20
Ntp ntp 4.3.10
Ntp ntp 4.3.39
Ntp ntp 4.3.70
Ntp ntp 4.3.73
Ntp ntp 4.3.2
Ntp ntp 4.2.8
Ntp ntp 4.2.0
Ntp ntp 4.3.21
Ntp ntp 4.3.14
Ntp ntp 4.3.76
Ntp ntp 4.3.52
Ntp ntp 4.3.42
Ntp ntp 4.3.15
Ntp ntp 4.3.75

HTTP:MISC:HP-SYS-IPRANGE-OF - HTTP: HP System Management Homepage iprange Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against HP System Management Homepage. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2013-2362

Affected Products:

Hp system_management_homepage up to 7.2
Hp system_management_homepage 7.0
Hp system_management_homepage 7.1

MS-RPC:OF:ADVANTECH-WEBACS-BOF - MS-RPC: Advantech WebAccess Client bwswfcfg Stack-based Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Advantech WebAccess Client. A successful attack can lead to Buffer Overflow.

Supported On:

idp-5.1.110161014, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.110121210, srx-12.1, srx-branch-12.1, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

url: https://ics-cert.us-cert.gov/advisories/ICSA-18-298-02
bugtraq: 105736
cve: CVE-2018-17910

Affected Products:

Advantech webaccess 8.3.2

HTTP:STC:IE:MERGE-ATTRIB - HTTP: Microsoft Internet Explorer DOM mergeAttributes Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due to insufficient input validation in the DOM mergeAttributes script method. A remote attacker can exploit this by enticing a target user to open a maliciously crafted HTML document. A successful attack can result in arbitrary code execution with privileges of the targeted user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 37893
cve: CVE-2010-0247
bugtraq: 47190
cve: CVE-2011-0094

Affected Products:

Microsoft internet_explorer 6.0
Nortel_networks contact_center_multimedia_&_outbound 7.0
Microsoft internet_explorer 5.0.1
Microsoft internet_explorer 6.0 SP1
Nortel_networks media_processing_svr_100
Avaya messaging_application_server
Nortel_networks self-service_peri_workstation
Avaya messaging_application_server MM 3.1
Microsoft internet_explorer 5.0.1 SP4
Nortel_networks self-service_speech_server
Nortel_networks contact_center_multimedia_&_outbound 6.0
Nortel_networks callpilot 1005R
Nortel_networks callpilot 600R
Nortel_networks callpilot 703T
Nortel_networks media_processing_server
Nortel_networks callpilot 201I
Microsoft internet_explorer 5.0.1 For Windows 2000
Avaya meeting_exchange-client_registration_server
Avaya meeting_exchange-recording_server
Avaya meeting_exchange-streaming_server
Avaya meeting_exchange-web_conferencing_server
Avaya meeting_exchange-webportal
Nortel_networks self-service_peri_application
Avaya messaging_application_server MM 1.1
Nortel_networks callpilot 202I
Nortel_networks self-service_peri_cti
Nortel_networks self_service-cdd
Nortel_networks contact_center_express
Microsoft internet_explorer 5.0.1 SP2
Avaya messaging_application_server MM 2.0
Nortel_networks contact_center_administration_ccma 7.0
Nortel_networks contact_center_administration_ccma 6.0
Avaya messaging_application_server MM 3.0
Nortel_networks media_processing_svr_1000_rel 3.0
Nortel_networks media_processing_svr_500_rel 3.0
Microsoft internet_explorer 5.0.1 SP3
Nortel_networks self-service_media_processing_server
Microsoft internet_explorer 5.0.1 SP1

HTTP:EFS-FILE-SERVER-BO - HTTP: EFS Software Easy File Sharing Web Server Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Easy File Management Web Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the current user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2014-3791
bugtraq: 67406
cve: CVE-2018-9059

Affected Products:

Sharing-file easy_file_sharing_web_server 7.2

APP:CVE-2017-5789-OV - APP: HPE LoadRunner and Performance Center libxdrutil.dll mxdr_string Heap Buffer Overflow

Severity: HIGH

Description:

A heap buffer overflow vulnerability exists in HP LoadRunner and Performance Center. Successful exploitation could result in execution of arbitrary code within the context of SYSTEM.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2017-5789

Affected Products:

Hp loadrunner 12.53
Hp performance_center 12.53

TFTP:HP-MGMT-TFTP-DATA-OF - TFTP: HP Intelligent Management Center TFTP Server DATA and ERROR Packets Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the HP Intelligent Management Center TFTP server. It is due to insufficient handling while processing malformed DATA and ERROR tftp packets. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 47789
cve: CVE-2011-1852

Affected Products:

Hp intelligent_management_center_(imc) 5.0_E0101
Hp intelligent_management_center_(imc) 5.0_E0101L01
3com intelligent_management_center_(imc) 3.3.9 R2 606
3com intelligent_management_center_(imc) 3.3 SP1 R2 606
3com intelligent_management_center_(imc) 3.3 SP2 R2 606

HTTP:STC:ADOBE:PHOTOSHOP-ASSET - HTTP: Adobe Photoshop Asset Elements Stack Buffer Overflow

Severity: HIGH

Description:

A buffer overflow vulnerability has been reported in Adobe Photoshop. The vulnerability is due to insufficient validation of Collada asset elements. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to download a malicious file. This can lead to arbitrary code execution in the context of the affected application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 53464

Affected Products:

Adobe photoshop CS5
Adobe photoshop CS5.1

NTP:NTPQ-DECODEARR-BO - NTP: Network Time Protocol ntpq decodearr Stack-based Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the monitoring and control program ntpq of Network Time Protocol daemon. Successful exploitation could result in arbitrary code execution in the security context of the user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 103351
cve: CVE-2018-7183

Affected Products:

Canonical ubuntu_linux 17.10
Netapp element_software -
Canonical ubuntu_linux 14.04
Canonical ubuntu_linux 16.04
Canonical ubuntu_linux 18.04
Canonical ubuntu_linux 12.04
Ntp ntp 4.2.8
Freebsd freebsd 10.3
Freebsd freebsd 11.1
Freebsd freebsd 10.4

APP:CA:ARCSRV:BME-OP-117 - APP: CA BrightStor ARCserve Backup Message Engine Opcode 117 Buffer

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Computer Associates BrightStor ARCserve. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 22005
cve: CVE-2007-0169

Affected Products:

Computer_associates brightstor_arcserve_backup 11.5.SP1
Computer_associates brightstor_arcserve_backup 9.01
Computer_associates brightstor_arcserve_backup 11.5.0
Computer_associates brightstor_arcserve_backup 11.1.0
Computer_associates server_protection_suite r2
Computer_associates business_protection_suite r2
Computer_associates business_protection_suite_for_microsoft_sbs_std_ed r2
Computer_associates business_protection_suite_for_microsoft_sbs_pre_ed r2
Computer_associates brightstor_arcserve_backup 11
Computer_associates brightstor_arcserve_backup 10.5

SMTP:MAL:LOTUS-APPLIX - SMTP: IBM Lotus Notes Applix Graphics Parsing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in IBM Lotus Notes Applix. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 28454
cve: CVE-2007-5405

Affected Products:

Symantec mail_security_appliance 5.0.0
Ibm lotus_notes 6.0.3
Ibm lotus_notes 6.5.1
Ibm lotus_notes 6.0.2
Symantec mail_security_for_microsoft_exchange 5.0.0
Ibm lotus_notes 7.0.2
Symantec mail_security_for_smtp 5.0
Ibm lotus_notes 6.5.0
Ibm lotus_notes 6.0.4
Ibm lotus_notes 6.5.2
Ibm lotus_notes 7.0.3
Ibm lotus_notes 6.5.6 FP2
Ibm lotus_notes 6.0.0
Symantec mail_security_appliance 5.0.0.24
Autonomy keyview_export_sdk 7
Autonomy keyview_export_sdk 8
Autonomy keyview_export_sdk 9
Autonomy keyview_filter_sdk 9
Autonomy keyview_filter_sdk 8
Autonomy keyview_filter_sdk 7
Autonomy keyview_viewer_sdk 7
Autonomy keyview_viewer_sdk 8
Autonomy keyview_viewer_sdk 9
Autonomy keyview_viewer_sdk 10
Autonomy keyview_filter_sdk 10
Autonomy keyview_export_sdk 10
Ibm lotus_notes 6.5.5
Autonomy keyview_export_sdk 10.3.0
Autonomy keyview_filter_sdk 10.3.0
Autonomy keyview_viewer_sdk 10.3.0
Ibm lotus_notes 7.0
Activepdf docconverter 3.8.4.0
Ibm lotus_notes 6.5.3
Ibm lotus_notes 6.5.4
Ibm lotus_notes 6.0.5
Ibm lotus_notes 6.5.5 FP3
Ibm lotus_notes 6.5.6
Ibm lotus_notes 7.0.1
Ibm lotus_notes 8.0
Ibm lotus_notes 6.0.1
Ibm lotus_notes 6.5.5 FP2
Symantec mail_security_for_smtp 5.0.1
Symantec mail_security_for_domino 7.5
Ibm lotus_notes 7.0.2 FP1

APP:HPOV:OVWEBSNMPSRV-OF - APP: HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known buffer overflow vulerability in HP OpenView Network Node Manager (NNM) ovwebsnmpsrv.exe. It is due to a boundary error when handling HTTP requests sent to the jovgraph.exe CGI application. A remote unauthenticated attacker can exploit this by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account.

Supported On:

idp-5.1.110161014, DI-Client, DI-Server, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, DI-Base, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 40873
url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02217439
cve: CVE-2010-1964
bugtraq: 40638
bugtraq: 40637
cve: CVE-2010-1960
cve: CVE-2010-1961

Affected Products:

Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.53

HTTP:STC:DL:MS-VISIO-DXF-BO - HTTP: Microsoft Visio 2010 DXF File Format Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Visio 2010. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

References:

bugtraq: 54934
cve: CVE-2012-1888

Affected Products:

Microsoft visio_viewer_2010_(32-bit_edition)
Microsoft visio_viewer_2010_(64-bit_edition)
Microsoft visio_viewer_2010_(32-bit_edition) SP1
Microsoft visio_2010_(32-bit_editions)_sp1
Microsoft visio_viewer_2010_(64-bit_edition) SP1
Microsoft visio_2010_(64-bit_editions)_sp1

HTTP:STC:CVE-2018-18993-BO - HTTP: OMRON CX-One CX-Position cdmapi32 Stack-based Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the OMRON CX-One CX-Position module. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 106106
cve: CVE-2018-18993
url: http://www.zerodayinitiative.com/advisories/zdi-18-1366/

Affected Products:

Omron cx-programmer 9.66
Omron cx-server 5.0.23
Omron cx-one 4.42

APP:VERITAS:NETBACKUP-BPCD - APP: Veritas Netbackup BPCD

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in the Symantec VERITAS NetBackup Server, Backup Client Service (BPCD). A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.zerodayinitiative.com/advisories/ZDI-06-050.html
bugtraq: 21565
url: http://www.symantec.com/avcenter/security/Content/2006.12.13a.html
cve: CVE-2006-5822
cve: CVE-2006-6222

Affected Products:

Veritas_software netbackup_enterprise_server 5.0.0
Veritas_software netbackup_enterprise_server 6.0.0
Veritas_software netbackup_client 6.0.0
Veritas_software netbackup_client 5.0.0
Veritas_software netbackup_client 5.1.0
Veritas_software netbackup_server 6.0.0
Veritas_software netbackup_enterprise_server 5.1.0
Veritas_software netbackup_server 5.1.0
Veritas_software netbackup_server 5.0.0

HTTP:STC:ADOBE:READER-WKT-BO - HTTP: Adobe Reader Well-Known Text Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe PDF Reader. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.1.134269, vsrx-15.1

References:

cve: CVE-2012-2050
bugtraq: 55026

Affected Products:

Adobe reader 9.4.5
Adobe acrobat 10.1.1
Adobe reader 10.1.1
Adobe acrobat 10.1.2
Adobe reader 9.4.6
Adobe reader 9.4
Adobe reader 9.5
Adobe reader 9.4.7
Adobe acrobat 10.0.1
Adobe reader 10.0.1
Adobe reader 9.4.2
Adobe acrobat 10.0.3
Adobe reader 10.0.3
Adobe reader 9.4.3
Adobe reader 9.4.4
Adobe acrobat 10.1.3
Adobe reader 9.4.1
Adobe reader 10.1.3
Adobe reader 9.5.1
Adobe acrobat 10.0.2
Adobe reader 10.0.2
Adobe reader 10.1.2
Adobe acrobat 10.1
Adobe reader 10.1
Adobe acrobat 10.0
Adobe reader 10.0

TFTP:OPEN-TFTP-SERVER-ERROR-BO - TFTP: OpenTFTP Server Error Packet Handling Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against the OpenTFTP Server. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 29111
cve: CVE-2008-2161

Affected Products:

Tftp_server tftp_server SP 1.4

HTTP:STC:DL:OO-OLE - HTTP: OpenOffice OLE File Stream Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in OpenOffice. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Openoffice openoffice.org up to 2.3.1
Openoffice openoffice.org 2.0.3
Openoffice openoffice.org 2.3
Openoffice openoffice.org 2.2.1
Openoffice openoffice.org 2.2
Openoffice openoffice.org 2.1

HTTP:DOS:DRUPAL-XML-RPC-IEE - HTTP: Drupal Core XML-RPC Endpoint Internal Entity Expansion Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Drupal Core XML-RPC. The vulnerability is due to an input validation error when an XML-RPC endpoint handles Internal Entity Expansion. This can cause a very high CPU load and memory exhaustion. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2014-5265

Affected Products:

Debian debian_linux 7.0
Drupal drupal 7.28
Wordpress wordpress 3.9.0
Wordpress wordpress 3.0.2
Drupal drupal 7.9
Wordpress wordpress 3.0.4
Drupal drupal 7.22
Wordpress wordpress 3.0.6
Wordpress wordpress 3.3.3
Drupal drupal 7.13
Wordpress wordpress 3.4.1
Drupal drupal 7.20
Wordpress wordpress 3.8
Wordpress wordpress 3.3.1
Drupal drupal 7.11
Drupal drupal 7.26
Drupal drupal 6.21
Drupal drupal 7.17
Drupal drupal 7.24
Drupal drupal 7.15
Wordpress wordpress 3.5.1
Wordpress wordpress 3.0
Wordpress wordpress 3.8.1
Drupal drupal 6.22
Drupal drupal 7.19
Wordpress wordpress 3.1.4
Wordpress wordpress 3.2
Drupal drupal 6.24
Drupal drupal 7.5
Drupal drupal 6.26
Drupal drupal 6.19
Wordpress wordpress 3.6
Drupal drupal 6.28
Wordpress wordpress 3.1.2
Drupal drupal 6.15
Wordpress wordpress 3.6.1
Drupal drupal 6.1
Drupal drupal 6.32
Drupal drupal 6.17
Drupal drupal 7.4
Drupal drupal 6.30
Drupal drupal 6.11
Drupal drupal 7.30
Drupal drupal 6.3
Drupal drupal 6.13
Drupal drupal 7.7
Drupal drupal 7.0
Wordpress wordpress 3.7.1
Drupal drupal 6.7
Wordpress wordpress 3.0.1
Drupal drupal 6.9
Drupal drupal 7.29
Wordpress wordpress 3.0.3
Drupal drupal 7.6
Wordpress wordpress 3.9.1
Wordpress wordpress 3.0.5
Drupal drupal 7.8
Wordpress wordpress 3.3.2
Drupal drupal 7.23
Drupal drupal 7.1
Drupal drupal 7.12
Wordpress wordpress 3.4.0
Drupal drupal 7.21
Drupal drupal 7.10
Wordpress wordpress 3.4.2
Drupal drupal 7.27
Drupal drupal 7.16
Drupal drupal 7.25
Drupal drupal 6.5
Wordpress wordpress 3.5.0
Drupal drupal 7.14
Drupal drupal 6.20
Wordpress wordpress 3.1
Drupal drupal 6.23
Wordpress wordpress 3.3
Drupal drupal 6.25
Drupal drupal 7.18
Drupal drupal 7.3
Drupal drupal 6.27
Drupal drupal 6.18
Wordpress wordpress 3.7
Wordpress wordpress 3.2.1
Drupal drupal 6.29
Wordpress wordpress 3.1.1
Drupal drupal 6.14
Wordpress wordpress 3.1.3
Drupal drupal 7.2
Drupal drupal 6.16
Drupal drupal 6.0
Drupal drupal 6.10
Drupal drupal 7.x-dev
Drupal drupal 6.2
Drupal drupal 6.31
Drupal drupal 6.12
Drupal drupal 6.4
Drupal drupal 6.6
Drupal drupal 6.8

FTP:OVERFLOW:MS-IE-FTP-RES-MC - FTP: Microsoft Internet Explorer FTP Response Parsing Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Supported On:

References:

bugtraq: 22489
cve: CVE-2007-0217

Affected Products:

Microsoft internet_explorer 6.0
Avaya vpnmanagertm_console
Hp storage_management_appliance 2.1
Microsoft internet_explorer 5.0.1
Avaya s8100_media_servers R10
Avaya s8100_media_servers
Avaya s8100_media_servers R11
Avaya agent_access
Avaya cms_supervisor
Avaya computer_telephony
Avaya contact_center_express
Avaya messaging_application_server
Avaya basic_call_management_system_reporting_desktop
Avaya s8100_media_servers R9
Avaya s8100_media_servers R8
Avaya s8100_media_servers R7
Avaya s8100_media_servers R6
Avaya ip_agent
Avaya ip_softphone
Microsoft internet_explorer 5.0.1 SP4
Avaya network_reporting
Avaya operational_analyst
Avaya outbound_contact_management
Avaya speech_access
Avaya unified_messenger_(r)
Avaya visual_messenger_tm
Avaya visual_vector_client
Nortel_networks centrex_ip_client_manager 8.0.0
Avaya web_messenger
Microsoft internet_explorer 6.0 SP1
Avaya basic_call_management_system_reporting_desktop server
Nortel_networks callpilot 703T
Nortel_networks contact_center_manager_server
Avaya enterprise_management
Avaya unified_communication_center
Nortel_networks contact_center
Microsoft internet_explorer 5.0.1 SP2
Nortel_networks callpilot 702T
Avaya interaction_center
Nortel_networks callpilot 1002Rp
Avaya modular_messaging_(mas)
Nortel_networks callpilot 200I
Nortel_networks contact_center_express
Nortel_networks contact_center_manager
Avaya octelaccess(r)_server
Nortel_networks callpilot 201I
Avaya octeldesignertm
Nortel_networks symposium_network_control_center_(ncc)
Microsoft internet_explorer 7.0
Nortel_networks centrex_ip_client_manager 9.0
Avaya cvlan
Avaya integrated_management
Microsoft internet_explorer 5.0.1 SP1
Nortel_networks centrex_ip_client_manager 7.0.0
Avaya s8100_media_servers R12
Microsoft internet_explorer 5.0.1 SP3

VOIP:SIP:DIGIUM-ASTERSK-BO - VOIP: Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow

Severity: HIGH

Description:

A buffer overflow has been reported in the CDR engine of Digium Asterisk. Successful exploitation could result in arbitrary code execution under the context of the user running the Asterisk service.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2017-7617
bugtraq: 97377
bugtraq: 101760
cve: CVE-2017-16671

Affected Products:

Digium asterisk 13.8.2
Digium asterisk 13.13
Digium asterisk 13.1.0
Digium asterisk 13.13.0
Digium asterisk 14.3.0
Digium asterisk 14.01
Digium asterisk 14.1.2
Digium asterisk 14.2.1
Digium asterisk 13.11.2
Digium asterisk 14.02
Digium asterisk 14.2.0
Digium asterisk 13.4.0
Digium asterisk 14.1.0
Digium asterisk 14.1.1
Digium asterisk 13.10.0
Digium asterisk 13.3.2
Digium asterisk 13.5.0
Digium asterisk 13.14.0
Digium certified_asterisk 13.13-cert2
Digium asterisk 13.3.0
Digium asterisk 13.9.1
Digium asterisk 13.0.0
Digium asterisk 13.9.0
Digium asterisk 14.0
Digium asterisk 13.0.1
Digium asterisk 13.12.0
Digium asterisk 13.0.2
Digium asterisk 13.7.2
Digium asterisk 13.12.1
Digium asterisk 13.7.1
Digium asterisk 13.12.2
Digium asterisk 13.11.0
Digium asterisk 13.2.0
Digium asterisk 13.7.0
Digium asterisk 14.0.2
Digium asterisk 13.2.1
Digium asterisk 13.8.0
Digium asterisk 14.0.1
Digium asterisk 13.8.1
Digium asterisk 13.12
Digium asterisk 14.0.0
Digium asterisk 13.6.0
Digium asterisk 13.11.1
Digium asterisk 13.1.1

APP:NOVELL:NMAP-NETMAIL-STOR - APP: Novell Netmail Stor Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Novell Netmail. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 21725
url: http://www.securityfocus.com/archive/1/archive/1/455201/100/0/threaded
cve: CVE-2006-6424

Affected Products:

Novell netmail 3.52.0
Novell netmail 3.52.0 C1
Novell netmail 3.52.0 D
Novell netmail 3.52.0 C
Novell netmail 3.52.0 B
Novell netmail 3.52.0 A

FTP:OVERFLOW:FREE-FTPD-PASS - FTP: freeFTPd PASS Command Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the freeFTPd. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

bugtraq: 61905
cve: CVE-2003-0727
url: http://www.blackhat.com/presentations/bh-usa-03/bh-us-03-litchfield-paper.pdf
bugtraq: 8375
cve: CVE-2006-3952
bugtraq: 19243
cve: CVE-1999-0256
bugtraq: 10078

Affected Products:

Jgaa warftpd up to 1.66
Microsoft windows_nt
Microsoft windows_95

APP:NOVELL:ZENWORKS-TFTPD-RCE - APP: Novell ZENworks Desktop Management on Linux TFTPD Code Execution

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Novell ZENworks Desktop Management on Linux. It is due to boundary error in the TFTPD server component. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 45378

Affected Products:

Novell zenworks_desktop_management 7 SP1

APP:HP-DATA-PROTECTOR-SIGN-DOS - APP: HP Data Protector Media Operations SignInName Parameter Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the HP Data Protector Media Operations SignInName Parameter. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, DI-Server, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, DI-Base, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 44381

Affected Products:

Hp data_protector_media_operations 6.11

HTTP:STC:PPT-CRAFTED-PATH - HTTP: Microsoft Office PowerPoint File Path Handling Buffer Overflow

Severity: HIGH

Description:

A stack buffer overflow vulnerability exists in Microsoft Office PowerPoint. The vulnerability is due to the way that the vulnerable application handles specially crafted file paths. This vulnerability may be exploited by remote unauthenticated attackers by enticing a user to open a maliciously crafted file. In attack scenarios where code execution is successful the behaviour of the target machine is completely dependent on the intention of the injected code, which will run in the security context of the currently logged in user. In cases where code execution is not successful the affected product may terminate abnormally.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 38099
cve: CVE-2010-0029

Affected Products:

Microsoft powerpoint_2002
Microsoft powerpoint_2002 SP1
Microsoft powerpoint_2002 SP2
Microsoft powerpoint_2002 SP3

SMTP:OVERFLOW:MAILENABLE-BO - SMTP: MailEnable SMTP Authentication Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against SMTP authentication mechanism of MailEnable. The flaw is caused by insufficient boundary checking when handling the username argument in an AUTH command. A successful attacker can exploit this vulnerability to terminate the vulnerable service or execute arbitrary code with System privileges. Note: While the vendor claims that this vulnerability can only be exploited for denial-of-service attacks, testing has shown that it can be exploited for remote code execution attacks as well. In a simple attack case aimed at creating a denial of service condition, the affected service will terminate. If the service is not configured to restart automatically, then the MailEnable SMTP functionality will be unavailable until the server is restarted manually. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the service process, normally System.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2005-1781
cve: CVE-2005-0022

Affected Products:

University_of_cambridge exim 4.42
University_of_cambridge exim up to 4.40
University_of_cambridge exim 4.41

APP:CITRIX:PROVISIONING-OPCODE - APP: Citrix Provisioning Services Opcode Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Citrix Provisioning Services. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

MS-RPC:OF:ADVANTECH-WA-BO - MS-RPC: Advantech WebAccess SCADA Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Advantech WebAccess SCADA. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Administrator.

Supported On:

References:

url: https://www.zerodayinitiative.com/advisories/ZDI-19-586/
url: https://www.us-cert.gov/ics/advisories/icsa-19-178-05
cve: CVE-2019-10991
bugtraq: 108923
url: https://www.tenable.com/security/research/tra-2019-28
cve: CVE-2019-3953
cve: CVE-2019-3954

Affected Products:

Advantech webaccess 8.3.5

APP:ORACLE:GOLDENGATE-SOAP-OF - APP: Oracle GoldenGate Veridata Server XML SOAP Request Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle GoldenGate Veridata Server. Its due to a boundary error while parsing XML SOAP requests containing an overly long tag string. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 45868
cve: CVE-2010-4416

Affected Products:

Oracle goldengate_veridata 3.0.0.4

HTTP:OVERFLOW:MICROFOCUS-PST-OF - HTTP: Micro Focus GroupWise Post Office Agent Integer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Post Office Agent component of Micro Focus GroupWise. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2016-5762

Affected Products:

Novell groupwise 2012
Novell groupwise 2014

HTTP:OVERFLOW:WECON-LEVIS-HOF - HTTP: WECON LeviStudio Address Name Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the WECON LeviStudio. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user process.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

IMAP:IPSWITCH:STATUS-OF - IMAP: IPSwitch IMAP Server STATUS Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Ipswitch IMail IMAP server. The IMail server does not perform sufficient boundary checking when processing a STATUS command. Remote attackers can include a long mailbox name argument within a maliciously crafted STATUS command to overflow a stack buffer and execute arbitrary code with system level privileges.

Supported On:

References:

Affected Products:

Ipswitch imail 8.15.0 Hotfix 1
Ipswitch imail 7.0.4
Ipswitch imail 7.0.3
Ipswitch imail 7.0.2
Ipswitch imail 7.0.1
Ipswitch imail 6.2.0
Ipswitch imail 7.0.5
Ipswitch imail 7.0.6
Ipswitch imail 8.0.5
Ipswitch imail 6.0.5
Ipswitch imail 8.1.0
Ipswitch imail 8.13.0
Ipswitch imail 8.0.3
Ipswitch imail 5.0.8
Ipswitch imail 7.12.0
Ipswitch imail 8.14.0
Ipswitch imail 5.0.5
Ipswitch imail 6.0.0
Ipswitch imail 5.0.7
Ipswitch imail 7.1.0
Ipswitch imail 7.0.7
Ipswitch imail 5.0.6
Ipswitch imail 5.0.0
Ipswitch imail 8.2.0
Ipswitch imail 6.0.6
Ipswitch imail 6.1.0
Ipswitch imail 6.0.1
Ipswitch imail 6.0.2
Ipswitch imail 6.0.3
Ipswitch imail 6.0.4
Ipswitch imail 6.3.0
Ipswitch imail 6.4.0

SMTP:EMAIL:RELAY-ADDR-OF - SMTP: Relay E-Mail Address Overflow

Severity: HIGH

Description:

This signature detects buffer overflow condition in relay e-mail addresses in an SMTP transmission. The address may be improperly formated, or it may contain binary data or invalid characters. A successful attack can result in malicious code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.milw0rm.com/exploits/2601
bugtraq: 19885
url: http://www.ipswitch.com/support/imail/releases/im20061.asp
cve: CVE-2006-4379

Affected Products:

Ipswitch imail_secure_server 2006
Ipswitch imail_server 2006
Ipswitch ipswitch_collaboration_suite_premium_edition 2006
Ipswitch ipswitch_collaboration_suite_standard_edition 2006
Ipswitch imail_plus

APP:CA:ARCSRV:SQL-OF - APP: Computer Associates BrightStor ARCserve Backup Buffer Overflow

Severity: HIGH

Description:

This signature detects an overly large chunk of data sent to a Computer Associates BrightStor SQL Agent. By sending a sufficiently large block of information to the agent, an attacker can execute arbitrary code on the server.

Supported On:

References:

bugtraq: 14453
cve: CVE-2005-1272
url: http://www.idefense.com/application/poi/display?id=287&type=vulnerabilities
url: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33239

Affected Products:

Ca brightstor_arcserve_backup_agent 11.0 (:sap)
Ca brightstor_arcserve_backup 11.0 (:oracle)
Ca brightstor_enterprise_backup_agent 10.5 (:oracle)
Ca brightstor_arcserve_backup_agent 11.1 (:sap)
Ca brightstor_arcserve_backup_agent 11
Ca brightstor_enterprise_backup_agent 10.0
Ca brightstor_enterprise_backup_agent 10.5 (:sql)
Ca brightstor_arcserve_backup_agent 9.0.1 (:sap)
Ca brightstor_enterprise_backup 10.5
Ca brightstor_arcserve_backup_agent 11 (:exchange)
Ca brightstor_arcserve_backup 9.0_1
Ca brightstor_enterprise_backup_agent 10.0 (:oracle)
Ca brightstor_arcserve_backup 11.1 (:windows)
Ca brightstor_arcserve_backup 9.0_1 (:oracle)
Ca brightstor_arcserve_backup_agent 11.1 (:sql)
Ca brightstor_arcserve_backup 9.0.1 (:windows)
Ca brightstor_enterprise_backup_agent 10.0 (:sql)
Ca brightstor_arcserve_backup 9.0.1
Ca brightstor_arcserve_backup 11.0 (:windows)
Ca brightstor_arcserve_backup_agent 9.0.1 (:exchange)
Ca brightstor_arcserve_backup_agent 9.0.1 (:sql)
Ca brightstor_arcserve_backup_agent 9.0.1
Ca brightstor_arcserve_backup_agent 11.1 (:exchange)
Ca brightstor_enterprise_backup_agent 10.0 (:sap)
Ca brightstor_arcserve_backup 11.0
Ca brightstor_enterprise_backup_agent 10.5
Ca brightstor_enterprise_backup_agent 10.5 (:sap)
Ca brightstor_arcserve_backup 11.1
Ca brightstor_arcserve_backup 11.1 (:oracle)
Ca brightstor_arcserve_backup_agent 11.0
Ca brightstor_arcserve_backup_agent 11.1
Ca brightstor_arcserve_backup_agent 11.0 (:sql)
Ca brightstor_enterprise_backup 10.0

IMAP:EMPHASISMINE - IMAP: Shadow Brokers - EMPHASISMINE

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to arbitrary code execution.

Supported On:

APP:CA:ARCSRV:MEDIASERVER-BO1 - APP: Computer Associates BrightStor ARCserve Media Server Buffer Overflow1

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in CA BrightStor ARCserve Media Server. Due to insufficient boundary checking when processing crafted strings supplied in SUN RPC requests, an unauthenticated attacker can terminate the service or cause a buffer overflow condition resulting in full control of the affected system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 23635
cve: CVE-2007-2139

Affected Products:

Ca brightstor_arcserve_backup 11
Ca server_protection_suite 2
Ca brightstor_arcserve_backup 11 (:windows)
Ca brightstor_arcserve_backup 11.1
Ca business_protection_suite 2.0 (:microsoft_sbs_standard)
Ca business_protection_suite 2.0
Ca brightstor_arcserve_backup 11.5 (sp2)
Ca brightstor_arcserve_backup 9.01
Ca business_protection_suite 2.0 (:microsoft_sbs_premium)

APP:HPOV:SNMPVIEWER-APP-OF - APP: HP OpenView NNM snmpviewer.exe App Parameter Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against HP OpenView Network Node Manager. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 40068
cve: CVE-2010-1552
url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379

Affected Products:

Hp openview_network_node_manager 7.01
Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.53

SMB:MS-CVE-2017-0144-MC - SMB: Microsoft Windows SMB Server SMBv1 Memory Corruption

Severity: HIGH

Description:

A remote code execution vulnerability has been reported in the SMBv1 component of Microsoft Windows SMB server. Successful exploitation could result in remote code execution.

Supported On:

idp-5.1.110161014, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, mx-16.1, srx-branch-19.2, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, isg-3.4.139899, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.0.110121210, srx-branch-19.1, vsrx3bsd-19.1, vsrx-15.1, idp-4.1.110110609, srx-19.2

References:

cve: CVE-2017-0144

Affected Products:

Microsoft server_message_block 1.0

DNS:REPERR:NAPRT-IOF - DNS: Name Authority Pointer Integer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft DNS server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

cve: CVE-2011-1966
bugtraq: 49012

Affected Products:

Microsoft windows_server_2008_r2_itanium SP1
Microsoft windows_server_2008_r2_x64 SP1
Microsoft windows_server_2008_r2_datacenter
Microsoft windows_server_2008_standard_edition - Sp2 Web
Microsoft windows_server_2008_standard_edition SP2
Microsoft windows_server_2008_for_x64-based_systems R2
Microsoft windows_server_2008_for_itanium-based_systems R2
Microsoft windows_server_2008_datacenter_edition SP2
Microsoft windows_server_2008_enterprise_edition SP2
Microsoft windows_server_2008_r2_standard_edition
Microsoft windows_server_2008_for_32-bit_systems SP2
Microsoft windows_server_2008_for_itanium-based_systems SP2
Microsoft windows_server_2008_standard_edition - Gold Hpc
Microsoft windows_server_2008_standard_edition - Gold Datacenter
Microsoft windows_server_2008_standard_edition - Gold
Microsoft windows_server_2008_r2_for_x64-based_systems SP1
Microsoft windows_server_2008_for_itanium-based_systems
Microsoft windows_server_2008_for_x64-based_systems SP2
Microsoft windows_server_2008_r2_enterprise_edition
Microsoft windows_server_2008_standard_edition Itanium
Microsoft windows_server_2008_standard_edition - Gold Enterprise
Microsoft windows_server_2008_standard_edition - Gold Itanium
Microsoft windows_server_2008_standard_edition R2
Microsoft windows_server_2008_standard_edition R2 SP1
Microsoft windows_server_2008 - Sp2 Enterprise X64
Microsoft windows_server_2008_standard_edition - Gold Standard
Microsoft windows_server_2008_datacenter_edition
Microsoft windows_server_2008_enterprise_edition Release Candidate
Microsoft windows_server_2008_datacenter_edition Release Candidate
Microsoft windows_server_2008_standard_edition - Gold Web
Microsoft windows_server_2008_standard_edition Release Candidate
Microsoft windows_server_2008_standard_edition - Sp2 Storage
Microsoft windows_server_2008_standard_edition - Gold Storage
Microsoft windows_server_2008_enterprise_edition
Microsoft windows_server_2008_standard_edition
Microsoft windows_server_2008_r2_x64
Microsoft windows_server_2008_r2_itanium
Microsoft windows_server_2008_for_32-bit_systems
Microsoft windows_server_2008_for_x64-based_systems
Microsoft windows_server_2008_standard_edition - Sp2 Hpc
Microsoft windows_server_2008 SP2 Beta
Microsoft windows_server_2008_r2_datacenter SP1

HTTP:SQL:INJ:OVERSIZE-STATEMENT - HTTP: Oversized Cast And Convert Statement Possible SQL Injection Obfuscation

Severity: MEDIUM

Description:

This signature detects attempts to exploit Oversized Cast And Convert Statement SQL Injection vulnerability. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

Supported On:

References:

url: https://isc.sans.edu/diary/Mass+exploits+with+SQL+Injection/3823

HTTP:IIS:ASPX-URL-1 - HTTP: IIS Crafted ASP URL Request1

Severity: HIGH

Description:

This signature detects invalid HTTP requests to Microsoft Internet Information Server. An attacker can send these crafted URLs to a vulnerable Web server and execute code.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2005-4360

Affected Products:

Microsoft internet_information_server 5.1

TFTP:TRANSPORT-BOF - TFTP: Multiple Vendors TFTP Transporting Mode Remote Buffer Overflow Vulnerability

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known buffer-overflow vulnerability against TFTPUtil GUI and 3COM TFTP server, a trivial file transfer protocol (TFTP) program. A successful attack allows an attacker to corrupt and overwrite memory and gain control of the affected application. An unsuccessful attack, can result in a denial-of-service condition.

Supported On:

References:

url: https://alerts.symantec.com/loaddocument.aspx?GUID=4a3ebe08-c393-48c0-811a-de07812cb544
url: http://downloads.securityfocus.com/vulnerabilities/exploits/21301-UW.pl
cve: CVE-2006-6183
bugtraq: 21322
bugtraq: 21301
bugtraq: 39872
url: http://secunia.com/advisories/23113/

Affected Products:

3com tftp_server 2.0.1

HTTP:STC:DL:MAL-VBP - HTTP: Malformed Microsoft Visual Basic Project File

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft Visual Basic. A victim can download a malformed Visual Basic Project (VBP) file, resulting in a buffer overflow. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

References:

bugtraq: 25629
cve: CVE-2007-4776

Affected Products:

Microsoft visual_basic 6.0

APP:HPOV:NNM-RPING-BOF - APP: HP OpenView Network Node Manager rping Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in HP OpenView Network Node Manager. It is due to insufficient validation of user-supplied input. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

bugtraq: 35267
cve: CVE-2009-1420

Affected Products:

Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.53

HTTP:STC:MS-IE-IFRAME-BO - HTTP: Microsoft Internet Explorer Iframe Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

HTTP:STC:DL:COOLPLAYER-PLAYLIST - HTTP: CoolPlayer Playlist File Handling Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in CoolPlayer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 30418
cve: CVE-2008-3408

Affected Products:

Coolplayer coolplayer 215
Coolplayer coolplayer 216
Coolplayer coolplayer+_portable 2.19.1
Coolplayer coolplayer 217
Coolplayer coolplayer+_portable 2.19.2
Coolplayer coolplayer 218
Coolplayer coolplayer 219

IMAP:OVERFLOW:IBM-DOMINO-OF - IMAP: IBM Domino IMAP Mailbox Name Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in IBM Domino IMAP Server. Successful exploitation will result in the execution of arbitrary code with SYSTEM privileges. An unsuccessful attack could result in a denial of service condition of the affected service.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2017-1274

Affected Products:

Ibm domino 9.0.1.8
Ibm domino 8.5.3
Ibm domino 8.5.3.6
Ibm domino 9.0.0.0
Ibm domino 9.0.1

APP:NOVELL:INTERNET-AGENT-BOF - APP: Novell GroupWise Internet Agent Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Novell GroupWise Internet Agent. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

bugtraq: 35064
cve: CVE-2009-1636
bugtraq: 35065

Affected Products:

Novell groupwise 7.0.0
Novell groupwise 7.0.0 SP3
Novell groupwise 7.0.0 SP1
Novell groupwise 7.0.0 SP2
Novell groupwise 7.01
Novell groupwise 7.03
Novell groupwise 7.03Hp1a
Novell groupwise 8.0
Novell groupwise 8.0 HP1
Novell groupwise 7.02X
Novell groupwise 7.03 HP2

VOIP:SIP:SDP:HDR-BOF - VOIP: Digium Asterisk SIP SDP Header Parsing Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Digium Asterisk. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Supported On:

idp-5.1.110161014, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2013-2685

Affected Products:

Asterisk open_source 11.2.0 (rc1)
Asterisk open_source 11.1.0 (rc3)
Asterisk open_source 11.0.0 (rc1)
Asterisk open_source 11.0.0 (rc2)
Asterisk open_source 11.0.0 (beta2)
Asterisk open_source 11.2.0 (rc2)
Asterisk open_source 11.0.1
Asterisk open_source 11.2.1
Asterisk open_source 11.0.0 (beta1)
Asterisk open_source 11.1.2
Asterisk open_source 11.1.0 (rc1)
Asterisk open_source 11.0.2
Asterisk open_source 11.1.1

APP:IBM:TIVOLI-FASTBACK-OF - APP: IBM Tivoli Storage Manager FastBack Mount Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against IBM Tivoli. A successful exploit can lead to buffer overflow and arbitrary code execution.

Supported On:

References:

bugtraq: 74021
cve: CVE-2015-0120
cve: CVE-2015-1896

Affected Products:

Ibm tivoli_storage_manager_fastback 6.1.9.1
Ibm tivoli_storage_manager_fastback 6.1.10.1
Ibm tivoli_storage_manager_fastback 6.1.0.1
Ibm tivoli_storage_manager_fastback 6.1.8.0
Ibm tivoli_storage_manager_fastback 6.1.9.0
Ibm tivoli_storage_manager_fastback 6.1.8.1
Ibm tivoli_storage_manager_fastback 6.1.7.2
Ibm tivoli_storage_manager_fastback 6.1.10.0
Ibm tivoli_storage_manager_fastback 6.1.11.0
Ibm tivoli_storage_manager_fastback 6.1.1.0

SSL:AUDIT:DHEEXP-512CPHR-LOGJAM - SSL: OpenSSL Logjam 512-Bit DHE_EXPORT Cipher Suite

Severity: INFO

Description:

This signature detects a SSL-SERVER-HELLO response with 'DHE_EXPORT' RSA cipher suites. Most 'modern' clients (e.g., web browsers) won't offer export grade cipher suites as part of the negotiation process as they are considered as weak encryption.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

Affected Products:

Apple safari *
Mozilla firefox *
Microsoft ie *
Oracle jre 1.7.0
Mozilla firefox_esr 38.1.0
Oracle jre 1.8.0
Openssl openssl 1.0.1f
Openssl openssl 1.0.1g
Canonical ubuntu_linux 14.04
Google chrome -
Canonical ubuntu_linux 14.10
Suse linux_enterprise_server 11.0
Oracle jrockit r28.3.6
Oracle jdk 1.8.0
Canonical ubuntu_linux 15.04
Suse linux_enterprise_desktop 12
Oracle jdk 1.7.0
Debian debian_linux 8.0
Mozilla network_security_services 3.19
Openssl openssl 1.0.1i
Hp hp-ux b.11.31
Openssl openssl 1.0.1j
Mozilla firefox_esr 31.8
Openssl openssl 1.0.1k
Suse linux_enterprise_software_development_kit 12
Oracle jdk 1.6.0
Openssl openssl 1.0.1l
Mozilla firefox_os 2.2
Oracle sparc-opl_service_processor 1121
Openssl openssl 1.0.1m
Ibm content_manager 8.5
Openssl openssl 1.0.1
Oracle jre 1.6.0
Apple mac_os_x 10.10.3
Openssl openssl 1.0.1h
Suse suse_linux_enterprise_server 12
Apple iphone_os 8.3
Openssl openssl 1.0.1a
Openssl openssl 1.0.2a
Openssl openssl 1.0.1b
Openssl openssl 1.0.2
Debian debian_linux 7.0
Mozilla firefox 39.0
Openssl openssl 1.0.1c
Mozilla thunderbird 38.1
Mozilla seamonkey 2.35
Mozilla thunderbird 31.8
Openssl openssl 1.0.1d
Opera opera_browser -
Canonical ubuntu_linux 12.04
Openssl openssl 1.0.1e

HTTP:STC:ADOBE:DIRECTOR-FILE-MC - HTTP: Adobe Director file Multiple Record Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Director file. A successful attack can lead to memory corruption and arbitrary code execution.

Supported On:

References:

cve: CVE-2010-2868
cve: CVE-2010-2869

Affected Products:

Adobe shockwave_player 11.5.2.602
Adobe shockwave_player 11.5.1.601
Adobe shockwave_player 10.0.1.004
Adobe shockwave_player 11.0.3.471
Adobe shockwave_player 10.1.1.016
Adobe shockwave_player 6.0
Adobe shockwave_player 8.0.204
Adobe shockwave_player 8.5.1.105
Adobe shockwave_player 10.1.4.020
Adobe shockwave_player 11.0.0.456
Adobe shockwave_player 9
Adobe shockwave_player 8.5.1.106
Adobe shockwave_player 10.1.0.11
Adobe shockwave_player 8.5.325
Adobe shockwave_player 8.0.196a
Adobe shockwave_player 1.0
Adobe shockwave_player 8.5.324
Adobe shockwave_player 8.5.1.100
Adobe shockwave_player 3.0
Adobe shockwave_player 8.5.321
Adobe shockwave_player 10.1.0.011
Adobe shockwave_player 8.5.1.103
Adobe shockwave_player 11.5.0.596
Adobe shockwave_player 8.5.323
Adobe shockwave_player 4.0
Adobe shockwave_player 11.5.0.595
Adobe shockwave_player 10.2.0.021
Adobe shockwave_player 9.0.432
Adobe shockwave_player 11.5.6.606
Adobe shockwave_player 9.0.383
Adobe shockwave_player 8.5.1
Adobe shockwave_player 10.2.0.023
Adobe shockwave_player 5.0
Adobe shockwave_player 10.2.0.022
Adobe shockwave_player 8.0
Adobe shockwave_player 8.0.196
Adobe shockwave_player 2.0
Adobe shockwave_player 10.0.0.210
Adobe shockwave_player 8.0.205
Adobe shockwave_player up to 11.5.7.609

APP:HP-LOADRUNNER-BO - APP: HP LoadRunner Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against HP LoadRunner. A successful exploit can lead to buffer overflow and arbitrary code execution.

Supported On:

References:

bugtraq: 74737
cve: CVE-2015-2110

Affected Products:

Hp loadrunner 11.52

APP:HPOV:NNMI-BO - APP: HP Network Node Manager(NNMi) ovopi.dll Options Handling Remote Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Network Node Manager I (NNMi). A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Network Node Manager I (NNMi).

Supported On:

References:

cve: CVE-2014-2624

Affected Products:

Hp network_node_manager_i 9.10
Hp network_node_manager_i 9.0
Hp network_node_manager_i 9.20

APP:NOVELL:GROUPWISE-WA - APP: Novell GroupWise WebAccess HTTP Basic Authentication Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Novell Groupwise WebAccess. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

bugtraq: 23556
url: http://www.zerodayinitiative.com/advisories/ZDI-07-015.html
url: http://download.novell.com/Download?buildid=8RF83go0nZg~
cve: CVE-2007-1350
cve: CVE-2007-2171

Affected Products:

Novell groupwise 7.0.0
Novell groupwise 7.0.0 SP1

RTSP:DESCRIBE-BOF - RTSP: RealNetworks Helix Server RTSP DESCRIBE Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in RealNetworks Helix. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 33059
cve: CVE-2008-5911

Affected Products:

Real_networks helix_mobile_server 11.1.7
Real_networks helix_mobile_server 11.1.4
Real_networks helix_mobile_server 11.1.2
Real_networks helix_mobile_server 11.1.6
Real_networks helix_server 11.1.4
Real_networks helix_server 11.1.2
Real_networks helix_server 11.1.6
Real_networks helix_server 11.1.7
Real_networks helix_server 12.0.0
Real_networks helix_mobile_server 12.0.0

APP:EMC-AUTOSTART-BOF - APP: EMC AutoStart Error Logging Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against EMC AutoStart Error Logging. A successful attack can lead to a stack-based overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 49238
cve: CVE-2011-2735

Affected Products:

Emc autostart 5.4
Emc autostart 5.3
Emc autostart 5.3 SP1
Emc autostart 5.3 SP2
Emc autostart 5.3 SP3

HTTP:STC:MOZILLA:MOZ-FLOAT-OF - HTTP: Mozilla Firefox Floating Point Number Conversion Memory Corruption

Severity: MEDIUM

Description:

A memory corruption vulnerability exists in Mozilla Firefox Browser. The vulnerability is due to a boundary error when processing very long floating point numbers. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious web page. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful exploit attempt can crash the affected application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2009-1563
bugtraq: 36851

Affected Products:

Mozilla firefox 3.0.5
Suse linux 11
Suse suse_linux_enterprise 11
Avaya message_networking
Sun opensolaris Build Snv 99
Red_hat enterprise_linux_desktop 5 Client
Mozilla thunderbird 2.0.0.18
Mozilla seamonkey 1.1.13
Red_hat enterprise_linux_optional_productivity_application 5 Server
K-meleon k-meleon 1.5.3
Red_hat enterprise_linux_as 3
Vmware esx_server 4.0
Sun opensolaris Build Snv 101A
Sun opensolaris Build Snv 119
Red_hat enterprise_linux_es 3
Red_hat enterprise_linux_ws 3
Sun opensolaris Build Snv 121
Sun opensolaris Build Snv 112
Mozilla firefox 3.0
Mandriva linux_mandrake 2009.1 X86 64
Ubuntu ubuntu_linux 8.04 LTS Amd64
Ubuntu ubuntu_linux 8.04 LTS I386
Ubuntu ubuntu_linux 8.04 LTS Lpia
Ubuntu ubuntu_linux 8.04 LTS Powerpc
Ubuntu ubuntu_linux 8.04 LTS Sparc
Red_hat desktop 3.0.0
Mozilla firefox 3.0.11
Sun opensolaris Build Snv 122
Suse opensuse 10.3
Red_hat desktop 4.0.0
Mozilla firefox 3.0.4
Sun opensolaris Build Snv 123
Red_hat fedora 11
Mozilla thunderbird 2.0.0.5
Mozilla firefox 3.0.8
Ubuntu ubuntu_linux 9.10 Amd64
Ubuntu ubuntu_linux 9.10 I386
Slackware linux 13.0 X86 64
Ubuntu ubuntu_linux 9.10 Powerpc
Ubuntu ubuntu_linux 9.10 Sparc
Avaya intuity_audix_lx 2.0 SP2
Mozilla firefox 3.0.7
Sun opensolaris Build Snv 102
Suse suse_linux_enterprise 10 SP2 DEBUGINFO
Slackware linux 13.0
Ubuntu ubuntu_linux 9.10 Lpia
Mozilla thunderbird 2.0.0.4
Mandriva enterprise_server 5 X86 64
Vmware vma 4.0
Suse suse_linux_enterprise_desktop 11
Sun opensolaris Build Snv 127
Sun opensolaris Build Snv 110
Sun opensolaris Build Snv 111
Mandriva linux_mandrake 2008.0
Mandriva linux_mandrake 2008.0 X86 64
Avaya intuity_audix_lx 2.0 SP1
Suse linux 9
Mozilla thunderbird 2.0.0.23
Mozilla seamonkey 1.1.16
Mozilla firefox 3.5.0
Mandriva linux_mandrake 2010.0 X86 64
Mandriva linux_mandrake 2010.0
Avaya intuity_audix_lx 2.0
Suse suse_linux_enterprise_server 11 DEBUGINFO
Mozilla firefox 3.0.2
Mozilla seamonkey 1.1.3
Mozilla seamonkey 1.1.12
Mozilla thunderbird 2.0.0.17
Red_hat enterprise_linux_as 4.8.Z
Red_hat enterprise_linux_es 4.8.Z
Suse suse_linux_enterprise_sdk 10 SP3
Suse suse_linux_enterprise_desktop 10 SP3
Suse suse_linux_enterprise_server 10 SP3
Suse suse_linux_enterprise 10 SP3 DEBUGINFO
Suse suse_linux_enterprise_server 11
Sun opensolaris Build Snv 101
Sun opensolaris Build Snv 116
Sun opensolaris Build Snv 117
Avaya messaging_storage_server 5.0
Mozilla seamonkey 1.1.2
Sun opensolaris Build Snv 100
Mozilla thunderbird 2.0.0.13
Mozilla seamonkey 1.1.9
Debian linux 5.0
Debian linux 5.0 Alpha
Avaya message_networking 3.1
Debian linux 5.0 Arm
Debian linux 5.0 Hppa
Debian linux 5.0 Ia-32
Debian linux 5.0 Ia-64
Debian linux 5.0 M68k
Debian linux 5.0 Mips
Debian linux 5.0 Mipsel
Debian linux 5.0 Powerpc
Debian linux 5.0 S/390
Mozilla firefox 3.0.1
Ubuntu ubuntu_linux 9.04 Sparc
Mozilla thunderbird 2.0.0.15
Mozilla thunderbird 2.0.0.16
Mozilla seamonkey 1.1.11
Sun opensolaris Build Snv 108
Mozilla firefox 3.0.10
Suse opensuse 11.0
Sun opensolaris Build Snv 118
Mozilla thunderbird 2.0.0.8
Mozilla seamonkey 1.1.5
Mandriva enterprise_server 5
Mandriva linux_mandrake 2009.1
Ubuntu ubuntu_linux 9.04 Amd64
Ubuntu ubuntu_linux 9.04 I386
Ubuntu ubuntu_linux 9.04 Lpia
Ubuntu ubuntu_linux 9.04 Powerpc
Mozilla seamonkey 1.1.1
Red_hat enterprise_linux_desktop_workstation 5 Client
Red_hat enterprise_linux 5 Server
Mozilla seamonkey 1.1 Beta
Sun opensolaris Build Snv 103
Pardus linux_2008
Sun opensolaris Build Snv 95
Mozilla firefox 3.5.3
Mozilla firefox 3.0.14
Slackware linux -Current
Sun opensolaris Build Snv 124
Sun opensolaris Build Snv 125
Mozilla seamonkey 1.1.6
Red_hat fedora 10
Sun opensolaris Build Snv 111A
Sun opensolaris Build Snv 109
Sun opensolaris Build Snv 96
Red_hat enterprise_linux_optional_productivity_application 5.4.Z Server
Sun opensolaris Build Snv 126
Sun opensolaris Build Snv 114
Slackware linux 12.0
Mozilla thunderbird 3.0
Mozilla sunbird 0.9
Flock flock 2.5.2
Mozilla firefox 3.0.9
Sun opensolaris Build Snv 113
Mozilla thunderbird 2.0.0.6
Mozilla seamonkey 1.1.17
Mozilla seamonkey 1.1.4
Suse suse_linux_enterprise_desktop 10 SP2
Suse suse_linux_enterprise_server 10 SP2
Suse suse_linux_enterprise_sdk 10 SP2
Mozilla firefox 3.5.2
Mozilla thunderbird 2.0.0.22
Ubuntu ubuntu_linux 8.10 I386
Suse linux 10.0
Ubuntu ubuntu_linux 8.10 Powerpc
Ubuntu ubuntu_linux 8.10 Sparc
Sun opensolaris Build Snv 120
Ubuntu ubuntu_linux 8.10 Amd64
Red_hat enterprise_linux_as 4
Red_hat enterprise_linux_es 4
Red_hat enterprise_linux_ws 4
Red_hat enterprise_linux Desktop Version 4
Mozilla seamonkey 1.1.14
Avaya voice_portal 4.0
Avaya voice_portal 4.1
Ubuntu ubuntu_linux 8.10 Lpia
Mozilla firefox 3.5.1
Avaya message_networking MN 3.1
Sun opensolaris Build Snv 98
Slackware linux 11.0
Mozilla seamonkey 1.1.10
Mozilla thunderbird 2.0.0.14
Mozilla firefox 3.0.6
Mozilla thunderbird 2.0.0.21
Mozilla seamonkey 1.1.15
Debian linux 5.0 Sparc
Mozilla firefox 3.0.3
Mozilla camino 1.6.9
Sun opensolaris Build Snv 115
Suse opensuse 11.1
Mozilla seamonkey 1.1.18
Avaya messaging_storage_server 4.0
Sun opensolaris Build Snv 104
Sun opensolaris Build Snv 105
Mozilla thunderbird 2.0.0.12
Mozilla seamonkey 1.1.8
Slackware linux 12.2
Mozilla seamonkey 1.1.7
Mozilla firefox 3.0.13
Mozilla thunderbird 2.0.0 .19
Mozilla firefox 3.0.12
Mozilla thunderbird 2.0.0.9
Debian linux 5.0 Amd64
Sun opensolaris Build Snv 106
Sun opensolaris Build Snv 107
Debian linux 5.0 Armel
Pardus linux_2009

HTTP:STC:RHINO-HDR-OF - HTTP: Rhino Software Serv-U Server HTTP Request Handling Buffer Overflow

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Rhino Software Serv-U. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 36895
bugtraq: 37051
cve: CVE-2009-4006

Affected Products:

Rhino_software serv-u_web_client 9.0.0.5

HTTP:IBM-INFORMIX-DS-BO - HTTP: IBM Informix Dynamic Server index.php testconn Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in IBM's Informix Dynamic Server and Informix Open Admin Tool. Successful exploitation could result in code execution with SYSTEM privileges.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2017-1092

Affected Products:

Ibm informix_open_admin_tool 11.5
Ibm informix_open_admin_tool 11.7
Ibm informix_open_admin_tool 12.1

APP:HP-PM-EXP-DATA-LOGS - APP: HP Power Manager formExportDataLogs Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in HP Power Manager. It is due to insufficient bounds checking in the HP Power Manager while processing URL parameters. In a successful code execution attack the injected code is executed within the security context of the SYSTEM user. An unsuccessful exploit attempt can terminate the affected service abnormally and result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 37866
cve: CVE-2009-3999
bugtraq: 37867

Affected Products:

Hp power_manager 4.0Build10
Hp power_manager 4.0Build11
Hp power_manager 4.2.9
Hp power_manager 4.2.7
Hp power_manager

HTTP:EK-RIG-OUT-COMMUNICATION - HTTP: Rig Exploit Kit Outbound Communication Attempt

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

HTTP:NOVELL:GROUPWISE-NETAGT-BO - HTTP: Novell GroupWise Internet Agent HTTP Interface Stack Buffer Overflow

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2011-0334
bugtraq: 49779

Affected Products:

Novell groupwise 8.02 HP1
Novell groupwise 8.0 SP1
Novell groupwise 8.01X
Novell groupwise 8.0 HP2
Novell groupwise 8.02 HP2
Novell groupwise 8.0
Novell groupwise 8.0 HP1
Novell groupwise 8.0 SP2
Novell groupwise_internet_agent 8.0
Novell groupwise 8.0 HP3
Novell groupwise 8.02

SSL:OVERFLOW:KEY-ARG-NO-ENTROPY - SSL: OpenSSL KEY_ARG No Entropy

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against SSL Client Master Key packet. OpenSSL 0.9.6d and earlier versions are vulnerable. Attackers can send malicious Key packets to exploit a buffer overflow condition in the KEY_ARG parameter. This signature also detects attempts to exploit the Server Stack overflow in Mozilla Network Services. A successful attack can allow arbitrary code execution on the target host.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2007-0009
bugtraq: 5363
url: http://www.securityfocus.com/bid/5363/info/
cve: CVE-2002-0656

Affected Products:

Openssl_project openssl 0.9.6 A
Apache_software_foundation apache 1.3.14 Mac
Hp openssl_for_openvms_alpha 1.0.0
Hp tcp/ip_services_for_openvms 5.3.0
Hp openvms_secure_web_server 1.1.0 -1
Hp openvms_secure_web_server 1.2.0
Apache_software_foundation apache 2.0.28 Beta
Cisco secure_content_accelerator_10000
Apache_software_foundation apache 1.3.3
Apache_software_foundation apache 1.3.14
Sonicwall ssl-r3 4.0.0 .18
Apache_software_foundation apache 1.3.17
Sonicwall ssl-rx 4.0.0 .18
Openssl_project openssl 0.9.4
Apple mac_os_x 10.1.0
Apache_software_foundation apache 1.3.0
Apache_software_foundation apache 1.2.5
Apache_software_foundation apache 1.3.1
Oracle corporatetime_outlook_connector 3.1.1
Oracle corporatetime_outlook_connector 3.1.2
Oracle corporatetime_outlook_connector 3.3.0
Apple mac_os_x 10.1.5
Apache_software_foundation apache 2.0.40
Hp virtualvault 4.5.0
Apache_software_foundation apache 1.0.3
Sonicwall ssl-r 4.0.0 .18
Juniper_networks junos 5.0.0
Juniper_networks junos 5.1.0
Covalent fast_start_server 3.1.0
Covalent enterprise_ready_server 2.1.0
Covalent enterprise_ready_server 2.2.0
Sonicwall ssl-r6 4.0.0 .18
Rsa_security bsafe_ssl-c 2.1.0
Rsa_security bsafe_ssl-c 2.2.0
Rsa_security bsafe_ssl-c 2.3.0
Ibm http_server 1.3.19
Juniper_networks junos 5.6.0
Juniper_networks junos 5.5.0
Juniper_networks junos 5.4.0
Juniper_networks junos 5.3.0
Juniper_networks junos 5.2.0
Juniper_networks sdx-300 3.1.0
Juniper_networks sdx-300 3.1.1
Secure_computing safeword_premieraccess 3.1.0
Apple mac_os_x 10.0.2
Oracle oracle9i_application_server
Apache_software_foundation apache 1.0.0
Apache_software_foundation apache 1.0.2
Apache_software_foundation apache 1.0.5
Apache_software_foundation apache 1.1.0
Apache_software_foundation apache 1.1.1
Novell netmail 3.10.0
Novell netmail 3.10.0 b
Novell netmail 3.10.0 a
Oracle oracle9i_application_server 1.0.2
Apple mac_os_x 10.1.2
Apple mac_os_x 10.1.1
Apple mac_os_x 10.0.4
Apache_software_foundation apache 2.0.36
Apache_software_foundation apache 2.0.35
Apache_software_foundation apache 2.0.28
Apple mac_os_x 10.1.3
Gentoo linux 1.4.0 _rc3
Gentoo linux 1.4.0 _rc2
Apache_software_foundation apache 2.0.38
Apache_software_foundation apache 2.0.37
Apache_software_foundation apache 1.3.25
Gentoo linux 0.5.0
Gentoo linux 0.7.0
Apache_software_foundation apache 1.3.4
Apache_software_foundation apache 1.3.26
Apache_software_foundation apache 1.2.0
Apache_software_foundation apache 1.3.23
Ibm linux_affinity_toolkit
Apache_software_foundation apache 1.3.7 -Dev
Novell netmail 3.10.0 c
Novell netmail 3.10.0 d
Apple mac_os_x 10.1.4
Apache_software_foundation apache 1.3.15
Apache_software_foundation apache 1.3.20
Oracle oracle9i_application_server 1.0.2 .2
Oracle oracle9i_application_server 1.0.2 .1s
Oracle oracle_http_server 9.0.1
Oracle oracle_http_server 9.2.0 .0
Apache_software_foundation apache 1.3.13
Apache_software_foundation apache 1.3.6
Apache_software_foundation apache 1.3.9
Apache_software_foundation apache 1.3.11
Apple mac_os_x_server 10.0.0
Apache_software_foundation apache 1.3.24
Apache_software_foundation apache 2.0.28 -BETA
Apache_software_foundation apache 2.0.34 -BETA
Apache_software_foundation apache 2.0.32 -BETA
Openssl_project openssl 0.9.7 Beta2
Apple mac_os_x 10.0.0
Oracle corporatetime_outlook_connector 3.1.0
Hp secure_os_software_for_linux 1.0.0
Openssl_project openssl 0.9.6 B
Hp virtualvault 4.6.0
Apache_software_foundation apache 2.0.32
Apache_software_foundation apache 1.3.12
Apache_software_foundation apache 2.0.0
Openssl_project openssl 0.9.1 C
Openssl_project openssl 0.9.2 B
Openssl_project openssl 0.9.3
Openssl_project openssl 0.9.5
Apache_software_foundation apache 2.0.39
Apache_software_foundation apache 1.3.16
Apache_software_foundation apache 1.3.18
Apache_software_foundation apache 1.3.22
Apple mac_os_x 10.2.0
Gentoo linux 1.2.0
Gentoo linux 1.4.0 _rc1
Gentoo linux 1.1.0 A
Hp tru64_unix_compaq_secure_web_server 5.8.1
Hp tru64_unix_internet_express 5.9.0
Hp internet_express_eak 2.0.0
Hp webproxy 1.0.0
Hp webproxy 2.0.0
Apple mac_os_x 10.0.1
Openssl_project openssl 0.9.7 Beta1
Apache_software_foundation apache 1.3.19
Openssl_project openssl 0.9.6 D
Openssl_project openssl 0.9.5 A
Openssl_project openssl 0.9.6 C
Apple mac_os_x 10.0.3
Openssl_project openssl 0.9.6

HTTP:OFFICESCAN-CGIRECVFILE - HTTP: Trend Micro OfficeScan Server cgiRecvFile Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in Trend Micro's OfficeScan. It is due to a boundary error when handling HTTP requests. An unauthenticated remote attacker can leverage this to inject and execute arbitrary code with System level privileges on the target system. In a successful code injection and execution attack, the behavior of the target is entirely dependent on the intended function of the injected code. In an unsuccessful attack, the CGI process initiated for the session terminates abnormally.

Supported On:

References:

bugtraq: 31139
cve: CVE-2008-2437

Affected Products:

Trend_micro client_server_messaging_security 3.6
Trend_micro officescan 7.0
Trend_micro officescan 7.3
Trend_micro officescan 8.0

HTTP:STC:DL:QT-SMIL-FILEHAND - HTTP: Apple QuickTime SMIL File Handling Integer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Apple QuickTime. A successful attack can lead to an integer overflow and arbitrary remote code execution within the context of the application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 24873
cve: CVE-2007-2394

Affected Products:

Apple quicktime_player 7.1.2
Apple quicktime_player 7.1
Apple quicktime_player 6.5.1
Apple quicktime_player 6.5.0
Apple quicktime_player 6.5.2
Apple quicktime_player 7.1.4
Apple quicktime_player 7.0.2
Apple quicktime_player 7.0.3
Apple quicktime_player 6.1.0
Apple quicktime_player 7.1.5
Apple quicktime_player 7.0.1
Apple quicktime_player 7.1.3
Apple quicktime_player 6
Apple quicktime_player 7.0.0
Apple quicktime_player 5.0.2
Apple quicktime_player 7.0.4
Apple quicktime_player 7.1.1

MS-RPC:DCE-RPC-ADVANTECH-RCE - MS-RPC: Advantech Webaccess webvrpcs Directory Traversal Remote Code Execution

Severity: HIGH

Description:

This signature detects attempt to exploit a directory traversal and remote code execution vulnerability exists in Advantech WebAccess software. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the remote service. Successful exploitation could lead to remote code execution on the target server with privileges of the application process.

Supported On:

References:

cve: CVE-2019-13552
bugtraq: 102424
cve: CVE-2017-16720

Affected Products:

Advantech webaccess 8.3.2

HTTP:STC:DL:MAL-WOFF - HTTP: Mozilla Firefox WOFF Font Processing Integer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known code execution vulnerability Mozilla Firefox. It is due to an integer overflow error in a font decompression routine within the Web Open Fonts Format (WOFF) decoder. This can be exploited by remote attackers to execute arbitrary code on the target machine by enticing a user to open a maliciously crafted WOFF file. In a successful attack the behavior of the target system depends entirely on the logic of the injected code, which runs within the security context of the currently logged in user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 38298
cve: CVE-2010-1028

Affected Products:

Mozilla firefox 3.6

HTTP:STC:DL:KINGVIEW-LOGFILE-BO - HTTP: WellinTech KingView KingMess Log File Parsing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the WellinTech KingView SCADA software. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2012-4711

Affected Products:

Wellintech kingview 6.55
Wellintech kingview 6.52
Wellintech kingview 6.53

DB:MYSQL:COMMANDS-BO - DB: Oracle MySQL Multiple Commands Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Oracle MySQL database server. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Supported On:

References:

url: http://www.oracle.com/us/products/mysql/index.html
cve: CVE-2012-5612
bugtraq: 56768

Affected Products:

Mariadb mariadb 5.5.28a
Oracle mysql 5.5.19

IMAP:IPSWITCH:SEARCH-DATE - IMAP: Ipswitch IMail Server IMAP SEARCH Command Date String Stack Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known a buffer overflow vulnerability in the way Ipswitch IMail Server handles IMAP requests. It is due to lack of boundary protection while processing IMAP SEARCH command. A remote authenticated attacker can exploit this to cause a denial-of-service condition or inject and execute arbitrary code on the system within the security context of the affected service, normally System. In a successful code injection attack, the behavior of the target is entirely dependent on the intended function of the injected code. It would execute within the security context of the affected service, normally System. In an unsuccessful code injection attack the affected server terminates and reset all established connection.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 24962
cve: CVE-2007-3925

Affected Products:

Ipswitch imail_server 2006

RPC:DCERPC:ARB-FILE-DEL - RPC: Advantech WebAccess webvrpcs Arbitrary File Deletion

Severity: HIGH

Description:

This signature detects attempts to exploit arbitrary file deletion vulnerability in Advantech WebAccess. Successful exploitation results in the deletion of arbitrary files from the target system.

Supported On:

References:

cve: CVE-2019-13552
cve: CVE-2018-7495

Affected Products:

Advantech webaccess/nms 2.0.3
Advantech webaccess 8.2_20170817
Advantech webaccess_dashboard 2.0.15
Advantech webaccess 8.3.0

APP:CA:ARCSRV:TAPE-ENGINE-DOS - APP: CA ARCserve Backup Tape Engine Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in CA BrightStor ARCserve Backup Tape Engine service. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, mx-16.1, srx-branch-19.2, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, srx-branch-19.1, vsrx-15.1, idp-4.1.110110609, srx-19.2

References:

cve: CVE-2008-4398
bugtraq: 31684
cve: CVE-2008-4399

Affected Products:

Computer_associates brightstor_arcserve_backup 11.5
Computer_associates brightstor_arcserve_backup_for_windows_(all) 11.1
Computer_associates brightstor_arcserve_backup r12.0 Windows
Computer_associates brightstor_arcserve_backup_for_windows_(all) 11.5.0
Computer_associates brightstor_arcserve_backup 11.1.0
Computer_associates server_protection_suite r2
Computer_associates business_protection_suite r2
Computer_associates business_protection_suite_for_microsoft_sbs_std_ed r2
Computer_associates business_protection_suite_for_microsoft_sbs_pre_ed r2
Computer_associates brightstor_arcserve_backup_for_windows 11.0.0
Computer_associates brightstor_enterprise_backup 10.5.0
Computer_associates brightstor_arcserve_backup r12

HTTP:STC:ADOBE:CVE-2018-12788CE - HTTP: Adobe Acrobat Reader CVE-2018-12788 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2018-12788

Affected Products:

Adobe acrobat_dc 17.011.30059
Adobe acrobat_reader_dc 15.006.30418
Adobe acrobat_reader_dc 17.011.30079
Adobe acrobat_dc 17.011.30066
Adobe acrobat_reader_dc 17.011.30080
Adobe acrobat_reader_dc 17.000.0000
Adobe acrobat_reader_dc 17.011.30078
Adobe acrobat_dc 17.012.20096
Adobe acrobat_reader_dc 15.006.30416
Adobe acrobat_reader_dc 18.011.20040
Adobe acrobat_dc 17.011.30080
Adobe acrobat_dc 15.006.30413
Adobe acrobat_dc 17.011.30070
Adobe acrobat_dc 17.011.30068
Adobe acrobat_dc 15.006.30416
Adobe acrobat_reader_dc 17.011.30068
Adobe acrobat_reader_dc 18.011.20038
Adobe acrobat_dc 15.006.30417
Adobe acrobat_reader_dc 15.006.30417
Adobe acrobat_dc 18.011.20040
Adobe acrobat_dc 15.006.30418
Adobe acrobat_reader_dc 17.011.30070
Adobe acrobat_dc 17.011.30065
Adobe acrobat_dc 17.011.30078
Adobe acrobat_dc 18.011.20038
Adobe acrobat_dc 17.000.0000
Adobe acrobat_dc 17.011.30079
Adobe acrobat_reader_dc 17.011.30065
Adobe acrobat_reader_dc 17.011.30059
Adobe acrobat_reader_dc 17.011.30066
Adobe acrobat_reader_dc 15.006.30119
Adobe acrobat_dc 17.012.20093
Adobe acrobat_reader_dc 15.006.30280
Adobe acrobat_dc 15.006.30392
Adobe acrobat_dc 15.006.30354
Adobe acrobat_dc 15.016.20045
Adobe acrobat_reader_dc 15.006.30394
Adobe acrobat_reader_dc 15.006.30306
Adobe acrobat_reader_dc 15.006.30352
Adobe acrobat_dc 15.006.30394
Adobe acrobat_dc 15.009.20077
Adobe acrobat_reader_dc 15.006.30392
Adobe acrobat_reader_dc 15.009.20071
Adobe acrobat_dc 15.006.30306
Adobe acrobat_dc 15.006.30119
Adobe acrobat_reader_dc 15.006.30060
Adobe acrobat_dc 15.006.30352
Adobe acrobat_reader_dc 15.006.30354
Adobe acrobat_reader_dc 15.020.20039
Adobe acrobat_reader_dc 18.009.20044
Adobe acrobat_dc 15.009.20071
Adobe acrobat_reader_dc 17.012.20095
Adobe acrobat_reader_dc 15.009.20077
Adobe acrobat_reader_dc 15.006.30096
Adobe acrobat_reader_dc 15.023.20053
Adobe acrobat_dc 15.006.30060
Adobe acrobat_dc 15.020.20039
Adobe acrobat_reader_dc 15.009.20079
Adobe acrobat_dc 15.023.20056
Adobe acrobat_dc 15.006.30096
Adobe acrobat_dc 15.009.20069
Adobe acrobat_dc 15.006.30094
Adobe acrobat_dc 18.009.20044
Adobe acrobat_dc 15.023.20053
Adobe acrobat_dc 15.009.20079
Adobe acrobat_dc 15.006.30244
Adobe acrobat_dc 15.010.20056
Adobe acrobat_reader_dc 15.006.30201
Adobe acrobat_reader_dc 15.006.30244
Adobe acrobat_reader_dc 15.010.20056
Adobe acrobat_reader_dc 17.012.20098
Adobe acrobat_reader_dc 15.017.20053
Adobe acrobat_reader_dc 15.006.30279
Adobe acrobat_dc 15.006.30172
Adobe acrobat_reader_dc 15.006.30174
Adobe acrobat_dc 17.012.20098
Adobe acrobat_dc 15.006.30174
Adobe acrobat_dc 15.023.20070
Adobe acrobat_reader_dc 15.006.30172
Adobe acrobat_reader_dc 15.023.20070
Adobe acrobat_reader_dc 15.010.20060
Adobe acrobat_dc 15.006.30279
Adobe acrobat_dc 17.009.20044
Adobe acrobat_dc 15.017.20053
Adobe acrobat_dc 15.010.20060
Adobe acrobat_dc 15.006.30355
Adobe acrobat_reader_dc 17.009.20044
Adobe acrobat_reader_dc 15.008.20082
Adobe acrobat_reader_dc 15.017.20050
Adobe acrobat_reader_dc 15.006.30355
Adobe acrobat_dc 15.008.20082
Adobe acrobat_reader_dc 15.006.30121
Adobe acrobat_reader_dc 15.006.30097
Adobe acrobat_reader_dc 15.016.20039
Adobe acrobat_reader_dc 15.006.30173
Adobe acrobat_dc 15.006.30097
Adobe acrobat_dc 15.006.30201
Adobe acrobat_reader_dc 15.023.20056
Adobe acrobat_reader_dc 15.020.20042
Adobe acrobat_dc 15.006.30121
Adobe acrobat_reader_dc 17.009.20058
Adobe acrobat_dc 15.016.20039
Adobe acrobat_reader_dc 15.006.30243
Adobe acrobat_dc 18.009.20050
Adobe acrobat_dc 15.006.30243
Adobe acrobat_reader_dc 15.009.20069
Adobe acrobat_dc 15.020.20042
Adobe acrobat_reader_dc 15.006.30198
Adobe acrobat_dc 17.009.20058
Adobe acrobat_reader_dc 18.009.20050
Adobe acrobat_reader_dc 15.006.30094
Adobe acrobat_reader_dc 15.010.20059
Adobe acrobat_dc 17.012.20095
Adobe acrobat_dc 15.006.30198
Adobe acrobat_dc 15.006.30173
Adobe acrobat_reader_dc 15.016.20045
Adobe acrobat_dc 15.010.20059
Adobe acrobat_dc 15.017.20050
Adobe acrobat_dc 15.016.20041
Adobe acrobat_dc 15.006.30280
Adobe acrobat_reader_dc 15.016.20041
Adobe acrobat_reader_dc 17.012.20093

APP:HPOV:NNMRPTCONG-TEMPL - APP: HP OpenView Network Node Manager nnmRptConfig.exe Template Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against HP OpenView Network Node Manager (NNM) CGI program nnmRptConfig.exe. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 37296
cve: CVE-2009-3848

Affected Products:

Hp openview_network_node_manager 7.53
Hp openview_network_node_manager 7.01
Hp openview_network_node_manager 7.50
Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.50.0 HP-UX 11.X
Hp openview_network_node_manager 7.50.0 Solaris
Hp openview_network_node_manager 7.50.0 Windows 2000/XP
Hp openview_network_node_manager 7.50.0 Linux
Hp openview_network_node_manager 7.50.0

HTTP:IIS:ISAPI-IDA-OVERFLOW - HTTP: IIS .ida ISAPI Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft ISAPI Indexing Service for IIS. Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier versions are vulnerable. Attackers can send a long argument to Internet Data Administration and Internet Data Query files to overflow the buffer in the ISAPI extension and execute arbitrary commands.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

url: https://www.kb.cert.org/vuls/id/952336
bugtraq: 2880
url: http://www.cert.org/advisories/CA-2001-13.html
url: http://research.eeye.com/html/advisories/published/AD20010618.html
url: http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx
cve: CVE-2001-0500

Affected Products:

Cisco uone_enterprise_edition
Cisco ics_7750
Cisco building_broadband_service_manager_(bbsm) 5.0.0
Cisco ics_firmware 1.0.0
Cisco ics_firmware 2.0.0
Cisco unity_server 3.1.0
Cisco unity_server 3.2.0
Cisco unity_server 3.3.0
Cisco ip/vc_3540_application_server
Microsoft index_server 2.0
Cisco building_broadband_service_manager_(bbsm) 5.2.0
Cisco unity_server 2.46.0
Cisco unity_server 3.0.0
Cisco call_manager 3.3.0 (3)
Cisco call_manager 4.0.0
Cisco collaboration_server
Cisco dynamic_content_adapter
Cisco media_blender
Cisco trailhead
Cisco call_manager 3.1.0 (2)
Cisco call_manager 3.3.0
Cisco call_manager
Cisco call_manager 3.2.0
Cisco building_broadband_service_manager_(bbsm) 5.1.0
Cisco building_broadband_service_manager_(bbsm) 4.5.0
Cisco building_broadband_service_manager_(bbsm) 4.4.0
Cisco unity_server
Cisco building_broadband_service_manager_(bbsm) 4.2.0
Cisco building_broadband_service_manager_(bbsm) 4.0.1
Cisco building_broadband_service_manager_(bbsm) 3.0.0
Cisco building_broadband_service_manager_(bbsm) 2.5.1
Cisco unity_server 4.0.0
Microsoft indexing_services_for_windows_2000
Cisco call_manager 3.0.0
Cisco call_manager 2.0.0
Cisco call_manager 1.0.0
Cisco unity_server 2.0.0
Cisco unity_server 2.1.0
Cisco unity_server 2.2.0
Cisco unity_server 2.3.0
Cisco unity_server 2.4.0
Cisco uone 3.0.0
Cisco uone 2.0.0
Cisco uone 4.0.0
Cisco uone 1.0.0
Cisco call_manager 3.1.0 (3a)
Cisco building_broadband_service_manager_(bbsm) 4.3.0
Cisco call_manager 3.1.0

APP:HPOV:NNM-SNMP-HOST - APP: HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in the HP OpenView Network Node Manager (NNM) CGI program snmpviewer.exe. It is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account. In a successful attack, the behavior of the target is dependent on the logic of the malicious code.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 37261
bugtraq: 37341
cve: CVE-2009-4177
cve: CVE-2009-4180

Affected Products:

Hp openview_network_node_manager 7.53
Hp openview_network_node_manager 7.01
Hp openview_network_node_manager 7.50
Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.50.0 HP-UX 11.X
Hp openview_network_node_manager 7.50.0 Solaris
Hp openview_network_node_manager 7.50.0 Windows 2000/XP
Hp openview_network_node_manager 7.50.0 Linux
Hp openview_network_node_manager 7.50.0

APP:HPOV:NNM-LOGIN-BOF - APP: HP OpenView Network Node Manager ovsessionmgr.exe Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against HP OpenView Network Node Manager (NNM). The vulnerability is due to a boundary error in ovsessionmgr.exe when processing the 'userid' and 'passwd' parameters sent in an HTTP POST request. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the SYSTEM user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behavior of the target is dependent on the logic of the malicious code.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 37330
bugtraq: 37295
cve: CVE-2009-3846
cve: CVE-2009-4176

Affected Products:

Hp openview_network_node_manager 7.53
Hp openview_network_node_manager 7.01
Hp openview_network_node_manager 7.50
Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.50.0 HP-UX 11.X
Hp openview_network_node_manager 7.50.0 Solaris
Hp openview_network_node_manager 7.50.0 Windows 2000/XP
Hp openview_network_node_manager 7.50.0 Linux
Hp openview_network_node_manager 7.50.0

APP:MISC:HICP-HOSTNAME - APP: IntelliCom NetBiter Config Utility Hostname Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in Intellicom NetBiter Config utility. It is due to a boundary error in "NetbiterConfig.exe" while parsing an overly long "hn" (Hostname) parameter. Remote unauthenticated attackers can exploit this by sending a crafted UDP packet to port 3250 on the target host. Once the packet is received a NetBiter Config console user must be enticed to open the received message. A successful attack allows for executing arbitrary code on the target with the privileges of the currently logged on user. In an unsuccessful attack, the service terminates abnormally.

Supported On:

References:

bugtraq: 37325
cve: CVE-2009-4462

Affected Products:

Intellicom_innovation netbiterconfig.exe 1.3.0

HTTP:OVERFLOW:OPENVIEW-NNM-BO - HTTP: HP OpenView Network Node Manager Buffer Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in the HP OpenView Network Node Manager (NNM). A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 34134
cve: CVE-2008-0067
bugtraq: 33147
cve: CVE-2009-0920
bugtraq: 34294
bugtraq: 26741
cve: CVE-2007-6204
cve: CVE-2009-0921
bugtraq: 37347
cve: CVE-2009-0921
cve: CVE-2009-4179
url: http://dvlabs.tippingpoint.com/advisory/TPTI-09-12
url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877

Affected Products:

Hp openview_network_node_manager 7.0.0.1
Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.53
Hp openview_network_node_manager 7.01
Hp openview_network_node_manager 7.0.0.1 Solaris
Hp openview_network_node_manager 7.0.0.1 HP-UX 11.X
Hp openview_network_node_manager 7.01(IA)
Hp openview_network_node_manager 7.0.0.1 Windows 2000/XP

HTTP:STC:IE:CVE-2014-0271-MC - HTTP: Microsoft Internet Explorer CVE-2014-0271 Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2014-0271
bugtraq: 65395

Affected Products:

Microsoft internet_explorer 7
Microsoft internet_explorer 6
Microsoft internet_explorer 11
Microsoft vbscript 5.8
Microsoft vbscript 5.7
Microsoft internet_explorer 10
Microsoft internet_explorer 9
Microsoft vbscript 5.6
Microsoft internet_explorer 8

DB:SYBASE:OPEN-SERVER-CE - DB: Sybase Open Server Function Pointer Array Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Sybase Open Server. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 48934

Affected Products:

Sybase mfc/dc 15.x
Sybase easerver 6.3.1
Sybase adaptive_server_enterprise 15.0.0
Sybase replication_server 15
Sybase easerver 6.2
Sybase easerver 6.0.2 Devel Edition
Sybase easerver 6.0
Sybase adaptive_server_enterprise 15.0.2 Linux
Sybase open_switch 15
Sybase adaptive_server_enterprise 15.0.2 Sun
Sybase adaptive_server_enterprise 15.0.3 ESD#1
Sybase open_switch
Sybase adaptive_server_enterprise 15.0.3
Sybase adaptive_server_enterprise 15.5
Sybase adaptive_server_enterprise 15.0.2
Sybase adaptive_server_enterprise 15.5 ESD#2
Sybase easerver 6.3.1 ESD#2
Sybase easerver 6.3.1 ESD#4
Sybase easerver 6.3
Sybase adaptive_server 15
Sybase ecda 15.0

HTTP:NNMRPTCONFIG-EXE-RCE - HTTP: HP OpenView Network Node Manager nnmRptConfig.exe schd_select1 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in HP OpenView Network Node Manager. It is due to insufficient validation of user-supplied input. A remote attacker can exploit this by enticing a target to open a malicious URL link. A successful attack can result in arbitrary command execution and buffer overflow.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.53

APP:HPOV:OID-OF - APP: HP OpenView NNM snmp.exe Long OID Parameter

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in the Hewlett Packard OpenView Network Node Manager (NNM). A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 37299
cve: CVE-2009-3849
url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379
bugtraq: 40068
cve: CVE-2010-1552

Affected Products:

Hp openview_network_node_manager 7.53
Hp openview_network_node_manager 7.01
Hp openview_network_node_manager 7.50
Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.50.0 HP-UX 11.X
Hp openview_network_node_manager 7.50.0 Solaris
Hp openview_network_node_manager 7.50.0 Windows 2000/XP
Hp openview_network_node_manager 7.50.0 Linux
Hp openview_network_node_manager 7.50.0

HTTP:CISCO:CSUSERCGI-BOF - HTTP: Cisco User-Changeable Password CSuserCGI.exe Buffer Overflow

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in Cisco User-Changeable Password. An attacker can create a malicious Web site containing Web pages with a large query to the CSuserCGI executable, which if accessed by a victim, allows the attacker to gain control of the victim's system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 28222
cve: CVE-2008-0532
cve: CVE-2008-0533

Affected Products:

Cisco user-changeable_password_(ucp)
Cisco user-changeable_password_(ucp) 3.3.4.12.5

APP:INGRES:DB-COMM-SVR-OF - APP: Ingress Database Communications Server Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Ingress Database Communications Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the servers.

Supported On:

References:

bugtraq: 24585
cve: CVE-2007-3334
cve: CVE-2007-3336
cve: CVE-2007-3338

Affected Products:

Computer_associates cleverpath_aion_bpm 10.1
Computer_associates unicenter_database_command_center 11.1
Computer_associates unicenter_enterprise_job_manager 1.0 SP3
Computer_associates unicenter_workload_control_center 1.0.SP4
Computer_associates unicenter_workload_control_center 1.0 SP4
Computer_associates advantage_data_transformer 2.2.0
Computer_associates brightstor_arcserve_backup 11.1.0
Computer_associates etrust_audit R8
Computer_associates brightstor_arcserve_backup 11.5
Computer_associates etrust_directory 8.1
Computer_associates brightstor_arcserve_backup_for_linux 9.0.0
Computer_associates brightstor_enterprise_backup_for_tru64 10.5.0
Computer_associates brightstor_enterprise_backup_for_hp 10.5.0
Computer_associates brightstor_enterprise_backup_for_aix 10.5.0
Computer_associates brightstor_enterprise_backup_for_solaris 10.5.0
Computer_associates brightstor_arcserve_backup_for_linux 11.1.0
Ingres_corporation ingres_database 3.0.3
Ingres_corporation ingres_database 2.5
Ingres_corporation ingres_database 2.6
Ingres_corporation ingres_database_2006
Computer_associates allfusion_enterprise_workbench 1.1
Computer_associates allfusion_enterprise_workbench 1.1 SP1
Computer_associates allfusion_enterprise_workbench 7
Computer_associates allfusion_enterprise_workbench 7.1
Computer_associates allfusion_harvest_change_manager 7
Computer_associates allfusion_harvest_change_manager 7.1
Computer_associates arcserve_backup_for_laptops_and_desktops 11.5
Computer_associates brightstor_storage_command_center 11.5
Computer_associates brightstor_storage_resource_manager 11.5
Computer_associates cleverpath_aion_bre 10.1
Computer_associates docserver 1.1
Computer_associates etrust_admin 8.1 SP1
Computer_associates etrust_iam_suite 8
Computer_associates etrust_iam_toolkit 8
Computer_associates etrust_iam_toolkit 8.1
Computer_associates etrust_identity_manager 8.1
Computer_associates etrust_network_forensics 8.1
Computer_associates etrust_single_sign-on 7
Computer_associates etrust_single_sign-on 8
Computer_associates etrust_single_sign-on 8.1
Computer_associates etrust_web_access_control 1.0
Computer_associates unicenter_advanced_systems_management 11
Computer_associates unicenter_asset_intelligence 11
Computer_associates unicenter_asset_management 11
Computer_associates unicenter_asset_portfolio_management 11.2.1
Computer_associates unicenter_asset_portfolio_management 11.3
Computer_associates ccs 11
Computer_associates unicenter_desktop_and_server_management 11
Computer_associates unicenter_desktop_management_suite 11
Computer_associates unicenter_enterprise_job_manager 1.0 SP4
Computer_associates unicenter_job_management_option 11.0
Computer_associates unicenter_lightweight_portal 2
Computer_associates unicenter_management_portal 3.1.1
Computer_associates unicenter_patch_management 11
Computer_associates unicenter_remote_control 11
Computer_associates unicenter_service_assure 11.1
Computer_associates unicenter_service_assure 11
Computer_associates unicenter_service_assure 2.2
Computer_associates unicenter_service_catalog 11
Computer_associates unicenter_service_delivery 11.1
Computer_associates unicenter_service_intelligence 11
Computer_associates unicenter_service_metric_analysis 11
Computer_associates unicenter_service_metric_analysis 11.1
Computer_associates unicenter_service_metric_analysis 3.0.2
Computer_associates unicenter_service_metric_analysis 3.5.0
Computer_associates unicenter_serviceplus_service_desk 5.5 SP3
Computer_associates unicenter_serviceplus_service_desk 6.0 SP1
Computer_associates unicenter_serviceplus_service_desk 11.1
Computer_associates unicenter_serviceplus_service_desk 11
Computer_associates unicenter_serviceplus_service_desk 11.2
Computer_associates unicenter_software_delivery 11
Computer_associates unicenter_tng 2.4.2J
Computer_associates unicenter_ca_web_services_distributed_management 3.5
Computer_associates wily_soa_manager 7.1
Computer_associates unicenter_ca_web_services_distributed_management 3.11
Computer_associates unicenter_tng 2.4.2
Computer_associates cleverpath_predictive_analysis_server 3.0.0
Computer_associates etrust_admin 8.0.0
Computer_associates etrust_admin 8.1.0
Computer_associates etrust_admin 8.1 SP2
Computer_associates unicenter_network_and_systems_management 3.0
Computer_associates unicenter_network_and_systems_management 3.1
Computer_associates unicenter_network_and_systems_management 11
Computer_associates unicenter_remote_control 6.0.0
Computer_associates unicenter_tng 2.2.0
Computer_associates unicenter_service_delivery 11.0.0
Computer_associates unicenter_asset_portfolio_management 11.0.0
Computer_associates etrust_secure_content_manager 8.0.0
Computer_associates unicenter_serviceplus_service_desk 6.0.0

SMTP:MAL:LOTUS-MIF-VIEWER - SMTP: IBM Lotus Notes MIF Attachment Viewer Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the IBM Lotus Notes MIF Attachment Viewer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 26175

Affected Products:

Symantec mail_security_appliance 5.0.0
Activepdf docconverter 3.8.2.5
Symantec mail_security_for_microsoft_exchange 5.0.0
Ibm lotus_notes 7.0.2
Symantec mail_security_for_smtp 5.0
Symantec mail_security_for_domino 7.5.0.19
Symantec mail_security_for_microsoft_exchange 5.0.7.373
Symantec mail_security_appliance 5.0.0.24
Autonomy keyview_export_sdk 7
Autonomy keyview_export_sdk 8
Autonomy keyview_export_sdk 9
Autonomy keyview_filter_sdk 9
Autonomy keyview_filter_sdk 8
Autonomy keyview_filter_sdk 7
Autonomy keyview_viewer_sdk 7
Autonomy keyview_viewer_sdk 8
Autonomy keyview_viewer_sdk 9
Symantec mail_security_for_microsoft_exchange 5.0.0.024
Symantec mail_security_for_smtp 5.0.1
Symantec mail_security_for_domino 7.5
Symantec mail_security_for_microsoft_exchange 5.0.6.368

HTTP:PROXY:SQUID-DOS - HTTP: Squid Proxy Processing Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Squid proxy. A successful attack can result in a denial-of-service condition.

Supported On:

References:

cve: CVE-2016-2569

Affected Products:

Squid-cache squid 3.4.3
Squid-cache squid 3.2.0.5
Squid-cache squid 3.1.0.17
Squid-cache squid 3.2.0.15
Squid-cache squid 3.2.0.3
Squid-cache squid 3.0.stable19
Squid-cache squid 4.0.6
Squid-cache squid 3.3.2
Squid-cache squid 3.2.0.1
Squid-cache squid 4.0.4
Squid-cache squid 3.1.3
Squid-cache squid 3.4.9
Squid-cache squid 3.4.12
Squid-cache squid 4.0.2
Squid-cache squid 3.2.0.13
Squid-cache squid 3.1.0.7
Squid-cache squid 3.3.9
Squid-cache squid 3.1
Squid-cache squid 3.1.1
Squid-cache squid 3.1.0.2
Squid-cache squid 3.2.0.9
Squid-cache squid 3.1.0.3
Squid-cache squid 3.1.0.4
Squid-cache squid 3.1.15
Squid-cache squid 3.2.3
Squid-cache squid 3.1.0.16
Squid-cache squid 3.2.1
Squid-cache squid 3.2.7
Squid-cache squid 3.1.0.9
Squid-cache squid 3.2.5
Squid-cache squid 3.0.stable8
Squid-cache squid 3.0.stable20
Squid-cache squid 3.2.9
Squid-cache squid 3.1.11
Squid-cache squid 3.0.stable22
Squid-cache squid 3.3.3
Squid-cache squid 3.2.0.17
Squid-cache squid 3.3.0.3
Squid-cache squid 3.0.stable24
Squid-cache squid 3.5.0.2
Squid-cache squid 3.0.stable14
Squid-cache squid 3.2.0.19
Squid-cache squid 3.4.4
Squid-cache squid 3.5.0.4
Squid-cache squid 3.0.stable16
Squid-cache squid 3.4.0.1
Squid-cache squid 3.0.stable2
Squid-cache squid 3.2.0.10
Squid-cache squid 3.4.0.3
Squid-cache squid 3.1.0.10
Squid-cache squid 3.3.12
Squid-cache squid 3.2.0.18
Squid-cache squid 3.2.0.6
Squid-cache squid 3.0.stable12
Squid-cache squid 3.1.10
Squid-cache squid 3.3.4
Squid-cache squid 3.3.10
Squid-cache squid 3.4.2
Squid-cache squid 3.2.0.4
Squid-cache squid 3.1.12
Squid-cache squid 3.1.0.14
Squid-cache squid 3.2.0.14
Squid-cache squid 3.2.0.2
Squid-cache squid 3.2.0.11
Squid-cache squid 3.3.0
Squid-cache squid 3.1.14
Squid-cache squid 3.2.0.16
Squid-cache squid 3.0.stable18
Squid-cache squid 3.4.11
Squid-cache squid 4.0.5
Squid-cache squid 3.1.0.18
Squid-cache squid 3.1.9
Squid-cache squid 3.4.8
Squid-cache squid 3.1.5
Squid-cache squid 4.0.3
Squid-cache squid 3.2.0.12
Squid-cache squid 3.4.13
Squid-cache squid 3.4.1
Squid-cache squid 4.0.1
Squid-cache squid 3.4.0.2
Squid-cache squid 3.0
Squid-cache squid 3.1.0.6
Squid-cache squid 3.3.8
Squid-cache squid 3.3.7
Squid-cache squid 3.1.0.8
Squid-cache squid 3.2.0.8
Squid-cache squid 3.1.4
Squid-cache squid 3.0.stable10
Squid-cache squid 3.2.2
Squid-cache squid 3.1.2
Squid-cache squid 3.3.13
Squid-cache squid 3.2.13
Squid-cache squid 3.3.6
Squid-cache squid 3.2.6
Squid-cache squid 3.4.10
Squid-cache squid 3.5.1
Squid-cache squid 3.2.4
Squid-cache squid 3.1.8
Squid-cache squid 3.0.stable4
Squid-cache squid 3.0.stable9
Squid-cache squid 3.1.5.1
Squid-cache squid 3.3.5
Squid-cache squid 3.2.8
Squid-cache squid 3.2.11
Squid-cache squid 3.1.6
Squid-cache squid 3.0.stable21
Squid-cache squid 3.5.0.1
Squid-cache squid 3.3.11
Squid-cache squid 3.0.stable23
Squid-cache squid 3.5.0.3
Squid-cache squid 3.0.stable15
Squid-cache squid 3.1.0.5
Squid-cache squid 3.0.stable1
Squid-cache squid 3.1.0.12
Squid-cache squid 3.0.stable25
Squid-cache squid 3.0.stable17
Squid-cache squid 3.2.10
Squid-cache squid 3.1.0.1
Squid-cache squid 3.0.stable3
Squid-cache squid 3.0.stable11
Squid-cache squid 3.2.12
Squid-cache squid 3.1.0.11
Squid-cache squid 3.0.stable6
Squid-cache squid 3.0.stable5
Squid-cache squid 3.0.stable13
Squid-cache squid 3.3.1
Squid-cache squid 3.1.0.13
Squid-cache squid 3.0.stable7
Squid-cache squid 3.3.0.2
Squid-cache squid 3.1.7
Squid-cache squid 3.2.0.7
Squid-cache squid 3.1.13
Squid-cache squid 3.1.0.15

IMAP:OVERFLOW:MAILENABLE-OF-3 - IMAP: MailEnable IMAP Overflow (3)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in MailEnable IMAP Service. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

url: http://aluigi.altervista.org/adv/maildisable-adv.txt
cve: CVE-2008-1358

Affected Products:

Altn mdaemon 9.6.4

APP:HPOV:OPE-AGENT-CODA-BO - APP: HP Operations Agent Opcode coda.exe Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the HP Operations Agent. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2012-2019
cve: CVE-2012-2020
bugtraq: 54362

Affected Products:

Hp operations_agent 11.03
Hp operations_agent 11.01
Hp operations_agent 11.0
Hp performance_agent 5.0
Hp operations_agent 8.60

HTTP:STC:SCRIPT:EVAL-OBFUSC - HTTP: Javascript eval Obfuscation Technique

Severity: HIGH

Description:

This signature detects scripts obfuscated (made unclear) with JavaScript. This is a technique commonly used by malicious Web sites to hide the malicious nature of the Web pages being downloaded by a user. A successful attack allows the Web page creator to take control of the victim's system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

APP:HPOV:OVTRACE - APP: Hewlett-Packard OpenView OVTrace Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Hewlett-Packard OpenView. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the super user.

Supported On:

References:

bugtraq: 25255
url: http://www.securityfocus.com/advisories/12961
cve: CVE-2007-3872

Affected Products:

Hp service_desk_process_insight 2.10
Hp service_desk_process_insight 2.0
Hp service_desk_process_insight 1.0
Hp service_desk_process_insight 1.10
Hp openview_dashboard 2.01
Hp openview_performance_insight 5.0
Hp openview_performance_insight 5.1
Hp openview_performance_insight 5.1.1
Hp openview_performance_insight 5.1.2
Hp openview_performance_insight 5.2
Hp openview_network_node_manager 6.41
Hp openview_business_process_insight 2.10
Hp openview_operations 8.1
Hp openview_network_node_manager 7.01
Hp openview_network_node_manager 7.50
Hp openview_network_node_manager 7.51
Hp openview_internet_services 6.00
Hp openview_internet_services 6.10
Hp openview_internet_services 6.11 (Japanese)
Hp openview_internet_services 6.20
Hp openview_performance_manager 5.0
Hp openview_performance_manager 6.0
Hp openview_performance_agent 4.5
Hp openview_performance_agent 4.6
Hp openview_reporter 3.7
Hp openview_operations_manager_for_windows 7.5
Hp openview_quality_manager 1.2 SP1
Hp openview_quality_manager 1.3
Hp openview_quality_manager 1.40
Hp openview_business_process_insight 1.0
Hp openview_business_process_insight 1.1
Hp openview_business_process_insight 2.0
Hp openview_operations 8.0
Hp business_process_insight 2.10
Hp business_process_insight 2.0
Hp business_process_insight 1.1
Hp business_process_insight 1.0
Hp openview_service_desk_process_insight 1.0
Hp openview_service_desk_process_insight 1.1
Hp openview_service_desk_process_insight 2.0
Hp openview_service_desk_process_insight 2.10

HTTP:STC:ADOBE:CVE-2018-5067-ID - HTTP: Adobe Acrobat Pro CVE-2018-5067 Information Disclosure

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Pro. A successful attack can lead to Information Disclosure.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2018-5067
cve: CVE-2018-5043

Affected Products:

Adobe acrobat_dc 17.011.30059
Adobe acrobat_reader_dc 15.006.30418
Adobe acrobat_reader_dc 17.011.30079
Adobe acrobat_dc 17.011.30066
Adobe acrobat_reader_dc 17.011.30080
Adobe acrobat_reader_dc 17.000.0000
Adobe acrobat_reader_dc 17.011.30078
Adobe acrobat_dc 17.012.20096
Adobe acrobat_reader_dc 15.006.30416
Adobe acrobat_reader_dc 18.011.20040
Adobe acrobat_dc 17.011.30080
Adobe acrobat_dc 15.006.30413
Adobe acrobat_dc 17.011.30070
Adobe acrobat_dc 17.011.30068
Adobe acrobat_dc 15.006.30416
Adobe acrobat_reader_dc 17.011.30068
Adobe acrobat_reader_dc 18.011.20038
Adobe acrobat_dc 15.006.30417
Adobe acrobat_reader_dc 15.006.30417
Adobe acrobat_dc 18.011.20040
Adobe acrobat_dc 15.006.30418
Adobe acrobat_reader_dc 17.011.30070
Adobe acrobat_dc 17.011.30065
Adobe acrobat_dc 17.011.30078
Adobe acrobat_dc 18.011.20038
Adobe acrobat_dc 17.000.0000
Adobe acrobat_dc 17.011.30079
Adobe acrobat_reader_dc 17.011.30065
Adobe acrobat_reader_dc 17.011.30059
Adobe acrobat_reader_dc 17.011.30066
Adobe acrobat_reader_dc 15.006.30119
Adobe acrobat_dc 17.012.20093
Adobe acrobat_reader_dc 15.006.30280
Adobe acrobat_dc 15.006.30392
Adobe acrobat_dc 15.006.30354
Adobe acrobat_dc 15.016.20045
Adobe acrobat_reader_dc 15.006.30394
Adobe acrobat_reader_dc 15.006.30306
Adobe acrobat_reader_dc 15.006.30352
Adobe acrobat_dc 15.006.30394
Adobe acrobat_dc 15.009.20077
Adobe acrobat_reader_dc 15.006.30392
Adobe acrobat_reader_dc 15.009.20071
Adobe acrobat_dc 15.006.30306
Adobe acrobat_dc 15.006.30119
Adobe acrobat_reader_dc 15.006.30060
Adobe acrobat_dc 15.006.30352
Adobe acrobat_reader_dc 15.006.30354
Adobe acrobat_reader_dc 15.020.20039
Adobe acrobat_reader_dc 18.009.20044
Adobe acrobat_dc 15.009.20071
Adobe acrobat_reader_dc 17.012.20095
Adobe acrobat_reader_dc 15.009.20077
Adobe acrobat_reader_dc 15.006.30096
Adobe acrobat_reader_dc 15.023.20053
Adobe acrobat_dc 15.006.30060
Adobe acrobat_dc 15.020.20039
Adobe acrobat_reader_dc 15.009.20079
Adobe acrobat_dc 15.023.20056
Adobe acrobat_dc 15.006.30096
Adobe acrobat_dc 15.009.20069
Adobe acrobat_dc 15.006.30094
Adobe acrobat_dc 18.009.20044
Adobe acrobat_dc 15.023.20053
Adobe acrobat_dc 15.009.20079
Adobe acrobat_dc 15.006.30244
Adobe acrobat_dc 15.010.20056
Adobe acrobat_reader_dc 15.006.30201
Adobe acrobat_reader_dc 15.006.30244
Adobe acrobat_reader_dc 15.010.20056
Adobe acrobat_reader_dc 17.012.20098
Adobe acrobat_reader_dc 15.017.20053
Adobe acrobat_reader_dc 15.006.30279
Adobe acrobat_dc 15.006.30172
Adobe acrobat_reader_dc 15.006.30174
Adobe acrobat_dc 17.012.20098
Adobe acrobat_dc 15.006.30174
Adobe acrobat_dc 15.023.20070
Adobe acrobat_reader_dc 15.006.30172
Adobe acrobat_reader_dc 15.023.20070
Adobe acrobat_reader_dc 15.010.20060
Adobe acrobat_dc 15.006.30279
Adobe acrobat_dc 17.009.20044
Adobe acrobat_dc 15.017.20053
Adobe acrobat_dc 15.010.20060
Adobe acrobat_dc 15.006.30355
Adobe acrobat_reader_dc 17.009.20044
Adobe acrobat_reader_dc 15.008.20082
Adobe acrobat_reader_dc 15.017.20050
Adobe acrobat_reader_dc 15.006.30355
Adobe acrobat_dc 15.008.20082
Adobe acrobat_reader_dc 15.006.30121
Adobe acrobat_reader_dc 15.006.30097
Adobe acrobat_reader_dc 15.016.20039
Adobe acrobat_reader_dc 15.006.30173
Adobe acrobat_dc 15.006.30097
Adobe acrobat_dc 15.006.30201
Adobe acrobat_reader_dc 15.023.20056
Adobe acrobat_reader_dc 15.020.20042
Adobe acrobat_dc 15.006.30121
Adobe acrobat_reader_dc 17.009.20058
Adobe acrobat_dc 15.016.20039
Adobe acrobat_reader_dc 15.006.30243
Adobe acrobat_dc 18.009.20050
Adobe acrobat_dc 15.006.30243
Adobe acrobat_reader_dc 15.009.20069
Adobe acrobat_dc 15.020.20042
Adobe acrobat_reader_dc 15.006.30198
Adobe acrobat_dc 17.009.20058
Adobe acrobat_reader_dc 18.009.20050
Adobe acrobat_reader_dc 15.006.30094
Adobe acrobat_reader_dc 15.010.20059
Adobe acrobat_dc 17.012.20095
Adobe acrobat_dc 15.006.30198
Adobe acrobat_dc 15.006.30173
Adobe acrobat_reader_dc 15.016.20045
Adobe acrobat_dc 15.010.20059
Adobe acrobat_dc 15.017.20050
Adobe acrobat_dc 15.016.20041
Adobe acrobat_dc 15.006.30280
Adobe acrobat_reader_dc 15.016.20041
Adobe acrobat_reader_dc 17.012.20093

HTTP:CGI:NAGIOS-CORE-DOS - HTTP: Nagios core CGI Process_cgivars Off-By-One

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Nagios core. The problem is caused by improper boundary check when validating the parameters passed to the application. A remote authenticated attacker could exploit this vulnerability by sending a request with a crafted long parameter value. Successful exploitation could result in the CGI crash.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 64363
cve: CVE-2013-7108

Affected Products:

Icinga icinga 1.9.0
Icinga icinga 1.2.1
Nagios nagios 3.0 (rc2)
Nagios nagios 3.0.5
Icinga icinga 1.8.3
Icinga icinga 1.2.0
Icinga icinga 1.7.4
Icinga icinga 0.8.4
Nagios nagios 3.0 (beta2)
Icinga icinga 1.9.3
Nagios nagios 3.0.1
Icinga icinga 1.3.1
Icinga icinga 1.9.2
Icinga icinga 1.7.2
Icinga icinga up to 1.8.4
Icinga icinga 1.7.3
Icinga icinga 1.0.1
Nagios nagios 3.0 (beta3)
Nagios nagios 3.0 (alpha3)
Icinga icinga 1.7.0
Icinga icinga 0.8.0
Nagios nagios up to 4.0.2
Nagios nagios 3.3.1
Icinga icinga 1.0 (rc1)
Nagios nagios 3.0 (beta1)
Icinga icinga 1.0.3
Icinga icinga 0.8.1
Nagios nagios 3.0 (alpha1)
Icinga icinga 1.9.1
Nagios nagios 3.4.3
Icinga icinga 1.0.2
Icinga icinga 0.8.2
Nagios nagios 3.5.1
Icinga icinga 1.7.1
Nagios nagios 3.4.2
Icinga icinga 1.8.1
Icinga icinga 0.8.3
Nagios nagios 3.0 (alpha2)
Nagios nagios 3.2.1
Nagios nagios 3.4.1
Icinga icinga 1.4.1
Nagios nagios 3.0 (alpha4)
Nagios nagios 3.2.0
Nagios nagios 3.0 (rc3)
Icinga icinga 1.6.0
Nagios nagios 3.0 (beta6)
Icinga icinga 1.4.0
Nagios nagios 3.2.3
Nagios nagios 3.1.2
Nagios nagios 3.2.2
Icinga icinga 1.10.1
Nagios nagios 3.0 (beta7)
Icinga icinga 1.8.0
Nagios nagios 3.0.6
Nagios nagios 3.0 (alpha5)
Icinga icinga 1.10.0
Icinga icinga 1.6.1
Nagios nagios 3.1.0
Icinga icinga 1.6.2
Nagios nagios 3.0.4
Nagios nagios 3.4.0
Icinga icinga 1.3.0
Nagios nagios 3.0 (beta5)
Nagios nagios 3.0.3
Icinga icinga 1.8.2
Nagios nagios 3.0 (rc1)
Nagios nagios 3.0 (beta4)
Nagios nagios 3.1.1
Nagios nagios 3.0.2

SCADA:ABB-MICROSCADA-BOF - APP: ABB MicroSCADA Wserver Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the ABB MicroSCADA Wserver. The vulnerabilities are because user controlled data is copied to stack-based buffers without verification of the size. It may enable arbitrary code execution. A remote unauthenticated attacker can exploit this vulnerability by sending requests with a malicious parameter to the vulnerable service. Successful exploitation could lead to arbitrary code execution in the context of the Wserver process.

Supported On:

DB:ORACLE:XDB-DROPMETADATA - DB: Oracle Database Server XDB PITRIG_DROPMETADATA Procedure Buffer Overflow

Severity: HIGH

Description:

There exists a buffer overflow vulnerability in Oracle Database Server product. The vulnerability exists due to insufficient validation of the arguments supplied to procedure PITRIG_DROPMETADATA in XDB.XDB_PITRIG_PKG package. A remote attacker with valid user credentials may leverage this vulnerability to execute arbitrary code within the security context of the affected service. In case the attack is aiming at a denial of service attack, the vulnerable Oracle database server process will terminate, and the database service will no longer be available until it is restarted. It is also possible that the database data will be corrupted during the database server termination. In case the attacker has successfully injected and executed malicious code on the vulnerable target host, the behaviour of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the Oracle database server process. On Windows systems, the Oracle database server process runs as the System user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 26374
cve: CVE-2007-4517
bugtraq: 26374

Affected Products:

Oracle oracle10g_enterprise_edition 10.2.0 .3
Oracle oracle10g_standard_edition 10.2.0 .3
Oracle oracle10g_personal_edition 10.2.0 .3
Oracle oracle10g_standard_edition 10.2.0.1
Oracle oracle10g_standard_edition 10.2.0 .2
Oracle oracle10g_personal_edition 10.2.0 .2
Oracle oracle10g_personal_edition 10.2.0 .1
Oracle oracle10g_enterprise_edition 10.2.0 .1
Oracle oracle10g_enterprise_edition 10.2.0 .2

HTTP:PROXY:SQUID-ESI-BO - HTTP: Squid Proxy ESI Component Stack Buffer Overflow

Severity: HIGH

Description:

A stack-based buffer overflow vulnerability has been reported in the Edge Side Includes (ESI) component of the Squid proxy. Successful exploitation allows the attacker to execute arbitrary code on the target under context of the service.

Supported On:

References:

cve: CVE-2016-4054

Affected Products:

Squid-cache squid 3.4.3
Squid-cache squid 3.1.22
Squid-cache squid 3.2.0.5
Squid-cache squid 3.3.1
Squid-cache squid 3.2.0.15
Squid-cache squid 3.2.0.3
Squid-cache squid 4.0.6
Squid-cache squid 3.1.0.10
Squid-cache squid 3.1.12.2
Squid-cache squid 3.3.2
Canonical ubuntu_linux 12.04
Squid-cache squid 3.2.0.1
Squid-cache squid 3.1.19
Squid-cache squid 4.0.4
Squid-cache squid 3.4.14
Squid-cache squid 3.4.9
Squid-cache squid 3.1.0.15
Squid-cache squid 3.4.12
Squid-cache squid 4.0.2
Squid-cache squid 3.4.10
Squid-cache squid 3.2.0.13
Squid-cache squid 3.1.0.7
Squid-cache squid 3.3.9
Squid-cache squid 3.2.12
Squid-cache squid 3.1.0.17
Squid-cache squid 3.1.0.1
Squid-cache squid 3.1.2
Squid-cache squid 3.5.8
Squid-cache squid 3.2.0.9
Squid-cache squid 3.1.3
Squid-cache squid 3.2.0.17
Squid-cache squid 3.2.3
Squid-cache squid 3.1.0.16
Squid-cache squid 3.2.1
Squid-cache squid 4.0.8
Squid-cache squid 3.2.7
Squid-cache squid 3.1.0.9
Canonical ubuntu_linux 14.04
Squid-cache squid 3.4.0.3
Squid-cache squid 3.2.5
Squid-cache squid 3.5.2
Squid-cache squid 3.5.11
Squid-cache squid 3.5.4
Squid-cache squid 3.2.9
Squid-cache squid 3.5.13
Squid-cache squid 3.4.4.1
Squid-cache squid 3.5.6
Squid-cache squid 3.5.15
Squid-cache squid 3.1.5
Squid-cache squid 3.5.0.2
Squid-cache squid 3.2.0.19
Squid-cache squid 3.4.4
Squid-cache squid 3.5.0.4
Squid-cache squid 3.2.11
Squid-cache squid 3.3.14
Squid-cache squid 3.4.8
Squid-cache squid 3.1.16
Squid-cache squid 3.3.6
Squid-cache squid 3.3.12
Squid-cache squid 3.2.0.18
Squid-cache squid 3.2.0.6
Squid-cache squid 3.1.10
Squid-cache squid 3.1.0.12
Squid-cache squid 3.1.14
Squid-cache squid 3.3.10
Squid-cache squid 3.4.2
Squid-cache squid 3.1.21
Squid-cache squid 3.2.0.4
Squid-cache squid 3.1.12
Squid-cache squid 3.1.0.14
Squid-cache squid 3.2.0.14
Squid-cache squid 3.2.0.2
Squid-cache squid 3.2.0.11
Squid-cache squid 3.2.10
Squid-cache squid 4.0.7
Squid-cache squid 3.3.0
Squid-cache squid 3.4.0.1
Squid-cache squid 3.2.0.16
Squid-cache squid 3.4.11
Squid-cache squid 4.0.5
Squid-cache squid 3.1.0.18
Squid-cache squid 3.1.9
Squid-cache squid 3.2.0.10
Squid-cache squid 3.1.0.5
Squid-cache squid 4.0.3
Squid-cache squid 3.1.12.1
Squid-cache squid 3.1
Squid-cache squid 3.2.0.12
Squid-cache squid 4.0.1
Squid-cache squid 3.1.17
Squid-cache squid 3.0
Canonical ubuntu_linux 16.04
Canonical ubuntu_linux 15.10
Squid-cache squid 3.1.6
Squid-cache squid 3.3.8
Squid-cache squid 3.3.7
Squid-cache squid 3.1.0.8
Squid-cache squid 3.5.9
Squid-cache squid 3.2.0.8
Squid-cache squid 3.1.0.4
Squid-cache squid 3.1.4
Squid-cache squid 3.1.0.3
Squid-cache squid 3.2.2
Squid-cache squid 3.1.0.2
Squid-cache squid 3.2.13
Oracle linux 6.0
Squid-cache squid 3.2.6
Squid-cache squid 3.1.5.1
Squid-cache squid 3.1.7
Squid-cache squid 3.1.12.3
Squid-cache squid 3.5.1
Squid-cache squid 3.2.4
Squid-cache squid 3.1.8
Squid-cache squid 3.3.0.3
Squid-cache squid 3.5.3
Squid-cache squid 3.4.13
Squid-cache squid 3.1.0.13
Squid-cache squid 3.5.5
Squid-cache squid 3.2.8
Squid-cache squid 3.5.10
Squid-cache squid 3.1.0.6
Squid-cache squid 3.5.0.1
Squid-cache squid 3.5.7
Squid-cache squid 3.5.12
Squid-cache squid 3.4.4.2
Squid-cache squid 3.4.1
Squid-cache squid 3.5.0.3
Squid-cache squid 3.5.14
Oracle linux 7.0
Squid-cache squid 3.3.4
Squid-cache squid 3.1.18
Squid-cache squid 3.1.15
Squid-cache squid 3.5.16
Squid-cache squid 3.1.1
Squid-cache squid 3.4.0.2
Squid-cache squid 3.1.0.11
Squid-cache squid 3.3.13
Squid-cache squid 3.3.0.1
Squid-cache squid 3.1.11
Squid-cache squid 3.3.5
Squid-cache squid 3.3.11
Squid-cache squid 3.3.0.2
Squid-cache squid 3.1.20
Squid-cache squid 3.2.0.7
Squid-cache squid 3.1.13
Squid-cache squid 3.3.3

HTTP:STC:ADOBE:CVE-2017-11227CE - HTTP: Adobe Acrobate Reader CVE-2017-11227 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobate reader. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2017-11227
bugtraq: 100179

Affected Products:

Adobe acrobat 11.0.7
Adobe reader 11.0.07
Adobe acrobat_dc 15.006.30280
Adobe acrobat_dc 15.016.20041
Adobe reader 11.0.10
Adobe acrobat_reader_dc 15.016.20041
Adobe acrobat_reader_dc 17.000.0000
Adobe acrobat 11.0.5
Adobe reader 11.0.01
Adobe acrobat 17.011.30065
Adobe reader 11.0.16
Adobe acrobat_dc 15.017.20050
Adobe acrobat 11.0.18
Adobe reader 11.0.03
Adobe acrobat_reader_dc 15.017.20050
Adobe reader 11.0.14
Adobe acrobat 11.0.9
Adobe acrobat_dc 15.006.30198
Adobe acrobat_dc 17.000.0000
Adobe acrobat_reader_dc 15.010.20059
Adobe reader 11.0.18
Adobe acrobat_dc 15.009.20069
Adobe acrobat_dc 17.009.20058
Adobe acrobat_reader 17.011.30066
Adobe acrobat_reader_dc 15.006.30198
Adobe acrobat 11.0.10
Adobe acrobat_dc 15.020.20042
Adobe acrobat_reader_dc 15.009.20069
Adobe acrobat 11.0.12
Adobe acrobat_dc 15.006.30243
Adobe acrobat 11.0.14
Adobe acrobat_reader_dc 15.006.30243
Adobe acrobat_dc 15.016.20039
Adobe acrobat_reader_dc 17.009.20058
Adobe reader 11.0.0
Adobe acrobat_reader_dc 15.020.20042
Adobe acrobat_reader_dc 15.006.30201
Adobe acrobat_dc 15.023.20056
Adobe acrobat_dc 15.006.30097
Adobe acrobat_reader_dc 15.006.30173
Adobe acrobat_reader_dc 15.016.20039
Adobe acrobat_reader_dc 15.006.30097
Adobe acrobat_reader_dc 15.006.30121
Adobe acrobat_dc 15.008.20082
Adobe acrobat_dc 15.006.30173
Adobe acrobat_reader_dc 15.008.20082
Adobe acrobat_dc 15.010.20056
Adobe acrobat 17.011.30059
Adobe reader 11.0.08
Adobe acrobat_reader_dc 17.009.20044
Adobe acrobat_dc 15.010.20059
Adobe acrobat_dc 15.010.20060
Adobe reader 11.0.04
Adobe acrobat 11.0.16
Adobe reader 11.0.13
Adobe acrobat 11.0.0
Adobe reader 11.0.06
Adobe reader 11.0.11
Adobe acrobat_dc 15.017.20053
Adobe acrobat_dc 17.009.20044
Adobe acrobat 11.0.6
Adobe acrobat_dc 15.006.30279
Adobe acrobat_reader_dc 15.010.20060
Adobe reader 11.0.17
Adobe acrobat_reader_dc 15.023.20070
Adobe acrobat_reader_dc 15.006.30172
Adobe acrobat 11.0.19
Adobe acrobat 11.0.4
Adobe reader 11.0.02
Adobe acrobat_dc 15.023.20070
Adobe acrobat_dc 15.006.30174
Adobe acrobat 17.011.30066
Adobe reader 11.0.15
Adobe acrobat_reader_dc 15.006.30174
Adobe acrobat_dc 15.006.30172
Adobe acrobat_reader_dc 15.006.30279
Adobe acrobat 11.0.8
Adobe acrobat_reader_dc 15.017.20053
Adobe acrobat_reader 17.011.30065
Adobe reader 11.0.19
Adobe acrobat 11.0.11
Adobe acrobat_reader_dc 15.016.20045
Adobe acrobat_reader_dc 15.010.20056
Adobe acrobat 11.0.13
Adobe acrobat_reader_dc 15.006.30244
Adobe acrobat 11.0.15
Adobe acrobat_reader_dc 15.023.20056
Adobe acrobat 11.0.17
Adobe acrobat_dc 15.006.30244
Adobe acrobat_dc 15.009.20079
Adobe acrobat_dc 15.023.20053
Adobe acrobat_dc 15.006.30094
Adobe acrobat 11.0.2
Adobe acrobat_dc 15.006.30096
Adobe acrobat_dc 15.006.30201
Adobe acrobat_dc 15.006.30121
Adobe acrobat_reader_dc 15.009.20079
Adobe acrobat_dc 15.020.20039
Adobe acrobat_dc 15.006.30060
Adobe acrobat_reader_dc 15.023.20053
Adobe acrobat_reader_dc 15.006.30096
Adobe acrobat_reader_dc 15.009.20077
Adobe acrobat 11.0.1
Adobe acrobat_dc 15.009.20071
Adobe acrobat_reader_dc 15.006.30094
Adobe acrobat_reader_dc 15.020.20039
Adobe acrobat 17.011.30056
Adobe acrobat_reader_dc 15.006.30060
Adobe acrobat_dc 15.006.30119
Adobe acrobat_dc 15.006.30306
Adobe acrobat_reader_dc 15.009.20071
Adobe reader 11.0.09
Adobe acrobat_dc 15.009.20077
Adobe acrobat 11.0.3
Adobe acrobat_reader_dc 15.006.30306
Adobe acrobat_dc 15.016.20045
Adobe acrobat_reader_dc 15.006.30280
Adobe reader 11.0.05
Adobe reader 11.0.12
Adobe acrobat_reader_dc 15.006.30119
Adobe acrobat_reader 17.011.30059
Adobe reader 11.0.20
Adobe acrobat 11.0.20

HTTP:IIS:ASP-DOT-NET-VSTATE - HTTP: IIS ASP .NET ViewState Input Sanitization

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against the ASP .Net ViewState module. Attackers can remotely send malformed input to the module to overflow a buffer and execute arbitrary code.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

url: http://scottonwriting.net/sowblog/posts/3747.aspx
cve: CVE-2005-1664

APP:REAL:RMP-FILE-OF - APP: RealNetworks RealPlayer RMP File Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in RealPlayer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 64398
cve: CVE-2013-6877

Affected Products:

Realnetworks realplayer 16.0.2.32
Realnetworks realplayer 16.0.3.51

HTTP:STC:JAVA:JAVA-VM-ARGS-OF - HTTP: Sun Java JNLP java-vm-args Attribute Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Java JRE implementation. Attackers can create a malicious JNLP file that, when loaded by a user, can compromise the user's computer.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.zerodayinitiative.com/advisories/ZDI-08-043
cve: CVE-2008-3111
url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-238905-1
bugtraq: 30148

Affected Products:

Apple mac_os_x 10.5.1
Apple mac_os_x_server 10.5
Vmware esx_server 3.0.1
Apple mac_os_x 10.4.7
Apple mac_os_x_server 10.4.7
Red_hat desktop_extras 3
Sun sdk_(linux_production_release) 1.4.2 15
Sun sdk_(solaris_production_release) 1.4.2 15
Sun sdk_(windows_production_release) 1.4.2 15
Red_hat enterprise_linux_supplementary 5 Server
Sun sdk_(windows_production_release) 1.4.2 10
Sun jre_(windows_production_release) 1.4.2 03
Sun jre_(linux_production_release) 1.4.2 06
Sun jre_(windows_production_release) 1.4.2 06
Sun jre_(solaris_production_release) 1.4.2 06
Sun jre_(linux_production_release) 1.4.2 13
Sun jre_(linux_production_release) 1.4.2 14
Vmware virtualcenter 2.5
Nortel_networks self-service_mps_500
Vmware virtualcenter 2.5 Update 2
Vmware virtualcenter 2.0.2
Vmware virtualcenter 2.0.2 Update 1
Vmware virtualcenter 2.0.2 Update 2
Vmware virtualcenter 2.0.2 Update 3
Vmware virtualcenter 2.0.2 Update 4
Vmware virtualcenter 2.5 Update 5
Vmware virtualcenter 2.0.2 Update 5
Sun sdk_(windows_production_release) 1.4.2 03
Apple mac_os_x 10.5.2
Apple mac_os_x_server 10.5.2
Sun jre_(linux_production_release) 1.5.0 15
Apple mac_os_x 10.5.4
Apple mac_os_x_server 10.5.4
Red_hat red_hat_network_satellite_(for_rhel_4) 5.1
Nortel_networks self-service_ccxml
Nortel_networks self_service_voicexml
Apple mac_os_x 10.5
Nortel_networks self-service_peri_ctx
Red_hat desktop_extras 4
Sun jre_(solaris_production_release) 1.4.2 04
Nortel_networks mps 1.0
Suse core 9
Sun jre_(windows_production_release) 1.4.2 05
Sun sdk_(solaris_production_release) 1.4.2 09
Apple mac_os_x 10.4.1
Apple mac_os_x_server 10.4.1
Avaya interactive_response 2.0
Suse open-enterprise-server
Vmware virtualcenter 2.5 Update 1
Sun jre_(linux_production_release) 1.4.2 01
Sun jre_(solaris_production_release) 1.4.2 05
Sun jre_(solaris_production_release) 1.4.2 01
Sun jre_(solaris_production_release) 1.4.2 02
Sun jdk_(linux_production_release) 1.5.0 07
Apple mac_os_x_server 10.5.3
Sun jre_(windows_production_release) 1.4.2 02
Sun jre_(linux_production_release) 1.4.2 17
Sun jre_(solaris_production_release) 1.4.2 17
Sun jdk_(linux_production_release) 1.6.0 01
Sun jdk_(linux_production_release) 1.5.0 .0 05
Apple mac_os_x 10.4.6
Apple mac_os_x_server 10.4.6
Sun jre_(linux_production_release) 1.4.2 11
Sun jre_(windows_production_release) 1.4.2 08
Apple mac_os_x 10.4.4
Apple mac_os_x_server 10.4.4
Apple mac_os_x 10.4.5
Apple mac_os_x_server 10.4.5
Suse suse_linux_enterprise 10
Sun jre_(linux_production_release) 1.4.2 08
Nortel_networks enterprise_voip TM-CS1000
Sun jdk_(linux_production_release) 1.6.0 02
Nortel_networks self-service_mps_1000
Sun jre_(linux_production_release) 1.6.0 02
Sun jdk_(linux_production_release) 1.6.0 04
Sun jdk_(linux_production_release) 1.6.0
Sun jre_(linux_production_release) 1.4.2 16
Sun jre_(solaris_production_release) 1.4.2 16
Sun jre_(windows_production_release) 1.4.2 16
Sun jre_(windows_production_release) 1.4.2 15
Nortel_networks mps_developer
Sun jdk_(linux_production_release) 1.5.0 13
Sun jre_(linux_production_release) 1.5.0 12
Nortel_networks mps 3.0
Nortel_networks mps_speech_server 6.0
Apple mac_os_x 10.4.3
Sun jdk_(linux_production_release) 1.6.0 03
Sun sdk_(linux_production_release) 1.4.2 17
Suse novell_linux_pos 9
Sun sdk_(solaris_production_release) 1.4.2 17
Sun jre_(linux_production_release) 1.6.0 03
Sun sdk_(windows_production_release) 1.4.2 17
Sun jdk_(linux_production_release) 1.5.0.0 12
Sun jre_(linux_production_release) 1.5.0 13
Avaya interactive_response 3.0
Sun jdk_(linux_production_release) 1.5.0.0 03
Sun jdk_(linux_production_release) 1.6.0 05
Sun jre_(linux_production_release) 1.6.0 05
Sun sdk_(solaris_production_release) 1.4.2 05
Sun sdk_(linux_production_release) 1.4.2 05
Sun sdk_(windows_production_release) 1.4.2 05
Sun jre_(windows_production_release) 1.4.2 17
Sun jdk_(linux_production_release) 1.5.0 15
Sun jdk_(linux_production_release) 1.6.0 06
Sun jdk_(solaris_production_release) 1.5.0 15
Sun jre_(solaris_production_release) 1.5.0 15
Sun jre_(linux_production_release) 1.6.0 06
Sun jdk_(linux_production_release) 1.5.0 14
Apple mac_os_x_server 10.4.8
Apple mac_os_x 10.4.10
Sun jdk_(linux_production_release) 1.5.0.0 04
Red_hat enterprise_linux_desktop_supplementary 5 Client
Apple mac_os_x_server 10.4.10
Sun jre_(linux_production_release) 1.5.0 08
Sun jre_(linux_production_release) 1.5.0 09
Sun jre_(linux_production_release) 1.5.0 10
Sun jre_(linux_production_release) 1.4.2 03
Sun jre_(solaris_production_release) 1.4.2 03
Sun jre_(linux_production_release) 1.5.0 11
Sun sdk_(linux_production_release) 1.4.2 01
Sun sdk_(linux_production_release) 1.4.2 03
Sun sdk_(solaris_production_release) 1.4.2 08
Sun jre_(linux_production_release) 1.4.2 15
Sun sdk_(windows_production_release) 1.4.2 08
Sun jre_(solaris_production_release) 1.4.2 15
Sun sdk_(linux_production_release) 1.4.2 04
Sun sdk_(solaris_production_release) 1.4.2 04
Sun sdk_(solaris_production_release) 1.4.2 03
Sun sdk_(solaris_production_release) 1.4.2
Sun sdk_(windows_production_release) 1.4.2
Sun jre_(solaris_production_release) 1.4.2 12
Sun jre_(linux_production_release) 1.4.2 12
Sun jre_(linux_production_release) 1.5.0 07
Nortel_networks mps_manager
Sun jre_(windows_production_release) 1.4.2 12
Sun jre_(linux_production_release) 1.6.0 04
Gentoo linux
Apple mac_os_x_server 10.5.1
Apple mac_os_x 10.4.0
Apple mac_os_x_server 10.4.0
Sun jre_(windows_production_release) 1.4.2 01
Vmware esx_server 3.0.2
Sun jre_(linux_production_release) 1.4.2
Sun jre_(solaris_production_release) 1.4.2
Sun jre_(windows_production_release) 1.4.2
Sun sdk_(solaris_production_release) 1.4.2 14
Vmware esx_server 3.5
Sun jdk_(linux_production_release) 1.5.0.0 11
Apple mac_os_x 10.4.8
Sun sdk_(linux_production_release) 1.4.2 09
Sun sdk_(linux_production_release) 1.4.2 10
Sun sdk_(linux_production_release) 1.4.2 11
Sun sdk_(linux_production_release) 1.4.2 12
Sun sdk_(linux_production_release) 1.4.2 13
Sun sdk_(linux_production_release) 1.4.2 14
Red_hat enterprise_linux_extras 4
Sun sdk_(solaris_production_release) 1.4.2 10
Sun sdk_(solaris_production_release) 1.4.2 11
Sun sdk_(solaris_production_release) 1.4.2 12
Sun sdk_(solaris_production_release) 1.4.2 13
Suse suse_linux_enterprise_server 10
Sun sdk_(windows_production_release) 1.4.2 09
Suse suse_linux_enterprise_desktop 10 SP2
Sun sdk_(windows_production_release) 1.4.2 11
Sun sdk_(windows_production_release) 1.4.2 12
Sun sdk_(windows_production_release) 1.4.2 13
Sun sdk_(windows_production_release) 1.4.2 14
Sun jre_(windows_production_release) 1.4.2 07
Suse suse_linux_enterprise_server 9
Sun jre_(windows_production_release) 1.4.2 09
Sun jre_(linux_production_release) 1.4.2 04
Sun jre_(windows_production_release) 1.4.2 11
Sun jre_(windows_production_release) 1.4.2 13
Sun jre_(windows_production_release) 1.4.2 14
Sun jre_(solaris_production_release) 1.4.2 07
Sun jre_(solaris_production_release) 1.4.2 08
Sun sdk_(linux_production_release) 1.4.2 08
Sun jre_(solaris_production_release) 1.4.2 10
Sun jre_(solaris_production_release) 1.4.2 11
Sun jre_(solaris_production_release) 1.4.2 13
Sun jre_(solaris_production_release) 1.4.2 14
Sun jre_(windows_production_release) 1.4.2 04
Sun jre_(linux_production_release) 1.4.2 10
Apple mac_os_x 10.4.2
Apple mac_os_x_server 10.4.2
Sun jre_(linux_production_release) 1.4.2 10-B03
Sun sdk_(windows_production_release) 1.4.2 04
Vmware esx_server 3.0.3
Sun jre_(linux_production_release) 1.4.2 05
Apple mac_os_x_server 10.4.3
Sun sdk_(linux_production_release) 1.4.2 16
Sun sdk_(solaris_production_release) 1.4.2 16
Sun sdk_(windows_production_release) 1.4.2 16
Sun jre_(windows_production_release) 1.4.2 10
Sun jre_(linux_production_release) 1.4.2 02
Sun sdk_(linux_production_release) 1.4.2 02
Sun sdk_(linux_production_release) 1.4.2
Sun jdk_(linux_production_release) 1.5.0 0 10
Sun jdk_(linux_production_release) 1.5.0.0 09
Suse suse_linux_enterprise_server 10 SP2
Apple mac_os_x 10.5.5
Apple mac_os_x_server 10.5.5
Sun jre_(linux_production_release) 1.5.0 14
Suse suse_linux_enterprise_desktop 10 SP1
Suse suse_linux_enterprise_server 10 SP1
Sun jre_(linux_production_release) 1.6.0 01
Sun jre_(linux_production_release) 1.4.2 07
Apple mac_os_x 10.4.9
Apple mac_os_x_server 10.4.9
Nortel_networks mps 2.1
Sun jdk_(linux_production_release) 1.5.0 06
Sun jre_(solaris_production_release) 1.4.2 09
Sun jre_(linux_production_release) 1.5.0 06
Apple mac_os_x 10.5.3
Sun jre_(linux_production_release) 1.4.2 09
Apple mac_os_x 10.4.11
Apple mac_os_x_server 10.4.11
Sun jdk_(linux_production_release) 1.5.0 01
Sun jdk_(linux_production_release) 1.5.0 02
Red_hat enterprise_linux_as_extras 3
Sun jdk_(linux_production_release) 1.5.0.0 08
Red_hat enterprise_linux_es_extras 3
Red_hat enterprise_linux_ws_extras 3
Red_hat enterprise_linux_ws_extras 4
Red_hat enterprise_linux_es_extras 4
Red_hat enterprise_linux_as_extras 4

HTTP:MITSUBISHI-ELECTRIC-SBO - HTTP: Mitsubishi Electric E-Designer SetupAlarm Font Stack Buffer Overflow

Severity: HIGH

Description:

A stack-based buffer overflow vulnerability exists in Mitsubishi's Electric E-Designer. A remote attacker can exploit this vulnerability by enticing a user to visit a maliciously crafted website. This can lead to arbitrary code execution in the context of the affected user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2017-9638

Affected Products:

Mitsubishielectric e-designer 7.52

HTTP:RUBY-GEM-SEMICOLON1 - HTTP: Ruby Gem Multiple Wrappers Command Injection1

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against Ruby Gem Minimagic, Curl and Fastreader 1.0.8 wrappers. A successful attack can lead to command injection and arbitrary code execution.

Supported On:

HTTP:STC:MITSUBISHI-E-DESIGN-BO - HTTP: Mitsubishi Electric E-Designer BEComliSlave Buffer Overflow

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.zerodayinitiative.com/advisories/zdi-17-509/
cve: CVE-2017-9638

Affected Products:

Mitsubishielectric e-designer 7.52

HTTP:DOS:NOOP-SLED-REQ-MALF - HTTP: No Operation Sled in HTTP Request (Malformed)

Severity: HIGH

Description:

This signature detects a long string of "No Operation" (NOOP) commands sent in an HTTP request that has been malformed. Some vulnerability testing tools incorrectly send a NOOP sled without completing the request. This is generally a benign request that would not exploit the target. Your server is possibly being probed by a test tool.

Supported On:

References:

cve: CVE-2006-2496

Affected Products:

Novell imonitor 2.4
Novell edirectory 8.8

DB:INGRES-UUID_FROM_CHAR-OF - DB: Ingres Database uuid_from_char Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in the Ingres Database. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server, typically root.

Supported On:

References:

url: http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-ingres-stack-overflow/
bugtraq: 24585
cve: CVE-2007-3338

Affected Products:

Computer_associates cleverpath_aion_bpm 10.1
Computer_associates unicenter_database_command_center 11.1
Computer_associates unicenter_enterprise_job_manager 1.0 SP3
Computer_associates unicenter_workload_control_center 1.0.SP4
Computer_associates unicenter_workload_control_center 1.0 SP4
Computer_associates advantage_data_transformer 2.2.0
Computer_associates brightstor_arcserve_backup 11.1.0
Computer_associates etrust_audit R8
Computer_associates brightstor_arcserve_backup 11.5
Computer_associates etrust_directory 8.1
Computer_associates brightstor_arcserve_backup_for_linux 9.0.0
Computer_associates brightstor_enterprise_backup_for_tru64 10.5.0
Computer_associates brightstor_enterprise_backup_for_hp 10.5.0
Computer_associates brightstor_enterprise_backup_for_aix 10.5.0
Computer_associates brightstor_enterprise_backup_for_solaris 10.5.0
Computer_associates brightstor_arcserve_backup_for_linux 11.1.0
Ingres_corporation ingres_database 3.0.3
Ingres_corporation ingres_database 2.5
Ingres_corporation ingres_database 2.6
Ingres_corporation ingres_database_2006
Computer_associates allfusion_enterprise_workbench 1.1
Computer_associates allfusion_enterprise_workbench 1.1 SP1
Computer_associates allfusion_enterprise_workbench 7
Computer_associates allfusion_enterprise_workbench 7.1
Computer_associates allfusion_harvest_change_manager 7
Computer_associates allfusion_harvest_change_manager 7.1
Computer_associates arcserve_backup_for_laptops_and_desktops 11.5
Computer_associates brightstor_storage_command_center 11.5
Computer_associates brightstor_storage_resource_manager 11.5
Computer_associates cleverpath_aion_bre 10.1
Computer_associates docserver 1.1
Computer_associates etrust_admin 8.1 SP1
Computer_associates etrust_iam_suite 8
Computer_associates etrust_iam_toolkit 8
Computer_associates etrust_iam_toolkit 8.1
Computer_associates etrust_identity_manager 8.1
Computer_associates etrust_network_forensics 8.1
Computer_associates etrust_single_sign-on 7
Computer_associates etrust_single_sign-on 8
Computer_associates etrust_single_sign-on 8.1
Computer_associates etrust_web_access_control 1.0
Computer_associates unicenter_advanced_systems_management 11
Computer_associates unicenter_asset_intelligence 11
Computer_associates unicenter_asset_management 11
Computer_associates unicenter_asset_portfolio_management 11.2.1
Computer_associates unicenter_asset_portfolio_management 11.3
Computer_associates ccs 11
Computer_associates unicenter_desktop_and_server_management 11
Computer_associates unicenter_desktop_management_suite 11
Computer_associates unicenter_enterprise_job_manager 1.0 SP4
Computer_associates unicenter_job_management_option 11.0
Computer_associates unicenter_lightweight_portal 2
Computer_associates unicenter_management_portal 3.1.1
Computer_associates unicenter_patch_management 11
Computer_associates unicenter_remote_control 11
Computer_associates unicenter_service_assure 11.1
Computer_associates unicenter_service_assure 11
Computer_associates unicenter_service_assure 2.2
Computer_associates unicenter_service_catalog 11
Computer_associates unicenter_service_delivery 11.1
Computer_associates unicenter_service_intelligence 11
Computer_associates unicenter_service_metric_analysis 11
Computer_associates unicenter_service_metric_analysis 11.1
Computer_associates unicenter_service_metric_analysis 3.0.2
Computer_associates unicenter_service_metric_analysis 3.5.0
Computer_associates unicenter_serviceplus_service_desk 5.5 SP3
Computer_associates unicenter_serviceplus_service_desk 6.0 SP1
Computer_associates unicenter_serviceplus_service_desk 11.1
Computer_associates unicenter_serviceplus_service_desk 11
Computer_associates unicenter_serviceplus_service_desk 11.2
Computer_associates unicenter_software_delivery 11
Computer_associates unicenter_tng 2.4.2J
Computer_associates unicenter_ca_web_services_distributed_management 3.5
Computer_associates wily_soa_manager 7.1
Computer_associates unicenter_ca_web_services_distributed_management 3.11
Computer_associates unicenter_tng 2.4.2
Computer_associates cleverpath_predictive_analysis_server 3.0.0
Computer_associates etrust_admin 8.0.0
Computer_associates etrust_admin 8.1.0
Computer_associates etrust_admin 8.1 SP2
Computer_associates unicenter_network_and_systems_management 3.0
Computer_associates unicenter_network_and_systems_management 3.1
Computer_associates unicenter_network_and_systems_management 11
Computer_associates unicenter_remote_control 6.0.0
Computer_associates unicenter_tng 2.2.0
Computer_associates unicenter_service_delivery 11.0.0
Computer_associates unicenter_asset_portfolio_management 11.0.0
Computer_associates etrust_secure_content_manager 8.0.0
Computer_associates unicenter_serviceplus_service_desk 6.0.0

HTTP:STC:DL:DIRECTX-SAMI - HTTP: Microsoft DirectX SAMI File Parsing Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft DirectX application framework. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 26789
cve: CVE-2007-3901
bugtraq: 49149
url: http://labs.mwrinfosecurity.com/files/Advisories/mwri_mplayer-sami-subtitles_2011-08-12.pdf

Affected Products:

Microsoft directx 8.1
Hp storage_management_appliance 2.1
Avaya messaging_application_server MM 3.1
Nortel_networks centrex_ip_client_manager 9.0
Hp storage_management_appliance I
Hp storage_management_appliance II
Hp storage_management_appliance III
Nortel_networks callpilot 703T
Avaya messaging_application_server MM 2.0
Nortel_networks callpilot 201I
Nortel_networks callpilot 200I
Avaya messaging_application_server MM 3.0
Nortel_networks callpilot 702T
Avaya messaging_application_server MM 1.1
Avaya messaging_application_server
Nortel_networks centrex_ip_client_manager 10.0
Nortel_networks callpilot 1002Rp
Microsoft directx 7.0

APP:REAL:RAM-FILE-OF - APP: RealMedia RAM File Processing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in RealNetworks RealPlayer products. A successful attack can lead to arbitrary code execution.

Supported On:

References:

bugtraq: 13264
url: http://pb.specialised.info/all/adv/real-ram-adv.txt
url: http://service.real.com/help/faq/security/050419_player/EN/
cve: CVE-2005-0755
cve: CVE-2004-0550
cve: CVE-2004-0258

Affected Products:

Real_networks realone_player 6.0.11 .830
Real_networks realone_player 6.0.11 .853
Real_networks realone_player_for_osx 9.0.0 .297
Real_networks realone_player_for_osx 9.0.0 .288
Red_hat enterprise_linux_es 3
Red_hat enterprise_linux_ws 3
Real_networks realplayer 8.0.0 Unix
Real_networks realone_player 1.0.0
Real_networks realone_player 6.0.11 .868
Real_networks realplayer 10.0.0
Red_hat enterprise_linux_as 3
Real_networks realplayer 8.0.0 Mac
Real_networks realplayer_10_for_mac_os 10.0.0.305
Red_hat desktop 3.0.0
Real_networks realplayer 10.5.0 V6.0.12.1056
Real_networks realplayer_10_for_mac_os 10.0.0.325
Real_networks realplayer 10.5.0 V6.0.12.1053
Real_networks realplayer 10.5.0 V6.0.12.1040
Real_networks realplayer_10_for_mac_os
Real_networks realplayer_10_for_linux
Real_networks helix_player_for_linux 1.0.0
Real_networks realplayer_enterprise 1.7.0
Real_networks realplayer_enterprise 1.1.0
Real_networks realplayer_enterprise 1.2.0
Real_networks realplayer_enterprise 1.5.0
Real_networks realplayer_enterprise 1.6.0
Real_networks realplayer_enterprise
Real_networks realone_player 6.0.11 .840
Real_networks realplayer_for_unix 10.0.3
Real_networks helix_player_for_linux 1.0.3
Real_networks helix_player_for_linux 1.0.2
Real_networks helix_player_for_linux 1.0.1
Real_networks realone_player 6.0.11 .872
Real_networks realplayer 8.0.0 Win32
Real_networks realone_player 6.0.11 .818

HTTP:STC:IE:MOUSE-MOVE-MEM - HTTP: Microsoft Internet Explorer Uninitialized Memory Corruption (CVE-2010-0267)

Severity: HIGH

Description:

This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due to the way that Internet Explorer handles certain type of mouse movement events. A remote attacker can exploit this by enticing a target user to open a maliciously crafted HTML document. In a successful code injection attack, the behavior of the target host is entirely dependent on the logic of the injected code and executes within the security context of the currently logged in user. In an unsuccessful attack, the application can terminate abnormally.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 39023
cve: CVE-2010-0267

Affected Products:

Microsoft internet_explorer 6.0
Avaya messaging_application_server 4
Avaya messaging_application_server 5
Avaya messaging_application_server
Avaya messaging_application_server MM 3.1
Microsoft internet_explorer 6.0 SP1
Microsoft internet_explorer 7.0
Avaya messaging_application_server MM 2.0
Avaya messaging_application_server MM 1.1
Avaya meeting_exchange-client_registration_server
Avaya meeting_exchange-recording_server
Avaya meeting_exchange-streaming_server
Avaya meeting_exchange-web_conferencing_server
Avaya meeting_exchange-webportal
Avaya messaging_application_server MM 3.0

HTTP:ALTN-SG-OF - HTTP: Alt-N Security Gateway Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Alt-N Security Gateway. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Web server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2008-4193
bugtraq: 29457

Affected Products:

Alt-n securitygateway 1.0.1

HTTP:CA-XOSOFT-XOSOAP - HTTP: Computer Associates XOsoft xosoapapi.asmx Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in CA XOsoft Multiple Products. It is due to insufficient boundary checking when handling certain HTTP requests sent to the ws_man.exe process. A remote unauthenticated attacker can exploit this by sending a malicious HTTP request to a target server. In a successful attack, where arbitrary code is injected and executed on the vulnerable target host, the behavior of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the service. In an unsuccessful attack, the application can terminate abnormally.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 39238
cve: CVE-2010-1223

Affected Products:

Computer_associates xosoft_content_distribution r12
Computer_associates xosoft_content_distribution r12.5
Computer_associates xosoft_high_availability r12.5
Computer_associates xosoft_replication r12.5
Computer_associates xosoft_replication r12
Computer_associates xosoft_high_availability r12

APP:HP-MGMT-UAM-BO - APP: HP Intelligent Management Center uam Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the HP Intelligent Management Center uam component. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected server.

Supported On:

References:

bugtraq: 55271

APP:HPOV:OVALARMSRV-DOS2 - APP: Hewlett-Packard OpenView Alarm Denial of Service (2)

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Hewlett-Packard OpenView Alarm Service. A successful attack can lead to a buffer overflow and cause the service to crash, denying use of the service (DoS).

Supported On:

References:

bugtraq: 28668
cve: CVE-2008-1852

Affected Products:

Hp openview_network_node_manager 7.01
Hp openview_network_node_manager 7.50
Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.53

VNC:OVERFLOW:ULTRAVNC-HEAP - VNC: UltraVNC VNC Server File Transfer Offer Handler Heap-based Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the VNC Server of UltraVNC. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the VNC Server of UltraVNC.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2019-8274

Affected Products:

Uvnc ultravnc 1.1.9.3
Uvnc ultravnc 1.2.1.6
Uvnc ultravnc 1.2.2.2
Uvnc ultravnc 1.2.0.5
Uvnc ultravnc 1.2.1.7
Uvnc ultravnc 1.1.9.6
Uvnc ultravnc 1.0.9.6.2
Uvnc ultravnc 1.2.1.0
Uvnc ultravnc 1.1.8.9
Uvnc ultravnc 1.2.0.9
Uvnc ultravnc 1.2.1.2

DNS:ISC-BIND-ASSERT-DOS - DNS: ISC BIND DNS options Assertion Failure Denial of Service

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the ISC BIND. Successful exploitation could lead to a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2016-2848

Affected Products:

Isc bind 9.3.4
Isc bind 9.7.1
Isc bind 9.8.0
Isc bind 9.7.0
Isc bind 9.8.1
Isc bind 9.5.0
Isc bind 9.4
Isc bind 9.2.1
Isc bind 9.8.2
Isc bind 9.6.3
Isc bind 9.5
Isc bind 9.8.3
Isc bind 9.6.0
Isc bind 9.8.4
Isc bind 9.6.1
Isc bind 9.2.0
Isc bind 9.2.8
Isc bind 9.1
Isc bind 9.2.9
Isc bind 9.2
Isc bind 9.3.1
Isc bind 9.6
Isc bind 9.1.1
Isc bind 9.3
Isc bind 9.1.0
Isc bind 9.3.6
Isc bind 9.2.6
Isc bind 9.1.3
Isc bind 9.3.3
Isc bind 9.1.2
Isc bind 9.3.2
Isc bind 9.7.7
Isc bind 9.2.4
Isc bind 9.7.6
Isc bind 9.4.0
Isc bind 9.5.1
Isc bind 9.2.7
Isc bind 9.2.5
Isc bind 9.7.5
Isc bind 9.4.1
Isc bind 9.9.1
Isc bind 9.3.0
Isc bind 9.6.2
Isc bind 9.2.2
Isc bind 9.7.4
Isc bind 9.4.2
Isc bind 9.9.0
Isc bind 9.5.3
Isc bind 9.2.3
Isc bind 9.7.3
Isc bind 9.4.3
Isc bind 9.5.2
Isc bind 9.3.5
Isc bind 9.7.2
Isc bind 9.9.2

DB:ORACLE:DBMS:AQELM-OF - DB: Oracle DBMS_AQELM Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle Database Server DBMS_AQELM Package. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server, typically root.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 30177
url: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=726
cve: CVE-2008-2607

Affected Products:

Oracle oracle10g_standard_edition 10.1.0 .5
Bea_systems weblogic_server 7.0.0 SP 1
Hp oracle_for_openview_for_linux_ltu
Bea_systems weblogic_server 6.1.0 SP 3
Oracle oracle10g_application_server 10.1.2
Bea_systems weblogic_server 8.1.0 SP 1
Bea_systems weblogic_server 8.1.0 SP 6
Bea_systems weblogic_server 7.0.0 SP 4
Bea_systems weblogic_server 8.1.0 SP 2
Oracle oracle10g_enterprise_edition 10.1.0 .5
Oracle oracle9i_personal_edition 9.2.0 .8
Bea_systems weblogic_server 6.1.0
Bea_systems weblogic_server 6.1.0 SP 1
Bea_systems weblogic_server 6.1.0 SP 2
Oracle oracle9i_enterprise_edition 9.0.1 .5 FIPS
Oracle oracle10g_standard_edition 10.2.0 .3
Oracle oracle10g_personal_edition 10.2.0 .3
Bea_systems weblogic_server 9.0
Bea_systems weblogic_server 7.0.0 SP 3
Oracle oracle10g_standard_edition 10.2.0.4
Oracle oracle10g_enterprise_edition 10.2.0.4
Oracle oracle10g_personal_edition 10.2.0.4
Oracle timesten_in-memory_database 7.0.3.0.0
Oracle oracle10g_application_server 10.1.2.3.0
Oracle hyperion_bi_plus 9.2.0.3
Oracle hyperion_bi_plus 9.2.1.0
Hp oracle_for_openview 8.1.7
Bea_systems weblogic_server 6.1.0 SP 5
Oracle hyperion_performance_suite 8.3.2.4
Bea_systems weblogic_server 6.1.0 SP 4
Oracle e-business_suite_11i 11.5.10.2
Oracle hyperion_bi_plus 9.3.1.0
Oracle oracle10g_personal_edition 10.2.0 .2
Bea_systems weblogic_server 7.0.0 SP 6
Oracle peoplesoft_enterprise_peopletools 8.49.12
Oracle oracle10g_enterprise_edition 10.2.0 .2
Bea_systems weblogic_server 10.0
Hp oracle_for_openview 9.2
Oracle oracle9i_application_server 1.0.2 .2
Oracle enterprise_manager_database_control_11i 11.1.0.6
Oracle oracle9i_standard_edition 9.2.0 .8DV
Oracle oracle9i_personal_edition 9.2.0 .8DV
Oracle oracle9i_enterprise_edition 9.2.0 .8DV
Oracle oracle10g_application_server 10.1.3 .1.0
Hp oracle_for_openview 10g
Hp oracle_for_openview 10gR2
Oracle oracle10g_application_server 10.1.3 .3.0
Oracle hyperion_performance_suite 8.5.0.3
Bea_systems weblogic_server 9.2 Maintenance Pack 3
Oracle peoplesoft_enterprise_customer_relationship_manage 8.9
Oracle peoplesoft_enterprise_customer_relationship_manage 9.0
Oracle oracle11g_standard_edition 11.1.0 6
Oracle oracle10g_enterprise_edition 10.2.0 .3
Oracle oracle11g_enterprise_edition 11.1.0 6
Hp oracle_for_openview 9.1.01
Oracle oracle10g_standard_edition 10.2.0 .2
Bea_systems weblogic_server 7.0.0 SP 5
Oracle oracle9i_personal_edition 9.0.1 .5 FIPS
Bea_systems weblogic_server 8.1.0 SP 5
Hp oracle_for_openview_for_linux_ltu_service_bureaus
Oracle enterprise_manager_database_control_10g 10.2.0.4
Bea_systems weblogic_server 10.0 MP1
Oracle oracle9i_standard_edition 9.0.1 .5 FIPS
Oracle peoplesoft_enterprise_peopletools 8.48.18
Bea_systems weblogic_server 7.0.0 SP 2
Oracle enterprise_manager_grid_control_10g 10.1.0 6
Oracle enterprise_manager_database_control_10g 10.1.0.5
Oracle enterprise_manager_database_control_10g 10.2.0.2
Oracle enterprise_manager_database_control_10g 10.2.0.3
Oracle oracle9i_enterprise_edition 9.2.0.8.0
Oracle oracle10g_application_server 9.0.4 3
Oracle oracle9i_standard_edition 9.2.0.8
Oracle oracle11g_standard_edition_one 11.1.0 6
Oracle enterprise_manager_grid_control_10g 10.1.0 .5
Bea_systems weblogic_server 6.1.0 SP 7
Bea_systems weblogic_server 9.2
Oracle e-business_suite_12 12.0.4
Oracle oracle10g_personal_edition 10.1.0.5
Bea_systems weblogic_server 8.1.0 SP 4
Bea_systems weblogic_server 7.0.0 SP 7
Bea_systems weblogic_server 8.1.0 SP 3

HTTP:EK-COTTONCASTLE-JAVA-CONN - HTTP: CottonCastle Exploit Kit Java Outbound Connection 1

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:STC:ADOBE:CVE-2016-1078-CE - HTTP: Adobe Reader CVE-2016-1078 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-branch-19.2, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-12.1, srx-branch-12.1, vsrx3bsd-19.2, vsrx-12.1, srx-branch-19.1, vsrx-15.1, srx-19.2

References:

cve: CVE-2016-1078

Affected Products:

Adobe reader 11.0.15
Adobe acrobat_reader_dc 15.010.20060
Adobe acrobat_dc 15.010.20060
Adobe acrobat 11.0.15
Adobe acrobat_reader_dc 15.006.30121
Adobe acrobat_dc 15.006.30121

HTTP:STC:CVE-2018-8344-CE - HTTP: Microsoft Graphics CVE-2018-8344 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known Integer Overflow vulnerability against Microsoft Windows 10. A Successful exploitation of this vulnerability could achieve Remote Code Execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2018-8344
bugtraq: 104983

Affected Products:

Microsoft windows_server_2012 r2
Microsoft windows_server_2008 -
Microsoft windows_server_2016 -
Microsoft windows_10 1703
Microsoft windows_10 -
Microsoft windows_7 -
Microsoft windows_10 1709
Microsoft windows_server_2012 -
Microsoft windows_server_2008 r2
Microsoft windows_8.1 -
Microsoft windows_server_2016 1709
Microsoft windows_server_2016 1803
Microsoft windows_10 1607
Microsoft windows_rt_8.1 -
Microsoft windows_10 1803

HTTP:WEBSPHERE:SERVER-OF - HTTP: WebSphere Application Server Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against IBM WebSphere Application Server. The WebSphere server does not properly validate user input during the application authentication process. Attackers can provide malicious input to terminate the server process, or inject and execute arbitrary code on the target.

Supported On:

References:

url: http://www.appsecinc.com/resources/alerts/general/WEBSPHERE-001.html
url: http://www.frsirt.com/english/advisories/2005/0688
bugtraq: 13853
cve: CVE-2005-1872

Affected Products:

Ibm websphere_application_server 5.0.2 .3
Ibm websphere_application_server 5.0.2 .4
Ibm websphere_application_server 5.0.2 .5
Ibm websphere_application_server 5.0.2 .6
Ibm websphere_application_server 5.0.2 .7
Ibm websphere_application_server 5.0.2 .2
Ibm websphere_application_server 5.0.2 .8
Ibm websphere_application_server 5.0.2.10
Ibm websphere_application_server 5.0.2 .9
Ibm websphere_application_server 5.0.2
Ibm websphere_application_server 5.0.2 .1

HTTP:DOMINO:SAMETIME-URL-OF - HTTP: Lotus Sametime URL Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the IBM Lotus Sametime Multiplexer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Web server.

Supported On:

idp-5.1.110161014, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 29328
url: http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21303920
cve: CVE-2008-2499

Affected Products:

Ibm lotus_sametime 7.5.1
Ibm lotus_sametime 8.0
Ibm lotus_sametime 7.0
Ibm lotus_sametime 7.5

FTP:OVERFLOW:S2C-PATH-OF - FTP: FlashGet FTP PWD Command Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the IE FlashGet application. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.

Supported On:

idp-5.1.110161014, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 30685
url: http://www.flashget.com
cve: CVE-2014-5211
url: http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/

Affected Products:

Flashget flashget 1.9

SMTP:SPAMASS-DOS - SMTP: SpamAssassin Content-Type Denial of Service

Severity: MEDIUM

Description:

This signature detects a malformed e-mail that can trigger a denial-of-service condition within the SpamAssassin daemon. This attack could be used to disable the spam filtering system of a mail server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, isg-3.5.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

Affected Products:

Red_hat fedora Core4
Suse linux_personal 9.3.0
Red_hat fedora Core3
Suse linux_personal 9.2.0 X86 64
Spamassassin spamassassin 3.0.1
Spamassassin spamassassin 3.0.2
Spamassassin spamassassin 3.0.3
Red_hat enterprise_linux_as 4
Red_hat enterprise_linux_es 4
Suse linux_professional 9.2.0
Suse linux_professional 9.3.0
Suse linux_professional 9.3.0 X86 64
Suse linux_professional 9.2.0 X86 64
Red_hat fedora Core1
Spamassassin spamassassin 2.60.0
Spamassassin spamassassin 2.63.0
Spamassassin spamassassin 2.55.0
Mandriva linux_mandrake 10.1.0
Mandriva linux_mandrake 10.1.0 X86 64
Spamassassin spamassassin 2.44.0
Red_hat desktop 4.0.0
Suse linux_personal 9.2.0
Suse linux_personal 9.3.0 X86 64
Gentoo linux
Red_hat enterprise_linux_ws 4
Spamassassin spamassassin 2.40.0
Spamassassin spamassassin 2.41.0 0
Spamassassin spamassassin 2.42.0 0
Spamassassin spamassassin 2.43.0 0
Spamassassin spamassassin 2.50.0 0
Mandriva linux_mandrake 10.2.0
Mandriva linux_mandrake 10.2.0 X86 64

FTP:SERVU:CHMOD-OVERFLOW - FTP: ServU CHMOD Filename Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in the ServU FTP server CHMOD command. The CHMOD command is typically used to change server file permissions. Attackers can send an overly long filename argument to the CHMOD command to execute arbitrary code with system privileges.

Supported On:

DI-Base, DI-Server, idp-4.0.0, idp-4.0.110090709, idp-5.1.110161014, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-4.0.110090831, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

url: http://xforce.iss.net/xforce/xfdb/14931
bugtraq: 9675
url: http://www.addict3d.org/index.php?page=viewarticle&type=security&ID=560
cve: CVE-2004-2111
bugtraq: 9483

Affected Products:

Rhino_software serv-u 4.1.0 .0.11
Rhino_software serv-u 4.0.0 .0.4
Rhino_software serv-u 4.1.0
Rhino_software serv-u 3.1.0
Rhino_software serv-u 5.0.0 .0.4

APP:NOVELL:MESSENGER-BOF - APP: Novell Messenger Client Filename Parameter Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Novell Messenger. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

cve: CVE-2013-1085

Affected Products:

Novell groupwise_messenger 1.0.6
Novell groupwise_messenger 2.0
Novell messenger up to 2.2.1
Novell messenger 2.2.0
Novell messenger up to 2.1
Novell groupwise_messenger 2.0.2
Novell groupwise_messenger up to 2.0.4

HTTP:STC:CVE-2019-6537-RCE - HTTP: WECON LeviStudio DataLogTool Multiple Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against WECON LeviStudio DataLogTool. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 106861
cve: CVE-2019-6537

Affected Products:

We-con levistudiou 1.8.56

MS-RPC:CVE-2019-6550-RCE - MS-RPC: Advantech WebAccess SCADA Remote Code Execution

Severity: HIGH

Description:

This signature detects attempt to exploit a directory traversal and remote code execution vulnerability exists in Advantech WebAccess software. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2019-6550

Affected Products:

Advantech webaccess 8.3.5

APP:IBM:TIVOLI-OF - APP: IBM Tivoli Management Framework Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in IBM Tivoli Management Framework. An attacker can send an overly long parameter, which could result in arbitrary code execution or a denial of service.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 48049
cve: CVE-2011-1220

Affected Products:

Ibm tivoli_management_framework 4.1.1
Ibm tivoli_management_framework 4.1
Ibm tivoli_management_framework 4.3.1

CHAT:ICQ:ISS-BLACKICE-OF - ICQ: ISS BlackIce ICQ Decoder META_USER Buffer Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in the ICQ decoder on ISS BlackIce network devices. Attackers can remotely execute arbitrary code.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.kb.cert.org/vuls/id/947254
bugtraq: 9913
cve: CVE-2004-0362

Affected Products:

Ibm realsecure_server_sensor 6.0.1 Win SR1.1
Ibm realsecure_server_sensor 6.5.0 Win SR3.1
Ibm realsecure_sentry 3.6.0 ecb
Ibm realsecure_server_sensor 5.0.0 Win
Ibm realsecure_server_sensor 5.5.0 Win
Ibm realsecure_server_sensor 5.5.2 Win
Ibm realsecure_server_sensor 6.0.0 Win
Ibm realsecure_server_sensor 6.0.1 Win
Ibm realsecure_server_sensor 5.5.1 Win
Ibm blackice_agent_for_server 3.6.0 eca
Ibm blackice_server_protection 3.6.0 cbz
Ibm realsecure_desktop 3.6.0 eca
Ibm realsecure_desktop 7.0.0 ebg
Ibm blackice_agent_for_server 3.6.0 ecb
Ibm realsecure_desktop 7.0.0 ebh
Ibm realsecure_desktop 3.6.0 ecb
Ibm blackice_server_protection 3.6.0 ccb
Ibm blackice_pc_protection 3.6.0 ccb
Ibm realsecure_network_sensor 7.0.0 XPU 20.11
Ibm proventia_g_series XPU 22.4
Ibm realsecure_server_sensor 7.0.0 XPU 22.9
Ibm realsecure_desktop 7.0.0 eba
Ibm proventia_a_series XPU 22.9
Ibm realsecure_server_sensor 7.0.0 XPU 22.11
Ibm proventia_a_series XPU 20.11
Ibm proventia_g_series XPU 22.11
Ibm realsecure_server_sensor 7.0.0 XPU 22.8
Ibm realsecure_server_sensor 7.0.0 XPU 22.7
Ibm realsecure_server_sensor 7.0.0 XPU 22.6
Ibm realsecure_server_sensor 7.0.0 XPU 22.5
Ibm proventia_a_series XPU 22.8
Ibm realsecure_server_sensor 7.0.0 XPU 22.4
Ibm realsecure_server_sensor 7.0.0 XPU 22.3
Ibm realsecure_server_sensor 7.0.0 XPU 22.2
Ibm realsecure_server_sensor 7.0.0 XPU 22.1
Ibm proventia_a_series XPU 22.7
Ibm proventia_a_series XPU 22.6
Ibm proventia_a_series XPU 22.5
Ibm proventia_a_series XPU 22.4
Ibm proventia_a_series XPU 22.3
Ibm proventia_a_series XPU 22.2
Ibm proventia_a_series XPU 22.1
Ibm proventia_g_series XPU 22.8
Ibm proventia_g_series XPU 22.7
Ibm proventia_g_series XPU 22.6
Ibm proventia_g_series XPU 22.5
Ibm realsecure_desktop 3.6.0 ece
Ibm proventia_g_series XPU 22.2
Ibm proventia_g_series XPU 22.1
Ibm proventia_m_series XPU 1.6
Ibm proventia_m_series XPU 1.5
Ibm proventia_m_series XPU 1.4
Ibm realsecure_network_sensor 7.0.0 XPU 22.9
Ibm proventia_m_series XPU 1.1
Ibm proventia_m_series XPU 1.9
Ibm realsecure_desktop 7.0.0 ebk
Ibm realsecure_desktop 7.0.0 ebl
Ibm realsecure_guard 3.6.0 ecb
Ibm realsecure_desktop 3.6.0 ecf
Ibm realsecure_guard 3.6.0 eca
Ibm realsecure_guard 3.6.0 ecc
Ibm proventia_g_series XPU 22.3
Ibm realsecure_guard 3.6.0 ecf
Ibm proventia_m_series XPU 1.3
Ibm proventia_m_series XPU 1.7
Ibm realsecure_sentry 3.6.0 ecc
Ibm realsecure_sentry 3.6.0 ece
Ibm realsecure_desktop 7.0.0 ebj
Ibm realsecure_desktop 3.6.0 ecd
Ibm realsecure_guard 3.6.0 ecd
Ibm realsecure_sentry 3.6.0 ecd
Ibm realsecure_sentry 3.6.0 eca
Ibm blackice_server_protection 3.6.0 ccd
Ibm proventia_a_series XPU 22.10
Ibm proventia_g_series XPU 22.10
Ibm proventia_m_series XPU 1.8
Ibm realsecure_server_sensor 6.5.0 Win SR3.9
Ibm realsecure_network_sensor 7.0.0 XPU 22.10
Ibm realsecure_server_sensor 6.5.0 Win SR3.8
Ibm realsecure_server_sensor 6.5.0 Win SR3.7
Ibm realsecure_server_sensor 6.5.0 Win SR3.6
Ibm realsecure_server_sensor 6.5.0 Win SR3.5
Ibm realsecure_server_sensor 7.0.0 XPU 22.10
Ibm realsecure_server_sensor 6.5.0 Win SR3.2
Ibm blackice_pc_protection 3.6.0 cca
Ibm blackice_pc_protection 3.6.0 ccc
Ibm blackice_pc_protection 3.6.0 ccf
Ibm blackice_pc_protection 3.6.0 cce
Ibm realsecure_sentry 3.6.0 ecf
Ibm blackice_server_protection 3.6.0 cca
Ibm blackice_server_protection 3.6.0 ccc
Ibm blackice_server_protection 3.6.0 cce
Ibm blackice_server_protection 3.6.0 ccf
Ibm blackice_agent_for_server 3.6.0 ecc
Ibm blackice_agent_for_server 3.6.0 ecd
Ibm blackice_pc_protection 3.6.0 ccd
Ibm blackice_agent_for_server 3.6.0 ecf
Ibm realsecure_server_sensor 6.5.0 Win SR3.10
Ibm blackice_agent_for_server 3.6.0 ebz
Ibm realsecure_network_sensor 7.0.0 XPU 22.4
Ibm realsecure_desktop 7.0.0 ebf
Ibm realsecure_desktop 3.6.0 ebz
Ibm realsecure_guard 3.6.0 ebz
Ibm realsecure_sentry 3.6.0 ebz
Ibm realsecure_server_sensor 6.5.0 Win SR3.4
Ibm realsecure_network_sensor 7.0.0
Ibm realsecure_server_sensor 6.5.0 Win SR3.3
Ibm proventia_m_series XPU 1.2
Ibm realsecure_guard 3.6.0 ece
Ibm blackice_pc_protection 3.6.0 .cbz
Ibm blackice_agent_for_server 3.6.0 ece
Ibm blackice_agent 3.1.0
Ibm realsecure_server_sensor 6.5.0 Win
Ibm proventia_g_series XPU 22.9

CHAT:IRC:MIRC-PRIVMSG - IRC: mIRC PRIVMSG Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the mIRC client. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 31552
cve: CVE-2008-4449

Affected Products:

Khaled_mardam-bey mirc 6.34

DB:ORACLE:TNS:DBMS-OF - DB: Oracle DBMS Overflow

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle Database Server Package. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server, typically root.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 30177
url: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=726
url: http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
cve: CVE-2006-0283
cve: CVE-2008-2607

Affected Products:

Oracle oracle10g_standard_edition 10.1.0 .5
Bea_systems weblogic_server 7.0.0 SP 1
Hp oracle_for_openview_for_linux_ltu
Bea_systems weblogic_server 6.1.0 SP 3
Oracle oracle10g_application_server 10.1.2
Bea_systems weblogic_server 8.1.0 SP 1
Bea_systems weblogic_server 8.1.0 SP 6
Bea_systems weblogic_server 7.0.0 SP 4
Bea_systems weblogic_server 8.1.0 SP 2
Oracle oracle10g_enterprise_edition 10.1.0 .5
Oracle oracle9i_personal_edition 9.2.0 .8
Bea_systems weblogic_server 6.1.0
Bea_systems weblogic_server 6.1.0 SP 1
Bea_systems weblogic_server 6.1.0 SP 2
Oracle oracle9i_enterprise_edition 9.0.1 .5 FIPS
Oracle oracle10g_standard_edition 10.2.0 .3
Oracle oracle10g_personal_edition 10.2.0 .3
Bea_systems weblogic_server 9.0
Bea_systems weblogic_server 7.0.0 SP 3
Oracle oracle10g_standard_edition 10.2.0.4
Oracle oracle10g_enterprise_edition 10.2.0.4
Oracle oracle10g_personal_edition 10.2.0.4
Oracle timesten_in-memory_database 7.0.3.0.0
Oracle oracle10g_application_server 10.1.2.3.0
Oracle hyperion_bi_plus 9.2.0.3
Oracle hyperion_bi_plus 9.2.1.0
Hp oracle_for_openview 8.1.7
Bea_systems weblogic_server 6.1.0 SP 5
Oracle hyperion_performance_suite 8.3.2.4
Bea_systems weblogic_server 6.1.0 SP 4
Oracle e-business_suite_11i 11.5.10.2
Oracle hyperion_bi_plus 9.3.1.0
Oracle oracle10g_personal_edition 10.2.0 .2
Bea_systems weblogic_server 7.0.0 SP 6
Oracle peoplesoft_enterprise_peopletools 8.49.12
Oracle oracle10g_enterprise_edition 10.2.0 .2
Bea_systems weblogic_server 10.0
Hp oracle_for_openview 9.2
Oracle oracle9i_application_server 1.0.2 .2
Oracle enterprise_manager_database_control_11i 11.1.0.6
Oracle oracle9i_standard_edition 9.2.0 .8DV
Oracle oracle9i_personal_edition 9.2.0 .8DV
Oracle oracle9i_enterprise_edition 9.2.0 .8DV
Oracle oracle10g_application_server 10.1.3 .1.0
Hp oracle_for_openview 10g
Hp oracle_for_openview 10gR2
Oracle oracle10g_application_server 10.1.3 .3.0
Oracle hyperion_performance_suite 8.5.0.3
Bea_systems weblogic_server 9.2 Maintenance Pack 3
Oracle peoplesoft_enterprise_customer_relationship_manage 8.9
Oracle peoplesoft_enterprise_customer_relationship_manage 9.0
Oracle oracle11g_standard_edition 11.1.0 6
Oracle oracle10g_enterprise_edition 10.2.0 .3
Oracle oracle11g_enterprise_edition 11.1.0 6
Hp oracle_for_openview 9.1.01
Oracle oracle10g_standard_edition 10.2.0 .2
Bea_systems weblogic_server 7.0.0 SP 5
Oracle oracle9i_personal_edition 9.0.1 .5 FIPS
Bea_systems weblogic_server 8.1.0 SP 5
Hp oracle_for_openview_for_linux_ltu_service_bureaus
Oracle enterprise_manager_database_control_10g 10.2.0.4
Bea_systems weblogic_server 10.0 MP1
Oracle oracle9i_standard_edition 9.0.1 .5 FIPS
Oracle peoplesoft_enterprise_peopletools 8.48.18
Bea_systems weblogic_server 7.0.0 SP 2
Oracle enterprise_manager_grid_control_10g 10.1.0 6
Oracle enterprise_manager_database_control_10g 10.1.0.5
Oracle enterprise_manager_database_control_10g 10.2.0.2
Oracle enterprise_manager_database_control_10g 10.2.0.3
Oracle oracle9i_enterprise_edition 9.2.0.8.0
Oracle oracle10g_application_server 9.0.4 3
Oracle oracle9i_standard_edition 9.2.0.8
Oracle oracle11g_standard_edition_one 11.1.0 6
Oracle enterprise_manager_grid_control_10g 10.1.0 .5
Bea_systems weblogic_server 6.1.0 SP 7
Bea_systems weblogic_server 9.2
Oracle e-business_suite_12 12.0.4
Oracle oracle10g_personal_edition 10.1.0.5
Bea_systems weblogic_server 8.1.0 SP 4
Bea_systems weblogic_server 7.0.0 SP 7
Bea_systems weblogic_server 8.1.0 SP 3

APP:CITRIX:XENAPP-XML-RCE - APP: Citrix XenApp and XenDesktop XML Service Interface Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Citrix XenApp and XenDesktop XML Service. A successful attack can lead to a stack overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 48898

Affected Products:

Citrix xenapp 4.5
Citrix xenapp 4.5 Feature Pack 1
Citrix xenapp 5.0
Citrix xenapp 6.0
Citrix xenapp_fundamentals 3.0
Citrix xenapp_fundamentals 6.0
Citrix xendesktop 4
Citrix xenapp_fundamentals 2.0

HTTP:STC:ADOBE:CVE-2018-4895RCE - HTTP: Adobe Acrobat and Reader CVE-2018-4895 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Reader.A successful attack can lead to Remote Code Execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 102994
cve: CVE-2018-4895

Affected Products:

Adobe acrobat_dc 17.012.20096
Adobe acrobat_dc 15.006.30033
Adobe acrobat_reader_dc 15.006.30033
Adobe acrobat_reader 17.000.0000
Adobe acrobat_reader_dc 15.000.0000
Adobe acrobat 17.008.30051
Adobe acrobat_dc 17.000.0000
Adobe acrobat_reader 17.011.30059
Adobe acrobat_reader_dc 15.006.30119
Adobe acrobat_dc 17.012.20093
Adobe acrobat_reader_dc 15.006.30280
Adobe acrobat_dc 15.006.30392
Adobe acrobat_dc 15.006.30354
Adobe acrobat_dc 15.016.20045
Adobe acrobat_reader 17.011.30068
Adobe acrobat_reader_dc 15.006.30394
Adobe acrobat_reader_dc 15.006.30306
Adobe acrobat_reader_dc 15.006.30352
Adobe acrobat_dc 15.006.30394
Adobe acrobat_dc 15.009.20077
Adobe acrobat_reader_dc 15.006.30392
Adobe acrobat_reader_dc 15.009.20071
Adobe acrobat_dc 15.006.30306
Adobe acrobat_dc 15.006.30119
Adobe acrobat_reader_dc 15.006.30060
Adobe acrobat_dc 15.006.30352
Adobe acrobat_reader_dc 15.006.30354
Adobe acrobat_reader_dc 15.020.20039
Adobe acrobat_reader_dc 18.009.20044
Adobe acrobat_dc 15.009.20071
Adobe acrobat_reader_dc 17.012.20095
Adobe acrobat_reader_dc 15.009.20077
Adobe acrobat_reader_dc 15.006.30096
Adobe acrobat_reader_dc 15.023.20053
Adobe acrobat_dc 15.006.30060
Adobe acrobat_dc 15.020.20039
Adobe acrobat_reader_dc 15.009.20079
Adobe acrobat_dc 15.023.20056
Adobe acrobat_dc 15.006.30096
Adobe acrobat_dc 15.009.20069
Adobe acrobat_dc 15.006.30094
Adobe acrobat_dc 18.009.20044
Adobe acrobat_dc 15.023.20053
Adobe acrobat_dc 15.009.20079
Adobe acrobat_dc 15.006.30244
Adobe acrobat_dc 15.010.20056
Adobe acrobat_reader_dc 15.023.20056
Adobe acrobat_reader_dc 15.006.30244
Adobe acrobat_reader_dc 15.010.20056
Adobe acrobat_reader_dc 17.012.20098
Adobe acrobat_reader 17.011.30065
Adobe acrobat_reader_dc 15.017.20053
Adobe acrobat_reader_dc 15.006.30279
Adobe acrobat_dc 15.006.30172
Adobe acrobat_reader_dc 15.006.30174
Adobe acrobat_dc 17.012.20098
Adobe acrobat 17.011.30066
Adobe acrobat_dc 15.006.30174
Adobe acrobat_dc 15.023.20070
Adobe acrobat_reader_dc 15.006.30172
Adobe acrobat_reader_dc 15.023.20070
Adobe acrobat 17.000.0000
Adobe acrobat 17.011.30056
Adobe acrobat_dc 15.000.0000
Adobe acrobat_reader_dc 17.000.0000
Adobe acrobat_reader_dc 15.010.20060
Adobe acrobat_dc 15.006.30279
Adobe acrobat_dc 17.009.20044
Adobe acrobat_dc 15.017.20053
Adobe acrobat_reader_dc 17.009.20058
Adobe acrobat 17.011.30068
Adobe acrobat_dc 15.010.20060
Adobe acrobat_dc 15.006.30355
Adobe acrobat_reader_dc 17.009.20044
Adobe acrobat 17.011.30059
Adobe acrobat_reader_dc 15.008.20082
Adobe acrobat_dc 15.006.30173
Adobe acrobat_reader_dc 15.006.30355
Adobe acrobat_dc 15.008.20082
Adobe acrobat_reader_dc 15.006.30121
Adobe acrobat_reader_dc 15.006.30097
Adobe acrobat_reader_dc 15.016.20039
Adobe acrobat_reader_dc 15.006.30173
Adobe acrobat_dc 15.006.30097
Adobe acrobat_dc 15.006.30201
Adobe acrobat_reader_dc 15.006.30201
Adobe acrobat_reader_dc 15.020.20042
Adobe acrobat_dc 15.006.30121
Adobe acrobat 17.011.30070
Adobe acrobat_dc 15.016.20039
Adobe acrobat_reader_dc 15.006.30243
Adobe acrobat_dc 18.009.20050
Adobe acrobat_reader 17.011.30070
Adobe acrobat_dc 15.006.30243
Adobe acrobat_reader_dc 15.009.20069
Adobe acrobat_dc 15.020.20042
Adobe acrobat_reader_dc 15.006.30198
Adobe acrobat_reader 17.011.30066
Adobe acrobat_dc 17.009.20058
Adobe acrobat_reader_dc 18.009.20050
Adobe acrobat_reader_dc 15.006.30094
Adobe acrobat_reader_dc 15.010.20059
Adobe acrobat_dc 17.012.20095
Adobe acrobat_dc 15.006.30198
Adobe acrobat_reader_dc 15.017.20050
Adobe acrobat_reader_dc 15.016.20045
Adobe acrobat_dc 15.010.20059
Adobe acrobat_dc 15.017.20050
Adobe acrobat 17.011.30065
Adobe acrobat_dc 15.016.20041
Adobe acrobat_dc 15.006.30280
Adobe acrobat_reader_dc 15.016.20041
Adobe acrobat_reader_dc 17.012.20093

IMAP:OVERFLOW:MAILENABLE-OF - IMAP: MailEnable Status Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against MailEnable Professional. MailEnable Professional version 1.5 and earlier might be vulnerable. Attackers can supply the STATUS command with a large input string attempting to exploit this vulnerability. Successful exploitation can lead to arbitrary remote code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 14243
cve: CVE-2005-2278

Affected Products:

Mailenable mailenable_enterprise_edition 1.0.0 1
Mailenable mailenable_professional 1.5.0
Mailenable mailenable_professional 1.54.0
Mailenable mailenable_enterprise_edition 1.0.0
Mailenable mailenable_enterprise_edition 1.0.0 2
Mailenable mailenable_enterprise_edition 1.0.0 3
Mailenable mailenable_enterprise_edition 1.0.0 4
Mailenable mailenable_professional 1.53.0
Mailenable mailenable_professional 1.51.0
Mailenable mailenable_professional 1.52.0

HTTP:STC:IE:MEMCORRUPT2 - HTTP: Internet Explorer HTML Objects Memory Corruption (2)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. Version 7 is vulnerable. Successful attackers can crash the application and possibly execute arbitrary code.

Supported On:

References:

url: http://www.microsoft.com/technet/security/Bulletin/MS08-073.mspx
bugtraq: 32595
cve: CVE-2008-4259

Affected Products:

Microsoft internet_explorer 6.0
Hp storage_management_appliance 2.1
Microsoft internet_explorer 5.0.1
Nortel_networks self-service_peri_workstation
Nortel_networks contact_center-contact_recording
Nortel_networks contact_center-quality_monitoring
Microsoft internet_explorer 5.0.1 SP4
Nortel_networks self-service_speech_server
Microsoft internet_explorer 6.0 SP1
Nortel_networks contact_center_manager_server
Nortel_networks contact_center
Microsoft internet_explorer 5.0.1 SP2
Nortel_networks media_processing_server
Nortel_networks media_processing_svr_100
Nortel_networks self-service_peri_application
Nortel_networks contact_center_express
Nortel_networks contact_center_multimedia
Nortel_networks contact_center_manager
Nortel_networks self-service-peri_application_rel 3.0
Nortel_networks media_processing_svr_1000_rel 3.0
Nortel_networks media_processing_svr_500_rel 3.0
Microsoft internet_explorer 5.0.1 SP3
Nortel_networks self-service_media_processing_server
Nortel_networks mps_speech_server 6.0
Microsoft internet_explorer 5.0.1 SP1

HTTP:STC:SCRIPT:OBFUSCATED - HTTP: Javascript Obfuscated Page

Severity: HIGH

Description:

This signature detects Web pages obfuscated (made unclear) with JavaScript. This is a technique commonly used by malicious Web sites to hide the malicious nature of the Web pages being downloaded by a user. A successful attack allows the Web page creator to take control of the victim's system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

DB:DB2:XML-QUERY-OF - DB: IBM DB2 XML Query Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against IBM's DB2 database server. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, idp-5.0.110121210, srx-12.1, srx-branch-12.1, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

bugtraq: 29601
cve: CVE-2008-3854

Affected Products:

Ibm db2_universal_database_for_aix 9.1 FixPak 3
Ibm db2_universal_database_for_hp-ux 9.1 FixPak 3
Ibm db2_universal_database_for_linux 9.1 FixPak 3
Ibm db2_universal_database_for_solaris 9.1 FixPak 3
Ibm db2_universal_database_for_windows 9.1 FixPak 3
Ibm db2_universal_database_for_aix 9.1 FixPak 4a
Ibm db2_universal_database_for_hp-ux 9.1 FixPak 4a
Ibm db2_universal_database_for_linux 9.1 FixPak 4a
Ibm db2_universal_database_for_solaris 9.1 FixPak 4a
Ibm db2_universal_database_for_hp-ux 9.1
Ibm db2_universal_database_for_linux 9.1
Ibm db2_universal_database_for_hp-ux 9.1 Fixpak 4
Ibm db2_universal_database_for_solaris 9.1
Ibm db2_universal_database_for_windows 9.1
Ibm db2_universal_database_for_aix 9.1 FixPack 2
Ibm db2_universal_database_for_aix 9.1
Ibm db2_universal_database_for_hp-ux 9.1 FixPack 2
Ibm db2_universal_database_for_linux 9.1 FixPack 2
Ibm db2_universal_database_for_solaris 9.1 FixPack 2
Ibm db2_universal_database_for_windows 9.1 FixPack 2
Ibm db2_universal_database_for_aix 9.1 FixPak 4
Ibm db2_universal_database_for_linux 9.1 FixPak 4
Ibm db2_universal_database_for_solaris 9.1 FixPak 4
Ibm db2_universal_database_for_windows 9.1 FixPak 4
Ibm db2_universal_database_for_windows 9.1Fix Pak 4a

HTTP:LIBGD-HEAP-BO - HTTP: GD Library libgd gd_gd2.c Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against LibGD. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2016-3074

Affected Products:

Libgd libgd 2.1.1
Debian debian_linux 7.0
Debian debian_linux 8.0

HTTP:EXPLOIT-KIT-STYX-PLU - HTTP: Styx Exploit Kit Plugin Detection Connection

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

FTP:OVERFLOW:WINFTP-DATA-OF - FTP: WinFtp Server Data Handling Denial of Service

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known vulnerability against WinFtp Server 2.0.2. A successful attack can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

cve: CVE-2006-6673
cve: CVE-2006-2225
cve: CVE-2010-3187
cve: CVE-2005-1323
url: http://seclists.org/lists/fulldisclosure/2005/Apr/0578.html
bugtraq: 13396
cve: CVE-2005-0277
bugtraq: 12155

Affected Products:

Winftp_server winftp_server 2.0.2

DB:ORACLE:ODCITABLESTART-OF - DB: Oracle Database SYS.OLAPIMPL_T Package ODCITABLESTART Buffer Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle Database SYS.OLAPIMPL_T Package. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server, typically SYSTEM.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Bea_systems weblogic_portal 8.1.0 SP6
Oracle oracle10g_standard_edition 10.1.0 .5
Bea_systems weblogic_server 7.0.0 .0.1
Bea_systems weblogic_server 7.0.0 SP 1
Oracle oracle10g_personal_edition 10.1.0.5
Bea_systems weblogic_server 7.0.0
Oracle collaboration_suite_release_1 10.1.2
Bea_systems weblogic_server 8.1.0 SP 6
Bea_systems weblogic_server 7.0.0 SP 4
Bea_systems weblogic_server 7.0.0 .0.1 SP 1
Bea_systems weblogic_server 7.0.0 .0.1 SP 4
Bea_systems weblogic_server 7.0.0 .0.1 SP 3
Bea_systems weblogic_server 8.1.0 SP 2
Oracle oracle10g_enterprise_edition 10.1.0 .5
Oracle secure_backup 10.2.0.3
Bea_systems weblogic_server 8.1
Bea_systems weblogic_server 7.0.0 SP 5
Bea_systems weblogic_server 7.0.0 SP 6
Oracle oracle10g_enterprise_edition 10.2.0 .3
Oracle oracle10g_standard_edition 10.2.0 .3
Oracle oracle10g_personal_edition 10.2.0 .3
Bea_systems weblogic_portal 8.1.0 SP5
Bea_systems weblogic_server 9.0
Bea_systems weblogic_server 7.0.0 SP 3
Oracle oracle10g_standard_edition 10.2.0.4
Oracle oracle10g_enterprise_edition 10.2.0.4
Oracle oracle10g_personal_edition 10.2.0.4
Oracle oracle10g_application_server 10.1.2.3.0
Bea_systems weblogic_server 7.0 SP7
Bea_systems weblogic_server 9.1
Oracle secure_backup 10.2.0.2
Bea_systems weblogic_server 7.0.0 .0.1 SP 2
Oracle secure_backup 10.1.0.1
Oracle oracle10g_personal_edition 10.2.0 .2
Oracle secure_backup 10.1.0.3
Oracle timesten_in-memory_database 7.0.5.1.0
Bea_systems weblogic_portal 8.1.0 SP2
Bea_systems weblogic_portal 8.1.0 SP3
Oracle timesten_in-memory_database 7.0.5.4.0
Oracle e-business_suite_12 12.0.6
Oracle enterprise_manager_grid_control_10g 10.2.0.4
Oracle oracle9i_standard_edition 9.2.0 .8DV
Oracle oracle9i_personal_edition 9.2.0 .8DV
Oracle oracle9i_enterprise_edition 9.2.0 .8DV
Oracle oracle10g_enterprise_edition 10.2.0 .2
Bea_systems weblogic_portal 10.0 MP1
Bea_systems weblogic_portal 10.2
Oracle oracle10g_application_server 10.1.3 .3.0
Bea_systems weblogic_server 7.0.0 SP 2
Bea_systems weblogic_server 9.2 Maintenance Pack 3
Bea_systems weblogic_portal 10.3
Bea_systems weblogic_server 10.3
Oracle e-business_suite_11i 11.5.10.2
Bea_systems weblogic_portal 10.0
Oracle oracle11g_standard_edition_one 11.1.0 6
Oracle oracle11g_enterprise_edition 11.1.0 6
Bea_systems weblogic_server 8.1.0 SP 3
Oracle oracle10g_standard_edition 10.2.0 .2
Oracle oracle10g_enterprise_edition 10.2.0.2 64 bit
Bea_systems weblogic_server 8.1.0 SP 1
Oracle secure_backup 10.1.0.2
Bea_systems weblogic_server 10.0 MP1
Bea_systems weblogic_server 8.1.0
Bea_systems weblogic_portal 8.1.0
Oracle timesten_in-memory_database 7.0.5.2.0
Oracle oracle11g_standard_edition 11.1.0 6
Bea_systems weblogic_portal 8.1.0 SP1
Oracle oracle9i_enterprise_edition 9.2.0.8.0
Oracle oracle9i_personal_edition 9.2.0 .8
Oracle oracle9i_standard_edition 9.2.0.8
Oracle oracle10g_application_server 10.1.2 .2.0
Bea_systems weblogic_portal 9.2 MP3
Oracle timesten_in-memory_database 7.0.5.3.0
Bea_systems weblogic_server 10.0
Bea_systems weblogic_server 9.2
Bea_systems weblogic_portal 8.1.0 SP4
Bea_systems weblogic_server 8.1.0 SP 4
Bea_systems weblogic_portal 9.2
Bea_systems weblogic_server 7.0.0 SP 7
Bea_systems weblogic_server 8.1.0 SP 5

HTTP:STC:IE:EVENT-HANDLER-RCE - HTTP: Microsoft Internet Explorer Event Handler Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2012-0170
bugtraq: 52904

Affected Products:

Avaya meeting_exchange 5.2
Microsoft internet_explorer 7.0
Microsoft internet_explorer 6.0 SP3
Microsoft internet_explorer 7.0
Avaya callpilot 4.0
Avaya callpilot 5.0
Avaya communication_server_1000_telephony_manager 3.0
Avaya communication_server_1000_telephony_manager 4.0
Avaya messaging_application_server 5.2
Avaya meeting_exchange 5.0 SP1
Avaya meeting_exchange 5.0 SP2
Avaya meeting_exchange 5.1 SP1
Avaya meeting_exchange 5.0
Microsoft internet_explorer 6.0 SP1
Avaya meeting_exchange-client_registration_server
Avaya meeting_exchange 5.0.0.0.52
Avaya meeting_exchange-streaming_server
Avaya meeting_exchange-web_conferencing_server
Avaya meeting_exchange-webportal
Microsoft internet_explorer 6.0 SP2
Microsoft internet_explorer 6.0
Avaya messaging_application_server 5
Avaya meeting_exchange-recording_server
Avaya aura_conferencing 6.0 Standard
Avaya meeting_exchange 5.1
Avaya meeting_exchange 5.2 SP2
Avaya meeting_exchange 5.2 SP1

FTP:FREEFLOAT-CMD-BO - FTP: FreeFloat FTP Server Invalid Command Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the FreeFloat FTP Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

bugtraq: 48704
bugtraq: 49265
bugtraq: 11772

Affected Products:

Freefloat freefloat_ftp_server 1.0

HTTP:OVERFLOW:SYBASE-WEBCONSOLE - HTTP: Sybase EAServer WebConsole Buffer Overflow

Severity: CRITICAL

Description:

This signature detects an attempt to exploit a known vulnerability in the Sybase EAServer WebConsole. Sybase EAServer versions 5.2 and earlier are vulnerable. By supplying a maliciously crafted URL request, the client can potentially execute arbitrary commands on the server with daemon permissions.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.sybase.com/detail?id=1036742
url: http://www.spidynamics.com/spilabs/advisories/sybaseEAserverOverflow.htm
bugtraq: 14287
cve: CVE-2005-2297

Affected Products:

Sybase enterprise_application_server 4.2.0
Sybase enterprise_application_server 4.2.2
Sybase enterprise_application_server 4.2.5
Sybase enterprise_application_server 5.0.0
Sybase enterprise_application_server 5.1.0
Sybase enterprise_application_server 5.2.0

HTTP:WEBLOGIC:BEA-BOF - HTTP: BEA Weblogic Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the BEA Weblogic. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 33177
cve: CVE-2008-5457

Affected Products:

Bea_systems weblogic_portal 8.1.0 SP6
Oracle oracle10g_standard_edition 10.1.0 .5
Bea_systems weblogic_server 7.0.0 .0.1
Bea_systems weblogic_server 7.0.0 SP 1
Oracle oracle10g_personal_edition 10.1.0.5
Bea_systems weblogic_server 7.0.0
Oracle collaboration_suite_release_1 10.1.2
Bea_systems weblogic_server 8.1.0 SP 6
Bea_systems weblogic_server 7.0.0 SP 4
Bea_systems weblogic_server 7.0.0 .0.1 SP 1
Bea_systems weblogic_server 7.0.0 .0.1 SP 4
Bea_systems weblogic_server 7.0.0 .0.1 SP 3
Bea_systems weblogic_server 8.1.0 SP 2
Oracle oracle10g_enterprise_edition 10.1.0 .5
Oracle secure_backup 10.2.0.3
Bea_systems weblogic_server 8.1
Bea_systems weblogic_server 7.0.0 SP 5
Bea_systems weblogic_server 7.0.0 SP 6
Oracle oracle10g_enterprise_edition 10.2.0 .3
Oracle oracle10g_standard_edition 10.2.0 .3
Oracle oracle10g_personal_edition 10.2.0 .3
Bea_systems weblogic_portal 8.1.0 SP5
Bea_systems weblogic_server 9.0
Bea_systems weblogic_server 7.0.0 SP 3
Oracle oracle10g_standard_edition 10.2.0.4
Oracle oracle10g_enterprise_edition 10.2.0.4
Oracle oracle10g_personal_edition 10.2.0.4
Oracle oracle10g_application_server 10.1.2.3.0
Bea_systems weblogic_server 7.0 SP7
Bea_systems weblogic_server 9.1
Oracle secure_backup 10.2.0.2
Bea_systems weblogic_server 7.0.0 .0.1 SP 2
Oracle secure_backup 10.1.0.1
Oracle oracle10g_personal_edition 10.2.0 .2
Oracle secure_backup 10.1.0.3
Oracle timesten_in-memory_database 7.0.5.1.0
Bea_systems weblogic_portal 8.1.0 SP2
Bea_systems weblogic_portal 8.1.0 SP3
Oracle timesten_in-memory_database 7.0.5.4.0
Oracle e-business_suite_12 12.0.6
Oracle enterprise_manager_grid_control_10g 10.2.0.4
Oracle oracle9i_standard_edition 9.2.0 .8DV
Oracle oracle9i_personal_edition 9.2.0 .8DV
Oracle oracle9i_enterprise_edition 9.2.0 .8DV
Oracle oracle10g_enterprise_edition 10.2.0 .2
Bea_systems weblogic_portal 10.0 MP1
Bea_systems weblogic_portal 10.2
Oracle oracle10g_application_server 10.1.3 .3.0
Bea_systems weblogic_server 7.0.0 SP 2
Bea_systems weblogic_server 9.2 Maintenance Pack 3
Bea_systems weblogic_portal 10.3
Bea_systems weblogic_server 10.3
Oracle e-business_suite_11i 11.5.10.2
Bea_systems weblogic_portal 10.0
Oracle oracle11g_standard_edition_one 11.1.0 6
Oracle oracle11g_enterprise_edition 11.1.0 6
Bea_systems weblogic_server 8.1.0 SP 3
Oracle oracle10g_standard_edition 10.2.0 .2
Oracle oracle10g_enterprise_edition 10.2.0.2 64 bit
Bea_systems weblogic_server 8.1.0 SP 1
Oracle secure_backup 10.1.0.2
Bea_systems weblogic_server 10.0 MP1
Bea_systems weblogic_server 8.1.0
Bea_systems weblogic_portal 8.1.0
Oracle timesten_in-memory_database 7.0.5.2.0
Oracle oracle11g_standard_edition 11.1.0 6
Bea_systems weblogic_portal 8.1.0 SP1
Oracle oracle9i_enterprise_edition 9.2.0.8.0
Oracle oracle9i_personal_edition 9.2.0 .8
Oracle oracle9i_standard_edition 9.2.0.8
Oracle oracle10g_application_server 10.1.2 .2.0
Bea_systems weblogic_portal 9.2 MP3
Oracle timesten_in-memory_database 7.0.5.3.0
Bea_systems weblogic_server 10.0
Bea_systems weblogic_server 9.2
Bea_systems weblogic_portal 8.1.0 SP4
Bea_systems weblogic_server 8.1.0 SP 4
Bea_systems weblogic_portal 9.2
Bea_systems weblogic_server 7.0.0 SP 7
Bea_systems weblogic_server 8.1.0 SP 5

HTTP:STC:DL:MSWMM-OF - HTTP: Microsoft Windows Movie Maker and Producer Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft Movie Maker. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 38515
url: http://www.coresecurity.com/content/movie-maker-heap-overflow
cve: CVE-2010-0265

Affected Products:

Microsoft windows_movie_maker 2.1
Microsoft windows_movie_maker 6.0
Microsoft windows_movie_maker 2.6
Microsoft producer_2003

SMTP:MAL:LOTUS-MAILTO - SMTP: IBM Lotus Domino nrouter.exe iCalendar MAILTO Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known stack buffer overflow vulnerability in IBM Lotus Domino Server. It is due an error in processing e-mail messages containing iCalendar requests. A remote unauthenticated attacker could leverage this by sending a malicious iCalendar e-mail message to a target server. A successful attack can lead to the execution of arbitrary code on a target server, within the security context of the affected service. In an unsuccessful attack, the target server can terminate abnormally.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 43219
cve: CVE-2010-3407

Affected Products:

Ibm lotus_domino 6.5.0
Ibm lotus_domino 8.0.2
Ibm lotus_domino 4.6.1
Ibm lotus_domino 6.0.1.3
Ibm lotus_domino 8.5
Ibm lotus_domino 6.0.1.1
Ibm lotus_domino 4.6.4
Ibm lotus_domino 5.0.10
Ibm lotus_domino 5.0.4A
Ibm lotus_domino 6.5.5
Ibm lotus_domino 6.5.6
Ibm lotus_domino 6.0.2.2
Ibm lotus_domino 7.0.2 FP1
Ibm lotus_domino 7.0.4
Ibm lotus_domino 6.5.5 FP3
Ibm lotus_domino 6.0.2 CF2
Ibm lotus_domino 5.0.2
Ibm lotus_domino 6.5.3
Ibm lotus_domino 8.5 FP1
Ibm lotus_domino 5.0.7
Ibm lotus_domino 6.5.3.1
Ibm lotus_domino 6.5.2.1
Ibm lotus_domino 5.0.8A
Ibm lotus_domino 6.0.1.2
Ibm lotus_domino 6.5.4
Ibm lotus_domino 5.0.6A
Ibm lotus_domino 5.0.5
Ibm lotus_domino 5.0.6
Ibm lotus_domino 5.0.3
Ibm lotus_domino 5.0.11
Ibm lotus_domino 5.0.9
Ibm lotus_domino 4.6.3
Ibm lotus_domino 5.0.13
Ibm lotus_domino 5.0.8
Ibm lotus_domino 6.0.4
Ibm lotus_domino 6.5
Ibm lotus_domino 6.5.4.3
Ibm lotus_domino 8.0
Ibm lotus_domino 6.5.4 FP 1
Ibm lotus_domino 6.5.4 FP 2
Ibm lotus_domino 5.0.9A
Ibm lotus_domino 5.0.7A
Ibm lotus_domino 6.0.5
Ibm lotus_domino 5.0
Ibm lotus_domino 6.0.3
Ibm lotus_domino 7.0.3 Fix Pack 1 (FP1)
Ibm lotus_domino 8.0.1
Ibm lotus_domino 7.0.0
Ibm lotus_domino 5.0.4
Ibm lotus_domino 6.0.0
Ibm lotus_domino 6.5.2
Ibm lotus_domino 6.5.5 FP2
Ibm lotus_domino 6.5.5 FP1
Ibm lotus_domino 7.0.2
Ibm lotus_domino 5.0.1
Ibm lotus_domino 7.0.2 FP2
Ibm lotus_domino 6.0.2
Ibm lotus_domino 7.0.3
Ibm lotus_domino 6.0.1
Ibm lotus_domino 7.0.2 FP3
Ibm lotus_domino 6.5.1
Ibm lotus_domino 7.0.1
Ibm lotus_domino 6.0.2.1
Ibm lotus_domino 6.5.0 .0

HTTP:STC:JAVA:DOCBASE-BOF - HTTP: Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known code execution vulnerability in Oracle Java. It is contained in the Java plugin handler for Internet Explorer, JP2IEXP.dll. While parsing the parameter docbase, the value is copied into a fixed length buffer on the stack without validation. This can lead to a stack buffer overflow. An attacker can exploit this by enticing a user to visit a specially crafted Web site. This can lead to arbitrary code execution in the context of the affected application

Supported On:

References:

bugtraq: 44023
cve: CVE-2010-3552

Affected Products:

Red_hat enterprise_linux_supplementary 5 Server
Sun jdk_(solaris_production_release) 1.6.0 10
Sun jdk_(windows_production_release) 1.6.0 10
Sun jdk_(solaris_production_release) 1.6.0 04
Sun jdk_(windows_production_release) 1.6.0 04
Sun jdk_(solaris_production_release) 1.6.0 14
Sun jdk_(windows_production_release) 1.6.0 14
Sun jdk_(solaris_production_release) 1.6.0 13
Sun jdk_(windows_production_release) 1.6.0 13
Sun jdk_(solaris_production_release) 1.6.0 11
Sun jdk_(windows_production_release) 1.6.0 11
Sun jre_(linux_production_release) 1.6.0 13
Sun jdk_(solaris_production_release) 1.6.0 05
Sun jdk_(windows_production_release) 1.6.0 05
Sun jdk_(windows_production_release) 1.6.0 06
Sun jdk_(solaris_production_release) 1.6.0 06
Sun jdk_(solaris_production_release) 1.6.0 07
Sun jdk_(windows_production_release) 1.6.0 07
Sun jdk_(solaris_production_release) 1.6.0
Sun jdk_(windows_production_release) 1.6.0
Sun jre_(solaris_production_release) 1.6.0
Sun jre_(windows_production_release) 1.6.0
Sun jre_(solaris_production_release) 1.6.0 10
Sun jre_(windows_production_release) 1.6.0 10
Avaya proactive_contact 3.0.3
Sun jre_(solaris_production_release) 1.6.0 12
Sun jre_(windows_production_release) 1.6.0 12
Sun jre_(solaris_production_release) 1.6.0 13
Sun jre_(windows_production_release) 1.6.0 13
Sun jre_(solaris_production_release) 1.6.0 04
Sun jre_(windows_production_release) 1.6.0 04
Sun jre_(solaris_production_release) 1.6.0 05
Sun jre_(windows_production_release) 1.6.0 05
Sun jre_(solaris_production_release) 1.6.0 06
Sun jre_(windows_production_release) 1.6.0 06
Sun jre_(solaris_production_release) 1.6.0 07
Sun jre_(windows_production_release) 1.6.0 07
Vmware esx 4.1 Update 1
Avaya aura_conferencing 6.0 Standard
Hp hp-ux B.11.31
Sun jdk_(windows_production_release) 1.6.0 18
Sun jdk_(solaris_production_release) 1.6.0 18
Sun jdk_(linux_production_release) 1.6.0 18
Sun jre_(linux_production_release) 1.6.0 18
Sun jre_(windows_production_release) 1.6.0 18
Sun jre_(solaris_production_release) 1.6.0 18
Hp hp-ux B.11.23
Sun jdk_(linux_production_release) 1.6.0_21
Sun jdk_(solaris_production_release) 1.6.0_21
Sun jdk_(windows_production_release) 1.6.0_21
Sun jre_(linux_production_release) 1.6.0_21
Sun jre_(solaris_production_release) 1.6.0_21
Sun jre_(windows_production_release) 1.6.0_21
Vmware vcenter 4.1
Vmware vcenter 4.1 Update 1
Hp hp-ux B.11.11
Sun jdk_(linux_production_release) 1.6.0 02
Sun jdk_(windows_production_release) 1.6.0 02
Sun jre_(linux_production_release) 1.6.0 04
Sun jre_(linux_production_release) 1.6.0 02
Sun jdk_(linux_production_release) 1.6.0 04
Sun jdk_(linux_production_release) 1.6.0
Sun jre_(windows_production_release) 1.6.0 01
Sun jre_(windows_production_release) 1.6.0 02
Sun jre_(linux_production_release) 1.6.0 20
Sun jre_(windows_production_release) 1.6.0 20
Sun jre_(linux_production_release) 1.6.0 19
Sun jre_(linux_production_release) 1.6.0 07
Sun jdk_(linux_production_release) 1.6.0 07
Sun jdk_(solaris_production_release) 1.6.0 19
Sun jdk_(windows_production_release) 1.6.0 19
Sun jdk_(linux_production_release) 1.6.0 19
Sun jdk_(solaris_production_release) 1.6.0 03
Sun jdk_(linux_production_release) 1.6.0 03
Sun jdk_(windows_production_release) 1.6.0 20
Suse suse_linux_enterprise 11
Sun jdk_(linux_production_release) 1.6.0 13
Sun jdk_(windows_production_release) 1.6.0 03
Sun jre_(linux_production_release) 1.6.0 03
Sun jre_(solaris_production_release) 1.6.0 03
Sun jre_(windows_production_release) 1.6.0 03
Sun jre_(linux_production_release) 1.6.0 12
Sun jdk_(solaris_production_release) 1.6.0 02
Sun jdk_(linux_production_release) 1.6.0 05
Sun jre_(linux_production_release) 1.6.0 05
Sun jre_(linux_production_release) 1.6.0 11
Sun jdk_(solaris_production_release) 1.6.0 17
Sun jdk_(linux_production_release) 1.6.0 06
Sun jre_(linux_production_release) 1.6.0
Sun jre_(linux_production_release) 1.6.0 10
Sun jre_(linux_production_release) 1.6.0 06
Red_hat enterprise_linux_desktop_supplementary 5 Client
Sun jdk_(windows_production_release) 1.6.0 01
Sun jdk_(linux_production_release) 1.6.0 01
Sun jdk_(windows_production_release) 1.6.0 01-B06
Hp hp-ux B.11.23
Sun jdk_(solaris_production_release) 1.6.0 01
Sun jdk_(linux_production_release) 1.6.0 01-B06
Sun jre_(linux_production_release) 1.6.0 01
Gentoo linux
Sun jdk_(linux_production_release) 1.6.0 14
Sun jre_(solaris_production_release) 1.6.0 01
Sun jre_(solaris_production_release) 1.6.0 02
Sun jdk_(linux_production_release) 1.6.0 15
Sun jdk_(windows_production_release) 1.6.0 15
Sun jdk_(solaris_production_release) 1.6.0 15
Sun jre_(solaris_production_release) 1.6.0 15
Sun jre_(windows_production_release) 1.6.0 15
Sun jre_(linux_production_release) 1.6.0 15
Sun jdk_(solaris_production_release) 1.6.0 20
Sun jdk_(linux_production_release) 1.6.0 20
Sun jre_(linux_production_release) 1.6.0 14
Sun jre_(windows_production_release) 1.6.0 14
Sun jre_(solaris_production_release) 1.6.0 14
Suse suse_linux_enterprise 11 SP1
Red_hat enterprise_linux_extras 4
Hp hp-ux B.11.23
Sun jdk_(linux_production_release) 1.6.0 10
Sun jre_(solaris_production_release) 1.6.0 2
Sun jre_(windows_production_release) 1.6.0 2
Avaya proactive_contact 3.0.2
Sun jre_(windows_production_release) 1.6.0 19
Sun jre_(solaris_production_release) 1.6.0 19
Sun jre_(linux_production_release) 1.6.0 17
Sun jre_(solaris_production_release) 1.6.0 17
Sun jre_(windows_production_release) 1.6.0 17
Suse opensuse 11.3
Sun jdk_(linux_production_release) 1.6.0 17
Sun jre_(solaris_production_release) 1.6.0 11
Sun jre_(windows_production_release) 1.6.0 11
Sun jdk_(windows_production_release) 1.6.0 17
Suse opensuse 11.2
Red_hat enterprise_linux_extras 4.8.Z
Hp hp-ux B.11.11
Vmware esx 4.1
Hp hp-ux B.11.31
Sun jdk_(linux_production_release) 1.6.0 11
Sun jdk_(solaris_production_release) 1.6.0 01-B06
Suse opensuse 11.1
Avaya proactive_contact 3.0

SMTP:IIS:CDO-OF - SMTP: Collaboration Data Objects Vulnerability

Severity: MEDIUM

Description:

This signature detects the SMTP transmission of a maliciously crafted e-mail, designed to exploit a vulnerability in Microsoft IIS.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

cve: CVE-2005-1987
bugtraq: 15067
url: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0289.html
url: http://www.microsoft.com/technet/security/Bulletin/MS05-048.mspx
cve: CVE-2004-0399

Affected Products:

Microsoft windows_xp_professional
Microsoft windows_xp_home
Microsoft windows_2000_datacenter_server
Microsoft windows_2000_professional SP3
Microsoft windows_2000_server SP3
Microsoft windows_2000_advanced_server SP3
Microsoft exchange_server_2000 SP3
Microsoft windows_2000_datacenter_server SP3
Microsoft exchange_server_2000 SP2
Microsoft windows_xp_tablet_pc_edition SP2
Microsoft windows_2000_datacenter_server SP1
Microsoft exchange_server_2000 SP3
Microsoft windows_2000_professional
Microsoft iis 5.0
Microsoft windows_2000_server
Microsoft windows_2000_advanced_server
Microsoft windows_2000_advanced_server SP1
Microsoft windows_2000_advanced_server SP4
Microsoft windows_2000_datacenter_server SP4
Microsoft windows_2000_professional SP4
Microsoft windows_2000_server SP4
Nortel_networks centrex_ip_client_manager 2.5.0
Nortel_networks centrex_ip_client_manager 7.0.0
Nortel_networks centrex_ip_client_manager 8.0.0
Nortel_networks centrex_ip_element_manager 8.0.0
Nortel_networks centrex_ip_element_manager 7.0.0
Nortel_networks centrex_ip_element_manager 2.5.0
Microsoft windows_xp_media_center_edition
Microsoft windows_2000_server SP1
Microsoft windows_xp_home SP1
Microsoft windows_server_2003_standard_edition
Microsoft iis 5.1
Microsoft windows_2000_professional SP1
Microsoft windows_xp_media_center_edition SP2
Microsoft exchange_server_2000 SP1
Microsoft windows_server_2003_standard_x64_edition
Microsoft windows_server_2003_enterprise_x64_edition
Microsoft windows_xp_professional SP1
Microsoft windows_server_2003_datacenter_x64_edition
Microsoft windows_xp_professional_x64_edition
Microsoft windows_server_2003_datacenter_edition SP1
Microsoft windows_server_2003_datacenter_edition_itanium SP1
Microsoft windows_server_2003_enterprise_edition_itanium SP1
Microsoft windows_server_2003_enterprise_edition SP1
Microsoft windows_server_2003_standard_edition SP1
Microsoft windows_server_2003_web_edition SP1
Microsoft windows_2000_advanced_server SP2
Microsoft windows_2000_datacenter_server SP2
Microsoft windows_2000_professional SP2
Microsoft windows_2000_server SP2
Nortel_networks centrex_ip_client_manager
Microsoft windows_server_2003_enterprise_edition
Microsoft windows_server_2003_datacenter_edition
Microsoft windows_server_2003_web_edition
Microsoft windows_server_2003_enterprise_edition_itanium
Microsoft windows_server_2003_datacenter_edition_itanium
Microsoft iis 6.0
Microsoft exchange_server_2000
Microsoft windows_xp_home SP2
Microsoft windows_xp_professional SP2
Microsoft windows_xp_tablet_pc_edition SP1
Microsoft windows_xp_media_center_edition SP1

APP:IBM:INFORMIX-CMD-OF - APP: IBM Informix Dynamic Server Command Argument Processing Stack Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the IBM Informix Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

bugtraq: 28198
cve: CVE-2008-0727
bugtraq: 19264
cve: CVE-2006-3854
cve: CVE-2006-3853

Affected Products:

Ibm informix_ids 10.0 xC3
Ibm informix_ids 11.10
Ibm informix_ids 9.40.0 .UC1
Ibm informix_ids 7.3
Ibm informix_ids 9.40.0 .UC2
Ibm informix_ids 9.40.0 .UC3
Ibm informix_ids 11.10.xC2
Ibm informix_ids 9.40.UC5
Ibm informix_ids 10.00.xC7W1
Ibm informix_ids 10.00.xC8
Ibm informix_ids 9.4
Ibm informix_ids 10.0
Ibm informix_ids 9.3.0
Ibm informix_ids 9.40.TC5
Ibm informix_ids 7.31 .xD9
Ibm informix_ids 9.40.xD8
Ibm informix_ids 10.0.xC4
Ibm informix_ids 7.31 .xD8
Ibm informix_ids 9.40

APP:CITRIX:STREAMPROCESS-BOF - APP: Citrix Provisioning Services streamprocess.exe Component Buffer Overflow

Severity: HIGH

Description:

Supported On:

References:

bugtraq: 45914
url: http://support.citrix.com/article/CTX130846
bugtraq: 49803

Affected Products:

Citrix provisioning_services 5.6

HTTP:PROXY:SQUID-NTLM-OF - HTTP: Squid NTLM Authentication Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Squid Web Proxy, a free Web proxy cache for UNIX systems. Squid Proxy Web Cache 2.5 STABLE6 or 3.0 PRE3 and earlier versions are vulnerable. Attackers can send excessively large NTLM proxy authentication messages to the Squid Web Proxy to overflow the buffer and execute arbitrary code with Proxy privileges (typically a dedicated user). Other proxy servers (including Squid after 2.5 STABLE6 or 3.0 PRE3) support long NTLM without error. You should only use this Attack Object to protect Squid servers 2.5 STABLE5 and earlier, otherwise, this Attack Object will generate considerable non-attack alerts.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.ciac.org/ciac/bulletins/o-168.shtml
bugtraq: 11098
url: http://www.us-cert.gov/cas/bulletins/SB04-315.html
cve: CVE-2004-0541
bugtraq: 14977
cve: CVE-2005-2917
cve: CVE-2005-0097

Affected Products:

Trustix secure_linux 2.0.0
Trustix secure_linux 2.1.0
Squid web_proxy_cache 2.5.0 .STABLE6
Mandriva linux_mandrake 10.0.0 amd64
Squid web_proxy_cache 3.0.0 PRE2
Squid web_proxy_cache 3.0.0 PRE3
Red_hat linux 9.0.0 I386
Mandriva linux_mandrake 9.2.0 amd64
Gentoo linux 1.4.0
Squid web_proxy_cache 2.4.0
Red_hat fedora Core1
Mandriva linux_mandrake 9.2.0
Squid web_proxy_cache 2.5.0 .STABLE1
Mandriva linux_mandrake 10.0.0
Trustix secure_enterprise_linux 2.0.0
Red_hat fedora Core2
Ubuntu ubuntu_linux 4.1.0 Ia64
Ubuntu ubuntu_linux 4.1.0 Ia32
Ubuntu ubuntu_linux 4.1.0 Ppc
Squid web_proxy_cache 3.0.0 PRE1
Red_hat linux 7.3.0 I386
Squid web_proxy_cache 2.0.0 PATCH2
Squid web_proxy_cache 2.1.0 PATCH2
Squid web_proxy_cache 2.5.0 .STABLE5
Squid web_proxy_cache 2.3.0 .STABLE5
Squid web_proxy_cache 2.4.0 .STABLE7
Squid web_proxy_cache 2.5.0 .STABLE3
Squid web_proxy_cache 2.5.0 .STABLE4

APP:UPNP:LIBUPNP-ROOT-DSN-BOF - APP: Portable SDK for UPnP Devices libupnp Root Device Service Name Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects possible attempts to exploit a known vulnerability in the Portable SDK for UPnP Devices libupnp Root Device. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Supported On:

References:

bugtraq: 57602
cve: CVE-2012-5960

Affected Products:

Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.7
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.6
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.5
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.5
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.4
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.4
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.3
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.7
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.2
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.6
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.1
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.1
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.13
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.0
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.0
Portable_sdk_for_upnp_project portable_sdk_for_upnp up to 1.6.17
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.12
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.3
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.11
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.2
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.10
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.16
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.15
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.14
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.9
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.8

APP:UPNP:LIBUPNP-UUID-BOF - APP: Portable SDK for UPnP Devices libupnp UUID Service Name Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects possible attempts to exploit a known vulnerability in the Portable SDK for UPnP Devices libupnp UUID. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Supported On:

References:

bugtraq: 57602
cve: CVE-2012-5959

Affected Products:

Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.7
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.6
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.5
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.5
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.4
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.4
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.3
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.7
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.2
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.6
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.1
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.1
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.13
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.0
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.0
Portable_sdk_for_upnp_project portable_sdk_for_upnp up to 1.6.17
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.12
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.3
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.11
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.2
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.10
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.16
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.15
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.14
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.9
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.8

APP:UPNP:LIBUPNP-DSN-BOF - APP: Portable SDK for UPnP Devices libupnp Device Service Name Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects possible attempts to exploit a known vulnerability in the Portable SDK for UPnP Devices libupnp Device Service Name. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Supported On:

References:

bugtraq: 57602
cve: CVE-2012-5958
cve: CVE-2012-5962

Affected Products:

Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.7
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.6
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.5
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.5
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.4
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.4
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.3
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.7
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.2
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.6
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.1
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.1
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.13
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.0
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.0
Portable_sdk_for_upnp_project portable_sdk_for_upnp up to 1.6.17
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.12
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.3
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.11
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.2
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.10
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.16
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.15
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.14
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.9
Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.8

APP:HPOV:NNM-DISPLAYWIDTH-BOF - APP: HP OpenView Network Node Manager displayWidth Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the HP OpenView Network Node Manager jovgraph.exe. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 45762
cve: CVE-2011-0262
cve: CVE-2011-0261

Affected Products:

Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.53

HTTP:EK-FIESTA-REDIRECTION - HTTP: Fiesta Exploit Kit Redirection

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:STC:ITUNES-HANDLER-OF - HTTP: Apple iTunes Handler Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Apple iTunes. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 35157
cve: CVE-2009-0950

Affected Products:

Apple itunes 7.3.2
Apple itunes 7.4
Apple itunes 8.0.2.20
Apple itunes 8.1
Apple itunes 7.0.2
Apple itunes 8.0
Apple itunes 7.3.0
Apple itunes 7.3.1

HTTP:STC:JAVA:JNLP-CHARSET-OF - HTTP: Sun Java Web Start Charset Encoding Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Sun Java Web Start. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2008-1188
bugtraq: 28083

Affected Products:

Apple mac_os_x 10.4.7
Apple mac_os_x_server 10.4.7
Sun jre_(solaris_reference_release) 1.1.8 007
Vmware esx_server 3.0.1
Sun jre_(windows_production_release) 1.4.2 12
Sun jre_(solaris_reference_release) 1.1.8
Apple mac_os_x 10.5.4
Apple mac_os_x_server 10.5.4
Sun jdk_(reference_release) 1.1.8 008
Mandriva corporate_server 4.0.0 X86 64
Sun jdk_(windows_production_release) 1.5.0.0 06
Suse open-enterprise-server
Nortel_networks self-service_wvads
Sun jre_(linux_production_release) 1.3.1 08
Sun jre_(linux_production_release) 1.3.1 09
Sun jre_(linux_production_release) 1.4.2 01
Sun jre_(solaris_production_release) 1.3.1 08
Sun jre_(solaris_production_release) 1.3.1 09
Sun jre_(solaris_production_release) 1.4.2 01
Sun jre_(solaris_production_release) 1.4.2 02
Sun jre_(windows_production_release) 1.3.1 08
Sun jre_(windows_production_release) 1.3.1 09
Sun jre_(windows_production_release) 1.4.2 02
Mandriva linux_mandrake 2008.0
Mandriva linux_mandrake 2008.0 X86 64
Apple mac_os_x 10.4.6
Apple mac_os_x_server 10.4.6
Sun sdk_(solaris_production_release) 1.4.2 04
Apple mac_os_x 10.4.10
Apple mac_os_x_server 10.4.10
Mandriva linux_mandrake 2007.1
Mandriva linux_mandrake 2007.1 X86 64
Nortel_networks optivity_telephony_manager_tm-cs1000
Red_hat advanced_workstation_for_the_itanium_processor 2.1.0 IA64
Suse novell_linux_pos 9
Sun jre_(windows_production_release) 1.1.8 005
Sun jre_(windows_production_release) 1.1.7 B 007
Sun jre_(windows_production_release) 1.1.6 09
Sun jre_(solaris_reference_release) 1.1.8 005
Sun jre_(solaris_reference_release) 1.1.7 B 007
Sun jre_(solaris_reference_release) 1.1.6 009
Sun jre_(solaris_production_release) 1.1.8 12
Sun jdk_(linux_production_release) 1.4.2 11
Mozilla firefox 2.0.0.8
Mozilla firefox 2.0.0.2
Sun jre_(windows_production_release) 1.2.2 12
Mozilla seamonkey 1.1.5
Sun jdk_(solaris_production_release) 1.5.0 0 03
Apple mac_os_x 10.4.8
Apple mac_os_x_server 10.4.8
Bea_systems jrockit R27.3.1
Sun jre_(linux_production_release) 1.4.2 03
Sun jre_(solaris_production_release) 1.4.2 03
Sun jre_(windows_production_release) 1.4.2 03
Sun sdk_(linux_production_release) 1.4.2 01
Sun jre_(linux_production_release) 1.1.7B 07
Sun jre_(linux_production_release) 1.4.2 04
Sun jre_(solaris_production_release) 1.4.2 04
Sun jre_(windows_production_release) 1.4.2 04
Sun jdk_(windows_production_release) 1.4.2 05
Sun jdk_(solaris_production_release) 1.4.2 05
Sun jdk_(reference_release) 1.1.8 003
Sun sdk_(solaris_production_release) 1.4.2 03
Sun sdk_(solaris_production_release) 1.4.2
Sun sdk_(windows_production_release) 1.4.2
Sun jre_(solaris_production_release) 1.4.2 12
Sun jre_(linux_production_release) 1.4.2 12
Sun sdk_(solaris_production_release) 1.2.2 05A
Sun sdk_(solaris_production_release) 1.2.1
Sun jdk_(solaris_production_release) 1.1.8 11
Sun jre_(solaris_production_release) 1.2.2 05A
Sun jre_(solaris_production_release) 1.2.1
Sun jre_(solaris_production_release) 1.1.8 10
Sun jre_(solaris_production_release) 1.1.7 B
Sun jre_(solaris_production_release) 1.1.6
Sun sdk_(linux_production_release) 1.2.2 005
Sun jre_(linux_production_release) 1.2.2 005
Sun jre_(solaris_reference_release) 1.4.2 12
Suse opensuse 10.2
Sun jdk_(linux_production_release) 1.3.1 14
Apple mac_os_x 10.4.0
Apple mac_os_x_server 10.4.0
Sun jdk_(linux_production_release) 1.4.2 10
Sun jdk_(linux_production_release) 1.4.2 06
Sun jdk_(linux_production_release) 1.4.1 07
Sun jre_(linux_production_release) 1.2.2
Sun jre_(linux_production_release) 1.3.1
Sun jdk_(linux_production_release) 1.4.1 01
Sun sdk_(windows_production_release) 1.3.1 11
Sun jre_(linux_production_release) 1.2.2 004
Sun jdk_(linux_production_release) 1.3.1 01
Sun jre_(solaris_production_release) 1.4.2 16
Suse suse_linux_enterprise_server 9
Apple mac_os_x_server 10.4.3
Sun jdk_(solaris_production_release) 1.5.0 0 10
Apple mac_os_x 10.4.3
Sun jre_(windows_production_release) 1.3.0 .0 04
Sun jre_(solaris_production_release) 1.3.1 10
Sun sdk_(linux_production_release) 1.4.2 16
Sun sdk_(solaris_production_release) 1.4.2 16
Sun sdk_(windows_production_release) 1.4.2 16
Sun sdk_(windows_production_release) 1.3.1 20
Sun sdk_(linux_production_release) 1.3.1 20
Sun jre_(linux_production_release) 1.3.1 21
Sun jre_(solaris_production_release) 1.3.1 21
Sun jre_(windows_production_release) 1.3.1 21
Sun sdk_(solaris_production_release) 1.3.1 21
Sun sdk_(windows_production_release) 1.3.1 21
Sun jre_(linux_production_release) 1.3.1 21
Apple mac_os_x 10.5.5
Apple mac_os_x_server 10.5.5
Nortel_networks enterprise_network_management_system
Sun jre_(linux_production_release) 1.5.0 14
Suse suse_linux_enterprise_desktop 10 SP1
Suse suse_linux_enterprise_server 10 SP1
Mozilla firefox 2.0.0.1
Sun jre_(linux_production_release) 1.3.1 18
Sun jre_(linux_production_release) 1.5.0 07
Sun jre_(linux_production_release) 1.3.1 19
Sun jre_(solaris_production_release) 1.4.1 02
Sun java_plug-in 1.4.0
Sun jre_(windows_production_release) 1.4.1 02
Sun jdk_(linux_production_release) 1.7.0
Sun jdk_(linux_production_release) 1.4.2 14
Sun jdk_(linux_production_release) 1.5.0 01
Sun jdk_(linux_production_release) 1.5.0 02
Sun jdk_(windows_production_release) 1.4.2 02
Sun jdk_(reference_release) 1.1.7 B 005
Sun sdk_(linux_production_release) 1.4.2 15
Sun sdk_(solaris_production_release) 1.4.2 15
Sun sdk_(windows_production_release) 1.4.2 15
Sun jre_(linux_production_release) 1.4.2 06
Sun jre_(windows_production_release) 1.4.2 06
Sun jre_(solaris_production_release) 1.4.2 06
Sun jre_(linux_production_release) 1.4.2 10-B03
Nortel_networks self-service_mps_500
Nortel_networks self-service_mps_1000
Nortel_networks self-service_speech_server
Vmware virtualcenter_management_server 2
Sun sdk_(windows_production_release) 1.4.2 03
Apple mac_os_x 10.5
Suse core 9
Sun sdk_(linux_production_release) 1.3.1 21
Apple mac_os_x 10.4.1
Apple mac_os_x_server 10.4.1
Sun jre_(linux_production_release) 1.2.2 12
Sun jre_(linux_production_release) 1.4.2 02
Sun java_plug-in 1.4.2 _02
Sun jre_(linux_production_release) 1.2.2 011
Sun jdk_(windows_production_release) 1.4.2 09
Sun jdk_(windows_production_release) 1.5.0 .0 05
Sun jdk_(linux_production_release) 1.5.0 .0 05
Sun jdk_(linux_production_release) 1.4.2 09
Sun jdk_(solaris_production_release) 1.4.2 09
Sun jdk_(solaris_production_release) 1.5.0 .0 05
Sun jdk_(linux_production_release) 1.4.2 08
Sun jdk_(solaris_production_release) 1.4.2 08
Sun jdk_(windows_production_release) 1.4.2 08
Sun jre_(windows_production_release) 1.3.1 02
Sun jre_(linux_production_release) 1.4.2 07
Sun sdk_(windows_production_release) 1.3.1 02
Sun jre_(windows_production_release) 1.5.0 11
Sun jre_(solaris_production_release) 1.3.0 01
Sun sdk_(linux_production_release) 1.3.1 08
Sun sdk_(linux_production_release) 1.3.1 09
Sun sdk_(linux_production_release) 1.3.1 10
Sun sdk_(linux_production_release) 1.3.1 11
Sun sdk_(linux_production_release) 1.3.1 12
Sun sdk_(linux_production_release) 1.3.1 13
Sun sdk_(linux_production_release) 1.3.1 14
Sun sdk_(solaris_production_release) 1.3.1 08
Sun sdk_(solaris_production_release) 1.3.1 09
Sun sdk_(solaris_production_release) 1.3.1 10
Sun sdk_(solaris_production_release) 1.3.1 11
Sun sdk_(solaris_production_release) 1.3.1 12
Sun sdk_(solaris_production_release) 1.3.1 13
Sun sdk_(solaris_production_release) 1.3.1 14
Sun sdk_(windows_production_release) 1.3.1 08
Sun sdk_(windows_production_release) 1.3.1 09
Sun sdk_(windows_production_release) 1.3.1 10
Sun jdk_(solaris_production_release) 1.3.1 14
Sun sdk_(windows_production_release) 1.3.1 12
Sun sdk_(windows_production_release) 1.3.1 13
Sun sdk_(windows_production_release) 1.3.1 14
Sun jre_(linux_production_release) 1.3.1 10
Sun jre_(linux_production_release) 1.3.1 11
Sun jre_(linux_production_release) 1.3.1 13
Sun jre_(linux_production_release) 1.3.1 14
Sun jre_(solaris_production_release) 1.3.1 11
Sun jre_(solaris_production_release) 1.3.1 12
Sun jre_(solaris_production_release) 1.3.1 13
Sun jre_(solaris_production_release) 1.3.1 14
Sun jre_(windows_production_release) 1.3.1 10
Sun jre_(windows_production_release) 1.3.1 11
Sun jre_(windows_production_release) 1.3.1 12
Sun jre_(windows_production_release) 1.3.1 13
Sun jre_(windows_production_release) 1.3.1 14
Sun jre_(linux_production_release) 1.3.1 12
Apple mac_os_x 10.4.9
Sun jre_(linux_production_release) 1.2.2 015
Sun jre_(solaris_reference_release) 1.2.2 015
Sun jdk_(solaris_production_release) 1.1.8 13
Sun jre_(solaris_production_release) 1.3.0 03
Sun jdk_(solaris_production_release) 1.1.8
Sun jre_(solaris_production_release) 1.4.0 .0 04
Sun jre_(linux_production_release) 1.4.0 .0 04
Sun jre_(linux_production_release) 1.6.0
Sun jre_(linux_production_release) 1.6.0 10
Sun sdk_(solaris_production_release) 1.3.0 02
Sun sdk_(solaris_reference_release) 1.2.2 _010
Nortel_networks self-service
Sun jdk_(solaris_reference_release) 1.1.8 007
Sun sdk_(solaris_production_release) 1.2.2 12
Sun jre_(linux_production_release) 1.4.2 15
Sun jre_(windows_production_release) 1.4.2 15
Sun jre_(solaris_production_release) 1.4.2 15
Sun sdk_(windows_production_release) 1.4.0
Sun sdk_(linux_production_release) 1.2.2 12
Sun jre_(windows_production_release) 1.4.0
Sun sdk_(windows_production_release) 1.1.8 007
Red_hat fedora 8
Sun jdk_(solaris_production_release) 1.6.0 01
Sun jre_(solaris_production_release) 1.4.0
Sun jre_(windows_production_release) 1.3.1 18
Sun jre_(windows_production_release) 1.3.1 19
Mozilla firefox 2.0
Sun jre_(solaris_production_release) 1.3.1 19
Sun jre_(solaris_production_release) 1.5.0 10
Sun jre_(solaris_production_release) 1.2.2 11
Sun sdk_(linux_production_release) 1.4.2 09
Sun sdk_(linux_production_release) 1.4.2 10
Sun sdk_(linux_production_release) 1.4.2 11
Sun sdk_(linux_production_release) 1.4.2 12
Sun sdk_(linux_production_release) 1.4.2 13
Sun sdk_(linux_production_release) 1.4.2 14
Sun sdk_(solaris_production_release) 1.4.2 09
Sun sdk_(solaris_production_release) 1.4.2 10
Sun sdk_(solaris_production_release) 1.4.2 11
Sun sdk_(solaris_production_release) 1.4.2 12
Sun sdk_(solaris_production_release) 1.4.2 13
Sun sdk_(solaris_production_release) 1.4.2 14
Sun sdk_(windows_production_release) 1.4.2 09
Sun sdk_(windows_production_release) 1.4.2 10
Sun sdk_(windows_production_release) 1.4.2 11
Sun sdk_(windows_production_release) 1.4.2 12
Sun sdk_(windows_production_release) 1.4.2 13
Sun sdk_(windows_production_release) 1.4.2 14
Sun jre_(windows_production_release) 1.4.2 07
Sun jre_(windows_production_release) 1.4.2 08
Sun jre_(windows_production_release) 1.4.2 09
Sun jre_(windows_production_release) 1.4.2 10
Sun jre_(windows_production_release) 1.4.2 11
Sun jre_(windows_production_release) 1.4.2 13
Sun jre_(windows_production_release) 1.4.2 14
Sun jre_(solaris_production_release) 1.4.2 07
Sun jre_(solaris_production_release) 1.4.2 08
Sun jre_(solaris_production_release) 1.4.2 09
Sun jre_(solaris_production_release) 1.4.2 10
Sun jre_(solaris_production_release) 1.4.2 11
Sun jre_(solaris_production_release) 1.4.2 13
Sun jre_(solaris_production_release) 1.4.2 14
Sun jre_(linux_production_release) 1.4.2 10
Sun jre_(linux_production_release) 1.4.2 11
Sun jre_(linux_production_release) 1.4.2 13
Sun jre_(linux_production_release) 1.4.2 14
Sun jre_(linux_production_release) 1.3.1 04
Sun sdk_(windows_production_release) 1.3.0 .0 02
Sun jre_(windows_production_release) 1.3.0 .0 02
Sun sdk_(windows_production_release) 1.2.2 007
Sun jre_(windows_production_release) 1.2.2 007
Sun jre_(windows_production_release) 1.2.1
Sun sdk_(windows_production_release) 1.2.1
Sun sdk_(windows_production_release) 1.2.0
Sun jre_(windows_production_release) 1.2.0
Sun sdk_(windows_release_version) 1.2.2 _007
Sun jre_(solaris_reference_release) 1.2.2 007
Sun sdk_(solaris_reference_release) 1.2.2 _007
Sun jre_(solaris_reference_release) 1.2.1
Sun sdk_(solaris_reference_release) 1.2.1
Sun jre_(solaris_reference_release) 1.2.0
Sun sdk_(solaris_reference_release) 1.2.0
Sun jre_(solaris_production_release) 1.3.0 .0 02
Sun sdk_(solaris_production_release) 1.3.0 .0 02
Sun jre_(solaris_production_release) 1.2.2 07
Sun sdk_(solaris_production_release) 1.2.2 07
Sun jre_(solaris_production_release) 1.2.0
Sun sdk_(solaris_production_release) 1.2.0
Sun jre_(linux_production_release) 1.3.0 .0 03
Sun sdk_(linux_production_release) 1.3.0 .0 02
Sun jre_(linux_production_release) 1.2.2 007
Sun jdk_(linux_production_release) 1.5.0 06
Sun jdk_(solaris_production_release) 1.5.0 06
Sun jre_(solaris_production_release) 1.5.0
Sun jre_(linux_production_release) 1.5.0
Sun jre_(windows_production_release) 1.5.0
Sun jre_(windows_production_release) 1.5.0 06
Sun jre_(solaris_production_release) 1.5.0 06
Sun jre_(linux_production_release) 1.5.0 06
Sun jre_(linux_production_release) 1.5.0 03
Sun jre_(linux_production_release) 1.5.0 04
Sun jre_(linux_production_release) 1.4.2 09
Sun jre_(linux_production_release) 1.3.1 16
Sun jre_(linux_production_release) 1.3.1 17
Apple mac_os_x 10.4.11
Apple mac_os_x_server 10.4.11
Sun jre_(linux_production_release) 1.2.2 010
Sun jre_(linux_production_release) 1.4.1 03
Sun jre_(solaris_production_release) 1.4.1 03
Sun jre_(windows_production_release) 1.4.1 03
Sun sdk_(windows_production_release) 1.4.1 03
Sun sdk_(solaris_production_release) 1.4.1 03
Sun sdk_(linux_production_release) 1.4.1 03
Apple mac_os_x 10.5.1
Apple mac_os_x_server 10.5
Apple mac_os_x_server 10.5.1
Sun jre_(solaris_production_release) 1.5.0 05
Sun jdk_(solaris_reference_release) 1.1.8 002
Nortel_networks self-service_peri_application
Mozilla firefox 2.0.0.9
Nortel_networks contact_center-cct
Sun jdk_(linux_production_release) 1.2.0
Nortel_networks self-service_ccxml
Nortel_networks self_service_voicexml
Suse linux 10.1 X86
Suse linux 10.1 X86-64
Suse linux 10.1 Ppc
Mozilla firefox 2.0.0.5
Sun jdk_(windows_production_release) 1.2.2 006
Sun jre_(windows_production_release) 1.3.1 05
Sun jre_(solaris_production_release) 1.3.1 20
Avaya interactive_response 2.0
Sun sdk_(linux_production_release) 1.2.2 007
Sun jre_(solaris_production_release) 1.4.1
Mozilla firefox 2.0.0.7
Sun sdk_(solaris_production_release) 1.4.0 .0 03
Sun jdk_(linux_production_release) 1.5.0
Apple mac_os_x 10.5.3
Apple mac_os_x_server 10.5.3
Red_hat fedora 7
Sun jre_(linux_production_release) 1.5.0 01
Sun jre_(linux_production_release) 1.5.0 02
Sun jre_(linux_production_release) 1.5.0 05
Mozilla seamonkey 1.1.3
Sun sdk_(linux_production_release) 1.3.1 05
Apple mac_os_x 10.4.4
Apple mac_os_x_server 10.4.4
Apple mac_os_x 10.4.5
Apple mac_os_x_server 10.4.5
Sun jre_(windows_production_release) 1.4.1 07
Sun jre_(linux_production_release) 1.4.2 08
Sun jre_(linux_production_release) 1.5.0 .0 Beta
Sun jre_(linux_production_release) 1.6.0 04
Sun jdk_(linux_production_release) 1.6.0 04
Sun jdk_(linux_production_release) 1.6.0
Sun jre_(solaris_production_release) 1.2.2 014
Sun jdk_(windows_production_release) 1.5.0 11-B03
Sun jre_(windows_production_release) 1.4.1 01
Sun jdk_(windows_production_release) 1.5.0.0 12
Sun jdk_(linux_production_release) 1.5.0.0 12
Sun jdk_(solaris_production_release) 1.6.0 02
Avaya interactive_response 3.0
Sun jdk_(linux_production_release) 1.4.1
Sun jdk_(linux_production_release) 1.4.2
Sun jdk_(linux_production_release) 1.3.1 17
Sun jdk_(linux_production_release) 1.3.1 18
Mozilla seamonkey 1.1.1
Sun jdk_(linux_production_release) 1.5.0.0 03
Sun jre_(solaris_production_release) 1.3.0 04
Sun jdk_(solaris_production_release) 1.5.0 .0 03
Sun jdk_(windows_production_release) 1.5.0 .0 03
Sun jdk_(windows_production_release) 1.5.0 .0 04
Sun jdk_(linux_production_release) 1.5.0.0 04
Sun jdk_(solaris_production_release) 1.5.0 .0 04
Sun jre_(solaris_production_release) 1.3.1
Sun jre_(linux_production_release) 1.3.1 15
Sun sdk_(windows_production_release) 1.3.1 15
Sun sdk_(linux_production_release) 1.3.1 15
Sun sdk_(solaris_production_release) 1.3.1 15
Sun sdk_(solaris_production_release) 1.4.2 08
Sun sdk_(linux_production_release) 1.4.2 08
Sun sdk_(windows_production_release) 1.4.2 08
Sun jdk_(windows_production_release) 1.5.0 07-B03
Sun jre_(linux_production_release) 1.3.1 01A
Sun jdk_(windows_production_release) 1.6.0 01-B06
Mozilla firefox 2.0.0.10
Sun jdk_(solaris_production_release) 1.5.0 0 09
Mozilla seamonkey 1.1.6
Sun jre_(linux_production_release) 1.4.1 01
Sun jre_(solaris_production_release) 1.4.0 .0 03
Sun jdk_(linux_production_release) 1.5.0 07-B03
Sun jdk_(linux_production_release) 1.5.0 11-B03
Sun jdk_(linux_production_release) 1.6.0 01-B06
Gentoo linux
Sun jdk_(linux_production_release) 1.5.0 0 10
Vmware esx_server 3.0.2
Sun jdk_(windows_production_release) 1.5.0 0 10
Sun jre_(linux_production_release) 1.4.2
Sun jre_(solaris_production_release) 1.4.2
Sun jre_(windows_production_release) 1.4.2
Sun jre_(windows_production_release) 1.4.0 .0 01
Sun jre_(windows_production_release) 1.3.1 01
Sun jre_(windows_production_release) 1.3.1 04
Mozilla firefox 2.0.0.6
Sun sdk_(windows_production_release) 1.4.0 .0 01
Sun sdk_(windows_production_release) 1.3.1 04
Sun sdk_(solaris_reference_release) 1.2.2 _012
Sun jre_(solaris_reference_release) 1.2.2 012
Sun jre_(solaris_production_release) 1.4.0 .0 01
Sun jre_(solaris_production_release) 1.3.1 04
Sun jre_(solaris_production_release) 1.2.2 012
Sun sdk_(linux_production_release) 1.3.0 05
Sun jre_(linux_production_release) 1.2.2 006
Mozilla seamonkey 1.1.4
Sun jdk_(windows_production_release) 1.6.0 02
Suse suse_linux_enterprise_server 10 SP2
Sun jre_(windows_production_release) 1.5.0.0 07
Sun jre_(solaris_production_release) 1.5.0.0 07
Sun jdk_(windows_production_release) 1.5.0.0 08
Sun jdk_(linux_production_release) 1.5.0.0 08
Sun jre_(windows_production_release) 1.5.0.0 08
Sun jre_(solaris_production_release) 1.5.0.0 08
Sun jdk_(windows_production_release) 1.5.0.0 09
Sun jdk_(linux_production_release) 1.5.0.0 09
Sun jre_(windows_production_release) 1.5.0.0 09
Sun jre_(solaris_production_release) 1.5.0.0 09
Sun jre_(solaris_production_release) 1.5.0 14
Sun jre_(solaris_production_release) 1.6.0 2
Sun jre_(linux_production_release) 1.4.1 02
Sun jre_(windows_production_release) 1.6.0 2
Sun jre_(windows_production_release) 1.5.0 14
Sun jre_(linux_production_release) 1.3.1 07
Sun jre_(solaris_production_release) 1.3.1 07
Sun jre_(windows_production_release) 1.3.1 07
Sun sdk_(linux_production_release) 1.3.1 07
Sun sdk_(solaris_production_release) 1.3.1 07
Sun sdk_(windows_production_release) 1.3.1 07
Sun sdk_(linux_production_release) 1.4.1 02
Sun sdk_(solaris_production_release) 1.4.1 02
Sun sdk_(windows_production_release) 1.4.1 02
Sun jre_(linux_production_release) 1.3.0 .0 02
Sun jre_(windows_production_release) 1.4.2 05
Sun jre_(linux_production_release) 1.4.2 05
Sun jre_(linux_production_release) 1.3.0 .0 01
Sun jre_(windows_production_release) 1.3.0
Sun jre_(windows_production_release) 1.2.2 010
Sun jre_(windows_production_release) 1.1.8 007
Sun jre_(windows_production_release) 1.1.8
Sun jre_(windows_production_release) 1.2.2
Sun jre_(linux_production_release) 1.3.0 .0 04
Sun jdk_(linux_production_release) 1.5.0 07
Sun jre_(linux_production_release) 1.2.2 003
Sun jre_(linux_production_release) 1.3.0 .0
Sun jre_(windows_production_release) 1.3.1 20
Sun jre_(solaris_production_release) 1.5.0 11
Sun jre_(solaris_production_release) 1.1.8 13
Sun jre_(solaris_production_release) 1.1.8
Sun jre_(solaris_production_release) 1.2.2 010
Sun jre_(solaris_production_release) 1.2.2
Sun sdk_(solaris_production_release) 1.3.1 02
Sun jre_(solaris_production_release) 1.3.1 02
Sun jre_(linux_production_release) 1.3.1 02
Sun sdk_(linux_production_release) 1.3.1 02
Apple mac_os_x_server 10.4.9
Sun sdk_(linux_production_release) 1.2.2 010
Sun jre_(windows_production_release) 1.2.2 015
Sun jre_(windows_production_release) 1.4.0 .0 04
Sun sdk_(solaris_production_release) 1.2.2 10
Sun sdk_(solaris_production_release) 1.2.2
Sun sdk_(solaris_production_release) 1.3.0
Mozilla firefox 2.0.0.12
Sun jdk_(reference_release) 1.1.8 009
Sun jdk_(solaris_production_release) 1.1.8 15
Sun jdk_(solaris_reference_release) 1.1.8
Sun jre_(solaris_production_release) 1.3.1 17
Sun jre_(windows_production_release) 1.3.1 16
Sun sdk_(linux_production_release) 1.4.0 .0 4
Sun jdk_(windows_production_release) 1.1.8 007
Sun sdk_(windows_production_release) 1.4.0 .0 4
Sun sdk_(windows_production_release) 1.2.2 015
Sun sdk_(solaris_reference_release) 1.2.2 _015
Sun sdk_(linux_production_release) 1.2.2 015
Sun jre_(windows_production_release) 1.5.0 10
Sun jre_(windows_production_release) 1.3.0 01
Sun jre_(solaris_production_release) 1.3.1 01A
Sun sdk_(solaris_production_release) 1.2.2 11
Sun jre_(solaris_production_release) 1.5.0 01
Sun jre_(windows_production_release) 1.5.0 01
Sun jre_(solaris_production_release) 1.5.0 02
Sun jre_(windows_production_release) 1.5.0 02
Sun jre_(solaris_production_release) 1.5.0 03
Sun jre_(windows_production_release) 1.5.0 03
Sun jre_(solaris_production_release) 1.5.0 04
Sun jre_(windows_production_release) 1.5.0 04
Sun jdk_(windows_production_release) 1.2.2 004
Sun jdk_(solaris_reference_release) 1.2.2 004
Sun jdk_(windows_production_release) 1.2.1 003
Sun jdk_(solaris_reference_release) 1.2.1 003
Sun jdk_(windows_production_release) 1.1.8 002
Sun jre_(windows_production_release) 1.5.0 05
Sun jdk_(windows_production_release) 1.1.7 B 005
Sun jdk_(solaris_reference_release) 1.1.7 B 005
Sun jdk_(windows_production_release) 1.1.6 007
Sun jdk_(solaris_reference_release) 1.1.6 007
Sun jdk_(solaris_production_release) 1.2.2 05
Sun jdk_(solaris_production_release) 1.2.1
Sun jdk_(solaris_production_release) 1.1.8 10
Sun jdk_(solaris_production_release) 1.1.7 B
Sun jdk_(solaris_production_release) 1.1.6
Sun jdk_(linux_production_release) 1.2.2 05
Red_hat enterprise_linux_supplementary 5 Server
Sun jdk_(windows_production_release) 1.2.1 004
Sun jdk_(windows_production_release) 1.1.8 005
Sun jdk_(windows_production_release) 1.1.7 B 007
Sun jdk_(windows_production_release) 1.1.6 009
Sun jdk_(solaris_reference_release) 1.2.2 006
Sun jdk_(solaris_reference_release) 1.2.1 004
Sun jdk_(solaris_reference_release) 1.1.8 005
Sun jdk_(solaris_reference_release) 1.1.7 B 007
Sun jdk_(solaris_reference_release) 1.1.6 009
Sun jdk_(solaris_production_release) 1.2.2 06
Sun jdk_(solaris_production_release) 1.1.8 12
Sun jdk_(linux_production_release) 1.2.2 06
Sun java_plug-in 1.3.1
Sun java_plug-in 1.3.0 _02
Apple mac_os_x 10.5.2
Apple mac_os_x_server 10.5.2
Mozilla seamonkey 1.1.7
Red_hat red_hat_network_satellite_(for_rhel_4) 5.1
Sun jre_(linux_production_release) 1.2.1 04
Rpath rpath_linux 1
Suse opensuse 10.3
Sun jre_(windows_production_release) 1.1.8 009
Sun jdk_(linux_production_release) 1.1.8 09
Sun jdk_(solaris_reference_release) 1.1.8 099
Sun jdk_(solaris_production_release) 1.1.8 009
Sun jdk_(windows_production_release) 1.1.8 009
Sun jre_(linux_production_release) 1.3.1 03
Sun jre_(solaris_production_release) 1.1.8 009
Sun jre_(solaris_reference_release) 1.2.2 011
Sun jre_(solaris_production_release) 1.2.2 011
Sun jre_(solaris_production_release) 1.3.1 03
Sun jre_(solaris_reference_release) 1.1.8 099
Sun jre_(windows_production_release) 1.2.2 011
Sun jre_(windows_production_release) 1.3.1 03
Sun sdk_(linux_production_release) 1.2.2 011
Sun sdk_(linux_production_release) 1.3.1 03
Sun sdk_(solaris_reference_release) 1.2.2 _011
Sun sdk_(windows_production_release) 1.2.2 011
Sun sdk_(windows_production_release) 1.3.1 03
Sun sdk_(solaris_production_release) 1.3.1 03
Sun sdk_(solaris_production_release) 1.2.2 011
Sun jre_(windows_production_release) 1.6.0 02
Gentoo dev-java/ibm-jdk-bin 1.5.0.6
Sun sdk_(linux_production_release) 1.4.2 02
Sun sdk_(linux_production_release) 1.3.1 06
Sun sdk_(solaris_production_release) 1.4.0 .0 4
Mozilla firefox 2.0.0.11
Sun jre_(solaris_production_release) 1.3.1 15
Sun sdk_(solaris_production_release) 1.3.1 20
Sun jre_(windows_production_release) 1.3.1 15
Suse suse_linux_enterprise_sdk 10.SP1
Sun java_plug-in 1.4.2 _01
Mozilla firefox 2.0.0.3
Nortel_networks enterprise_voip TM-CS1000
Sun jdk_(linux_production_release) 1.1.0
Sun jdk_(linux_production_release) 1.6.0 02
Nortel_networks self-service-web_centric CCXML
Sun jre_(linux_production_release) 1.6.0 01
Sun jre_(linux_production_release) 1.6.0 02
Sun jre_(solaris_production_release) 1.6.0 01
Sun jre_(solaris_production_release) 1.6.0 02
Sun jre_(windows_production_release) 1.6.0 01
Mozilla firefox 2.0.0.4
Sun jdk_(windows_production_release) 1.4.2 10
Sun jdk_(windows_production_release) 1.4.2 11
Sun jre_(linux_production_release) 1.4.2 16
Mozilla seamonkey 1.1.2
Sun jre_(windows_production_release) 1.4.2 16
Sun jdk_(windows_production_release) 1.5.0 12
Sun jdk_(windows_production_release) 1.5.0 13
Sun jdk_(solaris_production_release) 1.5.0 11
Sun jdk_(solaris_production_release) 1.5.0 12
Sun jre_(solaris_production_release) 1.3.1 16
Sun jdk_(linux_production_release) 1.5.0 13
Sun jre_(linux_production_release) 1.5.0 12
Sun jre_(linux_production_release) 1.5.0 13
Sun jre_(solaris_production_release) 1.5.0 12
Sun jre_(solaris_production_release) 1.5.0 13
Sun jre_(windows_production_release) 1.5.0 12
Sun jre_(windows_production_release) 1.5.0 13
Sun jdk_(solaris_production_release) 1.6.0 03
Sun jdk_(linux_production_release) 1.6.0 03
Suse novell_linux_desktop 9.0.0
Sun jdk_(windows_production_release) 1.6.0 03
Sun jre_(linux_production_release) 1.6.0 03
Sun jre_(solaris_production_release) 1.6.0 03
Sun jre_(windows_production_release) 1.6.0 03
Sun jdk_(reference_release) 1.1.6 007
Sun jre_(solaris_production_release) 1.4.2 05
Sun sdk_(solaris_production_release) 1.4.2 05
Sun sdk_(linux_production_release) 1.4.2 05
Sun sdk_(windows_production_release) 1.4.2 05
Sun jre_(windows_production_release) 1.3.1 01A
Sun sdk_(windows_production_release) 1.3.1 01A
Sun sdk_(windows_production_release) 1.3.0 .0 05
Sun jre_(windows_production_release) 1.3.0 .0 05
Sun jre_(windows_production_release) 1.1.8 008
Sun jdk_(windows_production_release) 1.1.8 008
Sun jdk_(solaris_reference_release) 1.1.8 008
Sun jre_(solaris_reference_release) 1.1.8 008
Sun jre_(solaris_production_release) 1.3.1 01
Sun sdk_(solaris_production_release) 1.3.1 01
Sun sdk_(solaris_production_release) 1.3.0 05
Sun jre_(solaris_production_release) 1.3.0 .0 05
Sun jre_(solaris_production_release) 1.1.8 14
Sun jdk_(solaris_production_release) 1.1.8 14
Sun sdk_(linux_production_release) 1.3.1 01
Sun jre_(linux_production_release) 1.3.1 01
Sun jre_(linux_production_release) 1.3.0 .0 05
Mandriva corporate_server 4.0
Sun sdk_(windows_production_release) 1.2.2 010
Sun sdk_(windows_production_release) 1.2.2 012
Sun jre_(linux_production_release) 1.4.0
Sun sdk_(linux_production_release) 1.4.0
Red_hat enterprise_linux_desktop_supplementary 5 Client
Mandriva corporate_server 3.0.0
Sun sdk_(solaris_production_release) 1.4.0
Sun jre_(solaris_production_release) 1.3.0
Sun jre_(linux_production_release) 1.5.0 08
Sun jre_(linux_production_release) 1.5.0 09
Sun jre_(linux_production_release) 1.5.0 10
Sun jdk_(linux_production_release) 1.5.0.0 11
Sun jdk_(windows_production_release) 1.5.0.0 11
Sun jre_(linux_production_release) 1.5.0 11
Sun sdk_(solaris_production_release) 1.3.1 20
Sun jdk_(windows_production_release) 1.6.0 01
Sun jdk_(linux_production_release) 1.6.0 01
Sun jre_(linux_production_release) 1.3.1 20
Sun jdk_(linux_production_release) 1.3.1 20
Sun jdk_(windows_production_release) 1.3.1 20
Sun jre_(windows_production_release) 1.3.1 17
Sun sdk_(windows_production_release) 1.4.1
Sun jre_(windows_production_release) 1.4.1
Sun jre_(windows_production_release) 1.4.0 .0 02
Sun sdk_(windows_production_release) 1.4.0 .0 02
Sun sdk_(windows_production_release) 1.3.1 05
Sun jre_(windows_production_release) 1.4.2 01
Sun jre_(windows_production_release) 1.2.2 013
Sun sdk_(windows_production_release) 1.2.2 013
Sun sdk_(solaris_reference_release) 1.2.2 _013
Sun jre_(solaris_reference_release) 1.2.2 013
Sun jre_(solaris_production_release) 1.3.1 18
Sun sdk_(solaris_production_release) 1.4.1
Sun sdk_(solaris_production_release) 1.4.0 .0 02
Sun jre_(solaris_production_release) 1.4.0 .0 02
Sun jre_(solaris_production_release) 1.3.1 05
Sun sdk_(solaris_production_release) 1.3.1 05
Sun sdk_(solaris_production_release) 1.2.2 13
Sun jre_(solaris_production_release) 1.2.2 013
Sun jre_(linux_production_release) 1.2.2 013
Sun sdk_(linux_production_release) 1.2.2 13
Sun sdk_(solaris_production_release) 1.2.2 07A
Sun jre_(linux_production_release) 1.3.1 05
Sun jre_(linux_production_release) 1.4.0 .0 02
Sun sdk_(linux_production_release) 1.4.0 .0 02
Sun sdk_(linux_production_release) 1.4.1
Sun jre_(linux_production_release) 1.4.1
Vmware esx_server 3.5
Sun sdk_(windows_production_release) 1.4.1 01
Sun sdk_(windows_production_release) 1.4.0 .0 03
Sun jre_(windows_production_release) 1.4.0 .0 03
Sun jre_(windows_production_release) 1.3.1 06
Sun sdk_(windows_production_release) 1.3.1 06
Sun sdk_(windows_production_release) 1.2.2 014
Sun jre_(windows_production_release) 1.2.2 014
Sun jre_(solaris_reference_release) 1.2.2 014
Sun sdk_(solaris_reference_release) 1.2.2 _014
Sun sdk_(solaris_production_release) 1.4.1 01
Sun jre_(solaris_production_release) 1.4.1 01
Red_hat enterprise_linux_extras 3
Red_hat enterprise_linux_extras 4
Sun sdk_(solaris_production_release) 1.3.1 06
Sun jre_(solaris_production_release) 1.3.1 06
Sun jre_(linux_production_release) 1.1.8 06
Sun sdk_(solaris_production_release) 1.2.2 14
Sun sdk_(linux_production_release) 1.4.1 01
Mozilla seamonkey 1.1.8
Sun jre_(linux_production_release) 1.4.0 .0 03
Sun sdk_(linux_production_release) 1.4.0 .0 03
Sun sdk_(linux_production_release) 1.4.2 03
Sun jre_(linux_production_release) 1.3.1 06
Sun jre_(linux_production_release) 1.2.2 014
Sun sdk_(linux_production_release) 1.2.2 014
Sun jre_(linux_production_release) 1.1.6 09
Apple mac_os_x 10.4.2
Apple mac_os_x_server 10.4.2
Sun sdk_(windows_production_release) 1.4.2 04
Sun jdk_(solaris_production_release) 1.5.0 13
Sun sdk_(linux_production_release) 1.4.2 04
Bea_systems jrockit R27.5.0
Sun jdk_(linux_production_release) 1.4.2 05
Gentoo dev-java/ibm-jdk-bin 1.4.2.10
Gentoo dev-java/ibm-jre-bin 1.4.2.10
Gentoo dev-java/ibm-jre-bin 1.5.0.6
Sun jre_(solaris_reference_release) 1.2.2 010
Mandriva corporate_server 3.0.0 X86 64
Sun jre_(solaris_reference_release) 1.2.2

MS-RPC:OF:MSG-QUEUE-3 - MS-RPC: Message Queue Overflow (3)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against MS-RPC Message Queue request. By sending overlong free-form string queue requests, which can cause invalid client replies, an attacker can cause a buffer overflow and compromise the affected system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 13112
cve: CVE-2005-0059
url: http://www.sans.org/newsletters/risk/display.php?v=4&i=15#05.15.1

Affected Products:

Microsoft windows_xp_professional
Microsoft windows_98 A
Microsoft windows_98 B
Microsoft windows_98se
Microsoft windows_2000_professional SP3
Microsoft windows_2000_server SP3
Microsoft windows_2000_advanced_server SP3
Microsoft windows_xp_home
Microsoft windows_2000_datacenter_server SP3
Microsoft windows_xp_64-bit_edition SP1
Microsoft windows_xp_embedded SP1
Microsoft windows_2000_datacenter_server SP1
Microsoft windows_2000_datacenter_server
Microsoft windows_2000_professional
Microsoft windows_2000_server
Microsoft windows_2000_professional SP1
Microsoft windows_2000_advanced_server SP1
Microsoft windows_2000_advanced_server SP4
Microsoft windows_2000_datacenter_server SP4
Microsoft windows_2000_professional SP4
Microsoft windows_2000_server SP4
Microsoft windows_xp_64-bit_edition_version_2003
Microsoft windows_xp_media_center_edition
Microsoft windows_xp_tablet_pc_edition
Microsoft windows_2000_server SP1
Microsoft windows_2000_advanced_server
Microsoft windows_98 SP1
Microsoft windows_xp_64-bit_edition
Microsoft windows_xp_embedded
Microsoft windows_98 J
Microsoft windows_xp_home SP1
Microsoft windows_xp_professional SP1
Microsoft windows_2000_advanced_server SP2
Microsoft windows_2000_datacenter_server SP2
Microsoft windows_2000_professional SP2
Microsoft windows_2000_server SP2
Microsoft windows_98
Microsoft windows_xp_64-bit_edition_version_2003 SP1
Microsoft windows_xp_tablet_pc_edition SP1
Microsoft windows_xp_media_center_edition SP1

HTTP:STC:DL:QT-TEXML-BOF - HTTP: Apple QuickTime TeXML Parsing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Apple QuickTime TeXML parsing. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 53571
cve: CVE-2012-0663
url: http://0x1byte.blogspot.com/2012/06/cve-2012-0663-and-cve-2012-0664-samples.html
url: http://support.apple.com/kb/HT1222

Affected Products:

Apple quicktime_player 7.6.6
Apple quicktime_player 7.6.9
Apple quicktime_player 7.6.8
Apple quicktime_player 7.5.5
Apple quicktime_player 7.4
Apple quicktime_player 7.7.1
Apple quicktime_player 7.6.5
Apple quicktime_player 7.5
Apple quicktime_player 7.6.4
Apple quicktime_player 7.4.1
Apple quicktime_player 7.7
Apple quicktime_player 7.4.5
Apple quicktime_player 7.64.17.73
Apple quicktime_player 7.6.7
Apple quicktime_player 7.6.6 (1671)
Apple quicktime_player 7.6.2
Apple quicktime_player 7.6.1
Apple quicktime_player 7.6

HTTP:MISC:WAVELINK-HDR-PARSE-BO - HTTP: Wavelink Emulation License Server HTTP Header Processing Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Wavelink Terminal Emulation. A successful exploit can lead to buffer overflow and remote code execution.

Supported On:

References:

cve: CVE-2015-4059

Affected Products:

Wavelink terminal_emulation -

APP:HPOV:OVDLL-OVBUILDPATH-BOF - APP: HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow

Severity: HIGH

Description:

This signature detects possible attempts to exploit a known vulnerability in the HPOV Network Node Manager ov.dll _OVBuildPath. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2011-3167
url: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03054052
bugtraq: 50471

Affected Products:

Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.53

SMB:NETBIOS:CVE-2017-0004-MC - SMB: Microsoft Windows CVE-2017-0004 Memory Corruption

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2017-0004

Affected Products:

Microsoft windows_7 -
Microsoft windows_vista -
Microsoft windows_server_2008 -
Microsoft windows_server_2008 r2

FTP:OVERFLOW:CMD-OF - FTP: Command Overflow

Severity: HIGH

Description:

This signature detects overly long commands sent to an FTP server (greater than 1024 bytes). Such activity could be an indication of an exploit attempt.

Supported On:

References:

bugtraq: 44562
cve: CVE-2010-4221
cve: CVE-2015-7767

Affected Products:

Slackware linux 12.1
Debian linux 5.0 Ia-32
Debian linux 5.0 Ia-64
Slackware linux X86 64 -Current
Debian linux 5.0 Mips
Debian linux 5.0 Mipsel
Debian linux 5.0 Powerpc
Debian linux 5.0 S/390
Debian linux 5.0 Sparc
Debian linux 5.0 M68k
Red_hat fedora 14
Mandriva corporate_server 4.0.0 X86 64
Proftpd_project proftpd 1.3.3
Mandriva enterprise_server 5 X86 64
Mandriva enterprise_server 5
Mandriva linux_mandrake 2009.0
Mandriva linux_mandrake 2009.0 X86 64
Mandriva linux_mandrake 2009.1 X86 64
Mandriva linux_mandrake 2010.1 X86 64
Mandriva linux_mandrake 2010.1
Mandriva corporate_server 4.0
Slackware linux 11.0
Slackware linux 12.0
Mandriva linux_mandrake 2010.0
Slackware linux -Current
Slackware linux 13.1
Slackware linux 13.1 X86 64
Debian linux 5.0 Hppa
Slackware linux 12.2
Mandriva linux_mandrake 2009.1
Red_hat fedora 12
Mandriva linux_mandrake 2010.0 X86 64
Slackware linux 13.0
Slackware linux 13.0 X86 64
Red_hat fedora 13
Debian linux 5.0 Armel
Debian linux 5.0
Debian linux 5.0 Alpha
Debian linux 5.0 Amd64
Debian linux 5.0 Arm

HTTP:STC:DL:MAL-PLF - HTTP: Malformed Play List File (PLF)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in DVD X Player and Aviosoft DTV Player. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 24278
cve: CVE-2007-3068
bugtraq: 50582
url: http://www.kb.cert.org/vuls/id/998403
cve: CVE-2011-4496
bugtraq: 69220

Affected Products:

Dvd_x_studios dvd_x_players 4.1
Dvd_x_studios dvd_x_players 5.5

HTTP:MAL-CNC-SRVREQ - HTTP: Malware Command and Control Communication Request Detected

Severity: HIGH

Description:

This signature detects an attempt to exploit a compromised host for malicious C&C communications. Successful exploitation could allow an attacker to gain access to sensitive information which could lead to further attacks.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:CGI:RSA-AGENT-BOF - HTTP: RSA Agent Redirect Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against RSA Authentication Agent for Web Redirect. Attackers can send malicious data that can cause a buffer overflow leading to arbitrary remote code execution within the context of the Agent service.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 13524
cve: CVE-2005-1471

Affected Products:

Rsa_security rsa_authentication_agent_for_web 5.2.0
Rsa_security rsa_authentication_agent_for_web 5.3.0
Rsa_security rsa_authentication_agent_for_web 5.0.0

HTTP:STC:DL:MAL-MIC-BICLRUSED - HTTP: Windows Graphics Rendering Engine MIC File Malformed biClrUsed Parameter

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft's Graphics Rendering Engine. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Microsoft windows_xp_media_center_edition SP2
Microsoft windows_xp_professional
Microsoft windows_2000_professional SP3
Microsoft windows_vista SP1
Microsoft windows_xp_64-bit_edition SP1
Microsoft windows_vista Home Premium SP2
Microsoft windows_vista SP2
Microsoft windows_vista_ultimate_64-bit_edition SP2
Microsoft windows_vista Ultimate SP2
Avaya communication_server_1000_telephony_manager 3.0
Avaya communication_server_1000_telephony_manager 4.0
Avaya messaging_application_server 5.2
Avaya aura_conferencing 6.0.0 Standard
Microsoft windows_server_2008_for_32-bit_systems SP2
Microsoft windows_2000_professional
Microsoft windows_server_2008_for_itanium-based_systems SP2
Microsoft windows_server_2008_for_x64-based_systems SP2
Microsoft windows_2000_professional SP1
Microsoft windows_xp_media_center_edition SP1
Microsoft windows_2000_professional SP4
Microsoft windows_server_2003_x64 SP2
Microsoft windows_xp_media_center_edition
Microsoft windows_vista Ultimate
Avaya meeting_exchange-client_registration_server
Avaya meeting_exchange-recording_server
Avaya meeting_exchange-streaming_server
Avaya meeting_exchange-web_conferencing_server
Avaya meeting_exchange-webportal
Microsoft windows_xp_64-bit_edition
Avaya messaging_application_server 4
Avaya messaging_application_server 5
Microsoft windows_xp_home SP1
Microsoft windows_xp_professional SP1
Microsoft windows_server_2003 SP1
Microsoft windows_server_2003 SP2
Microsoft windows_xp_professional SP3
Microsoft windows_xp_media_center_edition SP3
Microsoft windows_xp_home SP3
Microsoft windows_vista Home Premium SP1
Microsoft windows_vista Ultimate SP1
Microsoft windows_vista_ultimate_64-bit_edition
Microsoft windows_xp_professional_x64_edition
Microsoft windows_vista_ultimate_64-bit_edition SP1
Microsoft windows_server_2003_x64 SP1
Microsoft windows_2000_professional SP2
Avaya callpilot 4.0
Microsoft windows_xp_professional_x64_edition SP2
Microsoft windows_server_2003_itanium
Microsoft windows_server_2003_itanium SP1
Microsoft windows_server_2003_itanium SP2
Avaya callpilot 5.0
Microsoft windows_server_2008_for_32-bit_systems
Microsoft windows_server_2008_for_x64-based_systems
Microsoft windows_server_2008_for_itanium-based_systems
Microsoft windows_xp_home SP2
Microsoft windows_xp_professional SP2
Microsoft windows_xp

FTP:MS-FTP:IIS-BOF - FTP: IIS Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the IIS 5.0 FTPd. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

References:

bugtraq: 36189
cve: CVE-2009-3023

Affected Products:

Microsoft iis 5.1
Microsoft iis 5.0
Microsoft iis 6.0

HTTP:OVERFLOW:EFS-FILE-SERVE-BO - HTTP: EFS Software Easy File Sharing Web Server sendemail.ghp Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Easy File Sharing Web Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the current user.

Supported On:

HTTP:WEBLOGIC:ENCODING - HTTP: BEA Weblogic Encoding Value Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in BEA Weblogic. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2008-4008

Affected Products:

Oracle peoplesoft_enterprise_peopletools 8.49.14
Oracle jd_edwards_enterpriseone 8.97
Bea_systems weblogic_server 7.0.0 .0.1
Bea_systems weblogic_server 7.0.0 SP 1
Bea_systems weblogic_workshop 8.1.0 SP 4
Bea_systems weblogic_server 7.0.0
Bea_systems weblogic_workshop 10.3 GA
Bea_systems weblogic_server 6.1.0 SP 3
Oracle oracle10g_enterprise_edition 10.1.0 .5
Bea_systems weblogic_server 8.1.0 SP 1
Bea_systems weblogic_server 8.1.0 SP 6
Bea_systems weblogic_server 7.0.0 SP 4
Bea_systems weblogic_server 7.0.0 .0.1 SP 1
Bea_systems weblogic_server 7.0.0 .0.1 SP 4
Bea_systems weblogic_server 7.0.0 .0.1 SP 3
Bea_systems weblogic_workshop 8.1.0 SP 5
Bea_systems weblogic_server 8.1.0 SP 2
Bea_systems weblogic_workshop 8.1.0 SP 3
Bea_systems weblogic_workshop 8.1.0 SP 2
Bea_systems weblogic_workshop 9.2
Oracle oracle10g_application_server 9.0.4 3
Bea_systems weblogic_server 6.1.0
Bea_systems weblogic_server 6.1.0 SP 1
Bea_systems weblogic_server 7.0.0 SP 6
Oracle oracle10g_enterprise_edition 10.2.0 .3
Oracle oracle10g_standard_edition 10.2.0 .3
Bea_systems weblogic_workshop 10.2 GA
Bea_systems weblogic_server 6.1.0 SP6
Bea_systems weblogic_server 9.0
Bea_systems weblogic_server 7.0.0 SP 3
Oracle oracle10g_standard_edition 10.2.0.4
Oracle oracle10g_enterprise_edition 10.2.0.4
Oracle oracle10g_personal_edition 10.2.0.4
Oracle oracle10g_application_server 10.1.2.3.0
Bea_systems weblogic_server 9.1
Bea_systems weblogic_server 6.1.0 SP 5
Bea_systems weblogic_server 7.0.0 SP 2
Bea_systems weblogic_server 7.0.0 .0.1 SP 2
Oracle oracle10g_standard_edition 10.2.0 .2
Oracle oracle10g_personal_edition 10.2.0 .2
Bea_systems weblogic_server 6.1.0 SP 2
Bea_systems weblogic_workshop 10.0
Oracle oracle10g_enterprise_edition 10.2.0 .2
Bea_systems weblogic_server 10.0
Oracle oracle10g_personal_edition 10.1.0.5
Oracle oracle9i_enterprise_edition 9.2.0 .8DV
Oracle jd_edwards_enterpriseone 8.98
Oracle oracle10g_application_server 10.1.3 .3.0
Bea_systems weblogic_server 6.1.0 SP 4
Bea_systems weblogic_server 9.2 Maintenance Pack 3
Oracle peoplesoft_enterprise_customer_relationship_manage 8.9
Oracle peoplesoft_enterprise_customer_relationship_manage 9.0
Bea_systems weblogic_server 10.3
Oracle e-business_suite_11i 11.5.10.2
Oracle oracle11g_standard_edition_one 11.1.0 6
Oracle oracle11g_enterprise_edition 11.1.0 6
Bea_systems weblogic_server 8.1.0 SP 3
Bea_systems weblogic_workshop 9.0
Bea_systems weblogic_workshop 10.0 MP1
Bea_systems weblogic_server 7.0.0 SP 5
Bea_systems weblogic_workshop 9.1
Bea_systems weblogic_server 10.0 MP1
Oracle oracle10g_personal_edition 10.2.0 .3
Bea_systems weblogic_server 8.1.0
Oracle peoplesoft_enterprise_peopletools 8.48.18
Oracle oracle11g_standard_edition 11.1.0 6
Bea_systems weblogic_workshop 9.2
Bea_systems weblogic_server 9.2
Oracle oracle9i_enterprise_edition 9.2.0.8.0
Bea_systems weblogic_server 8.1
Oracle oracle10g_application_server 10.1.3 .4.0
Bea_systems weblogic_server 7.0.0 SP 7
Bea_systems weblogic_server 6.1.0 SP 7
Bea_systems weblogic_workshop 8.1.0 SP 6
Oracle e-business_suite_12 12.0.4
Bea_systems weblogic_server 8.1.0 SP 4
Bea_systems weblogic_server 7.0 SP7
Bea_systems weblogic_server 8.1.0 SP 5

HTTP:OVERFLOW:OVWEBHELP-BO - HTTP: HP OpenView Network Node Manager OvWebHelp.exe CGI Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against HP Openview. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits can completely compromise affected computers. Failed exploit attempts can result in a denial-of-service condition.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 37340
cve: CVE-2009-4178

Affected Products:

Hp openview_network_node_manager 7.53
Hp openview_network_node_manager 7.01
Hp openview_network_node_manager 7.50
Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.50.0 HP-UX 11.X
Hp openview_network_node_manager 7.50.0 Solaris
Hp openview_network_node_manager 7.50.0 Windows 2000/XP
Hp openview_network_node_manager 7.50.0 Linux
Hp openview_network_node_manager 7.50.0

TROJAN:CRYPTOWALL-DOCS-CAMP - TROJAN: Cryptowall docs Campaign Encrypted Binary Detected

Severity: HIGH

Description:

This signature detects the connection from malicious TROJAN Cryptowall.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

HTTP:STC:DIRECTSHOW-AVI-EXEC - HTTP: Microsoft Windows DirectShow AVI File Code Execution

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Media Player. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 39303
cve: CVE-2010-0480

Affected Products:

Microsoft windows_xp_media_center_edition SP2
Microsoft windows_vista_enterprise_64-bit_edition
Microsoft windows_vista Business SP2
Microsoft windows_vista_business_64-bit_edition SP2
Microsoft windows_vista_enterprise_64-bit_edition SP2
Microsoft windows_vista Enterprise SP2
Microsoft windows_vista_home_basic_64-bit_edition SP2
Microsoft windows_vista Home Basic SP2
Microsoft windows_vista_home_premium_64-bit_edition SP2
Microsoft windows_vista Home Premium SP2
Microsoft windows_vista_ultimate_64-bit_edition SP2
Microsoft windows_vista Ultimate SP2
Nortel_networks contact_center_ncc
Nortel_networks symposium
Microsoft windows_server_2008_for_32-bit_systems SP2
Avaya messaging_application_server
Microsoft windows_server_2008_for_x64-based_systems SP2
Microsoft windows_vista_ultimate_64-bit_edition
Avaya messaging_application_server MM 3.0
Avaya messaging_application_server MM 3.1
Microsoft windows_2000_advanced_server SP4
Microsoft windows_2000_datacenter_server SP4
Microsoft windows_2000_professional SP4
Microsoft windows_server_2003_x64 SP2
Nortel_networks callpilot 1005R
Nortel_networks callpilot 600R
Nortel_networks contact_center-tapi_server
Nortel_networks callpilot 703T
Nortel_networks contact_center_manager_server
Nortel_networks callpilot 201I
Avaya meeting_exchange-client_registration_server
Nortel_networks callpilot 702T
Avaya meeting_exchange-streaming_server
Avaya meeting_exchange-web_conferencing_server
Avaya meeting_exchange-webportal
Nortel_networks callpilot 1002Rp
Avaya messaging_application_server MM 1.1
Avaya messaging_application_server 4
Avaya messaging_application_server 5
Nortel_networks callpilot 202I
Nortel_networks contact_center_express
Microsoft windows_xp_tablet_pc_edition SP3
Microsoft windows_xp_professional SP3
Microsoft windows_xp_media_center_edition SP3
Microsoft windows_xp_home SP3
Microsoft windows_vista Business SP1
Microsoft windows_vista Home Basic SP1
Microsoft windows_vista_business_64-bit_edition
Microsoft windows_vista Enterprise SP1
Microsoft windows_vista Ultimate SP1
Microsoft windows_vista_business_64-bit_edition SP1
Microsoft windows_vista_home_premium_64-bit_edition
Microsoft windows_vista_home_basic_64-bit_edition SP1
Microsoft windows_vista_home_premium_64-bit_edition SP1
Microsoft windows_vista_ultimate_64-bit_edition SP1
Nortel_networks contact_center_administration
Microsoft windows_xp_tablet_pc_edition SP2
Microsoft windows_2000_server SP4
Microsoft windows_vista_enterprise_64-bit_edition SP1
Avaya meeting_exchange-recording_server
Microsoft windows_xp_professional_x64_edition SP2
Microsoft windows_server_2008_for_32-bit_systems
Microsoft windows_server_2008_for_x64-based_systems
Microsoft windows_vista_home_basic_64-bit_edition
Avaya messaging_application_server MM 2.0
Microsoft windows_xp_home SP2
Microsoft windows_xp_professional SP2
Microsoft mpeg_layer-3_codecs
Microsoft windows_vista Home Premium SP1

APP:WINMEDIASRV-RCE - APP: Microsoft Windows Media Service Remote Code Execution

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Windows Media Service. A successful attack can allow attackers to take complete control of an affected system. Thereby enabling them to install programs; view, change, delete data; or create new accounts with full user rights.

Supported On:

References:

Affected Products:

Microsoft windows_2000_datacenter_server
Microsoft windows_2000_professional SP3
Microsoft windows_2000_advanced_server SP3
Microsoft windows_2000_datacenter_server SP3
Microsoft windows_2000_datacenter_server SP1
Microsoft windows_2000_professional
Microsoft windows_2000_advanced_server
Microsoft windows_2000_advanced_server SP1
Microsoft windows_2000_advanced_server SP4
Microsoft windows_2000_datacenter_server SP4
Microsoft windows_2000_professional SP4
Nortel_networks self-service_mps_1000
Nortel_networks self-service_speech_server
Nortel_networks ensm_visualization_performance_fault_manager_vpfm
Microsoft windows_2000_professional SP1
Nortel_networks self-service_peri_application
Nortel_networks self_service-cdd
Microsoft windows_2000_advanced_server SP2
Microsoft windows_2000_datacenter_server SP2
Microsoft windows_2000_professional SP2
Nortel_networks self-service_mps_500
Nortel_networks self-service_media_processing_server

DB:POSTGRESQL:CHANGE-PASS-BO - DB: PostgreSQL Database Password Change Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the PostgreSQL Database. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, isg-3.5.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 108875
cve: CVE-2019-10164

Affected Products:

Postgresql postgresql 10.3
Postgresql postgresql 10.6
Postgresql postgresql 11.0
Postgresql postgresql 10.2
Redhat enterprise_linux 8.0
Postgresql postgresql 11.1
Postgresql postgresql 10.5
Postgresql postgresql 10.8
Postgresql postgresql 10.1
Postgresql postgresql 11.2
Postgresql postgresql 10.4
Postgresql postgresql 10.0
Postgresql postgresql 11.3
Postgresql postgresql 10.7

HTTP:STC:EMBED-SRC-OF - HTTP: Overlarge EMBED Tag Source

Severity: HIGH

Description:

This signature detects long source attributes in <embed> tags. A malicious Web page can contain these tags and attempt to crash the target's browser. A successful result can lead to possible code execution.

Supported On:

References:

bugtraq: 16644
cve: CVE-2006-0005
cve: CVE-2008-4261

Affected Products:

Microsoft windows_xp_media_center_edition SP2
Microsoft windows_xp_home
Microsoft windows_2000_datacenter_server
Microsoft windows_2000_professional SP3
Microsoft windows_2000_server SP3
Microsoft windows_2000_advanced_server SP3
Microsoft windows_2000_datacenter_server SP3
Microsoft windows_2000_datacenter_server SP1
Microsoft windows_xp_tablet_pc_edition SP2
Microsoft windows_2000_professional
Microsoft windows_2000_server
Microsoft windows_2000_professional SP1
Microsoft windows_2000_advanced_server SP1
Microsoft windows_2000_advanced_server SP4
Microsoft windows_2000_datacenter_server SP4
Microsoft windows_2000_professional SP4
Microsoft windows_2000_server SP4
Microsoft windows_xp_media_center_edition
Microsoft windows_xp_tablet_pc_edition
Microsoft windows_2000_server SP1
Microsoft windows_xp_home SP1
Microsoft windows_server_2003_standard_edition
Microsoft windows_2000_advanced_server
Microsoft windows_xp
Microsoft windows_server_2003_standard_x64_edition
Microsoft windows_server_2003_enterprise_x64_edition
Microsoft windows_xp_professional SP1
Microsoft windows_server_2003_datacenter_x64_edition
Microsoft windows_xp_professional_x64_edition
Microsoft windows_server_2003_datacenter_edition SP1
Microsoft windows_server_2003_enterprise_edition SP1
Microsoft windows_server_2003_standard_edition SP1
Microsoft windows_server_2003_web_edition SP1
Microsoft windows_2000_advanced_server SP2
Microsoft windows_2000_datacenter_server SP2
Microsoft windows_2000_professional SP2
Microsoft windows_2000_server SP2
Microsoft windows_xp_professional
Microsoft windows_server_2003_enterprise_edition
Microsoft windows_server_2003_datacenter_edition
Microsoft windows_server_2003_web_edition
Microsoft windows_xp_home SP2
Microsoft windows_xp_professional SP2
Microsoft windows_xp_tablet_pc_edition SP1
Microsoft windows_xp_media_center_edition SP1

HTTP:OVERFLOW:HP-POWERMAN-OF - HTTP: HP Power Manager Login Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Hewlett Packard Power Manager. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Web server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 36933
cve: CVE-2010-4113
cve: CVE-2009-2685

Affected Products:

Hp power_manager 4.0Build10
Hp power_manager 4.0Build11
Hp power_manager 4.2.9
Hp power_manager 4.2.7
Hp power_manager

HTTP:DOMINO:ACCEPT-LANG-OF - HTTP: Lotus Domino Accept Language Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the IBM Lotus Domino Web Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Web server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 29310
url: http://www-1.ibm.com/support/docview.wss?uid=swg21303057
cve: CVE-2008-2240
url: http://www-01.ibm.com/support/docview.wss?uid=swg21303057

Affected Products:

Ibm lotus_domino 7.0.0
Ibm lotus_domino 6.0.0
Ibm lotus_domino 7.0.3
Ibm lotus_domino 6.5.0 .0
Ibm lotus_domino 8.0

APP:IBM:LDAP-MODIFYREQUEST-BO - APP: IBM Domino LDAP Server ModifyRequest Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against IBM Domino LDAP Server. A successful exploit can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Ibm domino 8.5.0
Ibm domino 8.5.1
Ibm domino 8.5.2
Ibm domino 9.0.1
Ibm domino 8.5.3

HTTP:MISC:OMRON-CX-SBO - HTTP: OMRON CX-One CX-FLnet cdmapi32 wcscpy Stack-based Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in OMRON CX-One CX-FLnet module. Successful exploitation could result in arbitrary code execution in the context of the target user.

Supported On:

References:

cve: CVE-2018-7514

Affected Products:

Omron cx-programmer 9.65
Omron cx-server 5.0.22
Omron network_configurator 3.63
Omron cx-protocol 1.992
Omron cx-one 4.42
Omron cx-flnet 1.00
Omron switch_box_utility 1.68

TROJAN:BEACON-CNC - TROJAN: Beacon Command and Control Traffic

Severity: HIGH

Description:

This signature detects the Command and Control traffic for the Beacon trojan. The source IP host is infected and should be removed from the network for analysis.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

IMAP:OVERFLOW:MAILENABLE-OF-2 - IMAP: MailEnable Select Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against MailEnable Professional. MailEnable Professional version 1.5 and earlier can be vulnerable. Attackers can supply the SELECT command with a large input string attempting to exploit this vulnerability. Successful exploitation can lead to arbitrary remote code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Mailenable mailenable_enterprise_edition 1.0.0 1
Mailenable mailenable_professional 1.5.0
Mailenable mailenable_professional 1.54.0
Mailenable mailenable_enterprise_edition 1.0.0
Mailenable mailenable_enterprise_edition 1.0.0 2
Mailenable mailenable_enterprise_edition 1.0.0 3
Mailenable mailenable_enterprise_edition 1.0.0 4
Mailenable mailenable_professional 1.53.0
Mailenable mailenable_professional 1.51.0
Mailenable mailenable_professional 1.52.0

HTTP:MISC:ORMON-CXM-SBO - HTTP: OMRON CX-One CX-Motion Stack-based Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against OMRON CX-One CX-Motion module. A successful attack can lead to arbitrary code execution in the context of the target user.

Supported On:

References:

url: http://www.zerodayinitiative.com/advisories/zdi-18-282/
cve: CVE-2018-7514

Affected Products:

Omron cx-programmer 9.65
Omron cx-server 5.0.22
Omron network_configurator 3.63
Omron cx-protocol 1.992
Omron cx-one 4.42
Omron cx-flnet 1.00
Omron switch_box_utility 1.68

MS-RPC:ADVTC-WEBSCADA-BO - MS-RPC: Advantech WebAccess SCADA bwmakdir Stack-based Buffer Overflow

Severity: HIGH

Description:

This signature detects attempt to exploit a stack-based buffer overflow vulnerability which has been reported in the webvrpcs service of Advantech WebAccess. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted RPC request to the target server. Successful exploitation could lead to arbitrary code execution under context of Administrator.

Supported On:

References:

cve: CVE-2018-7499

Affected Products:

Advantech webaccess/nms 2.0.3
Advantech webaccess 8.2_20170817
Advantech webaccess_dashboard 2.0.15
Advantech webaccess 8.3.0

HTTP:WECON-LEVISTUDIO-BO - HTTP: WECON LeviStudio Multiple Buffer Overflow

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

HTTP:STC:DL:MAL-ASX-OF - HTTP: ASX Malformed File Remote Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the asx malformed file. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Supported On:

References:

bugtraq: 21247
cve: CVE-2007-0707
cve: CVE-2006-6134
url: http://research.eeye.com/html/alerts/zeroday/20061122.html
cve: CVE-2012-1775

Affected Products:

Gom_player gom_player 2.0.12.3375

NNTP:OVERFLOW:XPAT-PATTERN - NNTP: XPAT Pattern Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in Microsoft NNTP servers. Attackers can send an xpat command with an overly long pattern to overflow the buffer in the NNTP server and gain complete control of the target system.

Supported On:

idp-5.1.110161014, DI-Client, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, DI-Base, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

url: http://www.microsoft.com/technet/security/Bulletin/MS04-036.mspx
bugtraq: 11379
url: http://www.coresecurity.com/common/showdoc.php?idx=420&idxseccion=10
cve: CVE-2004-0574

Affected Products:

Microsoft windows_2000_datacenter_server
Microsoft windows_2000_server SP3
Microsoft windows_2000_advanced_server SP3
Microsoft windows_2000_datacenter_server SP3
Microsoft exchange_server_2000 SP2
Microsoft windows_nt_server 4.0
Microsoft windows_2000_datacenter_server SP1
Avaya s3400_message_application_server
Avaya s8100_media_servers
Avaya definityone_media_servers
Microsoft exchange_server_2003
Microsoft exchange_server_2000 SP3
Microsoft windows_nt_enterprise_server 4.0
Microsoft windows_2000_server
Microsoft windows_2000_advanced_server
Microsoft windows_2000_advanced_server SP1
Microsoft windows_2000_advanced_server SP4
Microsoft windows_2000_datacenter_server SP4
Avaya modular_messaging_(mss) 2.0.0
Microsoft windows_2000_server SP4
Microsoft windows_2000_server SP1
Microsoft windows_server_2003_standard_edition
Microsoft exchange_server_2003 SP1
Microsoft exchange_server_2000 SP1
Microsoft windows_nt_enterprise_server 4.0 SP1
Microsoft windows_nt_enterprise_server 4.0 SP2
Microsoft windows_nt_enterprise_server 4.0 SP4
Microsoft windows_nt_enterprise_server 4.0 SP3
Microsoft windows_nt_enterprise_server 4.0 SP5
Microsoft windows_nt_enterprise_server 4.0 SP6
Microsoft windows_nt_enterprise_server 4.0 SP6a
Microsoft windows_nt_server 4.0 SP1
Microsoft windows_nt_server 4.0 SP2
Microsoft windows_nt_server 4.0 SP3
Microsoft windows_nt_server 4.0 SP4
Microsoft windows_nt_server 4.0 SP5
Microsoft windows_nt_server 4.0 SP6
Avaya modular_messaging_(mss) 1.1.0
Microsoft windows_2000_advanced_server SP2
Microsoft windows_2000_datacenter_server SP2
Microsoft windows_2000_server SP2
Microsoft windows_nt_server 4.0 SP6a
Microsoft windows_server_2003_enterprise_edition
Microsoft windows_server_2003_datacenter_edition
Microsoft windows_server_2003_web_edition
Microsoft windows_server_2003_enterprise_edition_itanium
Microsoft windows_server_2003_datacenter_edition_itanium
Avaya ip600_media_servers
Microsoft exchange_server_2000

HTTP:STC:MS-WIN-GDI-ID - HTTP: Microsoft Windows Graphics Device Interface Information Disclosure

Severity: MEDIUM

Description:

This signature detects attempt to exploit an information disclosure vulnerability which exists in the Graphics Device Interface (GDI) components of Microsoft Windows. Successful exploitation could result in disclosure of information which could be used to further compromise the target system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2019-1252
cve: CVE-2018-8424

Affected Products:

Microsoft windows_server_2016 *
Microsoft windows_server_2012 *
Microsoft windows_10 1803
Microsoft windows_10 1709
Microsoft windows_server_2008 sp2
Microsoft windows_10 1607
Microsoft windows_server_2016 1803
Microsoft windows_server_2016 1709
Microsoft windows_8.1 -
Microsoft windows_server_2008 r2
Microsoft windows_7 -
Microsoft windows_10 -
Microsoft windows_10 1703
Microsoft windows_server_2012 r2

HTTP:PERL-TAR-ZIP-FO - HTTP: Perl Archive Tar and ZIP Arbitrary File Overwrite

Severity: HIGH

Description:

This signature detects an attempt to exploit an arbitrary file overwrite vulnerability which has been reported in the Perl Archive::Tar and Archive::Zip module. Successful exploitation could result in arbitrary file overwrite in the target user's system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 104423
cve: CVE-2018-12015
cve: CVE-2018-10860

Affected Products:

Archive::tar_project archive::tar 2.28
Apple mac_os_x 10.3.2
Apple mac_os_x 10.5.3
Netapp data_ontap_edge -
Apple mac_os_x 10.8.3
Apple mac_os_x 10.3.0
Apple mac_os_x 10.5.5
Apple mac_os_x 10.0.1
Apple mac_os_x 10.13
Apple mac_os_x 10.8.5
Apple mac_os_x 10.13.2
Apple mac_os_x 10.5.7
Apple mac_os_x 10.0.3
Apple mac_os_x 10.13.0
Apple mac_os_x 10.10.4
Apple mac_os_x 10.13.6
Apple mac_os_x 10.4.4
Apple mac_os_x 10.13.4
Apple mac_os_x 10.4.6
Apple mac_os_x 10.10.0
Apple mac_os_x 10.12.3
Apple mac_os_x 10.4.0
Apple mac_os_x 10.10.2
Apple mac_os_x 10.7.3
Apple mac_os_x 10.2.3
Apple mac_os_x 10.4.2
Apple mac_os_x 10.4
Apple mac_os_x 10.7.1
Apple mac_os_x 10.2.1
Apple mac_os_x 10.2.7
Apple mac_os_x 10.9.5
Netapp snap_creator_framework -
Apple mac_os_x 10.0
Apple mac_os_x 10.7.5
Apple mac_os_x 10.2.5
Apple mac_os_x 10.4.8
Apple mac_os_x 10.2
Apple mac_os_x 10.1.5
Apple mac_os_x 10.9.1
Apple mac_os_x 10.12.6
Apple mac_os_x 10.6.6
Apple mac_os_x 10.9.3
Apple mac_os_x 10.12.4
Apple mac_os_x 10.11.1
Apple mac_os_x 10.5.8
Apple mac_os_x 10.1.1
Apple mac_os_x 10.6.4
Apple mac_os_x 10.12.2
Apple mac_os_x 10.11.3
Apple mac_os_x 10.1.3
Apple mac_os_x 10.6.2
Apple mac_os_x 10.12.0
Apple mac_os_x 10.11.5
Apple mac_os_x 10.6.0
Apple mac_os_x 10.14.2
Apple mac_os_x 10.4.10
Apple mac_os_x 10.3.7
Apple mac_os_x 10.5.0
Apple mac_os_x 10.14
Apple mac_os_x 10.3.5
Apple mac_os_x 10.5.2
Apple mac_os_x 10.8.0
Apple mac_os_x 10.3.3
Apple mac_os_x 10.5.4
Apple mac_os_x 10.6.8
Apple mac_os_x 10.8.2
Apple mac_os_x 10.3.1
Apple mac_os_x 10.5.6
Apple mac_os_x 10.0.0
Apple mac_os_x -
Apple mac_os_x 10.12
Apple mac_os_x 10.8.4
Apple mac_os_x 10.13.3
Apple mac_os_x 10.0.2
Apple mac_os_x 10.10.5
Apple mac_os_x 10.13.1
Apple mac_os_x 10.4.5
Apple mac_os_x 10.0.4
Apple mac_os_x 10.4.7
Apple mac_os_x 10.10.1
Apple mac_os_x 10.3.9
Apple mac_os_x 10.4.1
Apple mac_os_x 10.10.3
Apple mac_os_x 10.7.2
Apple mac_os_x 10.4.3
Apple mac_os_x 10.5
Apple mac_os_x 10.7.0
Apple mac_os_x 10.2.2
Apple mac_os_x 10.2.0
Apple mac_os_x 10.9.4
Apple mac_os_x 10.1
Apple mac_os_x 10.7.4
Apple mac_os_x 10.2.6
Apple mac_os_x 10.4.9
Netapp oncommand_workflow_automation -
Apple mac_os_x 10.3
Apple mac_os_x 10.1.4
Apple mac_os_x 10.2.4
Netapp snapdrive -
Apple mac_os_x 10.6.7
Apple mac_os_x 10.9.2
Apple mac_os_x 10.3.8
Apple mac_os_x 10.12.5
Apple mac_os_x 10.11.0
Apple mac_os_x 10.1.0
Apple mac_os_x 10.2.8
Apple mac_os_x 10.6.5
Apple mac_os_x 10.9
Apple mac_os_x 10.11.2
Apple mac_os_x 10.1.2
Apple mac_os_x 10.6.3
Apple mac_os_x 10.14.1
Apple mac_os_x 10.12.1
Apple mac_os_x 10.11.4
Apple mac_os_x 10.6.1
Apple mac_os_x 10.13.5
Apple mac_os_x 10.4.11
Apple mac_os_x 10.11.6
Apple mac_os_x 10.3.6
Apple mac_os_x 10.3.4
Apple mac_os_x 10.5.1
Apple mac_os_x 10.8.1
Canonical ubuntu_linux 12.04
Canonical ubuntu_linux 18.04
Canonical ubuntu_linux 16.04
Canonical ubuntu_linux 14.04
Debian debian_linux 9.0
Debian debian_linux 8.0
Perl perl 5.26.2
Canonical ubuntu_linux 17.10

HTTP:DIGIUM-ASTERISK-BO - HTTP: Digium Asterisk Management Interface HTTP Digest Authentication Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Digium Asterisk Management Interface. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2012-1184

Affected Products:

Digium asterisk 1.8.1.2
Digium asterisk 1.8.2.4
Digium asterisk 1.8.4.1
Digium asterisk 1.8.0 (beta1)
Digium asterisk 1.8.7.0 (rc2)
Digium asterisk 1.8.6.0 (rc1)
Digium asterisk 1.8.8.0 (rc1)
Digium asterisk 1.8.3 (rc3)
Digium asterisk 1.8.6.0 (rc3)
Digium asterisk 10.2.0 (rc3)
Digium asterisk 10.0.0 (rc1)
Digium asterisk 1.8.0 (beta3)
Digium asterisk 1.8.0 (beta2)
Digium asterisk 1.8.3 (rc1)
Digium asterisk 1.8.4.4
Digium asterisk 10.2.0 (rc2)
Digium asterisk 1.8.0 (rc5)
Digium asterisk 1.8.5 (rc1)
Digium asterisk 1.8.0 (rc2)
Digium asterisk 1.8.9.3
Digium asterisk 1.8.5.0
Digium asterisk 1.8.0 (beta4)
Digium asterisk 1.8.3 (rc2)
Digium asterisk 1.8.2.2
Digium asterisk 1.8.0 (rc3)
Digium asterisk 1.8.6.0 (rc2)
Digium asterisk 1.8.9.1
Digium asterisk 1.8.1.1
Digium asterisk 1.8.2
Digium asterisk 10.0.0 (rc2)
Digium asterisk 1.8.9.0 (rc1)
Digium asterisk 1.8.7.0 (rc1)
Digium asterisk 1.8.10.0 (rc2)
Digium asterisk 1.8.10.0 (rc4)
Digium asterisk 10.2.0 (rc1)
Digium asterisk 1.8.7.1
Digium asterisk 10.0.0 (beta2)
Digium asterisk 1.8.8.0 (rc3)
Digium asterisk 1.8.9.0 (rc2)
Digium asterisk 1.8.8.0 (rc2)
Digium asterisk 10.1.2
Digium asterisk 1.8.0 (rc4)
Digium asterisk 10.1.3
Digium asterisk 1.8.8.1
Digium asterisk 10.0.1
Digium asterisk 1.8.9.0 (rc3)
Digium asterisk 10.0.0 (beta1)
Digium asterisk 1.8.4 (rc2)
Digium asterisk 1.8.10.0 (rc1)
Digium asterisk 1.8.4 (rc1)
Digium asterisk 1.8.2.3
Digium asterisk 1.8.8.0 (rc5)
Digium asterisk 1.8.2.1
Digium asterisk 10.0.0 (rc3)
Digium asterisk 10.1.0 (rc1)
Digium asterisk 10.1.0 (rc2)
Digium asterisk 10.1.1
Digium asterisk 1.8.3.1
Digium asterisk 1.8.0 (beta5)
Digium asterisk 1.8.10.0 (rc3)
Digium asterisk 1.8.4 (rc3)
Digium asterisk 1.8.4.2
Digium asterisk 10.2.0 (rc4)
Digium asterisk 1.8.8.2
Digium asterisk 1.8.9.2
Digium asterisk 1.8.3.3
Digium asterisk 1.8.4.3
Digium asterisk 1.8.8.0 (rc4)
Digium asterisk 1.8.3.2

HTTP:STC:WECON-LEVI-SBO - HTTP: WECON LeviStudio InstallmentSet InstallmentTrigAddOpen Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the WECON LeviStudio InstallmentSet. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the User.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2019-6537

Affected Products:

We-con levistudiou 1.8.56

HTTP:NOVELL:NETMAIL-WEBADMIN - HTTP: Novell NetMail WebAdmin Username Stack Buffer Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in Novell Netmail WebAdmin. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2017-13696
bugtraq: 22857
url: http://download.novell.com/Download?buildid=sMYRODW09pw
cve: CVE-2007-1350

Affected Products:

Novell netmail 3.52e-ftfl
Novell netmail 3.52.0
Novell netmail 3.52.0 C1
Novell netmail 3.52.0 D
Novell netmail 3.52.0 C
Novell netmail 3.52.0 B
Novell netmail 3.52.0 A

OS:LINUXX86:NETFILTER-IPTBLE-BO - OS: Linux Kernel Netfilter iptables-restore Buffer Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in the Netfilter iptables. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the root user.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2019-11360

Affected Products:

Netfilter iptables 1.8.2

HTTP:STC:NTP-DECODENETNUM-AF - HTTP: Network Time Protocol Daemon decodenetnum Assertion Failure

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Network Time Protocol daemon (NTPD). A successful attack can lead to denial-of-service.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Ntp ntp 4.3.43
Ntp ntp 4.3.22
Ntp ntp 4.3.38
Ntp ntp 4.3.40
Ntp ntp 4.3.11
Ntp ntp 4.3.9
Ntp ntp 4.3.41
Ntp ntp 4.3.24
Ntp ntp 4.3.36
Ntp ntp 4.3.60
Ntp ntp 4.3.8
Ntp ntp 4.3.28
Ntp ntp 4.3.46
Ntp ntp 4.3.18
Ntp ntp 4.3.35
Ntp ntp 4.3.61
Ntp ntp 4.3.7
Ntp ntp 4.3.47
Ntp ntp 4.3.59
Ntp ntp 4.3.34
Ntp ntp 4.3.62
Ntp ntp 4.3.6
Ntp ntp 4.3.71
Ntp ntp 4.3.44
Ntp ntp 4.3.58
Ntp ntp 4.3.33
Ntp ntp 4.3.63
Ntp ntp 4.3.5
Ntp ntp 4.3.45
Ntp ntp 4.3.32
Ntp ntp 4.3.64
Ntp ntp 4.3.4
Ntp ntp 4.3.31
Ntp ntp 4.3.29
Ntp ntp 4.3.3
Ntp ntp 4.3.1
Ntp ntp 4.3.17
Ntp ntp 4.3.55
Ntp ntp 4.3.30
Ntp ntp 4.3.66
Ntp ntp 4.3.37
Ntp ntp 4.2.2
Ntp ntp 4.3.65
Ntp ntp 4.3.54
Ntp ntp 4.3.69
Ntp ntp 4.3.67
Ntp ntp 4.2.4
Ntp ntp 4.2.6
Ntp ntp 4.3.13
Ntp ntp 4.3.23
Ntp ntp 4.3.57
Ntp ntp 4.3.68
Ntp ntp 4.2.5
Ntp ntp 4.2.7p444
Ntp ntp 4.3.56
Ntp ntp 4.3.48
Ntp ntp 4.3.25
Ntp ntp 4.3.19
Ntp ntp 4.3.74
Ntp ntp 4.3.51
Ntp ntp 4.3.49
Ntp ntp 4.3.26
Ntp ntp 4.3.72
Ntp ntp 4.3.50
Ntp ntp 4.3.27
Ntp ntp 4.3.12
Ntp ntp 4.2.7
Ntp ntp 4.3.16
Ntp ntp 4.3.53
Ntp ntp 4.3.0
Ntp ntp 4.3.20
Ntp ntp 4.3.10
Ntp ntp 4.3.39
Ntp ntp 4.3.70
Ntp ntp 4.3.73
Ntp ntp 4.3.2
Ntp ntp 4.2.8
Ntp ntp 4.2.0
Ntp ntp 4.3.21
Ntp ntp 4.3.14
Ntp ntp 4.3.76
Ntp ntp 4.3.52
Ntp ntp 4.3.42
Ntp ntp 4.3.15
Ntp ntp 4.3.75

SSL:OPENSSL-CVE-2017-3730 - SSL: OpenSSL invalid Diffie-Hellman Parameter NULL Pointer Dereference

Severity: HIGH

Description:

A NULL pointer dereference vulnerability exists in OpenSSL. Successful exploitation results in a denial of service condition on the affected service.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1

References:

url: https://github.com/guidovranken/cve-2017-3730
bugtraq: 95812
cve: CVE-2017-3730

Affected Products:

Oracle jd_edwards_enterpriseone_tools 9.2
Oracle jd_edwards_world_security a9.3
Oracle communications_application_session_controller 3.8.0
Oracle jd_edwards_world_security a9.4
Oracle communications_operations_monitor 3.4
Oracle agile_engineering_data_management 6.1.3
Oracle communications_application_session_controller 3.7.1
Oracle communications_operations_monitor 4.0
Oracle jd_edwards_world_security a9.1
Oracle communications_eagle_lnp_application_processor 10.2
Oracle agile_engineering_data_management 6.2.0
Oracle communications_eagle_lnp_application_processor 10.0
Oracle jd_edwards_world_security a9.2
Oracle communications_eagle_lnp_application_processor 10.1
Openssl openssl 1.1.0a
Openssl openssl 1.1.0b
Openssl openssl 1.1.0c
Openssl openssl 1.1.0

DB:ORACLE:SYS:PBSDE-INIT-OF - DB: Oracle sys.pbsde.init Procedure Buffer Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Oracle database servers. An over-long parameter sent to the sys.pbsde.init procedure, can allow code to be injected into the server's memory. The injected code is executed with the privileges of the user "System" on windows based platforms and the user "Oracle" on Unix based platforms. An unsuccessful attack can terminate the application and create a denial-of-service condition of the database server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.red-database-security.com/advisory/details_oracle_cpu_october.html
url: http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
bugtraq: 15134
cve: CVE-2005-0873
cve: CVE-2005-3438

Affected Products:

Oracle oracle9i_application_server 9.0.3 .1
Oracle oracle9i_enterprise_edition 9.0.1 .4
Oracle oracle9i_standard_edition 9.2.0 .6
Oracle oracle9i_enterprise_edition 9.0.1 .5 FIPS
Oracle oracle9i_personal_edition 9.0.1 .5 FIPS
Oracle oracle9i_standard_edition 9.0.1 .5 FIPS
Oracle enterprise_manager_grid_control_10g 10.1.0 .4
Oracle application_server_10g 9.0.4 .2
Oracle oracle9i_application_server_web_cache 9.0.3 .1
Oracle oracle9i_application_server_web_cache 9.0.2 .3
Hp hp-ux 11.23.0
Oracle collaboration_suite_release_1 10.1.1
Oracle clinical 4.5.0
Oracle clinical 4.5.1
Oracle enterprise_manager_application_server_control 9.0.4 .2
Oracle oracle9i_application_server 9.2.0 .0.7
Oracle developer_suite 9.0.2 .1
Oracle developer_suite 9.0.4 .2
Oracle oracle10g_standard_edition 10.1.0 .4.2
Peoplesoft peopletools 8.46.3
Peoplesoft crm 8.8.1
Peoplesoft crm 8.9.0
Oracle jd_edwards_enterpriseone 8.95.0 B1
Oracle jd_edwards_enterpriseone 8.94.0 Q1
Oracle jd_edwards_enterpriseone SP23 K1
Oracle application_server 10.1.2.0.2
Oracle oracle9i_enterprise_edition 9.0.1 .5
Oracle oracle9i_personal_edition 9.0.1 .5
Oracle oracle9i_standard_edition 9.0.1 .5
Oracle e-business_suite_11i 11.5.10
Peoplesoft peopletools 8.20.7
Peoplesoft peopletools 8.45.5
Oracle oracle8 8.0.6
Hp hp-ux B.11.11
Oracle oracle9i_standard_edition 9.0.1 .4
Oracle oracle8i_standard_edition 8.0.6 .3
Hp hp-ux B.11.23
Oracle oracle10g_enterprise_edition 10.1.0 .0.3.1
Oracle oracle10g_application_server 10.1.0 .0.3
Oracle oracle10g_application_server 10.1.0 .0.3.1
Oracle oracle10g_enterprise_edition 10.1.0 .0.3
Oracle oracle10g_personal_edition 10.1.0 .0.3
Oracle oracle10g_standard_edition 10.1.0 .0.3
Oracle e-business_suite_11i 11.5.0
Oracle oracle9i_personal_edition 9.2.0 .6
Oracle oracle9i_enterprise_edition 9.2.0.6.0
Oracle oracle9i_application_server 9.2.0 .0.6
Oracle oracle8i_standard_edition 8.0.6
Oracle collaboration_suite_release_2 9.0.4 .2
Oracle oracle10g_application_server 10.1.2
Oracle oracle8 8.0.6 .3
Oracle oracle10g_enterprise_edition 10.1.0 .0.4
Oracle oracle10g_standard_edition 10.1.0 .0.4
Oracle application_server_release_2 9.0.2 .3
Peoplesoft peopletools 8.43.0
Peoplesoft peopletools 8.20.0
Oracle oracle10g_standard_edition 10.1.0 .0.2
Oracle oracle10g_personal_edition 10.1.0 .0.2
Oracle oracle10g_enterprise_edition 10.1.0 .0.2
Oracle oracle10g_application_server 10.1.0 .0.2
Hp hp-ux 11.11.0
Peoplesoft peopletools 8.40.0
Peoplesoft peopletools 8.10.0
Peoplesoft peopletools 8.11.0
Peoplesoft peopletools 8.12.0
Peoplesoft peopletools 8.13.0
Peoplesoft peopletools 8.41.0
Peoplesoft peopletools 8.15.0
Peoplesoft peopletools 8.16.0
Peoplesoft peopletools 8.18.0
Peoplesoft peopletools 8.42.0
Oracle e-business_suite_11i 11.5.1
Oracle e-business_suite_11i 11.5.2
Oracle e-business_suite_11i 11.5.3
Oracle e-business_suite_11i 11.5.4
Oracle e-business_suite_11i 11.5.5
Oracle e-business_suite_11i 11.5.6
Oracle e-business_suite_11i 11.5.7
Oracle e-business_suite_11i 11.5.8
Oracle e-business_suite_11i 11.5.9
Oracle e-business_suite 11.0.0
Peoplesoft peopletools 8.19.0
Oracle application_server_release_2 10.1.2 .0.0
Oracle application_server_release_2 10.1.2 .0.1
Oracle application_server_release_2 10.1.2 .0.2
Oracle oracle10g_enterprise_edition 10.1.0.4.2
Oracle collaboration_suite_release_1
Oracle enterprise_manager_database_control_10g 10.1.0 .0.4
Oracle enterprise_manager_database_control_10g 10.1.0 .0.3
Oracle oracle10g_application_server 10.1.0 .0.4
Oracle enterprise_manager_application_server_control 9.0.4 .1
Oracle workflow 11.5.1
Oracle workflow 11.5.9 .5
Oracle oracle9i_application_server 9.0.2 .3
Oracle developer_suite 9.0.4 .1
Oracle developer_suite 10.1.2
Peoplesoft peopletools 8.17.0
Oracle oracle8 8.1.7 .4
Oracle oracle9i_enterprise_edition 9.2.0.7.0
Oracle oracle9i_personal_edition 9.2.0 .7
Peoplesoft peopletools 8.14.0
Oracle peoplesoft_enterprise_customer_relationship_manage 8.9
Oracle oracle9i_enterprise_edition 9.2.0 .0.5
Oracle oracle9i_personal_edition 9.2.0 .0.5
Oracle oracle9i_standard_edition 9.2.0 .0.5
Oracle oracle8i_enterprise_edition 8.1.7.4.0
Oracle oracle10g_personal_edition 10.1.0 .0.3.1
Oracle oracle10g_standard_edition 10.1.0 .0.3.1
Oracle application_server_10g 9.0.4
Oracle application_server_10g 9.0.4 .1
Oracle oracle10g_personal_edition 10.1.0 .0.4
Oracle application_server_release_2 9.0.2 .1
Oracle oracle_9i_application_server_release_1 1.0.2 .2
Oracle enterprise_manager_grid_control_10g 10.1.0 .3
Oracle enterprise_manager 9.0.4 .1
Oracle oracle8i_standard_edition 8.1.7 .4
Oracle oracle9i_personal_edition 9.0.1 .4

APP:BLUECOAT-AAA-OF - APP: Blue Coat Authentication and Authorization Agent Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Blue Coat Authentication and Authorization Agent. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service.

Supported On:

References:

url: https://kb.bluecoat.com/index?page=content&id=SA55
url: http://seclists.org/bugtraq/2011/Jul/44
cve: CVE-2011-5124

RTSP:OVERFLOW:RTSP-CONTENT - RTSP: Apple QuickTime RTSP Content-Type Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in Apple QuickTime. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 26549
cve: CVE-2007-6166

Affected Products:

Gentoo linux
Gentoo media-libs/win32codecs 20071007-r2
Linden_research,_inc. second_life_viewer
Linden_research,_inc. second_life_viewer 1.18.5.3
Apple quicktime_player 7.3

IMAP:OVERFLOW:MERCURY-LOGIN - IMAP: Mercury Login Buffer Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Mercury Mail Transport System. A successful attack allows attackers to execute arbitrary code through a long LOGIN command. The foundation for this signature comes from the public PoC for Metasploit.

Supported On:

References:

cve: CVE-2007-1373
bugtraq: 21110
cve: CVE-2006-5961
cve: CVE-1999-1557

Affected Products:

Pegasus_mail mercury_mail_transport_system 4.01b

HTTP:XIPH-CAST-URL-AUTH-1 - HTTP: Xiph.org Icecast Server auth_url Stack Buffer Overflow (1)

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Icecast server. The vulnerability is due to improper offset calculations while copying user-supplied data into a stack-based buffer within url_add_client in auth_url.c. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted HTTP request to the target server. Successful exploitation could potentially lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

TELNET:DOS:GAMSOFT - Telnet: GAMSoft Telsrv DoS

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known flaw in GAMSoft Telsrv. A successful exploit would result in a Denial of Service (DoS).

Supported On:

References:

bugtraq: 1478
cve: CVE-2000-0665
cve: CVE-2015-0014
url: http://cdn.simtel.net/pub/simtelnet/win95/inetmisc/telsrv15.zip

Affected Products:

Gamsoft telsrv 1.4.0
Gamsoft telsrv 1.5.0

TELNET:OVERFLOW:BSD-ENCRY-KEYID - TELNET: Multiple Vendors BSD telnetd Encryption Key Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in BSD telnetd. The vulnerability is due to the copying of an encryption key into a fixed-length buffer without validation of the key's length. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted packet to telnetd. A successful exploitation attempt could result in the execution of arbitrary code in the security context of the Telnet daemon.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 51182
cve: CVE-2011-4862
url: http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
url: http://rhn.redhat.com/errata/RHSA-2011-1851.html
url: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt

Affected Products:

Red_hat enterprise_linux_desktop 6
Red_hat enterprise_linux_hpc_node 6
Red_hat enterprise_linux_desktop 5 Client
Red_hat enterprise_linux_workstation 6
Mit kerberos_5 1.7.1
Mit kerberos_5 1.3.0 -Alpha1
Mit kerberos_5 1.2.2
Mit kerberos_5 1.2.0
Freebsd freebsd 7.3-RELEASE
Freebsd freebsd 8.0-RC1
Freebsd freebsd 8.0
Freebsd freebsd 7.4-STABLE
Freebsd freebsd 7.4-RELEASE-p2
Freebsd freebsd 8.2-STABLE
Mit kerberos_5 1.0.8
Freebsd freebsd 8.2-RELEASE-p2
Freebsd freebsd 7.3-RELEASE-p6
Mit kerberos_5 1.6.3
Freebsd freebsd 7.1-RELEASE-P6
Freebsd freebsd 7.2-RELEASE-P1
Freebsd freebsd 7.2-STABLE
Freebsd freebsd 8.2-RELEASE-p1
Suse suse_core_9_for_x86
Mit kerberos_5 1.3.4
Mit kerberos_5 1.5.1
Mit kerberos_5 1.2.5
Mit kerberos_5 1.2.4
Mit kerberos_5 1.2.3
Mit kerberos_5 1.0.6
Freebsd freebsd 7.1 -RELEASE-P2
Mandriva linux_mandrake 2011
Suse suse_linux_enterprise_desktop 10 SP4
Suse suse_linux_enterprise_sdk 10 SP4
Suse suse_linux_enterprise_server 10 SP4
Red_hat enterprise_linux_server 6
Freebsd freebsd 9.0-RC3
Freebsd freebsd 9.0-STABLE
Freebsd freebsd 9.0-RELEASE
Mit kerberos_5 1.6.4
Oracle enterprise_linux 5
Oracle enterprise_linux 6
Suse core 9
Mit kerberos_5 1.6.0
Freebsd freebsd 7.0-RELEASE
Freebsd freebsd 7.0-STABLE
Mit kerberos_5 1.6.1
Mit kerberos_5 1.4.0
Red_hat fedora 16
Suse suse_linux_enterprise_server_for_vmware 11 SP1
Freebsd freebsd 7.0 BETA4
Oracle enterprise_linux 4
Red_hat enterprise_linux_server 6.0.z
Freebsd freebsd 8.0-RELEASE
Freebsd freebsd 7.2-RELEASE-P4
Freebsd freebsd 7.0
Freebsd freebsd 7.1
Freebsd freebsd 7.0-RELEASE-P3
Freebsd freebsd 7.1 Rc1
Freebsd freebsd 8.0-STABLE
Mit kerberos_5 1.5.0
Mit kerberos_5 1.2.2 -Beta1
Mit kerberos_5 1.2.6
Suse suse_linux_enterprise_server 11 SP1
Suse suse_linux_enterprise_sdk 11 SP1
Mit kerberos_5 1.0.0
Mit kerberos_5 1.1.0
Freebsd freebsd 8.1-RELEASE-p4
Freebsd freebsd 8.1-RELEASE
Freebsd freebsd 8.1-PRERELEASE
Freebsd freebsd 7.3-RELEASE-P1
Freebsd freebsd 7.3-STABLE
Freebsd freebsd 7.0-RELEASE-P12
Freebsd freebsd 7.1-RELEASE-P5
Freebsd freebsd 7.2-RC2
Red_hat enterprise_linux_as 4
Red_hat fedora 15
Freebsd freebsd 7.0 -PRERELEASE
Freebsd freebsd 7.0 -RELENG
Suse opensuse 11.4
Mit kerberos_5 1.3.6
Freebsd freebsd 7.0-RELEASE-P8
Freebsd freebsd 7.1-STABLE
Mit kerberos_5 1.5.5
Freebsd freebsd 7.1 -PRE-RELEASE
Mandriva enterprise_server 5
Mit kerberos_5 1.3.0
Red_hat enterprise_linux_desktop_workstation 5 Client
Red_hat enterprise_linux 5 Server
Debian linux 6.0 ia-32
Debian linux 6.0 amd64
Debian linux 6.0 arm
Debian linux 6.0 powerpc
Debian linux 6.0 sparc
Debian linux 6.0 ia-64
Debian linux 6.0 mips
Cisco ironport_email_security_appliance_x-series
Debian linux 6.0 s/390
Freebsd freebsd 7.3 - RELEASE - p7
Freebsd freebsd 8.2-STABLE
Freebsd freebsd 8.2 - RELEASE -p3
Freebsd freebsd 8.1-RELEASE-p5
Freebsd freebsd 9.0-RC1
Suse suse_linux_enterprise_desktop 11 SP1
Gentoo linux
Mit kerberos_5 1.7
Freebsd freebsd 8.1
Red_hat enterprise_linux_desktop 4.0
Suse suse_linux_enterprise_server 10 SP3 LTSS
Mit kerberos_5 1.1.1
Suse suse_linux_enterprise_server 10 SP2
Mit kerberos_5 1.6.2
Mit kerberos_5 1.5.4
Mit kerberos_5 1.5.2
Mit kerberos_5 1.5.3
Mit kerberos_5 1.3.5
Mit kerberos_5 1.2.8
Red_hat enterprise_linux_es 4
Mit kerberos_5 1.3.2
Cisco ironport_email_security_appliance_c-series 7.0.1
Cisco ironport_email_security_appliance_x-series 7.0.1
Cisco ironport_email_security_appliance_c-series
Mandriva linux_mandrake 2010.1 X86 64
Mandriva linux_mandrake 2010.1
Freebsd freebsd 7.0 -RELEASE-P9
Freebsd freebsd 7.4 -RELEASE-p3
Cisco ironport_security_management_appliance
Mandriva linux_mandrake 2011 x86_64
Oracle enterprise_linux 6.2
Freebsd freebsd 8-RELENG
Freebsd freebsd 8.1-STABLE
Freebsd freebsd 8.0 -RELEASE-p5
Freebsd freebsd 8.1-RELEASE-p1
Freebsd freebsd 8.1-RELENG
Freebsd freebsd 7.3-RELENG
Freebsd freebsd 7.1 -RELEASE-P1
Freebsd freebsd 7.3-RELEASE-p3
Freebsd freebsd 7.1 -RELEASE-p14
Mit kerberos_5 1.7.2
Mit kerberos_5 1.4.1
Mit kerberos_5 1.4.2
Mit kerberos_5 1.4.3
Mit kerberos_5 1.2.1
Freebsd freebsd 7.1-RELENG
Mit kerberos_5 1.2.7
Suse opensuse 11.3
Mandriva enterprise_server 5 X86 64
Mit kerberos_5 1.3.1
Red_hat enterprise_linux_ws 4
Freebsd freebsd 7.2
Freebsd freebsd 7.3
Freebsd freebsd 7.4
Mit kerberos_5 1.3.3
Freebsd freebsd 8.2
Vmware esx 4.0
Freebsd freebsd 7.2-PRERELEASE
Freebsd freebsd 7.1-RELEASE-P4
Freebsd freebsd 7.0-RELEASE-P11

IMAP:OVERFLOW:MAILENABLE-APPEND - IMAP: MailEnable Append Buffer Overflow Vulnerability

Severity: MEDIUM

Description:

This signature detects attempts to exploit a known buffer overflow vulnerability in MailEnable application. It is due to insufficient bound checking on a user-supplied buffer length value in a APPEND command. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the MailEnable application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 22792
cve: CVE-2006-6425

Affected Products:

Mailenable mailenable_professional 2.35
Mailenable mailenable_professional 2.33
Mailenable mailenable_professional 2.37
Mailenable mailenable_professional 2.32

HTTP:DIR:FILEMGR-DIRTRV - HTTP: Responsive FileManager Zip Directory Traversal

Severity: HIGH

Description:

A zip directory traversal vulnerability has been reported in Responsive FileManager. Successful exploitation could result in the creation or overwriting of files writable by the user running FileManager, leading to the possibility of arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2018-15536
url: https://www.responsivefilemanager.com/
url: https://seclists.org/fulldisclosure/2018/aug/34

Affected Products:

Tecrail responsive_filemanager 9.8.1
Tecrail responsive_filemanager 9.12.1
Tecrail responsive_filemanager 9.12.0
Tecrail responsive_filemanager 9.7.3
Tecrail responsive_filemanager 9.9.0
Tecrail responsive_filemanager 9.8
Tecrail responsive_filemanager 9.9.1
Tecrail responsive_filemanager 9.7.2
Tecrail responsive_filemanager 9.9.2
Tecrail responsive_filemanager 9.10.2
Tecrail responsive_filemanager 9.9.3
Tecrail responsive_filemanager 9.10.1
Tecrail responsive_filemanager .9.14.0
Tecrail responsive_filemanager 9.10.0
Tecrail responsive_filemanager .9.10.1
Tecrail responsive_filemanager 9.9.5
Tecrail responsive_filemanager 9.13.0
Tecrail responsive_filemanager 9.9.6
Tecrail responsive_filemanager 9.6.0
Tecrail responsive_filemanager 9.12.2
Tecrail responsive_filemanager 9.13.1
Tecrail responsive_filemanager 9.9.4
Tecrail responsive_filemanager 9.9.7
Tecrail responsive_filemanager 9.13.3
Tecrail responsive_filemanager 9.11.3
Tecrail responsive_filemanager 9.11.0

APP:CITRIX:PROVISIONINGSERV-UF - APP: Citrix Provisioning Services streamprocess.exe Integer Underflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known flaw in Citrix Provisioning Service. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to the target service. A successful attack may allow execution of arbitrary code on the target machine within the security context of the service, which is SYSTEM. If the attack is not successful, the vulnerable service may terminate abnormally, causing a denial-of-service condition.

Supported On:

References:

url: http://support.citrix.com/article/CTX130846
bugtraq: 49803

Affected Products:

Citrix provisioning_services 5.6
Citrix provisioning_services 5.6 SP1

DB:MYSQL:GRANT-FILE-BO - DB: Oracle MySQL Grant File Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle MySQL database server. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Supported On:

References:

url: http://www.oracle.com/us/products/mysql/index.html
cve: CVE-2012-5611

Affected Products:

Mariadb mariadb 5.1.50
Mariadb mariadb 5.3.0
Mariadb mariadb 5.1.49
Mariadb mariadb 5.1.51
Mariadb mariadb 5.3.1
Oracle mysql 5.5.19
Mariadb mariadb 5.5.25
Mariadb mariadb 5.1.61
Mariadb mariadb 5.1.53
Mariadb mariadb 5.5.24
Mariadb mariadb 5.2.8
Mariadb mariadb 5.1.60
Mariadb mariadb 5.2.11
Mariadb mariadb 5.5.27
Mariadb mariadb 5.2.3
Mariadb mariadb 5.1.55
Mariadb mariadb 5.2.2
Mariadb mariadb 5.1.62
Mariadb mariadb 5.2.5
Mariadb mariadb 5.5.21
Mariadb mariadb 5.2.1
Mariadb mariadb 5.2.12
Mariadb mariadb 5.5.20
Mariadb mariadb 5.2.0
Mariadb mariadb 5.5.23
Mariadb mariadb 5.2.7
Mariadb mariadb 5.5.22
Mariadb mariadb 5.2.6
Mariadb mariadb 5.1.42
Mariadb mariadb 5.3.8
Oracle mysql 5.1.53
Mariadb mariadb 5.1.41
Mariadb mariadb 5.3.9
Mariadb mariadb 5.3.6
Mariadb mariadb 5.3.10
Mariadb mariadb 5.1.47
Mariadb mariadb 5.2.10
Mariadb mariadb 5.3.7
Mariadb mariadb 5.2.9
Mariadb mariadb 5.1.44
Mariadb mariadb 5.5.28
Mariadb mariadb 5.3.5
Mariadb mariadb 5.3.4
Mariadb mariadb 5.2.4
Mariadb mariadb 5.3.2
Mariadb mariadb 5.3.3

HTTP:STC:DL:WORDPAD-FONT-CONV - HTTP: Microsoft Wordpad Font Conversion Buffer Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in the Microsoft Wordpad. A successful attack can lead to a buffer overflow and arbitrary remote code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.1.134269, vsrx-15.1

References:

bugtraq: 11929
cve: CVE-2004-0901

Affected Products:

Microsoft windows_2000 (sp2)
Microsoft windows_nt 4.0 (sp1:workstation)
Microsoft windows_2003_server r2
Microsoft windows_2000 (sp2:datacenter_server)
Microsoft windows_2000 (:professional)
Microsoft windows_nt 4.0 (sp2:workstation)
Microsoft windows_nt 4.0 (:workstation)
Microsoft windows_xp (:64-bit)
Microsoft windows_2000 (sp1:server)
Microsoft windows_nt 4.0 (sp6a:workstation)
Microsoft windows_2000 (:server)
Microsoft windows_xp (sp1)
Microsoft windows_2000 (sp4:professional)
Microsoft windows_nt 4.0 (sp3:workstation)
Microsoft windows_nt 4.0 (:terminal_server)
Microsoft windows_nt 4.0 (sp1:server)
Microsoft windows_98 (gold)
Microsoft windows_nt 4.0 (sp6:terminal_server)
Microsoft windows_2000 (sp4)
Microsoft windows_2003_server r2 (:64-bit)
Microsoft windows_xp (sp2)
Microsoft windows_2003_server standard
Microsoft windows_nt 4.0 (sp6a)
Microsoft windows_nt 4.0 (sp6:workstation)
Microsoft windows_2000 (sp3:professional)
Microsoft windows_2000 (sp1:professional)
Microsoft windows_2000 (sp3:datacenter_server)
Microsoft windows_2000 (sp4:advanced_server)
Microsoft windows_nt 4.0 (sp1:terminal_server)
Microsoft windows_2000 (sp3:advanced_server)
Microsoft windows_nt 4.0 (sp6)
Microsoft windows_nt 4.0 (sp5:server)
Microsoft windows_2000 (sp2:server)
Microsoft windows_nt 4.0 (sp4)
Microsoft windows_nt 4.0 (sp5)
Microsoft windows_nt 4.0 (sp4:enterprise_server)
Microsoft windows_nt 4.0 (sp2)
Microsoft windows_nt 4.0 (:enterprise_server)
Microsoft windows_2000 (sp3)
Microsoft windows_nt 4.0 (sp1)
Microsoft windows_2003_server web
Microsoft windows_nt 4.0 (sp3:server)
Microsoft windows_nt 4.0 (sp4:terminal_server)
Microsoft windows_2000 (:advanced_server)
Microsoft windows_2003_server r2 (:datacenter_64-bit)
Microsoft windows_2003_server enterprise_64-bit
Microsoft windows_xp (gold)
Microsoft windows_nt 4.0 (sp6a:server)
Microsoft windows_2003_server standard (:64-bit)
Microsoft windows_nt 4.0 (sp2:enterprise_server)
Microsoft windows_2000 (:datacenter_server)
Microsoft windows_2003_server enterprise (:64-bit)
Microsoft windows_xp (sp1:home)
Microsoft windows_xp (sp2:home)
Microsoft windows_nt 4.0 (sp4:workstation)
Microsoft windows_nt 4.0 (sp2:terminal_server)
Microsoft windows_2000 (sp4:server)
Microsoft windows_2000 (sp3:server)
Microsoft windows_nt 4.0 (sp6:enterprise_server)
Microsoft windows_nt 4.0 (sp2:server)
Microsoft windows_xp (:home)
Microsoft windows_nt 4.0 (sp3)
Microsoft windows_nt 4.0 (sp6:server)
Microsoft windows_2000 (sp1)
Microsoft windows_nt 4.0 (sp3:terminal_server)
Microsoft windows_2000 (sp1:advanced_server)
Microsoft windows_xp (gold:professional)
Microsoft windows_2000 (sp4:datacenter_server)
Microsoft windows_xp (sp1:64-bit)
Microsoft windows_nt 4.0 (sp5:enterprise_server)
Microsoft windows_nt 4.0 (sp6a:enterprise_server)
Microsoft windows_nt 4.0 (sp3:enterprise_server)
Microsoft windows_nt 4.0
Microsoft windows_me
Microsoft windows_nt 4.0 (:server)
Microsoft windows_2000 (sp2:professional)
Microsoft windows_nt 4.0 (sp4:server)
Microsoft windows_nt 4.0 (sp5:terminal_server)
Microsoft windows_nt 4.0 (sp1:enterprise_server)
Microsoft windows_nt 4.0 (sp5:workstation)
Microsoft windows_98se
Microsoft windows_2000 (sp1:datacenter_server)
Microsoft windows_2000 (sp2:advanced_server)
Microsoft windows_2003_server enterprise

APP:ORACLE:GOLDENGATE-BOF - APP: Oracle GoldenGate Manager Command Stack Buffer Overflow

Severity: HIGH

Description:

A stack-based buffer overflow exists in Oracle GoldenGate Manager. The vulnerability is due an input validation error when processing overly long command name. Successful exploitation could lead to arbitrary code execution

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Oracle goldengate 12.2.0.2.0
Oracle goldengate 12.3.0.1.0
Oracle goldengate 12.1.2.1.0

HTTP:STC:DL:GDI-WMF-ID - HTTP: Microsoft Graphics Component CVE-2018-8472 Information Disclosure

Severity: MEDIUM

Description:

An information disclosure vulnerability exists in the GDI components of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing a user to open a specially crafted document, or webpage. Successful exploitation could result in the disclosure of information that can be used to circumvent Address Space Layout Randomization (ASLR) in Windows.

Supported On:

References:

cve: CVE-2018-8472

Affected Products:

Microsoft windows_8.1 *
Microsoft windows_10 1607
Microsoft windows_rt_8.1 -
Microsoft windows_10 1803
Microsoft windows_10 1809
Microsoft windows_server_2019 -
Microsoft windows_server_2016 1709
Microsoft windows_server_2016 1803
Microsoft windows_server_2008 r2
Microsoft windows_server_2012 -
Microsoft windows_10 1709
Microsoft windows_7 -
Microsoft windows_10 -
Microsoft windows_10 1703
Microsoft windows_server_2016 -
Microsoft windows_server_2008 -
Microsoft windows_server_2012 r2

HTTP:PHP:CVE-2016-10159-IOV - HTTP: PHP phar_parse_pharfile Function filename_len Property Integer Overflow

Severity: HIGH

Description:

An integer overflow vulnerability, which leads to a buffer over read, has been reported in PHP. Successful exploitation could lead to denial of service of the affected system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 95774
cve: CVE-2016-10159

Affected Products:

Php php 7.0.1
Php php 7.0.12
Php php 7.0.0
Php php 7.0.11
Php php 7.0.5
Php php 5.6.29
Php php 7.0.7
Php php 7.0.3
Php php 7.0.4
Php php 7.0.10
Php php 7.0.2
Php php 7.0.9
Php php 7.0.14
Php php 7.0.8
Php php 7.0.13
Php php 7.0.6

DB:ORACLE:XML-SCHEMA-OF - DB: Oracle XML SCHEMA Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Oracle Database Server product. It is due to insufficient validation of the arguments supplied to DBMS_XMLSCHEMA packages. in a successful attack, a remote attacker with valid user credentials can exploit this to execute arbitrary code with database server process privileges.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 16287
url: http://www.argeniss.com/research/ARGENISS-ADV-010601.txt
url: http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
cve: CVE-2006-0272

Affected Products:

Oracle oracle9i_standard_edition 9.2.0 .6
Oracle oracle9i_enterprise_edition 9.0.1 .4
Oracle oracle8i_standard_edition 8.0.6
Oracle collaboration_suite_release_2 9.0.4 .2
Oracle e-business_suite_11i 11.5.9
Oracle oracle10g_application_server 9.0.4 .1
Oracle oracle10g_application_server 10.1.2
Oracle oracle8 8.0.6 .3
Oracle application_server_10g 9.0.4
Oracle oracle10g_enterprise_edition 10.1.0 .0.3
Oracle application_server_10g 9.0.4 .1
Oracle application_server_10g 10.1.2
Oracle workflow 11.5.1
Oracle workflow 11.5.9 .5
Oracle oracle10g_application_server 10.1.2 .0.1
Oracle developer_suite 9.0.4 .1
Oracle oracle10g_application_server 10.1.2 .1.0
Oracle developer_suite 10.1.2
Oracle collaboration_suite_release_1 10.1.2
Oracle jd_edwards_enterpriseone 8.95.0 F1
Oracle jd_edwards_enterpriseone SP23_L1
Oracle oracle10g_standard_edition 10.1.0 .0.5
Oracle oracle10g_standard_edition 10.2.0.1
Oracle oracle9i_standard_edition 9.2.0 .7
Peoplesoft enterprise_portal 8.4.0
Peoplesoft enterprise_portal 8.8.0
Peoplesoft enterprise_portal 8.9.0
Oracle enterprise_manager_grid_control_10g 10.1.0 .4
Oracle application_server_10g 9.0.4 .2
Oracle e-business_suite_11i 11.5.1
Oracle e-business_suite_11i 11.5.2
Oracle e-business_suite_11i 11.5.3
Oracle e-business_suite_11i 11.5.4
Oracle oracle8 8.1.7 .4
Oracle e-business_suite_11i 11.5.6
Oracle e-business_suite_11i 11.5.7
Oracle e-business_suite_11i 11.5.8
Oracle developer_suite 9.0.2 .1
Oracle developer_suite 9.0.4 .2
Oracle oracle10g_standard_edition 10.1.0 .4.2
Oracle oracle8 8.0.6
Oracle oracle9i_enterprise_edition 9.0.1 .5 FIPS
Oracle oracle8i_enterprise_edition 8.1.7.4.0
Hp oracle_for_openview 9.1.01
Oracle oracle10g_enterprise_edition 10.1.0 .0.4
Oracle oracle10g_standard_edition 10.1.0 .0.4
Oracle oracle10g_personal_edition 10.1.0 .0.4
Oracle e-business_suite_11i 11.5.10
Oracle enterprise_manager_grid_control_10g 10.1.0 .3
Oracle application_server_release_2 10.1.2 .0.1
Oracle oracle8i_standard_edition 8.0.6 .3
Oracle application_server_release_2 10.1.2 .0.2
Oracle application_server_release_2 10.1.2 .0.0
Oracle collaboration_suite_release_1 10.1.1
Oracle e-business_suite_11i 11.5.5
Oracle oracle9i_application_server 1.0.2 .2
Oracle oracle9i_enterprise_edition 9.0.1 .5
Oracle oracle8i_standard_edition 8.1.7 .4
Hp oracle_for_openview 8.1.7
Oracle oracle10g_personal_edition 10.1.0 .0.3
Oracle collaboration_suite_release_1
Oracle oracle10g_standard_edition 10.1.0 .0.3
Hp oracle_for_openview 9.2
Oracle oracle10g_application_server 10.1.2 .0.2
Oracle oracle_9i_application_server_release_1 1.0.2 .2
Oracle oracle10g_application_server 9.0.4 .2

HTTP:STC:DL:VISIO-OBJ-CONFUSION - HTTP: Microsoft Visio Object Type Confusion Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Visio. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.1.134269, vsrx-15.1

References:

cve: CVE-2012-0020
cve: CVE-2012-0136
bugtraq: 51906

Affected Products:

Microsoft visio_viewer_2010_(32-bit_edition) SP1
Microsoft visio_viewer_2010_(64-bit_edition)
Microsoft visio_viewer_2010_(64-bit_edition) SP1
Microsoft visio_viewer_2010_(32-bit_edition)

APP:MDAEMON:SEND-OF - SMTP: MDaemon Mail Server Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against the MDaemon mail server. MDaemon 6.7.9 and older versions are vulnerable. Attackers can send an overly long SMTP, SAML, SOML, or SEND command to overflow the buffer and crash the MDaemon service; attackers can also obtain complete server control with SYSTEM level access.

Supported On:

References:

url: http://securitytracker.com/id?1011386

APP:ORACLE:CVE-2017-10278-OF - APP: Oracle Tuxedo Jolt Protocol CVE-2017-10278 Heap Buffer Overflow

Severity: HIGH

Description:

A heap buffer vulnerability exists in Oracle's Tuxedo and PeopleSoft products. Successful exploitation will result in arbitrary code execution with the privileges of the server process.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Oracle tuxedo 12.1.3
Oracle tuxedo 11.1.1
Oracle tuxedo 12.2.2
Oracle tuxedo 12.1.1

RPC:EMC-LEGATO-NW-OF - RPC: EMC Legato NetWorker Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability in EMC's Legato NetWorker. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server (typically "root").

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 25375
cve: CVE-2007-3618

Affected Products:

Emc legato_networker 7.2.0
Emc legato_networker 7.2.1
Emc legato_networker 7.0.0
Emc legato_networker 7.3.2
Emc legato_networker 7.1.3

APP:ORACLE:OUTSIDE-JPEG2-CODCOC - APP: Oracle Outside In JPEG 2000 COD and COC Parameter Heap Buffer Overflow

Severity: HIGH

Description:

A heap buffer overflow vulnerability exists in Oracle Outside In, a set of libraries used to decode many file formats. The vulnerability is exposed when the product is used to handle JPEG 2000 files. Oracle Outside In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed JPEG 2000 file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.

Supported On:

References:

url: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
bugtraq: 50992
cve: CVE-2011-4516

Affected Products:

Mandriva linux_mandrake 2011 x86_64
Oracle enterprise_linux 4
Red_hat fedora 16
Ubuntu ubuntu_linux 11.04 amd64
Ubuntu ubuntu_linux 11.10 amd64
Ubuntu ubuntu_linux 11.10 i386
Ubuntu ubuntu_linux 11.04 powerpc
Ubuntu ubuntu_linux 10.04 Amd64
Red_hat enterprise_linux_desktop 6
Red_hat enterprise_linux_desktop_optional 6
Red_hat enterprise_linux_hpc_node 6
Jasper jasper 1.900
Red_hat enterprise_linux_server 6
Red_hat enterprise_linux_server_optional 6
Red_hat enterprise_linux_workstation 6
Red_hat enterprise_linux_workstation_optional 6
Oracle enterprise_linux 6
Ubuntu ubuntu_linux 10.10 i386
Avaya aura_experience_portal 6.0
Debian linux 6.0 powerpc
Ubuntu ubuntu_linux 10.04 ARM
Ubuntu ubuntu_linux 8.04 LTS Sparc
Red_hat enterprise_linux_as 4
Ubuntu ubuntu_linux 11.04 ARM
Red_hat enterprise_linux_ws 4
Red_hat enterprise_linux Desktop Version 4
Oracle outside_in 8.3.5.0
Mandriva linux_mandrake 2010.1 X86 64
Mandriva linux_mandrake 2010.1
Debian linux 6.0 amd64
Ubuntu ubuntu_linux 8.04 LTS Amd64
Ubuntu ubuntu_linux 8.04 LTS I386
Ubuntu ubuntu_linux 8.04 LTS Lpia
Red_hat enterprise_linux_desktop_workstation 5 Client
Red_hat enterprise_linux 5 Server
Oracle enterprise_linux 6.2
Symantec enterprise_vault 9.0.2
Mandriva enterprise_server 5
Suse suse_linux_enterprise_server_for_vmware 11 SP1
Ubuntu ubuntu_linux 10.10 amd64
Ubuntu ubuntu_linux 10.10 powerpc
Debian linux 6.0 arm
Red_hat fedora 15
Debian linux 6.0 sparc
Debian linux 6.0 ia-64
Debian linux 6.0 mips
Debian linux 6.0 s/390
Oracle outside_in 8.3.5.0
Suse suse_linux_enterprise_desktop 11 SP1
Ubuntu ubuntu_linux 8.04 LTS Powerpc
Jasper jasper 1.900.1
Gentoo linux
Suse opensuse 11.3
Ubuntu ubuntu_linux 11.04 i386
Mandriva enterprise_server 5 X86 64
Symantec enterprise_vault 10.0
Symantec enterprise_vault 9.0
Ubuntu ubuntu_linux 10.04 Sparc
Symantec enterprise_vault 9.0.1
Red_hat enterprise_linux_es 4
Red_hat enterprise_linux_desktop 5 Client
Jasper jasper 1.701
Mandriva linux_mandrake 2011
Ubuntu ubuntu_linux 10.10 ARM
Oracle outside_in 8.3.7
Suse suse_linux_enterprise_server 11 SP1
Ubuntu ubuntu_linux 10.04 I386
Suse suse_linux_enterprise_sdk 11 SP1
Oracle enterprise_linux 5
Debian linux 6.0 ia-32
Red_hat enterprise_linux_hpc_node_optional 6
Suse opensuse 11.4
Ubuntu ubuntu_linux 10.04 Powerpc

APP:MISC:AVAYA-WINPDM - APP: Avaya Windows Portable Device Manager Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Avaya WinPDM. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service.

Supported On:

References:

bugtraq: 47947
url: https://support.avaya.com/css/P8/documents/100140122
url: http://www.avaya.com
url: https://downloads.avaya.com/css/P8/documents/100140122
url: http://secunia.com/advisories/44062

Affected Products:

Avaya_inc. avayawinpdm 3.8.2

APP:HPOV:NNM-GETNNMDATA-OF - APP: HP OpenView Network Node Manager getnnmdata.exe Parameter Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the HP OpenView Network Node Manager. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.openview.hp.com/products/nnm/
bugtraq: 40072
bugtraq: 40070
bugtraq: 40071
cve: CVE-2010-1553
cve: CVE-2010-1554
cve: CVE-2010-1555
url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379

Affected Products:

Hp openview_network_node_manager 7.01
Hp openview_network_node_manager 7.51
Hp openview_network_node_manager 7.53

HTTP:STC:ADOBE:CVE-2017-16416CE - HTTP: Adobe Acrobat Reader CVE-2017-16416 Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to arbitrary code execution.

Supported On:

References:

cve: CVE-2017-16416
bugtraq: 101812

Affected Products:

Adobe acrobat 17.000.0000
Adobe acrobat 17.011.30056
Adobe acrobat_dc 15.000.0000
Adobe acrobat_reader_dc 17.000.0000
Adobe acrobat_dc 17.012.20096
Adobe acrobat_dc 15.006.30033
Adobe acrobat_reader_dc 15.006.30033
Adobe acrobat_reader 17.000.0000
Adobe acrobat_reader_dc 15.000.0000
Adobe acrobat 17.008.30051
Adobe acrobat_dc 17.000.0000
Adobe acrobat_reader 17.011.30059
Adobe acrobat_reader_dc 15.006.30119
Adobe acrobat_dc 17.012.20093
Adobe acrobat_reader_dc 15.006.30280
Adobe acrobat_dc 15.006.30354
Adobe acrobat_dc 15.016.20045
Adobe acrobat_reader_dc 15.006.30306
Adobe acrobat_reader_dc 15.006.30352
Adobe acrobat 11.0.22
Adobe acrobat_dc 15.009.20077
Adobe acrobat_reader_dc 15.009.20071
Adobe acrobat_dc 15.006.30306
Adobe acrobat_dc 15.006.30119
Adobe acrobat_reader_dc 15.006.30060
Adobe acrobat_dc 15.006.30352
Adobe acrobat_reader_dc 15.006.30354
Adobe acrobat_reader_dc 15.020.20039
Adobe acrobat_reader_dc 15.006.30094
Adobe acrobat_dc 15.009.20071
Adobe acrobat_reader_dc 17.012.20095
Adobe acrobat_reader_dc 15.009.20077
Adobe acrobat_reader_dc 15.006.30096
Adobe acrobat_reader_dc 15.023.20053
Adobe acrobat_dc 15.006.30060
Adobe acrobat_dc 15.020.20039
Adobe acrobat_reader_dc 15.009.20079
Adobe acrobat_dc 15.023.20056
Adobe acrobat_dc 15.006.30096
Adobe acrobat_dc 15.006.30094
Adobe acrobat_dc 15.023.20053
Adobe acrobat_dc 15.009.20079
Adobe acrobat_dc 15.006.30244
Adobe acrobat_dc 15.010.20056
Adobe acrobat_reader_dc 15.006.30201
Adobe acrobat_reader_dc 15.006.30244
Adobe acrobat_reader_dc 15.010.20056
Adobe acrobat_reader_dc 17.012.20098
Adobe acrobat_reader 17.011.30065
Adobe acrobat_reader_dc 15.017.20053
Adobe acrobat_reader_dc 15.006.30279
Adobe acrobat_dc 15.006.30172
Adobe acrobat_reader_dc 15.006.30174
Adobe acrobat_dc 17.012.20098
Adobe acrobat 17.011.30066
Adobe acrobat_dc 15.006.30174
Adobe acrobat_dc 15.023.20070
Adobe acrobat_reader 11.0.22
Adobe acrobat_reader_dc 15.006.30172
Adobe acrobat_reader_dc 15.023.20070
Adobe acrobat_reader_dc 15.010.20060
Adobe acrobat_dc 15.006.30279
Adobe acrobat_dc 17.009.20044
Adobe acrobat_dc 15.017.20053
Adobe acrobat_dc 15.010.20060
Adobe acrobat_dc 15.006.30355
Adobe acrobat_reader_dc 17.009.20044
Adobe acrobat 17.011.30059
Adobe acrobat_reader_dc 15.008.20082
Adobe acrobat_reader_dc 15.017.20050
Adobe acrobat_reader_dc 15.006.30355
Adobe acrobat_dc 15.008.20082
Adobe acrobat_reader_dc 15.006.30121
Adobe acrobat_reader_dc 15.006.30097
Adobe acrobat_reader_dc 15.016.20039
Adobe acrobat_reader_dc 15.006.30173
Adobe acrobat_dc 15.006.30097
Adobe acrobat_dc 15.006.30201
Adobe acrobat_reader_dc 15.023.20056
Adobe acrobat_reader_dc 15.020.20042
Adobe acrobat_dc 15.006.30121
Adobe acrobat_reader_dc 17.009.20058
Adobe acrobat_dc 15.016.20039
Adobe acrobat_reader_dc 15.006.30243
Adobe acrobat_dc 15.006.30243
Adobe acrobat_reader_dc 15.009.20069
Adobe acrobat_dc 15.020.20042
Adobe acrobat_reader_dc 15.006.30198
Adobe acrobat_reader 17.011.30066
Adobe acrobat_dc 17.009.20058
Adobe acrobat_dc 15.009.20069
Adobe acrobat_reader_dc 15.010.20059
Adobe acrobat_dc 17.012.20095
Adobe acrobat_dc 15.006.30198
Adobe acrobat_dc 15.006.30173
Adobe acrobat_reader_dc 15.016.20045
Adobe acrobat_dc 15.010.20059
Adobe acrobat_dc 15.017.20050
Adobe acrobat 17.011.30065
Adobe acrobat_dc 15.016.20041
Adobe acrobat_dc 15.006.30280
Adobe acrobat_reader_dc 15.016.20041
Adobe acrobat_reader_dc 17.012.20093

HTTP:MISC:DISKPULSE-SERVER-BO - HTTP: Disk Pulse Enterprise Server HttpParser Buffer Overflow

Severity: HIGH

Description:

This signature attempts to detect buffer overflow vulnerability in the web server component of Disk Pulse Enterprise Server. Successful exploitation allows the attacker to execute arbitrary code in the security context of system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

HTTP:EK-MULTIPLE-FLASH - HTTP: Multiple Exploit Kit Flash File Download

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

APP:MISC:BIGANT-DDNF-BO - APP: BigAnt Server DDNF Request Stack Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the BigAnt Server. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Supported On:

HTTP:STC:DL:EMF-IMG-FILE-RCE - HTTP: Microsoft Windows Graphic Component EMF Image File Processing Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful exploit can lead to remote code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2015-1645
bugtraq: 74008

Affected Products:

Microsoft windows_7 *
Microsoft windows_vista *
Microsoft windows_server_2008 *
Microsoft windows_server_2003 *
Microsoft windows_server_2008 r2

HTTP:MISC:MCAFFEE-SRV-HDR - HTTP: McAfee Server Header Overflow

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against several McAfee system security management products. It is due to improper boundary checks when parsing HTTP request header fields. A successful unauthenticated remote attacker can execute arbitrary code with System level privileges.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

Affected Products:

Mcafee epolicy_orchestrator 1.0.0
Mcafee epolicy_orchestrator 3.5
Mcafee epolicy_orchestrator 2.0.0
Mcafee epolicy_orchestrator 2.5.0
Mcafee epolicy_orchestrator 3.5 patch 5
Mcafee epolicy_orchestrator 1.1.0
Mcafee protectionpilot 1.1.1
Mcafee protectionpilot 1.1.0
Mcafee epolicy_orchestrator 2.5.0 SP1
Mcafee epolicy_orchestrator 2.5.1
Mcafee epolicy_orchestrator 3.0.0
Mcafee epolicy_orchestrator 3.0.0 SP2a
Mcafee protectionpilot 1.1.1 patch 2

HTTP:STC:DL:WMF-HEAPOF - HTTP: Windows Metafile Heap Overflow

Severity: HIGH

Description:

This signature detects metafiles that contain invalid size information being sent over HTTP. Attackers can use Windows Metafiles and Enhanced Metafiles to exploit vulnerabilities in the Windows Graphical Device Interface. Metafiles can appear as an attachment or link within an e-mail message; the target user must activate the metafile for the exploit to occur. If the exploit is successful, attackers can deposit instructions or arbitrary code on a target system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2004-0209
url: http://www.internetfixes.com/file_ext.htm
bugtraq: 11375

Affected Products:

Microsoft windows_xp_professional
Microsoft windows_xp_home
Microsoft windows_2000_datacenter_server
Microsoft windows_2000_professional SP3
Microsoft windows_2000_server SP3
Microsoft windows_2000_advanced_server SP3
Microsoft windows_xp_64-bit_edition
Microsoft windows_2000_datacenter_server SP3
Microsoft windows_xp_64-bit_edition SP1
Avaya definityone_media_servers R10
Microsoft windows_2000_datacenter_server SP1
Avaya ip600_media_servers R12
Avaya ip600_media_servers R10
Avaya s8100_media_servers R10
Avaya s8100_media_servers R12
Avaya s8100_media_servers R11
Avaya definityone_media_servers R11
Avaya ip600_media_servers R11
Avaya ip600_media_servers R9
Avaya ip600_media_servers R8
Avaya ip600_media_servers R7
Avaya ip600_media_servers R6
Avaya definityone_media_servers R6
Microsoft windows_2000_professional
Avaya definityone_media_servers R8
Avaya definityone_media_servers R9
Avaya definityone_media_servers R7
Avaya s8100_media_servers R8
Microsoft windows_2000_advanced_server
Microsoft windows_2000_advanced_server SP1
Microsoft windows_2000_advanced_server SP4
Microsoft windows_2000_datacenter_server SP4
Microsoft windows_2000_professional SP4
Microsoft windows_2000_server SP4
Microsoft windows_xp_64-bit_edition_version_2003
Microsoft windows_xp_media_center_edition
Microsoft windows_2000_server
Microsoft windows_xp_home SP1
Microsoft windows_2000_professional SP1
Avaya s8100_media_servers R7
Avaya s8100_media_servers R6
Microsoft windows_server_2003_standard_x64_edition
Microsoft windows_server_2003_enterprise_x64_edition
Microsoft windows_xp_professional SP1
Microsoft windows_2000_server SP1
Microsoft windows_server_2003_datacenter_x64_edition
Avaya definityone_media_servers R12
Microsoft windows_2000_server SP2
Avaya modular_messaging_(mss) 1.1.0
Microsoft windows_2000_advanced_server SP2
Microsoft windows_2000_datacenter_server SP2
Microsoft windows_2000_professional SP2
Avaya modular_messaging_(mss) 2.0.0
Avaya s3400_message_application_server
Avaya s8100_media_servers R9
Avaya s8100_media_servers
Avaya definityone_media_servers
Avaya ip600_media_servers
Microsoft windows_xp_64-bit_edition_version_2003 SP1
Microsoft windows_xp_media_center_edition SP1

HTTP:FLEXENSE-VX-SEARCH-BO - HTTP: Flexense VX Search Enterprise add_command Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the web server component of VX Search Enterprise. Successful exploitation allows the attacker to execute arbitrary code under the security context of SYSTEM.

Supported On:

APP:NOVELL:GROUPWISE-ADDRESS - APP: Novell GroupWise Addressbook Heap Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Novell Groupware Client. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=37&Itemid=37
bugtraq: 52233
cve: CVE-2011-4189

Affected Products:

Novell groupwise_8.0
Novell groupwise_8.02hp3

APP:TMIC:OFFICESCAN-PW-OF - APP: Trend Micro OfficeScan Password Data Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Trend Micro OfficeScan. A successful attack can allow the attacker to execute arbitrary code with the privileges of the user running the application.

Supported On:

References:

bugtraq: 28020
cve: CVE-2008-1365
url: http://www.securityfocus.com/archive/1/20080227203019.061547bd.aluigi@autistici.org

Affected Products:

Trend_micro officescan_corporate_edition 8.0
Trend_micro officescan_corporate_edition 5.5.0
Trend_micro officescan_corporate_edition 3.5.0
Trend_micro officescan_corporate_edition 6.5.0
Trend_micro officescan_corporate_edition 8.0 Patch 2 Build 1189
Trend_micro officescan_corporate_edition 7.3 Build 1314
Trend_micro officescan_corporate_edition 6.0
Trend_micro officescan_corporate_edition 3.54.0
Trend_micro officescan_corporate_edition 8.0.patch build 1042
Trend_micro officescan_corporate_edition 7.0
Trend_micro officescan_corporate_edition 6.5
Trend_micro officescan_corporate_edition 3.0.0
Trend_micro officescan_corporate_edition 3.11.0
Trend_micro officescan_corporate_edition 3.13.0
Trend_micro officescan_corporate_edition 7.3
Trend_micro officescan_corporate_edition 7.0.0
Trend_micro officescan_corporate_edition 5.0.0 2
Trend_micro officescan_corporate_edition 5.58.0

HTTP:EK-FLASH-DWNLD - Multiple exploit kit flash file download

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

HTTP:EK-REDKIT-LP2 - HTTP: Redkit Exploit Kit Landing Page 2

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:EK-UNIX-BACKDOOR-CDORKED - HTTP: Unix Backdoor Cdorked Blackhole Request Attempt

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:EK-COTTONCASTLE-FLASH-OC - HTTP: CottonCastle Exploit Kit Flash Outbound Connection

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:EK-COTTONCASTLE-JAVA-OC - HTTP: CottonCastle Exploit Kit Java Outbound Connection

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:STC:DL:MS-GDI-EMF - HTTP: Microsoft GDI+ EMF+ Integer Wrap Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft GDI+. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2011-0041
bugtraq: 47250

Affected Products:

Microsoft windows_xp_professional
Microsoft windows_xp_home
Microsoft windows_xp Gold Professional
Microsoft windows_vista_business_64-bit_edition SP2
Microsoft windows_xp_embedded
Microsoft windows_xp_embedded SP1
Microsoft windows_vista_home_basic_64-bit_edition SP2
Microsoft windows_vista Home Basic SP2
Microsoft windows_vista_home_premium_64-bit_edition SP2
Microsoft windows_vista Home Premium SP2
Microsoft windows_vista SP2
Microsoft windows_vista_ultimate_64-bit_edition SP2
Microsoft windows_server_2008_standard_edition X64
Microsoft windows_vista_x64_edition SP2
Microsoft windows_server_2008_datacenter_edition SP2
Microsoft windows_server_2008_enterprise_edition SP2
Microsoft windows_server_2008_standard_edition SP2
Microsoft windows_server_2008_for_32-bit_systems SP2
Microsoft windows_server_2008_for_itanium-based_systems SP2
Microsoft windows_server_2008_for_x64-based_systems SP2
Microsoft windows_vista_home_basic_64-bit_edition SP1
Microsoft windows_server_2008_standard_edition - Gold Standard
Microsoft windows_server_2003_x64 SP2
Avaya meeting_exchange 5.0.0.0.52
Microsoft windows_vista_enterprise_64-bit_edition SP2
Microsoft windows_server_2008_standard_edition - Gold Itanium
Microsoft windows_server_2008_datacenter_edition
Microsoft windows_server_2008_enterprise_edition
Microsoft windows_server_2008_standard_edition
Microsoft windows_vista Home Basic SP1
Microsoft windows_vista Home Premium SP1
Microsoft windows_vista Ultimate SP1
Microsoft windows_vista_business_64-bit_edition SP1
Microsoft windows_vista_enterprise_64-bit_edition SP1
Microsoft windows_server_2008_standard_edition - Gold Web
Microsoft windows_vista_home_premium_64-bit_edition SP1
Microsoft windows_vista_ultimate_64-bit_edition SP1
Microsoft windows_server_2003_x64 SP1
Avaya aura_conferencing 6.0 Standard
Microsoft windows_server_2003_enterprise_edition_itanium SP2
Microsoft windows_server_2003_enterprise_edition_itanium Sp2 Itanium
Microsoft windows_vista_home_basic_64-bit_edition Sp1 X64
Microsoft windows_vista_home_basic_64-bit_edition Sp2 X64
Microsoft windows_vista_x64_edition
Microsoft windows_xp_professional_x64_edition SP2
Microsoft windows_server_2003_itanium
Microsoft windows_server_2003_itanium SP1
Microsoft windows_server_2003_itanium SP2
Microsoft windows_server_2003_datacenter_x64_edition SP2
Microsoft windows_server_2003_enterprise_x64_edition SP2
Microsoft windows_server_2003_standard_edition SP2
Microsoft windows_xp_tablet_pc_edition SP1
Avaya meeting_exchange 5.2
Avaya callpilot 4.0
Avaya callpilot 5.0
Avaya communication_server_1000_telephony_manager 3.0
Avaya communication_server_1000_telephony_manager 4.0
Microsoft windows_server_2008_standard_edition - Gold Datacenter
Microsoft office_xp
Microsoft windows_server_2008_standard_edition - Gold
Avaya meeting_exchange 5.0 SP1
Avaya meeting_exchange 5.0 SP2
Avaya meeting_exchange 5.1 SP1
Microsoft windows_server_2008_standard_edition - Sp2 Hpc
Microsoft windows_xp_media_center_edition
Microsoft windows_xp_tablet_pc_edition
Microsoft windows_vista_x64_edition SP1
Microsoft windows_xp Gold Tablet Pc
Microsoft windows_xp_home SP1
Microsoft windows_xp_professional SP1
Microsoft windows_xp_tablet_pc_edition SP3
Microsoft windows_xp_professional SP3
Microsoft windows_xp_media_center_edition SP3
Microsoft windows_xp_home SP3
Microsoft windows_server_2003_datacenter_edition SP1
Microsoft windows_server_2003_datacenter_edition_itanium SP1
Microsoft windows_server_2003_enterprise_edition_itanium SP1
Microsoft windows_server_2003_enterprise_edition SP1
Microsoft windows_server_2003_standard_edition SP1
Microsoft windows_server_2003_enterprise_edition
Microsoft windows_server_2003_datacenter_edition
Microsoft windows_server_2003_enterprise_edition_itanium
Microsoft windows_server_2003_datacenter_edition_itanium
Microsoft windows_xp_service_pack_3
Microsoft windows_xp_media_center_edition SP1
Microsoft office_xp SP2
Microsoft windows_server_2008_standard_edition - Gold Storage
Microsoft windows_server_2008_standard_edition - Sp2 Web
Microsoft windows_server_2008_for_x64-based_systems R2
Microsoft windows_server_2008_for_itanium-based_systems R2
Microsoft windows_xp_tablet_pc_edition SP2
Avaya aura_conferencing 6.0 SP1 Standard
Microsoft windows_xp_embedded SP2
Microsoft windows_xp_embedded SP3
Microsoft windows_xp Gold Media Center
Microsoft office_xp SP1
Avaya meeting_exchange-client_registration_server
Avaya meeting_exchange-recording_server
Avaya meeting_exchange-streaming_server
Avaya meeting_exchange-web_conferencing_server
Avaya meeting_exchange-webportal
Microsoft windows_server_2003_datacenter_edition SP1 Beta 1
Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
Microsoft windows_server_2003_enterprise_edition_itanium SP1 Beta 1
Microsoft windows_server_2003_enterprise_edition SP1 Beta 1
Microsoft windows_server_2003 SP1
Microsoft windows_server_2003 SP2
Microsoft windows_xp_gold
Microsoft windows_vista Ultimate SP2
Microsoft windows_server_2008_standard_edition - Sp2 Storage
Microsoft windows_xp_home SP2
Microsoft windows_xp_professional SP2
Avaya meeting_exchange 5.2 SP1
Microsoft windows_xp_media_center_edition SP2
Microsoft windows_vista SP1
Microsoft windows_server_2008_standard_edition - Gold Hpc
Microsoft office_xp SP3
Avaya meeting_exchange 5.0
Microsoft windows_server_2008_standard_edition Itanium
Microsoft windows_vista Ultimate
Microsoft windows_vista Home Premium
Microsoft windows_vista Home Basic
Microsoft windows_vista Enterprise
Microsoft windows_server_2003_standard_edition
Microsoft windows_server_2008_standard_edition - Gold Enterprise
Microsoft windows_xp
Avaya messaging_application_server 4
Avaya messaging_application_server 5
Avaya meeting_exchange 5.1
Microsoft windows_server_2003_enterprise_x64_edition
Microsoft windows_server_2003_datacenter_x64_edition
Microsoft windows_xp_professional_x64_edition
Microsoft windows_vista_business_64-bit_edition
Microsoft windows_vista_enterprise_64-bit_edition
Microsoft windows_vista_home_basic_64-bit_edition
Microsoft windows_vista_home_premium_64-bit_edition
Microsoft windows_vista_ultimate_64-bit_edition
Microsoft windows_server_2008_standard_edition Release Candidate
Avaya meeting_exchange 5.2 SP2
Microsoft windows_server_2008_for_32-bit_systems
Microsoft windows_server_2008_for_x64-based_systems
Microsoft windows_server_2008_for_itanium-based_systems
Microsoft windows_xp Gold Embedded
Microsoft windows_xp

HTTP:EK-COTTONCASTLE-DECRYPT-OR - HTTP: CottonCastle Exploit Kit Decryption Page Outbound Request

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:EK-FLASHPACK-SAFE-CRITX - HTTP: Flashpack/Safe/CritX Exploit Kit Executable Download

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:EK-FLASHPACK-SAFE-JAR - HTTP: Flashpack/Safe/CritX Exploit Kit Jar File Download

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:EK-URI-MALREQ - HTTP: Exploit Kit URI Request For Known Malicious URI

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:EK-DOTKACHEF-MAL-CAMP - HTTP: DotkaChef/Rmayana/DotCache Exploit Kit Malvertising Campaign

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:NOVELL:IMANAGER-TOMCAT-BOF - HTTP: Novell iManager Tomcat Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the Novell iManager. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the daemon.

Supported On:

References:

bugtraq: 20841
cve: CVE-2006-4517
bugtraq: 40480
cve: CVE-2010-1929

Affected Products:

Novell imanager 1.5.0
Novell imanager 2.5.0
Novell imanager 2.0.2
Novell imanager 2.0.0

TROJAN:FILEENCODER-CNC - TROJAN: FileEncoder Variant Outbound Connection Detected

Severity: HIGH

Description:

This signature detects the Command and Control traffic for the Fileencoder trojan. The source IP host is infected and should be removed from the network for analysis.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1

HTTP:NUCLEAR-EK-BIN-DL - HTTP: Nuclear Pack Exploit Kit Binary Download

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

IMAP:IPSWITCH:DELETE-OF - IMAP: IPSwitch IMAP Server DELETE Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against IPSwitch IMAP server. Attackers can send an overly long delete command (DELETE), to overflow the buffer and take complete control of the server.

Supported On:

References:

bugtraq: 11675
url: http://www.ipswitch.com/Support/ICS/updates/im814hf1.html
url: http://esikker.dk/vul_15771.php
cve: CVE-2004-1520
cve: CVE-2005-1520

Affected Products:

Ipswitch imail 8.13.0

SMB:OF:MS-BROWSER-ELECT - SMB: Microsoft Windows BROWSER ELECTION Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known flaw in Microsoft Windows Browser Protocol Handler. It is due to a boundary error in the kernel component of the Windows Browsing service that is responsible for handling the incoming datagrams. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

url: http://www.microsoft.com/kb/2511455
cve: CVE-2011-0654
bugtraq: 46360
url: http://seclists.org/fulldisclosure/2011/Feb/285
url: http://www.kb.cert.org/vuls/id/323172

Affected Products:

Microsoft windows_2003_server (r2)
Microsoft windows_2003_server (r2:x64)
Microsoft windows_server_2003 (sp2:itanium)
Microsoft windows_2003_server (sp2)
Microsoft windows_server_2003 (sp2:x64)
Microsoft windows_server_2003 (sp2)
Microsoft windows_server_2003 (:x64)
Microsoft windows_2003_server (sp2:itanium)

HTTP:MISC:SUPERMICRO-LOGIN-BO - HTTP: SuperMicro IPMI login.cgi Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Supermicro IPMI. A successful attack can lead to remote code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2013-3621

HTTP:MISC:BLUECOAT-HOST-HDR-OF - HTTP: Blue Coat Host Header Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Blue Coat proxy appliance. Blue Coat Reporter 7.1.1.1 and earlier might be vulnerable. Attackers can craft a malicious HTTP request, which might allow them to gain control of the affected system with elevated privileges.

Supported On:

References:

url: http://securitytracker.com/alerts/2006/Jan/1015441.html
bugtraq: 16147
cve: CVE-2005-4085
url: http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html

Affected Products:

Blue_coat_systems webproxy 6.0.0
Blue_coat_systems proxyav Null

HTTP:CRITX-EK-JAVA-DL - HTTP: CritX Exploit Kit Java Exploit Download Attempt

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:EK-ANGLER-JAVA-REQ - HTTP: Angler Exploit Kit Outbound Oracle Java Request

Severity: HIGH

Description:

Supported On:

HTTP:EK-HELLSPAWN-JAVA-REQ - HTTP: Hellspawn Exploit Kit Outbound Oracle Java Jar Request

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:CRITX-EK-PE-DL - HTTP: CritX Exploit Kit Portable Executable Download

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:JDB-EK-LANDPAGE - HTTP: JDB Exploit Kit Landing Page Retrieval

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:EK-ANGLER-RELAY-TRAFFIC - HTTP: Angler Exploit Kit Relay Traffic Detected1

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

HTTP:MULTI-EK-32ALPHA-REQ - HTTP: Multiple Exploit Kit 32 Alpha JAR Request

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

HTTP:JAVAUA-PE-DL-EK - HTTP: Java UA PE Download Exploit Kit Behavior

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

HTTP:STC:STREAM:GDI-WMF-HEADER - HTTP: Microsoft Windows GDI WMF File HeaderSize Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Graphic Component. A successful exploit can lead to buffer overflow and remote code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 32634
cve: CVE-2008-2249

Affected Products:

Microsoft windows_xp_media_center_edition SP2
Microsoft windows_server_2003_standard_edition SP2
Microsoft windows_vista Enterprise SP1
Microsoft windows_server_2003_standard_edition SP1
Microsoft windows_vista_x64_edition
Microsoft windows_vista Ultimate SP1
Microsoft windows_xp_professional SP3
Microsoft windows_server_2003_web_edition SP2
Microsoft windows_server_2003_enterprise_edition SP1
Microsoft windows_server_2003_web_edition SP1
Nortel_networks contact_center_ncc
Microsoft windows_xp_tablet_pc_edition SP2
Microsoft windows_server_2003_enterprise_x64_edition SP2
Nortel_networks self-service_peri_workstation
Nortel_networks self-service_wvads
Microsoft windows_vista_home_basic_64-bit_edition SP1
Microsoft windows_2000_advanced_server SP4
Nortel_networks self-service_mps_100
Microsoft windows_2000_professional SP4
Microsoft windows_2000_server SP4
Nortel_networks self-service_speech_server
Nortel_networks callpilot 1005R
Nortel_networks callpilot 600R
Nortel_networks contact_center-tapi_server
Nortel_networks contact_center_express
Microsoft windows_vista_home_premium_64-bit_edition
Nortel_networks callpilot 703T
Nortel_networks contact_center_manager_server
Microsoft windows_vista Home Basic
Microsoft windows_vista Business
Microsoft windows_vista Enterprise
Microsoft windows_server_2003 SP1
Microsoft windows_vista Home Premium
Microsoft windows_vista_business_64-bit_edition
Nortel_networks self-service_peri_application
Hp storage_management_appliance 2.1
Microsoft windows_vista_x64_edition SP1
Microsoft windows_server_2003_datacenter_x64_edition SP2
Microsoft windows_server_2008_datacenter_edition
Nortel_networks self-service-ccss7
Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
Microsoft windows_server_2003_enterprise_x64_edition
Nortel_networks contact_center_manager
Nortel_networks self-service_ccxml
Nortel_networks self_service_voicexml
Microsoft windows_xp_professional_x64_edition
Microsoft windows_xp_media_center_edition SP3
Microsoft windows_xp_home SP3
Microsoft windows_xp_tablet_pc_edition SP3
Microsoft windows_vista Business SP1
Microsoft windows_vista Home Basic SP1
Nortel_networks callpilot 201I
Microsoft windows_vista_enterprise_64-bit_edition
Microsoft windows_vista_home_basic_64-bit_edition
Microsoft windows_vista_business_64-bit_edition SP1
Microsoft windows_2000_datacenter_server SP4
Microsoft windows_vista_ultimate_64-bit_edition
Microsoft windows_vista_home_premium_64-bit_edition SP1
Microsoft windows_vista_ultimate_64-bit_edition SP1
Nortel_networks callpilot 1002Rp
Nortel_networks self-service_mps_500
Microsoft windows_server_2003 SP2
Microsoft windows_xp_professional SP2
Microsoft windows_server_2003_standard_x64_edition
Nortel_networks self-service_mps_1000
Microsoft windows_vista_enterprise_64-bit_edition SP1
Microsoft windows_server_2008_enterprise_edition
Nortel_networks symposium_agent
Microsoft windows_server_2003_datacenter_x64_edition
Microsoft windows_server_2008_standard_edition
Microsoft windows_vista Home Premium SP1
Microsoft windows_xp_professional_x64_edition SP2
Microsoft windows_server_2003_itanium SP1
Microsoft windows_server_2003_itanium SP2
Microsoft windows_server_2003_datacenter_edition SP1
Microsoft windows_server_2008_for_32-bit_systems
Microsoft windows_server_2008_for_x64-based_systems
Microsoft windows_server_2008_for_itanium-based_systems
Microsoft windows_xp_home SP2
Microsoft windows_server_2003_x64 SP2
Microsoft windows_vista Ultimate
Microsoft windows_server_2003_enterprise_edition_itanium SP1

HTTP:ABB-PANEL-BLDR-BO - HTTP: ABB Panel Builder 800 Comli CommandLineOptions Stack-based Buffer Overflow

Severity: HIGH

Description:

This signature detects attempt to exploit a stack-based buffer overflow exists in ABB Panel Builder 800. A remote attacker could exploit this vulnerability by enticing a target user into opening a maliciously crafted project file, or a web page. Successful exploitation could result in arbitrary code execution in the context of the target user.

Supported On:

References:

cve: CVE-2018-10616

Affected Products:

Abb panel_builder_800 -

HTTP:EK-ANGLER-LP-2 - HTTP: Angler Exploit Kit Landing Page2

Severity: HIGH

Description:

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

SMB:CVE-2017-11885-RCE - SMB: Windows CVE-2017-11885 Remote Code Execution

Severity: HIGH

Description:

Signature attempts to capture An Arbitrary Pointer Dereference vulnerability in Windows systems. Successful exploitation of this vulnerability can achieve Remote Code Execution.

Supported On:

References:

cve: CVE-2017-11885

Affected Products:

Microsoft windows_8.1 *
Microsoft windows_rt_8.1 -
Microsoft windows_10 1607
Microsoft windows_10 1511
Microsoft windows_server_2016 1709
Microsoft windows_server_2008 r2
Microsoft windows_server_2012 -
Microsoft windows_10 1709
Microsoft windows_7 -
Microsoft windows_10 -
Microsoft windows_10 1703
Microsoft windows_server_2016 -
Microsoft windows_server_2008 -
Microsoft windows_server_2012 r2

HTTP:NOVELL:REPORTER-AGENT - HTTP: Novell File Reporter Agent XML Parsing Remote Code Execution

Severity: CRITICAL

Description:

This signature detects attempts to exploit a known vulnerability against Novell File Reporter Agent. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

url: https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959
cve: CVE-2012-4959
bugtraq: 56579
cve: CVE-2012-4956
cve: CVE-2012-4958

Affected Products:

Novell file_reporter 1.0.2

MS-RPC:OF:ADVANTECH-WEB-SCADA - MS-RPC: Advantech WebAccess SCADA bwnodeip Stack-based Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in the webvrpcs service of Advantech WebAccess. The vulnerability is due to a lack of boundary checks while copying user-supplied data into a stack-based buffer within BwNodeIP.exe. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted RPC request to the target server. Successful exploitation could lead to arbitrary code execution under context of Administrator.

Supported On:

References:

cve: CVE-2018-14816

Affected Products:

Advantech webaccess 8.3.1

HTTP:STC:GNU-LIBEXTRACTOR-OOB - HTTP: GNU Libextractor ZIP File Comment Out-of-Bounds Read

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Libextractor. The vulnerability is due to improper handling of long File Comment fields within ZIP files. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to open a maliciously crafted file using Libextractor. Successful exploitation of this vulnerability could lead to denial-of-service conditions or, in the worst case, disclosure of sensitive information.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1

References:

cve: CVE-2018-16430

Affected Products:

Debian debian_linux 8.0
Debian debian_linux 9.0
Gnu libextractor 1.7

HTTP:STC:DL:VISIO-VSD-MEM - HTTP: Microsoft Visio VSD File Format Memory Corruption Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Microsoft Visio. A successful attack can lead to arbitrary code execution.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 53328
cve: CVE-2012-0018

Affected Products:

Microsoft visio_viewer_2010_(32-bit_edition) SP1
Microsoft visio_viewer_2010_(64-bit_edition)
Microsoft visio_viewer_2010_(64-bit_edition) SP1
Microsoft visio_viewer_2010_(32-bit_edition)

HTTP:STC:DL:MAL-MEDIA-RCE - HTTP: Malformed Media Files Processing Remote Code Execution

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability against Malformed Media File. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 23568
bugtraq: 18507
bugtraq: 45221
cve: CVE-2008-4927
cve: CVE-2009-3201
cve: CVE-2006-3228
cve: CVE-2008-5745
bugtraq: 38733
bugtraq: 47088
bugtraq: 26804
bugtraq: 47084
bugtraq: 38837
bugtraq: 22938
cve: CVE-2007-1492
cve: CVE-2007-3895
cve: CVE-2010-1042
cve: CVE-2010-0718
bugtraq: 39489
cve: CVE-2007-2180

Affected Products:

Nullsoft winamp 5.3

HTTP:EK-STYX-LP-3 - HTTP: Styx Exploit Kit Landing Page 3

Severity: HIGH

Description:

Supported On:

SMTP:OVERFLOW:NTLM-AUTH-OF - SMTP: MailEnable NTLM Authentication Buffer Overflow

Severity: HIGH

Description:

This signature detects attempts to exploit a known vulnerability in MailEnable's SMTP NTLM authentication. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Supported On:

idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1

References:

bugtraq: 20290
cve: CVE-2006-5176
cve: CVE-2006-5177

Affected Products:

Mailenable mailenable_professional 2.351
Mailenable mailenable_enterprise_edition 2.0
Mailenable mailenable_professional 2.0
Mailenable mailenable_enterprise_edition 2.33
Mailenable mailenable_professional 2.34
Mailenable mailenable_professional 2.35
Mailenable mailenable_enterprise_edition 2.35
Mailenable mailenable_enterprise_edition 2.34
Mailenable mailenable_professional 2.32
Mailenable mailenable_enterprise_edition 2.32
Mailenable mailenable_professional 2.33