Ruleset Update Summary - 2024/11/26 - v10751

Summary:

4 new OPEN, 4 new PRO (4 + 0)


Added rules:

Open:

  • 2055665 - ET MALWARE OSX/AppleJeus CitrineSleet Domain in DNS Lookup (malware.rules)
  • 2055666 - ET MALWARE OSX/AppleJeus CitrineSleet Domain in DNS Lookup (malware.rules)
  • 2055667 - ET MALWARE OSX/AppleJeus CitrineSleet Domain in TLS SNI (malware.rules)
  • 2055668 - ET MALWARE OSX/AppleJeus CitrineSleet Domain in TLS SNI (malware.rules)

Modified inactive rules:

  • 2001238 - ET WEB_SPECIFIC_APPS Possible Xedus Webserver Directory Traversal Attempt (web_specific_apps.rules)
  • 2002406 - ET EXPLOIT TAC Attack Directory Traversal (exploit.rules)
  • 2002668 - ET WEB_SPECIFIC_APPS CutePHP CuteNews directory traversal vulnerability - show_news (web_specific_apps.rules)
  • 2002685 - ET WEB_SERVER Barracuda Spam Firewall img.pl Remote Directory Traversal Attempt (web_server.rules)
  • 2002800 - ET WEB_SPECIFIC_APPS PHP PHPNuke Remote File Inclusion Attempt (web_specific_apps.rules)
  • 2002815 - ET WEB_SPECIFIC_APPS Plume CMS prepend.php Remote File Inclusion attempt (web_specific_apps.rules)
  • 2002898 - ET WEB_SPECIFIC_APPS PHP Web Calendar Remote File Inclusion Attempt (web_specific_apps.rules)
  • 2002899 - ET WEB_SPECIFIC_APPS PHP VWar Remote File Inclusion get_header.php (web_specific_apps.rules)
  • 2002902 - ET WEB_SPECIFIC_APPS PHP VWar Remote File Inclusion functions_install.php (web_specific_apps.rules)
  • 2002916 - ET EXPLOIT RealVNC Authentication Bypass Attempt (exploit.rules)
  • 2002917 - ET EXPLOIT RealVNC Server Authentication Bypass Successful (exploit.rules)
  • 2002996 - ET WEB_SPECIFIC_APPS GeekLog Remote File Include Vulnerability (web_specific_apps.rules)
  • 2003072 - ET EXPLOIT Linksys WRT54g Authentication Bypass Attempt (exploit.rules)
  • 2003087 - ET WEB_SERVER Barracuda Spam Firewall preview_email.cgi Remote Directory Traversal Attempt (web_server.rules)
  • 2003152 - ET WEB_SPECIFIC_APPS CutePHP CuteNews directory traversal vulnerability - show_archives (web_specific_apps.rules)
  • 2003331 - ET WEB_SPECIFIC_APPS PHP Generic membreManager.php remote file include (web_specific_apps.rules)
  • 2003333 - ET WEB_SPECIFIC_APPS PHP Gnopaster Common.php remote file include (web_specific_apps.rules)
  • 2003371 - ET WEB_SPECIFIC_APPS PHP Portail Includes.php remote file include (web_specific_apps.rules)
  • 2003372 - ET WEB_SPECIFIC_APPS PHPEventMan remote file include (web_specific_apps.rules)
  • 2003517 - ET WEB_SPECIFIC_APPS iPhotoAlbum header.php remote file include (web_specific_apps.rules)
  • 2003520 - ET WEB_SPECIFIC_APPS webCalendar Remote File include (web_specific_apps.rules)
  • 2008651 - ET WEB_SPECIFIC_APPS JMweb MP3 src Multiple Local File Inclusion (web_specific_apps.rules)
  • 2008687 - ET WEB_SPECIFIC_APPS PassWiki site_id Parameter Local File Inclusion (web_specific_apps.rules)
  • 2008826 - ET WEB_SPECIFIC_APPS Way Of The Warrior crea.php plancia Remote File Inclusion (web_specific_apps.rules)
  • 2008871 - ET WEB_SPECIFIC_APPS phpFan init.php Remote File Inclusion (web_specific_apps.rules)
  • 2008879 - ET WEB_SPECIFIC_APPS Free Directory Script 1.1.1 API_HOME_DIR parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008899 - ET WEB_SPECIFIC_APPS Pie RSS module lib parameter remote file inclusion (web_specific_apps.rules)
  • 2008900 - ET WEB_SPECIFIC_APPS ModernBill export_batch.inc.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008901 - ET WEB_SPECIFIC_APPS ModernBill run_auto_suspend.cron.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008902 - ET WEB_SPECIFIC_APPS ModernBill send_email_cache.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008903 - ET WEB_SPECIFIC_APPS ModernBill 2checkout_return.inc.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008904 - ET WEB_SPECIFIC_APPS ModernBill nettools.popup.php DIR Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008922 - ET WEB_SPECIFIC_APPS Nitrotech common.php root Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008935 - ET WEB_SPECIFIC_APPS Werner Hilversum FAQ Manager header.php config_path parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008962 - ET WEB_SPECIFIC_APPS PHPmyGallery confdir parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008964 - ET WEB_SPECIFIC_APPS lcxBBportal Alpha portal_block.php phpbb_root_path parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008965 - ET WEB_SPECIFIC_APPS lcxBBportal Alpha acp_lcxbbportal.php phpbb_root_path parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008966 - ET WEB_SPECIFIC_APPS ccTiddly index.php cct_base parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008967 - ET WEB_SPECIFIC_APPS ccTiddly proxy.php cct_base parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008968 - ET WEB_SPECIFIC_APPS ccTiddly header.php cct_base parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008969 - ET WEB_SPECIFIC_APPS ccTiddly include.php cct_base parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008970 - ET WEB_SPECIFIC_APPS ccTiddly workspace.php cct_base parameter Remote File Inclusion (web_specific_apps.rules)
  • 2008996 - ET WEB_SPECIFIC_APPS Simple Text-File Login script slogin_path parameter remote file inclusion (web_specific_apps.rules)
  • 2009053 - ET WEB_SPECIFIC_APPS MODx CMS Thumbnail.php base_path Remote File Inclusion (web_specific_apps.rules)
  • 2009059 - ET WEB_SPECIFIC_APPS Recly Feederator add_tmsp.php mosConfig_absolute_path parameter remote file inclusion (web_specific_apps.rules)
  • 2009060 - ET WEB_SPECIFIC_APPS Recly Feederator edit_tmsp.php mosConfig_absolute_path parameter remote file inclusion (web_specific_apps.rules)
  • 2009061 - ET WEB_SPECIFIC_APPS Recly Feederator subscription.php GLOBALS mosConfig_absolute_path parameter remote file inclusion (web_specific_apps.rules)
  • 2009062 - ET WEB_SPECIFIC_APPS Recly Feederator tmsp.php mosConfig_absolute_path parameter remote file inclusion (web_specific_apps.rules)
  • 2009086 - ET WEB_SPECIFIC_APPS playSMS init.php apps_path themes parameter remote file inclusion (web_specific_apps.rules)
  • 2009088 - ET WEB_SPECIFIC_APPS playSMS function.php apps_path libs parameter remote file inclusion (web_specific_apps.rules)
  • 2009101 - ET WEB_SPECIFIC_APPS REALTOR define.php Remote File Inclusion (web_specific_apps.rules)
  • 2009123 - ET WEB_SPECIFIC_APPS SezHoo SezHooTabsAndActions.php IP Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009141 - ET WEB_SPECIFIC_APPS MiNBank utdb_access.php minsoft_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009142 - ET WEB_SPECIFIC_APPS MiNBank utgn_message.php minsoft_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009151 - ET WEB_SERVER PHP Generic Remote File Include Attempt (HTTP) (web_server.rules)
  • 2009163 - ET WEB_SPECIFIC_APPS GBook header.php abspath Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009164 - ET WEB_SPECIFIC_APPS openEngine filepool.php oe_classpath parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009165 - ET WEB_SPECIFIC_APPS Barcode Generator LSTable.php class_dir parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009166 - ET WEB_SPECIFIC_APPS Concord Consortium CoAST header.php sections_file parameter remote file inclusion (web_specific_apps.rules)
  • 2009167 - ET WEB_SPECIFIC_APPS AdaptCMS Lite rss_importer_functions.php sitepath Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009179 - ET WEB_SPECIFIC_APPS SnippetMaster vars.inc.php _SESSION Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009180 - ET WEB_SPECIFIC_APPS SnippetMaster pcltar.lib.php g_pcltar_lib_dir Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009188 - ET WEB_SPECIFIC_APPS gapicms toolbar.php dirDepth Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009190 - ET WEB_SPECIFIC_APPS YACS update_trailer.php context Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009196 - ET WEB_SPECIFIC_APPS Basebuilder main.inc.php mj_config Parameter Remote File inclusion (web_specific_apps.rules)
  • 2009225 - ET WEB_SPECIFIC_APPS ea-gBook index_inc.php inc_ordner parameter remote file inclusion (web_specific_apps.rules)
  • 2009307 - ET WEB_SPECIFIC_APPS WeBid cron.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009309 - ET WEB_SPECIFIC_APPS WeBid ST_browsers.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009311 - ET WEB_SPECIFIC_APPS WeBid ST_countries.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009313 - ET WEB_SPECIFIC_APPS WeBid ST_platforms.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009321 - ET WEB_SPECIFIC_APPS rgboard footer.php _path parameter remote file inclusion (web_specific_apps.rules)
  • 2009333 - ET WEB_SPECIFIC_APPS ODARS resource_categories_view.php CLASSES_ROOT parameter Remote file inclusion (web_specific_apps.rules)
  • 2009364 - ET WEB_SPECIFIC_APPS Beerwins PHPLinkAdmin linkadmin.php page Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009367 - ET WEB_SPECIFIC_APPS cmsWorks lib.module.php mod_root Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009370 - ET WEB_SPECIFIC_APPS Boonex Dolphin HTMLSax3.php Remote File Inclusion (web_specific_apps.rules)
  • 2009371 - ET WEB_SPECIFIC_APPS Boonex Dolphin safehtml.php Remote File Inclusion (web_specific_apps.rules)
  • 2009372 - ET WEB_SPECIFIC_APPS Boonex Dolphin content.inc.php Remote File Inclusion (web_specific_apps.rules)
  • 2009378 - ET WEB_SPECIFIC_APPS Acute Control Panel container.php theme_directory parameter remote file inclusion (web_specific_apps.rules)
  • 2009379 - ET WEB_SPECIFIC_APPS Acute Control Panel header.php theme_directory parameter remote file inclusion (web_specific_apps.rules)
  • 2009381 - ET WEB_SPECIFIC_APPS Interact embedforum.php Remote File Inclusion (web_specific_apps.rules)
  • 2009382 - ET WEB_SPECIFIC_APPS Agares Media ThemeSiteScript frontpage_right.php Remote File Inclusion (web_specific_apps.rules)
  • 2009386 - ET WEB_SPECIFIC_APPS Interact lib.inc.php Remote File Inclusion (web_specific_apps.rules)
  • 2009397 - ET WEB_SPECIFIC_APPS phpProfiles body_comm.inc.php content parameter remote file inclusion (web_specific_apps.rules)
  • 2009398 - ET WEB_SPECIFIC_APPS HoMaP plugin_admin.php _settings Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009415 - ET WEB_SPECIFIC_APPS PhpBlock basicfogfactory.class.php PATH_TO_CODE Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009416 - ET WEB_SPECIFIC_APPS txtSQL startup.php CFG Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009427 - ET WEB_SPECIFIC_APPS Grape Web Statistics functions.php location Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009435 - ET WEB_SPECIFIC_APPS e107 123 FlashChat Module 123flashchat.php e107path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009459 - ET WEB_SPECIFIC_APPS Orlando CMS classes init.php GLOBALS Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009460 - ET WEB_SPECIFIC_APPS Orlando CMS newscat.php GLOBALS Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009466 - ET WEB_SPECIFIC_APPS Recly Competitions Component add.php GLOBALS Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009467 - ET WEB_SPECIFIC_APPS Recly Competitions Component competitions.php GLOBALS Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009468 - ET WEB_SPECIFIC_APPS Recly Competitions Component settings.php mosConfig_absolute_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009501 - ET WEB_SPECIFIC_APPS nweb2fax viewrq.php var_filename Parameter Directory Traversal (web_specific_apps.rules)
  • 2009502 - ET WEB_SPECIFIC_APPS Quantum Game Library server_request.php CONFIG Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009504 - ET WEB_SPECIFIC_APPS Quantum Game Library smarty.inc.php CONFIG Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009506 - ET WEB_SPECIFIC_APPS Falcon Series One sitemap.xml.php dir Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009653 - ET WEB_SPECIFIC_APPS SMA-DB format.php _page_css Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009654 - ET WEB_SPECIFIC_APPS SMA-DB format.php _page_javascript Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009656 - ET WEB_SPECIFIC_APPS SMA-DB format.php _page_content Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009663 - ET WEB_SPECIFIC_APPS TotalCalendar config.php inc_dir Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009677 - ET WEB_SERVER Possible BASE Authentication Bypass Attempt (web_server.rules)
  • 2009717 - ET WEB_SPECIFIC_APPS 1024 CMS standard.php page_include Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009723 - ET WEB_SPECIFIC_APPS QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009733 - ET WEB_SPECIFIC_APPS Golabi index_logged.php cur_module Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009736 - ET WEB_SPECIFIC_APPS ProjectCMS select_image.php dir Parameter Directory Traversal (web_specific_apps.rules)
  • 2009754 - ET WEB_SPECIFIC_APPS Clickheat install.clickheat.php mosConfig_absolute_path Remote File Inclusion (web_specific_apps.rules)
  • 2009755 - ET WEB_SPECIFIC_APPS Clickheat _main.php mosConfig_absolute_path Parameter Remote File Inclusion - 1 (web_specific_apps.rules)
  • 2009756 - ET WEB_SPECIFIC_APPS Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion - 2 (web_specific_apps.rules)
  • 2009757 - ET WEB_SPECIFIC_APPS Clickheat Cache.php mosConfig_absolute_path Remote File Inclusion (web_specific_apps.rules)
  • 2009758 - ET WEB_SPECIFIC_APPS Clickheat Clickheat_Heatmap.php mosConfig_absolute_path Remote File Inclusion (web_specific_apps.rules)
  • 2009759 - ET WEB_SPECIFIC_APPS Clickheat GlobalVariables.php mosConfig_absolute_path Remote File Inclusion - 1 (web_specific_apps.rules)
  • 2009760 - ET WEB_SPECIFIC_APPS Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion -2 (web_specific_apps.rules)
  • 2009788 - ET WEB_SPECIFIC_APPS RSS-aggregator display.php path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009793 - ET WEB_SPECIFIC_APPS PHP Crawler footer.php footer_file Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009846 - ET WEB_SPECIFIC_APPS WB News global.php config Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009848 - ET WEB_SPECIFIC_APPS Dragoon header.inc.php root Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009871 - ET WEB_SPECIFIC_APPS PHPauction GPL converter.inc.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009872 - ET WEB_SPECIFIC_APPS PHPauction GPL messages.inc.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009873 - ET WEB_SPECIFIC_APPS PHPauction GPL settings.inc.php include_path Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009874 - ET WEB_SPECIFIC_APPS cpCommerce _functions.php GLOBALS Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009877 - ET WEB_SPECIFIC_APPS VirtueMart Google Base Component admin.googlebase.php Remote File Inclusion (web_specific_apps.rules)
  • 2009898 - ET WEB_SPECIFIC_APPS Pragyan CMS form.lib.php sourceFolder Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009903 - ET WEB_SPECIFIC_APPS AdaptBB latestposts.php forumspath Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009925 - ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script function_core.php web_root Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2009927 - ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script layout_lyrics.php web_root Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010027 - ET WEB_SPECIFIC_APPS DM Albums album.php SECURITY_FILE Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010092 - ET WEB_SPECIFIC_APPS Webradev Download Protect EmailTemplates.class.php Remote File Inclusion (web_specific_apps.rules)
  • 2010093 - ET WEB_SPECIFIC_APPS Webradev Download Protect PDPEmailReplaceConstants.class.php Remote File Inclusion (web_specific_apps.rules)
  • 2010094 - ET WEB_SPECIFIC_APPS Webradev Download Protect ResellersManager.class.php Remote File Inclusion (web_specific_apps.rules)
  • 2010095 - ET WEB_SPECIFIC_APPS PHPGenealogy CoupleDB.php DataDirectory Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010096 - ET WEB_SPECIFIC_APPS GROUP-E head_auth.php CFG Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010099 - ET WEB_SPECIFIC_APPS News Manager ch_readalso.php read_xml_include Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010126 - ET WEB_SPECIFIC_APPS Ultrize TimeSheet timesheet.php include_dir Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010191 - ET WEB_SPECIFIC_APPS justVisual contact.php fs_jVroot Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010192 - ET WEB_SPECIFIC_APPS justVisual pageTemplate.php fs_jVroot Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010193 - ET WEB_SPECIFIC_APPS justVisual utilities.php fs_jVroot Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010223 - ET WEB_SPECIFIC_APPS Possible Mambo Cache_Lite Class mosConfig_absolute_path Remote File Inclusion Attempt (web_specific_apps.rules)
  • 2010252 - ET WEB_SPECIFIC_APPS Datalife Engine api.class.php dle_config_api Parameter Remote File Inclusion (web_specific_apps.rules)
  • 2010359 - ET WEB_SPECIFIC_APPS FSphp FSphp.php FSPHP_LIB Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
  • 2010360 - ET WEB_SPECIFIC_APPS FSphp navigation.php FSPHP_LIB Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
  • 2010361 - ET WEB_SPECIFIC_APPS FSphp pathwirte.php FSPHP_LIB Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
  • 2010601 - ET WEB_SPECIFIC_APPS 35mm Slide Gallery imgdir Parameter Directory Traversal Attempt (web_specific_apps.rules)
  • 2010878 - ET EXPLOIT Possible Foxit PDF Reader Authentication Bypass Attempt (exploit.rules)
  • 2011160 - ET WEB_SERVER Apache Axis2 xsd Parameter Directory Traversal Attempt (web_server.rules)
  • 2011853 - ET WEB_SPECIFIC_APPS W-Agora search.php bn Parameter Local File Inclusion Attempt (web_specific_apps.rules)
  • 2011881 - ET WEB_SPECIFIC_APPS Open Web Analytics mw_plugin.php IP Parameter Remote File inclusion Attempt (web_specific_apps.rules)
  • 2012057 - ET EXPLOIT VMware 2 Web Server Directory Traversal (exploit.rules)
  • 2012058 - ET EXPLOIT HP LaserJet PLJ Interface Directory Traversal (exploit.rules)
  • 2012583 - ET WEB_SPECIFIC_APPS ardeaCore PHP Framework appMVCPath Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
  • 2012584 - ET WEB_SPECIFIC_APPS ardeaCore PHP Framework CURRENT_BLOG_PATH Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
  • 2012604 - ET WEB_SPECIFIC_APPS ardeaCore PHP Framework appMVCPath Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
  • 2012605 - ET WEB_SPECIFIC_APPS ardeaCore PHP Framework CURRENT_BLOG_PATH Parameter Remote File Inclusion Attempt (web_specific_apps.rules)
  • 2012997 - ET WEB_SERVER PHP Possible http Remote File Inclusion Attempt (web_server.rules)
  • 2014633 - ET WEB_SPECIFIC_APPS phpMyAdmin setup.php Remote File inclusion Attempt (CVE-2010-3055) (web_specific_apps.rules)
  • 2015712 - ET WEB_CLIENT Internet Explorer execCommand function Use after free Vulnerability (CVE-2012-4969) (web_client.rules)
  • 2016822 - ET WEB_CLIENT Possible Internet Explorer Use After Free Inbound (CVE-2013-1347) (web_client.rules)
  • 2017129 - ET WEB_CLIENT Potential Internet Explorer Use After Free (CVE-2013-3163) (web_client.rules)
  • 2017130 - ET WEB_CLIENT Potential Internet Explorer Use After Free CVE-2013-3163 2 (web_client.rules)
  • 2017131 - ET EXPLOIT Potential Internet Explorer Use After Free CVE-2013-3163 Exploit URI Struct 1 (exploit.rules)
  • 2018147 - ET WEB_CLIENT Possible IE10 Use After Free CVE-2014-0322 (web_client.rules)
  • 2034199 - ET EXPLOIT Oracle BI Publisher Authentication Bypass (CVE-2019-2616) (exploit.rules)
  • 2034857 - ET HUNTING RDP Authentication Bypass Attempt (hunting.rules)
  • 2050435 - ET WEB_SPECIFIC_APPS GoAnywhere MFT Authentication Bypass Attempt - GET Request M2 (CVE-2024-0204) (web_specific_apps.rules)
  • 2050437 - ET WEB_SPECIFIC_APPS GoAnywhere MFT Authentication Bypass Attempt - POST Request M2 (CVE-2024-0204) (web_specific_apps.rules)
  • 2056166 - ET EXPLOIT aiohttp Directory Traversal in Static Routing (CVE-2024-23334) (exploit.rules)
  • 2101199 - GPL WEB_SERVER Compaq Insight directory traversal (web_server.rules)
  • 2101945 - GPL WEB_SERVER unicode directory traversal attempt (web_server.rules)
  • 2102561 - GPL MISC rsync backup-dir directory traversal attempt (misc.rules)
  • 2103192 - GPL WEB_CLIENT Windows Media Player directory traversal via Content-Disposition attempt (web_client.rules)
  • 2800343 - ETPRO EXPLOIT Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass (exploit.rules)
  • 2800368 - ETPRO FTP Rhino Software Serv-U FTP Server rnto Command Directory Traversal 1 (ftp.rules)
  • 2800777 - ETPRO MISC MDaemon Content Filter Directory Traversal Vulnerability (misc.rules)
  • 2800787 - ETPRO EXPLOIT RealVNC Password Authentication Bypass Vulnerability (exploit.rules)
  • 2801445 - ETPRO EXPLOIT RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass (exploit.rules)
  • 2801679 - ETPRO EXPLOIT EnterpriseDB PostgreSQL Plus Advanced Server DBA Management Server Authentication Bypass (exploit.rules)
  • 2801968 - ETPRO WEB_CLIENT Apple Safari Right-to-Left Text Rendering Use After Free Vulnerability (Published Exploit) - SET (web_client.rules)
  • 2801969 - ETPRO WEB_CLIENT Apple Safari Right-to-Left Text Rendering Use After Free Vulnerability (Published Exploit) (web_client.rules)
  • 2802005 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Little Endian 1 (exploit.rules)
  • 2802006 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Little Endian 2 (exploit.rules)
  • 2802007 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Little Endian 3 (exploit.rules)
  • 2802008 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Big Endian 1 (exploit.rules)
  • 2802009 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Big Endian 2 (exploit.rules)
  • 2802010 - ETPRO EXPLOIT IBM solidDB solid.exe Authentication Bypass Big Endian 3 (exploit.rules)
  • 2802201 - ETPRO EXPLOIT HP Data Protector Backup Client Service GET_FILE Directory Traversal (UTF-16 Little-Endian) 3 (exploit.rules)
  • 2802202 - ETPRO EXPLOIT HP Data Protector Backup Client Service GET_FILE Directory Traversal (UTF-16 Big-Endian) 4 (exploit.rules)
  • 2802203 - ETPRO EXPLOIT HP Data Protector Backup Client Service GET_FILE Directory Traversal (UTF-16 Little-Endian) 5 (exploit.rules)
  • 2802204 - ETPRO EXPLOIT HP Data Protector Backup Client Service GET_FILE Directory Traversal (UTF-16 Big-Endian) 6 (exploit.rules)
  • 2802862 - ETPRO EXPLOIT HP Intelligent Management Center imcsyslogdm Use After Free (exploit.rules)
  • 2802891 - ETPRO EXPLOIT Novell ZENworks Asset Management File Upload Directory Traversal (exploit.rules)
  • 2802978 - ETPRO WEB_SPECIFIC_APPS Cisco Network Registrar Default Credentials Authentication Bypass (web_specific_apps.rules)
  • 2803035 - ETPRO WEB_CLIENT Microsoft Internet Explorer VML vgx.dll Use After Free 1 (web_client.rules)
  • 2803036 - ETPRO WEB_CLIENT Microsoft Internet Explorer VML vgx.dll Use After Free 2 (web_client.rules)
  • 2803037 - ETPRO WEB_CLIENT Microsoft Internet Explorer VML vgx.dll Use After Free 3 (web_client.rules)
  • 2803038 - ETPRO WEB_CLIENT Microsoft Internet Explorer VML vgx.dll Use After Free 4 (web_client.rules)
  • 2803047 - ETPRO WEB_SPECIFIC_APPS ManageEngine Service Desk Plus 8.0 Directory Traversal attempt (web_specific_apps.rules)
  • 2803064 - ETPRO WEB_SPECIFIC_APPS ManageEngine Service Desk Plus 8.0 Directory Traversal attempt 2 (web_specific_apps.rules)
  • 2803077 - ETPRO EXPLOIT Novell ZENworks Handheld Management Upload Directory Traversal (exploit.rules)
  • 2803185 - ETPRO TFTP READ Request Directory Traversal attempt (tftp.rules)
  • 2803186 - ETPRO TFTP WRITE Request Directory Traversal attempt (tftp.rules)
  • 2803461 - ETPRO ACTIVEX HP Easy Printer Care Software HPTicketMgr.dll ActiveX Control Directory Traversal 1 (CVE-2011-2404) (activex.rules)
  • 2803462 - ETPRO ACTIVEX HP Easy Printer Care Software HPTicketMgr.dll ActiveX Control Directory Traversal 2 (CVE-2011-2404) (activex.rules)
  • 2803724 - ETPRO WEB_SERVER OpenSSL ECDH Use After Free Flowbit Set TLS 1.0 (web_server.rules)
  • 2803725 - ETPRO WEB_SERVER OpenSSL ECDH Use After Free Attempt TLS 1.0 (web_server.rules)
  • 2803726 - ETPRO WEB_SERVER OpenSSL ECDH Use After Free Flowbit Unset TLS 1.0 (web_server.rules)
  • 2803727 - ETPRO WEB_SERVER OpenSSL ECDH Use After Free Flowbit Set SSL 3.0 (web_server.rules)
  • 2803728 - ETPRO WEB_SERVER OpenSSL ECDH Use After Free Attempt SSL 3.0 (web_server.rules)
  • 2803729 - ETPRO WEB_SERVER OpenSSL ECDH Use After Free Flowbit Unset SSL 3.0 (web_server.rules)
  • 2803975 - ETPRO EXPLOIT HP Data Protector Media Operations Directory Traversal (exploit.rules)
  • 2804003 - ETPRO EXPLOIT Cisco Unified Communications Manager Directory Traversal (exploit.rules)
  • 2805680 - ETPRO WEB_CLIENT Microsoft Internet Explorer CTreePos Use After Free (CVE-2012-1539) (web_client.rules)
  • 2805717 - ETPRO WEB_CLIENT Microsoft Internet Explorer CTreeNode Use After Free (web_client.rules)
  • 2806006 - ETPRO WEB_CLIENT Internet Explorer CMarkUP Use After Free (CVE-2013-0020) (web_client.rules)
  • 2806020 - ETPRO WEB_CLIENT Internet Explorer CMarkUP Use After Free (CVE-2013-0030) (web_client.rules)
  • 2806112 - ETPRO WEB_CLIENT Internet Explorer GetMarkUpPtr Use After free 1 (CVE-2013-0092) (web_client.rules)
  • 2806113 - ETPRO WEB_CLIENT CVE-2013-0092 GetMarkUpPtr Use After free 2 (web_client.rules)
  • 2806114 - ETPRO WEB_CLIENT Internet Explorer GetMarkUpPtr Use After free 3 (CVE-2013-0092 ) (web_client.rules)
  • 2806115 - ETPRO WEB_CLIENT Microsoft Internet Explorer onBeforeCopy Use After Free (web_client.rules)
  • 2806358 - ETPRO WEB_CLIENT Possible Microsoft Internet Explorer VML Use After Free 2 (CVE-2013-2551) (web_client.rules)
  • 2806359 - ETPRO WEB_CLIENT Possible Microsoft Internet Explorer VML Use After Free 1 (CVE-2013-2551) (web_client.rules)
  • 2806819 - ETPRO WEB_CLIENT Potential Internet Explorer Use After Free CVE-2013-3188 1 (web_client.rules)
  • 2806820 - ETPRO WEB_CLIENT Potential Internet Explorer Use After Free CVE-2013-3188 2 (web_client.rules)
  • 2807511 - ETPRO WEB_CLIENT PDF use after free (CVE-2014-0496) 1 (web_client.rules)
  • 2807512 - ETPRO WEB_CLIENT PDF use after free (CVE-2014-0496) 2 (web_client.rules)
  • 2807641 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0270) (web_client.rules)
  • 2807642 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0271) (web_client.rules)
  • 2807643 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0273) (web_client.rules)
  • 2807644 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0274) (web_client.rules)
  • 2807645 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0275) (web_client.rules)
  • 2807647 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0276) 1 (web_client.rules)
  • 2807648 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0276) 2 (web_client.rules)
  • 2807649 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0276) 3 (web_client.rules)
  • 2807650 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0277) 1 (web_client.rules)
  • 2807651 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0277) 2 (web_client.rules)
  • 2807652 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0279) (web_client.rules)
  • 2807653 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0281) (web_client.rules)
  • 2807654 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0283) (web_client.rules)
  • 2807655 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0284) (web_client.rules)
  • 2807656 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0285) (web_client.rules)
  • 2807657 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0286) (web_client.rules)
  • 2807658 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0287) (web_client.rules)
  • 2807659 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0288) (web_client.rules)
  • 2807660 - ETPRO WEB_CLIENT Possible Microsoft Internet Explorer Use After free (CVE-2014-0289) (web_client.rules)
  • 2807661 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free 1 (CVE-2014-0290) (web_client.rules)
  • 2807662 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free 2 (CVE-2014-0290) (web_client.rules)
  • 2807800 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0297) (web_client.rules)
  • 2807802 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0299) (web_client.rules)
  • 2807803 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0302) (web_client.rules)
  • 2807804 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0303) (web_client.rules)
  • 2807805 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0304) (web_client.rules)
  • 2807933 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1751) (web_client.rules)
  • 2807934 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1752) (web_client.rules)
  • 2807935 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1753) (web_client.rules)
  • 2807936 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1755) (web_client.rules)
  • 2808038 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0310) (web_client.rules)
  • 2808040 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1815) (web_client.rules)
  • 2808041 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1815) (web_client.rules)
  • 2808081 - ETPRO WEB_CLIENT Acrobat Reader Possible CVE-2014-0527 Use After Free (web_client.rules)
  • 2808082 - ETPRO WEB_CLIENT Acrobat Reader Possible CVE-2014-0527 Use After Free (web_client.rules)
  • 2808142 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-0282) (web_client.rules)
  • 2808143 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1762) (web_client.rules)
  • 2808144 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1766) (web_client.rules)
  • 2808145 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free 1 (CVE-2014-1785) (web_client.rules)
  • 2808146 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free 2 (CVE-2014-1785) (web_client.rules)
  • 2808147 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1789) (web_client.rules)
  • 2808148 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1791) (web_client.rules)
  • 2808149 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1795) (web_client.rules)
  • 2808150 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1797) (web_client.rules)
  • 2808151 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-1800) (web_client.rules)
  • 2808301 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-2801) (web_client.rules)
  • 2808302 - ETPRO WEB_CLIENT Microsoft Internet Explorer Use After free (CVE-2014-2804) (web_client.rules)
  • 2809299 - ETPRO WEB_CLIENT Internet Explorer Use After Free CVE-2014-6329 M1 (web_client.rules)
  • 2809300 - ETPRO WEB_CLIENT Internet Explorer Use After Free CVE-2014-6329 M2 (web_client.rules)
  • 2809301 - ETPRO WEB_CLIENT Internet Explorer Use After Free CVE-2014-6329 M3 (web_client.rules)
  • 2809302 - ETPRO WEB_CLIENT Possible Internet Explorerer Use After Free CVE-2014-6330 (web_client.rules)
  • 2809310 - ETPRO WEB_CLIENT Possible Internet Explorer Use After Free CVE-2014-6366 (web_client.rules)
  • 2809311 - ETPRO WEB_CLIENT Possible Internet Explorer Use After Free CVE-2014-6369 (web_client.rules)
  • 2809746 - ETPRO WEB_CLIENT Internet Explorer CTreePos Use After Free (CVE-2015-0068) 1 (web_client.rules)
  • 2811243 - ETPRO EXPLOIT DLink DNS/DNR 320 check_login Authentication Bypass HTTP Request (exploit.rules)
  • 2814830 - ETPRO WEB_CLIENT IE Use After Free CEditEventSink (CVE-2015-6071) (web_client.rules)
  • 2814978 - ETPRO EXPLOIT SSL Certificate With Directory Traversal (exploit.rules)
  • 2814979 - ETPRO EXPLOIT SSL Certificate With Directory Traversal (exploit.rules)
  • 2824320 - ETPRO WEB_CLIENT Possible Acrobat Reader JS Use After Free (CVE-2017-2958) (web_client.rules)

Removed rules:

  • 2055665 - ET EXPLOIT OSX/AppleJeus CitrineSleet Domain in DNS Lookup (exploit.rules)
  • 2055666 - ET EXPLOIT OSX/AppleJeus CitrineSleet Domain in DNS Lookup (exploit.rules)
  • 2055667 - ET EXPLOIT OSX/AppleJeus CitrineSleet Domain in TLS SNI (exploit.rules)
  • 2055668 - ET EXPLOIT OSX/AppleJeus CitrineSleet Domain in TLS SNI (exploit.rules)