[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Mon Jul 26 15:33:43 EDT 2010


[***] Results from Oinkmaster started Mon Jul 26 15:33:42 2010 [***]

[+++]          Added rules:          [+++]

 2011248 - ET USER_AGENTS Suspicious User Agent (XieHongWei-HttpDown/2.0) (emerging-user_agents.rules)
 2011249 - ET WEB_CLIENT RSP MP3 Player OCX ActiveX OpenFile Method Buffer Overflow Attempt (emerging-web_client.rules)
 2011250 - ET WEB_CLIENT Image22 ActiveX DrawIcon Method Buffer Overflow Attempt (emerging-web_client.rules)
 2011251 - ET WEB_CLIENT FathFTP ActiveX Control GetFromURL Method Buffer Overflow Attempt (emerging-web_client.rules)
 2011252 - ET WEB_CLIENT FathFTP ActiveX Control RasIsConnected Method Buffer Overflow Attempt (emerging-web_client.rules)
 2011253 - ET WEB_CLIENT Registry OCX ActiveX FullPath Method Buffer Overflow Attempt (emerging-web_client.rules)
 2011254 - ET WEB_SPECIFIC_APPS Redaxo CMS index.inc.php Remote File Inclusion Attempt (emerging-web_specific_apps.rules)
 2011255 - ET WEB_SPECIFIC_APPS Redaxo CMS specials.inc.php Remote File Inclusion Attempt (emerging-web_specific_apps.rules)
 2011256 - ET WEB_SPECIFIC_APPS FireStats window-add-excluded-ip.php Cross Site Scripting Attempt (emerging-web_specific_apps.rules)
 2011257 - ET WEB_SPECIFIC_APPS FireStats window-add-excluded-url.php Cross Site Scripting Attempt (emerging-web_specific_apps.rules)
 2011258 - ET WEB_SPECIFIC_APPS FireStats window-new-edit-site.php Cross Site Scripting Attempt (emerging-web_specific_apps.rules)
 2011259 - ET WEB_SPECIFIC_APPS MAXcms fm_includes_special Parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules)
 2011260 - ET WEB_SPECIFIC_APPS TVUPlayer ActiveX LangFileName method File overwrite Attempt (emerging-web_specific_apps.rules)
 2011261 - ET WEB_SPECIFIC_APPS TVUPlayer ActiveX LangFileName method File overwrite Function Call (emerging-web_specific_apps.rules)
 2011268 - ET WEB_SPECIFIC_APPS Oracle Business Process Management context Parameter Cross Site Scripting Attempt (emerging-web_specific_apps.rules)
 2011269 - ET TROJAN Downloader.Win32.Small (emerging-virus.rules)


[///]     Modified active rules:     [///]

 2011245 - ET WEB_CLIENT PDF Containing Windows Commands Downloaded (emerging-web_client.rules)
 2011246 - ET WEB_CLIENT Likely Malicious PDF Containing StrReverse (emerging-web_client.rules)
 2011247 - ET USER_AGENTS Forthgoer User Agent - Likely Hostile (emerging-user_agents.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (19):
        2011245 || ET WEB_CLIENT PDF Containing Windows Commands Downloaded || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Adobe || url,doc.emergingthreats.net/2011245
        2011246 || ET WEB_CLIENT Likely Malicious PDF Containing StrReverse || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Adobe || url,doc.emergingthreats.net/2011246
        2011247 || ET USER_AGENTS Forthgoer User Agent - Likely Hostile || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Forthgoer || url,doc.emergingthreats.net/2011247
        2011248 || ET USER_AGENTS Suspicious User Agent (XieHongWei-HttpDown/2.0) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_XieHongWie || url,doc.emergingthreats.net/2011248
        2011249 || ET WEB_CLIENT RSP MP3 Player OCX ActiveX OpenFile Method Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_RSP || url,doc.emergingthreats.net/2011249 || url,packetstormsecurity.org/1007-exploits/rspmp3-overflow.txt || url,exploit-db.com/exploits/14309/
        2011250 || ET WEB_CLIENT Image22 ActiveX DrawIcon Method Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Image22 || url,doc.emergingthreats.net/2011250 || url,exploit-db.com/exploits/14321/
        2011251 || ET WEB_CLIENT FathFTP ActiveX Control GetFromURL Method Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_FathFTP || url,doc.emergingthreats.net/2011251 || url,exploit-db.com/exploits/14269/
        2011252 || ET WEB_CLIENT FathFTP ActiveX Control RasIsConnected Method Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_FathFTP || url,doc.emergingthreats.net/2011252 || url,exploit-db.com/exploits/14269/
        2011253 || ET WEB_CLIENT Registry OCX ActiveX FullPath Method Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_RegistryOCX || url,doc.emergingthreats.net/2011253 || url,exploit-db.com/exploits/14200/
        2011254 || ET WEB_SPECIFIC_APPS Redaxo CMS index.inc.php Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Redaxo || url,doc.emergingthreats.net/2011254 || url,exploit-db.com/exploits/12276 || url,vupen.com/english/advisories/2010/0942
        2011255 || ET WEB_SPECIFIC_APPS Redaxo CMS specials.inc.php Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Redaxo || url,doc.emergingthreats.net/2011255 || url,exploit-db.com/exploits/12276 || url,vupen.com/english/advisories/2010/0942
        2011256 || ET WEB_SPECIFIC_APPS FireStats window-add-excluded-ip.php Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_FireStats || url,doc.emergingthreats.net/2011256 || url,h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html || url,secunia.com/advisories/40569/
        2011257 || ET WEB_SPECIFIC_APPS FireStats window-add-excluded-url.php Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_FireStats || url,doc.emergingthreats.net/2011257 || url,h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html || url,secunia.com/advisories/40569/
        2011258 || ET WEB_SPECIFIC_APPS FireStats window-new-edit-site.php Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_FireStats || url,doc.emergingthreats.net/2011258 || url,h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html || url,secunia.com/advisories/40569/
        2011259 || ET WEB_SPECIFIC_APPS MAXcms fm_includes_special Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_MaxCMS || url,doc.emergingthreats.net/2011259 || url,vupen.com/english/advisories/2009/2136 || url,inj3ct0r.com/exploits/5609
        2011260 || ET WEB_SPECIFIC_APPS TVUPlayer ActiveX LangFileName method File overwrite Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_TVUPlayer || url,doc.emergingthreats.net/2011260 || url,www.dsecrg.com/pages/vul/show.php?id=165
        2011261 || ET WEB_SPECIFIC_APPS TVUPlayer ActiveX LangFileName method File overwrite Function Call || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_TVUPlayer || url,doc.emergingthreats.net/2011261 || url,www.dsecrg.com/pages/vul/show.php?id=165
        2011268 || ET WEB_SPECIFIC_APPS Oracle Business Process Management context Parameter Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Oracle || url,doc.emergingthreats.net/2011268 || url,secunia.com/advisories/40605 || url,exploit-db.com/exploits/14369/
        2011269 || ET TROJAN Downloader.Win32.Small

     -> Added to emerging-sid-msg.map.txt (19):
        2011245 || ET WEB_CLIENT PDF Containing Windows Commands Downloaded || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Adobe || url,doc.emergingthreats.net/2011245
        2011246 || ET WEB_CLIENT Likely Malicious PDF Containing StrReverse || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Adobe || url,doc.emergingthreats.net/2011246
        2011247 || ET USER_AGENTS Forthgoer User Agent - Likely Hostile || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_Forthgoer || url,doc.emergingthreats.net/2011247
        2011248 || ET USER_AGENTS Suspicious User Agent (XieHongWei-HttpDown/2.0) || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/USER_AGENTS/USER_AGENTS_XieHongWie || url,doc.emergingthreats.net/2011248
        2011249 || ET WEB_CLIENT RSP MP3 Player OCX ActiveX OpenFile Method Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_RSP || url,doc.emergingthreats.net/2011249 || url,packetstormsecurity.org/1007-exploits/rspmp3-overflow.txt || url,exploit-db.com/exploits/14309/
        2011250 || ET WEB_CLIENT Image22 ActiveX DrawIcon Method Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_Image22 || url,doc.emergingthreats.net/2011250 || url,exploit-db.com/exploits/14321/
        2011251 || ET WEB_CLIENT FathFTP ActiveX Control GetFromURL Method Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_FathFTP || url,doc.emergingthreats.net/2011251 || url,exploit-db.com/exploits/14269/
        2011252 || ET WEB_CLIENT FathFTP ActiveX Control RasIsConnected Method Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_FathFTP || url,doc.emergingthreats.net/2011252 || url,exploit-db.com/exploits/14269/
        2011253 || ET WEB_CLIENT Registry OCX ActiveX FullPath Method Buffer Overflow Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_CLIENT/WEB_RegistryOCX || url,doc.emergingthreats.net/2011253 || url,exploit-db.com/exploits/14200/
        2011254 || ET WEB_SPECIFIC_APPS Redaxo CMS index.inc.php Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Redaxo || url,doc.emergingthreats.net/2011254 || url,exploit-db.com/exploits/12276 || url,vupen.com/english/advisories/2010/0942
        2011255 || ET WEB_SPECIFIC_APPS Redaxo CMS specials.inc.php Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Redaxo || url,doc.emergingthreats.net/2011255 || url,exploit-db.com/exploits/12276 || url,vupen.com/english/advisories/2010/0942
        2011256 || ET WEB_SPECIFIC_APPS FireStats window-add-excluded-ip.php Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_FireStats || url,doc.emergingthreats.net/2011256 || url,h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html || url,secunia.com/advisories/40569/
        2011257 || ET WEB_SPECIFIC_APPS FireStats window-add-excluded-url.php Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_FireStats || url,doc.emergingthreats.net/2011257 || url,h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html || url,secunia.com/advisories/40569/
        2011258 || ET WEB_SPECIFIC_APPS FireStats window-new-edit-site.php Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_FireStats || url,doc.emergingthreats.net/2011258 || url,h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html || url,secunia.com/advisories/40569/
        2011259 || ET WEB_SPECIFIC_APPS MAXcms fm_includes_special Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_MaxCMS || url,doc.emergingthreats.net/2011259 || url,vupen.com/english/advisories/2009/2136 || url,inj3ct0r.com/exploits/5609
        2011260 || ET WEB_SPECIFIC_APPS TVUPlayer ActiveX LangFileName method File overwrite Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_TVUPlayer || url,doc.emergingthreats.net/2011260 || url,www.dsecrg.com/pages/vul/show.php?id=165
        2011261 || ET WEB_SPECIFIC_APPS TVUPlayer ActiveX LangFileName method File overwrite Function Call || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_TVUPlayer || url,doc.emergingthreats.net/2011261 || url,www.dsecrg.com/pages/vul/show.php?id=165
        2011268 || ET WEB_SPECIFIC_APPS Oracle Business Process Management context Parameter Cross Site Scripting Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Oracle || url,doc.emergingthreats.net/2011268 || url,secunia.com/advisories/40605 || url,exploit-db.com/exploits/14369/
        2011269 || ET TROJAN Downloader.Win32.Small

     -> Added to emerging-web_specific_apps.rules (1):
        #By stillsecure

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-sid-msg.map (3):
        2011245 || ET WEB_CLIENT PDF Containing Windows Commands Downloaded
        2011246 || ET WEB_CLIENT Likely Malicious PDF Containing StrReverse
        2011247 || ET USER_AGENTS Forthgoer User Agent - Likely Hostile

     -> Removed from emerging-sid-msg.map.txt (3):
        2011245 || ET WEB_CLIENT PDF Containing Windows Commands Downloaded
        2011246 || ET WEB_CLIENT Likely Malicious PDF Containing StrReverse
        2011247 || ET USER_AGENTS Forthgoer User Agent - Likely Hostile



More information about the Emerging-updates mailing list