[Snort-sigs] Snort Community Rules Update

Sourcefire VRT research at ...435...
Wed Jun 21 12:35:09 EDT 2006

This message is to announce the availability of an update for the 
Sourcefire community rule set, which can be downloaded free of cost or 
registration from http://www.snort.org/pub-bin/downloads.cgi.

New rules in this release are identified as SIDs 100000430-100000447. 
These rules cover remote file inclusion attacks against the BlueShoes, 
CS-Cart, Claroline, CyBoards, Wikiwig, and MirkasGalerie web 
applications; a pair of injection attacks against the Particle web 
application; and a remote code execution attack against the Mozilla 
Firefox web browser via the DOMNodeRemoved JavaScript method.

A list of modified rules and their SIDs follows.

Alex Kirk
Community Rules Maintainer
Sourcefire, Inc.

100000430 || COMMUNITY WEB-MISC BlueShoes Bs_Faq.class.php remote file 
100000431 || COMMUNITY WEB-MISC BlueShoes fileBrowserInner.php remote 
file include
100000432 || COMMUNITY WEB-MISC BlueShoes file.php remote file include
100000433 || COMMUNITY WEB-MISC BlueShoes viewer.php remote file include
100000434 || COMMUNITY WEB-MISC BlueShoes Bs_ImageArchive.class.php 
remote file include
100000435 || COMMUNITY WEB-MISC BlueShoes Bs_Ml_User.class.php remote 
file include
100000436 || COMMUNITY WEB-MISC BlueShoes Bs_Wse_Profile.class.php 
remote file include
100000437 || COMMUNITY WEB-MISC CS-Cart class.cs_phpmailer.php remote 
file include
100000438 || COMMUNITY WEB-MISC Claroline mambo.inc.php remote file include
100000439 || COMMUNITY WEB-MISC Claroline postnuke.inc.php remote file 
100000440 || COMMUNITY WEB-MISC CyBoards common.php remote file include
100000441 || COMMUNITY WEB-MISC Wikiwig wk_lang.php remote file include
100000442 || COMMUNITY WEB-MISC MiraksGalerie pcltar.lib.php remote file 
100000443 || COMMUNITY WEB-MISC MiraksGalerie galimage.lib.php remote 
file include
100000444 || COMMUNITY WEB-MISC MiraksGalerie galsecurity.lib.php remote 
file include
100000445 || COMMUNITY WEB-PHP Particle Gallery Viewimage PHP Variable 
Injection Attempt
100000446 || COMMUNITY WEB-PHP Particle Wiki PHP SQL Injection attempt
100000447 || COMMUNITY WEB-CLIENT Mozilla Firefox DOMNodeRemoved attack 

More information about the Snort-sigs mailing list