[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Wed Dec 16 09:02:30 EST 2009


[***] Results from Oinkmaster started Wed Dec 16 09:02:30 2009 [***]

[+++]          Added rules:          [+++]

 2010497 - ET CURRENT_EVENTS Facebook Spam Inbound (1) (emerging-current_events.rules)
 2010498 - ET CURRENT_EVENTS Facebook Spam Inbound (2) (emerging-current_events.rules)


[///]     Modified active rules:     [///]

 2000466 - ET SCAN Suspicious User-Agent (iexplore) (emerging-user_agents.rules)
 2010450 - ET TROJAN Potential Gemini/Fake AV Download URL Detected (emerging-virus.rules)
 2010451 - ET TROJAN Generic Dropper Post (FarmTime var) (emerging-virus.rules)
 2010452 - ET TROJAN - Potential Fake AV GET installer.1.exe (emerging-current_events.rules)
 2010453 - ET TROJAN - Potential Fake AV GET installer_1.exe (emerging-current_events.rules)
 2010454 - ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host (emerging-attack_response.rules)
 2010456 - ET WEB_CLIENT ACTIVEX SonicWALL SSL VPN Client Remote ActiveX AddRouteEntry Attempt (emerging-web_client.rules)
 2010457 - ET WEB_SERVER Possible Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Attempt (emerging-web_server.rules)
 2010458 - ET TROJAN Dropper Checkin - Likely Yahlover Worm (emerging-virus.rules)
 2010459 - ET WEB_SERVER Cisco Adaptive Security Appliance WebVPN Cross Site Scripting Attempt (emerging-web_server.rules)
 2010460 - ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt (emerging-web_server.rules)
 2010461 - ET USER_AGENTS Suspicious UA string (MSIE7 an) (emerging-user_agents.rules)
 2010462 - ET WEB_SERVER Possible Barracuda IM Firewall smtp_test.cgi Cross-Site Scripting Attempt (emerging-web_server.rules)
 2010463 - ET CURRENT_EVENTS RFI Scanner Success (Fx29ID) (emerging-current_events.rules)
 2010464 - ET TROJAN Potential Fake AV Download (download.php?id=) (emerging-current_events.rules)
 2010465 - ET TROJAN Potential Fake AV Download (download/install.php) (emerging-current_events.rules)
 2010466 - ET WEB_SPECIFIC_APPS PointComma pctemplate.php pcConfig Parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules)
 2010467 - ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Buffer Overflow Function call Attempt (emerging-web_client.rules)
 2010468 - ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Archive method Buffer Overflow CLSID Attempt (emerging-web_client.rules)
 2010469 - ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Text method Buffer Overflow CLSID Attempt (emerging-web_client.rules)
 2010470 - ET WEB_CLIENT SAP GUI vsflexGrid ActiveX EditSelText method Buffer Overflow CLSID Attempt (emerging-web_client.rules)
 2010471 - ET WEB_CLIENT SAP GUI vsflexGrid ActiveX EditText method Buffer Overflow CLSID Attempt (emerging-web_client.rules)
 2010472 - ET WEB_CLIENT SAP GUI vsflexGrid ActiveX CellFontName method Buffer Overflow CLSID Attempt (emerging-web_client.rules)
 2010473 - ET WEB_SPRECIFIC_APPS p-Table for WordPress wptable-tinymce.php ABSPATH Parameter RFI Attempt (emerging-web_specific_apps.rules)
 2010474 - ET WEB_SPECIFIC_APPS Joomla eZine Component d4m_ajax_pagenav.php Remote File Inclusion Attempt (emerging-web_specific_apps.rules)
 2010475 - ET WEB_SPECIFIC_APPS KR-Web krgourl.php DOCUMENT_ROOT Parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules)
 2010476 - ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter SELECT FROM SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010477 - ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter DELETE FROM SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010478 - ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter UNION SELECT SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010479 - ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter INSERT INTO SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010480 - ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter UPDATE SET SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010481 - ET WEB_CLIENT SAP AG SAPgui EAI WebViewer2D ActiveX stack buffer overflow CLSid Access (emerging-web_client.rules)
 2010482 - ET WEB_CLIENT IBM Access Support ActiveX Stack Overflow Function call Attempt (emerging-web_client.rules)
 2010483 - ET WEB_CLIENT IBM Access Support ActiveX stack Overflow Attempt (emerging-web_client.rules)
 2010484 - ET WEB_SPECIFIC_APPS FormMailer formmailer.admin.inc.php BASE_DIR Parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules)
 2010485 - ET WEB_SPECIFIC_APPS phptraverse mp3_id.php GLOBALS Parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules)
 2010486 - ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) (emerging-dos.rules)
 2010487 - ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) (emerging-dos.rules)
 2010488 - ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) (emerging-dos.rules)
 2010489 - ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) (emerging-dos.rules)
 2010490 - ET TROJAN Vundo User-Agent Check-in (emerging-virus.rules)
 2010491 - ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt (emerging-dos.rules)
 2010493 - ET SCAN Non-Allowed Host Tried to Connect to MySQL Server (emerging-scan.rules)
 2010494 - ET SCAN Multiple MySQL Login Failures, Possible Brute Force Attempt (emerging-scan.rules)
 2010495 - ET CURRENT Possible Adobe Multimeda Doc.media.newPlayer Memory Corruption Attempt (emerging-current_events.rules)
 2010496 - ET CURRENT_EVENTS Adobe 0day Shovelware (emerging-current_events.rules)


[///]    Modified inactive rules:    [///]

 2010492 - ET DOS Possible MYSQL SELECT WHERE to User Variable Denial Of Service Attempt (emerging-dos.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-current_events.rules (1):
        #by jason weir and wolvee

     -> Added to emerging-sid-msg.map (49):
        2000466 || ET SCAN Suspicious User-Agent (iexplore) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_iexplore || url,doc.emergingthreats.net/2000466
        2010450 || ET TROJAN Potential Gemini/Fake AV Download URL Detected || url,doc.emergingthreats.net/2010450 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gemini || url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791
        2010451 || ET TROJAN Generic Dropper Post (FarmTime var) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Generic.Malware || url,doc.emergingthreats.net/2010451
        2010452 || ET TROJAN - Potential Fake AV GET installer.1.exe || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,doc.emergingthreats.net/2010452 || url,www.malwareurl.com
        2010453 || ET TROJAN - Potential Fake AV GET installer_1.exe || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,doc.emergingthreats.net/2010453 || url,www.malwareurl.com
        2010454 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter || url,doc.emergingthreats.net/2009581
        2010456 || ET WEB_CLIENT ACTIVEX SonicWALL SSL VPN Client Remote ActiveX AddRouteEntry Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Sonicwall || url,doc.emergingthreats.net/2010456 || cve,2007-5603 || url,www.securityfocus.com/bid/26288/info
        2010457 || ET WEB_SERVER Possible Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cisco || url,doc.emergingthreats.net/2010457 || cve,2009-1203 || url,www.securityfocus.com/bid/35475/info
        2010458 || ET TROJAN Dropper Checkin - Likely Yahlover Worm || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Droppers_General || url,doc.emergingthreats.net/2010458
        2010459 || ET WEB_SERVER Cisco Adaptive Security Appliance WebVPN Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cisco || url,doc.emergingthreats.net/2010459 || cve,2009-1220 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17950 || url,www.securityfocus.com/bid/34307/info
        2010460 || ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cisco || url,doc.emergingthreats.net/2010460 || cve,2008-2165 || url,www.securityfocus.com/bid/29191/info
        2010461 || ET USER_AGENTS Suspicious UA string (MSIE7 an) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious || url,doc.emergingthreats.net/2010461
        2010462 || ET WEB_SERVER Possible Barracuda IM Firewall smtp_test.cgi Cross-Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Barracuda_Spam_Firewall || url,doc.emergingthreats.net/2010462 || url,www.securityfocus.com/bid/37248/info
        2010463 || ET CURRENT_EVENTS RFI Scanner Success (Fx29ID) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_FeeLCoMz || url,doc.emergingthreats.net/2010463 || url,n34.biz/id1.txt || url,kb27.co.kr/data/id1.txt
        2010464 || ET TROJAN Potential Fake AV Download (download.php?id=) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,doc.emergingthreats.net/2010464 || url,malwareurl.com || url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-December/004891.html
        2010465 || ET TROJAN Potential Fake AV Download (download/install.php) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,doc.emergingthreats.net/2010465 || url,www.malwaredomainlist.com || url,malwareurl.com || url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-December/004891.html
        2010466 || ET WEB_SPECIFIC_APPS PointComma pctemplate.php pcConfig Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Pointcomma || url,doc.emergingthreats.net/2010466 || url,www.packetstormsecurity.nl/0911-exploits/pointcomma-rfi.txt
        2010467 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Buffer Overflow Function call Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010467 || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010468 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Archive method Buffer Overflow CLSID Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010468 || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010469 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Text method Buffer Overflow CLSID Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010469 || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010470 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX EditSelText method Buffer Overflow CLSID Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010470 || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010471 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX EditText method Buffer Overflow CLSID Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010471 || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010472 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX CellFontName method Buffer Overflow CLSID Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010472 || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010473 || ET WEB_SPRECIFIC_APPS p-Table for WordPress wptable-tinymce.php ABSPATH Parameter RFI Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Wordpress || url,doc.emergingthreats.net/2010473 || url,osvdb.org/show/osvdb/56763
        2010474 || ET WEB_SPECIFIC_APPS Joomla eZine Component d4m_ajax_pagenav.php Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010474 || bugtraq,37043
        2010475 || ET WEB_SPECIFIC_APPS KR-Web krgourl.php DOCUMENT_ROOT Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_KR-Web || url,doc.emergingthreats.net/2010475 || url,www.packetstormsecurity.nl/0911-exploits/krweb-rfi.txt
        2010476 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter SELECT FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010476 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010477 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter DELETE FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010477 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010478 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter UNION SELECT SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010478 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010479 || ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter INSERT INTO SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010479 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010480 || ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter UPDATE SET SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010480 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010481 || ET WEB_CLIENT SAP AG SAPgui EAI WebViewer2D ActiveX stack buffer overflow CLSid Access || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010481 || url,dsecrg.com/pages/vul/show.php?id=143
        2010482 || ET WEB_CLIENT IBM Access Support ActiveX Stack Overflow Function call Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_IBM || url,doc.emergingthreats.net/2010482 || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010483 || ET WEB_CLIENT IBM Access Support ActiveX stack Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_IBM || url,doc.emergingthreats.net/2010483 || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010484 || ET WEB_SPECIFIC_APPS FormMailer formmailer.admin.inc.php BASE_DIR Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Formmailer || url,doc.emergingthreats.net/2010484 || url,osvdb.org/show/osvdb/55751
        2010485 || ET WEB_SPECIFIC_APPS phptraverse mp3_id.php GLOBALS Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_phptraverse || url,doc.emergingthreats.net/2010485 || url,www.packetstormsecurity.nl/0911-exploits/phptraverse-rfi.txt
        2010486 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Ntp || url,doc.emergingthreats.net/2010486 || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010487 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Ntp || url,doc.emergingthreats.net/2010487 || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010488 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Ntp || url,doc.emergingthreats.net/2010488 || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010489 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Ntp || url,doc.emergingthreats.net/2010489 || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010490 || ET TROJAN Vundo User-Agent Check-in || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Vundo || url,doc.emergingthreats.net/2010490 || url,www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99
        2010491 || ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Mysql || url,doc.emergingthreats.net/2010491 || cve,2009-4019 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297.txt || url,marc.info/?l=oss-security&m=125881733826437&w=2 || url,www.securityfocus.com/bid/37297/info
        2010492 || ET DOS Possible MYSQL SELECT WHERE to User Variable Denial Of Service Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Mysql || url,doc.emergingthreats.net/2010492 || cve,2009-4019 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297-2.txt || url,marc.info/?l=oss-security&m=125881733826437&w=2 || www.securityfocus.com/bid/37297/info
        2010493 || ET SCAN Non-Allowed Host Tried to Connect to MySQL Server || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Mysql || url,doc.emergingthreats.net/2010493 || url,www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html
        2010494 || ET SCAN Multiple MySQL Login Failures, Possible Brute Force Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Mysql || url,doc.emergingthreats.net/2010494
        2010495 || ET CURRENT Possible Adobe Multimeda Doc.media.newPlayer Memory Corruption Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Adobe || url,doc.emergingthreats.net/2010495 || cve,2009-4324 || url,www.securityfocus.com/bid/37331 || url,vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Vrt+%28Sourcefire+VRT+-+Vulnerability+Research%2C+Snort+Rules+and+Explosions%29 || url,www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb
        2010496 || ET CURRENT_EVENTS Adobe 0day Shovelware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Adobe || url,doc.emergingthreats.net/2010496 || url,isc.sans.org/diary.html?storyid=7747
        2010497 || ET CURRENT_EVENTS Facebook Spam Inbound (1) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_DHL || url,doc.emergingthreats.net/2010497
        2010498 || ET CURRENT_EVENTS Facebook Spam Inbound (2) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_DHL || url,doc.emergingthreats.net/2010498

     -> Added to emerging-sid-msg.map.txt (49):
        2000466 || ET SCAN Suspicious User-Agent (iexplore) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_iexplore || url,doc.emergingthreats.net/2000466
        2010450 || ET TROJAN Potential Gemini/Fake AV Download URL Detected || url,doc.emergingthreats.net/2010450 || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gemini || url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791
        2010451 || ET TROJAN Generic Dropper Post (FarmTime var) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Generic.Malware || url,doc.emergingthreats.net/2010451
        2010452 || ET TROJAN - Potential Fake AV GET installer.1.exe || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,doc.emergingthreats.net/2010452 || url,www.malwareurl.com
        2010453 || ET TROJAN - Potential Fake AV GET installer_1.exe || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,doc.emergingthreats.net/2010453 || url,www.malwareurl.com
        2010454 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/ATTACK_RESPONSE/ATTACK_RESPONSE_Meterpreter || url,doc.emergingthreats.net/2009581
        2010456 || ET WEB_CLIENT ACTIVEX SonicWALL SSL VPN Client Remote ActiveX AddRouteEntry Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Sonicwall || url,doc.emergingthreats.net/2010456 || cve,2007-5603 || url,www.securityfocus.com/bid/26288/info
        2010457 || ET WEB_SERVER Possible Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cisco || url,doc.emergingthreats.net/2010457 || cve,2009-1203 || url,www.securityfocus.com/bid/35475/info
        2010458 || ET TROJAN Dropper Checkin - Likely Yahlover Worm || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Droppers_General || url,doc.emergingthreats.net/2010458
        2010459 || ET WEB_SERVER Cisco Adaptive Security Appliance WebVPN Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cisco || url,doc.emergingthreats.net/2010459 || cve,2009-1220 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17950 || url,www.securityfocus.com/bid/34307/info
        2010460 || ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Cisco || url,doc.emergingthreats.net/2010460 || cve,2008-2165 || url,www.securityfocus.com/bid/29191/info
        2010461 || ET USER_AGENTS Suspicious UA string (MSIE7 an) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Suspicious || url,doc.emergingthreats.net/2010461
        2010462 || ET WEB_SERVER Possible Barracuda IM Firewall smtp_test.cgi Cross-Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Barracuda_Spam_Firewall || url,doc.emergingthreats.net/2010462 || url,www.securityfocus.com/bid/37248/info
        2010463 || ET CURRENT_EVENTS RFI Scanner Success (Fx29ID) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_FeeLCoMz || url,doc.emergingthreats.net/2010463 || url,n34.biz/id1.txt || url,kb27.co.kr/data/id1.txt
        2010464 || ET TROJAN Potential Fake AV Download (download.php?id=) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,doc.emergingthreats.net/2010464 || url,malwareurl.com || url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-December/004891.html
        2010465 || ET TROJAN Potential Fake AV Download (download/install.php) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Malwareurl_top_downloads || url,doc.emergingthreats.net/2010465 || url,www.malwaredomainlist.com || url,malwareurl.com || url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-December/004891.html
        2010466 || ET WEB_SPECIFIC_APPS PointComma pctemplate.php pcConfig Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Pointcomma || url,doc.emergingthreats.net/2010466 || url,www.packetstormsecurity.nl/0911-exploits/pointcomma-rfi.txt
        2010467 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Buffer Overflow Function call Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010467 || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010468 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Archive method Buffer Overflow CLSID Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010468 || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010469 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Text method Buffer Overflow CLSID Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010469 || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010470 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX EditSelText method Buffer Overflow CLSID Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010470 || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010471 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX EditText method Buffer Overflow CLSID Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010471 || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010472 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX CellFontName method Buffer Overflow CLSID Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010472 || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010473 || ET WEB_SPRECIFIC_APPS p-Table for WordPress wptable-tinymce.php ABSPATH Parameter RFI Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Wordpress || url,doc.emergingthreats.net/2010473 || url,osvdb.org/show/osvdb/56763
        2010474 || ET WEB_SPECIFIC_APPS Joomla eZine Component d4m_ajax_pagenav.php Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010474 || bugtraq,37043
        2010475 || ET WEB_SPECIFIC_APPS KR-Web krgourl.php DOCUMENT_ROOT Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_KR-Web || url,doc.emergingthreats.net/2010475 || url,www.packetstormsecurity.nl/0911-exploits/krweb-rfi.txt
        2010476 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter SELECT FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010476 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010477 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter DELETE FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010477 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010478 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter UNION SELECT SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010478 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010479 || ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter INSERT INTO SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010479 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010480 || ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter UPDATE SET SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010480 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010481 || ET WEB_CLIENT SAP AG SAPgui EAI WebViewer2D ActiveX stack buffer overflow CLSid Access || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_SAP || url,doc.emergingthreats.net/2010481 || url,dsecrg.com/pages/vul/show.php?id=143
        2010482 || ET WEB_CLIENT IBM Access Support ActiveX Stack Overflow Function call Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_IBM || url,doc.emergingthreats.net/2010482 || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010483 || ET WEB_CLIENT IBM Access Support ActiveX stack Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_IBM || url,doc.emergingthreats.net/2010483 || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010484 || ET WEB_SPECIFIC_APPS FormMailer formmailer.admin.inc.php BASE_DIR Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Formmailer || url,doc.emergingthreats.net/2010484 || url,osvdb.org/show/osvdb/55751
        2010485 || ET WEB_SPECIFIC_APPS phptraverse mp3_id.php GLOBALS Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_phptraverse || url,doc.emergingthreats.net/2010485 || url,www.packetstormsecurity.nl/0911-exploits/phptraverse-rfi.txt
        2010486 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Ntp || url,doc.emergingthreats.net/2010486 || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010487 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Ntp || url,doc.emergingthreats.net/2010487 || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010488 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Ntp || url,doc.emergingthreats.net/2010488 || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010489 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Ntp || url,doc.emergingthreats.net/2010489 || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010490 || ET TROJAN Vundo User-Agent Check-in || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Vundo || url,doc.emergingthreats.net/2010490 || url,www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99
        2010491 || ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Mysql || url,doc.emergingthreats.net/2010491 || cve,2009-4019 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297.txt || url,marc.info/?l=oss-security&m=125881733826437&w=2 || url,www.securityfocus.com/bid/37297/info
        2010492 || ET DOS Possible MYSQL SELECT WHERE to User Variable Denial Of Service Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/DOS/DOS_Mysql || url,doc.emergingthreats.net/2010492 || cve,2009-4019 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297-2.txt || url,marc.info/?l=oss-security&m=125881733826437&w=2 || www.securityfocus.com/bid/37297/info
        2010493 || ET SCAN Non-Allowed Host Tried to Connect to MySQL Server || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Mysql || url,doc.emergingthreats.net/2010493 || url,www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html
        2010494 || ET SCAN Multiple MySQL Login Failures, Possible Brute Force Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/SCAN/SCAN_Mysql || url,doc.emergingthreats.net/2010494
        2010495 || ET CURRENT Possible Adobe Multimeda Doc.media.newPlayer Memory Corruption Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Adobe || url,doc.emergingthreats.net/2010495 || cve,2009-4324 || url,www.securityfocus.com/bid/37331 || url,vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Vrt+%28Sourcefire+VRT+-+Vulnerability+Research%2C+Snort+Rules+and+Explosions%29 || url,www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb
        2010496 || ET CURRENT_EVENTS Adobe 0day Shovelware || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_Adobe || url,doc.emergingthreats.net/2010496 || url,isc.sans.org/diary.html?storyid=7747
        2010497 || ET CURRENT_EVENTS Facebook Spam Inbound (1) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_DHL || url,doc.emergingthreats.net/2010497
        2010498 || ET CURRENT_EVENTS Facebook Spam Inbound (2) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/CURRENT_EVENTS/CURRENT_DHL || url,doc.emergingthreats.net/2010498

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (47):
        2000466 || ET SCAN Suspicious User-Agent (iexplore)
        2010450 || ET TROJAN Potential Gemini/Fake AV Download URL Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gemini || url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791
        2010451 || ET TROJAN Generic Dropper Post (FarmTime var)
        2010452 || ET TROJAN - Potential Fake AV GET installer.1.exe || url,www.malwareurl.com
        2010453 || ET TROJAN - Potential Fake AV GET installer_1.exe || url,www.malwareurl.com
        2010454 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host || url,doc.emergingthreats.net/2009581
        2010456 || ET WEB_CLIENT ACTIVEX SonicWALL SSL VPN Client Remote ActiveX AddRouteEntry Attempt || cve,2007-5603 || url,www.securityfocus.com/bid/26288/info
        2010457 || ET WEB_SERVER Possible Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Attempt || cve,2009-1203 || url,www.securityfocus.com/bid/35475/info
        2010458 || ET TROJAN Dropper Checkin - Likely Yahlover Worm
        2010459 || ET WEB_SERVER Cisco Adaptive Security Appliance WebVPN Cross Site Scripting Attempt || cve,2009-1220 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17950 || url,www.securityfocus.com/bid/34307/info
        2010460 || ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt || cve,2008-2165 || url,www.securityfocus.com/bid/29191/info
        2010461 || ET USER_AGENTS Suspicious UA string (MSIE7 an)
        2010462 || ET WEB_SERVER Possible Barracuda IM Firewall smtp_test.cgi Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/37248/info
        2010463 || ET CURRENT_EVENTS RFI Scanner Success (Fx29ID) || url,n34.biz/id1.txt || url,kb27.co.kr/data/id1.txt
        2010464 || ET TROJAN Potential Fake AV Download (download.php?id=) || url,malwareurl.com || url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-December/004891.html
        2010465 || ET TROJAN Potential Fake AV Download (download/install.php) || url,www.malwaredomainlist.com || url,malwareurl.com || url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-December/004891.html
        2010466 || ET WEB_SPECIFIC_APPS PointComma pctemplate.php pcConfig Parameter Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0911-exploits/pointcomma-rfi.txt
        2010467 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Buffer Overflow Function call Attempt || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010468 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Archive method Buffer Overflow CLSID Attempt || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010469 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Text method Buffer Overflow CLSID Attempt || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010470 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX EditSelText method Buffer Overflow CLSID Attempt || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010471 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX EditText method Buffer Overflow CLSID Attempt || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010472 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX CellFontName method Buffer Overflow CLSID Attempt || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010473 || ET WEB_SPRECIFIC_APPS p-Table for WordPress wptable-tinymce.php ABSPATH Parameter RFI Attempt || url,osvdb.org/show/osvdb/56763
        2010474 || ET WEB_SPECIFIC_APPS Joomla eZine Component d4m_ajax_pagenav.php Remote File Inclusion Attempt || bugtraq,37043
        2010475 || ET WEB_SPECIFIC_APPS KR-Web krgourl.php DOCUMENT_ROOT Parameter Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0911-exploits/krweb-rfi.txt
        2010476 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter SELECT FROM SQL Injection Attempt || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010477 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter DELETE FROM SQL Injection Attempt || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010478 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter UNION SELECT SQL Injection Attempt || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010479 || ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter INSERT INTO SQL Injection Attempt || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010480 || ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter UPDATE SET SQL Injection Attempt || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010481 || ET WEB_CLIENT SAP AG SAPgui EAI WebViewer2D ActiveX stack buffer overflow CLSid Access || url,dsecrg.com/pages/vul/show.php?id=143
        2010482 || ET WEB_CLIENT IBM Access Support ActiveX Stack Overflow Function call Attempt || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010483 || ET WEB_CLIENT IBM Access Support ActiveX stack Overflow Attempt || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010484 || ET WEB_SPECIFIC_APPS FormMailer formmailer.admin.inc.php BASE_DIR Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/55751
        2010485 || ET WEB_SPECIFIC_APPS phptraverse mp3_id.php GLOBALS Parameter Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0911-exploits/phptraverse-rfi.txt
        2010486 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010487 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010488 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010489 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010490 || ET TROJAN Vundo User-Agent Check-in || url,www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99
        2010491 || ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt || cve,2009-4019 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297.txt || url,marc.info/?l=oss-security&m=125881733826437&w=2 || url,www.securityfocus.com/bid/37297/info
        2010492 || ET DOS Possible MYSQL SELECT WHERE to User Variable Denial Of Service Attempt || cve,2009-4019 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297-2.txt || url,marc.info/?l=oss-security&m=125881733826437&w=2 || www.securityfocus.com/bid/37297/info
        2010493 || ET SCAN Non-Allowed Host Tried to Connect to MySQL Server || url,www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html
        2010494 || ET SCAN Multiple MySQL Login Failures, Possible Brute Force Attempt
        2010495 || ET CURRENT_EVENTS Possible Adobe Multimeda Doc.media.newPlayer Memory Corruption Attempt || cve,2009-4324 || url,www.securityfocus.com/bid/37331 || url,www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb
        2010496 || ET CURRENT_EVENTS Adobe 0day Shovelware || url,isc.sans.org/diary.html?storyid=7747

     -> Removed from emerging-sid-msg.map.txt (47):
        2000466 || ET SCAN Suspicious User-Agent (iexplore)
        2010450 || ET TROJAN Potential Gemini/Fake AV Download URL Detected || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Gemini || url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791
        2010451 || ET TROJAN Generic Dropper Post (FarmTime var)
        2010452 || ET TROJAN - Potential Fake AV GET installer.1.exe || url,www.malwareurl.com
        2010453 || ET TROJAN - Potential Fake AV GET installer_1.exe || url,www.malwareurl.com
        2010454 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host || url,doc.emergingthreats.net/2009581
        2010456 || ET WEB_CLIENT ACTIVEX SonicWALL SSL VPN Client Remote ActiveX AddRouteEntry Attempt || cve,2007-5603 || url,www.securityfocus.com/bid/26288/info
        2010457 || ET WEB_SERVER Possible Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Attempt || cve,2009-1203 || url,www.securityfocus.com/bid/35475/info
        2010458 || ET TROJAN Dropper Checkin - Likely Yahlover Worm
        2010459 || ET WEB_SERVER Cisco Adaptive Security Appliance WebVPN Cross Site Scripting Attempt || cve,2009-1220 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17950 || url,www.securityfocus.com/bid/34307/info
        2010460 || ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt || cve,2008-2165 || url,www.securityfocus.com/bid/29191/info
        2010461 || ET USER_AGENTS Suspicious UA string (MSIE7 an)
        2010462 || ET WEB_SERVER Possible Barracuda IM Firewall smtp_test.cgi Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/37248/info
        2010463 || ET CURRENT_EVENTS RFI Scanner Success (Fx29ID) || url,n34.biz/id1.txt || url,kb27.co.kr/data/id1.txt
        2010464 || ET TROJAN Potential Fake AV Download (download.php?id=) || url,malwareurl.com || url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-December/004891.html
        2010465 || ET TROJAN Potential Fake AV Download (download/install.php) || url,www.malwaredomainlist.com || url,malwareurl.com || url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-December/004891.html
        2010466 || ET WEB_SPECIFIC_APPS PointComma pctemplate.php pcConfig Parameter Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0911-exploits/pointcomma-rfi.txt
        2010467 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Buffer Overflow Function call Attempt || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010468 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Archive method Buffer Overflow CLSID Attempt || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010469 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX Text method Buffer Overflow CLSID Attempt || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010470 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX EditSelText method Buffer Overflow CLSID Attempt || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010471 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX EditText method Buffer Overflow CLSID Attempt || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010472 || ET WEB_CLIENT SAP GUI vsflexGrid ActiveX CellFontName method Buffer Overflow CLSID Attempt || url,osvdb.org/show/osvdb/41939 || url,dsecrg.com/pages/vul/show.php?id=117
        2010473 || ET WEB_SPRECIFIC_APPS p-Table for WordPress wptable-tinymce.php ABSPATH Parameter RFI Attempt || url,osvdb.org/show/osvdb/56763
        2010474 || ET WEB_SPECIFIC_APPS Joomla eZine Component d4m_ajax_pagenav.php Remote File Inclusion Attempt || bugtraq,37043
        2010475 || ET WEB_SPECIFIC_APPS KR-Web krgourl.php DOCUMENT_ROOT Parameter Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0911-exploits/krweb-rfi.txt
        2010476 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter SELECT FROM SQL Injection Attempt || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010477 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter DELETE FROM SQL Injection Attempt || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010478 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter UNION SELECT SQL Injection Attempt || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010479 || ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter INSERT INTO SQL Injection Attempt || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010480 || ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter UPDATE SET SQL Injection Attempt || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || bugtraq,36808
        2010481 || ET WEB_CLIENT SAP AG SAPgui EAI WebViewer2D ActiveX stack buffer overflow CLSid Access || url,dsecrg.com/pages/vul/show.php?id=143
        2010482 || ET WEB_CLIENT IBM Access Support ActiveX Stack Overflow Function call Attempt || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010483 || ET WEB_CLIENT IBM Access Support ActiveX stack Overflow Attempt || url,www.kb.cert.org/vuls/id/340420 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb
        2010484 || ET WEB_SPECIFIC_APPS FormMailer formmailer.admin.inc.php BASE_DIR Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/55751
        2010485 || ET WEB_SPECIFIC_APPS phptraverse mp3_id.php GLOBALS Parameter Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0911-exploits/phptraverse-rfi.txt
        2010486 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010487 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010488 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010489 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) || cve,2009-3563 || url,www.kb.cert.org/vuls/id/568372
        2010490 || ET TROJAN Vundo User-Agent Check-in || url,www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99
        2010491 || ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt || cve,2009-4019 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297.txt || url,marc.info/?l=oss-security&m=125881733826437&w=2 || url,www.securityfocus.com/bid/37297/info
        2010492 || ET DOS Possible MYSQL SELECT WHERE to User Variable Denial Of Service Attempt || cve,2009-4019 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297-2.txt || url,marc.info/?l=oss-security&m=125881733826437&w=2 || www.securityfocus.com/bid/37297/info
        2010493 || ET SCAN Non-Allowed Host Tried to Connect to MySQL Server || url,www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html
        2010494 || ET SCAN Multiple MySQL Login Failures, Possible Brute Force Attempt
        2010495 || ET CURRENT_EVENTS Possible Adobe Multimeda Doc.media.newPlayer Memory Corruption Attempt || cve,2009-4324 || url,www.securityfocus.com/bid/37331 || url,www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb
        2010496 || ET CURRENT_EVENTS Adobe 0day Shovelware || url,isc.sans.org/diary.html?storyid=7747



More information about the Emerging-updates mailing list