[Snort-sigs] Bleeding Edge Threats Daily Signature Changes

bleeding at ...3254... bleeding at ...3254...
Fri May 25 16:00:07 EDT 2007


[***] Results from Oinkmaster started Fri May 25 16:00:06 2007 [***]

[+++]          Added rules:          [+++]

 2003871 - BLEEDING-EDGE WEB Ripe Website Manager XSS Attempt -- index.php ripeformpost (bleeding-web.rules)
 2003872 - BLEEDING-EDGE WEB Redoable XSS Attempt -- searchloop.php s (bleeding-web.rules)
 2003873 - BLEEDING-EDGE WEB Redoable XSS Attempt -- header.php s (bleeding-web.rules)
 2003874 - BLEEDING-EDGE WEB vDesk Webmail XSS Attempt -- printcal.pl (bleeding-web.rules)
 2003875 - BLEEDING-EDGE WEB fotolog XSS Attempt -- all_photos.html user (bleeding-web.rules)
 2003876 - BLEEDING-EDGE WEB EQdkp XSS Attempt -- listmembers.php show (bleeding-web.rules)
 2003877 - BLEEDING-EDGE WEB EQdkp XSS Attempt -- stats.php show (bleeding-web.rules)
 2003878 - BLEEDING-EDGE WEB Open Translation Engine (OTE) XSS Attempt -- header.php ote_home (bleeding-web.rules)
 2003879 - BLEEDING-EDGE WEB PHPChain XSS Attempt -- settings.php catid (bleeding-web.rules)
 2003880 - BLEEDING-EDGE WEB PHPChain XSS Attempt -- cat.php catid (bleeding-web.rules)
 2003881 - BLEEDING-EDGE WEB SonicBB XSS Attempt -- search.php part (bleeding-web.rules)
 2003882 - BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- configure_plugin.tpl.php edit_plugin (bleeding-web.rules)
 2003883 - BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- phpinfo.php 1 (bleeding-web.rules)
 2003884 - BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- phpinfo.php a (bleeding-web.rules)
 2003885 - BLEEDING-EDGE WEB WordPress XSS Attempt -- sidebar.php (bleeding-web.rules)
 2003886 - BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS Attempt -- cp_authorization.php (bleeding-web.rules)
 2003887 - BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS Attempt -- cp_config.php (bleeding-web.rules)
 2003888 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- browseCat.php catFile (bleeding-web.rules)
 2003889 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- browseSubCat.php catFile (bleeding-web.rules)
 2003890 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- openTutorial.php id (bleeding-web.rules)
 2003891 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- topFrame.php id (bleeding-web.rules)
 2003892 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- editListing.php id (bleeding-web.rules)
 2003893 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- search.php search (bleeding-web.rules)
 2003894 - BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- dev_logon.asp username (bleeding-web.rules)
 2003895 - BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- registerAccount.asp (bleeding-web.rules)
 2003896 - BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- create_account.asp (bleeding-web.rules)
 2003897 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- whstart.js (bleeding-web.rules)
 2003898 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- whcsh_home.htm (bleeding-web.rules)
 2003899 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- wf_startpage.js (bleeding-web.rules)
 2003900 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- wf_startqs.htm (bleeding-web.rules)
 2003901 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- WindowManager.dll (bleeding-web.rules)
 2003902 - BLEEDING-EDGE WEB Apache Tomcat XSS Attempt -- implicit-objects.jsp (bleeding-web.rules)
 2003903 - BLEEDING-EDGE WEB Microsoft SharePoint XSS Attempt -- default.aspx (bleeding-web.rules)
 2003904 - BLEEDING-EDGE WEB Microsoft SharePoint XSS Attempt -- index.php form[mail] (bleeding-web.rules)
 2003905 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mods] (bleeding-web.rules)
 2003906 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form (bleeding-web.rules)
 2003907 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- download.php id (bleeding-web.rules)
 2003908 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat] (bleeding-web.rules)
 2003909 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat] (bleeding-web.rules)
 2003910 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[name] (bleeding-web.rules)
 2003911 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[message] (bleeding-web.rules)
 2003912 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mail] (bleeding-web.rules)
 2003913 - BLEEDING-EDGE WEB Kayako eSupport XSS Attempt -- index.php _m (bleeding-web.rules)
 2003914 - BLEEDING-EDGE WEB Podium CMS XSS Attempt -- Default.aspx id (bleeding-web.rules)
 2003915 - BLEEDING-EDGE WEB Advanced Guestbook XSS Attempt -- picture.php picture (bleeding-web.rules)
 2003916 - BLEEDING-EDGE WEB WikkaWiki (Wikka Wiki) XSS Attempt -- usersettings.php name (bleeding-web.rules)
 2003917 - BLEEDING-EDGE WEB TurnkeyWebTools SunShop Shopping Cart XSS Attempt -- index.php l (bleeding-web.rules)
 2003918 - BLEEDING-EDGE WEB Minh Nguyen Duong Obie Website Mini Web Shop XSS Attempt -- sendmail.php (bleeding-web.rules)
 2003919 - BLEEDING-EDGE WEB Minh Nguyen Duong Obie Website Mini Web Shop XSS Attempt -- order_form.php (bleeding-web.rules)
 2003920 - BLEEDING-EDGE WEB DVDdb XSS Attempt -- loan.php movieid (bleeding-web.rules)
 2003921 - BLEEDING-EDGE WEB DVDdb XSS Attempt -- listmovies.php s (bleeding-web.rules)
 2003922 - BLEEDING-EDGE WEB Sendcard XSS Attempt -- sendcard.php form (bleeding-web.rules)
 2003924 - BLEEDING-EDGE WEB WebHack Control Center User-Agent Inbound (WHCC/) (bleeding-scan.rules)
 2003925 - BLEEDING-EDGE WEB WebHack Control Center User-Agent Outbound (WHCC/) (bleeding-scan.rules)
 2003926 - BLEEDING-EDGE MALWARE Personalweb Spyware User-Agent (PWMI/1.0) (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 194

     -> Added to bleeding-drop.rules (1):
        #  VERSION 194

     -> Added to bleeding-scan.rules (1):
        #by Axn Jxn

     -> Added to bleeding-sid-msg.map (55):
        2003871 || BLEEDING-EDGE WEB Ripe Website Manager XSS Attempt -- index.php ripeformpost || url,www.securityfocus.com/bid/23597 || cve,CVE-2007-2206
        2003872 || BLEEDING-EDGE WEB Redoable XSS Attempt -- searchloop.php s || url,www.securityfocus.com/archive/1/archive/1/468892/100/0/threaded || cve,CVE-2007-2757
        2003873 || BLEEDING-EDGE WEB Redoable XSS Attempt -- header.php s || url,www.securityfocus.com/archive/1/archive/1/468892/100/0/threaded || cve,CVE-2007-2757
        2003874 || BLEEDING-EDGE WEB vDesk Webmail XSS Attempt -- printcal.pl || url,www.securityfocus.com/bid/24022 || cve,CVE-2007-2745
        2003875 || BLEEDING-EDGE WEB fotolog XSS Attempt -- all_photos.html user || url,www.securityfocus.com/archive/1/archive/1/468316/100/0/threaded || cve,CVE-2007-2724
        2003876 || BLEEDING-EDGE WEB EQdkp XSS Attempt -- listmembers.php show || url,www.securityfocus.com/bid/23951 || cve,CVE-2007-2716
        2003877 || BLEEDING-EDGE WEB EQdkp XSS Attempt -- stats.php show || url,www.securityfocus.com/bid/23951 || cve,CVE-2007-2716
        2003878 || BLEEDING-EDGE WEB Open Translation Engine (OTE) XSS Attempt -- header.php ote_home || url,www.milw0rm.com/exploits/3838 || cve,CVE-2007-2676
        2003879 || BLEEDING-EDGE WEB PHPChain XSS Attempt -- settings.php catid || url,www.securityfocus.com/bid/23761 || cve,CVE-2007-2670
        2003880 || BLEEDING-EDGE WEB PHPChain XSS Attempt -- cat.php catid || url,www.securityfocus.com/bid/23761 || cve,CVE-2007-2670
        2003881 || BLEEDING-EDGE WEB SonicBB XSS Attempt -- search.php part || url,www.netvigilance.com/advisory0020 || cve,CVE-2007-1903
        2003882 || BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- configure_plugin.tpl.php edit_plugin || url,www.securityfocus.com/bid/23917 || cve,CVE-2007-2632
        2003883 || BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- phpinfo.php 1 || url,www.securityfocus.com/bid/23917 || cve,CVE-2007-2632
        2003884 || BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- phpinfo.php a || url,www.securityfocus.com/bid/23917 || cve,CVE-2007-2632
        2003885 || BLEEDING-EDGE WEB WordPress XSS Attempt -- sidebar.php || url,www.securityfocus.com/archive/1/archive/1/467360/100/0/threaded || cve,CVE-2007-2627
        2003886 || BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS Attempt -- cp_authorization.php || url,www.frsirt.com/english/advisories/2007/1637 || cve,CVE-2007-2625
        2003887 || BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS Attempt -- cp_config.php || url,www.securityfocus.com/bid/23790 || cve,CVE-2007-2624
        2003888 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- browseCat.php catFile || url,www.milw0rm.com/exploits/3887 || cve,CVE-2007-2600
        2003889 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- browseSubCat.php catFile || url,www.milw0rm.com/exploits/3887 || cve,CVE-2007-2600
        2003890 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- openTutorial.php id || url,www.milw0rm.com/exploits/3887 || cve,CVE-2007-2600
        2003891 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- topFrame.php id || url,www.milw0rm.com/exploits/3887 || cve,CVE-2007-2600
        2003892 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- editListing.php id || url,www.milw0rm.com/exploits/3887 || cve,CVE-2007-2600
        2003893 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- search.php search || url,www.milw0rm.com/exploits/3887 || cve,CVE-2007-2600
        2003894 || BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- dev_logon.asp username || url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || cve,CVE-2007-2592
        2003895 || BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- registerAccount.asp || url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || cve,CVE-2007-2592
        2003896 || BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- create_account.asp || url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || cve,CVE-2007-2592
        2003897 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- whstart.js || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || cve,CVE-2007-1280
        2003898 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- whcsh_home.htm || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || cve,CVE-2007-1280
        2003899 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- wf_startpage.js || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || cve,CVE-2007-1280
        2003900 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- wf_startqs.htm || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || cve,CVE-2007-1280
        2003901 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- WindowManager.dll || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || cve,CVE-2007-1280
        2003902 || BLEEDING-EDGE WEB Apache Tomcat XSS Attempt -- implicit-objects.jsp || url,www.frsirt.com/english/advisories/2007/1729 || cve,CVE-2006-7195
        2003903 || BLEEDING-EDGE WEB Microsoft SharePoint XSS Attempt -- default.aspx || url,www.securityfocus.com/bid/23832 || cve,CVE-2007-2581
        2003904 || BLEEDING-EDGE WEB Microsoft SharePoint XSS Attempt -- index.php form[mail] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003905 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mods] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003906 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003907 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- download.php id || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003908 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003909 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003910 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[name] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003911 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[message] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003912 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mail] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003913 || BLEEDING-EDGE WEB Kayako eSupport XSS Attempt -- index.php _m || url,www.securityfocus.com/archive/1/archive/1/467832/100/0/threaded || cve,CVE-2007-2562
        2003914 || BLEEDING-EDGE WEB Podium CMS XSS Attempt -- Default.aspx id || url,www.securityfocus.com/archive/1/archive/1/467823/100/0/threaded || cve,CVE-2007-2555
        2003915 || BLEEDING-EDGE WEB Advanced Guestbook XSS Attempt -- picture.php picture || url,www.securityfocus.com/bid/23873 || cve,CVE-2007-0605
        2003916 || BLEEDING-EDGE WEB WikkaWiki (Wikka Wiki) XSS Attempt -- usersettings.php name || url,www.securityfocus.com/bid/23894 || cve,CVE-2007-2551
        2003917 || BLEEDING-EDGE WEB TurnkeyWebTools SunShop Shopping Cart XSS Attempt -- index.php l || url,www.securityfocus.com/bid/23856 || cve,CVE-2007-2547
        2003918 || BLEEDING-EDGE WEB Minh Nguyen Duong Obie Website Mini Web Shop XSS Attempt -- sendmail.php || url,www.securityfocus.com/bid/23847 || cve,CVE-2007-2532
        2003919 || BLEEDING-EDGE WEB Minh Nguyen Duong Obie Website Mini Web Shop XSS Attempt -- order_form.php || url,www.securityfocus.com/bid/23847 || cve,CVE-2007-2532
        2003920 || BLEEDING-EDGE WEB DVDdb XSS Attempt -- loan.php movieid || url,www.securityfocus.com/bid/23764 || cve,CVE-2007-2499
        2003921 || BLEEDING-EDGE WEB DVDdb XSS Attempt -- listmovies.php s || url,www.securityfocus.com/bid/23764 || cve,CVE-2007-2499
        2003922 || BLEEDING-EDGE WEB Sendcard XSS Attempt -- sendcard.php form || url,www.secunia.com/advisories/25085 || cve,CVE-2007-2472
        2003924 || BLEEDING-EDGE WEB WebHack Control Center User-Agent Inbound (WHCC/) || url,www.governmentsecurity.org/forum/index.php?showtopic=5112&pid=28561&mode=threaded&start=
        2003925 || BLEEDING-EDGE WEB WebHack Control Center User-Agent Outbound (WHCC/) || url,www.governmentsecurity.org/forum/index.php?showtopic=5112&pid=28561&mode=threaded&start=
        2003926 || BLEEDING-EDGE MALWARE Personalweb Spyware User-Agent (PWMI/1.0)

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 193

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 193





More information about the Snort-sigs mailing list