[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Fri Jul 14 09:56:05 EDT 2006


This message is to announce the availability of an update for the Sourcefire community rule set, which can be downloaded free of cost or registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000689-100000819. These rules cover detection of the Mytob virus over e-mail; a buffer overflow in Winamp via MIDI files; and SQL injection and cross-site scripting attacks against a large number of web programs.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000689 || COMMUNITY SMTP Mytob MAIL FROM Attempt
100000690 || COMMUNITY SQL-INJECTION BXCP Sql Injection attempt
100000691 || COMMUNITY SQL-INJECTION Diesel Joke Script Sql Injection attempt
100000692 || COMMUNITY WEB-CLIENT midi file download attempt
100000693 || COMMUNITY WEB-CLIENT winamp midi file header overflow attempt
100000694 || COMMUNITY WEB-MISC VCard PRO gbrowse.php SQL injection attempt
100000695 || COMMUNITY WEB-MISC VCard PRO rating.php SQL injection attempt
100000696 || COMMUNITY WEB-MISC VCard PRO create.php SQL injection attempt
100000697 || COMMUNITY WEB-MISC VCard PRO search.php SQL injection attempt
100000698 || COMMUNITY WEB-MISC BXCP index.php SQL injection attempt
100000699 || COMMUNITY WEB-MISC Vincent Leclercq News diver.php xss attempt
100000700 || COMMUNITY WEB-MISC Vincent Leclercq News diver.php xss attempt
100000701 || COMMUNITY WEB-MISC WordPress index.php SQL injection attempt
100000702 || COMMUNITY WEB-MISC Webvizyon SayfalaAltList.asp MSSQL injection attempt
100000703 || COMMUNITY WEB-PHP Horde index.php show XSS attempt
100000704 || COMMUNITY WEB-PHP SmartSiteCMS comment.php remote file include
100000705 || COMMUNITY WEB-PHP SmartSiteCMS test.php remote file include
100000706 || COMMUNITY WEB-PHP SmartSiteCMS index.php remote file include
100000707 || COMMUNITY WEB-PHP SmartSiteCMS inc_adminfoot.php remote file include
100000708 || COMMUNITY WEB-PHP SmartSiteCMS comedit.php remote file include
100000709 || COMMUNITY WEB-PHP SquirrelMail search.php xss attempt
100000710 || COMMUNITY WEB-PHP Xoops MyAds Module annonces-p-f.php SQL injection attempt
100000711 || COMMUNITY WEB-PHP PHPRaid raids.php remote file include
100000712 || COMMUNITY WEB-PHP PHPRaid register.php remote file include
100000713 || COMMUNITY WEB-PHP PHPRaid roster.php remote file include
100000714 || COMMUNITY WEB-PHP PHPRaid view.php remote file include
100000715 || COMMUNITY WEB-PHP PHPRaid logs.php remote file include
100000716 || COMMUNITY WEB-PHP PHPRaid users.php remote file include
100000717 || COMMUNITY WEB-PHP PHPRaid configuration.php remote file include
100000718 || COMMUNITY WEB-PHP PHPRaid guilds.php remote file include
100000719 || COMMUNITY WEB-PHP PHPRaid index.php remote file include
100000720 || COMMUNITY WEB-PHP PHPRaid locations.php remote file include
100000721 || COMMUNITY WEB-PHP PHPRaid login.php remote file include
100000722 || COMMUNITY WEB-PHP PHPRaid lua_output.php remote file include
100000723 || COMMUNITY WEB-PHP PHPRaid permissions.php remote file include
100000724 || COMMUNITY WEB-PHP PHPRaid profile.php remote file include
100000725 || COMMUNITY WEB-PHP PHPRaid view.php SQL injection attempt
100000726 || COMMUNITY WEB-PHP Vincent-Leclercq News diver.php SQL injection attempt
100000727 || COMMUNITY WEB-PHP Softbiz Banner Exchange insertmember.php xss attempt
100000728 || COMMUNITY WEB-PHP Geeklog functions.inc remote file include
100000729 || COMMUNITY WEB-PHP Geeklog functions.inc remote file include
100000730 || COMMUNITY WEB-PHP Geeklog BlackList.Examine.class.php remote file include
100000731 || COMMUNITY WEB-PHP Geeklog DeleteComment.Action.class.php remote file include
100000732 || COMMUNITY WEB-PHP Geeklog EditIPofURL.Admin.class.php remote file include
100000733 || COMMUNITY WEB-PHP Geeklog MTBlackList.Examine.class.php remote file include
100000734 || COMMUNITY WEB-PHP Geeklog MassDelete.Admin.class.php remote file include
100000735 || COMMUNITY WEB-PHP Geeklog MailAdmin.Action.class.php remote file include
100000736 || COMMUNITY WEB-PHP Geeklog MassDelTrackback.Admin.class.php remote file include
100000737 || COMMUNITY WEB-PHP Geeklog EditHeader.Admin.class.php remote file include
100000738 || COMMUNITY WEB-PHP Geeklog EditIP.Admin.class.php remote file include
100000739 || COMMUNITY WEB-PHP Geeklog IPofUrl.Examine.class.php remote file include
100000740 || COMMUNITY WEB-PHP Geeklog Import.Admin.class.php remote file include
100000741 || COMMUNITY WEB-PHP Geeklog LogView.Admin.class.php remote file include
100000742 || COMMUNITY WEB-PHP Geeklog functions.inc remote file include
100000743 || COMMUNITY WEB-PHP Plume CMS dbinstall.php remote file include
100000744 || COMMUNITY WEB-PHP MyNewsGroups tree.php SQL injection attempt
100000745 || COMMUNITY WEB-PHP Diesel Joke Site category.php SQL injection attempt
100000746 || COMMUNITY WEB-PHP Randshop header.inc.php remote file include
100000747 || COMMUNITY WEB-PHP Plume CMS index.php remote file include
100000748 || COMMUNITY WEB-PHP Plume CMS rss.php remote file include
100000749 || COMMUNITY WEB-PHP Plume CMS search.php remote file include
100000750 || COMMUNITY WEB-PHP Free QBoard index.php remote file include
100000751 || COMMUNITY WEB-PHP Free QBoard about.php remote file include
100000752 || COMMUNITY WEB-PHP Free QBoard contact.php remote file include
100000753 || COMMUNITY WEB-PHP Free QBoard delete.php remote file include
100000754 || COMMUNITY WEB-PHP Free QBoard faq.php remote file include
100000755 || COMMUNITY WEB-PHP Free QBoard features.php remote file include
100000756 || COMMUNITY WEB-PHP Free QBoard history.php remote file include
100000757 || COMMUNITY WEB-PHP QTO File Manager qtofm.php xss attempt
100000758 || COMMUNITY WEB-PHP QTO File Manager qtofm.php xss attempt
100000759 || COMMUNITY WEB-PHP QTO File Manager qtofm.php xss attempt
100000760 || COMMUNITY WEB-PHP The Banner Engine top.php xss attempt
100000761 || COMMUNITY WEB-PHP PHPWebGallery comments.php xss attempt
100000762 || COMMUNITY WEB-PHP Randshop index.php remote file include
100000763 || COMMUNITY WEB-PHP Kamikaze-QSCM config.inc access
100000764 || COMMUNITY WEB-PHP MyPHP CMS global_header.php remote file include
100000765 || COMMUNITY WEB-PHP LifeType index.php SQL injection attempt
100000766 || COMMUNITY WEB-PHP Blog CMS thumb.php remote file include
100000767 || COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt
100000768 || COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt
100000769 || COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt
100000770 || COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt
100000771 || COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt
100000772 || COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt
100000773 || COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt
100000774 || COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt
100000775 || COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt
100000776 || COMMUNITY WEB-PHP Blog CMS index.php SQL injection attempt
100000777 || COMMUNITY WEB-PHP Blog CMS action.php SQL injection attempt
100000778 || COMMUNITY WEB-PHP PHPMailList maillist.php xss attempt
100000779 || COMMUNITY WEB-PHP Horde index.php xss attempt
100000780 || COMMUNITY WEB-PHP Horde problem.php xss attempt
100000781 || COMMUNITY WEB-PHP Horde go.php xss attempt
100000782 || COMMUNITY WEB-PHP Horde go.php xss attempt
100000783 || COMMUNITY WEB-PHP ATutor create_course.php xss attempt
100000784 || COMMUNITY WEB-PHP ATutor create_course.php xss attempt
100000785 || COMMUNITY WEB-PHP ATutor password_reminder.php xss attempt
100000786 || COMMUNITY WEB-PHP ATutor browse.php xss attempt
100000787 || COMMUNITY WEB-PHP ATutor fix_content.php xss attempt
100000788 || COMMUNITY WEB-PHP FreeWebshop search.php xss attempt
100000789 || COMMUNITY WEB-PHP FreeWebshop details.php SQL injection attempt
100000790 || COMMUNITY WEB-PHP Pivot edit_new.php remote file include
100000791 || COMMUNITY WEB-PHP Pivot pv_core.php access
100000792 || COMMUNITY WEB-PHP Pivot blogroll.php xss attempt
100000793 || COMMUNITY WEB-PHP Pivot blogroll.php xss attempt
100000794 || COMMUNITY WEB-PHP Pivot blogroll.php xss attempt
100000795 || COMMUNITY WEB-PHP Pivot blogroll.php xss attempt
100000796 || COMMUNITY WEB-PHP Pivot blogroll.php xss attempt
100000797 || COMMUNITY WEB-PHP Pivot blogroll.php xss attempt
100000798 || COMMUNITY WEB-PHP Pivot blogroll.php xss attempt
100000799 || COMMUNITY WEB-PHP Pivot blogroll.php xss attempt
100000800 || COMMUNITY WEB-PHP Pivot editor_menu.php xss attempt
100000801 || COMMUNITY WEB-PHP Pivot editor_menu.php xss attempt
100000802 || COMMUNITY WEB-PHP BosClassifieds index.php remote file include
100000803 || COMMUNITY WEB-PHP BosClassifieds recent.php remote file include
100000804 || COMMUNITY WEB-PHP BosClassifieds account.php remote file include
100000805 || COMMUNITY WEB-PHP BosClassifieds classified.php remote file include
100000806 || COMMUNITY WEB-PHP BosClassifieds search.php remote file include
100000807 || COMMUNITY WEB-PHP CommonSense search.php SQL injection attempt
100000808 || COMMUNITY WEB-PHP AjaxPortal ajaxp.php SQL injection attempt
100000809 || COMMUNITY WEB-PHP RW Download stats.php remote file include
100000810 || COMMUNITY WEB-PHP PHPBB download.php remote file include
100000811 || COMMUNITY WEB-PHP PHPBB attach_rules.php remote file include
100000812 || COMMUNITY WEB-PHP SimpleBoard SBP index.php remote file include
100000813 || COMMUNITY WEB-PHP SimpleBoard SBP file_upload.php remote file include
100000814 || COMMUNITY WEB-PHP SimpleBoard SBP image_upload.php remote file include
100000815 || COMMUNITY WEB-PHP SimpleBoard SBP performs.php remote file include
100000816 || COMMUNITY WEB-PHP PC_CookBook pccookbook.php remote file include
100000817 || COMMUNITY WEB-PHP SMF Forum smf.php remote file include
100000818 || COMMUNITY WEB-PHP Graffiti Forums topics.php SQL injection attempt
100000819 || COMMUNITY WEB-PHP PhpWebGallery XSS attempt





More information about the Snort-sigs mailing list