[Emerging-updates] Daily Ruleset Update Summary 2017/04/21

Travis Green tgreen at emergingthreats.net
Fri Apr 21 17:36:00 EDT 2017


[***]            Summary:            [***]

6 new Open, 23 new Pro (6 + 17). Bluecoat CAS, Unknown RIG Drop, Various
Phishing, Various Mobile

Thanks: rmkml, eSentire, @illegalFawn

[+++]          Added rules:          [+++]

Open:

 2003055 - ET POLICY Suspicious FTP 220 Banner on Local Port (-)
(policy.rules)
 2024231 - ET CURRENT_EVENTS Successful iCloud Phish Apr 20 2017
(current_events.rules)
 2024232 - ET CURRENT_EVENTS Successful Alitalia Airline Phish Apr 20 2017
(current_events.rules)
 2024233 - ET TROJAN Unknown Possibly Ransomware (Dropped by RIG) CnC
Beacon (trojan.rules)
 2024234 - ET EXPLOIT BlueCoat CAS v1.3.7.1 Report Email Command Injection
attempt (exploit.rules)
 2024235 - ET INFO DNS Query to Free Hosting Domain (freevnn . com)
(info.rules)

Pro:

 2826066 - ETPRO TROJAN Ransomware/Cerber Onion Domain Lookup (trojan.rules)
 2826067 - ETPRO MALWARE Win32/MyCleanPC.A PUP Checkin (malware.rules)
 2826068 - ETPRO MALWARE Win32/PUP User-Agent (USTechsupportStub)
(malware.rules)
 2826069 - ETPRO TROJAN Ipdlacsing Checkin (trojan.rules)
 2826070 - ETPRO TROJAN Unknown Downloader Dropped by CVE-2017-0199
(trojan.rules)
 2826071 - ETPRO MOBILE_MALWARE RiskTool.AndroidOS.SmsPay.ek CnC Beacon
(mobile_malware.rules)
 2826072 - ETPRO MOBILE_MALWARE Android/Adware.Kuguo.C Checkin 2
(mobile_malware.rules)
 2826073 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
 2826074 - ETPRO TROJAN ZLoader Malicious SSL Cert Observed (trojan.rules)
 2826075 - ETPRO TROJAN Zloader Domain in SNI (trojan.rules)
 2826076 - ETPRO TROJAN DNS Query to Cerber Domain (1m3xsy . top)
(trojan.rules)
 2826077 - ETPRO TROJAN DNS Query to Cerber Domain (12bxp9 . top)
(trojan.rules)
 2826078 - ETPRO TROJAN DNS Query to Cerber Domain (1jpb8w . top)
(trojan.rules)
 2826079 - ETPRO TROJAN DNS Query to Cerber Domain (19hj4f . top)
(trojan.rules)
 2826080 - ETPRO CURRENT_EVENTS Successful TD Bank Phish M1 Apr 21 2017
(current_events.rules)
 2826081 - ETPRO CURRENT_EVENTS Successful TD Bank Phish M2 Apr 21 2017
(current_events.rules)
 2826082 - ETPRO TROJAN Unknown Backdoor Checkin (trojan.rules)


[+++]  Enabled and modified rules:   [+++]

 2003466 - ET WEB_SERVER PHP Attack Tool Morfeus F Scanner
(web_server.rules)
 2003479 - ET POLICY Radmin Remote Control Session Setup Initiate
(policy.rules)
 2003481 - ET POLICY Radmin Remote Control Session Authentication Initiate
(policy.rules)
 2003482 - ET POLICY Radmin Remote Control Session Authentication Response
(policy.rules)
 2003869 - ET SCAN ProxyReconBot CONNECT method to Mail (scan.rules)


[///]     Modified active rules:     [///]

 2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (policy.rules)
 2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (policy.rules)
 2019401 - ET POLICY Vulnerable Java Version 1.8.x Detected (policy.rules)
 2024224 - ET WEB_CLIENT Office Requesting .HTA File Likely CVE-2017-0199
Request (web_client.rules)
 2809063 - ETPRO MOBILE_MALWARE DroidKungFu Checkin 5 (mobile_malware.rules)


[///]    Modified inactive rules:    [///]

 2003870 - ET SCAN ProxyReconBot POST method to Mail (scan.rules)


[---]  Disabled and modified rules:  [---]

 2003340 - ET MALWARE Baidu.com Spyware Bar Reporting (malware.rules)
 2003341 - ET MALWARE Baidu.com Spyware Bar Pulling Content (malware.rules)
 2003578 - ET MALWARE Baidu.com Spyware Bar Pulling Data (malware.rules)
 2003604 - ET POLICY Baidu.com Agent User-Agent (Desktop Web System)
(policy.rules)
 2003608 - ET POLICY Baidu.com Related Agent User-Agent (iexp)
(policy.rules)


[---]         Disabled rules:        [---]

 2000335 - ET P2P Overnet (Edonkey) Server Announce (p2p.rules)
 2001296 - ET P2P eDonkey File Status (p2p.rules)
 2001297 - ET P2P eDonkey File Status Request (p2p.rules)
 2001299 - ET P2P eDonkey Server Status (p2p.rules)
 2003196 - ET EXPLOIT FTP .message file write (exploit.rules)
 2003197 - ET EXPLOIT ProFTPD .message file overflow attempt (exploit.rules)
 2008826 - ET WEB_SPECIFIC_APPS Way Of The Warrior crea.php plancia Remote
File Inclusion (web_specific_apps.rules)
 2008871 - ET WEB_SPECIFIC_APPS phpFan init.php Remote File Inclusion
(web_specific_apps.rules)
 2008879 - ET WEB_SPECIFIC_APPS Free Directory Script 1.1.1 API_HOME_DIR
parameter Remote File Inclusion (web_specific_apps.rules)
 2008899 - ET WEB_SPECIFIC_APPS Pie RSS module lib parameter remote file
inclusion (web_specific_apps.rules)
 2008900 - ET WEB_SPECIFIC_APPS ModernBill export_batch.inc.php DIR
Parameter Remote File Inclusion (web_specific_apps.rules)
 2008901 - ET WEB_SPECIFIC_APPS ModernBill run_auto_suspend.cron.php DIR
Parameter Remote File Inclusion (web_specific_apps.rules)
 2008902 - ET WEB_SPECIFIC_APPS ModernBill send_email_cache.php DIR
Parameter Remote File Inclusion (web_specific_apps.rules)
 2008903 - ET WEB_SPECIFIC_APPS ModernBill 2checkout_return.inc.php DIR
Parameter Remote File Inclusion (web_specific_apps.rules)
 2008904 - ET WEB_SPECIFIC_APPS ModernBill nettools.popup.php DIR Parameter
Remote File Inclusion (web_specific_apps.rules)
 2008922 - ET WEB_SPECIFIC_APPS Nitrotech common.php root Parameter Remote
File Inclusion (web_specific_apps.rules)
 2008935 - ET WEB_SPECIFIC_APPS Werner Hilversum FAQ Manager header.php
config_path parameter Remote File Inclusion (web_specific_apps.rules)
 2008962 - ET WEB_SPECIFIC_APPS PHPmyGallery confdir parameter Remote File
Inclusion (web_specific_apps.rules)
 2008964 - ET WEB_SPECIFIC_APPS lcxBBportal Alpha portal_block.php
phpbb_root_path parameter Remote File Inclusion (web_specific_apps.rules)
 2008965 - ET WEB_SPECIFIC_APPS lcxBBportal Alpha acp_lcxbbportal.php
phpbb_root_path parameter Remote File Inclusion (web_specific_apps.rules)
 2008966 - ET WEB_SPECIFIC_APPS ccTiddly index.php cct_base parameter
Remote File Inclusion (web_specific_apps.rules)
 2008967 - ET WEB_SPECIFIC_APPS ccTiddly proxy.php cct_base parameter
Remote File Inclusion (web_specific_apps.rules)
 2008968 - ET WEB_SPECIFIC_APPS ccTiddly header.php cct_base parameter
Remote File Inclusion (web_specific_apps.rules)
 2008969 - ET WEB_SPECIFIC_APPS ccTiddly include.php cct_base parameter
Remote File Inclusion (web_specific_apps.rules)
 2008970 - ET WEB_SPECIFIC_APPS ccTiddly workspace.php cct_base parameter
Remote File Inclusion (web_specific_apps.rules)
 2008996 - ET WEB_SPECIFIC_APPS Simple Text-File Login script slogin_path
parameter remote file inclusion (web_specific_apps.rules)
 2009018 - ET WEB_SPECIFIC_APPS Text Lines Rearrange Script filename
parameter File Disclosure (web_specific_apps.rules)
 2009059 - ET WEB_SPECIFIC_APPS Recly Feederator add_tmsp.php
mosConfig_absolute_path parameter remote file inclusion
(web_specific_apps.rules)
 2009060 - ET WEB_SPECIFIC_APPS Recly Feederator edit_tmsp.php
mosConfig_absolute_path parameter remote file inclusion
(web_specific_apps.rules)
 2009061 - ET WEB_SPECIFIC_APPS Recly Feederator subscription.php GLOBALS
mosConfig_absolute_path parameter remote file inclusion
(web_specific_apps.rules)
 2009062 - ET WEB_SPECIFIC_APPS Recly Feederator tmsp.php
mosConfig_absolute_path parameter remote file inclusion
(web_specific_apps.rules)
 2009086 - ET WEB_SPECIFIC_APPS playSMS init.php apps_path themes parameter
remote file inclusion (web_specific_apps.rules)
 2009088 - ET WEB_SPECIFIC_APPS playSMS function.php apps_path libs
parameter remote file inclusion (web_specific_apps.rules)
 2009101 - ET WEB_SPECIFIC_APPS REALTOR define.php Remote File Inclusion
(web_specific_apps.rules)
 2009123 - ET WEB_SPECIFIC_APPS SezHoo SezHooTabsAndActions.php IP
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009141 - ET WEB_SPECIFIC_APPS MiNBank utdb_access.php minsoft_path
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009142 - ET WEB_SPECIFIC_APPS MiNBank utgn_message.php minsoft_path
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009163 - ET WEB_SPECIFIC_APPS GBook header.php abspath Parameter Remote
File Inclusion (web_specific_apps.rules)
 2009164 - ET WEB_SPECIFIC_APPS openEngine filepool.php oe_classpath
parameter Remote File Inclusion (web_specific_apps.rules)
 2009165 - ET WEB_SPECIFIC_APPS Barcode Generator LSTable.php class_dir
parameter Remote File Inclusion (web_specific_apps.rules)
 2009166 - ET WEB_SPECIFIC_APPS Concord Consortium CoAST header.php
sections_file parameter remote file inclusion (web_specific_apps.rules)
 2009167 - ET WEB_SPECIFIC_APPS AdaptCMS Lite rss_importer_functions.php
sitepath Parameter Remote File Inclusion (web_specific_apps.rules)
 2009179 - ET WEB_SPECIFIC_APPS SnippetMaster vars.inc.php _SESSION
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009180 - ET WEB_SPECIFIC_APPS SnippetMaster pcltar.lib.php
g_pcltar_lib_dir Parameter Remote File Inclusion (web_specific_apps.rules)
 2009188 - ET WEB_SPECIFIC_APPS gapicms toolbar.php dirDepth Parameter
Remote File Inclusion (web_specific_apps.rules)
 2009190 - ET WEB_SPECIFIC_APPS YACS update_trailer.php context Parameter
Remote File Inclusion (web_specific_apps.rules)
 2009196 - ET WEB_SPECIFIC_APPS Basebuilder main.inc.php mj_config
Parameter Remote File inclusion (web_specific_apps.rules)
 2009225 - ET WEB_SPECIFIC_APPS ea-gBook index_inc.php inc_ordner parameter
remote file inclusion (web_specific_apps.rules)
 2009307 - ET WEB_SPECIFIC_APPS WeBid cron.php include_path Parameter
Remote File Inclusion (web_specific_apps.rules)
 2009309 - ET WEB_SPECIFIC_APPS WeBid ST_browsers.php include_path
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009311 - ET WEB_SPECIFIC_APPS WeBid ST_countries.php include_path
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009313 - ET WEB_SPECIFIC_APPS WeBid ST_platforms.php include_path
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009321 - ET WEB_SPECIFIC_APPS rgboard footer.php _path parameter remote
file inclusion (web_specific_apps.rules)
 2009333 - ET WEB_SPECIFIC_APPS ODARS resource_categories_view.php
CLASSES_ROOT parameter Remote file inclusion (web_specific_apps.rules)
 2009354 - ET TROJAN Bredolab Downloader Communicating With Controller (2)
(trojan.rules)
 2009360 - ET TROJAN Bredolab Check In (trojan.rules)
 2009364 - ET WEB_SPECIFIC_APPS Beerwins PHPLinkAdmin linkadmin.php page
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009367 - ET WEB_SPECIFIC_APPS cmsWorks lib.module.php mod_root Parameter
Remote File Inclusion (web_specific_apps.rules)
 2009370 - ET WEB_SPECIFIC_APPS Boonex Dolphin HTMLSax3.php Remote File
Inclusion (web_specific_apps.rules)
 2009371 - ET WEB_SPECIFIC_APPS Boonex Dolphin safehtml.php Remote File
Inclusion (web_specific_apps.rules)
 2009372 - ET WEB_SPECIFIC_APPS Boonex Dolphin content.inc.php Remote File
Inclusion (web_specific_apps.rules)
 2009378 - ET WEB_SPECIFIC_APPS Acute Control Panel container.php
theme_directory parameter remote file inclusion (web_specific_apps.rules)
 2009379 - ET WEB_SPECIFIC_APPS Acute Control Panel header.php
theme_directory parameter remote file inclusion (web_specific_apps.rules)
 2009381 - ET WEB_SPECIFIC_APPS Interact embedforum.php Remote File
Inclusion (web_specific_apps.rules)
 2009382 - ET WEB_SPECIFIC_APPS Agares Media ThemeSiteScript
frontpage_right.php Remote File Inclusion (web_specific_apps.rules)
 2009386 - ET WEB_SPECIFIC_APPS Interact lib.inc.php Remote File Inclusion
(web_specific_apps.rules)
 2009388 - ET TROJAN Bredolab Downloader Response Binaries from Controller
(trojan.rules)
 2009397 - ET WEB_SPECIFIC_APPS phpProfiles body_comm.inc.php content
parameter remote file inclusion (web_specific_apps.rules)
 2009398 - ET WEB_SPECIFIC_APPS HoMaP plugin_admin.php _settings Parameter
Remote File Inclusion (web_specific_apps.rules)
 2009415 - ET WEB_SPECIFIC_APPS PhpBlock basicfogfactory.class.php
PATH_TO_CODE Parameter Remote File Inclusion (web_specific_apps.rules)
 2009416 - ET WEB_SPECIFIC_APPS txtSQL startup.php CFG Parameter Remote
File Inclusion (web_specific_apps.rules)
 2009427 - ET WEB_SPECIFIC_APPS Grape Web Statistics functions.php location
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009435 - ET WEB_SPECIFIC_APPS e107 123 FlashChat Module 123flashchat.php
e107path Parameter Remote File Inclusion (web_specific_apps.rules)
 2009459 - ET WEB_SPECIFIC_APPS Orlando CMS classes init.php GLOBALS
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009460 - ET WEB_SPECIFIC_APPS Orlando CMS newscat.php GLOBALS Parameter
Remote File Inclusion (web_specific_apps.rules)
 2009466 - ET WEB_SPECIFIC_APPS Recly Competitions Component add.php
GLOBALS Parameter Remote File Inclusion (web_specific_apps.rules)
 2009467 - ET WEB_SPECIFIC_APPS Recly Competitions Component
competitions.php GLOBALS Parameter Remote File Inclusion
(web_specific_apps.rules)
 2009468 - ET WEB_SPECIFIC_APPS Recly Competitions Component settings.php
mosConfig_absolute_path Parameter Remote File Inclusion
(web_specific_apps.rules)
 2009484 - ET WEB_SERVER Cpanel lastvisit.html Arbitary file disclosure
(web_server.rules)
 2009501 - ET WEB_SPECIFIC_APPS nweb2fax viewrq.php var_filename Parameter
Directory Traversal (web_specific_apps.rules)
 2009502 - ET WEB_SPECIFIC_APPS Quantum Game Library server_request.php
CONFIG Parameter Remote File Inclusion (web_specific_apps.rules)
 2009504 - ET WEB_SPECIFIC_APPS Quantum Game Library smarty.inc.php CONFIG
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009506 - ET WEB_SPECIFIC_APPS Falcon Series One sitemap.xml.php dir
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009587 - ET WEB_SPECIFIC_APPS Virtualmin left.cgi XSS attempt
 (web_specific_apps.rules)
 2009588 - ET WEB_SPECIFIC_APPS Virtualmin link.cgi XSS attempt
 (web_specific_apps.rules)
 2009589 - ET WEB_SPECIFIC_APPS Virtualmin Anonymous Proxy attempt
(web_specific_apps.rules)
 2009590 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb edituser.php XSS
attempt (web_specific_apps.rules)
 2009591 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb console.php XSS attempt
(web_specific_apps.rules)
 2009592 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb forcesd.php XSS attempt
(web_specific_apps.rules)
 2009593 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb forcerestart.php XSS
attempt (web_specific_apps.rules)
 2009594 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb changepw.php CSRF
attempt (web_specific_apps.rules)
 2009595 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb hardstopvm.php CSRF
attempt (web_specific_apps.rules)
 2009596 - ET WEB_SPECIFIC_APPS Citrix XenCenterWeb writeconfig.php Remote
Command Execution attempt (web_specific_apps.rules)
 2009653 - ET WEB_SPECIFIC_APPS SMA-DB format.php _page_css Parameter
Remote File Inclusion (web_specific_apps.rules)
 2009654 - ET WEB_SPECIFIC_APPS SMA-DB format.php _page_javascript
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009656 - ET WEB_SPECIFIC_APPS SMA-DB format.php _page_content Parameter
Remote File Inclusion (web_specific_apps.rules)
 2009663 - ET WEB_SPECIFIC_APPS TotalCalendar config.php inc_dir Parameter
Remote File Inclusion (web_specific_apps.rules)
 2009693 - ET WEB_SPECIFIC_APPS Zen Cart Remote Code Execution
 (web_specific_apps.rules)
 2009717 - ET WEB_SPECIFIC_APPS 1024 CMS standard.php page_include
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009723 - ET WEB_SPECIFIC_APPS QuickTeam qte_web.php qte_web_path
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009733 - ET WEB_SPECIFIC_APPS Golabi index_logged.php cur_module
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009736 - ET WEB_SPECIFIC_APPS ProjectCMS select_image.php dir Parameter
Directory Traversal (web_specific_apps.rules)
 2009737 - ET WEB_SPECIFIC_APPS ProjectCMS admin_theme_remove.php file
Parameter Remote Directory Delete (web_specific_apps.rules)
 2009754 - ET WEB_SPECIFIC_APPS Clickheat install.clickheat.php
mosConfig_absolute_path Remote File Inclusion (web_specific_apps.rules)
 2009755 - ET WEB_SPECIFIC_APPS Clickheat _main.php mosConfig_absolute_path
Parameter Remote File Inclusion - 1 (web_specific_apps.rules)
 2009756 - ET WEB_SPECIFIC_APPS Clickheat main.php mosConfig_absolute_path
Parameter Remote File Inclusion - 2 (web_specific_apps.rules)
 2009757 - ET WEB_SPECIFIC_APPS Clickheat Cache.php mosConfig_absolute_path
Remote File Inclusion (web_specific_apps.rules)
 2009758 - ET WEB_SPECIFIC_APPS Clickheat Clickheat_Heatmap.php
mosConfig_absolute_path Remote File Inclusion (web_specific_apps.rules)
 2009759 - ET WEB_SPECIFIC_APPS Clickheat GlobalVariables.php
mosConfig_absolute_path Remote File Inclusion - 1 (web_specific_apps.rules)
 2009760 - ET WEB_SPECIFIC_APPS Clickheat main.php mosConfig_absolute_path
Parameter Remote File Inclusion -2 (web_specific_apps.rules)
 2009788 - ET WEB_SPECIFIC_APPS RSS-aggregator display.php path Parameter
Remote File Inclusion (web_specific_apps.rules)
 2009793 - ET WEB_SPECIFIC_APPS PHP Crawler footer.php footer_file
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009846 - ET WEB_SPECIFIC_APPS WB News global.php config Parameter Remote
File Inclusion (web_specific_apps.rules)
 2009848 - ET WEB_SPECIFIC_APPS Dragoon header.inc.php root Parameter
Remote File Inclusion (web_specific_apps.rules)
 2009871 - ET WEB_SPECIFIC_APPS PHPauction GPL converter.inc.php
include_path Parameter Remote File Inclusion (web_specific_apps.rules)
 2009872 - ET WEB_SPECIFIC_APPS PHPauction GPL messages.inc.php
include_path Parameter Remote File Inclusion (web_specific_apps.rules)
 2009873 - ET WEB_SPECIFIC_APPS PHPauction GPL settings.inc.php
include_path Parameter Remote File Inclusion (web_specific_apps.rules)
 2009874 - ET WEB_SPECIFIC_APPS cpCommerce _functions.php GLOBALS Parameter
Remote File Inclusion (web_specific_apps.rules)
 2009877 - ET WEB_SPECIFIC_APPS VirtueMart Google Base Component
admin.googlebase.php Remote File Inclusion (web_specific_apps.rules)
 2009898 - ET WEB_SPECIFIC_APPS Pragyan CMS form.lib.php sourceFolder
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009903 - ET WEB_SPECIFIC_APPS AdaptBB latestposts.php forumspath
Parameter Remote File Inclusion (web_specific_apps.rules)
 2009925 - ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script function_core.php
web_root Parameter Remote File Inclusion (web_specific_apps.rules)
 2009927 - ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script layout_lyrics.php
web_root Parameter Remote File Inclusion (web_specific_apps.rules)
 2010027 - ET WEB_SPECIFIC_APPS DM Albums album.php SECURITY_FILE Parameter
Remote File Inclusion (web_specific_apps.rules)
 2010072 - ET TROJAN Bredolab Infection - Windows Key (trojan.rules)
 2010092 - ET WEB_SPECIFIC_APPS Webradev Download Protect
EmailTemplates.class.php Remote File Inclusion (web_specific_apps.rules)
 2010093 - ET WEB_SPECIFIC_APPS Webradev Download Protect
PDPEmailReplaceConstants.class.php Remote File Inclusion
(web_specific_apps.rules)
 2010094 - ET WEB_SPECIFIC_APPS Webradev Download Protect
ResellersManager.class.php Remote File Inclusion (web_specific_apps.rules)
 2010095 - ET WEB_SPECIFIC_APPS PHPGenealogy CoupleDB.php DataDirectory
Parameter Remote File Inclusion (web_specific_apps.rules)
 2010096 - ET WEB_SPECIFIC_APPS GROUP-E head_auth.php CFG Parameter Remote
File Inclusion (web_specific_apps.rules)
 2010099 - ET WEB_SPECIFIC_APPS News Manager ch_readalso.php
read_xml_include Parameter Remote File Inclusion (web_specific_apps.rules)
 2010126 - ET WEB_SPECIFIC_APPS Ultrize TimeSheet timesheet.php include_dir
Parameter Remote File Inclusion (web_specific_apps.rules)
 2010191 - ET WEB_SPECIFIC_APPS justVisual contact.php fs_jVroot Parameter
Remote File Inclusion (web_specific_apps.rules)
 2010192 - ET WEB_SPECIFIC_APPS justVisual pageTemplate.php fs_jVroot
Parameter Remote File Inclusion (web_specific_apps.rules)
 2010193 - ET WEB_SPECIFIC_APPS justVisual utilities.php fs_jVroot
Parameter Remote File Inclusion (web_specific_apps.rules)
 2010252 - ET WEB_SPECIFIC_APPS Datalife Engine api.class.php
dle_config_api Parameter Remote File Inclusion (web_specific_apps.rules)
 2010359 - ET WEB_SPECIFIC_APPS FSphp FSphp.php FSPHP_LIB Parameter Remote
File Inclusion Attempt (web_specific_apps.rules)
 2010360 - ET WEB_SPECIFIC_APPS FSphp navigation.php FSPHP_LIB Parameter
Remote File Inclusion Attempt (web_specific_apps.rules)
 2010361 - ET WEB_SPECIFIC_APPS FSphp pathwirte.php FSPHP_LIB Parameter
Remote File Inclusion Attempt (web_specific_apps.rules)


[---]         Removed rules:         [---]

 2003055 - ET MALWARE Suspicious FTP 220 Banner on Local Port (-)
(malware.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170421/0f242a37/attachment-0001.html>


More information about the Emerging-updates mailing list