[Snort-sigs] Bleeding Edge Threats Weekly Signature Changes

bleeding at ...3254... bleeding at ...3254...
Fri May 25 18:00:06 EDT 2007


[***] Results from Oinkmaster started Fri May 25 18:00:06 2007 [***]

[+++]          Added rules:          [+++]

 2003865 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid DELETE (bleeding-web.rules)
 2003866 - BLEEDING-EDGE WEB Glossaire SQL Injection Attempt -- glossaire-p-f.php sid SELECT (bleeding-web.rules)
 2003867 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php tt_docroot (bleeding-web.rules)
 2003868 - BLEEDING-EDGE VIRUS Zlob User Agent (Progressive Download) (bleeding-virus.rules)
 2003869 - BLEEDING-EDGE SCAN ProxyReconBot CONNECT method to Mail (bleeding-scan.rules)
 2003870 - BLEEDING-EDGE SCAN ProxyReconBot POST method to Mail (bleeding-scan.rules)
 2003871 - BLEEDING-EDGE WEB Ripe Website Manager XSS Attempt -- index.php ripeformpost (bleeding-web.rules)
 2003872 - BLEEDING-EDGE WEB Redoable XSS Attempt -- searchloop.php s (bleeding-web.rules)
 2003873 - BLEEDING-EDGE WEB Redoable XSS Attempt -- header.php s (bleeding-web.rules)
 2003874 - BLEEDING-EDGE WEB vDesk Webmail XSS Attempt -- printcal.pl (bleeding-web.rules)
 2003875 - BLEEDING-EDGE WEB fotolog XSS Attempt -- all_photos.html user (bleeding-web.rules)
 2003876 - BLEEDING-EDGE WEB EQdkp XSS Attempt -- listmembers.php show (bleeding-web.rules)
 2003877 - BLEEDING-EDGE WEB EQdkp XSS Attempt -- stats.php show (bleeding-web.rules)
 2003878 - BLEEDING-EDGE WEB Open Translation Engine (OTE) XSS Attempt -- header.php ote_home (bleeding-web.rules)
 2003879 - BLEEDING-EDGE WEB PHPChain XSS Attempt -- settings.php catid (bleeding-web.rules)
 2003880 - BLEEDING-EDGE WEB PHPChain XSS Attempt -- cat.php catid (bleeding-web.rules)
 2003881 - BLEEDING-EDGE WEB SonicBB XSS Attempt -- search.php part (bleeding-web.rules)
 2003882 - BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- configure_plugin.tpl.php edit_plugin (bleeding-web.rules)
 2003883 - BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- phpinfo.php 1 (bleeding-web.rules)
 2003884 - BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- phpinfo.php a (bleeding-web.rules)
 2003885 - BLEEDING-EDGE WEB WordPress XSS Attempt -- sidebar.php (bleeding-web.rules)
 2003886 - BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS Attempt -- cp_authorization.php (bleeding-web.rules)
 2003887 - BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS Attempt -- cp_config.php (bleeding-web.rules)
 2003888 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- browseCat.php catFile (bleeding-web.rules)
 2003889 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- browseSubCat.php catFile (bleeding-web.rules)
 2003890 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- openTutorial.php id (bleeding-web.rules)
 2003891 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- topFrame.php id (bleeding-web.rules)
 2003892 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- editListing.php id (bleeding-web.rules)
 2003893 - BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- search.php search (bleeding-web.rules)
 2003894 - BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- dev_logon.asp username (bleeding-web.rules)
 2003895 - BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- registerAccount.asp (bleeding-web.rules)
 2003896 - BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- create_account.asp (bleeding-web.rules)
 2003897 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- whstart.js (bleeding-web.rules)
 2003898 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- whcsh_home.htm (bleeding-web.rules)
 2003899 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- wf_startpage.js (bleeding-web.rules)
 2003900 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- wf_startqs.htm (bleeding-web.rules)
 2003901 - BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- WindowManager.dll (bleeding-web.rules)
 2003902 - BLEEDING-EDGE WEB Apache Tomcat XSS Attempt -- implicit-objects.jsp (bleeding-web.rules)
 2003903 - BLEEDING-EDGE WEB Microsoft SharePoint XSS Attempt -- default.aspx (bleeding-web.rules)
 2003904 - BLEEDING-EDGE WEB Microsoft SharePoint XSS Attempt -- index.php form[mail] (bleeding-web.rules)
 2003905 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mods] (bleeding-web.rules)
 2003906 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form (bleeding-web.rules)
 2003907 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- download.php id (bleeding-web.rules)
 2003908 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat] (bleeding-web.rules)
 2003909 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat] (bleeding-web.rules)
 2003910 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[name] (bleeding-web.rules)
 2003911 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[message] (bleeding-web.rules)
 2003912 - BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mail] (bleeding-web.rules)
 2003913 - BLEEDING-EDGE WEB Kayako eSupport XSS Attempt -- index.php _m (bleeding-web.rules)
 2003914 - BLEEDING-EDGE WEB Podium CMS XSS Attempt -- Default.aspx id (bleeding-web.rules)
 2003915 - BLEEDING-EDGE WEB Advanced Guestbook XSS Attempt -- picture.php picture (bleeding-web.rules)
 2003916 - BLEEDING-EDGE WEB WikkaWiki (Wikka Wiki) XSS Attempt -- usersettings.php name (bleeding-web.rules)
 2003917 - BLEEDING-EDGE WEB TurnkeyWebTools SunShop Shopping Cart XSS Attempt -- index.php l (bleeding-web.rules)
 2003918 - BLEEDING-EDGE WEB Minh Nguyen Duong Obie Website Mini Web Shop XSS Attempt -- sendmail.php (bleeding-web.rules)
 2003919 - BLEEDING-EDGE WEB Minh Nguyen Duong Obie Website Mini Web Shop XSS Attempt -- order_form.php (bleeding-web.rules)
 2003920 - BLEEDING-EDGE WEB DVDdb XSS Attempt -- loan.php movieid (bleeding-web.rules)
 2003921 - BLEEDING-EDGE WEB DVDdb XSS Attempt -- listmovies.php s (bleeding-web.rules)
 2003922 - BLEEDING-EDGE WEB Sendcard XSS Attempt -- sendcard.php form (bleeding-web.rules)
 2003924 - BLEEDING-EDGE WEB WebHack Control Center User-Agent Inbound (WHCC/) (bleeding-scan.rules)
 2003925 - BLEEDING-EDGE WEB WebHack Control Center User-Agent Outbound (WHCC/) (bleeding-scan.rules)
 2003926 - BLEEDING-EDGE MALWARE Personalweb Spyware User-Agent (PWMI/1.0) (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2003380 - BLEEDING-EDGE TROJAN Suspicious User-Agent - Possible Trojan Downloader (ver18/ver19, etc) (bleeding-virus.rules)
 2003527 - BLEEDING-EDGE MALWARE WinSoftware.com Spyware User-Agent (WinSoftware) (bleeding-malware.rules)
 2003660 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt - Headerfile.php System (bleeding-web.rules)
 2003661 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- latest_files.php System (bleeding-web.rules)
 2003662 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- latest_posts.php System (bleeding-web.rules)
 2003663 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- groups_headerfile.php System (bleeding-web.rules)
 2003664 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- filters_headerfile.php System (bleeding-web.rules)
 2003665 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- links.php System (bleeding-web.rules)
 2003666 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- menu_headerfile.php System (bleeding-web.rules)
 2003667 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- latest_news.php System (bleeding-web.rules)
 2003668 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- settings_headerfile.php System (bleeding-web.rules)
 2003669 - BLEEDING-EDGE WEB TopTree Remote Inclusion Attempt -- tpl_message.php right_file (bleeding-web.rules)
 2003670 - BLEEDING-EDGE WEB Workbench Survival Guide Remote Inclusion Attempt -- headerfile.php path (bleeding-web.rules)
 2003671 - BLEEDING-EDGE WEB Versado CMS Remote Inclusion Attempt -- ajax_listado.php urlModulo (bleeding-web.rules)
 2003672 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_image_index.php config[pathMod] (bleeding-web.rules)
 2003673 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_liens_index.php config[pathMod] (bleeding-web.rules)
 2003674 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_liste_index.php config[pathMod] (bleeding-web.rules)
 2003675 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_special_index.php config[pathMod] (bleeding-web.rules)
 2003676 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt -- mod_texte_index.php config[pathMod] (bleeding-web.rules)
 2003678 - BLEEDING-EDGE WEB Tropicalm Remote Inclusion Attempt -- dosearch.php RESPATH (bleeding-web.rules)
 2003679 - BLEEDING-EDGE WEB DynamicPAD Remote Inclusion Attempt -- dp_logs.php HomeDir (bleeding-web.rules)
 2003680 - BLEEDING-EDGE WEB DynamicPAD Remote Inclusion Attempt -- index.php HomeDir (bleeding-web.rules)
 2003681 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion Attempt -- users_headerfile.php System (bleeding-web.rules)
 2003682 - BLEEDING-EDGE WEB E-Gads Remote Inclusion Attempt -- common.php locale (bleeding-web.rules)
 2003683 - BLEEDING-EDGE WEB PHP Turbulence Remote Inclusion Attempt -- turbulence.php GLOBALS[tcore] (bleeding-web.rules)
 2003684 - BLEEDING-EDGE WEB MXBB Remote Inclusion Attempt -- faq.php module_root_path (bleeding-web.rules)
 2003685 - BLEEDING-EDGE WEB Wordpress Remote Inclusion Attempt -- wptable-button.php wpPATH (bleeding-web.rules)
 2003686 - BLEEDING-EDGE WEB Wordpress Remote Inclusion Attempt -- wordtube-button.php wpPATH (bleeding-web.rules)
 2003687 - BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- payflow_pro.php abs_path (bleeding-web.rules)
 2003688 - BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- global.php abs_path (bleeding-web.rules)
 2003689 - BLEEDING-EDGE WEB TurnKeyWebTools Remote Inclusion Attempt -- libsecure.php abs_path (bleeding-web.rules)
 2003690 - BLEEDING-EDGE WEB Firefly Remote Inclusion Attempt -- config.php DOCUMENT_ROOT (bleeding-web.rules)
 2003691 - BLEEDING-EDGE WEB Pixaria Gallery Remote Inclusion Attempt -- psg.smarty.lib.php cfg[sys][base_path] (bleeding-web.rules)
 2003692 - BLEEDING-EDGE WEB VM Watermark Remote Inclusion Attempt -- watermark.php GALLERY_BASEDIR (bleeding-web.rules)
 2003693 - BLEEDING-EDGE WEB PHPtree Remote Inclusion Attempt -- cms2.php s_dir (bleeding-web.rules)
 2003696 - BLEEDING-EDGE WEB Wikivi5 Remote Inclusion Attempt -- show.php sous_rep (bleeding-web.rules)
 2003698 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion index.php abs_path (bleeding-web.rules)
 2003699 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion checkout.php abs_path (bleeding-web.rules)
 2003700 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion libsecure.php abs_path (bleeding-web.rules)
 2003701 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion index.php repinc (bleeding-web.rules)
 2003702 - BLEEDING-EDGE WEB Pixaria Gallery Remote Inclusion class.Smarty.php cfg[sys][base_path] (bleeding-web.rules)
 2003703 - BLEEDING-EDGE WEB phpMyPortal Remote Inclusion Attempt -- articles.inc.php GLOBALS[CHEMINMODULES] (bleeding-web.rules)
 2003716 - BLEEDING-EDGE WEB LaVague Remote Inclusion Attempt -- printbar.php views_path (bleeding-web.rules)
 2003717 - BLEEDING-EDGE WEB miplex2 Remote Inclusion SmartyFU.class.php system (bleeding-web.rules)
 2003718 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom.php ETCDIR (bleeding-web.rules)
 2003719 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom_update.php ETCDIR (bleeding-web.rules)
 2003720 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- check-lom.php ETCDIR (bleeding-web.rules)
 2003721 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- weigh_keywords.php ETCDIR (bleeding-web.rules)
 2003722 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- logout.php ETCDIR (bleeding-web.rules)
 2003723 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- help.php ETCDIR (bleeding-web.rules)
 2003724 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- index.php ETCDIR (bleeding-web.rules)
 2003725 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- login.php ETCDIR (bleeding-web.rules)
 2003726 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- mtdialogo.php pathCGX (bleeding-web.rules)
 2003727 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- ltdialogo.php pathCGX (bleeding-web.rules)
 2003728 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- logingecon.php pathCGX (bleeding-web.rules)
 2003729 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt -- login.php pathCGX (bleeding-web.rules)
 2003730 - BLEEDING-EDGE WEB PHPHtmlLib Remote Inclusion Attempt -- widget8.php phphtmllib (bleeding-web.rules)
 2003731 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- ftp.php path_local (bleeding-web.rules)
 2003732 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- db.php path_local (bleeding-web.rules)
 2003733 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion Attempt -- libs_ftp.php path_local (bleeding-web.rules)
 2003735 - BLEEDING-EDGE WEB PHPSecurityAdmin Remote Inclusion Attempt -- logout.php PSA_PATH (bleeding-web.rules)
 2003737 - BLEEDING-EDGE WEB CJG Explorer Remote Inclusion Attempt -- pcltrace.lib.php g_pcltar_lib_dir (bleeding-web.rules)
 2003739 - BLEEDING-EDGE WEB Yaap Remote Inclusion Attempt -- common.php root_path (bleeding-web.rules)
 2003740 - BLEEDING-EDGE WEB PHPFirstPost Remote Inclusion Attempt block.php Include (bleeding-web.rules)
 2003741 - BLEEDING-EDGE WEB Open Translation Engine Remote Inclusion Attempt -- header.php ote_home (bleeding-web.rules)
 2003742 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- language.php config (bleeding-web.rules)
 2003743 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- layout_admin_cfg.php Root_Path (bleeding-web.rules)
 2003744 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- layout_cfg.php Root_Path (bleeding-web.rules)
 2003745 - BLEEDING-EDGE WEB PHPChess Remote Inclusion Attempt -- layout_t_top.php Root_Path (bleeding-web.rules)
 2003746 - BLEEDING-EDGE WEB Simple PHP Script Gallery Remote Inclusion index.php gallery (bleeding-web.rules)
 2003747 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt -- lom.php ETCDIR (bleeding-web.rules)
 2003794 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid SELECT (bleeding-web.rules)
 2003795 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid UNION SELECT (bleeding-web.rules)
 2003796 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid INSERT (bleeding-web.rules)
 2003797 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid ASCII (bleeding-web.rules)
 2003798 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid UPDATE (bleeding-web.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[---]         Removed rules:         [---]

       0 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php tt_docroot (bleeding-web.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 194

     -> Added to bleeding-drop.rules (1):
        #  VERSION 194

     -> Added to bleeding-scan.rules (2):
        #by Dennis Distler
        #by Axn Jxn

     -> Added to bleeding-sid-msg.map (64):
        2003380 || BLEEDING-EDGE TROJAN Suspicious User-Agent - Possible Trojan Downloader (ver18/ver19, etc)
        2003527 || BLEEDING-EDGE MALWARE WinSoftware.com Spyware User-Agent (WinSoftware) || url,research.sunbelt-software.com/threatdisplay.aspx?name=WinSoftware%20Corporation%2c%20Inc.%20(v)&threatid=90037
        2003796 || BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid INSERT || url,www.securityfocus.com/bid/23753 || cve,CVE-2007-2473
        2003865 || BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid DELETE || url,www.securityfocus.com/bid/23753 || cve,CVE-2007-2473
        2003866 || BLEEDING-EDGE WEB Glossaire SQL Injection Attempt -- glossaire-p-f.php sid SELECT || url,www.milw0rm.com/exploits/3932 || cve,CVE-2007-2738
        2003867 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003868 || BLEEDING-EDGE VIRUS Zlob User Agent (Progressive Download)
        2003869 || BLEEDING-EDGE SCAN ProxyReconBot CONNECT method to Mail
        2003870 || BLEEDING-EDGE SCAN ProxyReconBot POST method to Mail
        2003871 || BLEEDING-EDGE WEB Ripe Website Manager XSS Attempt -- index.php ripeformpost || url,www.securityfocus.com/bid/23597 || cve,CVE-2007-2206
        2003872 || BLEEDING-EDGE WEB Redoable XSS Attempt -- searchloop.php s || url,www.securityfocus.com/archive/1/archive/1/468892/100/0/threaded || cve,CVE-2007-2757
        2003873 || BLEEDING-EDGE WEB Redoable XSS Attempt -- header.php s || url,www.securityfocus.com/archive/1/archive/1/468892/100/0/threaded || cve,CVE-2007-2757
        2003874 || BLEEDING-EDGE WEB vDesk Webmail XSS Attempt -- printcal.pl || url,www.securityfocus.com/bid/24022 || cve,CVE-2007-2745
        2003875 || BLEEDING-EDGE WEB fotolog XSS Attempt -- all_photos.html user || url,www.securityfocus.com/archive/1/archive/1/468316/100/0/threaded || cve,CVE-2007-2724
        2003876 || BLEEDING-EDGE WEB EQdkp XSS Attempt -- listmembers.php show || url,www.securityfocus.com/bid/23951 || cve,CVE-2007-2716
        2003877 || BLEEDING-EDGE WEB EQdkp XSS Attempt -- stats.php show || url,www.securityfocus.com/bid/23951 || cve,CVE-2007-2716
        2003878 || BLEEDING-EDGE WEB Open Translation Engine (OTE) XSS Attempt -- header.php ote_home || url,www.milw0rm.com/exploits/3838 || cve,CVE-2007-2676
        2003879 || BLEEDING-EDGE WEB PHPChain XSS Attempt -- settings.php catid || url,www.securityfocus.com/bid/23761 || cve,CVE-2007-2670
        2003880 || BLEEDING-EDGE WEB PHPChain XSS Attempt -- cat.php catid || url,www.securityfocus.com/bid/23761 || cve,CVE-2007-2670
        2003881 || BLEEDING-EDGE WEB SonicBB XSS Attempt -- search.php part || url,www.netvigilance.com/advisory0020 || cve,CVE-2007-1903
        2003882 || BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- configure_plugin.tpl.php edit_plugin || url,www.securityfocus.com/bid/23917 || cve,CVE-2007-2632
        2003883 || BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- phpinfo.php 1 || url,www.securityfocus.com/bid/23917 || cve,CVE-2007-2632
        2003884 || BLEEDING-EDGE WEB PHP Multi User Randomizer (phpMUR) XSS Attempt -- phpinfo.php a || url,www.securityfocus.com/bid/23917 || cve,CVE-2007-2632
        2003885 || BLEEDING-EDGE WEB WordPress XSS Attempt -- sidebar.php || url,www.securityfocus.com/archive/1/archive/1/467360/100/0/threaded || cve,CVE-2007-2627
        2003886 || BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS Attempt -- cp_authorization.php || url,www.frsirt.com/english/advisories/2007/1637 || cve,CVE-2007-2625
        2003887 || BLEEDING-EDGE WEB All In One Control Panel (AIOCP) XSS Attempt -- cp_config.php || url,www.securityfocus.com/bid/23790 || cve,CVE-2007-2624
        2003888 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- browseCat.php catFile || url,www.milw0rm.com/exploits/3887 || cve,CVE-2007-2600
        2003889 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- browseSubCat.php catFile || url,www.milw0rm.com/exploits/3887 || cve,CVE-2007-2600
        2003890 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- openTutorial.php id || url,www.milw0rm.com/exploits/3887 || cve,CVE-2007-2600
        2003891 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- topFrame.php id || url,www.milw0rm.com/exploits/3887 || cve,CVE-2007-2600
        2003892 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- editListing.php id || url,www.milw0rm.com/exploits/3887 || cve,CVE-2007-2600
        2003893 || BLEEDING-EDGE WEB TutorialCMS (Photoshop Tutorials) XSS Attempt -- search.php search || url,www.milw0rm.com/exploits/3887 || cve,CVE-2007-2600
        2003894 || BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- dev_logon.asp username || url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || cve,CVE-2007-2592
        2003895 || BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- registerAccount.asp || url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || cve,CVE-2007-2592
        2003896 || BLEEDING-EDGE WEB Nokia Intellisync Mobile Suite XSS Attempt -- create_account.asp || url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || cve,CVE-2007-2592
        2003897 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- whstart.js || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || cve,CVE-2007-1280
        2003898 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- whcsh_home.htm || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || cve,CVE-2007-1280
        2003899 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- wf_startpage.js || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || cve,CVE-2007-1280
        2003900 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- wf_startqs.htm || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || cve,CVE-2007-1280
        2003901 || BLEEDING-EDGE WEB Adobe RoboHelp XSS Attempt -- WindowManager.dll || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || cve,CVE-2007-1280
        2003902 || BLEEDING-EDGE WEB Apache Tomcat XSS Attempt -- implicit-objects.jsp || url,www.frsirt.com/english/advisories/2007/1729 || cve,CVE-2006-7195
        2003903 || BLEEDING-EDGE WEB Microsoft SharePoint XSS Attempt -- default.aspx || url,www.securityfocus.com/bid/23832 || cve,CVE-2007-2581
        2003904 || BLEEDING-EDGE WEB Microsoft SharePoint XSS Attempt -- index.php form[mail] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003905 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mods] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003906 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003907 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- download.php id || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003908 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003909 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[cat] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003910 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[name] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003911 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[message] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003912 || BLEEDING-EDGE WEB ACP3 XSS Attempt -- index.php form[mail] || url,www.securityfocus.com/bid/23834 || cve,CVE-2007-2579
        2003913 || BLEEDING-EDGE WEB Kayako eSupport XSS Attempt -- index.php _m || url,www.securityfocus.com/archive/1/archive/1/467832/100/0/threaded || cve,CVE-2007-2562
        2003914 || BLEEDING-EDGE WEB Podium CMS XSS Attempt -- Default.aspx id || url,www.securityfocus.com/archive/1/archive/1/467823/100/0/threaded || cve,CVE-2007-2555
        2003915 || BLEEDING-EDGE WEB Advanced Guestbook XSS Attempt -- picture.php picture || url,www.securityfocus.com/bid/23873 || cve,CVE-2007-0605
        2003916 || BLEEDING-EDGE WEB WikkaWiki (Wikka Wiki) XSS Attempt -- usersettings.php name || url,www.securityfocus.com/bid/23894 || cve,CVE-2007-2551
        2003917 || BLEEDING-EDGE WEB TurnkeyWebTools SunShop Shopping Cart XSS Attempt -- index.php l || url,www.securityfocus.com/bid/23856 || cve,CVE-2007-2547
        2003918 || BLEEDING-EDGE WEB Minh Nguyen Duong Obie Website Mini Web Shop XSS Attempt -- sendmail.php || url,www.securityfocus.com/bid/23847 || cve,CVE-2007-2532
        2003919 || BLEEDING-EDGE WEB Minh Nguyen Duong Obie Website Mini Web Shop XSS Attempt -- order_form.php || url,www.securityfocus.com/bid/23847 || cve,CVE-2007-2532
        2003920 || BLEEDING-EDGE WEB DVDdb XSS Attempt -- loan.php movieid || url,www.securityfocus.com/bid/23764 || cve,CVE-2007-2499
        2003921 || BLEEDING-EDGE WEB DVDdb XSS Attempt -- listmovies.php s || url,www.securityfocus.com/bid/23764 || cve,CVE-2007-2499
        2003922 || BLEEDING-EDGE WEB Sendcard XSS Attempt -- sendcard.php form || url,www.secunia.com/advisories/25085 || cve,CVE-2007-2472
        2003924 || BLEEDING-EDGE WEB WebHack Control Center User-Agent Inbound (WHCC/) || url,www.governmentsecurity.org/forum/index.php?showtopic=5112&pid=28561&mode=threaded&start=
        2003925 || BLEEDING-EDGE WEB WebHack Control Center User-Agent Outbound (WHCC/) || url,www.governmentsecurity.org/forum/index.php?showtopic=5112&pid=28561&mode=threaded&start=
        2003926 || BLEEDING-EDGE MALWARE Personalweb Spyware User-Agent (PWMI/1.0)

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 187

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 187

     -> Removed from bleeding-sid-msg.map (4):
        0000000 || BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion 3_lay.php tt_docroot || url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003380 || BLEEDING-EDGE TROJAN Suspicious User-Agent - Possible Trojan Downloader
        2003527 || BLEEDING-EDGE MALWARE WinSoftware.com Spyware User-Agent (WinSoftware) || url,research.sunbelt-software.com/threatdisplay.aspx?name=WinSoftware%20Corporation,%20Inc.%20(v)&threatid=90037
        2003796 || BLEEDING-EDGE WEB CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid DELETE || url,www.securityfocus.com/bid/23753 || cve,CVE-2007-2473





More information about the Snort-sigs mailing list