EOL Announcement (January 3, 2017): End-of-Life Notification for Juniper Networks IDP/AppID Signature Releases on EOL products. Please see TSB17019 for more information.
32 new signatures:
MEDIUM | HTTP:STC:IE:NATIVE-FUN-DOS | HTTP: Microsoft Internet Explorer Native Function Iterator Denial Of Service |
HIGH | HTTP:STC:DL:MS-EXCEL-STYLE-BOF | HTTP: Microsoft Excel for Asian Languages Style Handling Buffer Overflow |
HIGH | HTTP:XSS:NOVELL-SERVICE-DESK | HTTP: Micro Focus Novell Service Desk Cross Site Scripting |
MEDIUM | SMB:OF:MS-SMB2-RES-DOS2 | SMB: Microsoft Windows SMB2 Response Denial of Service 2 |
HIGH | HTTP:SEARCHBLOX-AB | HTTP: SearchBlox CVE-2015-7919 Arbitrary File Overwrite |
MEDIUM | DNS:ISC-BIND-RRSIG-DOS-1 | DNS: ISC BIND CNAME RRSIG Query With RPZ Denial of Service - 1 |
MEDIUM | HTTP:ADOBE-DIGITAL-INFO-DISC | HTTP: Adobe Digital Editions Epub XXE Information Disclosure |
MEDIUM | APP:IBM:CVE-2015-8523-DOS | APP: IBM Tivoli Storage Manager FastBack Server CVE-2015-8523 Denial Of Service |
MEDIUM | HTTP:BELKIN-PATH-TRAVERSAL | HTTP: Belkin Path Traversal |
HIGH | NTP:CVE-2015-7704-DOS | NTP: Network Time Protocol Denial-Of-Service |
HIGH | HTTP:STC:ADOBE:CVE-2017-2995-CE | HTTP: Adobe Flash CVE-2017-2995 Remote Code Execution |
HIGH | HTTP:STC:ADOBE:CVE-2017-2996-CE | HTTP: Adobe Flash CVE-2017-2996 Remote Code Execution |
HIGH | HTTP:STC:ADOBE:CVE-2017-2986-CE | HTTP: Adobe Flash CVE-2017-2986 Remote Code Execution |
HIGH | HTTP:STC:ADOBE:CVE-2017-2984-CE | HTTP: Adobe Flash CVE-2017-2984 Remote Code Execution |
HIGH | HTTP:STC:ADOBE:CVE-2017-2985-CE | HTTP: Adobe Flash CVE-2017-2985 Remote Code Execution |
HIGH | HTTP:STC:ADOBE:CVE-2017-2982-CE | HTTP: Adobe Flash CVE-2017-2982 Remote Code Execution |
HIGH | HTTP:STC:ADOBE:CVE-2017-2990-CE | HTTP: Adobe Flash CVE-2017-2990 Remote Code Execution |
HIGH | HTTP:STC:ADOBE:CVE-2017-2993-CE | HTTP: Adobe Flash CVE-2017-2993 Remote Code Execution |
HIGH | HTTP:STC:ADOBE:CVE-2017-2992-CE | HTTP: Adobe Flash CVE-2017-2992 Remote Code Execution |
HIGH | HTTP:STC:ADOBE:CVE-2017-2991-CE | HTTP: Adobe Flash CVE-2017-2991 Remote Code Execution |
HIGH | HTTP:STC:ADOBE:CVE-2017-2988-CE | HTTP: Adobe Flash CVE-2017-2988 Remote Code Execution |
HIGH | SCADA:XARROW-MUL-DOS | SCADA: xArrow Multiple Denial Of Services |
HIGH | SSL:OPENSSL-CVE-2017-3730-DOS | SSL: OpenSSL DHE and ECDHE Parameters NULL Pointer Dereference |
MEDIUM | HTTP:BARRACUDA:SSL-VPN-REDIR | HTTP: Barracuda SSL VPN Open Redirection |
HIGH | SSL:OPENSSL-CVE-2017-3731-DOS | SSL: OpenSSL ChaCha20-Poly1305 and RC4-MD5 Integer Underflow |
HIGH | HTTP:PHP:WORDPRESS-REST-PE | HTTP: WordPress REST API Posts Controller Privilege Escalation |
HIGH | SSL:TRENDMICRO-CRLMGR-HELLO | SSL: Trend Micro Control Manager download.php Information Disclosure |
HIGH | APP:TARANTOOL-OOB | APP: Tarantool xrow_header_decode Out of Bounds Read |
HIGH | HTTP:PHP:CVE-2016-10159-IOV | HTTP: PHP phar_parse_pharfile Function filename_len Property Integer Overflow |
HIGH | HTTP:FATEK-PLC-STACK-BO | HTTP: Fatek Automation PLC WinProladder Stack Buffer Overflow |
HIGH | SSL:SSL-DIRECTORY-TRAVERSE | SSL: Trend Micro Control Manager importFile.php Directory Traversal |
HIGH | VOIP:SIP:RANDOM-FROM-HEADER | VOIP: SIP Random From Header |
24 updated signatures:
MEDIUM | VOIP:SIP:ASTERISK-CHANNEL-DOS | VOIP: Digium Asterisk SIP Channel Driver Denial Of Service |
MEDIUM | HTTP:STC:ACTIVEX:MS-DOS | HTTP: Microsoft Windows GraphicsControl Unsafe ActiveX Access Denial of Service |
HIGH | SMTP:EXPLOIT:POSTFIX-AUTH-REUSE | SMTP: Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption |
MEDIUM | HTTP:WIPER-SHAMOON-FILE-DWNLD1 | HTTP: Suspicious WIPER/SHAMOON Infected File Download1 |
HIGH | APP:TMIC:CONTROL-MANAGER-CMD | APP: Trend Micro Control Manager 'CmdProcessor.exe' Remote Code Execution |
HIGH | DNS:EXPLOIT:BIND-OPENPGPKEY-DOS | DNS: ISC BIND openpgpkey Denial of Service |
HIGH | HTTP:STC:ACTIVEX:CVE-2015-0016 | HTTP: Microsoft Windows CVE-2015-0016 Unsafe ActiveX Control |
HIGH | HTTP:PHP:OPENEMR-GLOBALS-AB | HTTP: OpenEMR globals.php Authentication Bypass |
MEDIUM | HTTP:MISC:NG-ARB-FLUPLOAD | HTTP: Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload |
HIGH | APP:IBM:FXCLI-EXECBO | APP: IBM Tivoli Storage Manager FastBack Server FXCLI_OraBR_Exec_Command Buffer Overflow |
HIGH | HTTP:STC:DL:ISPVM-SYS-XCF-BOF | HTTP: ispVM System xcf File Buffer Overflow |
HIGH | HTTP:STC:IE:IESTYLE-OBJ | HTTP: Microsoft Internet Explorer Style Object Remote Code Execution |
HIGH | HTTP:STC:ADOBE:PM-FONT-OF | HTTP: Adobe PageMaker Font-Name Overflow |
HIGH | RADIUS:MS-NPS-DOS | RADIUS: Microsoft Network Policy Server RADIUS Denial of Service |
HIGH | HTTP:STC:ADOBE:PDF-SPELL-MC | HTTP: Adobe Reader JavaScript spell.customDictionaryOpen Method Memory Corruption |
HIGH | HTTP:STC:ADOBE:CVE-2017-2946-CE | HTTP: Adobe Pdf CVE-2017-2946 Remote Code Execution |
MEDIUM | HTTP:STC:MOZILLA:FF2-PM-INF-DIS | HTTP: Mozilla Firefox 2 Password Manager Information Disclosure |
HIGH | HTTP:STC:IE:CVE-2016-7288-UAF | HTTP: Microsoft Edge CVE-2016-7288 Use After Free |
HIGH | HTTP:STC:ADOBE:CVE-2017-2959-CE | HTTP: Adobe Acrobat Reader CVE-2017-2959 Remote Code Execution |
HIGH | HTTP:STC:DL:ORBIT-DOWNLOADER-OF | HTTP: Orbit Downloader Download Failed Buffer Overflow |
HIGH | HTTP:STC:ACTIVEX:SETHTMLFILE | HTTP: Schneider Electric Unsafe ActiveX Control |
HIGH | HTTP:STC:IE:UNISCRIBE-FNPS-MC | HTTP: Microsoft Uniscribe Font Parsing Engine Memory Corruption |
HIGH | HTTP:HPEV-RCI | HTTP: Hewlett Packard Enterprise Vertica validateAdminConfig Remote Command Injection |
HIGH | SMTP:EXT:DOUBLE-EXTENSION-MIME | SMTP: Double MIME Filename Extension |
2 renamed signatures:
SHELLCODE:X86:REVERS-CONECT-80C | -> | SHELLCODE:X86:REVERS-CONECT-80 |
SHELLCODE:X86:BASE64-NOOP-80C | -> | SHELLCODE:X86:BASE64-NOOP-80 |
This signature detects attempts to exploit a known vulnerability in Adobe PageMaker 7. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, mx-11.4, isg-3.4.140032, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.5.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, idp-4.0.110090831, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Digium Asterisk's SIP channel driver. A successful attack can result in a denial-of-service condition.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Mozilla Firefox 2. A successful attack can lead to unauthorized information disclosure.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to use unsafe ActiveX controls in Microsoft Windows. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to crash the client browser.
isg-3.5.141652, idp-5.1.110161014, DI-Client, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603
A memory corruption vulnerability exists in Postfix SMTP server when the Cyrus SASL library is used with authentication mechanisms other than PLAIN, LOGIN and ANONYMOUS. This vulnerability is due to the Postfix server's reuse of a SASL server handle after an authentication failure. This could result in code execution in the context of the process, which is usually run in the context of the user "postfix".
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to use unsafe ActiveX controls in the Schneider Electric. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client application.
isg-3.5.141652, idp-5.1.110161014, DI-Client, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, j-series-9.5, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to download a file that is infected by Wiper or Shamoon malware. These malware are known to erase the local disk contents of the targeted victim system.
srx-branch-12.1, isg-3.5.141652, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, srx-12.1, j-series-9.5, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.
srx-branch-12.1, isg-3.5.141652, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, srx-12.1, j-series-9.5, isg-3.5.141597, idp-5.1.110160603
This signature detects payloads being transferred over network that have been using base64 x86 NOOP. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
srx-branch-12.1, isg-3.5.141652, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1
This signature detects attempts to exploit a known vulnerability against Trend Micro Control Manager. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can result in a denial-of-service condition.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against ISC BIND. Attackers can send crafted malicious data to cause denial of service condition to the target service.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects an attempt to exploit a known vulnerability against Netgear ProSAFE. Successful exploitation could allow an attacker to upload arbitrary files which could lead to further attacks.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit and known vulnerability in the Microsoft Windows. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
isg-3.5.141652, idp-5.1.110161014, DI-Client, idp-4.1.110110719, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability in the OpenEMR globals.php script. Successful exploitation will bypass authentication and allow the attacker to gain unauthorized access to the system.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability in Microsoft Excel. The flaw is caused by insufficient checks when handling the Style record of the document, resulting in a stack buffer overflow. An attacker can leverage this vulnerability by enticing a user to open a crafted Excel Spreadsheet document, thereby injecting and executing arbitrary code. The vendor has released an updated security bulletin addressing this issue in the 2006 October patch release cycle. In an attack case where code injection is not successful, all instances of the vulnerable Microsoft Excel application will terminate. This can potentially lead to loss of data in cases where spreadsheet documents are open. In a more sophisticated attack scenario where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. The affected application would also most likely stop functioning as a result of such an attack.
srx-branch-12.1, isg-3.5.141652, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, srx-12.1, j-series-9.5, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Micro Focus Novell Service Desk. Successful exploitation can result in cross-site scripting.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Microsoft Windows SMB2. A successful attack can result in a denial-of-service condition.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, mx-11.4, mx-16.1, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, j-series-9.5, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient boundary checking while processing remote requests within the FXCLI_OraBR_Exec_Command function. A successful attack can lead to arbitrary code execution or could lead to denial-of-service condition.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against ispVM System. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks can cause denial-of-service conditions.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, mx-11.4, isg-3.4.140032, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.5.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, idp-4.0.110090831, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against SearchBlox. Successful exploits may allow an attacker to overwrite arbitrary files and crash the application.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against ISC BIND. A successful attack can result in a denial-of-service condition.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to obtain sensitive information from Adobe Digital Editions. An attacker could gather critical information for further attacks.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
The server in IBM Tivoli Storage Manager FastBack allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Belkin N150 F9K1009 v1 router. A successful attack can lead to unauthorized information disclosure.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature is written to cover a known vulnerability in Network Time Protocol. An attacker can leverage this issue to cause a denial-of-service condition.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, srx-branch-12.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, srx-branch-12.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, srx-branch-12.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, srx-12.1, j-series-9.5, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, srx-branch-12.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, srx-12.1, j-series-9.5, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, srx-branch-12.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, srx-branch-12.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, srx-branch-12.1, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1
This signature detects attempts to exploit a known vulnerability against Microsoft RADIUS Network Policy Server. A successful attack can result in a denial-of-service condition.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat and Reader. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, mx-11.4, isg-3.4.140032, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.5.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, idp-4.0.110090831, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
xArrow Version 3.2 software application are vulnerable to multiple Memory corruption issues.This signature detects attempt to exploit xArrow Version 3.2 software application on SCADA.It fails to process certain packets.The successful attacks can lead to Denial Of Services.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
A NULL pointer dereference vulnerability exists in OpenSSL. Successful exploitation results in a denial of service condition on the affected service.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability in the Barracuda SSL VPN. A successful exploitation may aid in phishing attacks.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
An integer underflow vulnerability leading to an out of bounds read has been reported in OpenSSL. Successful exploitation results in denial of service conditions on the affected service.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability in WordPress. Successful exploitation of this vulnerability could lead to arbitrary modification of WordPress post content.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects an attempt to exploit an Use-After-Free Vulnerability in Microsoft Internet Explorer. Successful exploitation could allow an attacker to execute arbitrary code into the application's context.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
An information disclosure vulnerability exists in Trend Micro Control Manager. Successful exploitation could result in an arbitrary file read from the target server.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability in Orbit Downloader. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the process's user.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Tarantool. Successful exploitation results in denial of service conditions.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
An integer overflow vulnerability, which leads to a buffer over read, has been reported in PHP. Successful exploitation could lead to denial of service of the affected system.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
A stack-based buffer overflow exists in Fatek Automation PLC WinProladder. Successful exploitation could result in denial of service conditions or, in the worst case, arbitrary code execution in the context of the user running the application.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
A remote command injection vulnerability exists in the Management Console for Hewlett Packard Enterprise Vertica. Successful exploitation would allow the attacker to execute arbitrary OS commands in the underlying system as root privileges
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
A directory traversal vulnerability has been reported in Trend Micro Control Manager. Successful exploitation results in arbitrary code execution under the security context the Trend Micro Control Manager user.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects a suspicious SIP From header. This kind of behavior is mostly observed when someone is trying to scan and send malicious traffic against a network security device using various traffic generation tools.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against the Microsoft Uniscribe Font Parser. Attackers can corrupt memory on the victim's computer resulting in remote command execution.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, mx-11.4, isg-3.4.140032, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.5.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, idp-4.0.110090831, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, idp-4.0.110090709, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to arbitrary code execution.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603
This signature detects payloads being transferred over network that have been using x86 linux reserve connect. This may be an indication of someone trying to evade anti-virus/IPS solutions and possibly drop malicious code.
srx-branch-12.1, isg-3.5.141652, mx-11.4, idp-5.1.110161014, idp-4.1.0, mx-16.1, vsrx-12.1, vsrx-15.1, idp-5.1.110160603, j-series-9.5, isg-3.5.141597, srx-12.1
This signature detects the presence of a double filename extension in different parts of an e-mail message. Double extensions can be used to bypass some filtering systems by allowing harmful content to be considered legitimate. Successful exploitation could result in remote code execution. In order to provide protection from the base64 encoded version, change "sc_mime_parse_cnt_length" to at least 256 and preferably 512 bytes.
isg-3.5.141652, idp-5.1.110161014, idp-4.1.110110719, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, idp-5.0.0, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, isg-3.5.0, isg-3.4.139899, j-series-9.5, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, isg-3.4.140032, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, vsrx-15.1, idp-4.1.110110609, isg-3.5.141597, idp-5.1.110160603