[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Mon Apr 18 07:37:42 EDT 2005


[***] Results from Oinkmaster started Thu Apr 14 20:00:04 2005 [***]

[+++]          Added rules:          [+++]

 2001847 - BLEEDING-EDGE WORM pictures.php MSN Worm URL Attempt (bleeding-virus.rules)
 2001848 - BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack (bleeding-exploit.rules)
 2001849 - BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack (bleeding-exploit.rules)


[///]     Modified active rules:     [///]

 2000004 - BLEEDING-EDGE EXPLOIT Microsoft MHTML URL Redirection Attempt (bleeding-exploit.rules)
 2000005 - BLEEDING-EDGE EXPLOIT Cisco Telnet Buffer Overflow (bleeding-exploit.rules)
 2000006 - BLEEDING-EDGE DOS Cisco Router HTTP DoS (bleeding-dos.rules)
 2000007 - BLEEDING-EDGE EXPLOIT Catalyst SSH protocol mismatch (bleeding-exploit.rules)
 2000008 - BLEEDING-EDGE EXPLOIT Catalyst 3500 arbitrary command (bleeding-exploit.rules)
 2000009 - BLEEDING-EDGE EXPLOIT Cisco IOS HTTP DoS (bleeding-exploit.rules)
 2000010 - BLEEDING-EDGE DOS Cisco 514 UDP flood DoS (bleeding-dos.rules)
 2000012 - BLEEDING-EDGE EXPLOIT Cisco %u IDS evasion (bleeding-exploit.rules)
 2000013 - BLEEDING-EDGE EXPLOIT Cisco IOS HTTP server DoS (bleeding-exploit.rules)
 2000016 - BLEEDING-EDGE DOS SSL Bomb DoS Attempt (bleeding-dos.rules)
 2000017 - BLEEDING-EDGE EXPLOIT NII Microsoft ASN.1 Library Buffer Overflow Exploit (bleeding-exploit.rules)
 2000031 - BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target BSD) (bleeding-exploit.rules)
 2000032 - BLEEDING-EDGE EXPLOIT LSA exploit (bleeding-exploit.rules)
 2000033 - BLEEDING-EDGE EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) (bleeding-exploit.rules)
 2000046 - BLEEDING-EDGE EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) (bleeding-exploit.rules)
 2000048 - BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target Linux) (bleeding-exploit.rules)
 2000049 - BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target Solaris) (bleeding-exploit.rules)
 2000329 - BLEEDING-EDGE EXPLOIT mIRC <=6.12 DCC Buffer Overflow (bleeding-exploit.rules)
 2000342 - BLEEDING-EDGE EXPLOIT Squid NTLM Auth Overflow Exploit (bleeding-exploit.rules)
 2000345 - BLEEDING-EDGE ATTACK RESPONSE IRC - Nick change on non-std port (bleeding-attack_response.rules)
 2000346 - BLEEDING-EDGE ATTACK RESPONSE IRC - Name response on non-std port (bleeding-attack_response.rules)
 2000347 - BLEEDING-EDGE ATTACK RESPONSE IRC - Private message on non-std port (bleeding-attack_response.rules)
 2000348 - BLEEDING-EDGE ATTACK RESPONSE IRC - Channel JOIN on non-std port (bleeding-attack_response.rules)
 2000349 - BLEEDING-EDGE ATTACK RESPONSE IRC - DCC file transfer request on non-std port (bleeding-attack_response.rules)
 2000350 - BLEEDING-EDGE ATTACK RESPONSE IRC - DCC chat request on non-std port (bleeding-attack_response.rules)
 2000351 - BLEEDING-EDGE ATTACK RESPONSE IRC - channel join on non-std port (bleeding-attack_response.rules)
 2000352 - BLEEDING-EDGE ATTACK RESPONSE IRC - dns request on non-std port (bleeding-attack_response.rules)
 2000372 - BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection running SQL statements line comment (bleeding-exploit.rules)
 2000373 - BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection line comment (bleeding-exploit.rules)
 2000377 - BLEEDING-EDGE EXPLOIT MS-SQL heap overflow attempt (bleeding-exploit.rules)
 2000378 - BLEEDING-EDGE EXPLOIT MS-SQL DOS attempt (08) (bleeding-exploit.rules)
 2000379 - BLEEDING-EDGE EXPLOIT MS-SQL DOS attempt (08) 1 byte (bleeding-exploit.rules)
 2000380 - BLEEDING-EDGE EXPLOIT MS-SQL Spike buffer overflow (bleeding-exploit.rules)
 2000381 - BLEEDING-EDGE EXPLOIT MS-SQL DOS bouncing packets (bleeding-exploit.rules)
 2000488 - BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection closing string plus line comment (bleeding-exploit.rules)
 2000499 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM1 (bleeding-attack_response.rules)
 2000500 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM2 (bleeding-attack_response.rules)
 2000501 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM3 (bleeding-attack_response.rules)
 2000502 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM4 (bleeding-attack_response.rules)
 2000503 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT1 (bleeding-attack_response.rules)
 2000504 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT2 (bleeding-attack_response.rules)
 2000505 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT3 (bleeding-attack_response.rules)
 2000506 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT4 (bleeding-attack_response.rules)
 2000507 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access AUX (bleeding-attack_response.rules)
 2000508 - BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access NULL (bleeding-attack_response.rules)
 2000563 - BLEEDING-EDGE EXPLOIT Pwdump3e Password Hash Retrieval port 445 (bleeding-exploit.rules)
 2000564 - BLEEDING-EDGE EXPLOIT Pwdump3e pwservice.exe Access port 445 (bleeding-exploit.rules)
 2000565 - BLEEDING-EDGE EXPLOIT Pwdump3e Session Established Reg-Entry port 139 (bleeding-exploit.rules)
 2000566 - BLEEDING-EDGE EXPLOIT Pwdump3e Session Established Reg-Entry port 445 (bleeding-exploit.rules)
 2000567 - BLEEDING-EDGE EXPLOIT Pwdump3e pwservice.exe Access port 139 (bleeding-exploit.rules)
 2000568 - BLEEDING-EDGE EXPLOIT Pwdump3e Password Hash Retrieval port 139 (bleeding-exploit.rules)
 2001022 - BLEEDING-EDGE EXPLOIT Invalid non-fragmented packet with fragment offset>0 (bleeding-exploit.rules)
 2001023 - BLEEDING-EDGE EXPLOIT Invalid fragment - ACK reset (bleeding-exploit.rules)
 2001024 - BLEEDING-EDGE EXPLOIT Invalid fragment - illegal flags (bleeding-exploit.rules)
 2001048 - BLEEDING-EDGE EXPLOIT IE process injection iexplore.exe executable download (bleeding-exploit.rules)
 2001049 - BLEEDING-EDGE EXPLOIT Buffer Overflow Exploit in Adobe Acrobat Reader (bleeding-exploit.rules)
 2001058 - BLEEDING-EDGE EXPLOIT libpng tRNS overflow attempt (bleeding-exploit.rules)
 2001093 - BLEEDING-EDGE EXPLOIT IE Local zone Shell execution of arbitrary code (bleeding-exploit.rules)
 2001094 - BLEEDING-EDGE EXPLOIT Internet Explorer URL parsing vulnerability (bleeding-exploit.rules)
 2001095 - BLEEDING-EDGE EXPLOIT IFRAME ExecCommand vulnerability (bleeding-exploit.rules)
 2001097 - BLEEDING-EDGE EXPLOIT Internet Explorer Object Data Remote Execution Vulnerability (bleeding-exploit.rules)
 2001099 - BLEEDING-EDGE EXPLOIT Attempt to execute VBScript code (bleeding-exploit.rules)
 2001101 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute Javascript code (bleeding-exploit.rules)
 2001102 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute VBScript code (bleeding-exploit.rules)
 2001103 - BLEEDING-EDGE EXPLOIT Stealth attempt to access SHELL\: (bleeding-exploit.rules)
 2001105 - BLEEDING-EDGE EXPLOIT Javascript execution with expression eval (bleeding-exploit.rules)
 2001106 - BLEEDING-EDGE EXPLOIT Javascript execution with expression eval hex (bleeding-exploit.rules)
 2001181 - BLEEDING-EDGE EXPLOIT Internet Explorer Plugin.ocx Heap Overflow (bleeding-exploit.rules)
 2001182 - BLEEDING-EDGE EXPLOIT IE trojan Ants3set 1.exe - process injection (bleeding-exploit.rules)
 2001190 - BLEEDING-EDGE EXPLOIT libPNG - Possible NULL-pointer crash in png_handle_iCCP (bleeding-exploit.rules)
 2001191 - BLEEDING-EDGE EXPLOIT libPNG - Width exceeds limit (bleeding-exploit.rules)
 2001192 - BLEEDING-EDGE EXPLOIT libPNG - Height exceeds limit (bleeding-exploit.rules)
 2001195 - BLEEDING-EDGE EXPLOIT libPNG - Possible integer overflow in allocation in png_handle_sPLT (bleeding-exploit.rules)
 2001205 - BLEEDING-EDGE DOS Internet Explorer Memory Corruption Bug (bleeding-dos.rules)
 2001206 - BLEEDING-EDGE EXPLOIT Mozilla Firefox Certificate Spoofing (bleeding-exploit.rules)
 2001207 - BLEEDING-EDGE EXPLOIT Mozilla Cookie theft (bleeding-exploit.rules)
 2001209 - BLEEDING-EDGE EXPLOIT Mozilla FTP View Cross-Site Scripting Vulnerability (bleeding-exploit.rules)
 2001210 - BLEEDING-EDGE EXPLOIT FTP Serv-U Local Privilege Escalation Vulnerability (bleeding-exploit.rules)
 2001211 - BLEEDING-EDGE EXPLOIT FTP Serv-U directory traversal vulnerability (bleeding-exploit.rules)
 2001212 - BLEEDING-EDGE EXPLOIT FTP Serv-U directory traversal vulnerability (bleeding-exploit.rules)
 2001213 - BLEEDING-EDGE EXPLOIT FTP Serv-U LIST -l Parameter Buffer Overflow (bleeding-exploit.rules)
 2001215 - BLEEDING-EDGE EXPLOIT FTP Serv-U Server Long Filename Stack Overflow Vulnerability (bleeding-exploit.rules)
 2001217 - BLEEDING-EDGE EXPLOIT Adobe Acrobat Reader Malicious URL Null Byte (bleeding-exploit.rules)
 2001346 - BLEEDING-EDGE INAPROPRIATE Kiddy Porn preteen (bleeding-inappropriate.rules)
 2001347 - BLEEDING-EDGE INAPROPRIATE Kiddy Porn pre-teen (bleeding-inappropriate.rules)
 2001348 - BLEEDING-EDGE INAPROPRIATE Kiddy Porn early teen (bleeding-inappropriate.rules)
 2001349 - BLEEDING-EDGE INAPROPRIATE free XXX (bleeding-inappropriate.rules)
 2001350 - BLEEDING-EDGE INAPROPRIATE  hardcore anal (bleeding-inappropriate.rules)
 2001351 - BLEEDING-EDGE INAPROPRIATE  masturbation (bleeding-inappropriate.rules)
 2001352 - BLEEDING-EDGE INAPROPRIATE  ejaculation (bleeding-inappropriate.rules)
 2001353 - BLEEDING-EDGE INAPROPRIATE  BDSM (bleeding-inappropriate.rules)
 2001362 - BLEEDING-EDGE DOS MS04-030 Attempted DoS (bleeding-dos.rules)
 2001363 - BLEEDING-EDGE EXPLOIT Possible MS04-032 Windows Metafile (.emf) Heap Overflow Portbind Attempt (bleeding-exploit.rules)
 2001364 - BLEEDING-EDGE EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Connectback Attempt (bleeding-exploit.rules)
 2001366 - BLEEDING-EDGE DOS Possible Microsoft SQL Server Remote Denial Of Service Attempt (bleeding-dos.rules)
 2001369 - BLEEDING-EDGE EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Exploit (bleeding-exploit.rules)
 2001374 - BLEEDING-EDGE EXPLOIT MS04-032 Bad EMF file (bleeding-exploit.rules)
 2001385 - BLEEDING-EDGE EXPLOIT Possible ShixxNote buffer-overflow + remote shell attempt (bleeding-exploit.rules)
 2001392 - BLEEDING-EDGE INAPROPRIATE Sextracker Tracking Code Detected (bleeding-inappropriate.rules)
 2001393 - BLEEDING-EDGE INAPROPRIATE Sextracker Tracking Code Detected (bleeding-inappropriate.rules)
 2001401 - BLEEDING-EDGE EXPLOIT IE IFRAME Exploit (bleeding-exploit.rules)
 2001545 - BLEEDING-EDGE ATTACK RESPONSE Potential root shell connection detected! (bleeding-attack_response.rules)
 2001549 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (bleeding-exploit.rules)
 2001550 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (bleeding-exploit.rules)
 2001551 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (bleeding-exploit.rules)
 2001552 - BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit (bleeding-exploit.rules)
 2001608 - BLEEDING-EDGE INAPROPRIATE Likely Porn (bleeding-inappropriate.rules)
 2001616 - BLEEDING-EDGE ATTACK RESPONSE Zone-H.org defacement notification (bleeding-attack_response.rules)
 2001620 - BLEEDING-EDGE ATTACK RESPONSE Likely Botnet Activity (bleeding-attack_response.rules)
 2001622 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 1 (bleeding-exploit.rules)
 2001623 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 2 (bleeding-exploit.rules)
 2001624 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 3 (bleeding-exploit.rules)
 2001625 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 1 (bleeding-exploit.rules)
 2001626 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 2 (bleeding-exploit.rules)
 2001627 - BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 3 (bleeding-exploit.rules)
 2001628 - BLEEDING-EDGE ATTACK RESPONSE Outbound PHP Connection (bleeding-attack_response.rules)
 2001633 - BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise (bleeding-exploit.rules)
 2001634 - BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise (bleeding-exploit.rules)
 2001667 - BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in (bleeding-exploit.rules)
 2001668 - BLEEDING-EDGE EXPLOIT Exploit MS05-002 Malformed .ANI stack overflow attack (bleeding-exploit.rules)
 2001671 - BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in (to blahot.com) (bleeding-exploit.rules)
 2001718 - BLEEDING-EDGE EXPLOIT CAN-2004-1244 PNG with bad width (bleeding-exploit.rules)
 2001719 - BLEEDING-EDGE EXPLOIT CAN-2004-1244 PNG with bad height (bleeding-exploit.rules)
 2001720 - BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with indexed color (bleeding-exploit.rules)
 2001721 - BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with too big PLTE (bleeding-exploit.rules)
 2001722 - BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with too big hIST (bleeding-exploit.rules)
 2001723 - BLEEDING-EDGE EXPLOIT ATmaCA PoC for CORE-2004-0819 -- bad PNG (bleeding-exploit.rules)
 2001724 - BLEEDING-EDGE EXPLOIT libpng CAN-2004-1244 overflow attempt (bleeding-exploit.rules)
 2001725 - BLEEDING-EDGE EXPLOIT MS05-014 HTML OBJECT tag local zone exploit (bleeding-exploit.rules)
 2001727 - BLEEDING-EDGE EXPLOIT MS05-005 Office XP Remote Code Attempt (bleeding-exploit.rules)
 2001742 - BLEEDING-EDGE EXPLOIT Arkeia full remote access without password or authentication (bleeding-exploit.rules)
 2001751 - BLEEDING-EDGE EXPLOIT Shoutcast file request overflow (bleeding-exploit.rules)
 2001807 - BLEEDING-EDGE EXPLOIT EXPLOIT CAN-2005-0399 Gif Vuln via http (bleeding-exploit.rules)
 2001813 - BLEEDING-EDGE EXPLOIT MSIE Hidden Address Bar (Phish) (bleeding-exploit.rules)
 2001846 - BLEEDING-EDGE EXPLOIT [ISC] ICMP blind TCP reset DoS guessing attempt (bleeding-exploit.rules)


[///]    Modified inactive rules:    [///]

 2001208 - BLEEDING-EDGE EXPLOIT Reading Local Files in Netscape 6 and Mozilla (bleeding-exploit.rules)
 2001717 - BLEEDING-EDGE ATTACK RESPONSE Successful user connection AFTER Brute Force Attack (bleeding-attack_response.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-attack_response.rules (1):
        # Still doesn't work, but we hope to figure out a way in the future...

     -> Added to bleeding-sid-msg.map (155):
        2000004 || BLEEDING-EDGE EXPLOIT Microsoft MHTML URL Redirection Attempt || url,www.microsoft.com/technet/security/bulletin/MS04-013.mspx || cve,CAN-2004-0380
        2000005 || BLEEDING-EDGE EXPLOIT Cisco Telnet Buffer Overflow || url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
        2000006 || BLEEDING-EDGE DOS Cisco Router HTTP DoS || url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
        2000007 || BLEEDING-EDGE EXPLOIT Catalyst SSH protocol mismatch || url,www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml
        2000008 || BLEEDING-EDGE EXPLOIT Catalyst 3500 arbitrary command || url,www.securityfocus.com/archive/1/141471
        2000009 || BLEEDING-EDGE EXPLOIT Cisco IOS HTTP DoS || url,www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
        2000010 || BLEEDING-EDGE DOS Cisco 514 UDP flood DoS || url,www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml
        2000012 || BLEEDING-EDGE EXPLOIT Cisco %u IDS evasion
        2000013 || BLEEDING-EDGE EXPLOIT Cisco IOS HTTP server DoS
        2000016 || BLEEDING-EDGE DOS SSL Bomb DoS Attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2004-0120
        2000017 || BLEEDING-EDGE EXPLOIT NII Microsoft ASN.1 Library Buffer Overflow Exploit || url,www.microsoft.com/technet/security/bulletin/ms04-007.asp
        2000031 || BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target BSD)
        2000032 || BLEEDING-EDGE EXPLOIT LSA exploit
        2000033 || BLEEDING-EDGE EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP)
        2000046 || BLEEDING-EDGE EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k)
        2000048 || BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target Linux)
        2000049 || BLEEDING-EDGE EXPLOIT CVS server heap overflow attempt (target Solaris)
        2000329 || BLEEDING-EDGE EXPLOIT mIRC <=6.12 DCC Buffer Overflow || bugtraq,8880
        2000342 || BLEEDING-EDGE EXPLOIT Squid NTLM Auth Overflow Exploit || cve,CAN-2004-0541 || url,www.idefense.com/application/poi/display?id=107
        2000345 || BLEEDING-EDGE ATTACK RESPONSE IRC - Nick change on non-std port
        2000346 || BLEEDING-EDGE ATTACK RESPONSE IRC - Name response on non-std port
        2000347 || BLEEDING-EDGE ATTACK RESPONSE IRC - Private message on non-std port
        2000348 || BLEEDING-EDGE ATTACK RESPONSE IRC - Channel JOIN on non-std port
        2000349 || BLEEDING-EDGE ATTACK RESPONSE IRC - DCC file transfer request on non-std port
        2000350 || BLEEDING-EDGE ATTACK RESPONSE IRC - DCC chat request on non-std port
        2000351 || BLEEDING-EDGE ATTACK RESPONSE IRC - channel join on non-std port
        2000352 || BLEEDING-EDGE ATTACK RESPONSE IRC - dns request on non-std port
        2000372 || BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection running SQL statements line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000373 || BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000374 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection trying to guess the column name || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000375 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or wrong inputwith an OR || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000376 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection running SQL statements NO line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000377 || BLEEDING-EDGE EXPLOIT MS-SQL heap overflow attempt || url,www.nextgenss.com/papers/tp-SQL2000.pdf
        2000378 || BLEEDING-EDGE EXPLOIT MS-SQL DOS attempt (08) || url,www.nextgenss.com/papers/tp-SQL2000.pdf
        2000379 || BLEEDING-EDGE EXPLOIT MS-SQL DOS attempt (08) 1 byte || url,www.nextgenss.com/papers/tp-SQL2000.pdf
        2000380 || BLEEDING-EDGE EXPLOIT MS-SQL Spike buffer overflow || url,www.securityfocus.com/bid/5411/exploit
        2000381 || BLEEDING-EDGE EXPLOIT MS-SQL DOS bouncing packets || url,www.nextgenss.com/papers/tp-SQL2000.pdf
        2000488 || BLEEDING-EDGE EXPLOIT MS-SQL SQL Injection closing string plus line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000490 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or wrong inputwith an OR 2 || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000491 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or wrong inputwith an OR 3 || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000492 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or wrong inputwith an OR 4 || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000493 || BLEEDING-EDGE CUSTOM MS-SQL SQL Injection allowing empty or wrong inputwith an OR 5 || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000499 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM1
        2000500 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM2
        2000501 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM3
        2000502 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access COM4
        2000503 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT1
        2000504 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT2
        2000505 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT3
        2000506 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access LPT4
        2000507 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access AUX
        2000508 || BLEEDING-EDGE ATTACK RESPONSE FTP inaccessible directory access NULL
        2000535 || BLEEDING-EDGE CUSTOM SCAN NMAP -sT or TCP incoming connection || arachnids,162
        2000539 || BLEEDING-EDGE CUSTOM SCAN NMAP -sA || arachnids,162
        2000541 || BLEEDING-EDGE CUSTOM SCAN NMAP -sA || arachnids,162
        2000542 || BLEEDING-EDGE CUSTOM SCAN NMAP -sU || arachnids,162
        2000563 || BLEEDING-EDGE EXPLOIT Pwdump3e Password Hash Retrieval port 445
        2000564 || BLEEDING-EDGE EXPLOIT Pwdump3e pwservice.exe Access port 445
        2000565 || BLEEDING-EDGE EXPLOIT Pwdump3e Session Established Reg-Entry port 139
        2000566 || BLEEDING-EDGE EXPLOIT Pwdump3e Session Established Reg-Entry port 445
        2000567 || BLEEDING-EDGE EXPLOIT Pwdump3e pwservice.exe Access port 139
        2000568 || BLEEDING-EDGE EXPLOIT Pwdump3e Password Hash Retrieval port 139
        2001022 || BLEEDING-EDGE EXPLOIT Invalid non-fragmented packet with fragment offset>0
        2001023 || BLEEDING-EDGE EXPLOIT Invalid fragment - ACK reset
        2001024 || BLEEDING-EDGE EXPLOIT Invalid fragment - illegal flags
        2001048 || BLEEDING-EDGE EXPLOIT IE process injection iexplore.exe executable download
        2001049 || BLEEDING-EDGE EXPLOIT Buffer Overflow Exploit in Adobe Acrobat Reader || url,www.securiteam.com/securitynews/5WP080AAKK.html
        2001058 || BLEEDING-EDGE EXPLOIT libpng tRNS overflow attempt || cve,CAN-2004-0597
        2001093 || BLEEDING-EDGE EXPLOIT IE Local zone Shell execution of arbitrary code || url,www.securityfocus.com/archive/1/348688/2003-12-31/2004-01-06/0
        2001094 || BLEEDING-EDGE EXPLOIT Internet Explorer URL parsing vulnerability || url,www.securityfocus.com/archive/1/346948
        2001095 || BLEEDING-EDGE EXPLOIT IFRAME ExecCommand vulnerability || url,www.securiteam.com/exploits/3D5Q4RFPPK.html
        2001097 || BLEEDING-EDGE EXPLOIT Internet Explorer Object Data Remote Execution Vulnerability || url,www.securityfocus.com/bid/8456/solution/
        2001098 || BLEEDING-EDGE CUSTOM Attempt to execute Javascript code
        2001099 || BLEEDING-EDGE EXPLOIT Attempt to execute VBScript code
        2001100 || BLEEDING-EDGE CUSTOM Attempt to access SHELL\:
        2001101 || BLEEDING-EDGE EXPLOIT Stealth attempt to execute Javascript code
        2001102 || BLEEDING-EDGE EXPLOIT Stealth attempt to execute VBScript code
        2001103 || BLEEDING-EDGE EXPLOIT Stealth attempt to access SHELL\:
        2001104 || BLEEDING-EDGE CUSTOM Stealth attempt to access FILE\:
        2001105 || BLEEDING-EDGE EXPLOIT Javascript execution with expression eval || url,www.securiteam.com/exploits/3D5Q4RFPPK.html
        2001106 || BLEEDING-EDGE EXPLOIT Javascript execution with expression eval hex || url,www.securiteam.com/exploits/3D5Q4RFPPK.html
        2001175 || BLEEDING-EDGE CUSTOM Internet Explorer Bitmap Integer Overflow || url,www.securitytracker.com/alerts/2004/Feb/1009067.html
        2001180 || BLEEDING-EDGE CUSTOM Internet Explorer Object Type Property Overflow || url,www.hnc3k.com/ievulnerabil.htm
        2001181 || BLEEDING-EDGE EXPLOIT Internet Explorer Plugin.ocx Heap Overflow || url,www.hnc3k.com/ievulnerabil.htm
        2001182 || BLEEDING-EDGE EXPLOIT IE trojan Ants3set 1.exe - process injection
        2001190 || BLEEDING-EDGE EXPLOIT libPNG - Possible NULL-pointer crash in png_handle_iCCP || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
        2001191 || BLEEDING-EDGE EXPLOIT libPNG - Width exceeds limit || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
        2001192 || BLEEDING-EDGE EXPLOIT libPNG - Height exceeds limit || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
        2001195 || BLEEDING-EDGE EXPLOIT libPNG - Possible integer overflow in allocation in png_handle_sPLT || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
        2001205 || BLEEDING-EDGE DOS Internet Explorer Memory Corruption Bug || url,www.securiteam.com/windowsntfocus/5XP051FDFM.html
        2001206 || BLEEDING-EDGE EXPLOIT Mozilla Firefox Certificate Spoofing || url,www.securiteam.com/securitynews/5EP0L1PDFG.html
        2001207 || BLEEDING-EDGE EXPLOIT Mozilla Cookie theft || url,www.securiteam.com/securitynews/5GP0T0U60M.html
        2001208 || BLEEDING-EDGE EXPLOIT Reading Local Files in Netscape 6 and Mozilla || url,www.securiteam.com/securitynews/5JP000A76K.html
        2001209 || BLEEDING-EDGE EXPLOIT Mozilla FTP View Cross-Site Scripting Vulnerability || url,www.securiteam.com/windowsntfocus/5MP0I0080A.html
        2001210 || BLEEDING-EDGE EXPLOIT FTP Serv-U Local Privilege Escalation Vulnerability || url,www.securiteam.com/windowsntfocus/5YP0F1FDPO.html
        2001211 || BLEEDING-EDGE EXPLOIT FTP Serv-U directory traversal vulnerability || url,www.securiteam.com/windowsntfocus/6C0041F0KO.html
        2001212 || BLEEDING-EDGE EXPLOIT FTP Serv-U directory traversal vulnerability || url,www.securiteam.com/windowsntfocus/6C0041F0KO.html
        2001213 || BLEEDING-EDGE EXPLOIT FTP Serv-U LIST -l Parameter Buffer Overflow || url,www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html
        2001215 || BLEEDING-EDGE EXPLOIT FTP Serv-U Server Long Filename Stack Overflow Vulnerability || url,www.securiteam.com/windowsntfocus/5OP0N1PBPG.html
        2001217 || BLEEDING-EDGE EXPLOIT Adobe Acrobat Reader Malicious URL Null Byte || cve,2004-0629 || url,www.securiteam.com/windowsntfocus/5BP0D20DPW.html || url,idefense.com/application/poi/display?id=126&type=vulnerabilities
        2001346 || BLEEDING-EDGE INAPROPRIATE Kiddy Porn preteen
        2001347 || BLEEDING-EDGE INAPROPRIATE Kiddy Porn pre-teen
        2001348 || BLEEDING-EDGE INAPROPRIATE Kiddy Porn early teen
        2001349 || BLEEDING-EDGE INAPROPRIATE free XXX
        2001350 || BLEEDING-EDGE INAPROPRIATE  hardcore anal
        2001351 || BLEEDING-EDGE INAPROPRIATE  masturbation
        2001352 || BLEEDING-EDGE INAPROPRIATE  ejaculation
        2001353 || BLEEDING-EDGE INAPROPRIATE  BDSM
        2001362 || BLEEDING-EDGE DOS MS04-030 Attempted DoS || url,isc.sans.org/diary.php?date=2004-10-20
        2001363 || BLEEDING-EDGE EXPLOIT Possible MS04-032 Windows Metafile (.emf) Heap Overflow Portbind Attempt || url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx
        2001364 || BLEEDING-EDGE EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Connectback Attempt || url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx
        2001366 || BLEEDING-EDGE DOS Possible Microsoft SQL Server Remote Denial Of Service Attempt || bugtraq,11265
        2001369 || BLEEDING-EDGE EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Exploit || url,www.k-otik.com/exploits/20041020.HOD-ms04032-emf-expl2.c.php
        2001374 || BLEEDING-EDGE EXPLOIT MS04-032 Bad EMF file
        2001385 || BLEEDING-EDGE EXPLOIT Possible ShixxNote buffer-overflow + remote shell attempt || url,aluigi.altervista.org/adv/shixxbof-adv.txt
        2001392 || BLEEDING-EDGE INAPROPRIATE Sextracker Tracking Code Detected
        2001393 || BLEEDING-EDGE INAPROPRIATE Sextracker Tracking Code Detected
        2001545 || BLEEDING-EDGE ATTACK RESPONSE Potential root shell connection detected!
        2001549 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001550 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001551 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001552 || BLEEDING-EDGE EXPLOIT Possible Sun Java Plugin arbitrary package access exploit || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001608 || BLEEDING-EDGE INAPROPRIATE Likely Porn
        2001616 || BLEEDING-EDGE ATTACK RESPONSE Zone-H.org defacement notification
        2001620 || BLEEDING-EDGE ATTACK RESPONSE Likely Botnet Activity
        2001622 || BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 1
        2001623 || BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 2
        2001624 || BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack, phase 3
        2001625 || BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 1
        2001626 || BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 2
        2001627 || BLEEDING-EDGE EXPLOIT winhlp32 ActiveX control attack via EMAIL, phase 3
        2001628 || BLEEDING-EDGE ATTACK RESPONSE Outbound PHP Connection
        2001633 || BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise || url,freehost07.websamba.com/greyhats/sp2rc-analysis.htm
        2001634 || BLEEDING-EDGE EXPLOIT Probable MSIE XPSP2 Remote Compromise || url,freehost07.websamba.com/greyhats/sp2rc-analysis.htm
        2001667 || BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in
        2001668 || BLEEDING-EDGE EXPLOIT Exploit MS05-002 Malformed .ANI stack overflow attack
        2001671 || BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in (to blahot.com)
        2001717 || BLEEDING-EDGE ATTACK RESPONSE Successful user connection AFTER Brute Force Attack
        2001718 || BLEEDING-EDGE EXPLOIT CAN-2004-1244 PNG with bad width
        2001719 || BLEEDING-EDGE EXPLOIT CAN-2004-1244 PNG with bad height
        2001720 || BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with indexed color
        2001721 || BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with too big PLTE
        2001722 || BLEEDING-EDGE EXPLOIT CAN-2004-0597 PNG with too big hIST
        2001723 || BLEEDING-EDGE EXPLOIT ATmaCA PoC for CORE-2004-0819 -- bad PNG
        2001724 || BLEEDING-EDGE EXPLOIT libpng CAN-2004-1244 overflow attempt || bugtraq,10872 || cve,2004-0597
        2001725 || BLEEDING-EDGE EXPLOIT MS05-014 HTML OBJECT tag local zone exploit
        2001727 || BLEEDING-EDGE EXPLOIT MS05-005 Office XP Remote Code Attempt
        2001742 || BLEEDING-EDGE EXPLOIT Arkeia full remote access without password or authentication || url,metasploit.com/research/arkeia_agent
        2001751 || BLEEDING-EDGE EXPLOIT Shoutcast file request overflow
        2001807 || BLEEDING-EDGE EXPLOIT EXPLOIT CAN-2005-0399 Gif Vuln via http
        2001813 || BLEEDING-EDGE EXPLOIT MSIE Hidden Address Bar (Phish) || url,securityresponse.symantec.com/avcenter/venc/data/js.trojan.blinder.html || url,www.guninski.com/popspoof.html
        2001846 || BLEEDING-EDGE EXPLOIT [ISC] ICMP blind TCP reset DoS guessing attempt || cve,can-2004-0790
        2001847 || BLEEDING-EDGE WORM pictures.php MSN Worm URL Attempt || url,isc.sans.org/diary.php?date=2005-04-13
        2001848 || BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack
        2001849 || BLEEDING-EDGE EXPLOIT MS05-021 Exchange Link State - Possible Attack

     -> Added to bleeding-virus.rules (1):
        #Jason Alexander

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (152):
        2000004 || BLEEDING-EDGE Microsoft MHTML URL Redirection Attempt || url,www.microsoft.com/technet/security/bulletin/MS04-013.mspx || cve,CAN-2004-0380
        2000005 || BLEEDING-EDGE Cisco Telnet Buffer Overflow || url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
        2000006 || BLEEDING-EDGE Cisco Router HTTP DoS || url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
        2000007 || BLEEDING-EDGE Catalyst SSH protocol mismatch || url,www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml
        2000008 || BLEEDING-EDGE Catalyst 3500 arbitrary command || url,www.securityfocus.com/archive/1/141471
        2000009 || BLEEDING-EDGE Cisco IOS HTTP DoS || url,www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
        2000010 || BLEEDING-EDGE Cisco 514 UDP flood DoS || url,www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml
        2000012 || BLEEDING-EDGE Cisco %u IDS evasion
        2000013 || BLEEDING-EDGE Cisco IOS HTTP server DoS
        2000016 || BLEEDING-EDGE SSL Bomb DoS Attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || cve,CAN-2004-0120
        2000017 || BLEEDING-EDGE NII Microsoft ASN.1 Library Buffer Overflow Exploit || url,www.microsoft.com/technet/security/bulletin/ms04-007.asp
        2000031 || BLEEDING-EDGE CVS server heap overflow attempt (target BSD)
        2000032 || BLEEDING-EDGE LSA exploit
        2000033 || BLEEDING-EDGE MS04011 Lsasrv.dll RPC exploit (WinXP)
        2000046 || BLEEDING-EDGE MS04011 Lsasrv.dll RPC exploit (Win2k)
        2000048 || BLEEDING-EDGE CVS server heap overflow attempt (target Linux)
        2000049 || BLEEDING-EDGE CVS server heap overflow attempt (target Solaris)
        2000329 || BLEEDING-EDGE mIRC <=6.12 DCC Buffer Overflow || bugtraq,8880
        2000342 || BLEEDING-EDGE Squid NTLM Auth Overflow Exploit || cve,CAN-2004-0541 || url,www.idefense.com/application/poi/display?id=107
        2000345 || BLEEDING-EDGE IRC - Nick change on non-std port
        2000346 || BLEEDING-EDGE IRC - Name response on non-std port
        2000347 || BLEEDING-EDGE IRC - Private message on non-std port
        2000348 || BLEEDING-EDGE IRC - Channel JOIN on non-std port
        2000349 || BLEEDING-EDGE IRC - DCC file transfer request on non-std port
        2000350 || BLEEDING-EDGE IRC - DCC chat request on non-std port
        2000351 || BLEEDING-EDGE IRC - channel join on non-std port
        2000352 || BLEEDING-EDGE IRC - dns request on non-std port
        2000372 || BLEEDING-EDGE MS-SQL SQL Injection running SQL statements line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000373 || BLEEDING-EDGE MS-SQL SQL Injection line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000374 || BLEEDING-EDGE MS-SQL SQL Injection trying to guess the column name || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000375 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000376 || BLEEDING-EDGE MS-SQL SQL Injection running SQL statements NO line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000377 || BLEEDING-EDGE MS-SQL heap overflow attempt || url,www.nextgenss.com/papers/tp-SQL2000.pdf
        2000378 || BLEEDING-EDGE MS-SQL DOS attempt (08) || url,www.nextgenss.com/papers/tp-SQL2000.pdf
        2000379 || BLEEDING-EDGE MS-SQL DOS attempt (08) 1 byte || url,www.nextgenss.com/papers/tp-SQL2000.pdf
        2000380 || BLEEDING-EDGE MS-SQL Spike buffer overflow || url,www.securityfocus.com/bid/5411/exploit
        2000381 || BLEEDING-EDGE MS-SQL DOS bouncing packets || url,www.nextgenss.com/papers/tp-SQL2000.pdf
        2000488 || BLEEDING-EDGE MS-SQL SQL Injection closing string plus line comment || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000490 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR 2 || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000491 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR 3 || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000492 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR 4 || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000493 || BLEEDING-EDGE MS-SQL SQL Injection allowing empty or wrong inputwith an OR 5 || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf
        2000499 || BLEEDING-EDGE FTP inaccessible directory access COM1
        2000500 || BLEEDING-EDGE FTP inaccessible directory access COM2
        2000501 || BLEEDING-EDGE FTP inaccessible directory access COM3
        2000502 || BLEEDING-EDGE FTP inaccessible directory access COM4
        2000503 || BLEEDING-EDGE FTP inaccessible directory access LPT1
        2000504 || BLEEDING-EDGE FTP inaccessible directory access LPT2
        2000505 || BLEEDING-EDGE FTP inaccessible directory access LPT3
        2000506 || BLEEDING-EDGE FTP inaccessible directory access LPT4
        2000507 || BLEEDING-EDGE FTP inaccessible directory access AUX
        2000508 || BLEEDING-EDGE FTP inaccessible directory access NULL
        2000535 || BLEEDING-EDGE SCAN NMAP -sT or TCP incoming connection || arachnids,162
        2000539 || BLEEDING-EDGE SCAN NMAP -sA || arachnids,162
        2000541 || BLEEDING-EDGE SCAN NMAP -sA || arachnids,162
        2000542 || BLEEDING-EDGE SCAN NMAP -sU || arachnids,162
        2000563 || BLEEDING-EDGE Pwdump3e Password Hash Retrieval port 445
        2000564 || BLEEDING-EDGE Pwdump3e pwservice.exe Access port 445
        2000565 || BLEEDING-EDGE Pwdump3e Session Established Reg-Entry port 139
        2000566 || BLEEDING-EDGE Pwdump3e Session Established Reg-Entry port 445
        2000567 || BLEEDING-EDGE Pwdump3e pwservice.exe Access port 139
        2000568 || BLEEDING-EDGE Pwdump3e Password Hash Retrieval port 139
        2001022 || BLEEDING-EDGE Invalid non-fragmented packet with fragment offset>0
        2001023 || BLEEDING-EDGE Invalid fragment - ACK reset
        2001024 || BLEEDING-EDGE Invalid fragment - illegal flags
        2001048 || BLEEDING-EDGE IE process injection iexplore.exe executable download
        2001049 || BLEEDING-EDGE Buffer Overflow Exploit in Adobe Acrobat Reader || url,www.securiteam.com/securitynews/5WP080AAKK.html
        2001058 || BLEEDING-EDGE libpng tRNS overflow attempt || cve,CAN-2004-0597
        2001093 || BLEEDING-EDGE IE Local zone Shell execution of arbitrary code || url,www.securityfocus.com/archive/1/348688/2003-12-31/2004-01-06/0
        2001094 || BLEEDING-EDGE Internet Explorer URL parsing vulnerability || url,www.securityfocus.com/archive/1/346948
        2001095 || BLEEDING-EDGE IFRAME ExecCommand vulnerability || url,www.securiteam.com/exploits/3D5Q4RFPPK.html
        2001097 || BLEEDING-EDGE Internet Explorer Object Data Remote Execution Vulnerability || url,www.securityfocus.com/bid/8456/solution/
        2001098 || BLEEDING-EDGE Attempt to execute Javascript code
        2001099 || BLEEDING-EDGE Attempt to execute VBScript code
        2001100 || BLEEDING-EDGE Attempt to access SHELL\:
        2001101 || BLEEDING-EDGE Stealth attempt to execute Javascript code
        2001102 || BLEEDING-EDGE Stealth attempt to execute VBScript code
        2001103 || BLEEDING-EDGE Stealth attempt to access SHELL\:
        2001104 || BLEEDING-EDGE Stealth attempt to access FILE\:
        2001105 || BLEEDING-EDGE Javascript execution with expression eval || url,www.securiteam.com/exploits/3D5Q4RFPPK.html
        2001106 || BLEEDING-EDGE Javascript execution with expression eval hex || url,www.securiteam.com/exploits/3D5Q4RFPPK.html
        2001175 || BLEEDING-EDGE Internet Explorer Bitmap Integer Overflow || url,www.securitytracker.com/alerts/2004/Feb/1009067.html
        2001180 || BLEEDING-EDGE Internet Explorer Object Type Property Overflow || url,www.hnc3k.com/ievulnerabil.htm
        2001181 || BLEEDING-EDGE Internet Explorer Plugin.ocx Heap Overflow || url,www.hnc3k.com/ievulnerabil.htm
        2001182 || BLEEDING-EDGE IE trojan Ants3set 1.exe - process injection
        2001190 || BLEEDING-EDGE libPNG - Possible NULL-pointer crash in png_handle_iCCP || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
        2001191 || BLEEDING-EDGE libPNG - Width exceeds limit || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
        2001192 || BLEEDING-EDGE libPNG - Height exceeds limit || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
        2001195 || BLEEDING-EDGE libPNG - Possible integer overflow in allocation in png_handle_sPLT || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html
        2001205 || BLEEDING-EDGE Internet Explorer Memory Corruption Bug || url,www.securiteam.com/windowsntfocus/5XP051FDFM.html
        2001206 || BLEEDING-EDGE Mozilla Firefox Certificate Spoofing || url,www.securiteam.com/securitynews/5EP0L1PDFG.html
        2001207 || BLEEDING-EDGE Mozilla Cookie theft || url,www.securiteam.com/securitynews/5GP0T0U60M.html
        2001208 || BLEEDING-EDGE Reading Local Files in Netscape 6 and Mozilla || url,www.securiteam.com/securitynews/5JP000A76K.html
        2001209 || BLEEDING-EDGE Mozilla FTP View Cross-Site Scripting Vulnerability || url,www.securiteam.com/windowsntfocus/5MP0I0080A.html
        2001210 || BLEEDING-EDGE FTP Serv-U Local Privilege Escalation Vulnerability || url,www.securiteam.com/windowsntfocus/5YP0F1FDPO.html
        2001211 || BLEEDING-EDGE FTP Serv-U directory traversal vulnerability || url,www.securiteam.com/windowsntfocus/6C0041F0KO.html
        2001212 || BLEEDING-EDGE FTP Serv-U directory traversal vulnerability || url,www.securiteam.com/windowsntfocus/6C0041F0KO.html
        2001213 || BLEEDING-EDGE FTP Serv-U LIST -l Parameter Buffer Overflow || url,www.securiteam.com/windowsntfocus/5ZP0G2KCKA.html
        2001215 || BLEEDING-EDGE FTP Serv-U Server Long Filename Stack Overflow Vulnerability || url,www.securiteam.com/windowsntfocus/5OP0N1PBPG.html
        2001217 || BLEEDING-EDGE Adobe Acrobat Reader Malicious URL Null Byte || cve,2004-0629 || url,www.securiteam.com/windowsntfocus/5BP0D20DPW.html || url,idefense.com/application/poi/display?id=126&type=vulnerabilities
        2001346 || BLEEDING-EDGE Kiddy Porn preteen
        2001347 || BLEEDING-EDGE Kiddy Porn pre-teen
        2001348 || BLEEDING-EDGE Kiddy Porn early teen
        2001349 || BLEEDING-EDGE PORN free XXX
        2001350 || BLEEDING-EDGE PORN hardcore anal
        2001351 || BLEEDING-EDGE PORN masturbation
        2001352 || BLEEDING-EDGE PORN ejaculation
        2001353 || BLEEDING-EDGE PORN BDSM
        2001362 || BLEEDING-EDGE MS04-030 Attempted DoS || url,isc.sans.org/diary.php?date=2004-10-20
        2001363 || BLEEDING-EDGE Possible MS04-032 Windows Metafile (.emf) Heap Overflow Portbind Attempt || url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx
        2001364 || BLEEDING-EDGE MS04-032 Windows Metafile (.emf) Heap Overflow Connectback Attempt || url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx
        2001366 || BLEEDING-EDGE Possible Microsoft SQL Server Remote Denial Of Service Attempt || bugtraq,11265
        2001369 || BLEEDING-EDGE MS04-032 Windows Metafile (.emf) Heap Overflow Exploit || url,www.k-otik.com/exploits/20041020.HOD-ms04032-emf-expl2.c.php
        2001374 || BLEEDING-EDGE MS04-032 Bad EMF file
        2001385 || BLEEDING-EDGE Possible ShixxNote buffer-overflow + remote shell attempt || url,aluigi.altervista.org/adv/shixxbof-adv.txt
        2001392 || BLEEDING-EDGE Inappropriate Sextracker Tracking Code Detected
        2001393 || BLEEDING-EDGE Inappropriate Sextracker Tracking Code Detected
        2001545 || BLEEDING-EDGE ATTACK Potential root shell connection detected!
        2001549 || BLEEDING-EDGE Exploit Possible Sun Java Plugin arbitrary package access exploit || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001550 || BLEEDING-EDGE Exploit Possible Sun Java Plugin arbitrary package access exploit || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001551 || BLEEDING-EDGE Exploit Possible Sun Java Plugin arbitrary package access exploit || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001552 || BLEEDING-EDGE Exploit Possible Sun Java Plugin arbitrary package access exploit || cve,CAN-2004-1029 || url,www.kb.cert.org/vuls/id/760344 || url,secunia.com/advisories/13271/ || url,archives.neohapsis.com/archives/bugtraq/2004-11/0299.html || url,www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=true || url,sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1 || url,jouko.iki.fi/adv/javaplugin.html
        2001608 || BLEEDING-EDGE Inappropriate Likely Porn
        2001616 || BLEEDING-EDGE Attack Response Zone-H.org defacement notification
        2001620 || BLEEDING-EDGE Attack Response Likely Botnet Activity
        2001622 || BLEEDING-EDGE Exploit winhlp32 ActiveX control attack, phase 1
        2001623 || BLEEDING-EDGE Exploit winhlp32 ActiveX control attack, phase 2
        2001624 || BLEEDING-EDGE Exploit winhlp32 ActiveX control attack, phase 3
        2001625 || BLEEDING-EDGE Exploit winhlp32 ActiveX control attack via EMAIL, phase 1
        2001626 || BLEEDING-EDGE Exploit winhlp32 ActiveX control attack via EMAIL, phase 2
        2001627 || BLEEDING-EDGE Exploit winhlp32 ActiveX control attack via EMAIL, phase 3
        2001628 || BLEEDING-EDGE Attack Response Outbound PHP Connection
        2001633 || BLEEDING-EDGE Exploit Probable MSIE XPSP2 Remote Compromise || url,freehost07.websamba.com/greyhats/sp2rc-analysis.htm
        2001634 || BLEEDING-EDGE Exploit Probable MSIE XPSP2 Remote Compromise || url,freehost07.websamba.com/greyhats/sp2rc-analysis.htm
        2001667 || BLEEDING-EDGE Exploit Blahot Worm Infection Reporting in
        2001668 || BLEEDING-EDGE Exploit MS05-002 Malformed .ANI stack overflow attack
        2001671 || BLEEDING-EDGE Exploit Blahot Worm Infection Reporting in (to blahot.com)
        2001717 || BLEEDING-EDGE SSH Successful user connection AFTER Brute Force Attack
        2001718 || BLEEDING-EDGE Exploit CAN-2004-1244 PNG with bad width
        2001719 || BLEEDING-EDGE Exploit CAN-2004-1244 PNG with bad height
        2001720 || BLEEDING-EDGE Exploit CAN-2004-0597 PNG with indexed color
        2001721 || BLEEDING-EDGE Exploit CAN-2004-0597 PNG with too big PLTE
        2001722 || BLEEDING-EDGE Exploit CAN-2004-0597 PNG with too big hIST
        2001723 || BLEEDING-EDGE Exploit ATmaCA PoC for CORE-2004-0819 -- bad PNG
        2001724 || BLEEDING-EDGE Exploit libpng CAN-2004-1244 overflow attempt || bugtraq,10872 || cve,2004-0597
        2001725 || BLEEDING-EDGE Exploit MS05-014 HTML OBJECT tag local zone exploit
        2001727 || BLEEDING-EDGE Exploit MS05-005 Office XP Remote Code Attempt
        2001742 || BLEEDING-EDGE Exploit Arkeia full remote access without password or authentication || url,metasploit.com/research/arkeia_agent
        2001751 || BLEEDING-EDGE Exploit Shoutcast file request overflow
        2001807 || BLEEDING-EDGE EXPLOIT CAN-2005-0399 Gif Vuln via http
        2001813 || BLEEDING-EDGE MSIE Hidden Address Bar (Phish) || url,securityresponse.symantec.com/avcenter/venc/data/js.trojan.blinder.html || url,www.guninski.com/popspoof.html
        2001846 || BLEEDING-EDGE Exploit [ISC] ICMP blind TCP reset DoS guessing attempt || cve,can-2004-0790

[+] Added files (consider updating your snort.conf to include them if needed): [+]

    -> bleeding-sid-msg-map.txt





More information about the Snort-sigs mailing list