Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Snort Community Rules Update

from [Sourcefire VRT] Network Security [Permanent Link]
Subject: [Snort-sigs] Snort Community Rules Update
Date: Fri, 18 Aug 2006 15:54:39 -0400 
This message is to announce the availability of an update for the Sourcefire 
community rule set, which can be downloaded free of cost or registration from 
http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000849-100000873. These 
rules cover SQL injection, and remote file inclusion attacks against the 
IceWarp, ListMessenger, Professional Home Page Tools, Francisco Charrua 
Photo-Gallery, FlushCMS, PHPMyRing, powergap, CubeCart, and discloser 0.0.4 
systems. Additionally, they detect access to a COM object which is vulnerable 
to memory corruption attacks. References for SIDs 100000227 and 100000229 were 
modified according to suggestions from "Gentoo Wally" on Snort-Sigs.

Sourcefire would like to thank urleet@gmail.com for submitting SIDs 
100000864-100000873. As a reminder, anyone who wishes to submit rules may do so 
at http://www.snort.org/reg-bin/rulesubmit.cgi.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000227 || COMMUNITY MISC SNMP trap Format String detected
100000229 || COMMUNITY MISC Lotus Domino LDAP attack
100000849 || COMMUNITY WEB-PHP IceWarp include.php remote file include
100000850 || COMMUNITY WEB-PHP IceWarp include.php remote file include
100000851 || COMMUNITY WEB-PHP IceWarp include.php remote file include
100000852 || COMMUNITY WEB-PHP IceWarp include.php remote file include
100000853 || COMMUNITY WEB-PHP IceWarp settings.html remote file include
100000854 || COMMUNITY WEB-PHP ListMessenger listmessenger.php remote file 
include
100000855 || COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL 
injection attempt
100000856 || COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL 
injection attempt
100000857 || COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL 
injection attempt
100000858 || COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL 
injection attempt
100000859 || COMMUNITY WEB-PHP Professional Home Page Tools class.php SQL 
injection attempt
100000860 || COMMUNITY WEB-PHP Francisco Charrua Photo-Gallery room.php SQL 
injection attempt
100000861 || COMMUNITY WEB-PHP FlushCMS class.rich.php remote file include
100000862 || COMMUNITY WEB-PHP FlushCMS class.rich.php remote file include
100000863 || COMMUNITY WEB-PHP PHPMyRing view_com.php SQL injection attempt
100000864 || COMMUNITY WEB-CLIENT tsuserex.dll COM Object Instantiation 
Vulnerability
100000865 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s01
100000866 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s02
100000867 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s03
100000868 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s04
100000869 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit sid 
variant
100000870 || COMMUNITY WEB-PHP powergap remote file inclusion exploit sid 
variant 2
100000871 || COMMUNITY WEB-PHP CubeCart XSS attack
100000872 || COMMUNITY WEB-PHP CubeCart XSS attack
100000873 || COMMUNITY WEB-PHP discloser 0.0.4 Remote File Inclusion


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] Snort Community Rules Update, Sourcefire VRT <=
Previous by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Next by Date:  [Snort-sigs] Bleedingsnort.com Daily Update, bleeding
Previous by Thread:  [Snort-sigs] discloser 0.0.4 Remote File Inclusion, Ureleet Ureleet
Next by Thread:  [Snort-sigs] Update rule sid 2590, Blake Hartstein
Indexes:  [Date] [Thread] [Top] [All Lists]