[***] Results from Oinkmaster started Thu Apr 14 20:00:04 2005 [***]
[+++] Added rules: [+++]
2001847 - BLEEDING-EDGE WORM pictures.php MSN Worm URL Attempt
(bleeding-virus.rules)
2001848 - BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack
(bleeding-exploit.rules)
2001849 - BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack
(bleeding-exploit.rules)
[///] Modified active rules: [///]
2000004 - BLEEDING-EDGE EXPLOIT Microsoft MHTML URL Redirection Attempt
(bleeding-exploit.rules)
2000005 - BLEEDING-EDGE EXPLOIT Cisco Telnet Buffer Overflow
(bleeding-exploit.rules)
2000006 - BLEEDING-EDGE DOS Cisco Router HTTP DoS (bleeding-dos.rules)
2000007 - BLEEDING-EDGE EXPLOIT Catalyst SSH protocol mismatch
(bleeding-exploit.rules)
2000008 - BLEEDING-EDGE EXPLOIT Catalyst 3500 arbitrary command
(bleeding-exploit.rules)
2000009 - BLEEDING-EDGE EXPLOIT Cisco IOS HTTP DoS (bleeding-exploit.rules)
2000010 - BLEEDING-EDGE DOS Cisco 514 UDP flood DoS (bleeding-dos.rules)
2000012 - BLEEDING-EDGE EXPLOIT Cisco %u IDS evasion (bleeding-exploit.rules)
2000013 - BLEEDING-EDGE EXPLOIT Cisco IOS HTTP server DoS
(bleeding-exploit.rules)
2000016 - BLEEDING-EDGE DOS SSL Bomb DoS Attempt (bleeding-dos.rules)
2000017 - BLEEDING-EDGE EXPLOIT NII Microsoft ASN.1 Library Buffer Overflow
Exploit (bleeding-exploit.rules)
2000031 - BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target BSD)
(bleeding-exploit.rules)
2000032 - BLEEDING-EDGE EXPLOIT LSA exploit (bleeding-exploit.rules)
2000033 - BLEEDING-EDGE EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP)
(bleeding-exploit.rules)
2000046 - BLEEDING-EDGE EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k)
(bleeding-exploit.rules)
2000048 - BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target
Linux) (bleeding-exploit.rules)
2000049 - BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target
Solaris) (bleeding-exploit.rules)
2000329 - BLEEDING-EDGE EXPLOIT mIRC <=6.12 DCC Buffer Overflow
(bleeding-exploit.rules)
2000342 - BLEEDING-EDGE EXPLOIT Squid NTLM Auth Overflow Exploit
(bleeding-exploit.rules)
2000345 - BLEEDING-EDGE ATTACK RESPONSE IRC - Nick change on non-std port
(bleeding-attack_response.rules)
2000346 - BLEEDING-EDGE ATTACK RESPONSE IRC - Name response on non-std port
(bleeding-attack_response.rules)
2000347 - BLEEDING-EDGE ATTACK RESPONSE IRC - Private message on non-std port
(bleeding-attack_response.rules)
2000348 - BLEEDING-EDGE ATTACK RESPONSE IRC - Channel JOIN on non-std port
(bleeding-attack_response.rules)
2000349 - BLEEDING-EDGE ATTACK RESPONSE IRC - DCC file transfer request on
non-std port (bleeding-attack_response.rules)
2000350 - BLEEDING-EDGE ATTACK RESPONSE IRC - DCC chat request on non-std port
(bleeding-attack_response.rules)
2000351 - BLEEDING-EDGE ATTACK RESPONSE IRC - channel join on non-std port
(bleeding-attack_response.rules)
2000352 - BLEEDING-EDGE ATTACK RESPONSE IRC - dns request on non-std port
(bleeding-attack_response.rules)
2000372 - BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection running SQL statements
line comment (bleeding-exploit.rules)
2000373 - BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection line comment
(bleeding-exploit.rules)
2000377 - BLEEDING-EDGE EXPLOIT MS-SQL heap overflow attempt
(bleeding-exploit.rules)
2000378 - BLEEDING-EDGE EXPLOIT MS-SQL DOS attempt (08)
(bleeding-exploit.rules)
2000379 - BLEEDING-EDGE EXPLOIT MS-SQL DOS attempt (08) 1 byte
(bleeding-exploit.rules)
2000380 - BLEEDING-EDGE EXPLOIT MS-SQL Spike buffer overflow
(bleeding-exploit.rules)
2000381 - BLEEDING-EDGE EXPLOIT MS-SQL DOS bouncing packets
(bleeding-exploit.rules)
2000488 - BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection closing string plus line
comment (bleeding-exploit.rules)
2000499 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM1
(bleeding-attack_response.rules)
2000500 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM2
(bleeding-attack_response.rules)
2000501 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM3
(bleeding-attack_response.rules)
2000502 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM4
(bleeding-attack_response.rules)
2000503 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT1
(bleeding-attack_response.rules)
2000504 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT2
(bleeding-attack_response.rules)
2000505 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT3
(bleeding-attack_response.rules)
2000506 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT4
(bleeding-attack_response.rules)
2000507 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access AUX
(bleeding-attack_response.rules)
2000508 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access NULL
(bleeding-attack_response.rules)
2000563 - BLEEDING-EDGE EXPLOIT Pwdump3e Password Hash Retrieval port 445
(bleeding-exploit.rules)
2000564 - BLEEDING-EDGE EXPLOIT Pwdump3e pwservice.exe Access port 445
(bleeding-exploit.rules)
2000565 - BLEEDING-EDGE EXPLOIT Pwdump3e Session Established Reg-Entry port
139 (bleeding-exploit.rules)
2000566 - BLEEDING-EDGE EXPLOIT Pwdump3e Session Established Reg-Entry port
445 (bleeding-exploit.rules)
2000567 - BLEEDING-EDGE EXPLOIT Pwdump3e pwservice.exe Access port 139
(bleeding-exploit.rules)
2000568 - BLEEDING-EDGE EXPLOIT Pwdump3e Password Hash Retrieval port 139
(bleeding-exploit.rules)
2001022 - BLEEDING-EDGE EXPLOIT Invalid non-fragmented packet with fragment
offset>0 (bleeding-exploit.rules)
2001023 - BLEEDING-EDGE EXPLOIT Invalid fragment - ACK reset
(bleeding-exploit.rules)
2001024 - BLEEDING-EDGE EXPLOIT Invalid fragment - illegal flags
(bleeding-exploit.rules)
2001048 - BLEEDING-EDGE EXPLOIT IE process injection iexplore.exe executable
download (bleeding-exploit.rules)
2001049 - BLEEDING-EDGE EXPLOIT Buffer Overflow Exploit in Adobe Acrobat
Reader (bleeding-exploit.rules)
2001058 - BLEEDING-EDGE EXPLOIT libpng tRNS overflow attempt
(bleeding-exploit.rules)
2001093 - BLEEDING-EDGE EXPLOIT IE Local zone Shell execution of arbitrary
code (bleeding-exploit.rules)
2001094 - BLEEDING-EDGE EXPLOIT Internet Explorer URL parsing vulnerability
(bleeding-exploit.rules)
2001095 - BLEEDING-EDGE EXPLOIT IFRAME ExecCommand vulnerability
(bleeding-exploit.rules)
2001097 - BLEEDING-EDGE EXPLOIT Internet Explorer Object Data Remote Execution
Vulnerability (bleeding-exploit.rules)
2001099 - BLEEDING-EDGE EXPLOIT Attempt to execute VBScript code
(bleeding-exploit.rules)
2001101 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute Javascript code
(bleeding-exploit.rules)
2001102 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute VBScript code
(bleeding-exploit.rules)
2001103 - BLEEDING-EDGE EXPLOIT Stealth attempt to access SHELL\:
(bleeding-exploit.rules)
2001105 - BLEEDING-EDGE EXPLOIT Javascript execution with expression eval
(bleeding-exploit.rules)
2001106 - BLEEDING-EDGE EXPLOIT Javascript execution with expression eval hex
(bleeding-exploit.rules)
2001181 - BLEEDING-EDGE EXPLOIT Internet Explorer Plugin.ocx Heap Overflow
(bleeding-exploit.rules)
2001182 - BLEEDING-EDGE EXPLOIT IE trojan Ants3set 1.exe - process injection
(bleeding-exploit.rules)
2001190 - BLEEDING-EDGE EXPLOIT libPNG - Possible NULL-pointer crash in
png_handle_iCCP (bleeding-exploit.rules)
2001191 - BLEEDING-EDGE EXPLOIT libPNG - Width exceeds limit
(bleeding-exploit.rules)
2001192 - BLEEDING-EDGE EXPLOIT libPNG - Height exceeds limit
(bleeding-exploit.rules)
2001195 - BLEEDING-EDGE EXPLOIT libPNG - Possible integer overflow in
allocation in png_handle_sPLT (bleeding-exploit.rules)
2001205 - BLEEDING-EDGE DOS Internet Explorer Memory Corruption Bug
(bleeding-dos.rules)
2001206 - BLEEDING-EDGE EXPLOIT Mozilla Firefox Certificate Spoofing
(bleeding-exploit.rules)
2001207 - BLEEDING-EDGE EXPLOIT Mozilla Cookie theft (bleeding-exploit.rules)
2001209 - BLEEDING-EDGE EXPLOIT Mozilla FTP View Cross-Site Scripting
Vulnerability (bleeding-exploit.rules)
2001210 - BLEEDING-EDGE EXPLOIT FTP Serv-U Local Privilege Escalation
Vulnerability (bleeding-exploit.rules)
2001211 - BLEEDING-EDGE EXPLOIT FTP Serv-U directory traversal vulnerability
(bleeding-exploit.rules)
2001212 - BLEEDING-EDGE EXPLOIT FTP Serv-U directory traversal vulnerability
(bleeding-exploit.rules)
2001213 - BLEEDING-EDGE EXPLOIT FTP Serv-U LIST -l Parameter Buffer Overflow
(bleeding-exploit.rules)
2001215 - BLEEDING-EDGE EXPLOIT FTP Serv-U Server Long Filename Stack Overflow
Vulnerability (bleeding-exploit.rules)
2001217 - BLEEDING-EDGE EXPLOIT Adobe Acrobat Reader Malicious URL Null Byte
(bleeding-exploit.rules)
2001346 - BLEEDING-EDGE INAPROPRIATE Kiddy Porn preteen
(bleeding-inappropriate.rules)
2001347 - BLEEDING-EDGE INAPROPRIATE Kiddy Porn pre-teen
(bleeding-inappropriate.rules)
2001348 - BLEEDING-EDGE INAPROPRIATE Kiddy Porn early teen
(bleeding-inappropriate.rules)
2001349 - BLEEDING-EDGE INAPROPRIATE free XXX (bleeding-inappropriate.rules)
2001350 - BLEEDING-EDGE INAPROPRIATE hardcore anal
(bleeding-inappropriate.rules)
2001351 - BLEEDING-EDGE INAPROPRIATE masturbation
(bleeding-inappropriate.rules)
2001352 - BLEEDING-EDGE INAPROPRIATE ejaculation
(bleeding-inappropriate.rules)
2001353 - BLEEDING-EDGE INAPROPRIATE BDSM (bleeding-inappropriate.rules)
2001362 - BLEEDING-EDGE DOS MS04-030 Attempted DoS (bleeding-dos.rules)
2001363 - BLEEDING-EDGE EXPLOIT Possible MS04-032 Windows Metafile (.emf) Heap
Overflow Portbind Attempt (bleeding-exploit.rules)
2001364 - BLEEDING-EDGE EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow
Connectback Attempt (bleeding-exploit.rules)
2001366 - BLEEDING-EDGE DOS Possible Microsoft SQL Server Remote Denial Of
Service Attempt (bleeding-dos.rules)
2001369 - BLEEDING-EDGE EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow
Exploit (bleeding-exploit.rules)
2001374 - BLEEDING-EDGE EXPLOIT MS04-032 Bad EMF file (bleeding-exploit.rules)
2001385 - BLEEDING-EDGE EXPLOIT Possible ShixxNote buffer-overflow + remote
shell attempt (bleeding-exploit.rules)
2001392 - BLEEDING-EDGE INAPROPRIATE Sextracker Tracking Code Detected
(bleeding-inappropriate.rules)
2001393 - BLEEDING-EDGE INAPROPRIATE Sextracker Tracking Code Detected
(bleeding-inappropriate.rules)
2001401 - BLEEDING-EDGE EXPLOIT IE IFRAME Exploit (bleeding-exploit.rules)
2001545 - BLEEDING-EDGE ATTACK RESPONSE Potential root shell connection
detected! (bleeding-attack_response.rules)
2001549 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package
access exploit (bleeding-exploit.rules)
2001550 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package
access exploit (bleeding-exploit.rules)
2001551 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package
access exploit (bleeding-exploit.rules)
2001552 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package
access exploit (bleeding-exploit.rules)
2001608 - BLEEDING-EDGE INAPROPRIATE Likely Porn (bleeding-inappropriate.rules)
2001616 - BLEEDING-EDGE ATTACK RESPONSE Zone-H.org defacement notification
(bleeding-attack_response.rules)
2001620 - BLEEDING-EDGE ATTACK RESPONSE Likely Botnet Activity
(bleeding-attack_response.rules)
2001622 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 1
(bleeding-exploit.rules)
2001623 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 2
(bleeding-exploit.rules)
2001624 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 3
(bleeding-exploit.rules)
2001625 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL,
phase 1 (bleeding-exploit.rules)
2001626 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL,
phase 2 (bleeding-exploit.rules)
2001627 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL,
phase 3 (bleeding-exploit.rules)
2001628 - BLEEDING-EDGE ATTACK RESPONSE Outbound PHP Connection
(bleeding-attack_response.rules)
2001633 - BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise
(bleeding-exploit.rules)
2001634 - BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise
(bleeding-exploit.rules)
2001667 - BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in
(bleeding-exploit.rules)
2001668 - BLEEDING-EDGE EXPLOIT Exploit MS05-002 Malformed .ANI stack overflow
attack (bleeding-exploit.rules)
2001671 - BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in (to
blahot.com) (bleeding-exploit.rules)
2001718 - BLEEDING-EDGE EXPLOIT CAN-2004-1244 PNG with bad width
(bleeding-exploit.rules)
2001719 - BLEEDING-EDGE EXPLOIT CAN-2004-1244 PNG with bad height
(bleeding-exploit.rules)
2001720 - BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with indexed color
(bleeding-exploit.rules)
2001721 - BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with too big PLTE
(bleeding-exploit.rules)
2001722 - BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with too big hIST
(bleeding-exploit.rules)
2001723 - BLEEDING-EDGE EXPLOIT ATmaCA PoC for CORE-2004-0819 -- bad PNG
(bleeding-exploit.rules)
2001724 - BLEEDING-EDGE EXPLOIT libpng CAN-2004-1244 overflow attempt
(bleeding-exploit.rules)
2001725 - BLEEDING-EDGE EXPLOIT MS05-014 HTML OBJECT tag local zone exploit
(bleeding-exploit.rules)
2001727 - BLEEDING-EDGE EXPLOIT MS05-005 Office XP Remote Code Attempt
(bleeding-exploit.rules)
2001742 - BLEEDING-EDGE EXPLOIT Arkeia full remote access without password or
authentication (bleeding-exploit.rules)
2001751 - BLEEDING-EDGE EXPLOIT Shoutcast file request overflow
(bleeding-exploit.rules)
2001807 - BLEEDING-EDGE EXPLOIT EXPLOIT CAN-2005-0399 Gif Vuln via http
(bleeding-exploit.rules)
2001813 - BLEEDING-EDGE EXPLOIT MSIE Hidden Address Bar (Phish)
(bleeding-exploit.rules)
2001846 - BLEEDING-EDGE EXPLOIT [ISC] ICMP blind TCP reset DoS guessing
attempt (bleeding-exploit.rules)
[///] Modified inactive rules: [///]
2001208 - BLEEDING-EDGE EXPLOIT Reading Local Files in Netscape 6 and Mozilla
(bleeding-exploit.rules)
2001717 - BLEEDING-EDGE ATTACK RESPONSE Successful user connection AFTER Brute
Force Attack (bleeding-attack_response.rules)
[+++] Added non-rule lines: [+++]
-> Added to bleeding-attack_response.rules (1):
# Still doesn't work, but we hope to figure out a way in the future...
-> Added to bleeding-sid-msg.map (155):
2000004 || BLEEDING-EDGE EXPLOIT Microsoft MHTML URL Redirection
Attempt || url,www.microsoft.com/technet/security/bulletin/MS04-013.mspx ||
cve,CAN-2004-0380
2000005 || BLEEDING-EDGE EXPLOIT Cisco Telnet Buffer Overflow ||
url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
2000006 || BLEEDING-EDGE DOS Cisco Router HTTP DoS ||
url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
2000007 || BLEEDING-EDGE EXPLOIT Catalyst SSH protocol mismatch ||
url,www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml
2000008 || BLEEDING-EDGE EXPLOIT Catalyst 3500 arbitrary command ||
url,www.securityfocus.com/archive/1/141471
2000009 || BLEEDING-EDGE EXPLOIT Cisco IOS HTTP DoS ||
url,www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
2000010 || BLEEDING-EDGE DOS Cisco 514 UDP flood DoS ||
url,www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml
2000012 || BLEEDING-EDGE EXPLOIT Cisco %u IDS evasion
2000013 || BLEEDING-EDGE EXPLOIT Cisco IOS HTTP server DoS
2000016 || BLEEDING-EDGE DOS SSL Bomb DoS Attempt ||
url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx ||
cve,CAN-2004-0120
2000017 || BLEEDING-EDGE EXPLOIT NII Microsoft ASN.1 Library Buffer
Overflow Exploit || url,www.microsoft.com/technet/security/bulletin/ms04-007.asp
2000031 || BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt
(target BSD)
2000032 || BLEEDING-EDGE EXPLOIT LSA exploit
2000033 || BLEEDING-EDGE EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP)
2000046 || BLEEDING-EDGE EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k)
2000048 || BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt
(target Linux)
2000049 || BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt
(target Solaris)
2000329 || BLEEDING-EDGE EXPLOIT mIRC <=6.12 DCC Buffer Overflow ||
bugtraq,8880
2000342 || BLEEDING-EDGE EXPLOIT Squid NTLM Auth Overflow Exploit ||
cve,CAN-2004-0541 || url,www.idefense.com/application/poi/display?id=107
2000345 || BLEEDING-EDGE ATTACK RESPONSE IRC - Nick change on non-std
port
2000346 || BLEEDING-EDGE ATTACK RESPONSE IRC - Name response on non-std
port
2000347 || BLEEDING-EDGE ATTACK RESPONSE IRC - Private message on
non-std port
2000348 || BLEEDING-EDGE ATTACK RESPONSE IRC - Channel JOIN on non-std
port
2000349 || BLEEDING-EDGE ATTACK RESPONSE IRC - DCC file transfer
request on non-std port
2000350 || BLEEDING-EDGE ATTACK RESPONSE IRC - DCC chat request on
non-std port
2000351 || BLEEDING-EDGE ATTACK RESPONSE IRC - channel join on non-std
port
2000352 || BLEEDING-EDGE ATTACK RESPONSE IRC - dns request on non-std
port
2000372 || BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection running SQL
statements line comment ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000373 || BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection line comment ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000374 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection trying to guess
the column name ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000375 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or
wrong inputwith an OR ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000376 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection running SQL
statements NO line comment ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000377 || BLEEDING-EDGE EXPLOIT MS-SQL heap overflow attempt ||
url,www.nextgenss.com/papers/tp-SQL2000.pdf
2000378 || BLEEDING-EDGE EXPLOIT MS-SQL DOS attempt (08) ||
url,www.nextgenss.com/papers/tp-SQL2000.pdf
2000379 || BLEEDING-EDGE EXPLOIT MS-SQL DOS attempt (08) 1 byte ||
url,www.nextgenss.com/papers/tp-SQL2000.pdf
2000380 || BLEEDING-EDGE EXPLOIT MS-SQL Spike buffer overflow ||
url,www.securityfocus.com/bid/5411/exploit
2000381 || BLEEDING-EDGE EXPLOIT MS-SQL DOS bouncing packets ||
url,www.nextgenss.com/papers/tp-SQL2000.pdf
2000488 || BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection closing string
plus line comment ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000490 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or
wrong inputwith an OR 2 ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000491 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or
wrong inputwith an OR 3 ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000492 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or
wrong inputwith an OR 4 ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000493 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or
wrong inputwith an OR 5 ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000499 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory
access COM1
2000500 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory
access COM2
2000501 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory
access COM3
2000502 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory
access COM4
2000503 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory
access LPT1
2000504 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory
access LPT2
2000505 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory
access LPT3
2000506 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory
access LPT4
2000507 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory
access AUX
2000508 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory
access NULL
2000535 || BLEEDING-EDGE CUSTOM SCAN NMAP -sT or TCP incoming
connection || arachnids,162
2000539 || BLEEDING-EDGE CUSTOM SCAN NMAP -sA || arachnids,162
2000541 || BLEEDING-EDGE CUSTOM SCAN NMAP -sA || arachnids,162
2000542 || BLEEDING-EDGE CUSTOM SCAN NMAP -sU || arachnids,162
2000563 || BLEEDING-EDGE EXPLOIT Pwdump3e Password Hash Retrieval port
445
2000564 || BLEEDING-EDGE EXPLOIT Pwdump3e pwservice.exe Access port 445
2000565 || BLEEDING-EDGE EXPLOIT Pwdump3e Session Established Reg-Entry
port 139
2000566 || BLEEDING-EDGE EXPLOIT Pwdump3e Session Established Reg-Entry
port 445
2000567 || BLEEDING-EDGE EXPLOIT Pwdump3e pwservice.exe Access port 139
2000568 || BLEEDING-EDGE EXPLOIT Pwdump3e Password Hash Retrieval port
139
2001022 || BLEEDING-EDGE EXPLOIT Invalid non-fragmented packet with
fragment offset>0
2001023 || BLEEDING-EDGE EXPLOIT Invalid fragment - ACK reset
2001024 || BLEEDING-EDGE EXPLOIT Invalid fragment - illegal flags
2001048 || BLEEDING-EDGE EXPLOIT IE process injection iexplore.exe
executable download
2001049 || BLEEDING-EDGE EXPLOIT Buffer Overflow Exploit in Adobe
Acrobat Reader || url,www.securiteam.com/securitynews/5WP080AAKK.html
2001058 || BLEEDING-EDGE EXPLOIT libpng tRNS overflow attempt ||
cve,CAN-2004-0597
2001093 || BLEEDING-EDGE EXPLOIT IE Local zone Shell execution of
arbitrary code ||
url,www.securityfocus.com/archive/1/348688/2003-12-31/2004-01-06/0
2001094 || BLEEDING-EDGE EXPLOIT Internet Explorer URL parsing
vulnerability || url,www.securityfocus.com/archive/1/346948
2001095 || BLEEDING-EDGE EXPLOIT IFRAME ExecCommand vulnerability ||
url,www.securiteam.com/exploits/3D5Q4RFPPK.html
2001097 || BLEEDING-EDGE EXPLOIT Internet Explorer Object Data Remote
Execution Vulnerability || url,www.securityfocus.com/bid/8456/solution/
2001098 || BLEEDING-EDGE CUSTOM Attempt to execute Javascript code
2001099 || BLEEDING-EDGE EXPLOIT Attempt to execute VBScript code
2001100 || BLEEDING-EDGE CUSTOM Attempt to access SHELL\:
2001101 || BLEEDING-EDGE EXPLOIT Stealth attempt to execute Javascript
code
2001102 || BLEEDING-EDGE EXPLOIT Stealth attempt to execute VBScript
code
2001103 || BLEEDING-EDGE EXPLOIT Stealth attempt to access SHELL\:
2001104 || BLEEDING-EDGE CUSTOM Stealth attempt to access FILE\:
2001105 || BLEEDING-EDGE EXPLOIT Javascript execution with expression
eval || url,www.securiteam.com/exploits/3D5Q4RFPPK.html
2001106 || BLEEDING-EDGE EXPLOIT Javascript execution with expression
eval hex || url,www.securiteam.com/exploits/3D5Q4RFPPK.html
2001175 || BLEEDING-EDGE CUSTOM Internet Explorer Bitmap Integer
Overflow || url,www.securitytracker.com/alerts/2004/Feb/1009067.html
2001180 || BLEEDING-EDGE CUSTOM Internet Explorer Object Type Property
Overflow || url,www.hnc3k.com/ievulnerabil.htm
2001181 || BLEEDING-EDGE EXPLOIT Internet Explorer Plugin.ocx Heap
Overflow || url,www.hnc3k.com/ievulnerabil.htm
2001182 || BLEEDING-EDGE EXPLOIT IE trojan Ants3set 1.exe - process
injection
2001190 || BLEEDING-EDGE EXPLOIT libPNG - Possible NULL-pointer crash
in png_handle_iCCP || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001191 || BLEEDING-EDGE EXPLOIT libPNG - Width exceeds limit ||
url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001192 || BLEEDING-EDGE EXPLOIT libPNG - Height exceeds limit ||
url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001195 || BLEEDING-EDGE EXPLOIT libPNG - Possible integer overflow in
allocation in png_handle_sPLT ||
url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001205 || BLEEDING-EDGE DOS Internet Explorer Memory Corruption Bug ||
url,www.securiteam.com/windowsntfocus/5XP051FDFM.html
2001206 || BLEEDING-EDGE EXPLOIT Mozilla Firefox Certificate Spoofing
|| url,www.securiteam.com/securitynews/5EP0L1PDFG.html
2001207 || BLEEDING-EDGE EXPLOIT Mozilla Cookie theft ||
url,www.securiteam.com/securitynews/5GP0T0U60M.html
2001208 || BLEEDING-EDGE EXPLOIT Reading Local Files in Netscape 6 and
Mozilla || url,www.securiteam.com/securitynews/5JP000A76K.html
2001209 || BLEEDING-EDGE EXPLOIT Mozilla FTP View Cross-Site Scripting
Vulnerability || url,www.securiteam.com/windowsntfocus/5MP0I0080A.html
2001210 || BLEEDING-EDGE EXPLOIT FTP Serv-U Local Privilege Escalation
Vulnerability || url,www.securiteam.com/windowsntfocus/5YP0F1FDPO.html
2001211 || BLEEDING-EDGE EXPLOIT FTP Serv-U directory traversal
vulnerability || url,www.securiteam.com/windowsntfocus/6C0041F0KO.html
2001212 || BLEEDING-EDGE EXPLOIT FTP Serv-U directory traversal
vulnerability || url,www.securiteam.com/windowsntfocus/6C0041F0KO.html
2001213 || BLEEDING-EDGE EXPLOIT FTP Serv-U LIST -l Parameter Buffer
Overflow || url,www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html
2001215 || BLEEDING-EDGE EXPLOIT FTP Serv-U Server Long Filename Stack
Overflow Vulnerability || url,www.securiteam.com/windowsntfocus/5OP0N1PBPG.html
2001217 || BLEEDING-EDGE EXPLOIT Adobe Acrobat Reader Malicious URL
Null Byte || cve,2004-0629 ||
url,www.securiteam.com/windowsntfocus/5BP0D20DPW.html ||
url,idefense.com/application/poi/display?id=126&type=vulnerabilities
2001346 || BLEEDING-EDGE INAPROPRIATE Kiddy Porn preteen
2001347 || BLEEDING-EDGE INAPROPRIATE Kiddy Porn pre-teen
2001348 || BLEEDING-EDGE INAPROPRIATE Kiddy Porn early teen
2001349 || BLEEDING-EDGE INAPROPRIATE free XXX
2001350 || BLEEDING-EDGE INAPROPRIATE hardcore anal
2001351 || BLEEDING-EDGE INAPROPRIATE masturbation
2001352 || BLEEDING-EDGE INAPROPRIATE ejaculation
2001353 || BLEEDING-EDGE INAPROPRIATE BDSM
2001362 || BLEEDING-EDGE DOS MS04-030 Attempted DoS ||
url,isc.sans.org/diary.php?date=2004-10-20
2001363 || BLEEDING-EDGE EXPLOIT Possible MS04-032 Windows Metafile
(.emf) Heap Overflow Portbind Attempt ||
url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx
2001364 || BLEEDING-EDGE EXPLOIT MS04-032 Windows Metafile (.emf) Heap
Overflow Connectback Attempt ||
url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx
2001366 || BLEEDING-EDGE DOS Possible Microsoft SQL Server Remote
Denial Of Service Attempt || bugtraq,11265
2001369 || BLEEDING-EDGE EXPLOIT MS04-032 Windows Metafile (.emf) Heap
Overflow Exploit ||
url,www.k-otik.com/exploits/20041020.HOD-ms04032-emf-expl2.c.php
2001374 || BLEEDING-EDGE EXPLOIT MS04-032 Bad EMF file
2001385 || BLEEDING-EDGE EXPLOIT Possible ShixxNote buffer-overflow +
remote shell attempt || url,aluigi.altervista.org/adv/shixxbof-adv.txt
2001392 || BLEEDING-EDGE INAPROPRIATE Sextracker Tracking Code Detected
2001393 || BLEEDING-EDGE INAPROPRIATE Sextracker Tracking Code Detected
2001545 || BLEEDING-EDGE ATTACK RESPONSE Potential root shell
connection detected!
2001549 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary
package access exploit || cve,CAN-2004-1029 ||
url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ ||
url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html ||
url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true
|| url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 ||
url,jouko.iki.fi/adv/javaplugin.html
2001550 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary
package access exploit || cve,CAN-2004-1029 ||
url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ ||
url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html ||
url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true
|| url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 ||
url,jouko.iki.fi/adv/javaplugin.html
2001551 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary
package access exploit || cve,CAN-2004-1029 ||
url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ ||
url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html ||
url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true
|| url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 ||
url,jouko.iki.fi/adv/javaplugin.html
2001552 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary
package access exploit || cve,CAN-2004-1029 ||
url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ ||
url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html ||
url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true
|| url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 ||
url,jouko.iki.fi/adv/javaplugin.html
2001608 || BLEEDING-EDGE INAPROPRIATE Likely Porn
2001616 || BLEEDING-EDGE ATTACK RESPONSE Zone-H.org defacement
notification
2001620 || BLEEDING-EDGE ATTACK RESPONSE Likely Botnet Activity
2001622 || BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase
1
2001623 || BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase
2
2001624 || BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase
3
2001625 || BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via
EMAIL, phase 1
2001626 || BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via
EMAIL, phase 2
2001627 || BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via
EMAIL, phase 3
2001628 || BLEEDING-EDGE ATTACK RESPONSE Outbound PHP Connection
2001633 || BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise
|| url,freehost07.websamba.com/greyhats/sp2rc-analysis.htm
2001634 || BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise
|| url,freehost07.websamba.com/greyhats/sp2rc-analysis.htm
2001667 || BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in
2001668 || BLEEDING-EDGE EXPLOIT Exploit MS05-002 Malformed .ANI stack
overflow attack
2001671 || BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in (to
blahot.com)
2001717 || BLEEDING-EDGE ATTACK RESPONSE Successful user connection
AFTER Brute Force Attack
2001718 || BLEEDING-EDGE EXPLOIT CAN-2004-1244 PNG with bad width
2001719 || BLEEDING-EDGE EXPLOIT CAN-2004-1244 PNG with bad height
2001720 || BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with indexed color
2001721 || BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with too big PLTE
2001722 || BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with too big hIST
2001723 || BLEEDING-EDGE EXPLOIT ATmaCA PoC for CORE-2004-0819 -- bad
PNG
2001724 || BLEEDING-EDGE EXPLOIT libpng CAN-2004-1244 overflow attempt
|| bugtraq,10872 || cve,2004-0597
2001725 || BLEEDING-EDGE EXPLOIT MS05-014 HTML OBJECT tag local zone
exploit
2001727 || BLEEDING-EDGE EXPLOIT MS05-005 Office XP Remote Code Attempt
2001742 || BLEEDING-EDGE EXPLOIT Arkeia full remote access without
password or authentication || url,metasploit.com/research/arkeia_agent
2001751 || BLEEDING-EDGE EXPLOIT Shoutcast file request overflow
2001807 || BLEEDING-EDGE EXPLOIT EXPLOIT CAN-2005-0399 Gif Vuln via http
2001813 || BLEEDING-EDGE EXPLOIT MSIE Hidden Address Bar (Phish) ||
url,securityresponse.symantec.com/avcenter/venc/data/js.trojan.blinder.html ||
url,www.guninski.com/popspoof.html
2001846 || BLEEDING-EDGE EXPLOIT [ISC] ICMP blind TCP reset DoS
guessing attempt || cve,can-2004-0790
2001847 || BLEEDING-EDGE WORM pictures.php MSN Worm URL Attempt ||
url,isc.sans.org/diary.php?date=2005-04-13
2001848 || BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State -
Possible Attack
2001849 || BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State -
Possible Attack
-> Added to bleeding-virus.rules (1):
#Jason Alexander
[---] Removed non-rule lines: [---]
-> Removed from bleeding-sid-msg.map (152):
2000004 || BLEEDING-EDGE Microsoft MHTML URL Redirection Attempt ||
url,www.microsoft.com/technet/security/bulletin/MS04-013.mspx ||
cve,CAN-2004-0380
2000005 || BLEEDING-EDGE Cisco Telnet Buffer Overflow ||
url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
2000006 || BLEEDING-EDGE Cisco Router HTTP DoS ||
url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
2000007 || BLEEDING-EDGE Catalyst SSH protocol mismatch ||
url,www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml
2000008 || BLEEDING-EDGE Catalyst 3500 arbitrary command ||
url,www.securityfocus.com/archive/1/141471
2000009 || BLEEDING-EDGE Cisco IOS HTTP DoS ||
url,www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
2000010 || BLEEDING-EDGE Cisco 514 UDP flood DoS ||
url,www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml
2000012 || BLEEDING-EDGE Cisco %u IDS evasion
2000013 || BLEEDING-EDGE Cisco IOS HTTP server DoS
2000016 || BLEEDING-EDGE SSL Bomb DoS Attempt ||
url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx ||
cve,CAN-2004-0120
2000017 || BLEEDING-EDGE NII Microsoft ASN.1 Library Buffer Overflow
Exploit || url,www.microsoft.com/technet/security/bulletin/ms04-007.asp
2000031 || BLEEDING-EDGE CVS server heap overflow attempt (target BSD)
2000032 || BLEEDING-EDGE LSA exploit
2000033 || BLEEDING-EDGE MS04011 Lsasrv.dll RPC exploit (WinXP)
2000046 || BLEEDING-EDGE MS04011 Lsasrv.dll RPC exploit (Win2k)
2000048 || BLEEDING-EDGE CVS server heap overflow attempt (target Linux)
2000049 || BLEEDING-EDGE CVS server heap overflow attempt (target
Solaris)
2000329 || BLEEDING-EDGE mIRC <=6.12 DCC Buffer Overflow || bugtraq,8880
2000342 || BLEEDING-EDGE Squid NTLM Auth Overflow Exploit ||
cve,CAN-2004-0541 || url,www.idefense.com/application/poi/display?id=107
2000345 || BLEEDING-EDGE IRC - Nick change on non-std port
2000346 || BLEEDING-EDGE IRC - Name response on non-std port
2000347 || BLEEDING-EDGE IRC - Private message on non-std port
2000348 || BLEEDING-EDGE IRC - Channel JOIN on non-std port
2000349 || BLEEDING-EDGE IRC - DCC file transfer request on non-std port
2000350 || BLEEDING-EDGE IRC - DCC chat request on non-std port
2000351 || BLEEDING-EDGE IRC - channel join on non-std port
2000352 || BLEEDING-EDGE IRC - dns request on non-std port
2000372 || BLEEDING-EDGE MS-SQL SQL Injection running SQL statements
line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html
|| url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000373 || BLEEDING-EDGE MS-SQL SQL Injection line comment ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000374 || BLEEDING-EDGE MS-SQL SQL Injection trying to guess the
column name || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000375 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong
inputwith an OR ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000376 || BLEEDING-EDGE MS-SQL SQL Injection running SQL statements NO
line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html
|| url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000377 || BLEEDING-EDGE MS-SQL heap overflow attempt ||
url,www.nextgenss.com/papers/tp-SQL2000.pdf
2000378 || BLEEDING-EDGE MS-SQL DOS attempt (08) ||
url,www.nextgenss.com/papers/tp-SQL2000.pdf
2000379 || BLEEDING-EDGE MS-SQL DOS attempt (08) 1 byte ||
url,www.nextgenss.com/papers/tp-SQL2000.pdf
2000380 || BLEEDING-EDGE MS-SQL Spike buffer overflow ||
url,www.securityfocus.com/bid/5411/exploit
2000381 || BLEEDING-EDGE MS-SQL DOS bouncing packets ||
url,www.nextgenss.com/papers/tp-SQL2000.pdf
2000488 || BLEEDING-EDGE MS-SQL SQL Injection closing string plus line
comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000490 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong
inputwith an OR 2 ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000491 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong
inputwith an OR 3 ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000492 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong
inputwith an OR 4 ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000493 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong
inputwith an OR 5 ||
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html ||
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
2000499 || BLEEDING-EDGE FTP inaccessible directory access COM1
2000500 || BLEEDING-EDGE FTP inaccessible directory access COM2
2000501 || BLEEDING-EDGE FTP inaccessible directory access COM3
2000502 || BLEEDING-EDGE FTP inaccessible directory access COM4
2000503 || BLEEDING-EDGE FTP inaccessible directory access LPT1
2000504 || BLEEDING-EDGE FTP inaccessible directory access LPT2
2000505 || BLEEDING-EDGE FTP inaccessible directory access LPT3
2000506 || BLEEDING-EDGE FTP inaccessible directory access LPT4
2000507 || BLEEDING-EDGE FTP inaccessible directory access AUX
2000508 || BLEEDING-EDGE FTP inaccessible directory access NULL
2000535 || BLEEDING-EDGE SCAN NMAP -sT or TCP incoming connection ||
arachnids,162
2000539 || BLEEDING-EDGE SCAN NMAP -sA || arachnids,162
2000541 || BLEEDING-EDGE SCAN NMAP -sA || arachnids,162
2000542 || BLEEDING-EDGE SCAN NMAP -sU || arachnids,162
2000563 || BLEEDING-EDGE Pwdump3e Password Hash Retrieval port 445
2000564 || BLEEDING-EDGE Pwdump3e pwservice.exe Access port 445
2000565 || BLEEDING-EDGE Pwdump3e Session Established Reg-Entry port 139
2000566 || BLEEDING-EDGE Pwdump3e Session Established Reg-Entry port 445
2000567 || BLEEDING-EDGE Pwdump3e pwservice.exe Access port 139
2000568 || BLEEDING-EDGE Pwdump3e Password Hash Retrieval port 139
2001022 || BLEEDING-EDGE Invalid non-fragmented packet with fragment
offset>0
2001023 || BLEEDING-EDGE Invalid fragment - ACK reset
2001024 || BLEEDING-EDGE Invalid fragment - illegal flags
2001048 || BLEEDING-EDGE IE process injection iexplore.exe executable
download
2001049 || BLEEDING-EDGE Buffer Overflow Exploit in Adobe Acrobat
Reader || url,www.securiteam.com/securitynews/5WP080AAKK.html
2001058 || BLEEDING-EDGE libpng tRNS overflow attempt ||
cve,CAN-2004-0597
2001093 || BLEEDING-EDGE IE Local zone Shell execution of arbitrary
code || url,www.securityfocus.com/archive/1/348688/2003-12-31/2004-01-06/0
2001094 || BLEEDING-EDGE Internet Explorer URL parsing vulnerability ||
url,www.securityfocus.com/archive/1/346948
2001095 || BLEEDING-EDGE IFRAME ExecCommand vulnerability ||
url,www.securiteam.com/exploits/3D5Q4RFPPK.html
2001097 || BLEEDING-EDGE Internet Explorer Object Data Remote Execution
Vulnerability || url,www.securityfocus.com/bid/8456/solution/
2001098 || BLEEDING-EDGE Attempt to execute Javascript code
2001099 || BLEEDING-EDGE Attempt to execute VBScript code
2001100 || BLEEDING-EDGE Attempt to access SHELL\:
2001101 || BLEEDING-EDGE Stealth attempt to execute Javascript code
2001102 || BLEEDING-EDGE Stealth attempt to execute VBScript code
2001103 || BLEEDING-EDGE Stealth attempt to access SHELL\:
2001104 || BLEEDING-EDGE Stealth attempt to access FILE\:
2001105 || BLEEDING-EDGE Javascript execution with expression eval ||
url,www.securiteam.com/exploits/3D5Q4RFPPK.html
2001106 || BLEEDING-EDGE Javascript execution with expression eval hex
|| url,www.securiteam.com/exploits/3D5Q4RFPPK.html
2001175 || BLEEDING-EDGE Internet Explorer Bitmap Integer Overflow ||
url,www.securitytracker.com/alerts/2004/Feb/1009067.html
2001180 || BLEEDING-EDGE Internet Explorer Object Type Property
Overflow || url,www.hnc3k.com/ievulnerabil.htm
2001181 || BLEEDING-EDGE Internet Explorer Plugin.ocx Heap Overflow ||
url,www.hnc3k.com/ievulnerabil.htm
2001182 || BLEEDING-EDGE IE trojan Ants3set 1.exe - process injection
2001190 || BLEEDING-EDGE libPNG - Possible NULL-pointer crash in
png_handle_iCCP || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001191 || BLEEDING-EDGE libPNG - Width exceeds limit ||
url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001192 || BLEEDING-EDGE libPNG - Height exceeds limit ||
url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001195 || BLEEDING-EDGE libPNG - Possible integer overflow in
allocation in png_handle_sPLT ||
url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
2001205 || BLEEDING-EDGE Internet Explorer Memory Corruption Bug ||
url,www.securiteam.com/windowsntfocus/5XP051FDFM.html
2001206 || BLEEDING-EDGE Mozilla Firefox Certificate Spoofing ||
url,www.securiteam.com/securitynews/5EP0L1PDFG.html
2001207 || BLEEDING-EDGE Mozilla Cookie theft ||
url,www.securiteam.com/securitynews/5GP0T0U60M.html
2001208 || BLEEDING-EDGE Reading Local Files in Netscape 6 and Mozilla
|| url,www.securiteam.com/securitynews/5JP000A76K.html
2001209 || BLEEDING-EDGE Mozilla FTP View Cross-Site Scripting
Vulnerability || url,www.securiteam.com/windowsntfocus/5MP0I0080A.html
2001210 || BLEEDING-EDGE FTP Serv-U Local Privilege Escalation
Vulnerability || url,www.securiteam.com/windowsntfocus/5YP0F1FDPO.html
2001211 || BLEEDING-EDGE FTP Serv-U directory traversal vulnerability
|| url,www.securiteam.com/windowsntfocus/6C0041F0KO.html
2001212 || BLEEDING-EDGE FTP Serv-U directory traversal vulnerability
|| url,www.securiteam.com/windowsntfocus/6C0041F0KO.html
2001213 || BLEEDING-EDGE FTP Serv-U LIST -l Parameter Buffer Overflow
|| url,www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html
2001215 || BLEEDING-EDGE FTP Serv-U Server Long Filename Stack Overflow
Vulnerability || url,www.securiteam.com/windowsntfocus/5OP0N1PBPG.html
2001217 || BLEEDING-EDGE Adobe Acrobat Reader Malicious URL Null Byte
|| cve,2004-0629 || url,www.securiteam.com/windowsntfocus/5BP0D20DPW.html ||
url,idefense.com/application/poi/display?id=126&type=vulnerabilities
2001346 || BLEEDING-EDGE Kiddy Porn preteen
2001347 || BLEEDING-EDGE Kiddy Porn pre-teen
2001348 || BLEEDING-EDGE Kiddy Porn early teen
2001349 || BLEEDING-EDGE PORN free XXX
2001350 || BLEEDING-EDGE PORN hardcore anal
2001351 || BLEEDING-EDGE PORN masturbation
2001352 || BLEEDING-EDGE PORN ejaculation
2001353 || BLEEDING-EDGE PORN BDSM
2001362 || BLEEDING-EDGE MS04-030 Attempted DoS ||
url,isc.sans.org/diary.php?date=2004-10-20
2001363 || BLEEDING-EDGE Possible MS04-032 Windows Metafile (.emf) Heap
Overflow Portbind Attempt ||
url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx
2001364 || BLEEDING-EDGE MS04-032 Windows Metafile (.emf) Heap Overflow
Connectback Attempt ||
url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx
2001366 || BLEEDING-EDGE Possible Microsoft SQL Server Remote Denial Of
Service Attempt || bugtraq,11265
2001369 || BLEEDING-EDGE MS04-032 Windows Metafile (.emf) Heap Overflow
Exploit || url,www.k-otik.com/exploits/20041020.HOD-ms04032-emf-expl2.c.php
2001374 || BLEEDING-EDGE MS04-032 Bad EMF file
2001385 || BLEEDING-EDGE Possible ShixxNote buffer-overflow + remote
shell attempt || url,aluigi.altervista.org/adv/shixxbof-adv.txt
2001392 || BLEEDING-EDGE Inappropriate Sextracker Tracking Code Detected
2001393 || BLEEDING-EDGE Inappropriate Sextracker Tracking Code Detected
2001545 || BLEEDING-EDGE ATTACK Potential root shell connection
detected!
2001549 || BLEEDING-EDGE Exploit Possible Sun Java Plugin arbitrary
package access exploit || cve,CAN-2004-1029 ||
url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ ||
url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html ||
url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true
|| url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 ||
url,jouko.iki.fi/adv/javaplugin.html
2001550 || BLEEDING-EDGE Exploit Possible Sun Java Plugin arbitrary
package access exploit || cve,CAN-2004-1029 ||
url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ ||
url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html ||
url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true
|| url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 ||
url,jouko.iki.fi/adv/javaplugin.html
2001551 || BLEEDING-EDGE Exploit Possible Sun Java Plugin arbitrary
package access exploit || cve,CAN-2004-1029 ||
url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ ||
url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html ||
url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true
|| url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 ||
url,jouko.iki.fi/adv/javaplugin.html
2001552 || BLEEDING-EDGE Exploit Possible Sun Java Plugin arbitrary
package access exploit || cve,CAN-2004-1029 ||
url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ ||
url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html ||
url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true
|| url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 ||
url,jouko.iki.fi/adv/javaplugin.html
2001608 || BLEEDING-EDGE Inappropriate Likely Porn
2001616 || BLEEDING-EDGE Attack Response Zone-H.org defacement
notification
2001620 || BLEEDING-EDGE Attack Response Likely Botnet Activity
2001622 || BLEEDING-EDGE Exploit winhlp32 ActiveX control attack, phase
1
2001623 || BLEEDING-EDGE Exploit winhlp32 ActiveX control attack, phase
2
2001624 || BLEEDING-EDGE Exploit winhlp32 ActiveX control attack, phase
3
2001625 || BLEEDING-EDGE Exploit winhlp32 ActiveX control attack via
EMAIL, phase 1
2001626 || BLEEDING-EDGE Exploit winhlp32 ActiveX control attack via
EMAIL, phase 2
2001627 || BLEEDING-EDGE Exploit winhlp32 ActiveX control attack via
EMAIL, phase 3
2001628 || BLEEDING-EDGE Attack Response Outbound PHP Connection
2001633 || BLEEDING-EDGE Exploit Probable MSIE XPSP2 Remote Compromise
|| url,freehost07.websamba.com/greyhats/sp2rc-analysis.htm
2001634 || BLEEDING-EDGE Exploit Probable MSIE XPSP2 Remote Compromise
|| url,freehost07.websamba.com/greyhats/sp2rc-analysis.htm
2001667 || BLEEDING-EDGE Exploit Blahot Worm Infection Reporting in
2001668 || BLEEDING-EDGE Exploit MS05-002 Malformed .ANI stack overflow
attack
2001671 || BLEEDING-EDGE Exploit Blahot Worm Infection Reporting in (to
blahot.com)
2001717 || BLEEDING-EDGE SSH Successful user connection AFTER Brute
Force Attack
2001718 || BLEEDING-EDGE Exploit CAN-2004-1244 PNG with bad width
2001719 || BLEEDING-EDGE Exploit CAN-2004-1244 PNG with bad height
2001720 || BLEEDING-EDGE Exploit CAN-2004-0597 PNG with indexed color
2001721 || BLEEDING-EDGE Exploit CAN-2004-0597 PNG with too big PLTE
2001722 || BLEEDING-EDGE Exploit CAN-2004-0597 PNG with too big hIST
2001723 || BLEEDING-EDGE Exploit ATmaCA PoC for CORE-2004-0819 -- bad
PNG
2001724 || BLEEDING-EDGE Exploit libpng CAN-2004-1244 overflow attempt
|| bugtraq,10872 || cve,2004-0597
2001725 || BLEEDING-EDGE Exploit MS05-014 HTML OBJECT tag local zone
exploit
2001727 || BLEEDING-EDGE Exploit MS05-005 Office XP Remote Code Attempt
2001742 || BLEEDING-EDGE Exploit Arkeia full remote access without
password or authentication || url,metasploit.com/research/arkeia_agent
2001751 || BLEEDING-EDGE Exploit Shoutcast file request overflow
2001807 || BLEEDING-EDGE EXPLOIT CAN-2005-0399 Gif Vuln via http
2001813 || BLEEDING-EDGE MSIE Hidden Address Bar (Phish) ||
url,securityresponse.symantec.com/avcenter/venc/data/js.trojan.blinder.html ||
url,www.guninski.com/popspoof.html
2001846 || BLEEDING-EDGE Exploit [ISC] ICMP blind TCP reset DoS
guessing attempt || cve,can-2004-0790
[+] Added files (consider updating your snort.conf to include them if needed):
[+]
-> bleeding-sid-msg-map.txt
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
