[Snort-sigs] Snort-sigs Digest, Vol 5, Issue 11

Monica Cloutier mc at ...3215...
Fri Oct 20 16:49:40 EDT 2006


FYI - there's a missing semi-colon in sid:100000906.

uricontent:"thispath="

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"COMMUNITY WEB-PHP 
UBB.threads remote file include"; flow:to_server,established; 
uricontent:"addpost_newpoll.php?"; nocase; uricontent:"thispath=" nocase; 
pcre:"/addpost_newpoll\x2Ephp\x3F[^\r\n]*thispath=(https?|ftp)/Ui"; 
classtype:web-application-attack; sid:100000906; rev:1;)


-Monica Cloutier

snort-sigs-request at lists.sourceforge.net wrote:
> Send Snort-sigs mailing list submissions to
> 	snort-sigs at lists.sourceforge.net
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.sourceforge.net/lists/listinfo/snort-sigs
> or, via email, send a message with subject or body 'help' to
> 	snort-sigs-request at lists.sourceforge.net
> 
> You can reach the person managing the list at
> 	snort-sigs-owner at lists.sourceforge.net
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-sigs digest..."
> 
> 
> Today's Topics:
> 
>    1. Snort Community Rules Update (Sourcefire VRT)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 20 Oct 2006 16:26:08 -0400
> From: Sourcefire VRT <research at ...435...>
> Subject: [Snort-sigs] Snort Community Rules Update
> To: snort-sigs mailinglist <snort-sigs at lists.sourceforge.net>
> Message-ID: <453930E0.1020007 at ...435...>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> This message is to announce the availability of an update for the 
> Sourcefire community rule set, which can be downloaded free of cost or 
> registration from http://www.snort.org/pub-bin/downloads.cgi.
> 
> New rules in this release are identified as SIDs 100000900-100000919. 
> These rules cover detection of Mytob worm over IRC; remote file 
> inclusion attacks against the UBB.threads, phpMyWebmin, Dayfox Blog, 
> Somery, PHP-Dimension, and Segue CMS systems; and a cross-site scripting 
> attack against the MyBulletinBoard system.
> 
> Additionally, a large number of rules have been updated for improved 
> performance and/or readability, including the addition of classtypes to 
> all rules which previously lacked such information.
> 
> Sourcefire would like to thank Shirkdog for submitting SID 100000919. As 
> a reminder, anyone who wishes to submit rules may do so at 
> http://www.snort.org/reg-bin/rulesubmit.cgi.
> 
> A list of modified rules and their SIDs follows.
> 
> Alex Kirk
> Community Rules Maintainer
> Sourcefire, Inc.
> 
> New rules:
> 100000900 || COMMUNITY BOT Mytob IRC DCC file transfer request
> 100000901 || COMMUNITY BOT Mytob IRC DCC chat request
> 100000902 || COMMUNITY BOT Mytob IRC channel join
> 100000903 || COMMUNITY BOT Mytob IRC dns request
> 100000904 || COMMUNITY BOT Mytob IRC dns response
> 100000905 || COMMUNITY BOT Mytob IRC nick change
> 100000906 || COMMUNITY WEB-PHP UBB.threads remote file include
> 100000907 || COMMUNITY WEB-PHP phpMyWebmin change_preferences2 script 
> remote file include
> 100000908 || COMMUNITY WEB-PHP phpMyWebmin create_file script remote 
> file include
> 100000909 || COMMUNITY WEB-PHP phpMyWebmin upload_local script remote 
> file include
> 100000910 || COMMUNITY WEB-PHP phpMyWebmin upload_multi script remote 
> file include
> 100000911 || COMMUNITY WEB-PHP Dayfox Blog adminlog.php module remote 
> file include
> 100000912 || COMMUNITY WEB-PHP Dayfox Blog postblog.php module remote 
> file include
> 100000913 || COMMUNITY WEB-PHP Dayfox Blog index.php module remote file 
> include
> 100000914 || COMMUNITY WEB-PHP Dayfox Blog index2.php module remote file 
> include
> 100000915 || COMMUNITY WEB-PHP Somery Include.php remote file include
> 100000916 || COMMUNITY WEB-PHP MyBulletinBoard Functions_Post.php xss 
> attempt
> 100000917 || COMMUNITY WEB-PHP PHP-Dimension functions_kb.php remote 
> file include attempt
> 100000918 || COMMUNITY WEB-PHP PHP-Dimension themen_portal_mitte.php 
> remote include attempt
> 100000919 || COMMUNITY WEB-PHP Segue CMS themesettings.inc.php remote 
> file include attempt
> 
> Updated rules:
> 100000187 || COMMUNITY WEB-PHP XSS attempt
> 100000189 || COMMUNITY MISC streaming RTSP - realplayer
> 100000190 || COMMUNITY MISC streaming Windows Mediaplayer
> 100000192 || COMMUNITY SQL-INJECTION WIZZ ForumTopicDetails Sql 
> Injection attempt
> 100000193 || COMMUNITY SQL-INJECTION WIZZ ForumAuthDetails Sql Injection 
> attempt
> 100000194 || COMMUNITY SQL-INJECTION WIZZ ForumReply Sql Injection attempt
> 100000215 || COMMUNITY DOS Trend Micro ServerProtect EarthAgent attempt
> 100000221 || COMMUNITY WEB-PHP AppServ main.php appserv_root param access
> 100000229 || COMMUNITY MISC Lotus Domino LDAP attack
> 100000237 || COMMUNITY WEB-MISC Proxy Bypass Via Google Translation Same 
> To And From Language
> 100000284 || COMMUNITY WEB-CLIENT RealMedia invalid chunk size heap 
> overflow attempt
> 100000285 || COMMUNITY WEB-PHP ldap_var.inc.php remote file include attempt
> 100000302 || COMMUNITY WEB-MISC DeviceSelection.asp sRedirectUrl 
> parameter access
> 100000303 || COMMUNITY WEB-MISC DeviceSelection.asp sCancelURL parameter 
> access
> 100000304 || COMMUNITY WEB-PHP Gphoto index.php rep parameter remote 
> file include attempt
> 100000305 || COMMUNITY WEB-PHP Gphoto index.php image parameter remote 
> file include attempt
> 100000306 || COMMUNITY WEB-PHP Gphoto diapho.php rep parameter remote 
> file include attempt
> 100000307 || COMMUNITY WEB-PHP Gphoto diapho.php image parameter remote 
> file include attempt
> 100000308 || COMMUNITY WEB-PHP Gphoto affich.php rep parameter remote 
> file include attempt
> 100000309 || COMMUNITY WEB-PHP Gphoto affich.php image parameter remote 
> file include attempt
> 100000312 || COMMUNITY VIRUS Ginwui.B POST attempt
> 100000317 || COMMUNITY WEB-MISC phpBazar classified_right.php remote 
> file include
> 100000318 || COMMUNITY WEB-MISC phpBazar admin.php remote file include
> 100000319 || COMMUNITY WEB-MISC ActualScripts direct.php remote file include
> 100000320 || COMMUNITY WEB-MISC ScozNet ScozNews functions.php remote 
> file include
> 100000321 || COMMUNITY WEB-MISC ScozNet ScozNews help.php remote file 
> include
> 100000322 || COMMUNITY WEB-MISC ScozNet ScozNews mail.php remote file 
> include
> 100000323 || COMMUNITY WEB-MISC ScozNet ScozNews news.php remote file 
> include
> 100000324 || COMMUNITY WEB-MISC ScozNet ScozNews template.php remote 
> file include
> 100000325 || COMMUNITY WEB-MISC ScozNet ScozNews admin_cats.php remote 
> file include
> 100000326 || COMMUNITY WEB-MISC ScozNet ScozNews admin_edit.php remote 
> file include
> 100000327 || COMMUNITY WEB-MISC ScozNet ScozNews admin_import.php remote 
> file include
> 100000328 || COMMUNITY WEB-MISC ScozNet ScozNews admin_templates.php 
> remote file include
> 100000329 || COMMUNITY WEB-MISC Invision Power Board class_post.php 
> remote file include
> 100000330 || COMMUNITY WEB-MISC Invision Power Board moderate.php remote 
> file include
> 100000334 || COMMUNITY WEB-MISC CaLogic Calendars reconfig.php remote 
> file include
> 100000335 || COMMUNITY WEB-MISC CaLogic Calendars srxclr.php remote file 
> include
> 100000336 || COMMUNITY WEB-MISC phpMyDirectory footer.php remote file 
> include
> 100000337 || COMMUNITY WEB-MISC phpMyDirectory defaults_setup.php remote 
> file include
> 100000338 || COMMUNITY WEB-MISC phpMyDirectory header.php remote file 
> include
> 100000339 || COMMUNITY WEB-MISC V-Webmail core.php remote file include
> 100000340 || COMMUNITY WEB-MISC V-Webmail pop3.php remote file include
> 100000341 || COMMUNITY WEB-MISC DoceboLMS help.php remote file include
> 100000342 || COMMUNITY WEB-MISC DoceboLMS business.php remote file include
> 100000343 || COMMUNITY WEB-MISC DoceboLMS credits.php remote file include
> 100000344 || COMMUNITY WEB-MISC SocketMail index.php remote file include
> 100000345 || COMMUNITY WEB-MISC SocketMail inc-common.php remote file 
> include
> 100000346 || COMMUNITY WEB-MISC Plume CMS prepend.php remote file include
> 100000347 || COMMUNITY WEB-MISC Ezupload Pro form.php remote file include
> 100000348 || COMMUNITY WEB-MISC Ezupload Pro customize.php remote file 
> include
> 100000349 || COMMUNITY WEB-MISC Ezupload Pro initialize.php remote file 
> include
> 100000350 || COMMUNITY WEB-MISC UBBThreads ubbt.inc.php remote file include
> 100000351 || COMMUNITY WEB-MISC UBBThreads config[cookieprefix] remote 
> file include
> 100000352 || COMMUNITY WEB-MISC Blend Portal blend_common.php remote 
> file include
> 100000353 || COMMUNITY WEB-MISC tinyBB footers.php remote file include
> 100000354 || COMMUNITY WEB-MISC phpBB-Amod lang_activity.php remote file 
> include
> 100000355 || COMMUNITY WEB-MISC eSyndiCat cron.php remote file include
> 100000356 || COMMUNITY WEB-MISC BASE base_qry_common.php remote file include
> 100000357 || COMMUNITY WEB-MISC BASE base_stat_common.php remote file 
> include
> 100000358 || COMMUNITY WEB-MISC BASE base_include.inc.php remote file 
> include
> 100000359 || COMMUNITY WEB-MISC Fastpublish CMS drucken.php remote file 
> include
> 100000360 || COMMUNITY WEB-MISC Fastpublish CMS drucken2.php remote file 
> include
> 100000361 || COMMUNITY WEB-MISC Fastpublish CMS email_an_benutzer.php 
> remote file include
> 100000362 || COMMUNITY WEB-MISC Fastpublish CMS rechnung.php remote file 
> include
> 100000363 || COMMUNITY WEB-MISC Fastpublish CMS search.php remote file 
> include
> 100000364 || COMMUNITY WEB-MISC Fastpublish CMS admin.php remote file 
> include
> 100000365 || COMMUNITY WEB-MISC phpNuke index.php remote file include
> 100000366 || COMMUNITY WEB-MISC phpNuke admin_ug_auth.php remote file 
> include
> 100000367 || COMMUNITY WEB-MISC phpNuke admin_board.php remote file include
> 100000368 || COMMUNITY WEB-MISC phpNuke admin_disallow.php remote file 
> include
> 100000369 || COMMUNITY WEB-MISC phpNuke admin_forumauth.php remote file 
> include
> 100000370 || COMMUNITY WEB-MISC phpNuke admin_groups.php remote file include
> 100000371 || COMMUNITY WEB-MISC phpNuke admin_ranks.php remote file include
> 100000372 || COMMUNITY WEB-MISC phpNuke admin_styles.php remote file include
> 100000373 || COMMUNITY WEB-MISC phpNuke admin_user_ban.php remote file 
> include
> 100000374 || COMMUNITY WEB-MISC phpNuke admin_words.php remote file include
> 100000375 || COMMUNITY WEB-MISC phpNuke admin_avatar.php remote file include
> 100000376 || COMMUNITY WEB-MISC phpNuke admin_db_utilities.php remote 
> file include
> 100000377 || COMMUNITY WEB-MISC phpNuke admin_forum_prune.php remote 
> file include
> 100000378 || COMMUNITY WEB-MISC phpNuke admin_forums.php remote file include
> 100000379 || COMMUNITY WEB-MISC phpNuke admin_mass_email.php remote file 
> include
> 100000380 || COMMUNITY WEB-MISC phpNuke admin_smilies.php remote file 
> include
> 100000381 || COMMUNITY WEB-MISC phpNuke admin_ug_auth.php remote file 
> include
> 100000382 || COMMUNITY WEB-MISC phpNuke admin_users.php remote file include
> 100000383 || COMMUNITY WEB-MISC OsTicket open_form.php remote file include
> 100000384 || COMMUNITY WEB-MISC Ottoman index.php remote file include
> 100000385 || COMMUNITY WEB-MISC Ottoman error.php remote file include
> 100000386 || COMMUNITY WEB-MISC Ottoman main_class.php remote file include
> 100000387 || COMMUNITY WEB-MISC Ovidentia index.php remote file include
> 100000388 || COMMUNITY WEB-MISC Ovidentia topman.php remote file include
> 100000389 || COMMUNITY WEB-MISC Ovidentia approb.php remote file include
> 100000390 || COMMUNITY WEB-MISC Ovidentia vacadmb.php remote file include
> 100000391 || COMMUNITY WEB-MISC Ovidentia vacadma.php remote file include
> 100000392 || COMMUNITY WEB-MISC Ovidentia vacadm.php remote file include
> 100000393 || COMMUNITY WEB-MISC Ovidentia start.php remote file include
> 100000394 || COMMUNITY WEB-MISC Ovidentia search.php remote file include
> 100000395 || COMMUNITY WEB-MISC Ovidentia posts.php remote file include
> 100000396 || COMMUNITY WEB-MISC Ovidentia options.php remote file include
> 100000397 || COMMUNITY WEB-MISC Ovidentia login.php remote file include
> 100000398 || COMMUNITY WEB-MISC Ovidentia frchart.php remote file include
> 100000399 || COMMUNITY WEB-MISC Ovidentia flbchart.php remote file include
> 100000400 || COMMUNITY WEB-MISC Ovidentia fileman.php remote file include
> 100000401 || COMMUNITY WEB-MISC Ovidentia faq.php remote file include
> 100000402 || COMMUNITY WEB-MISC Ovidentia event.php remote file include
> 100000403 || COMMUNITY WEB-MISC Ovidentia directory.php remote file include
> 100000404 || COMMUNITY WEB-MISC Ovidentia articles.php remote file include
> 100000405 || COMMUNITY WEB-MISC Ovidentia artedit.php remote file include
> 100000406 || COMMUNITY WEB-MISC Ovidentia approb.php remote file include
> 100000407 || COMMUNITY WEB-MISC Ovidentia calday.php remote file include
> 100000408 || COMMUNITY WEB-MISC AssoCIateD cache_mngt.php remote file 
> include
> 100000409 || COMMUNITY WEB-MISC AssoCIateD gallery_functions.php remote 
> file include
> 100000410 || COMMUNITY WEB-MISC REDAXO index.inc.php remote file include
> 100000411 || COMMUNITY WEB-MISC REDAXO index.inc.php remote file include
> 100000412 || COMMUNITY WEB-MISC REDAXO index.inc.php remote file include
> 100000413 || COMMUNITY WEB-MISC REDAXO index.inc.php remote file include
> 100000414 || COMMUNITY WEB-MISC REDAXO community.inc.php remote file include
> 100000415 || COMMUNITY WEB-MISC Bytehoard server.php remote file include
> 100000416 || COMMUNITY WEB-MISC MyBloggie admin.php remote file include
> 100000417 || COMMUNITY WEB-MISC MyBloggie scode.php remote file include
> 100000418 || COMMUNITY WEB-MISC Ashwebstudio Ashnews ashheadlines.php 
> remote file include
> 100000419 || COMMUNITY WEB-MISC Ashwebstudio Ashnews ashnews.php remote 
> file include
> 100000420 || COMMUNITY WEB-MISC Informium common-menu.php remote file 
> include
> 100000421 || COMMUNITY WEB-MISC Igloo wiki.php remote file include
> 100000422 || COMMUNITY WEB-MISC phpBB template.php remote file include
> 100000423 || COMMUNITY WEB-MISC DotWidget CMS index.php remote file include
> 100000424 || COMMUNITY WEB-MISC DotWidget CMS feedback.php remote file 
> include
> 100000425 || COMMUNITY WEB-MISC DotWidget CMS printfriendly.php remote 
> file include
> 100000426 || COMMUNITY WEB-MISC DotClear prepend.php remote file include
> 100000430 || COMMUNITY WEB-MISC BlueShoes Bs_Faq.class.php remote file 
> include
> 100000431 || COMMUNITY WEB-MISC BlueShoes fileBrowserInner.php remote 
> file include
> 100000432 || COMMUNITY WEB-MISC BlueShoes file.php remote file include
> 100000433 || COMMUNITY WEB-MISC BlueShoes viewer.php remote file include
> 100000434 || COMMUNITY WEB-MISC BlueShoes Bs_ImageArchive.class.php 
> remote file include
> 100000435 || COMMUNITY WEB-MISC BlueShoes Bs_Ml_User.class.php remote 
> file include
> 100000436 || COMMUNITY WEB-MISC BlueShoes Bs_Wse_Profile.class.php 
> remote file include
> 100000437 || COMMUNITY WEB-MISC CS-Cart class.cs_phpmailer.php remote 
> file include
> 100000438 || COMMUNITY WEB-MISC Claroline mambo.inc.php remote file include
> 100000439 || COMMUNITY WEB-MISC Claroline postnuke.inc.php remote file 
> include
> 100000440 || COMMUNITY WEB-MISC CyBoards common.php remote file include
> 100000441 || COMMUNITY WEB-MISC Wikiwig wk_lang.php remote file include
> 100000442 || COMMUNITY WEB-MISC MiraksGalerie pcltar.lib.php remote file 
> include
> 100000443 || COMMUNITY WEB-MISC MiraksGalerie galimage.lib.php remote 
> file include
> 100000444 || COMMUNITY WEB-MISC MiraksGalerie galsecurity.lib.php remote 
> file include
> 100000463 || COMMUNITY WEB-PHP Joomla joomla.php remote file include
> 100000464 || COMMUNITY WEB-PHP LoveCompass AEPartner design.inc.php 
> remote file include
> 100000465 || COMMUNITY WEB-PHP Empris sql_fcnsOLD.php remote file include
> 100000466 || COMMUNITY WEB-PHP Free QBoard post.php remote file include
> 100000467 || COMMUNITY WEB-PHP WebprojectDB nav.php remote file include
> 100000468 || COMMUNITY WEB-PHP WebprojectDB lang.php remote file include
> 100000470 || COMMUNITY WEB-PHP Foing manage_songs.php remote file include
> 100000478 || COMMUNITY WEB-PHP aWebNews visview.php remote file include
> 100000479 || COMMUNITY WEB-PHP CzarNews headlines.php remote file include
> 100000480 || COMMUNITY WEB-PHP Somery team.php remote file include
> 100000481 || COMMUNITY WEB-PHP Hinton Design PHPHG signed.php remote 
> file include
> 100000482 || COMMUNITY WEB-PHP BoastMachine vote.php remote file include
> 100000483 || COMMUNITY WEB-PHP Wheatblog view_links.php remote file include
> 100000485 || COMMUNITY WEB-PHP RahnemaCo page.php remote file include
> 100000486 || COMMUNITY WEB-PHP PhpBlueDragon CMS template.php remote 
> file include
> 100000487 || COMMUNITY WEB-PHP ISPConfig server.inc.php remote file include
> 100000488 || COMMUNITY WEB-PHP ISPConfig app.inc.php remote file include
> 100000489 || COMMUNITY WEB-PHP ISPConfig login.php remote file include
> 100000490 || COMMUNITY WEB-PHP ISPConfig trylogin.php remote file include
> 100000491 || COMMUNITY WEB-PHP DeluxeBB posting.php remote file include
> 100000492 || COMMUNITY WEB-PHP DeluxeBB newpm.php remote file include
> 100000493 || COMMUNITY WEB-PHP DeluxeBB postreply.php remote file include
> 100000499 || COMMUNITY WEB-PHP PictureDis thumstbl.php remote file include
> 100000500 || COMMUNITY WEB-PHP PictureDis wpfiles.php remote file include
> 100000501 || COMMUNITY WEB-PHP PictureDis wallpapr.php remote file include
> 100000502 || COMMUNITY WEB-PHP Ji-Takz tag.class.php remote file include
> 100000503 || COMMUNITY WEB-PHP Nucleus CMS action.php remote file include
> 100000504 || COMMUNITY WEB-PHP Nucleus CMS media.php remote file include
> 100000505 || COMMUNITY WEB-PHP Nucleus CMS server.php remote file include
> 100000506 || COMMUNITY WEB-PHP Nucleus CMS api_metaweblog.inc.php remote 
> file include
> 100000507 || COMMUNITY WEB-PHP FlashChat adminips.php remote file include
> 100000509 || COMMUNITY WEB-PHP RahnemaCo page.php remote file include
> 100000518 || COMMUNITY WEB-PHP PHP Live Helper initiate.php remote file 
> include
> 100000524 || COMMUNITY WEB-PHP Micro CMS microcms-include.php remote 
> file include
> 100000545 || COMMUNITY WEB-PHP PHP Blue Dragon CMS team_admin.php remote 
> file include
> 100000546 || COMMUNITY WEB-PHP PHP Blue Dragon CMS rss_admin.php remote 
> file include
> 100000547 || COMMUNITY WEB-PHP PHP Blue Dragon CMS manual_admin.php 
> remote file include
> 100000548 || COMMUNITY WEB-PHP PHP Blue Dragon CMS forum_admin.php 
> remote file include
> 100000552 || COMMUNITY WEB-PHP SmartSiteCMS inc_foot.php remote file include
> 100000553 || COMMUNITY WEB-PHP PHPMySMS gateway.php remote file include
> 100000560 || COMMUNITY WEB-PHP eNpaper1 root_header.php remote file include
> 100000569 || COMMUNITY WEB-PHP Indexu app_change_email.php remote file 
> include
> 100000570 || COMMUNITY WEB-PHP Indexu app_change_pwd.php remote file include
> 100000571 || COMMUNITY WEB-PHP Indexu app_mod_rewrite.php remote file 
> include
> 100000572 || COMMUNITY WEB-PHP Indexu app_page_caching.php remote file 
> include
> 100000573 || COMMUNITY WEB-PHP Indexu app_setup.php remote file include
> 100000574 || COMMUNITY WEB-PHP Indexu cat_add.php remote file include
> 100000575 || COMMUNITY WEB-PHP Indexu cat_delete.php remote file include
> 100000576 || COMMUNITY WEB-PHP Indexu cat_edit.php remote file include
> 100000577 || COMMUNITY WEB-PHP Indexu cat_path_update.php remote file 
> include
> 100000578 || COMMUNITY WEB-PHP Indexu cat_search.php remote file include
> 100000579 || COMMUNITY WEB-PHP Indexu cat_struc.php remote file include
> 100000580 || COMMUNITY WEB-PHP Indexu cat_view.php remote file include
> 100000581 || COMMUNITY WEB-PHP Indexu cat_view_hidden.php remote file 
> include
> 100000582 || COMMUNITY WEB-PHP Indexu cat_view_hierarchy.php remote file 
> include
> 100000583 || COMMUNITY WEB-PHP Indexu cat_view_registered_only.php 
> remote file include
> 100000584 || COMMUNITY WEB-PHP Indexu checkurl_web.php remote file include
> 100000585 || COMMUNITY WEB-PHP Indexu db_alter.php remote file include
> 100000586 || COMMUNITY WEB-PHP Indexu db_alter_change.php remote file 
> include
> 100000587 || COMMUNITY WEB-PHP Indexu db_backup.php remote file include
> 100000588 || COMMUNITY WEB-PHP Indexu db_export.php remote file include
> 100000589 || COMMUNITY WEB-PHP Indexu db_import.php remote file include
> 100000590 || COMMUNITY WEB-PHP Indexu editor_add.php remote file include
> 100000591 || COMMUNITY WEB-PHP Indexu editor_delete.php remote file include
> 100000592 || COMMUNITY WEB-PHP Indexu editor_validate.php remote file 
> include
> 100000593 || COMMUNITY WEB-PHP Indexu head.php remote file include
> 100000594 || COMMUNITY WEB-PHP Indexu index.php remote file include
> 100000595 || COMMUNITY WEB-PHP Indexu inv_config.php remote file include
> 100000596 || COMMUNITY WEB-PHP Indexu inv_config_payment.php remote file 
> include
> 100000597 || COMMUNITY WEB-PHP Indexu inv_create.php remote file include
> 100000598 || COMMUNITY WEB-PHP Indexu inv_delete.php remote file include
> 100000599 || COMMUNITY WEB-PHP Indexu inv_edit.php remote file include
> 100000600 || COMMUNITY WEB-PHP Indexu inv_markpaid.php remote file include
> 100000601 || COMMUNITY WEB-PHP Indexu inv_markunpaid.php remote file include
> 100000602 || COMMUNITY WEB-PHP Indexu inv_overdue.php remote file include
> 100000603 || COMMUNITY WEB-PHP Indexu inv_paid.php remote file include
> 100000604 || COMMUNITY WEB-PHP Indexu inv_send.php remote file include
> 100000605 || COMMUNITY WEB-PHP Indexu inv_unpaid.php remote file include
> 100000606 || COMMUNITY WEB-PHP Indexu lang_modify.php remote file include
> 100000607 || COMMUNITY WEB-PHP Indexu link_add.php remote file include
> 100000608 || COMMUNITY WEB-PHP Indexu link_bad.php remote file include
> 100000609 || COMMUNITY WEB-PHP Indexu link_bad_delete.php remote file 
> include
> 100000610 || COMMUNITY WEB-PHP Indexu link_checkurl.php remote file include
> 100000611 || COMMUNITY WEB-PHP Indexu link_delete.php remote file include
> 100000612 || COMMUNITY WEB-PHP Indexu link_duplicate.php remote file include
> 100000613 || COMMUNITY WEB-PHP Indexu link_edit.php remote file include
> 100000614 || COMMUNITY WEB-PHP Indexu link_premium_listing.php remote 
> file include
> 100000615 || COMMUNITY WEB-PHP Indexu link_premium_sponsored.php remote 
> file include
> 100000616 || COMMUNITY WEB-PHP Indexu link_search.php remote file include
> 100000617 || COMMUNITY WEB-PHP Indexu link_sponsored_listing.php remote 
> file include
> 100000618 || COMMUNITY WEB-PHP Indexu link_validate.php remote file include
> 100000619 || COMMUNITY WEB-PHP Indexu link_validate_edit.php remote file 
> include
> 100000620 || COMMUNITY WEB-PHP Indexu link_view.php remote file include
> 100000621 || COMMUNITY WEB-PHP Indexu log_search.php remote file include
> 100000622 || COMMUNITY WEB-PHP Indexu mail_modify.php remote file include
> 100000623 || COMMUNITY WEB-PHP Indexu menu.php remote file include
> 100000624 || COMMUNITY WEB-PHP Indexu message_create.php remote file include
> 100000625 || COMMUNITY WEB-PHP Indexu message_delete.php remote file include
> 100000626 || COMMUNITY WEB-PHP Indexu message_edit.php remote file include
> 100000627 || COMMUNITY WEB-PHP Indexu message_send.php remote file include
> 100000628 || COMMUNITY WEB-PHP Indexu message_subscriber.php remote file 
> include
> 100000629 || COMMUNITY WEB-PHP Indexu message_view.php remote file include
> 100000630 || COMMUNITY WEB-PHP Indexu review_validate.php remote file 
> include
> 100000631 || COMMUNITY WEB-PHP Indexu review_validate_edit.php remote 
> file include
> 100000632 || COMMUNITY WEB-PHP Indexu summary.php remote file include
> 100000633 || COMMUNITY WEB-PHP Indexu template_active.php remote file 
> include
> 100000634 || COMMUNITY WEB-PHP Indexu template_add_custom.php remote 
> file include
> 100000635 || COMMUNITY WEB-PHP Indexu template_delete.php remote file 
> include
> 100000636 || COMMUNITY WEB-PHP Indexu template_delete_file.php remote 
> file include
> 100000637 || COMMUNITY WEB-PHP Indexu template_duplicate.php remote file 
> include
> 100000638 || COMMUNITY WEB-PHP Indexu template_export.php remote file 
> include
> 100000639 || COMMUNITY WEB-PHP Indexu template_import.php remote file 
> include
> 100000640 || COMMUNITY WEB-PHP Indexu template_manager.php remote file 
> include
> 100000641 || COMMUNITY WEB-PHP Indexu template_modify.php remote file 
> include
> 100000642 || COMMUNITY WEB-PHP Indexu template_modify_file.php remote 
> file include
> 100000643 || COMMUNITY WEB-PHP Indexu template_rename.php remote file 
> include
> 100000644 || COMMUNITY WEB-PHP Indexu user_add.php remote file include
> 100000645 || COMMUNITY WEB-PHP Indexu user_delete.php remote file include
> 100000646 || COMMUNITY WEB-PHP Indexu user_edit.php remote file include
> 100000647 || COMMUNITY WEB-PHP Indexu user_search.php remote file include
> 100000648 || COMMUNITY WEB-PHP Indexu whos.php remote file include
> 100000666 || COMMUNITY WEB-PHP Harpia files.php remote file include
> 100000667 || COMMUNITY WEB-PHP Harpia files.php remote file include
> 100000668 || COMMUNITY WEB-PHP Harpia pheader.php remote file include
> 100000669 || COMMUNITY WEB-PHP Harpia headlines.php remote file include
> 100000670 || COMMUNITY WEB-PHP Harpia web_statsConfig.php remote file 
> include
> 100000671 || COMMUNITY WEB-PHP Harpia preload.php remote file include
> 100000672 || COMMUNITY WEB-PHP Harpia users.php remote file include
> 100000673 || COMMUNITY WEB-PHP Harpia web_statsConfig.php remote file 
> include
> 100000674 || COMMUNITY WEB-PHP Harpia footer.php remote file include
> 100000675 || COMMUNITY WEB-PHP Harpia pfooter.php remote file include
> 100000676 || COMMUNITY WEB-PHP Harpia missing.php remote file include
> 100000677 || COMMUNITY WEB-PHP Harpia topics.php remote file include
> 100000678 || COMMUNITY WEB-PHP Harpia header.php remote file include
> 100000679 || COMMUNITY WEB-PHP Harpia index.php remote file include
> 100000680 || COMMUNITY WEB-PHP Harpia search.php remote file include
> 100000681 || COMMUNITY WEB-PHP Harpia header.php remote file include
> 100000682 || COMMUNITY WEB-PHP Harpia email.php remote file include
> 100000686 || COMMUNITY DOS EnergyMech parse_notice vulnerability - inbound
> 100000687 || COMMUNITY DOS EnergyMech parse_notice vulnerability - outbound
> 100000688 || COMMUNITY POLICY Ajax Remote Desktop Connection
> 100000690 || COMMUNITY SQL-INJECTION BXCP Sql Injection attempt
> 100000691 || COMMUNITY SQL-INJECTION Diesel Joke Script Sql Injection 
> attempt
> 100000692 || COMMUNITY WEB-CLIENT midi file download attempt
> 100000693 || COMMUNITY WEB-CLIENT winamp midi file header overflow attempt
> 100000703 || COMMUNITY WEB-PHP Horde index.php show XSS attempt
> 100000704 || COMMUNITY WEB-PHP SmartSiteCMS comment.php remote file include
> 100000705 || COMMUNITY WEB-PHP SmartSiteCMS test.php remote file include
> 100000706 || COMMUNITY WEB-PHP SmartSiteCMS index.php remote file include
> 100000707 || COMMUNITY WEB-PHP SmartSiteCMS inc_adminfoot.php remote 
> file include
> 100000708 || COMMUNITY WEB-PHP SmartSiteCMS comedit.php remote file include
> 100000711 || COMMUNITY WEB-PHP PHPRaid raids.php remote file include
> 100000712 || COMMUNITY WEB-PHP PHPRaid register.php remote file include
> 100000713 || COMMUNITY WEB-PHP PHPRaid roster.php remote file include
> 100000714 || COMMUNITY WEB-PHP PHPRaid view.php remote file include
> 100000715 || COMMUNITY WEB-PHP PHPRaid logs.php remote file include
> 100000716 || COMMUNITY WEB-PHP PHPRaid users.php remote file include
> 100000717 || COMMUNITY WEB-PHP PHPRaid configuration.php remote file include
> 100000718 || COMMUNITY WEB-PHP PHPRaid guilds.php remote file include
> 100000719 || COMMUNITY WEB-PHP PHPRaid index.php remote file include
> 100000720 || COMMUNITY WEB-PHP PHPRaid locations.php remote file include
> 100000721 || COMMUNITY WEB-PHP PHPRaid login.php remote file include
> 100000722 || COMMUNITY WEB-PHP PHPRaid lua_output.php remote file include
> 100000723 || COMMUNITY WEB-PHP PHPRaid permissions.php remote file include
> 100000724 || COMMUNITY WEB-PHP PHPRaid profile.php remote file include
> 100000728 || COMMUNITY WEB-PHP Geeklog functions.inc remote file include
> 100000729 || COMMUNITY WEB-PHP Geeklog functions.inc remote file include
> 100000730 || COMMUNITY WEB-PHP Geeklog BlackList.Examine.class.php 
> remote file include
> 100000731 || COMMUNITY WEB-PHP Geeklog DeleteComment.Action.class.php 
> remote file include
> 100000732 || COMMUNITY WEB-PHP Geeklog EditIPofURL.Admin.class.php 
> remote file include
> 100000733 || COMMUNITY WEB-PHP Geeklog MTBlackList.Examine.class.php 
> remote file include
> 100000734 || COMMUNITY WEB-PHP Geeklog MassDelete.Admin.class.php remote 
> file include
> 100000735 || COMMUNITY WEB-PHP Geeklog MailAdmin.Action.class.php remote 
> file include
> 100000736 || COMMUNITY WEB-PHP Geeklog MassDelTrackback.Admin.class.php 
> remote file include
> 100000737 || COMMUNITY WEB-PHP Geeklog EditHeader.Admin.class.php remote 
> file include
> 100000738 || COMMUNITY WEB-PHP Geeklog EditIP.Admin.class.php remote 
> file include
> 100000739 || COMMUNITY WEB-PHP Geeklog IPofUrl.Examine.class.php remote 
> file include
> 100000740 || COMMUNITY WEB-PHP Geeklog Import.Admin.class.php remote 
> file include
> 100000741 || COMMUNITY WEB-PHP Geeklog LogView.Admin.class.php remote 
> file include
> 100000742 || COMMUNITY WEB-PHP Geeklog functions.inc remote file include
> 100000743 || COMMUNITY WEB-PHP Plume CMS dbinstall.php remote file include
> 100000746 || COMMUNITY WEB-PHP Randshop header.inc.php remote file include
> 100000747 || COMMUNITY WEB-PHP Plume CMS index.php remote file include
> 100000748 || COMMUNITY WEB-PHP Plume CMS rss.php remote file include
> 100000749 || COMMUNITY WEB-PHP Plume CMS search.php remote file include
> 100000750 || COMMUNITY WEB-PHP Free QBoard index.php remote file include
> 100000751 || COMMUNITY WEB-PHP Free QBoard about.php remote file include
> 100000752 || COMMUNITY WEB-PHP Free QBoard contact.php remote file include
> 100000753 || COMMUNITY WEB-PHP Free QBoard delete.php remote file include
> 100000754 || COMMUNITY WEB-PHP Free QBoard faq.php remote file include
> 100000755 || COMMUNITY WEB-PHP Free QBoard features.php remote file include
> 100000756 || COMMUNITY WEB-PHP Free QBoard history.php remote file include
> 100000762 || COMMUNITY WEB-PHP Randshop index.php remote file include
> 100000764 || COMMUNITY WEB-PHP MyPHP CMS global_header.php remote file 
> include
> 100000766 || COMMUNITY WEB-PHP Blog CMS thumb.php remote file include
> 100000790 || COMMUNITY WEB-PHP Pivot edit_new.php remote file include
> 100000802 || COMMUNITY WEB-PHP BosClassifieds index.php remote file include
> 100000803 || COMMUNITY WEB-PHP BosClassifieds recent.php remote file include
> 100000804 || COMMUNITY WEB-PHP BosClassifieds account.php remote file 
> include
> 100000805 || COMMUNITY WEB-PHP BosClassifieds classified.php remote file 
> include
> 100000806 || COMMUNITY WEB-PHP BosClassifieds search.php remote file include
> 100000809 || COMMUNITY WEB-PHP RW Download stats.php remote file include
> 100000810 || COMMUNITY WEB-PHP PHPBB download.php remote file include
> 100000811 || COMMUNITY WEB-PHP PHPBB attach_rules.php remote file include
> 100000812 || COMMUNITY WEB-PHP SimpleBoard SBP index.php remote file include
> 100000813 || COMMUNITY WEB-PHP SimpleBoard SBP file_upload.php remote 
> file include
> 100000814 || COMMUNITY WEB-PHP SimpleBoard SBP image_upload.php remote 
> file include
> 100000815 || COMMUNITY WEB-PHP SimpleBoard SBP performs.php remote file 
> include
> 100000816 || COMMUNITY WEB-PHP PC_CookBook pccookbook.php remote file 
> include
> 100000817 || COMMUNITY WEB-PHP SMF Forum smf.php remote file include
> 100000836 || COMMUNITY WEB-PHP MiniBB com_minibb.php remote file include
> 100000837 || COMMUNITY WEB-PHP MiniBB index.php remote file include
> 100000839 || COMMUNITY WEB-PHP PHP Event Calendar calendar.php remote 
> file include
> 100000840 || COMMUNITY WEB-PHP FlatNuke index.php remote file include
> 100000841 || COMMUNITY WEB-PHP PerForms performs.php remote file include
> 100000847 || COMMUNITY WEB-PHP Sitemap sitemap.xml.php remote file include
> 100000850 || COMMUNITY WEB-PHP IceWarp include.php remote file include
> 100000851 || COMMUNITY WEB-PHP IceWarp include.php remote file include
> 100000852 || COMMUNITY WEB-PHP IceWarp include.php remote file include
> 100000853 || COMMUNITY WEB-PHP IceWarp settings.html remote file include
> 100000854 || COMMUNITY WEB-PHP ListMessenger listmessenger.php remote 
> file include
> 100000861 || COMMUNITY WEB-PHP FlushCMS class.rich.php remote file include
> 100000862 || COMMUNITY WEB-PHP FlushCMS class.rich.php remote file include
> 100000864 || COMMUNITY WEB-CLIENT tsuserex.dll COM Object Instantiation 
> Vulnerability
> 100000865 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s01
> 100000866 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s02
> 100000867 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s03
> 100000868 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit s04
> 100000869 || COMMUNITY WEB-PHP powergap remote file Inclusion Exploit 
> sid variant
> 100000870 || COMMUNITY WEB-PHP powergap remote file inclusion exploit 
> sid variant 2
> 100000871 || COMMUNITY WEB-PHP CubeCart XSS attack
> 100000872 || COMMUNITY WEB-PHP CubeCart XSS attack
> 100000873 || COMMUNITY WEB-PHP discloser 0.0.4 Remote File Inclusion
> 100000874 || COMMUNITY MISC DLR-TOR Directory server response
> 100000878 || COMMUNITY WEB-CGI Roller Weblog XSS exploit
> 100000879 || COMMUNITY WEB-CGI Roller Weblog XSS exploit
> 100000880 || COMMUNITY WEB-CGI Roller Weblog XSS exploit
> 100000882 || COMMUNITY WEB-PHP PHP Live Helper globals.php remote file 
> include
> 100000883 || COMMUNITY WEB-PHP Inlink remote file inclusion exploit
> 100000884 || COMMUNITY WEB-MISC SimpleBlog Remote SQL Injection attempt
> 100000885 || COMMUNITY WEB-PHP pHNews access attempt
> 100000886 || COMMUNITY WEB-PHP Proxima access attempt
> 100000887 || COMMUNITY WEB-PHP pmwiki exploit attempt
> 100000888 || COMMUNITY WEB-PHP tikiwiki exploit attempt
> 100000889 || COMMUNITY WEB-PHP yappa-ng exploit attempt
> 100000892 || COMMUNITY MISC Q.931 Invalid Call Reference Length Buffer 
> Overflow
> 
> 
> 
> ------------------------------
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> 
> ------------------------------
> 
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> 
> 
> End of Snort-sigs Digest, Vol 5, Issue 11
> *****************************************




More information about the Snort-sigs mailing list