[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Thu May 17 16:00:06 EDT 2007


[***] Results from Oinkmaster started Thu May 17 16:00:05 2007 [***]

[+++]          Added rules:          [+++]

       0 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php tt_docroot (bleeding-web.rules)
 2003638 - BLEEDING-EDGE VIRUS AV-Killer.Win32 User Agent Detected (p4r4z1t3v3.one14.J) (bleeding-virus.rules)
 2003660 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt - Headerfile.php System (bleeding-web.rules)
 2003661 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- latest_files.php System (bleeding-web.rules)
 2003662 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- latest_posts.php System (bleeding-web.rules)
 2003663 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- groups_headerfile.php System (bleeding-web.rules)
 2003664 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- filters_headerfile.php System (bleeding-web.rules)
 2003665 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- links.php System (bleeding-web.rules)
 2003666 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- menu_headerfile.php System (bleeding-web.rules)
 2003667 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- latest_news.php System (bleeding-web.rules)
 2003668 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- settings_headerfile.php System (bleeding-web.rules)
 2003669 - BLEEDING-EDGE WEB TopTree Remote Inclusion Attempt -- tpl_message.php right_file (bleeding-web.rules)
 2003670 - BLEEDING-EDGE WEB Workbench Survival Guide Remote Inclusion Attempt -- headerfile.php path (bleeding-web.rules)
 2003671 - BLEEDING-EDGE WEB Versado CMS Remote Inclusion Attempt -- ajax_listado.php urlModulo (bleeding-web.rules)
 2003672 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_image_index.php config[pathMod] (bleeding-web.rules)
 2003673 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_liens_index.php config[pathMod] (bleeding-web.rules)
 2003674 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_liste_index.php config[pathMod] (bleeding-web.rules)
 2003675 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_special_index.php config[pathMod] (bleeding-web.rules)
 2003676 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_texte_index.php config[pathMod] (bleeding-web.rules)
 2003677 - BLEEDING-EDGE WEB Berylium2 Remote Inclusion Attempt -- berylium-classes.php beryliumroot (bleeding-web.rules)
 2003678 - BLEEDING-EDGE WEB Tropicalm Remote Inclusion Attempt -- dosearch.php RESPATH (bleeding-web.rules)
 2003679 - BLEEDING-EDGE WEB DynamicPAD Remote Inclusion Attempt -- dp_logs.php HomeDir (bleeding-web.rules)
 2003680 - BLEEDING-EDGE WEB DynamicPAD Remote Inclusion Attempt -- index.php HomeDir (bleeding-web.rules)
 2003681 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- users_headerfile.php System (bleeding-web.rules)
 2003682 - BLEEDING-EDGE WEB E-Gads Remote Inclusion Attempt -- common.php locale (bleeding-web.rules)
 2003683 - BLEEDING-EDGE WEB PHP Turbulence Remote Inclusion Attempt -- turbulence.php GLOBALS[tcore] (bleeding-web.rules)
 2003684 - BLEEDING-EDGE WEB MXBB Remote Inclusion Attempt -- faq.php module_root_path (bleeding-web.rules)
 2003685 - BLEEDING-EDGE WEB Wordpress Remote Inclusion Attempt -- wptable-button.php wpPATH (bleeding-web.rules)
 2003686 - BLEEDING-EDGE WEB Wordpress Remote Inclusion Attempt -- wordtube-button.php wpPATH (bleeding-web.rules)
 2003687 - BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- payflow_pro.php abs_path (bleeding-web.rules)
 2003688 - BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- global.php abs_path (bleeding-web.rules)
 2003689 - BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- libsecure.php abs_path (bleeding-web.rules)
 2003690 - BLEEDING-EDGE WEB Firefly Remote Inclusion Attempt -- config.php DOCUMENT_ROOT (bleeding-web.rules)
 2003691 - BLEEDING-EDGE WEB Pixaria Gallery Remote Inclusion Attempt -- psg.smarty.lib.php cfg[sys][base_path] (bleeding-web.rules)
 2003692 - BLEEDING-EDGE WEB VM Watermark Remote Inclusion Attempt -- watermark.php GALLERY_BASEDIR (bleeding-web.rules)
 2003693 - BLEEDING-EDGE WEB PHPtree Remote Inclusion Attempt -- cms2.php s_dir (bleeding-web.rules)
 2003694 - BLEEDING-EDGE WEB NoAH Remote Inclusion Attempt -- mfa_theme.php tpls (bleeding-web.rules)
 2003696 - BLEEDING-EDGE WEB Wikivi5 Remote Inclusion Attempt -- show.php sous_rep (bleeding-web.rules)
 2003698 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion index.php abs_path (bleeding-web.rules)
 2003699 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion checkout.php abs_path (bleeding-web.rules)
 2003700 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion libsecure.php abs_path (bleeding-web.rules)
 2003701 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion index.php repinc (bleeding-web.rules)
 2003702 - BLEEDING-EDGE WEB Pixaria Gallery Remote Inclusion class.Smarty.php cfg[sys][base_path] (bleeding-web.rules)
 2003703 - BLEEDING-EDGE WEB phpMyPortal Remote Inclusion Attempt -- articles.inc.php GLOBALS[CHEMINMODULES] (bleeding-web.rules)
 2003704 - BLEEDING-EDGE WEB AForum Remote Inclusion func.php CommonAbsDir (bleeding-web.rules)
 2003705 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion site_conf.php ordnertiefe (bleeding-web.rules)
 2003706 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion class.csv.php tt_docroot (bleeding-web.rules)
 2003707 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion produkte_nach_serie.php tt_docroot (bleeding-web.rules)
 2003708 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion ref_kd_rubrik.php tt_docroot (bleeding-web.rules)
 2003709 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion hg_referenz_jobgalerie.php tt_docroot (bleeding-web.rules)
 2003710 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion surfer_anmeldung_NWL.php tt_docroot (bleeding-web.rules)
 2003711 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion produkte_nach_serie_alle.php tt_docroot (bleeding-web.rules)
 2003712 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion surfer_aendern.php tt_docroot (bleeding-web.rules)
 2003713 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion referenz.php tt_docroot (bleeding-web.rules)
 2003714 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion lay.php tt_docroot (bleeding-web.rules)
 2003715 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion ref_kd_rubrik.php tt_docroot (bleeding-web.rules)
 2003716 - BLEEDING-EDGE WEB LaVague Remote Inclusion Attempt -- printbar.php views_path (bleeding-web.rules)
 2003717 - BLEEDING-EDGE WEB miplex2 Remote Inclusion SmartyFU.class.php system (bleeding-web.rules)
 2003718 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom.php ETCDIR (bleeding-web.rules)
 2003719 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom_update.php ETCDIR (bleeding-web.rules)
 2003720 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- check-lom.php ETCDIR (bleeding-web.rules)
 2003721 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- weigh_keywords.php ETCDIR (bleeding-web.rules)
 2003722 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- logout.php ETCDIR (bleeding-web.rules)
 2003723 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- help.php ETCDIR (bleeding-web.rules)
 2003724 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- index.php ETCDIR (bleeding-web.rules)
 2003725 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- login.php ETCDIR (bleeding-web.rules)
 2003726 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- mtdialogo.php pathCGX (bleeding-web.rules)
 2003727 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- ltdialogo.php pathCGX (bleeding-web.rules)
 2003728 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- logingecon.php pathCGX (bleeding-web.rules)
 2003729 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- login.php pathCGX (bleeding-web.rules)
 2003730 - BLEEDING-EDGE WEB PHPHtmlLib Remote Inclusion Attempt -- widget8.php phphtmllib (bleeding-web.rules)
 2003731 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- ftp.php path_local (bleeding-web.rules)
 2003732 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- db.php path_local (bleeding-web.rules)
 2003733 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- libs_ftp.php path_local (bleeding-web.rules)
 2003735 - BLEEDING-EDGE WEB PHPSecurityAdmin Remote Inclusion Attempt -- logout.php PSA_PATH (bleeding-web.rules)
 2003736 - BLEEDING-EDGE WEB AForum Remote Inclusion Attempt -- errormsg.php header (bleeding-web.rules)
 2003737 - BLEEDING-EDGE WEB CJG Explorer Remote Inclusion Attempt -- pcltrace.lib.php g_pcltar_lib_dir (bleeding-web.rules)
 2003738 - BLEEDING-EDGE WEB Beacon Remote Inclusion Attempt -- splash.lang.php languagePath (bleeding-web.rules)
 2003739 - BLEEDING-EDGE WEB Yaap Remote Inclusion Attempt -- common.php root_path (bleeding-web.rules)
 2003740 - BLEEDING-EDGE WEB PHPFirstPost Remote Inclusion Attempt block.php Include (bleeding-web.rules)
 2003741 - BLEEDING-EDGE WEB Open Translation Engine Remote Inclusion Attempt -- header.php ote_home (bleeding-web.rules)
 2003742 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- language.php config (bleeding-web.rules)
 2003743 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- layout_admin_cfg.php Root_Path (bleeding-web.rules)
 2003744 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- layout_cfg.php Root_Path (bleeding-web.rules)
 2003745 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- layout_t_top.php Root_Path (bleeding-web.rules)
 2003746 - BLEEDING-EDGE WEB Simple PHP Script Gallery Remote Inclusion index.php gallery (bleeding-web.rules)
 2003747 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom.php ETCDIR (bleeding-web.rules)


[///]     Modified active rules:     [///]

 2003302 - BLEEDING-EDGE TROJAN psyBNC IRC Server Connection (bleeding-virus.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[---]         Removed rules:         [---]

 2003633 - BLEEDING-EDGE CURRENT EVENTS Traffic with a window of 55808 - Unknown likely hostile scanning - Please report hits to Bleeding Edge or ISC (bleeding.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 186

     -> Added to bleeding-drop.rules (1):
        #  VERSION 186

     -> Added to bleeding-sid-msg.map (87):
        0000000 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003638 || BLEEDING-EDGE VIRUS AV-Killer.Win32 User Agent Detected (p4r4z1t3v3.one14.J)
        2003660 || BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt - Headerfile.php System || url,www.milw0rm.com/exploits/3853 || cve,CVE-2007-2545
        2003661 || BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- latest_files.php System || url,www.milw0rm.com/exploits/3853 || cve,CVE-2007-2545
        2003662 || BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- latest_posts.php System || url,www.milw0rm.com/exploits/3853 || cve,CVE-2007-2545
        2003663 || BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- groups_headerfile.php System || url,www.milw0rm.com/exploits/3853 || cve,CVE-2007-2545
        2003664 || BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- filters_headerfile.php System || url,www.milw0rm.com/exploits/3853 || cve,CVE-2007-2545
        2003665 || BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- links.php System || url,www.milw0rm.com/exploits/3853 || cve,CVE-2007-2545
        2003666 || BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- menu_headerfile.php System || url,www.milw0rm.com/exploits/3853 || cve,CVE-2007-2545
        2003667 || BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- latest_news.php System || url,www.milw0rm.com/exploits/3853 || cve,CVE-2007-2545
        2003668 || BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- settings_headerfile.php System || url,www.milw0rm.com/exploits/3853 || cve,CVE-2007-2545
        2003669 || BLEEDING-EDGE WEB TopTree Remote Inclusion Attempt -- tpl_message.php right_file || url,www.milw0rm.com/exploits/3854 || cve,CVE-2007-2544
        2003670 || BLEEDING-EDGE WEB Workbench Survival Guide Remote Inclusion Attempt -- headerfile.php path || url,www.milw0rm.com/exploits/3848 || cve,CVE-2007-2542
        2003671 || BLEEDING-EDGE WEB Versado CMS Remote Inclusion Attempt -- ajax_listado.php urlModulo || url,www.milw0rm.com/exploits/3847 || cve,CVE-2007-2541
        2003672 || BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_image_index.php config[pathMod] || url,www.milw0rm.com/exploits/3852 || cve,CVE-2007-2540
        2003673 || BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_liens_index.php config[pathMod] || url,www.milw0rm.com/exploits/3852 || cve,CVE-2007-2540
        2003674 || BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_liste_index.php config[pathMod] || url,www.milw0rm.com/exploits/3852 || cve,CVE-2007-2540
        2003675 || BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_special_index.php config[pathMod] || url,www.milw0rm.com/exploits/3852 || cve,CVE-2007-2540
        2003676 || BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_texte_index.php config[pathMod] || url,www.milw0rm.com/exploits/3852 || cve,CVE-2007-2540
        2003677 || BLEEDING-EDGE WEB Berylium2 Remote Inclusion Attempt -- berylium-classes.php beryliumroot || url,www.milw0rm.com/exploits/3869 || cve,CVE-2007-2531
        2003678 || BLEEDING-EDGE WEB Tropicalm Remote Inclusion Attempt -- dosearch.php RESPATH || url,www.milw0rm.com/exploits/3865 || cve,CVE-2007-2530
        2003679 || BLEEDING-EDGE WEB DynamicPAD Remote Inclusion Attempt -- dp_logs.php HomeDir || url,milw0rm.com/exploits/3868 || cve,CVE-2007-2527
        2003680 || BLEEDING-EDGE WEB DynamicPAD Remote Inclusion Attempt -- index.php HomeDir || url,milw0rm.com/exploits/3868 || cve,CVE-2007-2527
        2003681 || BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- users_headerfile.php System || url,www.milw0rm.com/exploits/3853 || cve,CVE-2007-2545
        2003682 || BLEEDING-EDGE WEB E-Gads Remote Inclusion Attempt -- common.php locale || url,www.milw0rm.com/exploits/3846 || cve,CVE-2007-2521
        2003683 || BLEEDING-EDGE WEB PHP Turbulence Remote Inclusion Attempt -- turbulence.php GLOBALS[tcore] || url,www.securityfocus.com/bid/23580 || cve,CVE-2007-2504
        2003684 || BLEEDING-EDGE WEB MXBB Remote Inclusion Attempt -- faq.php module_root_path || url,www.milw0rm.com/exploits/3833 || cve,CVE-2007-2493
        2003685 || BLEEDING-EDGE WEB Wordpress Remote Inclusion Attempt -- wptable-button.php wpPATH || url,www.milw0rm.com/exploits/3824 || cve,CVE-2007-2484
        2003686 || BLEEDING-EDGE WEB Wordpress Remote Inclusion Attempt -- wordtube-button.php wpPATH || url,www.milw0rm.com/exploits/3825 || cve,CVE-2007-2481
        2003687 || BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- payflow_pro.php abs_path || url,www.securityfocus.com/bid/23662 || cve,CVE-2007-2474
        2003688 || BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- global.php abs_path || url,www.securityfocus.com/bid/23662 || cve,CVE-2007-2474
        2003689 || BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- libsecure.php abs_path || url,www.securityfocus.com/bid/23662 || cve,CVE-2007-2474
        2003690 || BLEEDING-EDGE WEB Firefly Remote Inclusion Attempt -- config.php DOCUMENT_ROOT || url,www.frsirt.com/english/advisories/2007/1554 || cve,CVE-2007-2460
        2003691 || BLEEDING-EDGE WEB Pixaria Gallery Remote Inclusion Attempt -- psg.smarty.lib.php cfg[sys][base_path] || url,www.frsirt.com/english/advisories/2007/1390 || cve,CVE-2007-2458
        2003692 || BLEEDING-EDGE WEB VM Watermark Remote Inclusion Attempt -- watermark.php GALLERY_BASEDIR || url,www.milw0rm.com/exploits/3857 || cve,CVE-2007-2575
        2003693 || BLEEDING-EDGE WEB PHPtree Remote Inclusion Attempt -- cms2.php s_dir || url,www.milw0rm.com/exploits/3860 || cve,CVE-2007-2573
        2003694 || BLEEDING-EDGE WEB NoAH Remote Inclusion Attempt -- mfa_theme.php tpls || url,www.milw0rm.com/exploits/3861 || cve,CVE-2007-2572
        2003696 || BLEEDING-EDGE WEB Wikivi5 Remote Inclusion Attempt -- show.php sous_rep || url,www.milw0rm.com/exploits/3863 || cve,CVE-2007-2570
        2003698 || BLEEDING-EDGE WEB pfa CMS Remote Inclusion index.php abs_path || url,www.securityfocus.com/archive/1/archive/1/467840/100/0/threaded || cve,CVE-2007-2559
        2003699 || BLEEDING-EDGE WEB pfa CMS Remote Inclusion checkout.php abs_path || url,www.securityfocus.com/archive/1/archive/1/467840/100/0/threaded || cve,CVE-2007-2559
        2003700 || BLEEDING-EDGE WEB pfa CMS Remote Inclusion libsecure.php abs_path || url,www.securityfocus.com/archive/1/archive/1/467840/100/0/threaded || cve,CVE-2007-2559
        2003701 || BLEEDING-EDGE WEB pfa CMS Remote Inclusion index.php repinc || url,www.securityfocus.com/archive/1/archive/1/467827/100/0/threaded || cve,CVE-2007-2558
        2003702 || BLEEDING-EDGE WEB Pixaria Gallery Remote Inclusion class.Smarty.php cfg[sys][base_path] || url,www.milw0rm.com/exploits/3733 || cve,CVE-2007-2457
        2003703 || BLEEDING-EDGE WEB phpMyPortal Remote Inclusion Attempt -- articles.inc.php GLOBALS[CHEMINMODULES] || url,www.milw0rm.com/exploits/3879 || cve,CVE-2007-2594
        2003704 || BLEEDING-EDGE WEB AForum Remote Inclusion func.php CommonAbsDir || url,www.milw0rm.com/exploits/3884 || cve,CVE-2007-2596
        2003705 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion site_conf.php ordnertiefe || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003706 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion class.csv.php tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003707 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion produkte_nach_serie.php tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003708 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion ref_kd_rubrik.php tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003709 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion hg_referenz_jobgalerie.php tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003710 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion surfer_anmeldung_NWL.php tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003711 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion produkte_nach_serie_alle.php tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003712 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion surfer_aendern.php tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003713 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion referenz.php tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003714 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion lay.php tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003715 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion ref_kd_rubrik.php tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003716 || BLEEDING-EDGE WEB LaVague Remote Inclusion Attempt -- printbar.php views_path || url,www.milw0rm.com/exploits/3870 || cve,CVE-2007-2607
        2003717 || BLEEDING-EDGE WEB miplex2 Remote Inclusion SmartyFU.class.php system || url,www.milw0rm.com/exploits/3878 || cve,CVE-2007-2608
        2003718 || BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom.php ETCDIR || url,www.milw0rm.com/exploits/3876 || cve,CVE-2007-2609
        2003719 || BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom_update.php ETCDIR || url,www.milw0rm.com/exploits/3876 || cve,CVE-2007-2609
        2003720 || BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- check-lom.php ETCDIR || url,www.milw0rm.com/exploits/3876 || cve,CVE-2007-2609
        2003721 || BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- weigh_keywords.php ETCDIR || url,www.milw0rm.com/exploits/3876 || cve,CVE-2007-2609
        2003722 || BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- logout.php ETCDIR || url,www.milw0rm.com/exploits/3876 || cve,CVE-2007-2609
        2003723 || BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- help.php ETCDIR || url,www.milw0rm.com/exploits/3876 || cve,CVE-2007-2609
        2003724 || BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- index.php ETCDIR || url,www.milw0rm.com/exploits/3876 || cve,CVE-2007-2609
        2003725 || BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- login.php ETCDIR || url,www.milw0rm.com/exploits/3876 || cve,CVE-2007-2609
        2003726 || BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- mtdialogo.php pathCGX || url,www.milw0rm.com/exploits/3874 || cve,CVE-2007-2611
        2003727 || BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- ltdialogo.php pathCGX || url,www.milw0rm.com/exploits/3874 || cve,CVE-2007-2611
        2003728 || BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- logingecon.php pathCGX || url,www.milw0rm.com/exploits/3874 || cve,CVE-2007-2611
        2003729 || BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- login.php pathCGX || url,www.milw0rm.com/exploits/3874 || cve,CVE-2007-2611
        2003730 || BLEEDING-EDGE WEB PHPHtmlLib Remote Inclusion Attempt -- widget8.php phphtmllib || url,www.securityfocus.com/archive/1/archive/1/467837/100/0/threaded || cve,CVE-2007-2614
        2003731 || BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- ftp.php path_local || url,www.milw0rm.com/exploits/3875 || cve,CVE-2007-2615
        2003732 || BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- db.php path_local || url,www.milw0rm.com/exploits/3875 || cve,CVE-2007-2615
        2003733 || BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- libs_ftp.php path_local || url,www.milw0rm.com/exploits/3875 || cve,CVE-2007-2615
        2003735 || BLEEDING-EDGE WEB PHPSecurityAdmin Remote Inclusion Attempt -- logout.php PSA_PATH || url,www.securityfocus.com/bid/23801 || cve,CVE-2007-2628
        2003736 || BLEEDING-EDGE WEB AForum Remote Inclusion Attempt -- errormsg.php header || url,secunia.com/advisories/25224 || cve,CVE-2007-2634
        2003737 || BLEEDING-EDGE WEB CJG Explorer Remote Inclusion Attempt -- pcltrace.lib.php g_pcltar_lib_dir || url,www.milw0rm.com/exploits/3915 || cve,CVE-2007-2660
        2003738 || BLEEDING-EDGE WEB Beacon Remote Inclusion Attempt -- splash.lang.php languagePath || url,www.milw0rm.com/exploits/3909 || cve,CVE-2007-2663
        2003739 || BLEEDING-EDGE WEB Yaap Remote Inclusion Attempt -- common.php root_path || url,www.milw0rm.com/exploits/3908 || cve,CVE-2007-2664
        2003740 || BLEEDING-EDGE WEB PHPFirstPost Remote Inclusion Attempt block.php Include || url,www.milw0rm.com/exploits/3906 || cve,CVE-2007-2665
        2003741 || BLEEDING-EDGE WEB Open Translation Engine Remote Inclusion Attempt -- header.php ote_home || url,www.milw0rm.com/exploits/3838 || cve,CVE-2007-2676
        2003742 || BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- language.php config || url,www.milw0rm.com/exploits/3837 || cve,CVE-2007-2677
        2003743 || BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- layout_admin_cfg.php Root_Path || url,www.milw0rm.com/exploits/3837 || cve,CVE-2007-2677
        2003744 || BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- layout_cfg.php Root_Path || url,www.milw0rm.com/exploits/3837 || cve,CVE-2007-2677
        2003745 || BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- layout_t_top.php Root_Path || url,www.milw0rm.com/exploits/3837 || cve,CVE-2007-2677
        2003746 || BLEEDING-EDGE WEB Simple PHP Script Gallery Remote Inclusion index.php gallery || url,www.securityfocus.com/bid/23534 || cve,CVE-2007-2679
        2003747 || BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom.php ETCDIR || url,www.milw0rm.com/exploits/3876 || cve,CVE-2007-2609

     -> Added to bleeding-web.rules (38):
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #OTE = Open Translation Engine
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty
        #by tinytwitty

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 180

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 180

     -> Removed from bleeding-sid-msg.map (3):
        2003633 || BLEEDING-EDGE CURRENT EVENTS Traffic with a window of 55808 - Unknown likely hostile scanning - Please report hits to Bleeding Edge or ISC || url,www.cert.org/current/archive/2003/06/25/archive.html || url,isc.sans.org/diary.html?n&storyid=2717
        2404006 || BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  || url,www.shadowserver.org
        2405006 || BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE || url,www.shadowserver.org

     -> Removed from bleeding.rules (2):
        #by Matt Jonkman
        #From ISC post here: isc.sans.org/diary.html?n&storyid=2717





More information about the Snort-sigs mailing list