<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7654.12">
<TITLE>StillSecure: 10 New Signatures - October 7th, 2011</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><FONT SIZE=2>Hi Matt,<BR>
<BR>
Please find the 10 signatures below,<BR>
<BR>
1. WEB-PHP iBrowser Plugin dir Parameter Cross Site Scripting Attempt-1<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP iBrowser Plugin dir Parameter Cross Site Scripting Attempt-1&quot;; flow:established,to_server; uricontent:&quot;/ibrowser/scripts/random.php?&quot;; nocase; uricontent:&quot;dir=&quot;; nocase; pcre:&quot;/dir\x3d.+(script|onmouse[a-z]+|onkey[a-z]+|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/105196; sid:0510111; rev:1;)<BR>
<BR>
2. WEB-PHP Wordpress Zingiri webshop plugin Remote File inclusion Attempt<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP Wordpress Zingiri webshop plugin Remote File inclusion Attempt&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php?&quot;; nocase; uricontent:&quot;wpabspath=&quot;; nocase; pcre:&quot;/wpabspath=\s*(ftps?|https?|php)\:\//Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/105237/wpzingiri-rfi.txt; sid:0410111; rev:1;)<BR>
<BR>
3. WEB-PHP Mambo AHS Shop component SELECT FROM SQL Injection Attempt<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP Mambo AHS Shop component SELECT FROM SQL Injection Attempt&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/index.php?&quot;; nocase; uricontent:&quot;option=com_ahsshop&quot;; nocase; uricontent:&quot;flokkur=&quot;; nocase; uricontent:&quot;SELECT&quot;; nocase; uricontent:&quot;FROM&quot;; nocase; pcre:&quot;/SELECT.+FROM/Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt; sid:0410112; rev:1;)<BR>
<BR>
4. WEB-PHP Mambo AHS Shop component DELETE FROM SQL Injection Attempt<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP Mambo AHS Shop component DELETE FROM SQL Injection Attempt&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/index.php?&quot;; nocase; uricontent:&quot;option=com_ahsshop&quot;; nocase; uricontent:&quot;flokkur=&quot;; nocase; uricontent:&quot;DELETE&quot;; nocase; uricontent:&quot;FROM&quot;; nocase; pcre:&quot;/DELETE.+FROM/Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt; sid:0410113; rev:1;)<BR>
<BR>
5. WEB-PHP Mambo AHS Shop component UNION SELECT SQL Injection Attempt<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP Mambo AHS Shop component UNION SELECT SQL Injection Attempt&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/index.php?&quot;; nocase; uricontent:&quot;option=com_ahsshop&quot;; nocase; uricontent:&quot;flokkur=&quot;; nocase; uricontent:&quot;UNION&quot;; nocase; uricontent:&quot;SELECT&quot;; nocase; pcre:&quot;/UNION.+SELECT/Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt; sid:0410114; rev:1;)<BR>
<BR>
6. WEB-PHP Mambo AHS Shop component INSERT INTO SQL Injection Attempt<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP Mambo AHS Shop component INSERT INTO SQL Injection Attempt&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/index.php?&quot;; nocase; uricontent:&quot;option=com_ahsshop&quot;; nocase; uricontent:&quot;flokkur=&quot;; nocase; uricontent:&quot;INSERT&quot;; nocase; uricontent:&quot;INTO&quot;; nocase; pcre:&quot;/INSERT.+INTO/Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt; sid:0410115; rev:1;)<BR>
<BR>
7. WEB-PHP Mambo AHS Shop component UPDATE SET SQL Injection Attempt<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP Mambo AHS Shop component UPDATE SET SQL Injection Attempt&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/index.php?&quot;; nocase; uricontent:&quot;option=com_ahsshop&quot;; nocase; uricontent:&quot;flokkur=&quot;; nocase; uricontent:&quot;UPDATE&quot;; nocase; uricontent:&quot;SET&quot;; nocase; pcre:&quot;/UPDATE.+SET/Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt; sid:0410116; rev:1;)<BR>
<BR>
8. VIRUS Trojan Win32.Swisyn Reporting<BR>
alert tcp $HOME_NET any -&gt;&nbsp; $EXTERNAL_NET any (msg:&quot;VIRUS Trojan Win32.Swisyn Reporting&quot;; flow:to_server,established; content:&quot;/Qvodav.exe&quot;; nocase; content:&quot;User-Agent|3a| Av_DVD&quot;; nocase; classtype:trojan-activity; reference:url,precisesecurity.com/worms/trojan-win32-swisyn-algm; sid:05101113; rev:1;)<BR>
<BR>
9. WEB-PHP Joomla Redirect Component view Parameter Local File Inclusion Attempt<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP Joomla Redirect Component view Parameter Local File Inclusion Attempt&quot;; flow:established,to_server; content:&quot;GET &quot;; depth:4; uricontent:&quot;/index.php?&quot;; nocase; uricontent:&quot;option=com_redirect&quot;; uricontent:&quot;view=&quot;; nocase; nocase; content:&quot;|2e 2e 2f|&quot;; nocase; depth:200; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/view/96608/joomlaredirect-lfi.txt; sid:3009111; rev:1;)<BR>
<BR>
10. WEB-PHP iBrowser Plugin dir Parameter Cross Site Scripting Attempt-2<BR>
alert tcp $EXTERNAL_NET any -&gt; $HTTP_SERVERS $HTTP_PORTS (msg:&quot;WEB-PHP iBrowser Plugin dir Parameter Cross Site Scripting Attempt-2&quot;; flow:established,to_server; uricontent:&quot;/phpThumb.demo.random.php?&quot;; nocase; uricontent:&quot;dir=&quot;; nocase; pcre:&quot;/dir\x3d.+(script|onmouse[a-z]+|onkey[a-z]+|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange|style\x3D)/Ui&quot;; classtype:web-application-attack; reference:url,packetstormsecurity.org/files/105196; sid:0510112; rev:1;)<BR>
<BR>
Looking forward to your comments if any,<BR>
<BR>
Thanks &amp; Regards,<BR>
StillSecure<BR>
<BR>
</FONT>
</P>

</BODY>
</HTML>