[Emerging-updates] Live Commit Output

emerging@emergingthreats.net emerging at emergingthreats.net
Wed Jun 9 18:02:51 EDT 2010


[***] Results from Oinkmaster started Wed Jun  9 18:02:51 2010 [***]

[///]     Modified active rules:     [///]

 2010859 - ET TROJAN Gh0st Trojan CnC (emerging-virus.rules)
 2010860 - ET TROJAN Gh0st Trojan CnC Response (emerging-virus.rules)
 2011164 - ET WEB_SPECIFIC_APPS 29o3 CMS pageDescriptionObject.php LibDir Parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules)
 2011165 - ET WEB_SPECIFIC_APPS 29o3 CMS layoutHeaderFuncs.php LibDir Parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules)
 2011167 - ET WEB_SPECIFIC_APPS 29o3 CMS layoutParser.php LibDir Parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules)
 2011168 - ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter SELECT FROM SQL Injection Attempt (emerging-web_specific_apps.rules)
 2011169 - ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter DELETE FROM SQL Injection Attempt (emerging-web_specific_apps.rules)
 2011170 - ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UNION SELECT SQL Injection Attempt (emerging-web_specific_apps.rules)
 2011171 - ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter INSERT INTO SQL Injection Attempt (emerging-web_specific_apps.rules)
 2011172 - ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UPDATE SET SQL Injection Attempt (emerging-web_specific_apps.rules)
 2011666 - ET WEB_SPECIFIC_APPS 29o3 CMS layoutManager.php LibDir Parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-sid-msg.map (11):
        2010859 || ET TROJAN Gh0st Trojan CnC || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Ghost || url,doc.emergingthreats.net/2010859
        2010860 || ET TROJAN Gh0st Trojan CnC Response || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Ghost || url,doc.emergingthreats.net/2010860
        2011164 || ET WEB_SPECIFIC_APPS 29o3 CMS pageDescriptionObject.php LibDir Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_29o3 || url,doc.emergingthreats.net/2011164 || bugtraq,40049 || url,exploit-db.com/exploits/12558
        2011165 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutHeaderFuncs.php LibDir Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_29o3 || url,doc.emergingthreats.net/2011165 || bugtraq,40049 || url,exploit-db.com/exploits/12558
        2011167 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutParser.php LibDir Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_29o3 || url,doc.emergingthreats.net/2011167 || bugtraq,40049 || url,exploit-db.com/exploits/12558
        2011168 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter SELECT FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHP_Nuke || url,doc.emergingthreats.net/2011168 || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011169 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter DELETE FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHP_Nuke || url,doc.emergingthreats.net/2011169 || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011170 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UNION SELECT SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHP_Nuke || url,doc.emergingthreats.net/2011170 || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011171 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter INSERT INTO SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHP_Nuke || url,doc.emergingthreats.net/2011171 || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011172 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UPDATE SET SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHP_Nuke || url,doc.emergingthreats.net/2011172 || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011666 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutManager.php LibDir Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_29o3 || url,doc.emergingthreats.net/2011666 || bugtraq,40049 || url,exploit-db.com/exploits/12558

     -> Added to emerging-sid-msg.map.txt (11):
        2010859 || ET TROJAN Gh0st Trojan CnC || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Ghost || url,doc.emergingthreats.net/2010859
        2010860 || ET TROJAN Gh0st Trojan CnC Response || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/VIRUS/TROJAN_Ghost || url,doc.emergingthreats.net/2010860
        2011164 || ET WEB_SPECIFIC_APPS 29o3 CMS pageDescriptionObject.php LibDir Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_29o3 || url,doc.emergingthreats.net/2011164 || bugtraq,40049 || url,exploit-db.com/exploits/12558
        2011165 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutHeaderFuncs.php LibDir Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_29o3 || url,doc.emergingthreats.net/2011165 || bugtraq,40049 || url,exploit-db.com/exploits/12558
        2011167 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutParser.php LibDir Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_29o3 || url,doc.emergingthreats.net/2011167 || bugtraq,40049 || url,exploit-db.com/exploits/12558
        2011168 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter SELECT FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHP_Nuke || url,doc.emergingthreats.net/2011168 || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011169 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter DELETE FROM SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHP_Nuke || url,doc.emergingthreats.net/2011169 || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011170 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UNION SELECT SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHP_Nuke || url,doc.emergingthreats.net/2011170 || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011171 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter INSERT INTO SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHP_Nuke || url,doc.emergingthreats.net/2011171 || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011172 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UPDATE SET SQL Injection Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_PHP_Nuke || url,doc.emergingthreats.net/2011172 || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011666 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutManager.php LibDir Parameter Remote File Inclusion Attempt || url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_29o3 || url,doc.emergingthreats.net/2011666 || bugtraq,40049 || url,exploit-db.com/exploits/12558

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-attack_response.rules (1):
        # $Id: emerging-attack_response.rules $

     -> Removed from emerging-current_events.rules (1):
        # $Id: emerging-current_events.rules $

     -> Removed from emerging-dos.rules (1):
        # $Id: emerging-dos.rules $

     -> Removed from emerging-exploit.rules (1):
        # $Id: emerging-exploit.rules $

     -> Removed from emerging-game.rules (1):
        # $Id: emerging-game.rules $

     -> Removed from emerging-inappropriate.rules (1):
        # $Id: emerging-inappropriate.rules $

     -> Removed from emerging-malware.rules (1):
        # $Id: emerging-malware.rules $

     -> Removed from emerging-p2p.rules (1):
        # $Id: emerging-p2p.rules $

     -> Removed from emerging-policy.rules (1):
        # $Id: emerging-policy.rules $

     -> Removed from emerging-scan.rules (1):
        # $Id: emerging-scan.rules $

     -> Removed from emerging-sid-msg.map (11):
        2010859 || ET TROJAN Gh0st Trojan CnC || url,doc.emergingthreats.net/2010859
        2010860 || ET TROJAN Gh0st Trojan CnC Response || url,doc.emergingthreats.net/2010860
        2011164 || ET WEB_SPECIFIC_APPS 29o3 CMS pageDescriptionObject.php LibDir Parameter Remote File Inclusion Attempt || bugtraq,40049 || url,exploit-db.com/exploits/12558
        2011165 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutHeaderFuncs.php LibDir Parameter Remote File Inclusion Attempt || bugtraq,40049 || url,exploit-db.com/exploits/12558
        2011167 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutParser.php LibDir Parameter Remote File Inclusion Attempt || bugtraq,40049 || url,exploit-db.com/exploits/12558
        2011168 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter SELECT FROM SQL Injection Attempt || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011169 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter DELETE FROM SQL Injection Attempt || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011170 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UNION SELECT SQL Injection Attempt || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011171 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter INSERT INTO SQL Injection Attempt || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011172 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UPDATE SET SQL Injection Attempt || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011666 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutManager.php LibDir Parameter Remote File Inclusion Attempt || bugtraq,40049 || url,exploit-db.com/exploits/12558

     -> Removed from emerging-sid-msg.map.txt (11):
        2010859 || ET TROJAN Gh0st Trojan CnC || url,doc.emergingthreats.net/2010859
        2010860 || ET TROJAN Gh0st Trojan CnC Response || url,doc.emergingthreats.net/2010860
        2011164 || ET WEB_SPECIFIC_APPS 29o3 CMS pageDescriptionObject.php LibDir Parameter Remote File Inclusion Attempt || bugtraq,40049 || url,exploit-db.com/exploits/12558
        2011165 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutHeaderFuncs.php LibDir Parameter Remote File Inclusion Attempt || bugtraq,40049 || url,exploit-db.com/exploits/12558
        2011167 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutParser.php LibDir Parameter Remote File Inclusion Attempt || bugtraq,40049 || url,exploit-db.com/exploits/12558
        2011168 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter SELECT FROM SQL Injection Attempt || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011169 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter DELETE FROM SQL Injection Attempt || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011170 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UNION SELECT SQL Injection Attempt || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011171 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter INSERT INTO SQL Injection Attempt || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011172 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UPDATE SET SQL Injection Attempt || bugtraq,39992 || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt
        2011666 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutManager.php LibDir Parameter Remote File Inclusion Attempt || bugtraq,40049 || url,exploit-db.com/exploits/12558

     -> Removed from emerging-user_agents.rules (1):
        # $Id: emerging-user_agents.rules $

     -> Removed from emerging-virus.rules (1):
        # $Id: emerging-virus.rules $

     -> Removed from emerging-voip.rules (1):
        # $Id: emerging-voip.rules $

     -> Removed from emerging-web.rules (1):
        # $Id: emerging-web.rules $

     -> Removed from emerging-web_client.rules (1):
        # $Id: emerging-web_client.rules $

     -> Removed from emerging-web_server.rules (1):
        # $Id: emerging-web-server.rules $

     -> Removed from emerging-web_specific_apps.rules (1):
        # $Id: emerging-web_specific_apps.rules $

     -> Removed from emerging-web_sql_injection.rules (1):
        # $Id: emerging-web_sql_injection.rules $



More information about the Emerging-updates mailing list