[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Tue Dec 22 14:32:30 EST 2009


[***] Results from Oinkmaster started Tue Dec 22 14:32:30 2009 [***]

[///]     Modified active rules:     [///]

 2002400 - ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) (emerging-user_agents.rules)
 2010535 - ET WEB_SPECIFIC_APPS Joomla Component City Portal (Itemid) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010536 - ET WEB_SPECIFIC_APPS Joomla Component Event Manager 1.5 (id) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010537 - ET WEB_SPECIFIC_APPS Joomla Component com_zcalendar (eid) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010538 - ET WEB_SPECIFIC_APPS Joomla Component com_acmis (Itemid) SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010539 - ET WEB_SPECIFIC_APPS Joomla Component com_digistore (pid) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010540 - ET WEB_SPECIFIC_APPS Joomla Component com_jbook (Itemid) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010541 - ET WEB_SPECIFIC_APPS Joomla Component com_personel (id) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010542 - ET WEB_SPECIFIC_APPS Joomla Component com_joomportfolio (secid) Blind SQL Injection Attempt (emerging-web_specific_apps.rules)
 2010543 - ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (poll.php) (emerging-web_specific_apps.rules)
 2010544 - ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (new.php) (emerging-web_specific_apps.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (10):
        2010535 || ET WEB_SPECIFIC_APPS Joomla Component City Portal (Itemid) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010535 || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt
        2010536 || ET WEB_SPECIFIC_APPS Joomla Component Event Manager 1.5 (id) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010536 || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt
        2010537 || ET WEB_SPECIFIC_APPS Joomla Component com_zcalendar (eid) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010537 || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt
        2010538 || ET WEB_SPECIFIC_APPS Joomla Component com_acmis (Itemid) SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010538 || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt
        2010539 || ET WEB_SPECIFIC_APPS Joomla Component com_digistore (pid) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010539 || url,packetstormsecurity.org/0903-exploits/joomladigistore-sql.txt
        2010540 || ET WEB_SPECIFIC_APPS Joomla Component com_jbook (Itemid) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010540 || url,packetstormsecurity.org/filedesc/joomlajbook-sql.txt.html
        2010541 || ET WEB_SPECIFIC_APPS Joomla Component com_personel (id) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010541 || url,packetstormsecurity.org/0912-exploits/joomlapersonel-sql.txt
        2010542 || ET WEB_SPECIFIC_APPS Joomla Component com_joomportfolio (secid) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010542 || url,packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt
        2010543 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (poll.php) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_F3Site2009 || url,doc.emergingthreats.net/2010543 || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt
        2010544 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (new.php) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_F3Site2009 || url,doc.emergingthreats.net/2010544 || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt

     -> Added to emerging-sid-msg.map.txt (10):
        2010535 || ET WEB_SPECIFIC_APPS Joomla Component City Portal (Itemid) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010535 || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt
        2010536 || ET WEB_SPECIFIC_APPS Joomla Component Event Manager 1.5 (id) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010536 || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt
        2010537 || ET WEB_SPECIFIC_APPS Joomla Component com_zcalendar (eid) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010537 || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt
        2010538 || ET WEB_SPECIFIC_APPS Joomla Component com_acmis (Itemid) SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010538 || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt
        2010539 || ET WEB_SPECIFIC_APPS Joomla Component com_digistore (pid) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010539 || url,packetstormsecurity.org/0903-exploits/joomladigistore-sql.txt
        2010540 || ET WEB_SPECIFIC_APPS Joomla Component com_jbook (Itemid) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010540 || url,packetstormsecurity.org/filedesc/joomlajbook-sql.txt.html
        2010541 || ET WEB_SPECIFIC_APPS Joomla Component com_personel (id) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010541 || url,packetstormsecurity.org/0912-exploits/joomlapersonel-sql.txt
        2010542 || ET WEB_SPECIFIC_APPS Joomla Component com_joomportfolio (secid) Blind SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Joomla || url,doc.emergingthreats.net/2010542 || url,packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt
        2010543 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (poll.php) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_F3Site2009 || url,doc.emergingthreats.net/2010543 || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt
        2010544 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (new.php) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_F3Site2009 || url,doc.emergingthreats.net/2010544 || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (10):
        2010535 || ET WEB_SPECIFIC_APPS Joomla Component City Portal (Itemid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt
        2010536 || ET WEB_SPECIFIC_APPS Joomla Component Event Manager 1.5 (id) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt
        2010537 || ET WEB_SPECIFIC_APPS Joomla Component com_zcalendar (eid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt
        2010538 || ET WEB_SPECIFIC_APPS Joomla Component com_acmis (Itemid) SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt
        2010539 || ET WEB_SPECIFIC_APPS Joomla Component com_digistore (pid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0903-exploits/joomladigistore-sql.txt
        2010540 || ET WEB_SPECIFIC_APPS Joomla Component com_jbook (Itemid) Blind SQL Injection Attempt || url,packetstormsecurity.org/filedesc/joomlajbook-sql.txt.html
        2010541 || ET WEB_SPECIFIC_APPS Joomla Component com_personel (id) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlapersonel-sql.txt
        2010542 || ET WEB_SPECIFIC_APPS Joomla Component com_joomportfolio (secid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt
        2010543 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (poll.php) || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt
        2010544 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (new.php) || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt

     -> Removed from emerging-sid-msg.map.txt (10):
        2010535 || ET WEB_SPECIFIC_APPS Joomla Component City Portal (Itemid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt
        2010536 || ET WEB_SPECIFIC_APPS Joomla Component Event Manager 1.5 (id) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt
        2010537 || ET WEB_SPECIFIC_APPS Joomla Component com_zcalendar (eid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt
        2010538 || ET WEB_SPECIFIC_APPS Joomla Component com_acmis (Itemid) SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt
        2010539 || ET WEB_SPECIFIC_APPS Joomla Component com_digistore (pid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0903-exploits/joomladigistore-sql.txt
        2010540 || ET WEB_SPECIFIC_APPS Joomla Component com_jbook (Itemid) Blind SQL Injection Attempt || url,packetstormsecurity.org/filedesc/joomlajbook-sql.txt.html
        2010541 || ET WEB_SPECIFIC_APPS Joomla Component com_personel (id) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlapersonel-sql.txt
        2010542 || ET WEB_SPECIFIC_APPS Joomla Component com_joomportfolio (secid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt
        2010543 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (poll.php) || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt
        2010544 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (new.php) || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt



More information about the Emerging-updates mailing list