[Snort-sigs] Bleedingsnort.com Daily Update

bleeding at ...2727... bleeding at ...2727...
Fri Jul 29 18:02:03 EDT 2005


[***] Results from Oinkmaster started Fri Jul 29 20:00:05 2005 [***]

[///]     Modified active rules:     [///]

 2001090 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to execute Javascript code (bleeding-web.rules)
 2001091 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to execute VBScript code (bleeding-web.rules)
 2001092 - BLEEDING-EDGE WEB-MISC cross site scripting stealth attempt to access SHELL\: (bleeding-web.rules)
 2001101 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute Javascript code (bleeding-exploit.rules)
 2001102 - BLEEDING-EDGE EXPLOIT Stealth attempt to execute VBScript code (bleeding-exploit.rules)
 2001103 - BLEEDING-EDGE EXPLOIT Stealth attempt to access SHELL\: (bleeding-exploit.rules)
 2001667 - BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in (bleeding-exploit.rules)
 2001671 - BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in (to blahot.com) (bleeding-exploit.rules)
 2001915 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-TCP) (bleeding-exploit.rules)
 2001916 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Response-TCP) (bleeding-exploit.rules)
 2001917 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-UDP) (bleeding-exploit.rules)
 2001918 - BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Response-UDP) (bleeding-exploit.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-sid-msg.map (6):
        2001667 || BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in || url,www.blahot.com || url,www.vitalsecurity.org/2005/01/malware-spam.html
        2001671 || BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in (to blahot.com) || url,www.blahot.com || url,www.vitalsecurity.org/2005/01/malware-spam.html
        2001915 || BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-TCP) || url,www.securiteam.com/exploits/5AP0F1FFPG.html
        2001916 || BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Response-TCP) || url,www.securiteam.com/exploits/5AP0F1FFPG.html
        2001917 || BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-UDP) || url,www.securiteam.com/exploits/5AP0F1FFPG.html
        2001918 || BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Response-UDP) || url,www.securiteam.com/exploits/5AP0F1FFPG.html

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-sid-msg.map (6):
        2001667 || BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in
        2001671 || BLEEDING-EDGE EXPLOIT Blahot Worm Infection Reporting in (to blahot.com)
        2001915 || BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-TCP)
        2001916 || BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Response-TCP)
        2001917 || BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Request-UDP)
        2001918 || BLEEDING-EDGE EXPLOIT Ethereal SIP Dissector Overflow (Response-UDP)





More information about the Snort-sigs mailing list