Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleeding Edge Threats Daily Signature Changes
Date: Sat, 19 May 2007 16:00:07 -0400 (EDT) 

[***] Results from Oinkmaster started Sat May 19 16:00:07 2007 [***]

[+++]          Added rules:          [+++]

 2003864 - BLEEDING-EDGE POLICY Outbound SMTP on port 587 
(bleeding-policy.rules)
 2003865 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid DELETE (bleeding-web.rules)
 2003866 - BLEEDING-EDGE WEB Glossaire SQL Injection Attempt -- 
glossaire-p-f.php sid SELECT (bleeding-web.rules)
 2003867 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php 
tt_docroot (bleeding-web.rules)


[///]     Modified active rules:     [///]

 2003660 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt - 
Headerfile.php System (bleeding-web.rules)
 2003661 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
latest_files.php System (bleeding-web.rules)
 2003662 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
latest_posts.php System (bleeding-web.rules)
 2003663 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
groups_headerfile.php System (bleeding-web.rules)
 2003664 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
filters_headerfile.php System (bleeding-web.rules)
 2003665 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- links.php 
System (bleeding-web.rules)
 2003666 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
menu_headerfile.php System (bleeding-web.rules)
 2003667 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
latest_news.php System (bleeding-web.rules)
 2003668 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
settings_headerfile.php System (bleeding-web.rules)
 2003669 - BLEEDING-EDGE WEB TopTree Remote Inclusion Attempt -- 
tpl_message.php right_file (bleeding-web.rules)
 2003670 - BLEEDING-EDGE WEB Workbench Survival Guide Remote Inclusion Attempt 
-- headerfile.php path (bleeding-web.rules)
 2003671 - BLEEDING-EDGE WEB Versado CMS Remote Inclusion Attempt -- 
ajax_listado.php urlModulo (bleeding-web.rules)
 2003672 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- 
mod_image_index.php config[pathMod] (bleeding-web.rules)
 2003673 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- 
mod_liens_index.php config[pathMod] (bleeding-web.rules)
 2003674 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- 
mod_liste_index.php config[pathMod] (bleeding-web.rules)
 2003675 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- 
mod_special_index.php config[pathMod] (bleeding-web.rules)
 2003676 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- 
mod_texte_index.php config[pathMod] (bleeding-web.rules)
 2003678 - BLEEDING-EDGE WEB Tropicalm Remote Inclusion Attempt -- dosearch.php 
RESPATH (bleeding-web.rules)
 2003679 - BLEEDING-EDGE WEB DynamicPAD Remote Inclusion Attempt -- dp_logs.php 
HomeDir (bleeding-web.rules)
 2003680 - BLEEDING-EDGE WEB DynamicPAD Remote Inclusion Attempt -- index.php 
HomeDir (bleeding-web.rules)
 2003681 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
users_headerfile.php System (bleeding-web.rules)
 2003682 - BLEEDING-EDGE WEB E-Gads Remote Inclusion Attempt -- common.php 
locale (bleeding-web.rules)
 2003683 - BLEEDING-EDGE WEB PHP Turbulence Remote Inclusion Attempt -- 
turbulence.php GLOBALS[tcore] (bleeding-web.rules)
 2003684 - BLEEDING-EDGE WEB MXBB Remote Inclusion Attempt -- faq.php 
module_root_path (bleeding-web.rules)
 2003685 - BLEEDING-EDGE WEB Wordpress Remote Inclusion Attempt -- 
wptable-button.php wpPATH (bleeding-web.rules)
 2003686 - BLEEDING-EDGE WEB Wordpress Remote Inclusion Attempt -- 
wordtube-button.php wpPATH (bleeding-web.rules)
 2003687 - BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- 
payflow_pro.php abs_path (bleeding-web.rules)
 2003688 - BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- 
global.php abs_path (bleeding-web.rules)
 2003689 - BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- 
libsecure.php abs_path (bleeding-web.rules)
 2003690 - BLEEDING-EDGE WEB Firefly Remote Inclusion Attempt -- config.php 
DOCUMENT_ROOT (bleeding-web.rules)
 2003691 - BLEEDING-EDGE WEB Pixaria Gallery Remote Inclusion Attempt -- 
psg.smarty.lib.php cfg[sys][base_path] (bleeding-web.rules)
 2003692 - BLEEDING-EDGE WEB VM Watermark Remote Inclusion Attempt -- 
watermark.php GALLERY_BASEDIR (bleeding-web.rules)
 2003693 - BLEEDING-EDGE WEB PHPtree Remote Inclusion Attempt -- cms2.php s_dir 
(bleeding-web.rules)
 2003696 - BLEEDING-EDGE WEB Wikivi5 Remote Inclusion Attempt -- show.php 
sous_rep (bleeding-web.rules)
 2003698 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion index.php abs_path 
(bleeding-web.rules)
 2003699 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion checkout.php abs_path 
(bleeding-web.rules)
 2003700 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion libsecure.php abs_path 
(bleeding-web.rules)
 2003701 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion index.php repinc 
(bleeding-web.rules)
 2003702 - BLEEDING-EDGE WEB Pixaria Gallery Remote Inclusion class.Smarty.php 
cfg[sys][base_path] (bleeding-web.rules)
 2003703 - BLEEDING-EDGE WEB phpMyPortal Remote Inclusion Attempt -- 
articles.inc.php GLOBALS[CHEMINMODULES] (bleeding-web.rules)
 2003716 - BLEEDING-EDGE WEB LaVague Remote Inclusion Attempt -- printbar.php 
views_path (bleeding-web.rules)
 2003717 - BLEEDING-EDGE WEB miplex2 Remote Inclusion SmartyFU.class.php system 
(bleeding-web.rules)
 2003718 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom.php ETCDIR 
(bleeding-web.rules)
 2003719 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom_update.php 
ETCDIR (bleeding-web.rules)
 2003720 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- check-lom.php 
ETCDIR (bleeding-web.rules)
 2003721 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- 
weigh_keywords.php ETCDIR (bleeding-web.rules)
 2003722 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- logout.php 
ETCDIR (bleeding-web.rules)
 2003723 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- help.php ETCDIR 
(bleeding-web.rules)
 2003724 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- index.php 
ETCDIR (bleeding-web.rules)
 2003725 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- login.php 
ETCDIR (bleeding-web.rules)
 2003726 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- mtdialogo.php 
pathCGX (bleeding-web.rules)
 2003727 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- ltdialogo.php 
pathCGX (bleeding-web.rules)
 2003728 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- logingecon.php 
pathCGX (bleeding-web.rules)
 2003729 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- login.php pathCGX 
(bleeding-web.rules)
 2003730 - BLEEDING-EDGE WEB PHPHtmlLib Remote Inclusion Attempt -- widget8.php 
phphtmllib (bleeding-web.rules)
 2003731 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- ftp.php 
path_local (bleeding-web.rules)
 2003732 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- db.php 
path_local (bleeding-web.rules)
 2003733 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- 
libs_ftp.php path_local (bleeding-web.rules)
 2003735 - BLEEDING-EDGE WEB PHPSecurityAdmin Remote Inclusion Attempt -- 
logout.php PSA_PATH (bleeding-web.rules)
 2003737 - BLEEDING-EDGE WEB CJG Explorer Remote Inclusion Attempt -- 
pcltrace.lib.php g_pcltar_lib_dir (bleeding-web.rules)
 2003739 - BLEEDING-EDGE WEB Yaap Remote Inclusion Attempt -- common.php 
root_path (bleeding-web.rules)
 2003740 - BLEEDING-EDGE WEB PHPFirstPost Remote Inclusion Attempt block.php 
Include (bleeding-web.rules)
 2003741 - BLEEDING-EDGE WEB Open Translation Engine Remote Inclusion Attempt 
-- header.php ote_home (bleeding-web.rules)
 2003742 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- language.php 
config (bleeding-web.rules)
 2003743 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- 
layout_admin_cfg.php Root_Path (bleeding-web.rules)
 2003744 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- 
layout_cfg.php Root_Path (bleeding-web.rules)
 2003745 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- 
layout_t_top.php Root_Path (bleeding-web.rules)
 2003746 - BLEEDING-EDGE WEB Simple PHP Script Gallery Remote Inclusion 
index.php gallery (bleeding-web.rules)
 2003747 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom.php ETCDIR 
(bleeding-web.rules)
 2003794 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid SELECT (bleeding-web.rules)
 2003795 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid UNION SELECT (bleeding-web.rules)
 2003796 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid INSERT (bleeding-web.rules)
 2003797 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid ASCII (bleeding-web.rules)
 2003798 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid UPDATE (bleeding-web.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source 
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING 
(bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  
(bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  
(bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  
(bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  
(bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  
(bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  
(bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  
(bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)


[---]         Removed rules:         [---]

       0 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php 
tt_docroot (bleeding-web.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 188

     -> Added to bleeding-drop.rules (1):
        #  VERSION 188

     -> Added to bleeding-policy.rules (1):
        #Seeing some bots use 587 as an outbound mail stream. Use this if you 
do NOT use 587 locally

     -> Added to bleeding-sid-msg.map (5):
        2003796 || BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid INSERT || url,www.securityfocus.com/bid/23753 || 
cve,CVE-2007-2473
        2003864 || BLEEDING-EDGE POLICY Outbound SMTP on port 587
        2003865 || BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid DELETE || url,www.securityfocus.com/bid/23753 || 
cve,CVE-2007-2473
        2003866 || BLEEDING-EDGE WEB Glossaire SQL Injection Attempt -- 
glossaire-p-f.php sid SELECT || url,www.milw0rm.com/exploits/3932 || 
cve,CVE-2007-2738
        2003867 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php 
tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 187

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 187

     -> Removed from bleeding-sid-msg.map (2):
        0000000 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php 
tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003796 || BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid DELETE || url,www.securityfocus.com/bid/23753 || 
cve,CVE-2007-2473


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Next by Date:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Previous by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Next by Thread:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Indexes:  [Date] [Thread] [Top] [All Lists]