[Emerging-updates] Daily Ruleset Update Summary 2017/07/12

Travis Green tgreen at emergingthreats.net
Wed Jul 12 17:30:37 EDT 2017


[***]            Summary:            [***]

6 new Open, 21 new Pro (6 + 15). Winnti-related DNS, LockPOS, Ovidiy
Stealer, Various Phishing, Various Mobile.


[+++]          Added rules:          [+++]

Open:

 2024456 - ET TROJAN Possible Winnti-related DNS Lookup (vps2java
.securitytactics .com) (trojan.rules)
 2024457 - ET TROJAN Possible Winnti-related DNS Lookup (job .yoyakuweb
.technology) (trojan.rules)
 2024458 - ET TROJAN Possible Winnti-related DNS Lookup (resume
.immigrantlol .com) (trojan.rules)
 2024459 - ET TROJAN Possible Winnti-related DNS Lookup (macos .exoticlol
.com) (trojan.rules)
 2024460 - ET TROJAN Possible Winnti-related DNS Lookup (css
.google-statics .com) (trojan.rules)
 2024461 - ET TROJAN LockPOS CnC (trojan.rules)

Pro:

 2827107 - ETPRO TROJAN Cmstar/Meciv related Stage2 SSL Cert (trojan.rules)
 2827108 - ETPRO TROJAN Unknown Implant CnC Beacon (trojan.rules)
 2827109 - ETPRO TROJAN Unknown Win32/Go Implant CnC Beacon 1 (trojan.rules)
 2827110 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin
175 (mobile_malware.rules)
 2827111 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.JX CnC Beacon
(mobile_malware.rules)
 2827112 - ETPRO MOBILE_MALWARE Android/Spy.SmsSpy.JX Download
(mobile_malware.rules)
 2827113 - ETPRO TROJAN Observed DNS Query to Ovidiy Stealer CnC Domain
(trojan.rules)
 2827114 - ETPRO TROJAN MSIL/Ovidiy Stealer CnC Checkin (trojan.rules)
 2827115 - ETPRO TROJAN MSIL/Ovidiy Stealer Reporting Passwords
(trojan.rules)
 2827116 - ETPRO MOBILE_MALWARE Android/TrojanDropper.Agent.BCS Checkin
(mobile_malware.rules)
 2827117 - ETPRO TROJAN Zeus Panda Banker Malicious SSL Certificate
Detected (trojan.rules)
 2827118 - ETPRO TROJAN Volk-Botnet Downloader Retrieving Payload
(trojan.rules)
 2827119 - ETPRO TROJAN Volk-Botnet Downloader User-Agent Observed
(hackThemAll) (trojan.rules)
 2827120 - ETPRO TROJAN Volk-Botnet Downloader User-Agent Observed
(wininet_test) (trojan.rules)
 2827121 - ETPRO TROJAN Unknown Downloader DNS Query (trojan.rules)


[///]     Modified active rules:     [///]

 2014726 - ET POLICY Outdated Flash Version M1 (policy.rules)
 2021692 - ET CURRENT_EVENTS Possible Successful Generic Phish - Credit
Card (current_events.rules)
 2021693 - ET CURRENT_EVENTS Possible Successful Generic Phish - Three
Security Questions (current_events.rules)
 2021890 - ET CURRENT_EVENTS Successful Phish Outlook Credentials Oct 1
(current_events.rules)
 2023045 - ET CURRENT_EVENTS Excel Online Phishing Landing Aug 9
(current_events.rules)
 2023047 - ET CURRENT_EVENTS Adobe Shared Document Phishing Landing Nov 19
2015 (current_events.rules)
 2024379 - ET POLICY Outdated Flash Version M2 (policy.rules)
 2024420 - ET TROJAN MalDoc Retrieving Malicious Payload (Possibly Ursnif)
(trojan.rules)
 2821870 - ETPRO CURRENT_EVENTS Successful Adobe Shared Document Phish Aug
26 2016 (current_events.rules)
 2821964 - ETPRO CURRENT_EVENTS Successful Generic Epass Phish Aug 31 2016
(current_events.rules)
 2823362 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish M1 Nov 18
2016 (current_events.rules)
 2823572 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish Dec 02
2016 (current_events.rules)
 2824356 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish Jan 11
2017 (current_events.rules)
 2824384 - ETPRO CURRENT_EVENTS Successful Personalized Generic Webmail
Phish M1 Jan 11 2017 (current_events.rules)
 2824469 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Validation Phish
Jan 17 2017 (current_events.rules)
 2824521 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Upgrade Phish
Jan 19 2017 (current_events.rules)
 2824532 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish Jan 19
2017 (current_events.rules)
 2824662 - ETPRO CURRENT_EVENTS Successful Generic Webmail Phish Jan 26
2017 (current_events.rules)
 2824726 - ETPRO CURRENT_EVENTS Successful Generic Mailbox Update Phish Jan
31 2017 (current_events.rules)
 2825010 - ETPRO CURRENT_EVENTS Successful Generic Personalized Email Phish
Feb 16 2017 (current_events.rules)
 2826518 - ETPRO TROJAN DNS Query matching Cerber Domain Format
(trojan.rules)


[---]  Disabled and modified rules:  [---]

 2023046 - ET CURRENT_EVENTS Successful Generic Excel Online Phish Aug 9
(current_events.rules)
 2023048 - ET CURRENT_EVENTS Successful Generic Adobe Shared Document Phish
Aug 11 2016 (current_events.rules)
 2813017 - ETPRO CURRENT_EVENTS Successful Generic Unlock PDF Phish Sept 14
(current_events.rules)
 2821036 - ETPRO CURRENT_EVENTS Successful Generic Email Account Phish Jul
11 M1 (current_events.rules)
 2821238 - ETPRO CURRENT_EVENTS Successful Generic Webmail Login Phish Jul
20 (current_events.rules)
 2822848 - ETPRO CURRENT_EVENTS Successful Generic Phish (Observed in
Apple/Paypal/Amazon Campaigns) M1 Oct 25 2016 (current_events.rules)


[---]         Disabled rules:        [---]

 2004552 - ET WEB_SPECIFIC_APPS phpPgAdmin XSS Attempt -- sqledit.php
server (web_specific_apps.rules)
 2004554 - ET WEB_SPECIFIC_APPS HLstats XSS Attempt -- hlstats.php
authusername (web_specific_apps.rules)
 2004555 - ET WEB_SPECIFIC_APPS HLstats XSS Attempt -- hlstats.php
authpassword (web_specific_apps.rules)
 2004556 - ET WEB_SERVER Cisco CallManager XSS Attempt serverlist.asp
pattern (web_server.rules)
 2004557 - ET WEB_SPECIFIC_APPS @Mail XSS Attempt -- ReadMsg.php
(web_specific_apps.rules)
 2004558 - ET WEB_SPECIFIC_APPS Track+ XSS Attempt -- reportItem.do projId
(web_specific_apps.rules)
 2004559 - ET WEB_SPECIFIC_APPS CactuSoft Parodia XSS Attempt --
cand_login.asp strJobIDs (web_specific_apps.rules)
 2004560 - ET WEB_SPECIFIC_APPS HLstats XSS Attempt -- hlstats.php
(web_specific_apps.rules)
 2004561 - ET WEB_SPECIFIC_APPS HLstats XSS Attempt -- hlstats.php action
(web_specific_apps.rules)
 2004562 - ET WEB_SPECIFIC_APPS Gnatsweb and Gnats XSS Attempt --
gnatsweb.pl database (web_specific_apps.rules)
 2004563 - ET WEB_SPECIFIC_APPS GaliX XSS Attempt -- index.php
galix_cat_detail (web_specific_apps.rules)
 2004564 - ET WEB_SPECIFIC_APPS GaliX XSS Attempt -- index.php
galix_gal_detail (web_specific_apps.rules)
 2004565 - ET WEB_SPECIFIC_APPS GaliX XSS Attempt -- index.php
galix_cat_detail_sort (web_specific_apps.rules)
 2004566 - ET WEB_SPECIFIC_APPS ClientExec (CE) XSS Attempt -- index.php
ticketID (web_specific_apps.rules)
 2004567 - ET WEB_SPECIFIC_APPS ClientExec (CE) XSS Attempt -- index.php
view (web_specific_apps.rules)
 2004568 - ET WEB_SPECIFIC_APPS ClientExec (CE) XSS Attempt -- index.php
fuse (web_specific_apps.rules)
 2004569 - ET WEB_SPECIFIC_APPS CandyPress Store XSS Attempt --
prodList.asp brand (web_specific_apps.rules)
 2004570 - ET WEB_SPECIFIC_APPS CandyPress Store XSS Attempt --
prodList.asp Msg (web_specific_apps.rules)
 2004571 - ET WEB_SPECIFIC_APPS RM EasyMail Plus XSS Attempt -- Login d
(web_specific_apps.rules)
 2004572 - ET WEB_SPECIFIC_APPS Jetbox CMS XSS Attempt -- index.php login
(web_specific_apps.rules)
 2004573 - ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart XSS Attempt --
shopcontent.asp type (web_specific_apps.rules)
 2004574 - ET WEB_SPECIFIC_APPS WikyBlog XSS Attempt sessionRegister.php
(web_specific_apps.rules)
 2004575 - ET WEB_SPECIFIC_APPS Tomcat XSS Attempt -- hello.jsp test
(web_specific_apps.rules)
 2004576 - ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt --
module_bbcodeloader.php (web_specific_apps.rules)
 2004577 - ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt --
module_div.php (web_specific_apps.rules)
 2004578 - ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt --
module_email.php (web_specific_apps.rules)
 2004579 - ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt --
module_image.php (web_specific_apps.rules)
 2004580 - ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt --
module_link.php (web_specific_apps.rules)
 2004581 - ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt --
module_table.php editorid (web_specific_apps.rules)
 2004582 - ET WEB_SPECIFIC_APPS Particle Gallery XSS Attempt -- search.php
order (web_specific_apps.rules)
 2004583 - ET WEB_SPECIFIC_APPS BoastMachine XSS Attempt -- index.php blog
(web_specific_apps.rules)
 2004584 - ET WEB_SPECIFIC_APPS DGNews XSS Attempt -- footer.php copyright
(web_specific_apps.rules)
 2004585 - ET WEB_SPECIFIC_APPS DGNews XSS Attempt -- news.php catid
(web_specific_apps.rules)
 2004586 - ET WEB_SPECIFIC_APPS GMTT Music Distro XSS Attempt --
showown.php st (web_specific_apps.rules)
 2004587 - ET WEB_SPECIFIC_APPS PsychoStats XSS Attempt -- awards.php
(web_specific_apps.rules)
 2004588 - ET WEB_SPECIFIC_APPS PsychoStats XSS Attempt -- login.php
(web_specific_apps.rules)
 2004589 - ET WEB_SPECIFIC_APPS PsychoStats XSS Attempt -- register.php
(web_specific_apps.rules)
 2004590 - ET WEB_SPECIFIC_APPS PsychoStats XSS Attempt -- weapons.php
(web_specific_apps.rules)
 2004591 - ET WEB_SPECIFIC_APPS ClonusWiki XSS Attempt -- index.php query
(web_specific_apps.rules)
 2004592 - ET WEB_SPECIFIC_APPS Jelsoft vBulletin XSS Attempt --
calendar.php (web_specific_apps.rules)
 2004593 - ET WEB_SPECIFIC_APPS Dokeos XSS Attempt -- editor.php img
(web_specific_apps.rules)
 2004594 - ET WEB_SPECIFIC_APPS ASP-Nuke XSS Attempt -- news.asp id
(web_specific_apps.rules)
 2004595 - ET WEB_SPECIFIC_APPS Digirez XSS Attempt -- info_book.asp
Room_name (web_specific_apps.rules)
 2004596 - ET WEB_SPECIFIC_APPS Digirez XSS Attempt -- week.asp curYear
(web_specific_apps.rules)
 2800507 - ETPRO ACTIVEX EMC Captiva QuickScan Pro KeyHelp ActiveX Control
Buffer Overflow (activex.rules)
 2800508 - ETPRO ACTIVEX HP LoadRunner XUpload.ocx ActiveX Control
Arbitrary File Download (activex.rules)
 2800509 - ETPRO ACTIVEX HP LoadRunner XUpload.ocx ActiveX Control
Arbitrary File Download (activex.rules)
 2800510 - ETPRO EXPLOIT Novell NetWare NFS Portmapper RPC Module Stack
Overflow (exploit.rules)
 2800511 - ETPRO EXPLOIT Novell NetWare NFS Portmapper RPC Module Stack
Overflow UDP (exploit.rules)
 2800512 - ETPRO ACTIVEX EMC Captiva PixTools Distributed Imaging ActiveX
Control File Creation (activex.rules)
 2800513 - ETPRO ACTIVEX EMC Captiva PixTools Distributed Imaging ActiveX
Control File Creation (activex.rules)
 2800514 - ETPRO WEB_CLIENT IBM Informix Client SDK NFX File Processing
Stack Buffer Overflow (web_client.rules)
 2800515 - ETPRO WEB_CLIENT IBM Informix Client SDK NFX File Processing
Stack Buffer Overflow (web_client.rules)
 2800516 - ETPRO WEB_CLIENT Adobe Acrobat and Adobe Reader Deflate
Parameter Integer Overflow 1 (web_client.rules)
 2800517 - ETPRO WEB_CLIENT Adobe Acrobat and Adobe Reader Deflate
Parameter Integer Overflow 2 (web_client.rules)
 2800518 - ETPRO NETBIOS Microsoft Windows SMBv2 Infinite Loop Denial of
Service (netbios.rules)
 2800519 - ETPRO NETBIOS Microsoft Windows SMBv2 Infinite Loop Denial of
Service (netbios.rules)
 2800523 - ETPRO WEB_CLIENT Xpdf Splash DrawImage Integer Overflow
(web_client.rules)
 2800524 - ETPRO WEB_CLIENT Xpdf Splash DrawImage Integer Overflow
(web_client.rules)
 2800525 - ETPRO DOS EMC RepliStor rep_srv and ctrlservice Denial of
Service 1 (dos.rules)
 2800526 - ETPRO DOS EMC RepliStor rep_srv and ctrlservice Denial of
Service 2 (dos.rules)
 2800527 - ETPRO ACTIVEX Symantec Multiple Products AeXNSConsoleUtilities
Buffer Overflow 1 (activex.rules)
 2800528 - ETPRO ACTIVEX Symantec Multiple Products AeXNSConsoleUtilities
Buffer Overflow 2 (activex.rules)
 2800529 - ETPRO EXPLOIT HP Operations Manager Server Unauthorized File
Upload (exploit.rules)
 2800530 - ETPRO ACTIVEX Symantec Multiple Products AeXNSConsoleUtilities
Buffer Overflow 1 (activex.rules)
 2800531 - ETPRO ACTIVEX Symantec Multiple Products AeXNSConsoleUtilities
Buffer Overflow 2 (activex.rules)
 2800532 - ETPRO EXPLOIT Novell eDirectory NDS Verb 0x01 Integer Overflow
(exploit.rules)
 2800533 - ETPRO EXPLOIT Novell eDirectory NDS Verb 0x01 Integer Overflow
UDP (exploit.rules)
 2800534 - ETPRO DOS Multiple Vendors NTP Mode 7 Denial of Service
(dos.rules)
 2800535 - ETPRO EXPLOIT HP OpenView Network Node Manager snmp.exe Oid
Variable Buffer Overflow (exploit.rules)
 2800537 - ETPRO WEB_SERVER Sun Java System Web Server WEBDAV Stack Buffer
Overflow PROPFIND (web_server.rules)
 2800539 - ETPRO WEB_SERVER Sun Java System Web Server WEBDAV Stack Buffer
Overflow PROPPATCH (web_server.rules)
 2800540 - ETPRO SQL Oracle TimesTen In-Memory Database HTTP Request Denial
of Service (sql.rules)
 2800541 - ETPRO WEB_SERVER Sun Java System Web Server Digest Authorization
Buffer Overflow (web_server.rules)
 2800550 - ETPRO EXPLOIT IBM Cognos Server Backdoor Account Remote Code
Execution (exploit.rules)
 2800552 - ETPRO EXPLOIT Microsoft Windows 2000 Media Services Stack Buffer
Overflow 1 (exploit.rules)
 2800553 - ETPRO EXPLOIT Microsoft Windows 2000 Media Services Stack Buffer
Overflow 2 (exploit.rules)
 2800554 - ETPRO DOS Microsoft Windows SMTP Service MX Record Denial Of
Service (dos.rules)
 2800559 - ETPRO EXPLOIT RealVNC VNC Server ClientCutText Message Memory
Corruption (exploit.rules)
 2800563 - ETPRO EXPLOIT HP OpenView Network Node Manager
ovet_demandpoll.exe Format String Code Execution (exploit.rules)
 2800564 - ETPRO EXPLOIT HP OpenView Network Node Manager netmon.exe Stack
Buffer Overflow (exploit.rules)
 2800568 - ETPRO WEB_SERVER HP Performance Manager Apache Tomcat Policy
Bypass (web_server.rules)
 2800573 - ETPRO WEB_SERVER Microsoft IIS Directory Authentication Security
Bypass (web_server.rules)
 2800574 - ETPRO ACTIVEX Microsoft Access ActiveX Control Code Execution1
 (activex.rules)
 2800575 - ETPRO ACTIVEX Microsoft Access ActiveX Control Code Execution 2
(activex.rules)
 2800578 - ETPRO SMTP Ipswitch IMail Server List Mailer Reply-To Address
Buffer Overflow (smtp.rules)
 2800579 - ETPRO SMTP Ipswitch IMail Server Mailing List Message Subject
Buffer Overflow (smtp.rules)
 2800580 - ETPRO IMAP Novell GroupWise Internet Agent IMAP Service Stack
Buffer Overflow (imap.rules)
 2800581 - ETPRO EXPLOIT HP OpenView Network Node Manager webappmon.exe
execvp_nc Buffer Overflow (exploit.rules)
 2800582 - ETPRO WEB_SERVER Novell Teaming ajaxUploadImageFile Remote Code
Execution (web_server.rules)
 2800583 - ETPRO ACTIVEX Yahoo Messenger ActiveX Control Command Execution
(activex.rules)
 2800585 - ETPRO EXPLOIT Symantec Alert Management System HNDLRSVC
Arbitrary Command Execution (exploit.rules)
 2800587 - ETPRO SQL Oracle WebLogic Server Node Manager Command Execution
(sql.rules)
 2800589 - ETPRO EXPLOIT IBM Informix Dynamic Server librpc.dll Multiple
Buffer Overflow 1 (exploit.rules)
 2800590 - ETPRO EXPLOIT IBM Informix Dynamic Server librpc.dll Multiple
Buffer Overflow 2 (exploit.rules)
 2800591 - ETPRO EXPLOIT IBM Informix Dynamic Server librpc.dll Multiple
Buffer Overflow 3 (exploit.rules)
 2800592 - ETPRO EXPLOIT Multiple Vendors librpc.dll Stack Buffer Overflow
(exploit.rules)
 2800593 - ETPRO EXPLOIT Multiple Vendors librpc.dll Stack Buffer Overflow
(exploit.rules)
 2800594 - ETPRO FTP Novell Netware FTP Server Remote Stack Buffer Overflow
1 (ftp.rules)
 2800595 - ETPRO FTP Novell Netware FTP Server Remote Stack Buffer Overflow
2 (ftp.rules)
 2800597 - ETPRO WEB_CLIENT Apple QuickTime FlashPix Movie File Integer
Overflow (web_client.rules)
 2800599 - ETPRO TROJAN Win32.Conficker.C Activity (FTP download)
(trojan.rules)
 2800655 - ETPRO DOS Microsoft Windows Active Directory LDAP SearchRequest
Denial of Service Attempt 1 (dos.rules)
 2800656 - ETPRO DOS Microsoft Windows Active Directory LDAP SearchRequest
Denial of Service Attempt 2 (dos.rules)
 2800657 - ETPRO DOS Microsoft Windows Active Directory LDAP SearchRequest
Denial of Service Attempt 3 (dos.rules)
 2800658 - ETPRO DOS Oracle Internet Directory Pre-Authentication LDAP
Denial of Service Attempt (dos.rules)
 2800663 - ETPRO WEB_CLIENT IBM Lotus Expeditor cai URI Handler Command
Execution (web_client.rules)
 2800664 - ETPRO WEB_CLIENT VideoLAN VLC Media Player WAV Processing
Integer Overflow (web_client.rules)
 2800665 - ETPRO EXPLOIT CA BrightStor ARCserve Backup caloggerd Opcode 79
Stack Buffer Overflow (exploit.rules)
 2800666 - ETPRO EXPLOIT Borland Software InterBase ibserver.exe Service
Attach Request Buffer Overflow (exploit.rules)
 2800669 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take
Service Code Execution 1 (exploit.rules)
 2800670 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take
Service Code Execution 2 (exploit.rules)
 2800671 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take
Service Code Execution 3 (exploit.rules)
 2800672 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take
Service Code Execution 4 (exploit.rules)
 2800673 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take
Service Code Execution 5 (exploit.rules)
 2800674 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take
Service Code Execution 6 (exploit.rules)
 2800675 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take
Service Code Execution 7 (exploit.rules)
 2800676 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take
Service Code Execution 8 (exploit.rules)
 2800677 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take
Service Code Execution 9 (exploit.rules)
 2800678 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take
Service Code Execution 10 (exploit.rules)
 2800679 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take
Service Code Execution 11 (exploit.rules)
 2800680 - ETPRO EXPLOIT HP StorageWorks Storage Mirroring Double Take
Service Code Execution 12 (exploit.rules)
 2800686 - ETPRO EXPLOIT Sun Directory Server LDAP Denial of Service or
Known Exploit Trigger (exploit.rules)
 2800692 - ETPRO EXPLOIT Trend Micro ServerProtect RPC
ENG_SetRealTimeScanConfigInfo Buffer Overflow (exploit.rules)
 2800693 - ETPRO EXPLOIT Trend Micro ServerProtect RPC
ENG_SetRealTimeScanConfigInfo Buffer Overflow (exploit.rules)
 2800695 - ETPRO EXPLOIT Microsoft Excel Embedded Shockwave Flash Object
Code Execution within xls (exploit.rules)
 2800697 - ETPRO EXPLOIT Microsoft Word mso.dll LsCreateLine Memory
Corruption (Published Exploit) (exploit.rules)
 2800700 - ETPRO EXPLOIT avast! Antivirus ACE File Handling Buffer Overflow
(exploit.rules)
 2800702 - ETPRO EXPLOIT Nullsoft Winamp Midi File Header Handling Buffer
Overflow (Published Exploit) (exploit.rules)
 2800705 - ETPRO EXPLOIT Microsoft Outlook iCal Meeting Request Malformed
VEVENT Record Dereference Memory Corruption (exploit.rules)
 2800707 - ETPRO EXPLOIT Oracle Database Server Login Access Control Bypass
(exploit.rules)
 2800709 - ETPRO WEB_CLIENT Apple QuickTime RTSP URL Buffer Overflow
(web_client.rules)
 2800711 - ETPRO WEB_CLIENT Apple QuickTime RTSP URL Buffer Overflow
(web_client.rules)
 2800716 - ETPRO EXPLOIT IBM Tivoli Directory Server LDAP Buffer Overflow
(exploit.rules)
 2800717 - ETPRO EXPLOIT HP Mercury Multiple Products Agent Command
Processing Buffer Overflow (exploit.rules)
 2800718 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Media Server SUN RPC
Denial of Service (exploit.rules)
 2800719 - ETPRO EXPLOIT Apache HTTP Server mod_rewrite Module LDAP Scheme
Handling Buffer Overflow (exploit.rules)
 2800730 - ETPRO EXPLOIT Trend Micro ServerProtect Crafted RPC Call
CMON_NetTestConnection Buffer Overflow (exploit.rules)
 2800731 - ETPRO EXPLOIT Trend Micro ServerProtect Crafted RPC Call
CMON_NetTestConnection Buffer Overflow (exploit.rules)
 2800739 - ETPRO WEB_CLIENT Microsoft Internet Explorer 7 Navigation
Canceled Page Cross-Site Scripting (web_client.rules)
 2800740 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Media Server SUN-RPC
Procedure 191 Code Execution (Published Exploit) (exploit.rules)
 2800741 - ETPRO EXPLOIT CA BrightStor ARCserve Backup Media Server SUN-RPC
Procedure 191 Code Execution (Published Exploit) (exploit.rules)
 2800742 - ETPRO EXPLOIT Symantec pcAnywhere Buffer Overflow (exploit.rules)
 2800743 - ETPRO ACTIVEX Microsoft Internet Explorer daxctle.ocx KeyFrame
Method Memory Corruption (activex.rules)
 2800745 - ETPRO ACTIVEX Citrix Presentation Server Client ActiveX Control
Buffer Overflow (activex.rules)
 2800746 - ETPRO ACTIVEX Citrix Presentation Server Client ActiveX Control
(via Citrix.ICAClient) Buffer Overflow (activex.rules)
 2800789 - ETPRO WEB_CLIENT VideoLAN VLC Media Player RealText File Buffer
Overflow 2 (web_client.rules)
 2800791 - ETPRO EXPLOIT Atrium Mercur IMAP Remote Buffer Overflow
(exploit.rules)
 2800792 - ETPRO EXPLOIT MailEnable IMAP STATUS Command Buffer Overflow
(exploit.rules)


-- 
PGP: 0xBED7B297
<https://pgp.mit.edu/pks/lookup?op=get&search=0x6B68453CBED7B297>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.emergingthreats.net/pipermail/emerging-updates/attachments/20170712/e19c75e2/attachment-0001.html>


More information about the Emerging-updates mailing list