Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] Bleeding Edge Threats Weekly Signature Changes

from [bleeding] Network Security [Permanent Link]
Subject: [Snort-sigs] Bleeding Edge Threats Weekly Signature Changes
Date: Fri, 25 May 2007 18:00:06 -0400 (EDT) 

[***] Results from Oinkmaster started Fri May 25 18:00:06 2007 [***]

[+++]          Added rules:          [+++]

 2003865 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid DELETE (bleeding-web.rules)
 2003866 - BLEEDING-EDGE WEB Glossaire SQL Injection Attempt -- 
glossaire-p-f.php sid SELECT (bleeding-web.rules)
 2003867 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php 
tt_docroot (bleeding-web.rules)
 2003868 - BLEEDING-EDGE VIRUS Zlob User Agent (Progressive Download) 
(bleeding-virus.rules)
 2003869 - BLEEDING-EDGE SCAN ProxyReconBot CONNECT method to Mail 
(bleeding-scan.rules)
 2003870 - BLEEDING-EDGE SCAN ProxyReconBot POST method to Mail 
(bleeding-scan.rules)
 2003871 - BLEEDING-EDGE WEB Ripe Website Manager XSS Attempt -- index.php 
ripeformpost (bleeding-web.rules)
 2003872 - BLEEDING-EDGE WEB Redoable XSS Attempt -- searchloop.php s 
(bleeding-web.rules)
 2003873 - BLEEDING-EDGE WEB Redoable XSS Attempt -- header.php s 
(bleeding-web.rules)
 2003874 - BLEEDING-EDGE WEB vDesk Webmail XSS Attempt -- printcal.pl 
(bleeding-web.rules)
 2003875 - BLEEDING-EDGE WEB fotolog XSS Attempt -- all_photos.html user 
(bleeding-web.rules)
 2003876 - BLEEDING-EDGE WEB EQdkp XSS Attempt -- listmembers.php show 
(bleeding-web.rules)
 2003877 - BLEEDING-EDGE WEB EQdkp XSS Attempt -- stats.php show 
(bleeding-web.rules)
 2003878 - BLEEDING-EDGE WEB Open Translation Engine (OTE) XSS Attempt -- 
header.php ote_home (bleeding-web.rules)
 2003879 - BLEEDING-EDGE WEB PHPChain XSS Attempt -- settings.php catid 
(bleeding-web.rules)
 2003880 - BLEEDING-EDGE WEB PHPChain XSS Attempt -- cat.php catid 
(bleeding-web.rules)
 2003881 - BLEEDING-EDGE WEB SonicBB XSS Attempt -- search.php part 
(bleeding-web.rules)
 2003882 - BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- 
configure_plugin.tpl.php edit_plugin (bleeding-web.rules)
 2003883 - BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- 
phpinfo.php 1 (bleeding-web.rules)
 2003884 - BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- 
phpinfo.php a (bleeding-web.rules)
 2003885 - BLEEDING-EDGE WEB WordPress XSS Attempt -- sidebar.php 
(bleeding-web.rules)
 2003886 - BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS Attempt -- 
cp_authorization.php (bleeding-web.rules)
 2003887 - BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS Attempt -- 
cp_config.php (bleeding-web.rules)
 2003888 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- 
browseCat.php catFile (bleeding-web.rules)
 2003889 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- 
browseSubCat.php catFile (bleeding-web.rules)
 2003890 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- 
openTutorial.php id (bleeding-web.rules)
 2003891 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- 
topFrame.php id (bleeding-web.rules)
 2003892 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- 
editListing.php id (bleeding-web.rules)
 2003893 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- 
search.php search (bleeding-web.rules)
 2003894 - BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- 
dev_logon.asp username (bleeding-web.rules)
 2003895 - BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- 
registerAccount.asp (bleeding-web.rules)
 2003896 - BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- 
create_account.asp (bleeding-web.rules)
 2003897 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- whstart.js 
(bleeding-web.rules)
 2003898 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- whcsh_home.htm 
(bleeding-web.rules)
 2003899 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- wf_startpage.js 
(bleeding-web.rules)
 2003900 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- wf_startqs.htm 
(bleeding-web.rules)
 2003901 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- WindowManager.dll 
(bleeding-web.rules)
 2003902 - BLEEDING-EDGE WEB Apache Tomcat XSS Attempt -- implicit-objects.jsp 
(bleeding-web.rules)
 2003903 - BLEEDING-EDGE WEB Microsoft SharePoint XSS Attempt -- default.aspx 
(bleeding-web.rules)
 2003904 - BLEEDING-EDGE WEB Microsoft SharePoint XSS Attempt -- index.php 
form[mail] (bleeding-web.rules)
 2003905 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mods] 
(bleeding-web.rules)
 2003906 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form 
(bleeding-web.rules)
 2003907 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- download.php id 
(bleeding-web.rules)
 2003908 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat] 
(bleeding-web.rules)
 2003909 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat] 
(bleeding-web.rules)
 2003910 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[name] 
(bleeding-web.rules)
 2003911 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[message] 
(bleeding-web.rules)
 2003912 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mail] 
(bleeding-web.rules)
 2003913 - BLEEDING-EDGE WEB Kayako eSupport XSS Attempt -- index.php _m 
(bleeding-web.rules)
 2003914 - BLEEDING-EDGE WEB Podium CMS XSS Attempt -- Default.aspx id 
(bleeding-web.rules)
 2003915 - BLEEDING-EDGE WEB Advanced Guestbook XSS Attempt -- picture.php 
picture (bleeding-web.rules)
 2003916 - BLEEDING-EDGE WEB WikkaWiki (Wikka Wiki) XSS Attempt -- 
usersettings.php name (bleeding-web.rules)
 2003917 - BLEEDING-EDGE WEB TurnkeyWebTools SunShop Shopping Cart XSS Attempt 
-- index.php l (bleeding-web.rules)
 2003918 - BLEEDING-EDGE WEB Minh Nguyen Duong Obie Website Mini Web Shop XSS 
Attempt -- sendmail.php (bleeding-web.rules)
 2003919 - BLEEDING-EDGE WEB Minh Nguyen Duong Obie Website Mini Web Shop XSS 
Attempt -- order_form.php (bleeding-web.rules)
 2003920 - BLEEDING-EDGE WEB DVDdb XSS Attempt -- loan.php movieid 
(bleeding-web.rules)
 2003921 - BLEEDING-EDGE WEB DVDdb XSS Attempt -- listmovies.php s 
(bleeding-web.rules)
 2003922 - BLEEDING-EDGE WEB Sendcard XSS Attempt -- sendcard.php form 
(bleeding-web.rules)
 2003924 - BLEEDING-EDGE WEB WebHack Control Center User-Agent Inbound (WHCC/) 
(bleeding-scan.rules)
 2003925 - BLEEDING-EDGE WEB WebHack Control Center User-Agent Outbound (WHCC/) 
(bleeding-scan.rules)
 2003926 - BLEEDING-EDGE MALWARE Personalweb Spyware User-Agent (PWMI/1.0) 
(bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2003380 - BLEEDING-EDGE TROJAN Suspicious User-Agent - Possible Trojan 
Downloader (ver18/ver19, etc) (bleeding-virus.rules)
 2003527 - BLEEDING-EDGE MALWARE WinSoftware.com Spyware User-Agent 
(WinSoftware) (bleeding-malware.rules)
 2003660 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt - 
Headerfile.php System (bleeding-web.rules)
 2003661 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
latest_files.php System (bleeding-web.rules)
 2003662 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
latest_posts.php System (bleeding-web.rules)
 2003663 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
groups_headerfile.php System (bleeding-web.rules)
 2003664 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
filters_headerfile.php System (bleeding-web.rules)
 2003665 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- links.php 
System (bleeding-web.rules)
 2003666 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
menu_headerfile.php System (bleeding-web.rules)
 2003667 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
latest_news.php System (bleeding-web.rules)
 2003668 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
settings_headerfile.php System (bleeding-web.rules)
 2003669 - BLEEDING-EDGE WEB TopTree Remote Inclusion Attempt -- 
tpl_message.php right_file (bleeding-web.rules)
 2003670 - BLEEDING-EDGE WEB Workbench Survival Guide Remote Inclusion Attempt 
-- headerfile.php path (bleeding-web.rules)
 2003671 - BLEEDING-EDGE WEB Versado CMS Remote Inclusion Attempt -- 
ajax_listado.php urlModulo (bleeding-web.rules)
 2003672 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- 
mod_image_index.php config[pathMod] (bleeding-web.rules)
 2003673 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- 
mod_liens_index.php config[pathMod] (bleeding-web.rules)
 2003674 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- 
mod_liste_index.php config[pathMod] (bleeding-web.rules)
 2003675 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- 
mod_special_index.php config[pathMod] (bleeding-web.rules)
 2003676 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- 
mod_texte_index.php config[pathMod] (bleeding-web.rules)
 2003678 - BLEEDING-EDGE WEB Tropicalm Remote Inclusion Attempt -- dosearch.php 
RESPATH (bleeding-web.rules)
 2003679 - BLEEDING-EDGE WEB DynamicPAD Remote Inclusion Attempt -- dp_logs.php 
HomeDir (bleeding-web.rules)
 2003680 - BLEEDING-EDGE WEB DynamicPAD Remote Inclusion Attempt -- index.php 
HomeDir (bleeding-web.rules)
 2003681 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- 
users_headerfile.php System (bleeding-web.rules)
 2003682 - BLEEDING-EDGE WEB E-Gads Remote Inclusion Attempt -- common.php 
locale (bleeding-web.rules)
 2003683 - BLEEDING-EDGE WEB PHP Turbulence Remote Inclusion Attempt -- 
turbulence.php GLOBALS[tcore] (bleeding-web.rules)
 2003684 - BLEEDING-EDGE WEB MXBB Remote Inclusion Attempt -- faq.php 
module_root_path (bleeding-web.rules)
 2003685 - BLEEDING-EDGE WEB Wordpress Remote Inclusion Attempt -- 
wptable-button.php wpPATH (bleeding-web.rules)
 2003686 - BLEEDING-EDGE WEB Wordpress Remote Inclusion Attempt -- 
wordtube-button.php wpPATH (bleeding-web.rules)
 2003687 - BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- 
payflow_pro.php abs_path (bleeding-web.rules)
 2003688 - BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- 
global.php abs_path (bleeding-web.rules)
 2003689 - BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- 
libsecure.php abs_path (bleeding-web.rules)
 2003690 - BLEEDING-EDGE WEB Firefly Remote Inclusion Attempt -- config.php 
DOCUMENT_ROOT (bleeding-web.rules)
 2003691 - BLEEDING-EDGE WEB Pixaria Gallery Remote Inclusion Attempt -- 
psg.smarty.lib.php cfg[sys][base_path] (bleeding-web.rules)
 2003692 - BLEEDING-EDGE WEB VM Watermark Remote Inclusion Attempt -- 
watermark.php GALLERY_BASEDIR (bleeding-web.rules)
 2003693 - BLEEDING-EDGE WEB PHPtree Remote Inclusion Attempt -- cms2.php s_dir 
(bleeding-web.rules)
 2003696 - BLEEDING-EDGE WEB Wikivi5 Remote Inclusion Attempt -- show.php 
sous_rep (bleeding-web.rules)
 2003698 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion index.php abs_path 
(bleeding-web.rules)
 2003699 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion checkout.php abs_path 
(bleeding-web.rules)
 2003700 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion libsecure.php abs_path 
(bleeding-web.rules)
 2003701 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion index.php repinc 
(bleeding-web.rules)
 2003702 - BLEEDING-EDGE WEB Pixaria Gallery Remote Inclusion class.Smarty.php 
cfg[sys][base_path] (bleeding-web.rules)
 2003703 - BLEEDING-EDGE WEB phpMyPortal Remote Inclusion Attempt -- 
articles.inc.php GLOBALS[CHEMINMODULES] (bleeding-web.rules)
 2003716 - BLEEDING-EDGE WEB LaVague Remote Inclusion Attempt -- printbar.php 
views_path (bleeding-web.rules)
 2003717 - BLEEDING-EDGE WEB miplex2 Remote Inclusion SmartyFU.class.php system 
(bleeding-web.rules)
 2003718 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom.php ETCDIR 
(bleeding-web.rules)
 2003719 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom_update.php 
ETCDIR (bleeding-web.rules)
 2003720 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- check-lom.php 
ETCDIR (bleeding-web.rules)
 2003721 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- 
weigh_keywords.php ETCDIR (bleeding-web.rules)
 2003722 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- logout.php 
ETCDIR (bleeding-web.rules)
 2003723 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- help.php ETCDIR 
(bleeding-web.rules)
 2003724 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- index.php 
ETCDIR (bleeding-web.rules)
 2003725 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- login.php 
ETCDIR (bleeding-web.rules)
 2003726 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- mtdialogo.php 
pathCGX (bleeding-web.rules)
 2003727 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- ltdialogo.php 
pathCGX (bleeding-web.rules)
 2003728 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- logingecon.php 
pathCGX (bleeding-web.rules)
 2003729 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- login.php pathCGX 
(bleeding-web.rules)
 2003730 - BLEEDING-EDGE WEB PHPHtmlLib Remote Inclusion Attempt -- widget8.php 
phphtmllib (bleeding-web.rules)
 2003731 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- ftp.php 
path_local (bleeding-web.rules)
 2003732 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- db.php 
path_local (bleeding-web.rules)
 2003733 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- 
libs_ftp.php path_local (bleeding-web.rules)
 2003735 - BLEEDING-EDGE WEB PHPSecurityAdmin Remote Inclusion Attempt -- 
logout.php PSA_PATH (bleeding-web.rules)
 2003737 - BLEEDING-EDGE WEB CJG Explorer Remote Inclusion Attempt -- 
pcltrace.lib.php g_pcltar_lib_dir (bleeding-web.rules)
 2003739 - BLEEDING-EDGE WEB Yaap Remote Inclusion Attempt -- common.php 
root_path (bleeding-web.rules)
 2003740 - BLEEDING-EDGE WEB PHPFirstPost Remote Inclusion Attempt block.php 
Include (bleeding-web.rules)
 2003741 - BLEEDING-EDGE WEB Open Translation Engine Remote Inclusion Attempt 
-- header.php ote_home (bleeding-web.rules)
 2003742 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- language.php 
config (bleeding-web.rules)
 2003743 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- 
layout_admin_cfg.php Root_Path (bleeding-web.rules)
 2003744 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- 
layout_cfg.php Root_Path (bleeding-web.rules)
 2003745 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- 
layout_t_top.php Root_Path (bleeding-web.rules)
 2003746 - BLEEDING-EDGE WEB Simple PHP Script Gallery Remote Inclusion 
index.php gallery (bleeding-web.rules)
 2003747 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom.php ETCDIR 
(bleeding-web.rules)
 2003794 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid SELECT (bleeding-web.rules)
 2003795 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid UNION SELECT (bleeding-web.rules)
 2003796 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid INSERT (bleeding-web.rules)
 2003797 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid ASCII (bleeding-web.rules)
 2003798 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid UPDATE (bleeding-web.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound 
(bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING 
SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source 
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING 
(bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  
(bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  
(bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  
(bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  
(bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  
(bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  
(bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  
(bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE 
(bleeding-botcc-BLOCK.rules)


[---]         Removed rules:         [---]

       0 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php 
tt_docroot (bleeding-web.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 194

     -> Added to bleeding-drop.rules (1):
        #  VERSION 194

     -> Added to bleeding-scan.rules (2):
        #by Dennis Distler
        #by Axn Jxn

     -> Added to bleeding-sid-msg.map (64):
        2003380 || BLEEDING-EDGE TROJAN Suspicious User-Agent - Possible Trojan 
Downloader (ver18/ver19, etc)
        2003527 || BLEEDING-EDGE MALWARE WinSoftware.com Spyware User-Agent 
(WinSoftware) || 
url,research.sunbelt-software.com/threatdisplay.aspx?name=WinSoftware%20Corporation%2c%20Inc.%20(v)&threatid=90037
        2003796 || BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid INSERT || url,www.securityfocus.com/bid/23753 || 
cve,CVE-2007-2473
        2003865 || BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid DELETE || url,www.securityfocus.com/bid/23753 || 
cve,CVE-2007-2473
        2003866 || BLEEDING-EDGE WEB Glossaire SQL Injection Attempt -- 
glossaire-p-f.php sid SELECT || url,www.milw0rm.com/exploits/3932 || 
cve,CVE-2007-2738
        2003867 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php 
tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003868 || BLEEDING-EDGE VIRUS Zlob User Agent (Progressive Download)
        2003869 || BLEEDING-EDGE SCAN ProxyReconBot CONNECT method to Mail
        2003870 || BLEEDING-EDGE SCAN ProxyReconBot POST method to Mail
        2003871 || BLEEDING-EDGE WEB Ripe Website Manager XSS Attempt -- 
index.php ripeformpost || url,www.securityfocus.com/bid/23597 || 
cve,CVE-2007-2206
        2003872 || BLEEDING-EDGE WEB Redoable XSS Attempt -- searchloop.php s 
|| url,www.securityfocus.com/archive/1/archive/1/468892/100/0/threaded || 
cve,CVE-2007-2757
        2003873 || BLEEDING-EDGE WEB Redoable XSS Attempt -- header.php s || 
url,www.securityfocus.com/archive/1/archive/1/468892/100/0/threaded || 
cve,CVE-2007-2757
        2003874 || BLEEDING-EDGE WEB vDesk Webmail XSS Attempt -- printcal.pl 
|| url,www.securityfocus.com/bid/24022 || cve,CVE-2007-2745
        2003875 || BLEEDING-EDGE WEB fotolog XSS Attempt -- all_photos.html 
user || url,www.securityfocus.com/archive/1/archive/1/468316/100/0/threaded || 
cve,CVE-2007-2724
        2003876 || BLEEDING-EDGE WEB EQdkp XSS Attempt -- listmembers.php show 
|| url,www.securityfocus.com/bid/23951 || cve,CVE-2007-2716
        2003877 || BLEEDING-EDGE WEB EQdkp XSS Attempt -- stats.php show || 
url,www.securityfocus.com/bid/23951 || cve,CVE-2007-2716
        2003878 || BLEEDING-EDGE WEB Open Translation Engine (OTE) XSS Attempt 
-- header.php ote_home || url,www.milw0rm.com/exploits/3838 || cve,CVE-2007-2676
        2003879 || BLEEDING-EDGE WEB PHPChain XSS Attempt -- settings.php catid 
|| url,www.securityfocus.com/bid/23761 || cve,CVE-2007-2670
        2003880 || BLEEDING-EDGE WEB PHPChain XSS Attempt -- cat.php catid || 
url,www.securityfocus.com/bid/23761 || cve,CVE-2007-2670
        2003881 || BLEEDING-EDGE WEB SonicBB XSS Attempt -- search.php part || 
url,www.netvigilance.com/advisory0020 || cve,CVE-2007-1903
        2003882 || BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS 
Attempt -- configure_plugin.tpl.php edit_plugin || 
url,www.securityfocus.com/bid/23917 || cve,CVE-2007-2632
        2003883 || BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS 
Attempt -- phpinfo.php 1 || url,www.securityfocus.com/bid/23917 || 
cve,CVE-2007-2632
        2003884 || BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS 
Attempt -- phpinfo.php a || url,www.securityfocus.com/bid/23917 || 
cve,CVE-2007-2632
        2003885 || BLEEDING-EDGE WEB WordPress XSS Attempt -- sidebar.php || 
url,www.securityfocus.com/archive/1/archive/1/467360/100/0/threaded || 
cve,CVE-2007-2627
        2003886 || BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS 
Attempt -- cp_authorization.php || 
url,www.frsirt.com/english/advisories/2007/1637 || cve,CVE-2007-2625
        2003887 || BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS 
Attempt -- cp_config.php || url,www.securityfocus.com/bid/23790 || 
cve,CVE-2007-2624
        2003888 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS 
Attempt -- browseCat.php catFile || url,www.milw0rm.com/exploits/3887 || 
cve,CVE-2007-2600
        2003889 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS 
Attempt -- browseSubCat.php catFile || url,www.milw0rm.com/exploits/3887 || 
cve,CVE-2007-2600
        2003890 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS 
Attempt -- openTutorial.php id || url,www.milw0rm.com/exploits/3887 || 
cve,CVE-2007-2600
        2003891 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS 
Attempt -- topFrame.php id || url,www.milw0rm.com/exploits/3887 || 
cve,CVE-2007-2600
        2003892 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS 
Attempt -- editListing.php id || url,www.milw0rm.com/exploits/3887 || 
cve,CVE-2007-2600
        2003893 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS 
Attempt -- search.php search || url,www.milw0rm.com/exploits/3887 || 
cve,CVE-2007-2600
        2003894 || BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt 
-- dev_logon.asp username || 
url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || 
cve,CVE-2007-2592
        2003895 || BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt 
-- registerAccount.asp || 
url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || 
cve,CVE-2007-2592
        2003896 || BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt 
-- create_account.asp || 
url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || 
cve,CVE-2007-2592
        2003897 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- whstart.js 
|| url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || 
cve,CVE-2007-1280
        2003898 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- 
whcsh_home.htm || 
url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || 
cve,CVE-2007-1280
        2003899 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- 
wf_startpage.js || 
url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || 
cve,CVE-2007-1280
        2003900 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- 
wf_startqs.htm || 
url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || 
cve,CVE-2007-1280
        2003901 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- 
WindowManager.dll || 
url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || 
cve,CVE-2007-1280
        2003902 || BLEEDING-EDGE WEB Apache Tomcat XSS Attempt -- 
implicit-objects.jsp || url,www.frsirt.com/english/advisories/2007/1729 || 
cve,CVE-2006-7195
        2003903 || BLEEDING-EDGE WEB Microsoft SharePoint XSS Attempt -- 
default.aspx || url,www.securityfocus.com/bid/23832 || cve,CVE-2007-2581
        2003904 || BLEEDING-EDGE WEB Microsoft SharePoint XSS Attempt -- 
index.php form[mail] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003905 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mods] 
|| url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003906 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form || 
url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003907 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- download.php id || 
url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003908 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat] || 
url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003909 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat] || 
url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003910 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[name] 
|| url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003911 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php 
form[message] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003912 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mail] 
|| url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003913 || BLEEDING-EDGE WEB Kayako eSupport XSS Attempt -- index.php 
_m || url,www.securityfocus.com/archive/1/archive/1/467832/100/0/threaded || 
cve,CVE-2007-2562
        2003914 || BLEEDING-EDGE WEB Podium CMS XSS Attempt -- Default.aspx id 
|| url,www.securityfocus.com/archive/1/archive/1/467823/100/0/threaded || 
cve,CVE-2007-2555
        2003915 || BLEEDING-EDGE WEB Advanced Guestbook XSS Attempt -- 
picture.php picture || url,www.securityfocus.com/bid/23873 || cve,CVE-2007-0605
        2003916 || BLEEDING-EDGE WEB WikkaWiki (Wikka Wiki) XSS Attempt -- 
usersettings.php name || url,www.securityfocus.com/bid/23894 || 
cve,CVE-2007-2551
        2003917 || BLEEDING-EDGE WEB TurnkeyWebTools SunShop Shopping Cart XSS 
Attempt -- index.php l || url,www.securityfocus.com/bid/23856 || 
cve,CVE-2007-2547
        2003918 || BLEEDING-EDGE WEB Minh Nguyen Duong Obie Website Mini Web 
Shop XSS Attempt -- sendmail.php || url,www.securityfocus.com/bid/23847 || 
cve,CVE-2007-2532
        2003919 || BLEEDING-EDGE WEB Minh Nguyen Duong Obie Website Mini Web 
Shop XSS Attempt -- order_form.php || url,www.securityfocus.com/bid/23847 || 
cve,CVE-2007-2532
        2003920 || BLEEDING-EDGE WEB DVDdb XSS Attempt -- loan.php movieid || 
url,www.securityfocus.com/bid/23764 || cve,CVE-2007-2499
        2003921 || BLEEDING-EDGE WEB DVDdb XSS Attempt -- listmovies.php s || 
url,www.securityfocus.com/bid/23764 || cve,CVE-2007-2499
        2003922 || BLEEDING-EDGE WEB Sendcard XSS Attempt -- sendcard.php form 
|| url,www.secunia.com/advisories/25085 || cve,CVE-2007-2472
        2003924 || BLEEDING-EDGE WEB WebHack Control Center User-Agent Inbound 
(WHCC/) || 
url,www.governmentsecurity.org/forum/index.php?showtopic=5112&pid=28561&mode=threaded&start=
        2003925 || BLEEDING-EDGE WEB WebHack Control Center User-Agent Outbound 
(WHCC/) || 
url,www.governmentsecurity.org/forum/index.php?showtopic=5112&pid=28561&mode=threaded&start=
        2003926 || BLEEDING-EDGE MALWARE Personalweb Spyware User-Agent 
(PWMI/1.0)

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 187

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 187

     -> Removed from bleeding-sid-msg.map (4):
        0000000 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php 
tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003380 || BLEEDING-EDGE TROJAN Suspicious User-Agent - Possible Trojan 
Downloader
        2003527 || BLEEDING-EDGE MALWARE WinSoftware.com Spyware User-Agent 
(WinSoftware) || 
url,research.sunbelt-software.com/threatdisplay.aspx?name=WinSoftware%20Corporation,%20Inc.%20(v)&threatid=90037
        2003796 || BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- 
stylesheet.php templateid DELETE || url,www.securityfocus.com/bid/23753 || 
cve,CVE-2007-2473


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-sigs] CN=Marty Bostick/OU=IS/O=PLC is out of the office., Marty . Bostick
Next by Date:  [Snort-sigs] Bleeding Edge Threats Daily Signature Changes, bleeding
Previous by Thread:  [Snort-sigs] Bleeding Edge Threats Weekly Signature Changes, bleeding
Next by Thread:  [Snort-sigs] SolarWinds Traceroute Triggers sid:10106, Bamm Visscher
Indexes:  [Date] [Thread] [Top] [All Lists]