Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleedingsnort.com Daily Update

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleedingsnort.com Daily Update
Date: Fri, 24 Jun 2005 20:00:04 -0500 (EST) 

[***] Results from Oinkmaster started Fri Jun 24 20:00:04 2005 [***]

[///]     Modified active rules:     [///]

 2000004 - BLEEDING-EDGE EXPLOIT Microsoft MHTML URL Redirection Attempt 
(bleeding-exploit.rules)
 2000005 - BLEEDING-EDGE EXPLOIT Cisco Telnet Buffer Overflow 
(bleeding-exploit.rules)
 2000006 - BLEEDING-EDGE DOS Cisco Router HTTP DoS (bleeding-dos.rules)
 2000007 - BLEEDING-EDGE EXPLOIT Catalyst SSH protocol mismatch 
(bleeding-exploit.rules)
 2000008 - BLEEDING-EDGE EXPLOIT Catalyst 3500 arbitrary command 
(bleeding-exploit.rules)
 2000009 - BLEEDING-EDGE EXPLOIT Cisco IOS HTTP DoS (bleeding-exploit.rules)
 2000010 - BLEEDING-EDGE DOS Cisco 514 UDP flood DoS (bleeding-dos.rules)
 2000011 - BLEEDING-EDGE DOS Catalyst memory leak attack (bleeding-dos.rules)
 2000012 - BLEEDING-EDGE EXPLOIT Cisco %u IDS evasion (bleeding-exploit.rules)
 2000013 - BLEEDING-EDGE EXPLOIT Cisco IOS HTTP server DoS 
(bleeding-exploit.rules)
 2000016 - BLEEDING-EDGE DOS SSL Bomb DoS Attempt (bleeding-dos.rules)
 2000017 - BLEEDING-EDGE EXPLOIT NII Microsoft ASN.1 Library Buffer Overflow 
Exploit (bleeding-exploit.rules)
 2000031 - BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target BSD) 
(bleeding-exploit.rules)
 2000032 - BLEEDING-EDGE EXPLOIT LSA exploit (bleeding-exploit.rules)
 2000033 - BLEEDING-EDGE EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) 
(bleeding-exploit.rules)
 2000046 - BLEEDING-EDGE EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) 
(bleeding-exploit.rules)
 2000048 - BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target 
Linux) (bleeding-exploit.rules)
 2000049 - BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target 
Solaris) (bleeding-exploit.rules)
 2000329 - BLEEDING-EDGE EXPLOIT mIRC <=6.12 DCC Buffer Overflow 
(bleeding-exploit.rules)
 2000342 - BLEEDING-EDGE EXPLOIT Squid NTLM Auth Overflow Exploit 
(bleeding-exploit.rules)
 2000372 - BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection running SQL statements 
line comment (bleeding-exploit.rules)
 2000373 - BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection line comment 
(bleeding-exploit.rules)
 2000377 - BLEEDING-EDGE EXPLOIT MS-SQL heap overflow attempt 
(bleeding-exploit.rules)
 2000378 - BLEEDING-EDGE EXPLOIT MS-SQL DOS attempt (08) 
(bleeding-exploit.rules)
 2000379 - BLEEDING-EDGE EXPLOIT MS-SQL DOS attempt (08) 1 byte 
(bleeding-exploit.rules)
 2000380 - BLEEDING-EDGE EXPLOIT MS-SQL Spike buffer overflow 
(bleeding-exploit.rules)
 2000381 - BLEEDING-EDGE EXPLOIT MS-SQL DOS bouncing packets 
(bleeding-exploit.rules)
 2000488 - BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection closing string plus line 
comment (bleeding-exploit.rules)
 2000496 - BLEEDING-EDGE DOS Microsoft SMS dos attempt (bleeding-dos.rules)
 2000536 - BLEEDING-EDGE SCAN NMAP -sO (bleeding-scan.rules)
 2000537 - BLEEDING-EDGE SCAN NMAP -sS (bleeding-scan.rules)
 2000538 - BLEEDING-EDGE SCAN NMAP -sA (bleeding-scan.rules)
 2000540 - BLEEDING-EDGE SCAN NMAP -sA (bleeding-scan.rules)
 2000543 - BLEEDING-EDGE SCAN NMAP -f -sF (bleeding-scan.rules)
 2000544 - BLEEDING-EDGE SCAN NMAP -f -sN (bleeding-scan.rules)
 2000545 - BLEEDING-EDGE SCAN NMAP -f -sS (bleeding-scan.rules)
 2000546 - BLEEDING-EDGE SCAN NMAP -f -sX (bleeding-scan.rules)
 2000559 - BLEEDING-EDGE THCIISLame IIS SSL Exploit Attempt (bleeding-web.rules)
 2000563 - BLEEDING-EDGE EXPLOIT Pwdump3e Password Hash Retrieval port 445 
(bleeding-exploit.rules)
 2000564 - BLEEDING-EDGE EXPLOIT Pwdump3e pwservice.exe Access port 445 
(bleeding-exploit.rules)
 2000565 - BLEEDING-EDGE EXPLOIT Pwdump3e Session Established Reg-Entry port 
139 (bleeding-exploit.rules)
 2000566 - BLEEDING-EDGE EXPLOIT Pwdump3e Session Established Reg-Entry port 
445 (bleeding-exploit.rules)
 2000567 - BLEEDING-EDGE EXPLOIT Pwdump3e pwservice.exe Access port 139 
(bleeding-exploit.rules)
 2000568 - BLEEDING-EDGE EXPLOIT Pwdump3e Password Hash Retrieval port 139 
(bleeding-exploit.rules)
 2000575 - BLEEDING-EDGE ICMP PING IPTools (bleeding-scan.rules)
 2001021 - BLEEDING-EDGE Suspicious Encrypted Webpage Content 
(bleeding-web.rules)
 2001022 - BLEEDING-EDGE EXPLOIT Invalid non-fragmented packet with fragment 
offset>0 (bleeding-exploit.rules)
 2001023 - BLEEDING-EDGE EXPLOIT Invalid fragment - ACK reset 
(bleeding-exploit.rules)
 2001024 - BLEEDING-EDGE EXPLOIT Invalid fragment - illegal flags 
(bleeding-exploit.rules)
 2001048 - BLEEDING-EDGE EXPLOIT IE process injection iexplore.exe executable 
download (bleeding-exploit.rules)
 2001049 - BLEEDING-EDGE EXPLOIT Buffer Overflow Exploit in Adobe Acrobat 
Reader (bleeding-exploit.rules)
 2001052 - BLEEDING-EDGE EXPLOIT NTDump Session Established Reg-Entry port 139 
(bleeding-exploit.rules)
 2001053 - BLEEDING-EDGE EXPLOIT NTDump.exe Service Started port 139 
(bleeding-exploit.rules)
 2001058 - BLEEDING-EDGE EXPLOIT libpng tRNS overflow attempt 
(bleeding-exploit.rules)
 2001075 - BLEEDING-EDGE WEB-MISC cross site scripting attempt IMG onerror or 
onload (bleeding-web.rules)
 2001077 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
JAVASCRIPT (bleeding-web.rules)
 2001078 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + JSCRIPT 
(bleeding-web.rules)
 2001079 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + VBSCRIPT 
(bleeding-web.rules)
 2001080 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + VBSCRIPT 
(bleeding-web.rules)
 2001081 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
ECMACRIPT (bleeding-web.rules)
 2001082 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
EXPRESSION (bleeding-web.rules)
 2001083 - BLEEDING-EDGE WEB-MISC cross site scripting attempt STYLE + 
EXPRESSION (bleeding-web.rules)
 2001084 - BLEEDING-EDGE WEB-MISC cross site scripting attempt using XML 
(bleeding-web.rules)
 2001085 - BLEEDING-EDGE WEB-MISC cross site scripting attempt executing hidden 
Javascript (bleeding-web.rules)
 2001086 - BLEEDING-EDGE WEB-MISC cross site scripting attempt executing hidden 
Javascript (bleeding-web.rules)
 2001087 - BLEEDING-EDGE WEB-MISC cross site scripting attempt to execute 
Javascript code (bleeding-web.rules)
 2001088 - BLEEDING-EDGE WEB-MISC cross site scripting attempt to execute 
VBScript code (bleeding-web.rules)
 2001089 - BLEEDING-EDGE WEB-MISC cross site scripting attempt to access 
SHELL\: (bleeding-web.rules)
 2001090 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to 
execute Javascript code (bleeding-web.rules)
 2001091 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to 
execute VBScript code (bleeding-web.rules)
 2001092 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to 
access SHELL\: (bleeding-web.rules)
 2001093 - BLEEDING-EDGE EXPLOIT IE Local zone Shell execution of arbitrary 
code (bleeding-exploit.rules)
 2001094 - BLEEDING-EDGE EXPLOIT Internet Explorer URL parsing vulnerability 
(bleeding-exploit.rules)
 2001095 - BLEEDING-EDGE EXPLOIT IFRAME ExecCommand vulnerability 
(bleeding-exploit.rules)
 2001097 - BLEEDING-EDGE EXPLOIT Internet Explorer Object Data Remote Execution 
Vulnerability (bleeding-exploit.rules)
 2001099 - BLEEDING-EDGE EXPLOIT Attempt to execute VBScript code 
(bleeding-exploit.rules)
 2001101 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute Javascript code 
(bleeding-exploit.rules)
 2001102 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute VBScript code 
(bleeding-exploit.rules)
 2001103 - BLEEDING-EDGE EXPLOIT Stealth attempt to access SHELL\: 
(bleeding-exploit.rules)
 2001105 - BLEEDING-EDGE EXPLOIT Javascript execution with expression eval 
(bleeding-exploit.rules)
 2001106 - BLEEDING-EDGE EXPLOIT Javascript execution with expression eval hex 
(bleeding-exploit.rules)
 2001181 - BLEEDING-EDGE EXPLOIT Internet Explorer Plugin.ocx Heap Overflow 
(bleeding-exploit.rules)
 2001182 - BLEEDING-EDGE EXPLOIT IE trojan Ants3set 1.exe - process injection 
(bleeding-exploit.rules)
 2001190 - BLEEDING-EDGE EXPLOIT libPNG - Possible NULL-pointer crash in 
png_handle_iCCP (bleeding-exploit.rules)
 2001191 - BLEEDING-EDGE EXPLOIT libPNG - Width exceeds limit 
(bleeding-exploit.rules)
 2001192 - BLEEDING-EDGE EXPLOIT libPNG - Height exceeds limit 
(bleeding-exploit.rules)
 2001195 - BLEEDING-EDGE EXPLOIT libPNG - Possible integer overflow in 
allocation in png_handle_sPLT (bleeding-exploit.rules)
 2001197 - BLEEDING-EDGE PHPNuke SQL injection attemp (bleeding-web.rules)
 2001202 - BLEEDING-EDGE PHPNuke general SQL injection attempt 
(bleeding-web.rules)
 2001205 - BLEEDING-EDGE DOS Internet Explorer Memory Corruption Bug 
(bleeding-dos.rules)
 2001206 - BLEEDING-EDGE EXPLOIT Mozilla Firefox Certificate Spoofing 
(bleeding-exploit.rules)
 2001207 - BLEEDING-EDGE EXPLOIT Mozilla Cookie theft (bleeding-exploit.rules)
 2001209 - BLEEDING-EDGE EXPLOIT Mozilla FTP View Cross-Site Scripting 
Vulnerability (bleeding-exploit.rules)
 2001210 - BLEEDING-EDGE EXPLOIT FTP Serv-U Local Privilege Escalation 
Vulnerability (bleeding-exploit.rules)
 2001211 - BLEEDING-EDGE EXPLOIT FTP Serv-U directory traversal vulnerability 
(bleeding-exploit.rules)
 2001212 - BLEEDING-EDGE EXPLOIT FTP Serv-U directory traversal vulnerability 
(bleeding-exploit.rules)
 2001213 - BLEEDING-EDGE EXPLOIT FTP Serv-U LIST -l Parameter Buffer Overflow 
(bleeding-exploit.rules)
 2001215 - BLEEDING-EDGE EXPLOIT FTP Serv-U Server Long Filename Stack Overflow 
Vulnerability (bleeding-exploit.rules)
 2001217 - BLEEDING-EDGE EXPLOIT Adobe Acrobat Reader Malicious URL Null Byte 
(bleeding-exploit.rules)
 2001218 - BLEEDING-EDGE PHPNuke general XSS attemp (bleeding-web.rules)
 2001219 - BLEEDING-EDGE Potential SSH Scan (bleeding-scan.rules)
 2001238 - BLEEDING-EDGE Possible Xedus Webserver Directory Traversal Attempt 
(bleeding-web.rules)
 2001342 - BLEEDING-EDGE WEB-IIS ASP.net Auth Bypass / Canonicalization 
(bleeding-web.rules)
 2001343 - BLEEDING-EDGE WEB-IIS ASP.net Auth Bypass / Canonicalization % 5 C 
(bleeding-web.rules)
 2001344 - BLEEDING-EDGE WEB-PHP EasyDynamicPages exploit (bleeding-web.rules)
 2001346 - BLEEDING-EDGE INAPROPRIATE Kiddy Porn preteen 
(bleeding-inappropriate.rules)
 2001347 - BLEEDING-EDGE INAPROPRIATE Kiddy Porn pre-teen 
(bleeding-inappropriate.rules)
 2001348 - BLEEDING-EDGE INAPROPRIATE Kiddy Porn early teen 
(bleeding-inappropriate.rules)
 2001349 - BLEEDING-EDGE INAPROPRIATE free XXX (bleeding-inappropriate.rules)
 2001350 - BLEEDING-EDGE INAPROPRIATE hardcore anal 
(bleeding-inappropriate.rules)
 2001351 - BLEEDING-EDGE INAPROPRIATE masturbation 
(bleeding-inappropriate.rules)
 2001352 - BLEEDING-EDGE INAPROPRIATE ejaculation (bleeding-inappropriate.rules)
 2001353 - BLEEDING-EDGE INAPROPRIATE BDSM (bleeding-inappropriate.rules)
 2001362 - BLEEDING-EDGE DOS MS04-030 Attempted DoS (bleeding-dos.rules)
 2001363 - BLEEDING-EDGE EXPLOIT Possible MS04-032 Windows Metafile (.emf) Heap 
Overflow Portbind Attempt (bleeding-exploit.rules)
 2001364 - BLEEDING-EDGE EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow 
Connectback Attempt (bleeding-exploit.rules)
 2001365 - BLEEDING-EDGE WEB-MISC Alternate Data Stream source view attempt 
(bleeding-web.rules)
 2001366 - BLEEDING-EDGE DOS Possible Microsoft SQL Server Remote Denial Of 
Service Attempt (bleeding-dos.rules)
 2001369 - BLEEDING-EDGE EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow 
Exploit (bleeding-exploit.rules)
 2001374 - BLEEDING-EDGE EXPLOIT MS04-032 Bad EMF file (bleeding-exploit.rules)
 2001385 - BLEEDING-EDGE EXPLOIT Possible ShixxNote buffer-overflow + remote 
shell attempt (bleeding-exploit.rules)
 2001386 - BLEEDING-EDGE INAPPROPRIATE Kiddy Porn pthc 
(bleeding-inappropriate.rules)
 2001387 - BLEEDING-EDGE INAPPROPRIATE Kiddy Porn zeps 
(bleeding-inappropriate.rules)
 2001388 - BLEEDING-EDGE INAPPROPRIATE Kiddy Porn r@ygold 
(bleeding-inappropriate.rules)
 2001389 - BLEEDING-EDGE INAPPROPRIATE Kiddy Porn childlover 
(bleeding-inappropriate.rules)
 2001392 - BLEEDING-EDGE INAPROPRIATE Sextracker Tracking Code Detected 
(bleeding-inappropriate.rules)
 2001393 - BLEEDING-EDGE INAPROPRIATE Sextracker Tracking Code Detected 
(bleeding-inappropriate.rules)
 2001401 - BLEEDING-EDGE EXPLOIT IE IFRAME Exploit (bleeding-exploit.rules)
 2001457 - BLEEDING-EDGE Exploit phpBB Highlighting Code Execution Attempt 
(bleeding-web.rules)
 2001543 - BLEEDING-EDGE EXPLOIT NTDump Session Established Reg-Entry port 445 
(bleeding-exploit.rules)
 2001544 - BLEEDING-EDGE EXPLOIT NTDump.exe Service Started port 445 
(bleeding-exploit.rules)
 2001546 - BLEEDING-EDGE WEB-MISC LINK Method (bleeding-web.rules)
 2001549 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package 
access exploit (bleeding-exploit.rules)
 2001550 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package 
access exploit (bleeding-exploit.rules)
 2001551 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package 
access exploit (bleeding-exploit.rules)
 2001552 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package 
access exploit (bleeding-exploit.rules)
 2001553 - BLEEDING-EDGE Scan Possible SSL Brute Force attack or Site Crawl 
(bleeding-scan.rules)
 2001557 - BLEEDING-EDGE Exploit phpBB Highlighting SQL Injection 
(bleeding-web.rules)
 2001569 - BLEEDING-EDGE Behavioral Unusual Port 445 traffic, Potential Scan or 
Infection (bleeding-scan.rules)
 2001579 - BLEEDING-EDGE Behavioral Unusual Port 139 traffic, Potential Scan or 
Infection (bleeding-scan.rules)
 2001580 - BLEEDING-EDGE Behavioral Unusual Port 137 traffic, Potential Scan or 
Infection (bleeding-scan.rules)
 2001581 - BLEEDING-EDGE Behavioral Unusual Port 135 traffic, Potential Scan or 
Infection (bleeding-scan.rules)
 2001582 - BLEEDING-EDGE Behavioral Unusual Port 1434 traffic, Potential Scan 
or Infection (bleeding-scan.rules)
 2001583 - BLEEDING-EDGE Behavioral Unusual Port 1433 traffic, Potential Scan 
or Infection (bleeding-scan.rules)
 2001604 - BLEEDING-EDGE Exploit phpBB Highlighting Code Execution - Santy.A 
Worm (bleeding-web.rules)
 2001605 - BLEEDING-EDGE Exploit phpBB Highlight Exploit Attempt 
(bleeding-web.rules)
 2001608 - BLEEDING-EDGE INAPROPRIATE Likely Porn (bleeding-inappropriate.rules)
 2001609 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 1 (bleeding-scan.rules)
 2001610 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 2 (bleeding-scan.rules)
 2001611 - BLEEDING-EDGE F5 BIG-IP 3DNS TCP Probe 3 (bleeding-scan.rules)
 2001621 - BLEEDING-EDGE Exploit Suspected PHP Injection Attack 
(bleeding-web.rules)
 2001622 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 1 
(bleeding-exploit.rules)
 2001623 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 2 
(bleeding-exploit.rules)
 2001624 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 3 
(bleeding-exploit.rules)
 2001625 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, 
phase 1 (bleeding-exploit.rules)
 2001626 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, 
phase 2 (bleeding-exploit.rules)
 2001627 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, 
phase 3 (bleeding-exploit.rules)
 2001633 - BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise 
(bleeding-exploit.rules)
 2001634 - BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise 
(bleeding-exploit.rules)
 2001635 - BLEEDING-EDGE DOS HTTP GET with newline appended (bleeding-dos.rules)
 2001636 - BLEEDING-EDGE DOS squ1rt Apache DoS (bleeding-dos.rules)
 2001667 - BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in 
(bleeding-exploit.rules)
 2001668 - BLEEDING-EDGE EXPLOIT Exploit MS05-002 Malformed .ANI stack overflow 
attack (bleeding-exploit.rules)
 2001669 - BLEEDING-EDGE Web Proxy GET Request (bleeding-web.rules)
 2001670 - BLEEDING-EDGE Web Proxy HEAD Request (bleeding-web.rules)
 2001671 - BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in (to 
blahot.com) (bleeding-exploit.rules)
 2001674 - BLEEDING-EDGE Proxy POST Request (bleeding-web.rules)
 2001675 - BLEEDING-EDGE Proxy CONNECT Request (bleeding-web.rules)
 2001686 - BLEEDING-EDGE EXPLOIT Awstats Remote Code Execution Attempt 
(bleeding-exploit.rules)
 2001716 - BLEEDING-EDGE Web IDN url seen.. (bleeding-web.rules)
 2001718 - BLEEDING-EDGE EXPLOIT CAN-2004-1244 PNG with bad width 
(bleeding-exploit.rules)
 2001719 - BLEEDING-EDGE EXPLOIT CAN-2004-1244 PNG with bad height 
(bleeding-exploit.rules)
 2001720 - BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with indexed color 
(bleeding-exploit.rules)
 2001721 - BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with too big PLTE 
(bleeding-exploit.rules)
 2001722 - BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with too big hIST 
(bleeding-exploit.rules)
 2001724 - BLEEDING-EDGE EXPLOIT libpng CAN-2004-1244 overflow attempt 
(bleeding-exploit.rules)
 2001725 - BLEEDING-EDGE EXPLOIT MS05-014 HTML OBJECT tag local zone exploit 
(bleeding-exploit.rules)
 2001727 - BLEEDING-EDGE EXPLOIT MS05-005 Office XP Remote Code Attempt 
(bleeding-exploit.rules)
 2001738 - BLEEDING-EDGE WEB PHP vBulletin Remote Command Execution Attempt 
(bleeding-web.rules)
 2001742 - BLEEDING-EDGE EXPLOIT Arkeia full remote access without password or 
authentication (bleeding-exploit.rules)
 2001751 - BLEEDING-EDGE EXPLOIT Shoutcast file request overflow 
(bleeding-exploit.rules)
 2001753 - BLEEDING-EDGE EXPLOIT Pwdump4 Session Established GetHash port 139 
(bleeding-exploit.rules)
 2001754 - BLEEDING-EDGE EXPLOIT Pwdump4 Session Established GetHash port 445 
(bleeding-exploit.rules)
 2001762 - BLEEDING-EDGE WEB phpbb Session Cookie (bleeding-web.rules)
 2001767 - BLEEDING-EDGE WEB ORACLE OLEDB asp error (bleeding-web.rules)
 2001768 - BLEEDING-EDGE WEB MS SQL Server OLEDB asp error (bleeding-web.rules)
 2001780 - BLEEDING-EDGE EXPLOIT Solaris TTYPROMPT environment variable set 
(bleeding-exploit.rules)
 2001781 - BLEEDING-EDGE WEB ORACLE rwcgi60 information leak attempt 
(bleeding-web.rules)
 2001784 - BLEEDING-EDGE EXPLOIT AWStats (awstats_shell) Remote Code Execution 
(bleeding-exploit.rules)
 2001785 - BLEEDING-EDGE EXPLOIT PHP (allow_url_fopen) File Injection Bug 
Feature (bleeding-exploit.rules)
 2001795 - BLEEDING-EDGE DOS Excessive SMTP MAIL-FROM DDoS (bleeding-dos.rules)
 2001807 - BLEEDING-EDGE EXPLOIT CAN-2005-0399 Gif Vuln via http 
(bleeding-exploit.rules)
 2001810 - BLEEDING-EDGE EXPLOIT WEB PHP remote file include exploit attempt 
(bleeding-web.rules)
 2001811 - BLEEDING-EDGE WEB Encoded javascriptdocument.write - usually hostile 
(bleeding-web.rules)
 2001813 - BLEEDING-EDGE EXPLOIT MSIE Hidden Address Bar (Phish) 
(bleeding-exploit.rules)
 2001846 - BLEEDING-EDGE DOS [ISC] ICMP blind TCP reset DoS guessing attempt 
(bleeding-dos.rules)
 2001848 - BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack 
(bleeding-exploit.rules)
 2001849 - BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack 
(bleeding-exploit.rules)
 2001873 - BLEEDING-EDGE EXPLOIT MS Exchange Link State Routing Chunk (maybe 
MS05-021) (bleeding-exploit.rules)
 2001874 - BLEEDING-EDGE EXPLOIT TCP Reset from MS Exchange after chunked data, 
probably crashed it (MS05-021) (bleeding-exploit.rules)
 2001875 - BLEEDING-EDGE EXPLOIT MS Exchange chunks accepted 
(bleeding-exploit.rules)
 2001876 - BLEEDING-EDGE EXPLOIT MS Exchange disliked link state chunk, but 
didn't die (MS05-021) (bleeding-exploit.rules)
 2001882 - BLEEDING-EDGE DOS ICMP Path MTU lowered below acceptable threshold 
(bleeding-dos.rules)
 2001883 - BLEEDING-EDGE EXPLOIT Kali Tagboard Command Execution Attempt 
(bleeding-exploit.rules)
 2001904 - BLEEDING-EDGE Behavioral Unusually fast Telnet Connections, 
Potential Scan or Brute Force (bleeding-scan.rules)
 2001906 - BLEEDING-EDGE SCAN MYSQL 4.0 brute force root login attempt 
(bleeding-scan.rules)
 2001915 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-TCP) 
(bleeding-exploit.rules)
 2001916 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Response-TCP) 
(bleeding-exploit.rules)
 2001917 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-UDP) 
(bleeding-exploit.rules)
 2001918 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Response-UDP) 
(bleeding-exploit.rules)
 2001928 - BLEEDING-EDGE WEB XSS Possible Arbitrary Scripting Code Attack in 
phpBB (private message) (bleeding-web.rules)
 2001929 - BLEEDING-EDGE WEB XSS Possible Arbitrary Scripting Code Attack in 
phpBB (signature) (bleeding-web.rules)
 2001932 - BLEEDING-EDGE Exploit wowBB view_user.php SQL Injection 
(bleeding-exploit.rules)
 2001944 - BLEEDING-EDGE EXPLOIT MS04-007 Kill-Bill ASN1 exploit attempt 
(bleeding-exploit.rules)
 2001945 - BLEEDING-EDGE WEB WebAPP Apage.CGI Remote Command Execution Attempt 
(bleeding-web.rules)
 2001949 - BLEEDING-EDGE WEB Athena Web Registration Remote Command Execution 
Attempt (bleeding-web.rules)
 2001954 - BLEEDING-EDGE EXPLOIT Meteor FTP Server Exploit 
(bleeding-exploit.rules)
 2001972 - BLEEDING-EDGE Behavioral Unusually fast Terminal Server Traffic, 
Potential Scan or Infection (bleeding-scan.rules)
 2001988 - BLEEDING-EDGE EXPLOIT MySQL MaxDB Buffer Overflow 
(bleeding-exploit.rules)
 2001990 - BLEEDING-EDGE EXPLOIT JamMail Jammail.pl Remote Command Execution 
Attempt (bleeding-exploit.rules)
 2001991 - BLEEDING-EDGE EXPLOIT WebHints Scripts Remote Command Execution 
Attempt (bleeding-exploit.rules)


[///]    Modified inactive rules:    [///]

 2001076 - BLEEDING-EDGE WEB-MISC cross site scripting attempt TYPE + 
JAVASCRIPT (bleeding-web.rules)
 2001208 - BLEEDING-EDGE EXPLOIT Reading Local Files in Netscape 6 and Mozilla 
(bleeding-exploit.rules)
 2001723 - BLEEDING-EDGE EXPLOIT ATmaCA PoC for CORE-2004-0819 -- bad PNG 
(bleeding-exploit.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-dos.rules (5):
        # NOTE: If you can, put in a check on offset 20 through 23, as these
        # the traffic that caused the icmp unreach (EG: YOU.) example, if you
        # You get the idea. This may well be unnecessary overkill. YMMV.
        # below a sane value, eg 576 bytes. Adjust to taste.
        # real world might even go as high as 1100 bytes min. YMMV.

     -> Added to bleeding-sid-msg.map (4):
        2001350 || BLEEDING-EDGE INAPROPRIATE hardcore anal
        2001351 || BLEEDING-EDGE INAPROPRIATE masturbation
        2001352 || BLEEDING-EDGE INAPROPRIATE ejaculation
        2001353 || BLEEDING-EDGE INAPROPRIATE BDSM

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-dos.rules (5):
        # NOTE:  If you can, put in a check on offset 20 through 23, as these
        # the traffic that caused the icmp unreach (EG: YOU.)   example, if you
        # You get the idea. This may well be unnecessary overkill.  YMMV.
        # below a sane value, eg 576 bytes.  Adjust to taste.
        # real world might even go as high as 1100 bytes min.  YMMV.

     -> Removed from bleeding-sid-msg.map (20):
        2000374 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection trying to guess 
the column name || 
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || 
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000375 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or 
wrong inputwith an OR || 
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || 
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000376 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection running SQL 
statements NO line comment || 
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || 
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000490 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or 
wrong inputwith an OR 2 || 
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || 
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000491 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or 
wrong inputwith an OR 3 || 
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || 
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000492 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or 
wrong inputwith an OR 4 || 
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || 
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000493 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or 
wrong inputwith an OR 5 || 
url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || 
url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000535 || BLEEDING-EDGE CUSTOM SCAN NMAP -sT or TCP incoming 
connection || arachnids,162
        2000539 || BLEEDING-EDGE CUSTOM SCAN NMAP -sA || arachnids,162
        2000541 || BLEEDING-EDGE CUSTOM SCAN NMAP -sA || arachnids,162
        2000542 || BLEEDING-EDGE CUSTOM SCAN NMAP -sU || arachnids,162
        2001098 || BLEEDING-EDGE CUSTOM Attempt to execute Javascript code
        2001100 || BLEEDING-EDGE CUSTOM Attempt to access SHELL\:
        2001104 || BLEEDING-EDGE CUSTOM Stealth attempt to access FILE\:
        2001175 || BLEEDING-EDGE CUSTOM Internet Explorer Bitmap Integer 
Overflow || url,www.securitytracker.com/alerts/2004/Feb/1009067.html
        2001180 || BLEEDING-EDGE CUSTOM Internet Explorer Object Type Property 
Overflow || url,www.hnc3k.com/ievulnerabil.htm
        2001350 || BLEEDING-EDGE INAPROPRIATE  hardcore anal
        2001351 || BLEEDING-EDGE INAPROPRIATE  masturbation
        2001352 || BLEEDING-EDGE INAPROPRIATE  ejaculation
        2001353 || BLEEDING-EDGE INAPROPRIATE  BDSM



-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-sigs] sid 580 and sid 1267 = cve-1999-0008 ? (snort233b14), Matthew Watchinski
Next by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Previous by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Thread:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]