Last 50 Rule Changes

Results from Main web retrieved at 02:26 (GMT)

#alert http $HOME NET any $EXTERNAL NET any (msg:`ET EXPLOIT Potential Internet Explorer Use After Free CVE 2013 3163 Exploit URI Struct 1`; flow:established,to ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Internet Explorer execCommand function Use after free Vulnerability 0day`; flow:established,to client ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Possible Internet Explorer Use After Free Inbound (CVE 2013 1347)`; flow:established,to client; ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Internet Explorer execCommand function Use after free Vulnerability 0day Metasploit 2`; flow:established ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Internet Explorer execCommand function Use after free Vulnerability (CVE 2012 4969)`; flow:established ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Adobe Acrobat PDF Reader use after free JavaScript engine (CVE 2017 16393)`; flow:established,from ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Potential Internet Explorer Use After Free CVE 2013 3163 2`; flow:established,from server; file ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Potential Internet Explorer Use After Free (CVE 2013 3163)`; flow:established,from server; file ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT HiSilicon DVR Buffer Overflow in Builtin Web Server`; flow:established,to server; urilen: 200; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT IE Scripting Engine Memory Corruption Vulnerability M1 (CVE 2019 0752)`; flow:established,from server ...
alert udp $EXTERNAL NET any $HOME NET 161 (msg:`ET EXPLOIT CISCO FIREWALL SNMP Buffer Overflow Extrabacon (CVE 2016 6366)`; content:` 06 01 04 01 09 09 83 6B ` ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT FortiOS SSL VPN Pre Auth Messages Payload Buffer Overflow (CVE 2018 13381)`; flow:established,to server ...
alert ftp $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT FTPShell client Stack Buffer Overflow`; flow:established,from server; content:`220 20 22 `; isdataat ...
alert tcp $EXTERNAL NET any $HOME NET 8888 (msg:`ET EXPLOIT CloudMe Sync Buffer Overflow`; flow:established,to server; content:` fe e7 d1 61 a8 98 03 69 10 06 e7 ...
alert tcp any any $HOME NET 445 (msg:`ET DOS Microsoft Windows LSASS Remote Memory Corruption (CVE 2017 0004)`; flow:established,to server; content:` FF SMB 73 ...
alert tcp $HOME NET any $HOME NET 42 (msg:`ET EXPLOIT Possible WINS Server Remote Memory Corruption Vulnerability`; flow:to server,established; dsize:48; content ...
#alert tcp $EXTERNAL NET any $HOME NET 25,465,587 (msg:`ET EXPLOIT CVE 2015 0235 Exim Buffer Overflow Attempt (EHLO)`; flow:to server,established; content:`EHLO ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET WEB CLIENT Microsoft Application Crash Report Indicates Potential VGX Memory Corruption`; flow:established,to ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Internet Explorer Memory Corruption Vulnerability (CVE 2016 0063)`; flow:established,to client; file ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Possible CVE 2016 2209 Symantec PowerPoint Parsing Buffer Overflow M1`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Possible CVE 2016 2211 Symantec Cab Parsing Buffer Overflow`; flow:established,from server; file data ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Possible Internet Explorer Memory Corruption Vulnerability (CVE 2015 2444)`; flow:from server,established ...
alert tcp any any any 6129 (msg:`ET EXPLOIT Dameware DMRC Buffer Overflow Attempt (CVE 2016 2345)`; flow:established,to server; content:` 44 9c 00 00 `; depth:4 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Microsoft Office RTF Stack Buffer Overflow`; flow:from server,established; file data; content:` 7b ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Belkin N750 Buffer Overflow Attempt`; flow:established,to server; content:`POST`; http method; urilen ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT GENERIC Possible IE Memory Corruption CollectGarbage with DOM Reset`; flow:established,to client ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Internet Explorer Memory Corruption Vulnerability (CVE 2015 2444)`; flow:from server,established ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET WEB CLIENT Microsoft Application Crash Report Indicates Potential VGX Memory Corruption 2`; flow:established ...
alert http any any any 8081 (msg:`ET EXPLOIT Websense Content Gateway submit net debug.cgi cmd param Param Buffer Overflow Attempt`; flow:to server,established ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Possible CVE 2016 2209 Symantec PowerPoint Parsing Buffer Overflow M2`; flow:established,from server ...
#alert tcp $EXTERNAL NET any $HOME NET 25,465,587 (msg:`ET EXPLOIT CVE 2015 0235 Exim Buffer Overflow Attempt (HELO)`; flow:to server,established; content:`HELO ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Internet Explorer Memory Corruption Inbound (CVE 2013 3893)`; flow:established,to client; file data ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED CVE 2013 3893 Possible IE Memory Corruption Vulnerability with HXDS ASLR Bypass`; flow:established ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB SERVER Possible SUPERMICRO IPMI close window.cgi sess sid Parameter Buffer Overflow Attempt CVE 2013 3623 ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Microsoft IE Memory Corruption Inbound (CVE 2013 3893)`; flow:established,to client; file data; ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET ACTIVEX Possible Ecava IntegraXor save method Remote ActiveX Buffer Overflow`; flow:to client,established; file ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET DOS Miniupnpd SoapAction MethodName Buffer Overflow (CVE 2013 0230)`; flow:to server,established; content:`POST ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB SERVER Possible SUPERMICRO IPMI close window.cgi ACT Parameter Buffer Overflow Attempt CVE 2013 3623`; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Possible Microsoft Internet Explorer Use After Free (CVE 2013 3897)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB SERVER Possible SUPERMICRO IPMI login.cgi Name Parameter Buffer Overflow Attempt CVE 2013 3621`; flow:established ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Microsoft IE Memory Corruption Inbound (CVE 2013 3893)`; flow:established,to client; file data; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB SERVER Possible SUPERMICRO IPMI login.cgi PWD Parameter Buffer Overflow Attempt CVE 2013 3621`; flow:established ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT MS13 055 CAnchorElement Use After Free`; flow:established,from server; file data; content:`.outer ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED DRIVEBY Nuclear EK IE Exploit CVE 2013 2551 March 12 2014`; flow:from server,established; file data ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Microsoft Internet Explorer Use After Free (CVE 2013 3163)`; flow:established,from server; file ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Possible Word RTF Memory Corruption Payload Inbound (CVE 2014 1761)`; flow:from server,established ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET ACTIVEX Possible NVIDIA Install Application ActiveX Control AddPackages Unicode Buffer Overflow`; flow:to client ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET ACTIVEX Possible Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Attempt`; flow:to client ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Possible Internet Explorer Use After Free Inbound (CVE 2012 4792)`; flow:established,from server; file ...
#alert udp $EXTERNAL NET any $HOME NET 1900 (msg:`ET DOS LibuPnP ST UDN Buffer Overflow (CVE 2012 5963)`; content:` 0D 0A ST 3A `; nocase; pcre:`/^ ^\r\n uuid ...
Number of topics: 50
Topic revision: r7 - 2018-07-19 - PhilSchroeder
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats