Update #3223 (11/07/2019)
5 new signatures:
HIGH | HTTP:STC:ADOBE:CVE-2019-8187-CE | HTTP: Adobe Reader CVE-2019-8187 Remote Code Execution |
MEDIUM | HTTP:SNS-SDC-MUL | HTTP: SeaWell Networks Spectrum SDC Multiple Vulerabilities |
HIGH | HTTP:STC:ADOBE:CVE-2019-8188-CE | HTTP: Adobe Reader CVE-2019-8188 Remote Code Execution |
HIGH | HTTP:STC:ADOBE:CVE-2019-8196-CE | HTTP: Adobe Reader CVE-2019-8196 Remote Code Execution |
HIGH | HTTP:STC:ADOBE:CVE-2019-8165-CE | HTTP: Adobe Reader CVE-2019-8165 Remote Code Execution |
319 updated signatures:
HIGH | HTTP:EK-BLACKHOLE-V2-LP1 | HTTP: Blackholev2/Darkleech Exploit Kit Landing Page 1 |
HIGH | HTTP:CGI:NAGIOS-CORE-DOS | HTTP: Nagios core CGI Process_cgivars Off-By-One |
HIGH | SCADA:ABB-MICROSCADA-BOF | APP: ABB MicroSCADA Wserver Buffer Overflow |
HIGH | DB:ORACLE:XDB-DROPMETADATA | DB: Oracle Database Server XDB PITRIG_DROPMETADATA Procedure Buffer Overflow |
HIGH | HTTP:EK-MAGNITUDE-JNLP-REQ | HTTP: Magnitude/Popads/Nuclear Exploit Kit jnlp Request |
HIGH | HTTP:MISC:CVE-2015-5718-BO | HTTP: Websense Triton Content Manager Buffer Overflow |
HIGH | HTTP:EK-NUCLEAR-ORACLE-JAVA | HTTP: Nuclear/Magnitude Exploit Kit Oracle Java Exploit Download Attempt |
HIGH | HTTP:IIS:ASP-DOT-NET-VSTATE | HTTP: IIS ASP .NET ViewState Input Sanitization |
HIGH | HTTP:EK-NUCLEAR-POST-JAVA-COMP | HTTP: Nuclear/Magnitude Exploit Kit Post Java Compromise |
HIGH | HTTP:STC:DL:MAL-VBP | HTTP: Malformed Microsoft Visual Basic Project File |
HIGH | HTTP:EK-NUCLEAR-ORACLE-JAVA-1 | HTTP: Nuclear/Magnitude Exploit Kit Oracle Java Exploit Download |
HIGH | HTTP:EK-NUCLEAR-IE-VULN-REQ | HTTP: Nuclear Exploit Kit Microsoft Internet Explorer Vulnerability Request |
HIGH | HTTP:STC:JAVA:JAVA-VM-ARGS-OF | HTTP: Sun Java JNLP java-vm-args Attribute Overflow |
HIGH | APP:HPOV:OVJAVALOCALE-OF | APP: HP OpenView Network Node Manager OvJavaLocale Buffer Overflow |
HIGH | HTTP:IIS:CVE-2017-7269-RCE | HTTP: Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow |
HIGH | HTTP:MITSUBISHI-ELECTRIC-SBO | HTTP: Mitsubishi Electric E-Designer SetupAlarm Font Stack Buffer Overflow |
MEDIUM | HTTP:RUBY-GEM-SEMICOLON1 | HTTP: Ruby Gem Multiple Wrappers Command Injection1 |
HIGH | HTTP:STC:MITSUBISHI-E-DESIGN-BO | HTTP: Mitsubishi Electric E-Designer BEComliSlave Buffer Overflow |
HIGH | HTTP:DOS:NOOP-SLED-REQ-MALF | HTTP: No Operation Sled in HTTP Request (Malformed) |
HIGH | APP:REMOTE:MS-WIN-RDP-RCE | APP: Microsoft Windows Remote Desktop Remote Code Execution |
CRITICAL | DB:INGRES-UUID_FROM_CHAR-OF | DB: Ingres Database uuid_from_char Overflow |
HIGH | APP:MISC:PXESERVICE-UDP | APP: Fujitsu SystemcastWizard PXEService Buffer Overflow |
HIGH | APP:ORACLE:GOLDENGATE-BOF | APP: Oracle GoldenGate Manager Command Stack Buffer Overflow |
HIGH | HTTP:STC:WECON-HEAP-OVERRUN | HTTP: WECON Heap Buffer Overflow |
HIGH | HTTP:EK-NUCLEAR-ADOBE-FLASH-1 | HTTP: Nuclear/Magnitude Exploit Kit Adobe Flash Exploit Download |
HIGH | HTTP:EK-ANGLER-OUT-URL | HTTP: Angler Exploit Kit Outbound URL Structure 1 |
HIGH | HTTP:STC:DL:WEBEX-RECORD-ATAS | HTTP: Cisco WebEx Recording Format Player atas32.dll Integer Overflow |
HIGH | HTTP:EK-MUL-PAYLOAD-DOWN-1 | HTTP: Multiple Exploit Kit Payload Download 1 |
HIGH | HTTP:EK-MULTIPLE-REDIRECTION-GT | HTTP: Multiple Exploit Kit Redirection Gate |
HIGH | HTTP:EK-MAGNITUDE-ORACLE | HTTP: Magnitude Exploit Kit Oracle Java |
HIGH | HTTP:EK-MAGNITUDE-JAVA | HTTP: Exploit Kit Magnitude Oracle Java |
HIGH | HTTP:EK-MAGNITUDE-LANDING-PG | HTTP: Exploit Kit Magnitude Landing Page |
HIGH | HTTP:STC:ADOBE:CVE-2017-11308 | HTTP: Adobe Acrobat ImageConversion EMF Integer Overflow |
HIGH | HTTP:CA-XOSOFT-XOSOAP | HTTP: Computer Associates XOsoft xosoapapi.asmx Buffer Overflow |
HIGH | TROJAN:BACKORIFICE:BO2K-CONNECT | TROJAN: Back Orifice 2000 Client Connection |
HIGH | APP:HP-MGMT-UAM-BO | APP: HP Intelligent Management Center uam Buffer Overflow |
HIGH | SMTP:MULTIPLE-HYD-BOF | SMTP: Multiple SMTP Header Buffer Overflow |
HIGH | HTTP:STC:CVE-2018-18993-BO | HTTP: OMRON CX-One CX-Position cdmapi32 Stack-based Buffer Overflow |
INFO | SSL:AUDIT:DHEEXP-512CPHR-LOGJAM | SSL: OpenSSL Logjam 512-Bit DHE_EXPORT Cipher Suite |
HIGH | HTTP:STC:EMBED-SRC-OF | HTTP: Overlarge EMBED Tag Source |
HIGH | HTTP:STC:ADOBE:CVE-2018-5067-ID | HTTP: Adobe Acrobat Pro CVE-2018-5067 Information Disclosure |
HIGH | HTTP:STC:WIN-CCL-BOF | HTTP:Microsoft Windows Common Control Library Vulnerability |
HIGH | HTTP:EK-COTTONCASTLE-FLASH-OC | HTTP: CottonCastle Exploit Kit Flash Outbound Connection |
MEDIUM | APP:HPOV:OVALARMSRV-DOS2 | APP: Hewlett-Packard OpenView Alarm Denial of Service (2) |
CRITICAL | APP:OBSERVICED-OF | APP: Oracle Secure Backup observiced.exe Buffer Overflow |
HIGH | APP:HP-LOADRUNNER-BO | APP: HP LoadRunner Stack Buffer Overflow |
HIGH | RTSP:HELIX-RN5AUTH | RTSP: RealNetworks Helix Server rn5auth Credential Parsing Buffer Overflow |
HIGH | SMTP:MAL:LOTUS-APPLIX | SMTP: IBM Lotus Notes Applix Graphics Parsing Buffer Overflow |
HIGH | DNS:ISC-BIND-ASSERT-DOS | DNS: ISC BIND DNS options Assertion Failure Denial of Service |
HIGH | HTTP:STC:ADOBE:CVE-2017-11227CE | HTTP: Adobe Acrobate Reader CVE-2017-11227 Remote Code Execution |
CRITICAL | DB:ORACLE:DBMS:AQELM-OF | DB: Oracle DBMS_AQELM Overflow |
HIGH | HTTP:STC:M3U-VLC-SMB-LINK | HTTP: VideoLAN VLC Media Player SMB Link Buffer Overflow |
HIGH | APP:INDUSOFT-WEB-STUDIO-BO | APP: InduSoft Web Studio Remote Agent Buffer Overflow |
HIGH | HTTP:STC:ADOBE:CVE-2016-1078-CE | HTTP: Adobe Reader CVE-2016-1078 Remote Code Execution |
HIGH | HTTP:STC:CVE-2018-8344-CE | HTTP: Microsoft Graphics CVE-2018-8344 Remote Code Execution |
HIGH | HTTP:STC:DL:MS-GDI-EMF | HTTP: Microsoft GDI+ EMF+ Integer Wrap Remote Code Execution |
HIGH | HTTP:WEBSPHERE:SERVER-OF | HTTP: WebSphere Application Server Buffer Overflow |
HIGH | HTTP:DOMINO:SAMETIME-URL-OF | HTTP: Lotus Sametime URL Overflow |
HIGH | APP:NOVELL:REMOTE-MGR-DOS | APP: Novell Remote Manager Off-by-One Denial of Service |
MEDIUM | SMTP:SPAMASS-DOS | SMTP: SpamAssassin Content-Type Denial of Service |
HIGH | HTTP:STC:ADOBE:DIRECTOR-FILE-MC | HTTP: Adobe Director file Multiple Record Memory Corruption |
HIGH | HTTP:STC:STREAM:QT-MPEG-PAD | HTTP: Apple QuickTime MPEG Stream Padding Buffer Overflow |
HIGH | APP:HPOV:OVTRACE | APP: Hewlett-Packard OpenView OVTrace Buffer Overflow |
HIGH | APP:NOVELL:MESSENGER-BOF | APP: Novell Messenger Client Filename Parameter Stack Buffer Overflow |
HIGH | APP:NOVELL:ZENWORKS-CONFMGR-BO | APP: Novell ZENworks Configuration Management PreBoot Service Overflow |
HIGH | HTTP:STC:CVE-2019-6537-RCE | HTTP: WECON LeviStudio DataLogTool Multiple Remote Code Execution |
HIGH | APP:CITRIX:NSEPACOM-BOF | APP: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow |
HIGH | HTTP:STC:ADOBE:CVE-2018-4895RCE | HTTP: Adobe Acrobat and Reader CVE-2018-4895 Remote Code Execution |
HIGH | MS-RPC:CVE-2019-6550-RCE | MS-RPC: Advantech WebAccess SCADA Remote Code Execution |
HIGH | APP:IBM:TIVOLI-OF | APP: IBM Tivoli Management Framework Overflow |
HIGH | HTTP:PROXY:SQUID-ESI-BO | HTTP: Squid Proxy ESI Component Stack Buffer Overflow |
MEDIUM | APP:UPNP:DLINK-SEARCH-NOTIFY | APP: D-Link Router SEARCH/NOTIFY Buffer Overflow |
CRITICAL | CHAT:ICQ:ISS-BLACKICE-OF | ICQ: ISS BlackIce ICQ Decoder META_USER Buffer Overflow |
HIGH | HTTP:STC:IE:UNINIT-MEM-CORR | HTTP: Microsoft Internet Explorer Uninitialized Memory Corruption (CVE-2010-2559) |
HIGH | APP:IBM:INFORMIX-CMD-OF | APP: IBM Informix Dynamic Server Command Argument Processing Stack Overflow |
HIGH | APP:CITRIX:PROVISIONING-OPCODE | APP: Citrix Provisioning Services Opcode Stack Buffer Overflow |
HIGH | APP:HPOV:NNM-DISPLAYWIDTH-BOF | APP: HP OpenView Network Node Manager displayWidth Buffer Overflow |
MEDIUM | DB:ORACLE:TNS:DBMS-OF | DB: Oracle DBMS Overflow |
HIGH | HTTP:STC:DL:QT-TEXML-BOF | HTTP: Apple QuickTime TeXML Parsing Buffer Overflow |
HIGH | HTTP:STC:DL:GOOGLE-GO-CI | HTTP: Google Golang Get Command Injection |
HIGH | APP:CITRIX:XENAPP-XML-RCE | APP: Citrix XenApp and XenDesktop XML Service Interface Remote Code Execution |
HIGH | HTTP:STC:STREAM:QT-MAL-SMIL | HTTP: Apple QuickTime Malformed SMIL File |
HIGH | HTTP:MISC:DLINK-CAPTCHA-BO | HTTP: D-Link Wireless Router CAPTCHA Data Processing Buffer Overflow |
HIGH | APP:HPOV:NNM-LOGIN-BOF | APP: HP OpenView Network Node Manager ovsessionmgr.exe Buffer Overflow |
HIGH | HTTP:STC:IE:MEMCORRUPT2 | HTTP: Internet Explorer HTML Objects Memory Corruption (2) |
HIGH | DB:MYSQL:COM-FIELD-LIST-BO | DB: Oracle MySQL Database COM_FIELD_LIST Buffer Overflow |
HIGH | APP:HPOV:NNM-EXECVP-NC-OF | APP: HP OpenView Network Node Manager webappmon.exe execvp_nc Buffer Overflow |
HIGH | HTTP:SYBASE-AGSOAP-EXE-BOF | HTTP: Sybase M-Business Anywhere agSoap.exe Closing Tag Buffer Overflow |
HIGH | DB:DB2:XML-QUERY-OF | DB: IBM DB2 XML Query Overflow |
HIGH | HTTP:LIBGD-HEAP-BO | HTTP: GD Library libgd gd_gd2.c Heap Buffer Overflow |
CRITICAL | DB:ORACLE:ORACLE-DSI | DB: Oracle Database DBMS_SNAP_INTERNAL Package Buffer Overflow |
HIGH | HTTP:EXPLOIT-KIT-STYX-PLU | HTTP: Styx Exploit Kit Plugin Detection Connection |
HIGH | HTTP:FOXIT-FF-URL-STG-BO | HTTP: Foxit Reader Plugin for Firefox URL String Stack Buffer Overflow |
CRITICAL | DB:ORACLE:SYS:PBSDE-INIT-OF | DB: Oracle sys.pbsde.init Procedure Buffer Overflow |
HIGH | HTTP:CGI:NAGIOS-HISTORY-PRM-BO | HTTP: Nagios history.cgi Parameter Buffer Overflow |
HIGH | DB:ORACLE:SDO_CS-TRANS-OF | DB: Oracle SDO_CS.TRANSFORM_LAYER Buffer Overflow |
HIGH | APP:NOVELL:HTTP-NOVELL-REDIRECT | APP: Novell eDirectory HTTP Server Redirection Buffer Overflow |
MEDIUM | FTP:OVERFLOW:WINFTP-DATA-OF | FTP: WinFtp Server Data Handling Denial of Service |
MEDIUM | HTTP:SQL:INJ:OVERSIZE-STATEMENT | HTTP: Oversized Cast And Convert Statement Possible SQL Injection Obfuscation |
HIGH | HTTP:PHP:APACHE-RQST-HEADER-BO | HTTP: PHP apache_request_headers Buffer Overflow |
HIGH | NTP:CRYPTO-NAK-AUTH-BYPASS | NTP: Network Time Protocol Daemon crypto-NAK Authentication Bypass |
HIGH | HTTP:MISC:HP-SYS-IPRANGE-OF | HTTP: HP System Management Homepage iprange Stack Buffer Overflow |
HIGH | HTTP:OVERFLOW:HP-POWERMAN-OF | HTTP: HP Power Manager Login Buffer Overflow |
HIGH | IMAP:IPSWITCH:DELETE-OF | IMAP: IPSwitch IMAP Server DELETE Overflow |
HIGH | APP:MDAEMON:SEND-OF | SMTP: MDaemon Mail Server Overflow |
HIGH | FTP:MS-FTP:IIS-BOF | FTP: IIS Buffer Overflow |
HIGH | HTTP:EFS-FILE-SERVER-BO | HTTP: EFS Software Easy File Sharing Web Server Stack Buffer Overflow |
HIGH | HTTP:STC:ITUNES-HANDLER-OF | HTTP: Apple iTunes Handler Stack Buffer Overflow |
HIGH | APP:CVE-2017-5789-OV | APP: HPE LoadRunner and Performance Center libxdrutil.dll mxdr_string Heap Buffer Overflow |
HIGH | TFTP:HP-MGMT-TFTP-DATA-OF | TFTP: HP Intelligent Management Center TFTP Server DATA and ERROR Packets Buffer Overflow |
CRITICAL | DB:ORACLE:ODCITABLESTART-OF | DB: Oracle Database SYS.OLAPIMPL_T Package ODCITABLESTART Buffer Overflow |
HIGH | HTTP:STC:ADOBE:PHOTOSHOP-ASSET | HTTP: Adobe Photoshop Asset Elements Stack Buffer Overflow |
CRITICAL | HTTP:OVERFLOW:SYBASE-WEBCONSOLE | HTTP: Sybase EAServer WebConsole Buffer Overflow |
HIGH | TFTP:OPEN-TFTP-SERVER-ERROR-BO | TFTP: OpenTFTP Server Error Packet Handling Buffer Overflow |
HIGH | HTTP:WEBLOGIC:BEA-BOF | HTTP: BEA Weblogic Buffer Overflow |
HIGH | NTP:NTPQ-DECODEARR-BO | NTP: Network Time Protocol ntpq decodearr Stack-based Buffer Overflow |
CRITICAL | APP:CA:ARCSRV:BME-OP-117 | APP: CA BrightStor ARCserve Backup Message Engine Opcode 117 Buffer |
HIGH | HTTP:STC:DL:MSWMM-OF | HTTP: Microsoft Windows Movie Maker and Producer Buffer Overflow |
HIGH | SMTP:MAL:LOTUS-MAILTO | SMTP: IBM Lotus Domino nrouter.exe iCalendar MAILTO Stack Buffer Overflow |
HIGH | HTTP:STC:JAVA:DOCBASE-BOF | HTTP: Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow |
HIGH | APP:REAL:RAM-FILE-OF | APP: RealMedia RAM File Processing Buffer Overflow |
HIGH | HTTP:STC:ADOBE:ACROBAT-OOB | HTTP: Adobe Acrobat ImageConversion PCX Parsing Out-Of-Bounds Write |
MEDIUM | SMTP:IIS:CDO-OF | SMTP: Collaboration Data Objects Vulnerability |
HIGH | CHAT:IRC:MIRC-PRIVMSG | IRC: mIRC PRIVMSG Buffer Overflow |
HIGH | APP:HPOV:OVWEBSNMPSRV-OF | APP: HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Buffer Overflow |
HIGH | HTTP:PROXY:SQUID-NTLM-OF | HTTP: Squid NTLM Authentication Overflow |
HIGH | HTTP:STC:DL:MS-VISIO-DXF-BO | HTTP: Microsoft Visio 2010 DXF File Format Buffer Overflow |
HIGH | APP:UPNP:LIBUPNP-ROOT-DSN-BOF | APP: Portable SDK for UPnP Devices libupnp Root Device Service Name Stack Buffer Overflow |
HIGH | APP:UPNP:LIBUPNP-UUID-BOF | APP: Portable SDK for UPnP Devices libupnp UUID Service Name Stack Buffer Overflow |
HIGH | APP:UPNP:LIBUPNP-DSN-BOF | APP: Portable SDK for UPnP Devices libupnp Device Service Name Stack Buffer Overflow |
CRITICAL | APP:VERITAS:NETBACKUP-BPCD | APP: Veritas Netbackup BPCD |
MEDIUM | HTTP:CISCO:CSUSERCGI-BOF | HTTP: Cisco User-Changeable Password CSuserCGI.exe Buffer Overflow |
HIGH | MS-RPC:OF:ADVANTECH-WEBACS-BOF | MS-RPC: Advantech WebAccess Client bwswfcfg Stack-based Buffer Overflow |
HIGH | HTTP:STC:ADOBE:READER-WKT-BO | HTTP: Adobe Reader Well-Known Text Buffer Overflow |
HIGH | APP:CITRIX:STREAMPROCESS-BOF | APP: Citrix Provisioning Services streamprocess.exe Component Buffer Overflow |
HIGH | HTTP:STC:DL:OO-OLE | HTTP: OpenOffice OLE File Stream Buffer Overflow |
HIGH | HTTP:DOS:DRUPAL-XML-RPC-IEE | HTTP: Drupal Core XML-RPC Endpoint Internal Entity Expansion Denial of Service |
HIGH | HTTP:STC:DISK-PULSE-BO | HTTP: Flexense DiskPulse Client Import Stack Buffer Overflow |
HIGH | HTTP:STC:IE:MOUSE-MOVE-MEM | HTTP: Microsoft Internet Explorer Uninitialized Memory Corruption (CVE-2010-0267) |
HIGH | FTP:OVERFLOW:MS-IE-FTP-RES-MC | FTP: Microsoft Internet Explorer FTP Response Parsing Memory Corruption |
HIGH | MS-RPC:OF:MSG-QUEUE-3 | MS-RPC: Message Queue Overflow (3) |
HIGH | VOIP:SIP:DIGIUM-ASTERSK-BO | VOIP: Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow |
HIGH | APP:NOVELL:NMAP-NETMAIL-STOR | APP: Novell Netmail Stor Overflow |
HIGH | HTTP:MISC:WAVELINK-HDR-PARSE-BO | HTTP: Wavelink Emulation License Server HTTP Header Processing Buffer Overflow |
HIGH | APP:HPOV:OVDLL-OVBUILDPATH-BOF | APP: HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow |
HIGH | SMB:NETBIOS:CVE-2017-0004-MC | SMB: Microsoft Windows CVE-2017-0004 Memory Corruption |
HIGH | FTP:OVERFLOW:FREE-FTPD-PASS | FTP: freeFTPd PASS Command Buffer Overflow |
MEDIUM | APP:NOVELL:ZENWORKS-TFTPD-RCE | APP: Novell ZENworks Desktop Management on Linux TFTPD Code Execution |
HIGH | FTP:OVERFLOW:CMD-OF | FTP: Command Overflow |
CRITICAL | APP:HPOV:OID-OF | APP: HP OpenView NNM snmp.exe Long OID Parameter |
HIGH | HTTP:STC:DL:MAL-PLF | HTTP: Malformed Play List File (PLF) |
HIGH | APP:HP-DATA-PROTECTOR-SIGN-DOS | APP: HP Data Protector Media Operations SignInName Parameter Denial of Service |
HIGH | HTTP:MAL-CNC-SRVREQ | HTTP: Malware Command and Control Communication Request Detected |
HIGH | HTTP:STC:JAVA:JNLP-CHARSET-OF | HTTP: Sun Java Web Start Charset Encoding Overflow |
HIGH | HTTP:CGI:RSA-AGENT-BOF | HTTP: RSA Agent Redirect Overflow |
HIGH | HTTP:STC:DL:MAL-MIC-BICLRUSED | HTTP: Windows Graphics Rendering Engine MIC File Malformed biClrUsed Parameter |
HIGH | FTP:FREEFLOAT-CMD-BO | FTP: FreeFloat FTP Server Invalid Command Buffer Overflow |
HIGH | HTTP:EK-RIG-OUT-COMMUNICATION | HTTP: Rig Exploit Kit Outbound Communication Attempt |
HIGH | HTTP:OVERFLOW:EFS-FILE-SERVE-BO | HTTP: EFS Software Easy File Sharing Web Server sendemail.ghp Stack Buffer Overflow |
HIGH | HTTP:WEBLOGIC:ENCODING | HTTP: BEA Weblogic Encoding Value Overflow |
HIGH | HTTP:OVERFLOW:OVWEBHELP-BO | HTTP: HP OpenView Network Node Manager OvWebHelp.exe CGI Buffer Overflow |
HIGH | TROJAN:CRYPTOWALL-DOCS-CAMP | TROJAN: Cryptowall docs Campaign Encrypted Binary Detected |
CRITICAL | HTTP:STC:DIRECTSHOW-AVI-EXEC | HTTP: Microsoft Windows DirectShow AVI File Code Execution |
HIGH | MS-RPC:OF:ADVANTECH-WA-BO | MS-RPC: Advantech WebAccess SCADA Buffer Overflow |
HIGH | APP:ORACLE:GOLDENGATE-SOAP-OF | APP: Oracle GoldenGate Veridata Server XML SOAP Request Buffer Overflow |
CRITICAL | APP:WINMEDIASRV-RCE | APP: Microsoft Windows Media Service Remote Code Execution |
HIGH | DB:POSTGRESQL:CHANGE-PASS-BO | DB: PostgreSQL Database Password Change Stack Buffer Overflow |
HIGH | HTTP:OVERFLOW:MICROFOCUS-PST-OF | HTTP: Micro Focus GroupWise Post Office Agent Integer Overflow |
HIGH | HTTP:OVERFLOW:WECON-LEVIS-HOF | HTTP: WECON LeviStudio Address Name Heap Buffer Overflow |
HIGH | HTTP:ABB-PANEL-BLDR-BO | HTTP: ABB Panel Builder 800 Comli CommandLineOptions Stack-based Buffer Overflow |
HIGH | HTTP:ALTN-SG-OF | HTTP: Alt-N Security Gateway Overflow |
HIGH | APP:IBM:TIVOLI-FASTBACK-OF | APP: IBM Tivoli Storage Manager FastBack Mount Stack Buffer Overflow |
HIGH | IMAP:OVERFLOW:MAILENABLE-OF | IMAP: MailEnable Status Overflow |
HIGH | HTTP:DOMINO:ACCEPT-LANG-OF | HTTP: Lotus Domino Accept Language Overflow |
HIGH | APP:CA:ARCSRV:SQL-OF | APP: Computer Associates BrightStor ARCserve Backup Buffer Overflow |
HIGH | APP:HP-PM-EXP-DATA-LOGS | APP: HP Power Manager formExportDataLogs Buffer Overflow |
HIGH | APP:IBM:LDAP-MODIFYREQUEST-BO | APP: IBM Domino LDAP Server ModifyRequest Stack Buffer Overflow |
HIGH | IMAP:EMPHASISMINE | IMAP: Shadow Brokers - EMPHASISMINE |
HIGH | HTTP:MISC:OMRON-CX-SBO | HTTP: OMRON CX-One CX-FLnet cdmapi32 wcscpy Stack-based Buffer Overflow |
HIGH | APP:CA:ARCSRV:MEDIASERVER-BO1 | APP: Computer Associates BrightStor ARCserve Media Server Buffer Overflow1 |
HIGH | TROJAN:BEACON-CNC | TROJAN: Beacon Command and Control Traffic |
HIGH | HTTP:MISC:SUPERMICRO-LOGIN-BO | HTTP: SuperMicro IPMI login.cgi Buffer Overflow |
HIGH | IMAP:OVERFLOW:MAILENABLE-OF-2 | IMAP: MailEnable Select Overflow |
HIGH | HTTP:MISC:ORMON-CXM-SBO | HTTP: OMRON CX-One CX-Motion Stack-based Buffer Overflow |
HIGH | HTTP:STC:DL:DIRECTX-SAMI | HTTP: Microsoft DirectX SAMI File Parsing Code Execution |
HIGH | APP:HPOV:SNMPVIEWER-APP-OF | APP: HP OpenView NNM snmpviewer.exe App Parameter Stack Buffer Overflow |
HIGH | MS-RPC:ADVTC-WEBSCADA-BO | MS-RPC: Advantech WebAccess SCADA bwmakdir Stack-based Buffer Overflow |
HIGH | HTTP:STC:SCRIPT:OBFUSCATED | HTTP: Javascript Obfuscated Page |
HIGH | HTTP:WECON-LEVISTUDIO-BO | HTTP: WECON LeviStudio Multiple Buffer Overflow |
HIGH | SMB:MS-CVE-2017-0144-MC | SMB: Microsoft Windows SMB Server SMBv1 Memory Corruption |
HIGH | HTTP:STC:DL:MAL-ASX-OF | HTTP: ASX Malformed File Remote Stack Buffer Overflow |
CRITICAL | SSL:OVERFLOW:KEY-ARG-NO-ENTROPY | SSL: OpenSSL KEY_ARG No Entropy |
MEDIUM | HTTP:STC:MS-WIN-GDI-ID | HTTP: Microsoft Windows Graphics Device Interface Information Disclosure |
HIGH | HTTP:PERL-TAR-ZIP-FO | HTTP: Perl Archive Tar and ZIP Arbitrary File Overwrite |
HIGH | HTTP:DIGIUM-ASTERISK-BO | HTTP: Digium Asterisk Management Interface HTTP Digest Authentication Stack Buffer Overflow |
HIGH | FTP:OVERFLOW:S2C-PATH-OF | FTP: FlashGet FTP PWD Command Stack Buffer Overflow |
HIGH | HTTP:IIS:ASPX-URL-1 | HTTP: IIS Crafted ASP URL Request1 |
HIGH | HTTP:STC:WECON-LEVI-SBO | HTTP: WECON LeviStudio InstallmentSet InstallmentTrigAddOpen Stack Buffer Overflow |
CRITICAL | HTTP:NOVELL:NETMAIL-WEBADMIN | HTTP: Novell NetMail WebAdmin Username Stack Buffer Overflow |
CRITICAL | OS:LINUXX86:NETFILTER-IPTBLE-BO | OS: Linux Kernel Netfilter iptables-restore Buffer Overflow |
HIGH | HTTP:STC:NTP-DECODENETNUM-AF | HTTP: Network Time Protocol Daemon decodenetnum Assertion Failure |
HIGH | SSL:OPENSSL-CVE-2017-3730 | SSL: OpenSSL invalid Diffie-Hellman Parameter NULL Pointer Dereference |
MEDIUM | TFTP:TRANSPORT-BOF | TFTP: Multiple Vendors TFTP Transporting Mode Remote Buffer Overflow Vulnerability |
HIGH | APP:BLUECOAT-AAA-OF | APP: Blue Coat Authentication and Authorization Agent Overflow |
HIGH | APP:HPOV:NNM-RPING-BOF | APP: HP OpenView Network Node Manager rping Stack Buffer Overflow |
HIGH | HTTP:STC:MS-IE-IFRAME-BO | HTTP: Microsoft Internet Explorer Iframe Buffer Overflow |
HIGH | HTTP:STC:DL:COOLPLAYER-PLAYLIST | HTTP: CoolPlayer Playlist File Handling Buffer Overflow |
CRITICAL | FTP:SERVU:CHMOD-OVERFLOW | FTP: ServU CHMOD Filename Overflow |
HIGH | IMAP:OVERFLOW:IBM-DOMINO-OF | IMAP: IBM Domino IMAP Mailbox Name Stack Buffer Overflow |
HIGH | HTTP:XIPH-CAST-URL-AUTH-1 | HTTP: Xiph.org Icecast Server auth_url Stack Buffer Overflow (1) |
HIGH | RTSP:OVERFLOW:RTSP-CONTENT | RTSP: Apple QuickTime RTSP Content-Type Overflow |
HIGH | APP:NOVELL:INTERNET-AGENT-BOF | APP: Novell GroupWise Internet Agent Buffer Overflow |
HIGH | HTTP:STC:ADOBE:CVE-2017-16416CE | HTTP: Adobe Acrobat Reader CVE-2017-16416 Remote Code Execution |
MEDIUM | TELNET:DOS:GAMSOFT | Telnet: GAMSoft Telsrv DoS |
HIGH | HTTP:EK-ANGLER-RELAY-TRAFFIC | HTTP: Angler Exploit Kit Relay Traffic Detected1 |
HIGH | SMTP:OVERFLOW:MAILENABLE-BO | SMTP: MailEnable SMTP Authentication Buffer Overflow |
HIGH | HTTP:STC:IMG:MAL-EMF | HTTP: Malformed EMF File |
HIGH | VOIP:SIP:SDP:HDR-BOF | VOIP: Digium Asterisk SIP SDP Header Parsing Stack Buffer Overflow |
MEDIUM | IMAP:OVERFLOW:MAILENABLE-APPEND | IMAP: MailEnable Append Buffer Overflow Vulnerability |
HIGH | HTTP:MULTI-EK-32ALPHA-REQ | HTTP: Multiple Exploit Kit 32 Alpha JAR Request |
HIGH | HTTP:DIR:FILEMGR-DIRTRV | HTTP: Responsive FileManager Zip Directory Traversal |
CRITICAL | APP:CITRIX:PROVISIONINGSERV-UF | APP: Citrix Provisioning Services streamprocess.exe Integer Underflow |
HIGH | DB:MYSQL:GRANT-FILE-BO | DB: Oracle MySQL Grant File Stack Buffer Overflow |
HIGH | HTTP:EK-MULTIPLE-FLASH | HTTP: Multiple Exploit Kit Flash File Download |
HIGH | HTTP:STC:STREAM:GDI-WMF-HEADER | HTTP: Microsoft Windows GDI WMF File HeaderSize Buffer Overflow |
HIGH | DB:MYSQL:COMMANDS-BO | DB: Oracle MySQL Multiple Commands Heap Buffer Overflow |
MEDIUM | HTTP:STC:DL:GDI-WMF-ID | HTTP: Microsoft Graphics Component CVE-2018-8472 Information Disclosure |
HIGH | HTTP:PHP:CVE-2016-10159-IOV | HTTP: PHP phar_parse_pharfile Function filename_len Property Integer Overflow |
HIGH | DB:ORACLE:XML-SCHEMA-OF | DB: Oracle XML SCHEMA Overflow |
HIGH | APP:HPOV:NNMI-BO | APP: HP Network Node Manager(NNMi) ovopi.dll Options Handling Remote Buffer Overflow |
HIGH | APP:NOVELL:GROUPWISE-WA | APP: Novell GroupWise WebAccess HTTP Basic Authentication Buffer Overflow |
HIGH | HTTP:STC:DL:VISIO-OBJ-CONFUSION | HTTP: Microsoft Visio Object Type Confusion Remote Code Execution |
HIGH | APP:EMC-AUTOSTART-BOF | APP: EMC AutoStart Error Logging Stack Buffer Overflow |
MEDIUM | HTTP:STC:MOZILLA:MOZ-FLOAT-OF | HTTP: Mozilla Firefox Floating Point Number Conversion Memory Corruption |
MEDIUM | HTTP:STC:RHINO-HDR-OF | HTTP: Rhino Software Serv-U Server HTTP Request Handling Buffer Overflow |
CRITICAL | IMAP:OVERFLOW:MERCURY-LOGIN | IMAP: Mercury Login Buffer Overflow |
HIGH | APP:ORACLE:CVE-2017-10278-OF | APP: Oracle Tuxedo Jolt Protocol CVE-2017-10278 Heap Buffer Overflow |
HIGH | HTTP:STC:PPT-CRAFTED-PATH | HTTP: Microsoft Office PowerPoint File Path Handling Buffer Overflow |
HIGH | HTTP:IBM-INFORMIX-DS-BO | HTTP: IBM Informix Dynamic Server index.php testconn Heap Buffer Overflow |
HIGH | APP:ORACLE:OUTSIDE-JPEG2-CODCOC | APP: Oracle Outside In JPEG 2000 COD and COC Parameter Heap Buffer Overflow |
HIGH | APP:MISC:AVAYA-WINPDM | APP: Avaya Windows Portable Device Manager Buffer Overflow |
HIGH | APP:HPOV:NNM-GETNNMDATA-OF | APP: HP OpenView Network Node Manager getnnmdata.exe Parameter Overflow |
HIGH | HTTP:NOVELL:GROUPWISE-NETAGT-BO | HTTP: Novell GroupWise Internet Agent HTTP Interface Stack Buffer Overflow |
HIGH | HTTP:MISC:DISKPULSE-SERVER-BO | HTTP: Disk Pulse Enterprise Server HttpParser Buffer Overflow |
HIGH | DNS:REPERR:NAPRT-IOF | DNS: Name Authority Pointer Integer Overflow |
HIGH | HTTP:IIS:ISAPI-IDA-OVERFLOW | HTTP: IIS .ida ISAPI Buffer Overflow |
HIGH | APP:MISC:BIGANT-DDNF-BO | APP: BigAnt Server DDNF Request Stack Buffer Overflow |
HIGH | HTTP:OFFICESCAN-CGIRECVFILE | HTTP: Trend Micro OfficeScan Server cgiRecvFile Buffer Overflow |
HIGH | HTTP:STC:DL:QT-SMIL-FILEHAND | HTTP: Apple QuickTime SMIL File Handling Integer Overflow |
HIGH | HTTP:STC:DL:EMF-IMG-FILE-RCE | HTTP: Microsoft Windows Graphic Component EMF Image File Processing Remote Code Execution |
HIGH | MS-RPC:DCE-RPC-ADVANTECH-RCE | MS-RPC: Advantech Webaccess webvrpcs Directory Traversal Remote Code Execution |
HIGH | VNC:OVERFLOW:ULTRAVNC-HEAP | VNC: UltraVNC VNC Server File Transfer Offer Handler Heap-based Buffer Overflow |
CRITICAL | HTTP:MISC:MCAFFEE-SRV-HDR | HTTP: McAfee Server Header Overflow |
HIGH | HTTP:STC:DL:WMF-HEAPOF | HTTP: Windows Metafile Heap Overflow |
CRITICAL | NNTP:OVERFLOW:XPAT-PATTERN | NNTP: XPAT Pattern Overflow |
HIGH | HTTP:FLEXENSE-VX-SEARCH-BO | HTTP: Flexense VX Search Enterprise add_command Buffer Overflow |
HIGH | SMTP:EMAIL:RELAY-ADDR-OF | SMTP: Relay E-Mail Address Overflow |
HIGH | HTTP:STC:DL:MAL-WOFF | HTTP: Mozilla Firefox WOFF Font Processing Integer Overflow |
HIGH | APP:NOVELL:GROUPWISE-ADDRESS | APP: Novell GroupWise Addressbook Heap Buffer Overflow |
HIGH | APP:ABB-NETSCANHOST-OF | APP: ABB Products RobNetScanHost.exe Stack Buffer Overflow |
HIGH | HTTP:STC:DL:KINGVIEW-LOGFILE-BO | HTTP: WellinTech KingView KingMess Log File Parsing Buffer Overflow |
HIGH | SMTP:MAL:LOTUS-MIF-VIEWER | SMTP: IBM Lotus Notes MIF Attachment Viewer Buffer Overflow |
HIGH | APP:REAL:RMP-FILE-OF | APP: RealNetworks RealPlayer RMP File Buffer Overflow |
MEDIUM | HTTP:PROXY:SQUID-DOS | HTTP: Squid Proxy Processing Denial of Service |
CRITICAL | IMAP:IPSWITCH:SEARCH-DATE | IMAP: Ipswitch IMail Server IMAP SEARCH Command Date String Stack Overflow |
HIGH | HTTP:EK-REDKIT-LP2 | HTTP: Redkit Exploit Kit Landing Page 2 |
HIGH | HTTP:EK-UNIX-BACKDOOR-CDORKED | HTTP: Unix Backdoor Cdorked Blackhole Request Attempt |
HIGH | RPC:DCERPC:ARB-FILE-DEL | RPC: Advantech WebAccess webvrpcs Arbitrary File Deletion |
HIGH | APP:CA:ARCSRV:TAPE-ENGINE-DOS | APP: CA ARCserve Backup Tape Engine Denial of Service |
HIGH | HTTP:EK-COTTONCASTLE-JAVA-OC | HTTP: CottonCastle Exploit Kit Java Outbound Connection |
HIGH | HTTP:EK-COTTONCASTLE-JAVA-CONN | HTTP: CottonCastle Exploit Kit Java Outbound Connection 1 |
HIGH | HTTP:EK-COTTONCASTLE-DECRYPT-OR | HTTP: CottonCastle Exploit Kit Decryption Page Outbound Request |
HIGH | IMAP:OVERFLOW:MAILENABLE-OF-3 | IMAP: MailEnable IMAP Overflow (3) |
HIGH | HTTP:STC:ADOBE:CVE-2018-12788CE | HTTP: Adobe Acrobat Reader CVE-2018-12788 Remote Code Execution |
HIGH | HTTP:EK-FLASHPACK-SAFE-CRITX | HTTP: Flashpack/Safe/CritX Exploit Kit Executable Download |
HIGH | HTTP:EK-FLASHPACK-SAFE-JAR | HTTP: Flashpack/Safe/CritX Exploit Kit Jar File Download |
HIGH | HTTP:EK-URI-MALREQ | HTTP: Exploit Kit URI Request For Known Malicious URI |
HIGH | HTTP:EK-DOTKACHEF-MAL-CAMP | HTTP: DotkaChef/Rmayana/DotCache Exploit Kit Malvertising Campaign |
HIGH | HTTP:NOVELL:IMANAGER-TOMCAT-BOF | HTTP: Novell iManager Tomcat Buffer Overflow |
HIGH | TROJAN:FILEENCODER-CNC | TROJAN: FileEncoder Variant Outbound Connection Detected |
HIGH | HTTP:NUCLEAR-EK-BIN-DL | HTTP: Nuclear Pack Exploit Kit Binary Download |
HIGH | HTTP:STC:REPRISE-PARAM-PARSE-BO | HTTP: Reprise License Manager HTTP Parameter Parsing Buffer Overflow |
HIGH | HTTP:STC:IE:EVENT-HANDLER-RCE | HTTP: Microsoft Internet Explorer Event Handler Remote Code Execution |
HIGH | SMB:OF:MS-BROWSER-ELECT | SMB: Microsoft Windows BROWSER ELECTION Buffer Overflow |
HIGH | HTTP:STC:IE:MERGE-ATTRIB | HTTP: Microsoft Internet Explorer DOM mergeAttributes Memory Corruption |
HIGH | TELNET:OVERFLOW:BSD-ENCRY-KEYID | TELNET: Multiple Vendors BSD telnetd Encryption Key Buffer Overflow |
HIGH | APP:HPOV:NNM-SNMP-HOST | APP: HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow |
HIGH | HTTP:EK-FIESTA-REDIRECTION | HTTP: Fiesta Exploit Kit Redirection |
HIGH | HTTP:MISC:BLUECOAT-HOST-HDR-OF | HTTP: Blue Coat Host Header Overflow |
HIGH | APP:MISC:HICP-HOSTNAME | APP: IntelliCom NetBiter Config Utility Hostname Buffer Overflow |
HIGH | HTTP:CRITX-EK-JAVA-DL | HTTP: CritX Exploit Kit Java Exploit Download Attempt |
HIGH | HTTP:EK-ANGLER-JAVA-REQ | HTTP: Angler Exploit Kit Outbound Oracle Java Request |
HIGH | HTTP:EK-HELLSPAWN-JAVA-REQ | HTTP: Hellspawn Exploit Kit Outbound Oracle Java Jar Request |
CRITICAL | HTTP:OVERFLOW:OPENVIEW-NNM-BO | HTTP: HP OpenView Network Node Manager Buffer Overflow |
HIGH | HTTP:CRITX-EK-PE-DL | HTTP: CritX Exploit Kit Portable Executable Download |
HIGH | HTTP:JDB-EK-LANDPAGE | HTTP: JDB Exploit Kit Landing Page Retrieval |
HIGH | HTTP:STC:IE:CVE-2014-0271-MC | HTTP: Microsoft Internet Explorer CVE-2014-0271 Memory Corruption |
HIGH | DB:SYBASE:OPEN-SERVER-CE | DB: Sybase Open Server Function Pointer Array Code Execution |
HIGH | HTTP:NNMRPTCONFIG-EXE-RCE | HTTP: HP OpenView Network Node Manager nnmRptConfig.exe schd_select1 Remote Code Execution |
HIGH | HTTP:JAVAUA-PE-DL-EK | HTTP: Java UA PE Download Exploit Kit Behavior |
CRITICAL | HTTP:STC:DL:WORDPAD-FONT-CONV | HTTP: Microsoft Wordpad Font Conversion Buffer Overflow |
HIGH | IMAP:IPSWITCH:STATUS-OF | IMAP: IPSwitch IMAP Server STATUS Overflow |
HIGH | HTTP:EK-ANGLER-LP-2 | HTTP: Angler Exploit Kit Landing Page2 |
CRITICAL | RPC:EMC-LEGATO-NW-OF | RPC: EMC Legato NetWorker Overflow |
HIGH | SMB:CVE-2017-11885-RCE | SMB: Windows CVE-2017-11885 Remote Code Execution |
HIGH | APP:INGRES:DB-COMM-SVR-OF | APP: Ingress Database Communications Server Overflow |
CRITICAL | HTTP:NOVELL:REPORTER-AGENT | HTTP: Novell File Reporter Agent XML Parsing Remote Code Execution |
HIGH | APP:TMIC:OFFICESCAN-PW-OF | APP: Trend Micro OfficeScan Password Data Buffer Overflow |
HIGH | RTSP:DESCRIBE-BOF | RTSP: RealNetworks Helix Server RTSP DESCRIBE Heap Buffer Overflow |
HIGH | MS-RPC:OF:ADVANTECH-WEB-SCADA | MS-RPC: Advantech WebAccess SCADA bwnodeip Stack-based Buffer Overflow |
HIGH | HTTP:STC:GNU-LIBEXTRACTOR-OOB | HTTP: GNU Libextractor ZIP File Comment Out-of-Bounds Read |
HIGH | APP:HPOV:OPE-AGENT-CODA-BO | APP: HP Operations Agent Opcode coda.exe Buffer Overflow |
HIGH | HTTP:STC:SCRIPT:EVAL-OBFUSC | HTTP: Javascript eval Obfuscation Technique |
HIGH | HTTP:STC:DL:VISIO-VSD-MEM | HTTP: Microsoft Visio VSD File Format Memory Corruption Remote Code Execution |
HIGH | HTTP:STC:DL:MAL-MEDIA-RCE | HTTP: Malformed Media Files Processing Remote Code Execution |
HIGH | HTTP:EK-STYX-LP-3 | HTTP: Styx Exploit Kit Landing Page 3 |
HIGH | HTTP:EK-FLASH-DWNLD | Multiple exploit kit flash file download |
HIGH | APP:HPOV:NNMRPTCONG-TEMPL | APP: HP OpenView Network Node Manager nnmRptConfig.exe Template Buffer Overflow |
HIGH | SMTP:OVERFLOW:NTLM-AUTH-OF | SMTP: MailEnable NTLM Authentication Buffer Overflow |
Details of the signatures included within this bulletin:
HTTP:EK-BLACKHOLE-V2-LP1 - HTTP: Blackholev2/Darkleech Exploit Kit Landing Page 1
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
HTTP:STC:REPRISE-PARAM-PARSE-BO - HTTP: Reprise License Manager HTTP Parameter Parsing Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Reprise License Manager. A successful exploit can lead to buffer overflow and arbitrary remote code execution within the context of the application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
HTTP:EK-MAGNITUDE-JNLP-REQ - HTTP: Magnitude/Popads/Nuclear Exploit Kit jnlp Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:MISC:CVE-2015-5718-BO - HTTP: Websense Triton Content Manager Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Websense Triton application. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the running server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Websense content_gateway 8.0.0
HTTP:EK-NUCLEAR-ORACLE-JAVA - HTTP: Nuclear/Magnitude Exploit Kit Oracle Java Exploit Download Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects connections between a Back Orifice 2000 (BO2K) client and server. This indicates that a BO2K client has made a successful connection to a server that is listening on the standard BO2K port. It allows a remote attacker to take control of the infected host.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
HTTP:SNS-SDC-MUL - HTTP: SeaWell Networks Spectrum SDC Multiple Vulerabilities
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against SeaWell Networks Spectrum SDC. A successful attack can lead to Multiple vulnerabilities.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Seawell_networks spectrum_sdc 02.05.00
HTTP:EK-NUCLEAR-ORACLE-JAVA-1 - HTTP: Nuclear/Magnitude Exploit Kit Oracle Java Exploit Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:EK-NUCLEAR-IE-VULN-REQ - HTTP: Nuclear Exploit Kit Microsoft Internet Explorer Vulnerability Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:IIS:CVE-2017-7269-RCE - HTTP: Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft internet_information_server 6.0
APP:REMOTE:MS-WIN-RDP-RCE - APP: Microsoft Windows Remote Desktop Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Windows Remote Desktop. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_xp_professional
- Microsoft windows_xp_home
- Microsoft windows_7_for_x64-based_systems
- Microsoft windows_7_for_32-bit_systems
- Microsoft windows_vista Business SP2
- Microsoft windows_vista_enterprise_64-bit_edition SP2
- Microsoft windows_vista Enterprise SP2
- Microsoft windows_vista_home_basic_64-bit_edition SP2
- Microsoft windows_vista Home Basic SP2
- Microsoft windows_vista_home_premium_64-bit_edition SP2
- Microsoft windows_vista Home Premium SP2
- Microsoft windows_vista SP2
- Microsoft windows_vista_ultimate_64-bit_edition SP2
- Microsoft windows_server_2008_standard_edition X64
- Microsoft windows_vista_x64_edition SP2
- Microsoft windows_server_2008_datacenter_edition SP2
- Microsoft windows_server_2008_standard_edition SP2
- Microsoft windows_7_home_premium - Sp1 X64
- Microsoft windows_server_2008_for_32-bit_systems SP2
- Microsoft windows_server_2008_for_itanium-based_systems SP2
- Microsoft windows_server_2008_for_x64-based_systems SP2
- Microsoft windows_server_2003_x64 SP2
- Avaya meeting_exchange 5.0.0.0.52
- Microsoft windows_server_2008_standard_edition R2
- Microsoft windows_server_2008_datacenter_edition
- Microsoft windows_server_2008_enterprise_edition
- Microsoft windows_server_2008_standard_edition
- Microsoft windows_vista Business SP1
- Microsoft windows_vista Home Basic SP1
- Microsoft windows_vista Home Premium SP1
- Microsoft windows_vista Enterprise SP1
- Microsoft windows_vista Ultimate SP1
- Microsoft windows_vista_enterprise_64-bit_edition SP1
- Microsoft windows_vista_home_basic_64-bit_edition SP1
- Microsoft windows_vista_home_premium_64-bit_edition SP1
- Microsoft windows_vista_ultimate_64-bit_edition SP1
- Microsoft windows_server_2003_x64 SP1
- Avaya aura_conferencing 6.0 Standard
- Microsoft windows_server_2003_enterprise_edition_itanium SP2
- Microsoft windows_server_2003_enterprise_edition_itanium Sp2 Itanium
- Microsoft windows_vista_home_basic_64-bit_edition Sp1 X64
- Microsoft windows_vista_home_basic_64-bit_edition Sp2 X64
- Microsoft windows_vista_x64_edition
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_server_2003_itanium
- Microsoft windows_server_2003_itanium SP1
- Microsoft windows_server_2003_itanium SP2
- Microsoft windows_server_2003_datacenter_x64_edition SP2
- Microsoft windows_server_2003_enterprise_x64_edition SP2
- Microsoft windows_server_2003_standard_edition SP2
- Avaya meeting_exchange 5.2
- Microsoft windows_server_2008_r2_datacenter
- Microsoft windows_7_home_premium - Sp1 X32
- Avaya callpilot 4.0
- Avaya callpilot 5.0
- Avaya communication_server_1000_telephony_manager 3.0
- Avaya communication_server_1000_telephony_manager 4.0
- Avaya messaging_application_server 5.2
- Avaya meeting_exchange 5.0 SP1
- Avaya meeting_exchange 5.0 SP2
- Avaya meeting_exchange 5.1 SP1
- Microsoft windows_vista_x64_edition SP1
- Microsoft windows_xp_64-bit_edition
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_professional SP1
- Microsoft windows_xp_professional SP3
- Microsoft windows_xp_home SP3
- Microsoft windows_server_2003_datacenter_edition SP1
- Microsoft windows_server_2003_datacenter_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition SP1
- Microsoft windows_server_2003_standard_edition SP1
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_enterprise_edition_itanium
- Microsoft windows_server_2003_datacenter_edition_itanium
- Microsoft windows_server_2008_r2_x64
- Microsoft windows_server_2008_r2_itanium
- Microsoft windows_xp_service_pack_3
- Avaya meeting_exchange 5.2 SP2
- Microsoft windows_server_2008_r2_datacenter SP1
- Microsoft windows_server_2008_r2_itanium SP1
- Microsoft windows_server_2008_r2_x64 SP1
- Microsoft windows_7_for_32-bit_systems SP1
- Microsoft windows_7_for_x64-based_systems SP1
- Microsoft windows_xp_64-bit_edition SP1
- Microsoft windows_server_2008_for_x64-based_systems R2
- Microsoft windows_server_2008_for_itanium-based_systems R2
- Avaya aura_conferencing 6.0 SP1 Standard
- Microsoft windows_server_2008 R2 SP1
- Avaya meeting_exchange-client_registration_server
- Avaya meeting_exchange-recording_server
- Avaya meeting_exchange-streaming_server
- Avaya meeting_exchange-web_conferencing_server
- Avaya meeting_exchange-webportal
- Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
- Microsoft windows_server_2003_enterprise_edition_itanium SP1 Beta 1
- Microsoft windows_server_2003_enterprise_edition SP1 Beta 1
- Microsoft windows_server_2003 SP1
- Microsoft windows_server_2003 SP2
- Microsoft windows_vista Ultimate SP2
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_professional SP2
- Avaya meeting_exchange 5.2 SP1
- Microsoft windows_vista SP1
- Microsoft windows_7_home_premium
- Microsoft windows_7_starter
- Microsoft windows_7_professional
- Microsoft windows_7_ultimate
- Microsoft windows_server_2008_r2_standard_edition
- Avaya meeting_exchange 5.0
- Microsoft windows_server_2008_r2_enterprise_edition
- Microsoft windows_server_2008_standard_edition Itanium
- Microsoft windows_vista Ultimate
- Microsoft windows_vista Home Premium
- Microsoft windows_vista Home Basic
- Microsoft windows_vista Enterprise
- Microsoft windows_server_2003_standard_edition
- Microsoft windows_server_2008_standard_edition R2 SP1
- Avaya messaging_application_server 4
- Avaya messaging_application_server 5
- Avaya meeting_exchange 5.1
- Microsoft windows_server_2003_standard_x64_edition
- Microsoft windows_server_2003_enterprise_x64_edition
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_server 2008 R2
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_vista_enterprise_64-bit_edition
- Microsoft windows_vista_home_basic_64-bit_edition
- Microsoft windows_vista_home_premium_64-bit_edition
- Microsoft windows_vista_ultimate_64-bit_edition
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_server_2008_for_itanium-based_systems
- Microsoft windows 7
APP:MISC:PXESERVICE-UDP - APP: Fujitsu SystemcastWizard PXEService Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Fujitsu SystemcastWizard PXEService. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Fujitsu systemcast_wizard_lite 1.8
- Fujitsu systemcast_wizard_lite 1.8a
- Fujitsu systemcast_wizard_lite 1.9
- Fujitsu systemcast_wizard_lite 2.0
- Fujitsu systemcast_wizard_lite 2.0a
- Fujitsu systemcast_wizard_lite 1.7
HTTP:STC:DISK-PULSE-BO - HTTP: Flexense DiskPulse Client Import Stack Buffer Overflow
Severity: HIGH
Description:
A stack buffer overflow vulnerability has been reported in the client component of Disk Pulse Enterprise Server. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to download a malicious XML file and process it with the affected application. Successful exploitation allows the attacker to execute arbitrary code in the security context of the user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against WECON LeviStudio. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
HTTP:EK-NUCLEAR-ADOBE-FLASH-1 - HTTP: Nuclear/Magnitude Exploit Kit Adobe Flash Exploit Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:EK-ANGLER-OUT-URL - HTTP: Angler Exploit Kit Outbound URL Structure 1
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:STC:DL:WEBEX-RECORD-ATAS - HTTP: Cisco WebEx Recording Format Player atas32.dll Integer Overflow
Severity: HIGH
Description:
A code execution vulnerability exists in Cisco WebEx Recording Format (WRF) Player. This vulnerability is due to an integer overflow leading to a heap buffer overflow when processing WRF files. A remote unauthenticated attacker can leverage this vulnerability by crafting a WRF file and enticing the target user to view the malicious file. Successful exploitation would result in execution of arbitrary code on the target host in the context of the currently logged on user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Cisco webex_(linux) T27 L SP11 EP26
- Cisco webex_(linux) T27 LB SP21 EP10
- Cisco webex_(linux) T27 LC SP25 EP9
- Cisco webex_(linux) T27 LD SP32
- Cisco webex_(mac_os_x) T27 LC SP25 EP9
- Cisco webex_(mac_os_x) T27 LB SP21 EP10
- Cisco webex_(mac_os_x) T27 L SP11 EP26
- Cisco webex_(windows) T27 L SP11 EP26
- Cisco webex_(windows) T27 LB SP21 EP10
- Cisco webex_(windows) T27 LC SP25 EP9
- Cisco webex_(mac_os_x) T27 LD SP32
- Cisco webex_(windows) T27 LD SP32
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
HTTP:STC:ADOBE:CVE-2017-11308 - HTTP: Adobe Acrobat ImageConversion EMF Integer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Systems Acrobat reader. A successful attack can lead to a Integer overflow and arbitrary remote code execution within the security context of the user
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Adobe acrobat_2017 2017.011.30066
- Adobe acrobat_reader_dc 2017.012.20098
- Adobe acrobat_dc 2015.006.30355
- Adobe acrobat_reader_2017 2017.011.30066
- Adobe acrobat_reader_dc 2015.006.30355
- Adobe acrobat_xi 11.0.22
- Adobe reader_xi 11.0.22
- Adobe acrobat_dc 2017.012.20098
SMTP:MULTIPLE-HYD-BOF - SMTP: Multiple SMTP Header Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Multiple SMTP Header. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.
Supported On:
idp-5.1.110161014, idp-4.1.110110719, idp-4.0.110090709, idp-4.0.110090831, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, mx-11.4, vsrx3bsd-19.2, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, srx-branch-19.1, vsrx-15.1, idp-4.1.110110609, srx-branch-19.2, srx-19.2
References:
Affected Products:
- Novell groupwise 8.0 (hp1)
- Novell groupwise 8.0 (hp2)
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:STC:WIN-CCL-BOF - HTTP:Microsoft Windows Common Control Library Vulnerability
Severity: HIGH
Description:
This signature detects Web pages containing a dangerous SVG module. A malicious Web site can exploit a known vulnerability in Microsoft Windows Internet Explorer and gain control of the client browser.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_7_for_32-bit_systems
- Microsoft windows_7_for_x64-based_systems
- Microsoft windows_vista SP1
- Microsoft windows_server_2008_for_x64-based_systems R2
- Microsoft windows_server_2008_for_itanium-based_systems R2
- Microsoft windows_vista SP2
- Microsoft windows_vista_x64_edition SP2
- Microsoft windows_server_2008_for_32-bit_systems SP2
- Avaya messaging_application_server
- Microsoft windows_server_2008_for_x64-based_systems SP2
- Avaya messaging_application_server MM 3.0
- Avaya messaging_application_server MM 3.1
- Microsoft windows_server_2008_for_itanium-based_systems SP2
- Microsoft windows_server_2003_x64 SP2
- Microsoft windows_xp_embedded SP3
- Avaya messaging_application_server MM 1.1
- Avaya meeting_exchange-client_registration_server
- Avaya meeting_exchange-recording_server
- Avaya meeting_exchange-streaming_server
- Avaya meeting_exchange-web_conferencing_server
- Avaya callpilot_unified_messaging
- Microsoft windows_vista_x64_edition SP1
- Avaya messaging_application_server 4
- Avaya messaging_application_server 5
- Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
- Microsoft windows_xp_tablet_pc_edition SP3
- Microsoft windows_xp_professional_x64_edition SP3
- Microsoft windows_xp_professional SP3
- Microsoft windows_xp_media_center_edition SP3
- Microsoft windows_xp_home SP3
- Avaya messaging_application_server MM 2.0
- Microsoft windows_server_2003 SP2
- Avaya communication_server_1000_telephony_manager
- Avaya aura_conferencing 6.0 Standard
- Avaya meeting_exchange-webportal
- Avaya aura_conferencing 6.0
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_server_2003_itanium SP2
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_server_2008_for_itanium-based_systems
APP:OBSERVICED-OF - APP: Oracle Secure Backup observiced.exe Buffer Overflow
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against Oracle Secure Backup daemon. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Oracle oracle10g_enterprise_edition 10.2.0 .3
- Oracle oracle10g_standard_edition 10.2.0 .3
- Oracle oracle10g_personal_edition 10.2.0 .3
RTSP:HELIX-RN5AUTH - RTSP: RealNetworks Helix Server rn5auth Credential Parsing Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the RealNetworks Helix Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Real_networks helix_mobile_server 14.0
- Real_networks helix_server 14.2.0.212
HTTP:STC:ADOBE:ACROBAT-OOB - HTTP: Adobe Acrobat ImageConversion PCX Parsing Out-Of-Bounds Write
Severity: HIGH
Description:
An out of bounds write vulnerability has been reported in the ImageConversion component of Adobe Acrobat. Successful exploitation of the vulnerability could lead to remote code execution under the context of the user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Adobe reader 11.0.19
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat 11.0.19
- Adobe acrobat_reader_dc 15.006.30280
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat_dc 15.006.30280
APP:ABB-NETSCANHOST-OF - APP: ABB Products RobNetScanHost.exe Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in ABB Product. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Abb pc_sdk 5.14.01
- Abb robview_5
- Abb pickmaster_5 5.13
- Abb pickmaster_3 3.3
- Abb robot_communications_runtime 5.14.01
- Abb robotstudio 5.14.01
- Abb webware_server 4.6
- Abb webware_server 4.91
- Abb webware_sdk 4.9
- Abb webware_sdk 4.6
- Abb interlink_module 4.6
- Abb interlink_module 4.9
- Abb irc5_opc_server 5.14.01
HTTP:STC:M3U-VLC-SMB-LINK - HTTP: VideoLAN VLC Media Player SMB Link Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the VideoLAN VLC Media Player. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Videolan vlc_media_player 1.0.1
- Videolan vlc_media_player 0.9.9
- Videolan vlc_media_player 1.0.0
APP:INDUSOFT-WEB-STUDIO-BO - APP: InduSoft Web Studio Remote Agent Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the InduSoft Web Studio. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Indusoft web_studio 7.0
- Indusoft web_studio 6.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Adobe acrobat_reader_dc 17.012.20093
- Adobe acrobat_reader_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30434
- Adobe acrobat_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30416
- Adobe acrobat_reader_dc 17.000.0000
- Adobe acrobat_reader_dc 17.011.30078
- Adobe acrobat_reader_dc 17.011.30102
- Adobe acrobat_reader_dc 15.006.30173
- Adobe acrobat_dc 17.011.30106
- Adobe acrobat_dc 15.010.20059
- Adobe acrobat_reader_dc 15.016.20045
- Adobe acrobat_reader_dc 15.017.20050
- Adobe acrobat_dc 15.006.30413
- Adobe acrobat_reader_dc 15.006.30418
- Adobe acrobat_reader_dc 17.011.30059
- Adobe acrobat_dc 15.006.30198
- Adobe acrobat_dc 15.006.30498
- Adobe acrobat_dc 19.008.20074
- Adobe acrobat_reader_dc 17.011.30106
- Adobe acrobat_dc 17.011.30110
- Adobe acrobat_dc 17.011.30102
- Adobe acrobat_reader_dc 18.011.20038
- Adobe acrobat_dc 19.008.20081
- Adobe acrobat_dc 15.006.30417
- Adobe acrobat_reader_dc 15.010.20059
- Adobe acrobat_dc 18.011.20058
- Adobe acrobat_reader_dc 15.006.30094
- Adobe acrobat_reader_dc 18.009.20050
- Adobe acrobat_dc 15.017.20050
- Adobe acrobat_dc 17.009.20058
- Adobe acrobat_reader_dc 15.006.30198
- Adobe acrobat_dc 15.006.30464
- Adobe acrobat_reader_dc 15.006.30475
- Adobe acrobat_dc 17.011.30059
- Adobe acrobat_reader_dc 15.009.20069
- Adobe acrobat_reader_dc 15.010.20060
- Adobe acrobat_dc 15.006.30280
- Adobe acrobat_dc 19.010.20099
- Adobe acrobat_reader_dc 15.006.30498
- Adobe acrobat_dc 18.011.20038
- Adobe acrobat_dc 15.006.30243
- Adobe acrobat_dc 17.011.30140
- Adobe acrobat_dc 19.010.20100
- Adobe acrobat_reader_dc 17.011.30066
- Adobe acrobat_reader_dc 15.006.30280
- Adobe acrobat_dc 18.009.20050
- Adobe acrobat_reader_dc 15.006.30464
- Adobe acrobat_reader_dc 15.006.30243
- Adobe acrobat_dc 15.016.20039
- Adobe acrobat_reader_dc 17.009.20058
- Adobe acrobat_reader_dc 19.010.20099
- Adobe acrobat_reader_dc 19.010.20100
- Adobe acrobat_reader_dc 19.012.20034
- Adobe acrobat_dc 15.006.30121
- Adobe acrobat_reader_dc 15.020.20042
- Adobe acrobat_reader_dc 17.011.30142
- Adobe acrobat_dc 19.012.20034
- Adobe acrobat_reader_dc 17.012.20098
- Adobe acrobat_reader_dc 17.011.30080
- Adobe acrobat_reader_dc 15.023.20056
- Adobe acrobat_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30140
- Adobe acrobat_dc 15.023.20056
- Adobe acrobat_dc 15.006.30097
- Adobe acrobat_reader_dc 17.011.30127
- Adobe acrobat_reader_dc 15.016.20039
- Adobe acrobat_dc 17.011.30080
- Adobe acrobat_reader_dc 15.006.30097
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_reader_dc 18.011.20040
- Adobe acrobat_dc 17.011.30127
- Adobe acrobat_dc 17.011.30142
- Adobe acrobat_dc 17.011.30068
- Adobe acrobat_dc 15.008.20082
- Adobe acrobat_reader_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30068
- Adobe acrobat_dc 15.006.30482
- Adobe acrobat_reader_dc 15.006.30355
- Adobe acrobat_dc 15.006.30173
- Adobe acrobat_reader_dc 15.008.20082
- Adobe acrobat_dc 17.012.20095
- Adobe acrobat_reader_dc 17.011.30110
- Adobe acrobat_dc 17.011.30099
- Adobe acrobat_reader_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30099
- Adobe acrobat_reader_dc 15.006.30482
- Adobe acrobat_dc 17.011.30079
- Adobe acrobat_dc 19.008.20071
- Adobe acrobat_dc 15.006.30355
- Adobe acrobat_dc 15.006.30457
- Adobe acrobat_dc 15.010.20060
- Adobe acrobat_reader_dc 15.006.30457
- Adobe acrobat_reader_dc 19.008.20080
- Adobe acrobat_reader_dc 15.006.30497
- Adobe acrobat_dc 19.008.20080
- Adobe acrobat_reader_dc 18.011.20063
- Adobe acrobat_dc 15.006.30418
- Adobe acrobat_dc 15.006.30448
- Adobe acrobat_dc 17.011.30066
- Adobe acrobat_reader_dc 19.010.20069
- Adobe acrobat_reader_dc 15.006.30495
- Adobe acrobat_dc 15.017.20053
- Adobe acrobat_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30079
- Adobe acrobat_dc 19.010.20069
- Adobe acrobat_dc 15.006.30493
- Adobe acrobat_dc 15.006.30279
- Adobe acrobat_dc 17.012.20096
- Adobe acrobat_reader_dc 15.006.30493
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat_reader_dc 15.006.30172
- Adobe acrobat_dc 17.011.30105
- Adobe acrobat_reader_dc 19.008.20071
- Adobe acrobat_dc 15.006.30495
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat_dc 15.006.30174
- Adobe acrobat_dc 17.012.20098
- Adobe acrobat_dc 18.011.20063
- Adobe acrobat_reader_dc 15.006.30174
- Adobe acrobat_dc 15.006.30475
- Adobe acrobat_reader_dc 19.008.20074
- Adobe acrobat_dc 15.006.30497
- Adobe acrobat_dc 15.006.30172
- Adobe acrobat_reader_dc 15.006.30279
- Adobe acrobat_reader_dc 15.017.20053
- Adobe acrobat_dc 15.006.30416
- Adobe acrobat_reader_dc 17.011.30105
- Adobe acrobat_reader_dc 17.011.30113
- Adobe acrobat_dc 18.011.20040
- Adobe acrobat_reader_dc 15.010.20056
- Adobe acrobat_dc 19.010.20098
- Adobe acrobat_reader_dc 15.006.30461
- Adobe acrobat_reader_dc 15.006.30244
- Adobe acrobat_dc 18.011.20055
- Adobe acrobat_reader_dc 15.006.30201
- Adobe acrobat_reader_dc 17.011.30065
- Adobe acrobat_reader_dc 15.006.30417
- Adobe acrobat_dc 17.000.0000
- Adobe acrobat_dc 17.011.30113
- Adobe acrobat_dc 15.010.20056
- Adobe acrobat_dc 15.006.30244
- Adobe acrobat_dc 17.011.30143
- Adobe acrobat_dc 15.009.20079
- Adobe acrobat_reader_dc 19.008.20081
- Adobe acrobat_dc 15.023.20053
- Adobe acrobat_dc 18.009.20044
- Adobe acrobat_reader_dc 19.010.20098
- Adobe acrobat_reader_dc 18.011.20055
- Adobe acrobat_dc 15.006.30094
- Adobe acrobat_dc 17.011.30065
- Adobe acrobat_dc 15.009.20069
- Adobe acrobat_dc 15.006.30096
- Adobe acrobat_dc 15.006.30201
- Adobe acrobat_reader_dc 17.011.30096
- Adobe acrobat_dc 17.011.30120
- Adobe acrobat_reader_dc 15.009.20079
- Adobe acrobat_dc 17.011.30096
- Adobe acrobat_dc 15.020.20039
- Adobe acrobat_dc 15.006.30060
- Adobe acrobat_dc 17.011.30070
- Adobe acrobat_reader_dc 15.023.20053
- Adobe acrobat_reader_dc 15.006.30096
- Adobe acrobat_reader_dc 15.009.20077
- Adobe acrobat_reader_dc 17.011.30120
- Adobe acrobat_reader_dc 17.012.20095
- Adobe acrobat_dc 15.009.20071
- Adobe acrobat_reader_dc 18.009.20044
- Adobe acrobat_reader_dc 15.020.20039
- Adobe acrobat_dc 19.010.20064
- Adobe acrobat_reader_dc 15.006.30354
- Adobe acrobat_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30060
- Adobe acrobat_dc 15.006.30119
- Adobe acrobat_dc 15.006.30306
- Adobe acrobat_reader_dc 17.011.30070
- Adobe acrobat_reader_dc 15.009.20071
- Adobe acrobat_reader_dc 15.006.30392
- Adobe acrobat_reader_dc 15.006.30452
- Adobe acrobat_dc 17.011.30078
- Adobe acrobat_dc 15.009.20077
- Adobe acrobat_reader_dc 19.010.20064
- Adobe acrobat_dc 15.006.30394
- Adobe acrobat_dc 15.006.30456
- Adobe acrobat_reader_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30306
- Adobe acrobat_reader_dc 15.006.30394
- Adobe acrobat_reader_dc 17.011.30138
- Adobe acrobat_dc 15.016.20045
- Adobe acrobat_dc 15.006.30354
- Adobe acrobat_dc 15.006.30392
- Adobe acrobat_dc 15.006.30434
- Adobe acrobat_reader_dc 15.006.30448
- Adobe acrobat_reader_dc 15.006.30456
- Adobe acrobat_dc 17.012.20093
- Adobe acrobat_dc 15.020.20042
- Adobe acrobat_reader_dc 15.006.30119
- Adobe acrobat_dc 15.006.30452
- Adobe acrobat_dc 17.011.30138
APP:NOVELL:REMOTE-MGR-DOS - APP: Novell Remote Manager Off-by-One Denial of Service
Severity: HIGH
Description:
This signature detects attempts to exploit a known flaw in Novell Remote Manager. A successful attack can result in a denial-of-service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A vulnerability exists in the rendering of Enhanced Metafile (EMF) image format that could allow remote code execution. If a user opened a malicious EMF file, they could be compromised. Windows 2000, Windows 2003, Windows 2003 SP1, Windows NT4, Windows NT4 Terminal Server Edition, Windows Vista, Windows XP, and Windows XP SP2 are affected.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_xp_professional
- Microsoft windows_xp_home
- Microsoft windows_xp_embedded
- Microsoft windows_xp_embedded SP1
- Nortel_networks self-service_mps_100
- Nortel_networks self-service_mps_500
- Nortel_networks self-service_mps_1000
- Nortel_networks self-service_speech_server
- Nortel_networks centrex_ip_element_manager 8.0.0
- Nortel_networks centrex_ip_element_manager 7.0.0
- Nortel_networks contact_center-tapi_server
- Nortel_networks contact_center-agent_desktop_display
- Nortel_networks contact_center_manager_server
- Nortel_networks self-service_peri_application
- Nortel_networks contact_center_express
- Microsoft windows_vista_x64_edition
- Microsoft windows_server_2003_web_edition SP2
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_server_2003_itanium
- Microsoft windows_server_2003_itanium SP1
- Microsoft windows_server_2003_itanium SP2
- Microsoft windows_server_2003_datacenter_x64_edition SP2
- Microsoft windows_server_2003_enterprise_x64_edition SP2
- Microsoft windows_xp_tablet_pc_edition SP1
- Hp storage_management_appliance 2.1
- Microsoft windows_2000_professional
- Avaya messaging_application_server
- Microsoft windows_2000_server SP1
- Microsoft windows_2000_professional SP1
- Microsoft windows_2000_advanced_server SP1
- Avaya messaging_application_server MM 3.1
- Microsoft windows_xp_media_center_edition
- Microsoft windows_xp_tablet_pc_edition
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_professional SP1
- Microsoft windows_server_2003_datacenter_edition SP1
- Microsoft windows_server_2003_datacenter_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition SP1
- Microsoft windows_server_2003_standard_edition SP1
- Microsoft windows_server_2003_web_edition SP1
- Nortel_networks contact_center_administration
- Nortel_networks self-service-web_centric CCXML
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_web_edition
- Microsoft windows_server_2003_enterprise_edition_itanium
- Microsoft windows_server_2003_datacenter_edition_itanium
- Nortel_networks self-service_peri_ivr
- Nortel_networks self-service_peri_nt_server
- Nortel_networks self-service_media_processing_server
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_server SP3
- Microsoft windows_2000_advanced_server SP3
- Microsoft windows_2000_datacenter_server SP3
- Microsoft windows_2000_datacenter_server SP1
- Microsoft windows_xp_tablet_pc_edition SP2
- Microsoft windows_2000_server
- Microsoft windows_2000_advanced_server
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_server SP4
- Nortel_networks callpilot 703T
- Nortel_networks callpilot 702T
- Nortel_networks callpilot 201I
- Nortel_networks callpilot 200I
- Nortel_networks self-service
- Nortel_networks centrex_ip_element_manager 9.0.0
- Avaya customer_interaction_express_(cie)_server 1.0
- Avaya customer_interaction_express_(cie)_user_interface 1.0
- Avaya messaging_application_server MM 2.0
- Microsoft windows_xp_gold
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_professional SP2
- Microsoft windows_xp_media_center_edition SP1
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_2000_datacenter_server
- Nortel_networks symposium_agent
- Microsoft windows_vista Ultimate
- Microsoft windows_vista Home Premium
- Microsoft windows_vista Home Basic
- Microsoft windows_vista Business
- Microsoft windows_vista Enterprise
- Microsoft windows_server_2003_standard_edition
- Avaya messaging_application_server MM 3.0
- Nortel_networks meridian_sl-100
- Microsoft windows_server_2003_standard_x64_edition
- Microsoft windows_server_2003_enterprise_x64_edition
- Nortel_networks contact_center_manager
- Nortel_networks enterprise_network_management_system
- Nortel_networks multimedia_communication_platform
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_vista
- Microsoft windows_2000_advanced_server SP2
- Microsoft windows_2000_datacenter_server SP2
- Microsoft windows_2000_professional SP2
- Microsoft windows_2000_server SP2
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_xp
HTTP:STC:STREAM:QT-MPEG-PAD - HTTP: Apple QuickTime MPEG Stream Padding Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Apple QuickTime MPEG Stream. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Apple mac_os_x_server 10.7.1
- Apple mac_os_x_server 10.7.2
- Apple quicktime_player 7.1
- Apple mac_os_x_server 10.6.7
- Apple mac_os_x 10.6.6
- Apple mac_os_x_server 10.6.6
- Apple quicktime_player 7.7.1
- Apple quicktime_player 7.2.1
- Apple quicktime_player 7.2
- Apple quicktime_player 7.3.1.70
- Apple mac_os_x 10.6.5
- Apple mac_os_x_server 10.6.5
- Apple quicktime_player 7.0.1
- Apple quicktime_player 7.0.4
- Apple quicktime_player 7.6.6 (1671)
- Apple quicktime_player 7.6.7
- Apple quicktime_player 7.6
- Apple quicktime_player 7.6.8
- Apple quicktime_player 7.4
- Apple quicktime_player 7.1.4
- Apple quicktime_player 7.1.5
- Apple quicktime_player 7.0.3
- Apple quicktime_player 7.4.1
- Apple quicktime_player 7.5.5
- Apple quicktime_player 7.3
- Apple quicktime_player 7.2.0
- Apple quicktime_player 7.1.3
- Apple mac_os_x 10.7
- Apple mac_os_x_server 10.6.3
- Apple quicktime_player 7.6.4
- Apple quicktime_player 7.1.1
- Apple quicktime_player 7.1.2
- Apple mac_os_x 10.6.8
- Apple mac_os_x_server 10.6.8
- Apple mac_os_x 10.6.2
- Apple mac_os_x_server 10.6.2
- Apple quicktime_player 7.6.5
- Apple mac_os_x 10.6.4
- Apple quicktime_player 7.1.6
- Apple mac_os_x 10.6.5
- Apple mac_os_x_server 10.6.5
- Apple mac_os_x_server 10.7
- Apple mac_os_x_server 10.6.1
- Apple mac_os_x 10.6.1
- Apple quicktime_player 7.64.17.73
- Apple mac_os_x 10.6
- Apple mac_os_x_server 10.6
- Apple mac_os_x 10.6.7
- Apple mac_os_x 10.7.2
- Apple mac_os_x_server 10.6.4
- Apple mac_os_x 10.6.3
- Apple quicktime_player 7.6.9
- Apple quicktime_player 7.0.8
- Apple quicktime_player 7.4.5
- Apple quicktime_player 7.6.2
- Apple mac_os_x 10.7.3
- Apple mac_os_x_server 10.7.3
- Apple quicktime_player 7.3.1
- Apple quicktime_player 7.6.1
- Apple quicktime_player 7.7
- Apple quicktime_player 7.0.0
- Apple quicktime_player 7.6.6
- Apple quicktime_player 7.5
- Apple mac_os_x 10.7.1
- Apple quicktime_player 7.0.2
APP:NOVELL:ZENWORKS-CONFMGR-BO - APP: Novell ZENworks Configuration Management PreBoot Service Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Novell ZENworks Configuration Management. A successful attack can lead to a buffer overflow and arbitrary remote code execution with elevated privileges. Failed exploit attempts could lead to a denial of service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Novell zenworks_configuration_management 11.1A
- Novell zenworks_configuration_management 11.1
APP:CITRIX:NSEPACOM-BOF - APP: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Citrix Access Gateway Plug-in for Windows. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Citrix access_gateway_plug-in 9.3.49.5
APP:HPOV:OVJAVALOCALE-OF - APP: HP OpenView Network Node Manager OvJavaLocale Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known buffer overflow vulnerability in HP OpenView Network Node Manager (NNM). This is due to a boundary error in the webappmon.exe CGI application when processing the OvJavaLocale cookie variable sent in a crafted HTTP request. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the webappmon.exe process.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.53
Severity: MEDIUM
Description:
This signature detects possible attempts to exploit a known vulnerability in the D-Link router UPNP. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- D-link di-524 Rev B1
- D-link di-524 Rev B2
- D-link di-524 Rev A
- D-link di-524 Rev C
- D-link di-524 Rev D
- D-link di-604 Rev E
- D-link di-624 Rev C
- D-link di-624 Rev D
- D-link di-784 Rev A
- D-link ebr-2310 Rev A
- D-link wbr-1310 Rev A
- D-link wbr-2310 Rev A
HTTP:STC:IE:UNINIT-MEM-CORR - HTTP: Microsoft Internet Explorer Uninitialized Memory Corruption (CVE-2010-2559)
Severity: HIGH
Description:
This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due an error in handling of a uninitialized or deleted object. A remote attacker can exploit this vulnerability by enticing a target user to open a maliciously crafted HTML document. A successful attack can result in arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Avaya messaging_application_server MM 3.1
- Avaya messaging_application_server 4
- Avaya aura_conferencing 6.0 Standard
- Avaya meeting_exchange-web_conferencing_server
- Microsoft internet_explorer 8
- Avaya messaging_application_server 5
- Avaya messaging_application_server MM 2.0
- Avaya messaging_application_server MM 1.1
- Avaya meeting_exchange-client_registration_server
- Avaya meeting_exchange-recording_server
- Avaya meeting_exchange-streaming_server
- Avaya messaging_application_server
- Avaya meeting_exchange-webportal
- Avaya messaging_application_server MM 3.0
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, vsrx-12.1, srx-branch-12.1, srx-branch-19.1, vsrx-15.1, srx-12.1
References:
Affected Products:
- Adobe acrobat_reader_dc 17.012.20093
- Adobe acrobat_reader_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30434
- Adobe acrobat_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30416
- Adobe acrobat_reader_dc 17.000.0000
- Adobe acrobat_reader_dc 17.011.30078
- Adobe acrobat_reader_dc 17.011.30102
- Adobe acrobat_reader_dc 15.006.30173
- Adobe acrobat_dc 17.011.30106
- Adobe acrobat_dc 15.010.20059
- Adobe acrobat_reader_dc 15.016.20045
- Adobe acrobat_reader_dc 15.017.20050
- Adobe acrobat_dc 15.006.30413
- Adobe acrobat_reader_dc 15.006.30418
- Adobe acrobat_reader_dc 17.011.30059
- Adobe acrobat_dc 15.006.30198
- Adobe acrobat_dc 15.006.30498
- Adobe acrobat_dc 19.008.20074
- Adobe acrobat_reader_dc 17.011.30106
- Adobe acrobat_dc 17.011.30110
- Adobe acrobat_dc 17.011.30102
- Adobe acrobat_reader_dc 18.011.20038
- Adobe acrobat_dc 19.008.20081
- Adobe acrobat_dc 15.006.30417
- Adobe acrobat_reader_dc 15.010.20059
- Adobe acrobat_dc 18.011.20058
- Adobe acrobat_reader_dc 15.006.30094
- Adobe acrobat_reader_dc 18.009.20050
- Adobe acrobat_dc 15.017.20050
- Adobe acrobat_dc 17.009.20058
- Adobe acrobat_reader_dc 15.006.30198
- Adobe acrobat_dc 15.006.30464
- Adobe acrobat_reader_dc 15.006.30475
- Adobe acrobat_dc 17.011.30059
- Adobe acrobat_reader_dc 15.009.20069
- Adobe acrobat_reader_dc 15.010.20060
- Adobe acrobat_dc 15.006.30280
- Adobe acrobat_dc 19.010.20099
- Adobe acrobat_reader_dc 15.006.30498
- Adobe acrobat_dc 18.011.20038
- Adobe acrobat_dc 15.006.30243
- Adobe acrobat_dc 17.011.30140
- Adobe acrobat_dc 19.010.20100
- Adobe acrobat_reader_dc 17.011.30066
- Adobe acrobat_reader_dc 15.006.30280
- Adobe acrobat_dc 18.009.20050
- Adobe acrobat_reader_dc 15.006.30464
- Adobe acrobat_reader_dc 15.006.30243
- Adobe acrobat_dc 15.016.20039
- Adobe acrobat_reader_dc 17.009.20058
- Adobe acrobat_reader_dc 19.010.20099
- Adobe acrobat_reader_dc 19.010.20100
- Adobe acrobat_reader_dc 19.012.20034
- Adobe acrobat_dc 15.006.30121
- Adobe acrobat_reader_dc 15.020.20042
- Adobe acrobat_reader_dc 17.011.30142
- Adobe acrobat_dc 19.012.20034
- Adobe acrobat_reader_dc 17.012.20098
- Adobe acrobat_reader_dc 17.011.30080
- Adobe acrobat_reader_dc 15.023.20056
- Adobe acrobat_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30140
- Adobe acrobat_dc 15.023.20056
- Adobe acrobat_dc 15.006.30097
- Adobe acrobat_reader_dc 17.011.30127
- Adobe acrobat_reader_dc 15.016.20039
- Adobe acrobat_dc 17.011.30080
- Adobe acrobat_reader_dc 15.006.30097
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_reader_dc 18.011.20040
- Adobe acrobat_dc 17.011.30127
- Adobe acrobat_dc 17.011.30142
- Adobe acrobat_dc 17.011.30068
- Adobe acrobat_dc 15.008.20082
- Adobe acrobat_reader_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30068
- Adobe acrobat_dc 15.006.30482
- Adobe acrobat_reader_dc 15.006.30355
- Adobe acrobat_dc 15.006.30173
- Adobe acrobat_reader_dc 15.008.20082
- Adobe acrobat_dc 17.012.20095
- Adobe acrobat_reader_dc 17.011.30110
- Adobe acrobat_dc 17.011.30099
- Adobe acrobat_reader_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30099
- Adobe acrobat_reader_dc 15.006.30482
- Adobe acrobat_dc 17.011.30079
- Adobe acrobat_dc 19.008.20071
- Adobe acrobat_dc 15.006.30355
- Adobe acrobat_dc 15.006.30457
- Adobe acrobat_dc 15.010.20060
- Adobe acrobat_reader_dc 15.006.30457
- Adobe acrobat_reader_dc 19.008.20080
- Adobe acrobat_reader_dc 15.006.30497
- Adobe acrobat_dc 19.008.20080
- Adobe acrobat_reader_dc 18.011.20063
- Adobe acrobat_dc 15.006.30418
- Adobe acrobat_dc 15.006.30448
- Adobe acrobat_dc 17.011.30066
- Adobe acrobat_reader_dc 19.010.20069
- Adobe acrobat_reader_dc 15.006.30495
- Adobe acrobat_dc 15.017.20053
- Adobe acrobat_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30079
- Adobe acrobat_dc 19.010.20069
- Adobe acrobat_dc 15.006.30493
- Adobe acrobat_dc 15.006.30279
- Adobe acrobat_dc 17.012.20096
- Adobe acrobat_reader_dc 15.006.30493
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat_reader_dc 15.006.30172
- Adobe acrobat_dc 17.011.30105
- Adobe acrobat_reader_dc 19.008.20071
- Adobe acrobat_dc 15.006.30495
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat_dc 15.006.30174
- Adobe acrobat_dc 17.012.20098
- Adobe acrobat_dc 18.011.20063
- Adobe acrobat_reader_dc 15.006.30174
- Adobe acrobat_dc 15.006.30475
- Adobe acrobat_reader_dc 19.008.20074
- Adobe acrobat_dc 15.006.30497
- Adobe acrobat_dc 15.006.30172
- Adobe acrobat_reader_dc 15.006.30279
- Adobe acrobat_reader_dc 15.017.20053
- Adobe acrobat_dc 15.006.30416
- Adobe acrobat_reader_dc 17.011.30105
- Adobe acrobat_reader_dc 17.011.30113
- Adobe acrobat_dc 18.011.20040
- Adobe acrobat_reader_dc 15.010.20056
- Adobe acrobat_dc 19.010.20098
- Adobe acrobat_reader_dc 15.006.30461
- Adobe acrobat_reader_dc 15.006.30244
- Adobe acrobat_dc 18.011.20055
- Adobe acrobat_reader_dc 15.006.30201
- Adobe acrobat_reader_dc 17.011.30065
- Adobe acrobat_reader_dc 15.006.30417
- Adobe acrobat_dc 17.000.0000
- Adobe acrobat_dc 17.011.30113
- Adobe acrobat_dc 15.010.20056
- Adobe acrobat_dc 15.006.30244
- Adobe acrobat_dc 17.011.30143
- Adobe acrobat_dc 15.009.20079
- Adobe acrobat_reader_dc 19.008.20081
- Adobe acrobat_dc 15.023.20053
- Adobe acrobat_dc 18.009.20044
- Adobe acrobat_reader_dc 19.010.20098
- Adobe acrobat_reader_dc 18.011.20055
- Adobe acrobat_dc 15.006.30094
- Adobe acrobat_dc 17.011.30065
- Adobe acrobat_dc 15.009.20069
- Adobe acrobat_dc 15.006.30096
- Adobe acrobat_dc 15.006.30201
- Adobe acrobat_reader_dc 17.011.30096
- Adobe acrobat_dc 17.011.30120
- Adobe acrobat_reader_dc 15.009.20079
- Adobe acrobat_dc 17.011.30096
- Adobe acrobat_dc 15.020.20039
- Adobe acrobat_dc 15.006.30060
- Adobe acrobat_dc 17.011.30070
- Adobe acrobat_reader_dc 15.023.20053
- Adobe acrobat_reader_dc 15.006.30096
- Adobe acrobat_reader_dc 15.009.20077
- Adobe acrobat_reader_dc 17.011.30120
- Adobe acrobat_reader_dc 17.012.20095
- Adobe acrobat_dc 15.009.20071
- Adobe acrobat_reader_dc 18.009.20044
- Adobe acrobat_reader_dc 15.020.20039
- Adobe acrobat_dc 19.010.20064
- Adobe acrobat_reader_dc 15.006.30354
- Adobe acrobat_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30060
- Adobe acrobat_dc 15.006.30119
- Adobe acrobat_dc 15.006.30306
- Adobe acrobat_reader_dc 17.011.30070
- Adobe acrobat_reader_dc 15.009.20071
- Adobe acrobat_reader_dc 15.006.30392
- Adobe acrobat_reader_dc 15.006.30452
- Adobe acrobat_dc 17.011.30078
- Adobe acrobat_dc 15.009.20077
- Adobe acrobat_reader_dc 19.010.20064
- Adobe acrobat_dc 15.006.30394
- Adobe acrobat_dc 15.006.30456
- Adobe acrobat_reader_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30306
- Adobe acrobat_reader_dc 15.006.30394
- Adobe acrobat_reader_dc 17.011.30138
- Adobe acrobat_dc 15.016.20045
- Adobe acrobat_dc 15.006.30354
- Adobe acrobat_dc 15.006.30392
- Adobe acrobat_dc 15.006.30434
- Adobe acrobat_reader_dc 15.006.30448
- Adobe acrobat_reader_dc 15.006.30456
- Adobe acrobat_dc 17.012.20093
- Adobe acrobat_dc 15.020.20042
- Adobe acrobat_reader_dc 15.006.30119
- Adobe acrobat_dc 15.006.30452
- Adobe acrobat_dc 17.011.30138
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Adobe acrobat_reader_dc 17.012.20093
- Adobe acrobat_reader_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30434
- Adobe acrobat_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30416
- Adobe acrobat_reader_dc 17.000.0000
- Adobe acrobat_reader_dc 17.011.30078
- Adobe acrobat_reader_dc 17.011.30102
- Adobe acrobat_reader_dc 15.006.30173
- Adobe acrobat_dc 17.011.30106
- Adobe acrobat_dc 15.010.20059
- Adobe acrobat_reader_dc 15.016.20045
- Adobe acrobat_reader_dc 15.017.20050
- Adobe acrobat_dc 15.006.30413
- Adobe acrobat_reader_dc 15.006.30418
- Adobe acrobat_reader_dc 17.011.30059
- Adobe acrobat_dc 15.006.30198
- Adobe acrobat_dc 15.006.30498
- Adobe acrobat_dc 19.008.20074
- Adobe acrobat_reader_dc 17.011.30106
- Adobe acrobat_dc 17.011.30110
- Adobe acrobat_dc 17.011.30102
- Adobe acrobat_reader_dc 18.011.20038
- Adobe acrobat_dc 19.008.20081
- Adobe acrobat_dc 15.006.30417
- Adobe acrobat_reader_dc 15.010.20059
- Adobe acrobat_dc 18.011.20058
- Adobe acrobat_reader_dc 15.006.30094
- Adobe acrobat_reader_dc 18.009.20050
- Adobe acrobat_dc 15.017.20050
- Adobe acrobat_dc 17.009.20058
- Adobe acrobat_reader_dc 15.006.30198
- Adobe acrobat_dc 15.006.30464
- Adobe acrobat_reader_dc 15.006.30475
- Adobe acrobat_dc 17.011.30059
- Adobe acrobat_reader_dc 15.009.20069
- Adobe acrobat_reader_dc 15.010.20060
- Adobe acrobat_dc 15.006.30280
- Adobe acrobat_dc 19.010.20099
- Adobe acrobat_reader_dc 15.006.30498
- Adobe acrobat_dc 18.011.20038
- Adobe acrobat_dc 15.006.30243
- Adobe acrobat_dc 17.011.30140
- Adobe acrobat_dc 19.010.20100
- Adobe acrobat_reader_dc 17.011.30066
- Adobe acrobat_reader_dc 15.006.30280
- Adobe acrobat_dc 18.009.20050
- Adobe acrobat_reader_dc 15.006.30464
- Adobe acrobat_reader_dc 15.006.30243
- Adobe acrobat_dc 15.016.20039
- Adobe acrobat_reader_dc 17.009.20058
- Adobe acrobat_reader_dc 19.010.20099
- Adobe acrobat_reader_dc 19.010.20100
- Adobe acrobat_reader_dc 19.012.20034
- Adobe acrobat_dc 15.006.30121
- Adobe acrobat_reader_dc 15.020.20042
- Adobe acrobat_reader_dc 17.011.30142
- Adobe acrobat_dc 19.012.20034
- Adobe acrobat_reader_dc 17.012.20098
- Adobe acrobat_reader_dc 17.011.30080
- Adobe acrobat_reader_dc 15.023.20056
- Adobe acrobat_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30140
- Adobe acrobat_dc 15.023.20056
- Adobe acrobat_dc 15.006.30097
- Adobe acrobat_reader_dc 17.011.30127
- Adobe acrobat_reader_dc 15.016.20039
- Adobe acrobat_dc 17.011.30080
- Adobe acrobat_reader_dc 15.006.30097
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_reader_dc 18.011.20040
- Adobe acrobat_dc 17.011.30127
- Adobe acrobat_dc 17.011.30142
- Adobe acrobat_dc 17.011.30068
- Adobe acrobat_dc 15.008.20082
- Adobe acrobat_reader_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30068
- Adobe acrobat_dc 15.006.30482
- Adobe acrobat_reader_dc 15.006.30355
- Adobe acrobat_dc 15.006.30173
- Adobe acrobat_reader_dc 15.008.20082
- Adobe acrobat_dc 17.012.20095
- Adobe acrobat_reader_dc 17.011.30110
- Adobe acrobat_dc 17.011.30099
- Adobe acrobat_reader_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30099
- Adobe acrobat_reader_dc 15.006.30482
- Adobe acrobat_dc 17.011.30079
- Adobe acrobat_dc 19.008.20071
- Adobe acrobat_dc 15.006.30355
- Adobe acrobat_dc 15.006.30457
- Adobe acrobat_dc 15.010.20060
- Adobe acrobat_reader_dc 15.006.30457
- Adobe acrobat_reader_dc 19.008.20080
- Adobe acrobat_reader_dc 15.006.30497
- Adobe acrobat_dc 19.008.20080
- Adobe acrobat_reader_dc 18.011.20063
- Adobe acrobat_dc 15.006.30418
- Adobe acrobat_dc 15.006.30448
- Adobe acrobat_dc 17.011.30066
- Adobe acrobat_reader_dc 19.010.20069
- Adobe acrobat_reader_dc 15.006.30495
- Adobe acrobat_dc 15.017.20053
- Adobe acrobat_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30079
- Adobe acrobat_dc 19.010.20069
- Adobe acrobat_dc 15.006.30493
- Adobe acrobat_dc 15.006.30279
- Adobe acrobat_dc 17.012.20096
- Adobe acrobat_reader_dc 15.006.30493
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat_reader_dc 15.006.30172
- Adobe acrobat_dc 17.011.30105
- Adobe acrobat_reader_dc 19.008.20071
- Adobe acrobat_dc 15.006.30495
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat_dc 15.006.30174
- Adobe acrobat_dc 17.012.20098
- Adobe acrobat_dc 18.011.20063
- Adobe acrobat_reader_dc 15.006.30174
- Adobe acrobat_dc 15.006.30475
- Adobe acrobat_reader_dc 19.008.20074
- Adobe acrobat_dc 15.006.30497
- Adobe acrobat_dc 15.006.30172
- Adobe acrobat_reader_dc 15.006.30279
- Adobe acrobat_reader_dc 15.017.20053
- Adobe acrobat_dc 15.006.30416
- Adobe acrobat_reader_dc 17.011.30105
- Adobe acrobat_reader_dc 17.011.30113
- Adobe acrobat_dc 18.011.20040
- Adobe acrobat_reader_dc 15.010.20056
- Adobe acrobat_dc 19.010.20098
- Adobe acrobat_reader_dc 15.006.30461
- Adobe acrobat_reader_dc 15.006.30244
- Adobe acrobat_dc 18.011.20055
- Adobe acrobat_reader_dc 15.006.30201
- Adobe acrobat_reader_dc 17.011.30065
- Adobe acrobat_reader_dc 15.006.30417
- Adobe acrobat_dc 17.000.0000
- Adobe acrobat_dc 17.011.30113
- Adobe acrobat_dc 15.010.20056
- Adobe acrobat_dc 15.006.30244
- Adobe acrobat_dc 17.011.30143
- Adobe acrobat_dc 15.009.20079
- Adobe acrobat_reader_dc 19.008.20081
- Adobe acrobat_dc 15.023.20053
- Adobe acrobat_dc 18.009.20044
- Adobe acrobat_reader_dc 19.010.20098
- Adobe acrobat_reader_dc 18.011.20055
- Adobe acrobat_dc 15.006.30094
- Adobe acrobat_dc 17.011.30065
- Adobe acrobat_dc 15.009.20069
- Adobe acrobat_dc 15.006.30096
- Adobe acrobat_dc 15.006.30201
- Adobe acrobat_reader_dc 17.011.30096
- Adobe acrobat_dc 17.011.30120
- Adobe acrobat_reader_dc 15.009.20079
- Adobe acrobat_dc 17.011.30096
- Adobe acrobat_dc 15.020.20039
- Adobe acrobat_dc 15.006.30060
- Adobe acrobat_dc 17.011.30070
- Adobe acrobat_reader_dc 15.023.20053
- Adobe acrobat_reader_dc 15.006.30096
- Adobe acrobat_reader_dc 15.009.20077
- Adobe acrobat_reader_dc 17.011.30120
- Adobe acrobat_reader_dc 17.012.20095
- Adobe acrobat_dc 15.009.20071
- Adobe acrobat_reader_dc 18.009.20044
- Adobe acrobat_reader_dc 15.020.20039
- Adobe acrobat_dc 19.010.20064
- Adobe acrobat_reader_dc 15.006.30354
- Adobe acrobat_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30060
- Adobe acrobat_dc 15.006.30119
- Adobe acrobat_dc 15.006.30306
- Adobe acrobat_reader_dc 17.011.30070
- Adobe acrobat_reader_dc 15.009.20071
- Adobe acrobat_reader_dc 15.006.30392
- Adobe acrobat_reader_dc 15.006.30452
- Adobe acrobat_dc 17.011.30078
- Adobe acrobat_dc 15.009.20077
- Adobe acrobat_reader_dc 19.010.20064
- Adobe acrobat_dc 15.006.30394
- Adobe acrobat_dc 15.006.30456
- Adobe acrobat_reader_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30306
- Adobe acrobat_reader_dc 15.006.30394
- Adobe acrobat_reader_dc 17.011.30138
- Adobe acrobat_dc 15.016.20045
- Adobe acrobat_dc 15.006.30354
- Adobe acrobat_dc 15.006.30392
- Adobe acrobat_dc 15.006.30434
- Adobe acrobat_reader_dc 15.006.30448
- Adobe acrobat_reader_dc 15.006.30456
- Adobe acrobat_dc 17.012.20093
- Adobe acrobat_dc 15.020.20042
- Adobe acrobat_reader_dc 15.006.30119
- Adobe acrobat_dc 15.006.30452
- Adobe acrobat_dc 17.011.30138
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Adobe acrobat_reader_dc 17.012.20093
- Adobe acrobat_reader_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30434
- Adobe acrobat_dc 15.016.20041
- Adobe acrobat_reader_dc 15.006.30416
- Adobe acrobat_reader_dc 17.000.0000
- Adobe acrobat_reader_dc 17.011.30078
- Adobe acrobat_reader_dc 17.011.30102
- Adobe acrobat_reader_dc 15.006.30173
- Adobe acrobat_dc 17.011.30106
- Adobe acrobat_dc 15.010.20059
- Adobe acrobat_reader_dc 15.016.20045
- Adobe acrobat_reader_dc 15.017.20050
- Adobe acrobat_dc 15.006.30413
- Adobe acrobat_reader_dc 15.006.30418
- Adobe acrobat_reader_dc 17.011.30059
- Adobe acrobat_dc 15.006.30198
- Adobe acrobat_dc 15.006.30498
- Adobe acrobat_dc 19.008.20074
- Adobe acrobat_reader_dc 17.011.30106
- Adobe acrobat_dc 17.011.30110
- Adobe acrobat_dc 17.011.30102
- Adobe acrobat_reader_dc 18.011.20038
- Adobe acrobat_dc 19.008.20081
- Adobe acrobat_dc 15.006.30417
- Adobe acrobat_reader_dc 15.010.20059
- Adobe acrobat_dc 18.011.20058
- Adobe acrobat_reader_dc 15.006.30094
- Adobe acrobat_reader_dc 18.009.20050
- Adobe acrobat_dc 15.017.20050
- Adobe acrobat_dc 17.009.20058
- Adobe acrobat_reader_dc 15.006.30198
- Adobe acrobat_dc 15.006.30464
- Adobe acrobat_reader_dc 15.006.30475
- Adobe acrobat_dc 17.011.30059
- Adobe acrobat_reader_dc 15.009.20069
- Adobe acrobat_reader_dc 15.010.20060
- Adobe acrobat_dc 15.006.30280
- Adobe acrobat_dc 19.010.20099
- Adobe acrobat_reader_dc 15.006.30498
- Adobe acrobat_dc 18.011.20038
- Adobe acrobat_dc 15.006.30243
- Adobe acrobat_dc 17.011.30140
- Adobe acrobat_dc 19.010.20100
- Adobe acrobat_reader_dc 17.011.30066
- Adobe acrobat_reader_dc 15.006.30280
- Adobe acrobat_dc 18.009.20050
- Adobe acrobat_reader_dc 15.006.30464
- Adobe acrobat_reader_dc 15.006.30243
- Adobe acrobat_dc 15.016.20039
- Adobe acrobat_reader_dc 17.009.20058
- Adobe acrobat_reader_dc 19.010.20099
- Adobe acrobat_reader_dc 19.010.20100
- Adobe acrobat_reader_dc 19.012.20034
- Adobe acrobat_dc 15.006.30121
- Adobe acrobat_reader_dc 15.020.20042
- Adobe acrobat_reader_dc 17.011.30142
- Adobe acrobat_dc 19.012.20034
- Adobe acrobat_reader_dc 17.012.20098
- Adobe acrobat_reader_dc 17.011.30080
- Adobe acrobat_reader_dc 15.023.20056
- Adobe acrobat_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30140
- Adobe acrobat_dc 15.023.20056
- Adobe acrobat_dc 15.006.30097
- Adobe acrobat_reader_dc 17.011.30127
- Adobe acrobat_reader_dc 15.016.20039
- Adobe acrobat_dc 17.011.30080
- Adobe acrobat_reader_dc 15.006.30097
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_reader_dc 18.011.20040
- Adobe acrobat_dc 17.011.30127
- Adobe acrobat_dc 17.011.30142
- Adobe acrobat_dc 17.011.30068
- Adobe acrobat_dc 15.008.20082
- Adobe acrobat_reader_dc 19.010.20091
- Adobe acrobat_reader_dc 17.011.30068
- Adobe acrobat_dc 15.006.30482
- Adobe acrobat_reader_dc 15.006.30355
- Adobe acrobat_dc 15.006.30173
- Adobe acrobat_reader_dc 15.008.20082
- Adobe acrobat_dc 17.012.20095
- Adobe acrobat_reader_dc 17.011.30110
- Adobe acrobat_dc 17.011.30099
- Adobe acrobat_reader_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30099
- Adobe acrobat_reader_dc 15.006.30482
- Adobe acrobat_dc 17.011.30079
- Adobe acrobat_dc 19.008.20071
- Adobe acrobat_dc 15.006.30355
- Adobe acrobat_dc 15.006.30457
- Adobe acrobat_dc 15.010.20060
- Adobe acrobat_reader_dc 15.006.30457
- Adobe acrobat_reader_dc 19.008.20080
- Adobe acrobat_reader_dc 15.006.30497
- Adobe acrobat_dc 19.008.20080
- Adobe acrobat_reader_dc 18.011.20063
- Adobe acrobat_dc 15.006.30418
- Adobe acrobat_dc 15.006.30448
- Adobe acrobat_dc 17.011.30066
- Adobe acrobat_reader_dc 19.010.20069
- Adobe acrobat_reader_dc 15.006.30495
- Adobe acrobat_dc 15.017.20053
- Adobe acrobat_dc 17.009.20044
- Adobe acrobat_reader_dc 17.011.30079
- Adobe acrobat_dc 19.010.20069
- Adobe acrobat_dc 15.006.30493
- Adobe acrobat_dc 15.006.30279
- Adobe acrobat_dc 17.012.20096
- Adobe acrobat_reader_dc 15.006.30493
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat_reader_dc 15.006.30172
- Adobe acrobat_dc 17.011.30105
- Adobe acrobat_reader_dc 19.008.20071
- Adobe acrobat_dc 15.006.30495
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat_dc 15.006.30174
- Adobe acrobat_dc 17.012.20098
- Adobe acrobat_dc 18.011.20063
- Adobe acrobat_reader_dc 15.006.30174
- Adobe acrobat_dc 15.006.30475
- Adobe acrobat_reader_dc 19.008.20074
- Adobe acrobat_dc 15.006.30497
- Adobe acrobat_dc 15.006.30172
- Adobe acrobat_reader_dc 15.006.30279
- Adobe acrobat_reader_dc 15.017.20053
- Adobe acrobat_dc 15.006.30416
- Adobe acrobat_reader_dc 17.011.30105
- Adobe acrobat_reader_dc 17.011.30113
- Adobe acrobat_dc 18.011.20040
- Adobe acrobat_reader_dc 15.010.20056
- Adobe acrobat_dc 19.010.20098
- Adobe acrobat_reader_dc 15.006.30461
- Adobe acrobat_reader_dc 15.006.30244
- Adobe acrobat_dc 18.011.20055
- Adobe acrobat_reader_dc 15.006.30201
- Adobe acrobat_reader_dc 17.011.30065
- Adobe acrobat_reader_dc 15.006.30417
- Adobe acrobat_dc 17.000.0000
- Adobe acrobat_dc 17.011.30113
- Adobe acrobat_dc 15.010.20056
- Adobe acrobat_dc 15.006.30244
- Adobe acrobat_dc 17.011.30143
- Adobe acrobat_dc 15.009.20079
- Adobe acrobat_reader_dc 19.008.20081
- Adobe acrobat_dc 15.023.20053
- Adobe acrobat_dc 18.009.20044
- Adobe acrobat_reader_dc 19.010.20098
- Adobe acrobat_reader_dc 18.011.20055
- Adobe acrobat_dc 15.006.30094
- Adobe acrobat_dc 17.011.30065
- Adobe acrobat_dc 15.009.20069
- Adobe acrobat_dc 15.006.30096
- Adobe acrobat_dc 15.006.30201
- Adobe acrobat_reader_dc 17.011.30096
- Adobe acrobat_dc 17.011.30120
- Adobe acrobat_reader_dc 15.009.20079
- Adobe acrobat_dc 17.011.30096
- Adobe acrobat_dc 15.020.20039
- Adobe acrobat_dc 15.006.30060
- Adobe acrobat_dc 17.011.30070
- Adobe acrobat_reader_dc 15.023.20053
- Adobe acrobat_reader_dc 15.006.30096
- Adobe acrobat_reader_dc 15.009.20077
- Adobe acrobat_reader_dc 17.011.30120
- Adobe acrobat_reader_dc 17.012.20095
- Adobe acrobat_dc 15.009.20071
- Adobe acrobat_reader_dc 18.009.20044
- Adobe acrobat_reader_dc 15.020.20039
- Adobe acrobat_dc 19.010.20064
- Adobe acrobat_reader_dc 15.006.30354
- Adobe acrobat_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30060
- Adobe acrobat_dc 15.006.30119
- Adobe acrobat_dc 15.006.30306
- Adobe acrobat_reader_dc 17.011.30070
- Adobe acrobat_reader_dc 15.009.20071
- Adobe acrobat_reader_dc 15.006.30392
- Adobe acrobat_reader_dc 15.006.30452
- Adobe acrobat_dc 17.011.30078
- Adobe acrobat_dc 15.009.20077
- Adobe acrobat_reader_dc 19.010.20064
- Adobe acrobat_dc 15.006.30394
- Adobe acrobat_dc 15.006.30456
- Adobe acrobat_reader_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30306
- Adobe acrobat_reader_dc 15.006.30394
- Adobe acrobat_reader_dc 17.011.30138
- Adobe acrobat_dc 15.016.20045
- Adobe acrobat_dc 15.006.30354
- Adobe acrobat_dc 15.006.30392
- Adobe acrobat_dc 15.006.30434
- Adobe acrobat_reader_dc 15.006.30448
- Adobe acrobat_reader_dc 15.006.30456
- Adobe acrobat_dc 17.012.20093
- Adobe acrobat_dc 15.020.20042
- Adobe acrobat_reader_dc 15.006.30119
- Adobe acrobat_dc 15.006.30452
- Adobe acrobat_dc 17.011.30138
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the golang client. Successful exploitation results in arbitrary command injection under the security context of the target user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Golang go 1.5.4
- Golang go 1.1.1
- Golang go 1.5
- Golang go 1.9.1
- Golang go 1.10
- Golang go 1.6
- Golang go 1.8.5
- Golang go 1.5.1
- Golang go 1.0.2
- Golang go 1.7
- Golang go 1.8.6
- Golang go 1.4
- Golang go 1.8.1
- Golang go 1.3
- Golang go 1.7.5
- Golang go 1.8.7
- Golang go 1.5.3
- Golang go 1.0.1
- Golang go 1.9.5
- Golang go 1.9.3
- Golang go 1.5.2
- Golang go 1.2
- Golang go 1.7.2
- Golang go 1.3.3
- Golang go 1.0.3
- Golang go 1.9.7
- Golang go 1.7.1
- Golang go 1.3.2
- Golang go 1.9.6
- Golang go 1.3.1
- Golang go 1.0
- Golang go 1.8.2
- Golang go 1.9.2
- Golang go 1.4.1
- Golang go 1.8.4
- Golang go 1.2.2
- Golang go 1.4.2
- Golang go 1.7.4
- Golang go 1.6.2
- Golang go 1.1.2
- Golang go 1.8
- Golang go 1.4.3
- Golang go 1.6.3
- Golang go 1.9
- Golang go 1.2.1
- Golang go 1.6.1
- Debian debian_linux 9.0
- Golang go 1.1
- Golang go 1.8.3
- Golang go 1.7.3
- Golang go 1.7.6
- Golang go 1.6.4
- Golang go 1.9.4
- Debian debian_linux 7.0
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Apple QuickTime media player. Ir is due to a boundary error in the QuickTimeStreaming.qtx file while writing a debug log error. Remote attackers can exploit this by enticing target users to open a crafted SMIL file containing an overly long URL. Successful exploitation can result in arbitrary code injection and execution with the privileges of the logged in user. In case of an unsuccessful exploit, the application would terminate abnormally.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Apple quicktime_player 7.6.6
- Apple quicktime_player 7.1
- Apple quicktime_player 7.2.1
- Apple quicktime_player 7.3.1.70
- Apple quicktime_player 7.0.2
- Apple quicktime_player 7.2
- Apple quicktime_player 7.0.1
- Apple quicktime_player 7.0.4
- Apple quicktime_player 7.6.6 (1671)
- Apple quicktime_player 7.3.1
- Apple quicktime_player 7.6
- Apple quicktime_player 7.4
- Apple quicktime_player 7.1.4
- Apple quicktime_player 7.1.5
- Apple quicktime_player 7.0.3
- Apple quicktime_player 7.4.1
- Apple quicktime_player 7.5.5
- Apple quicktime_player 7.3
- Apple quicktime_player 7.2.0
- Apple quicktime_player 7.1.3
- Apple quicktime_player 7.6.2
- Apple quicktime_player 7.6.1
- Apple quicktime_player 7.1.1
- Apple quicktime_player 7.1.2
- Apple quicktime_player 7.6.5
- Apple quicktime_player 7.1.6
- Apple quicktime_player 7.4.5
- Apple quicktime_player 7.0.8
- Apple quicktime_player 7.5
- Apple quicktime_player 7.6.4
- Apple quicktime_player 7.0.0
HTTP:MISC:DLINK-CAPTCHA-BO - HTTP: D-Link Wireless Router CAPTCHA Data Processing Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the D-Link Wireless Router. A successful attack can lead to a buffer overflow and arbitrary remote code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
DB:MYSQL:COM-FIELD-LIST-BO - DB: Oracle MySQL Database COM_FIELD_LIST Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known flaw in MySQL database server. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ubuntu ubuntu_linux 10.04 I386
- Ubuntu ubuntu_linux 10.04 Powerpc
- Ubuntu ubuntu_linux 10.04 Sparc
- Mysql_ab mysql 5.0.51
- Mysql_ab mysql 5.0.50
- Mysql_ab mysql 5.0.49
- Mysql_ab mysql 5.0.48
- Mysql_ab mysql 5.0.47
- Mysql_ab mysql 5.0.46
- Mysql_ab mysql 5.0.88
- Mysql_ab mysql 5.0.22
- Mysql_ab mysql 5.0.37
- Mysql_ab mysql 5.0.33
- Mysql_ab mysql 5.0.27
- Apple mac_os_x 10.6.4
- Apple mac_os_x_server 10.6.4
- Apple mac_os_x_server 10.5.5
- Ubuntu ubuntu_linux 6.06 LTS Sparc
- Apple mac_os_x_server 10.5.8
- Ubuntu ubuntu_linux 9.04 Amd64
- Mysql_ab mysql 5.1.22
- Suse suse_linux_enterprise 11 SP1
- Mandriva enterprise_server 5 X86 64
- Suse opensuse 11.2
- Suse opensuse 11.1
- Mysql_ab mysql 5.0.18
- Apple mac_os_x_server 10.6.1
- Mysql_ab mysql 5.1.12
- Mysql_ab mysql 5.1.11
- Mysql_ab mysql 5.0.26
- Mysql_ab mysql 5.0.52
- Debian linux 5.0 Armel
- Apple mac_os_x 10.5.1
- Apple mac_os_x_server 10.5
- Apple mac_os_x_server 10.5.1
- Ubuntu ubuntu_linux 11.04 amd64
- Ubuntu ubuntu_linux 11.04 ARM
- Ubuntu ubuntu_linux 11.04 i386
- Mysql_ab mysql 5.1.33
- Mysql_ab mysql 5.1.34
- Mysql_ab mysql 5.1.35
- Mysql_ab mysql 5.1.36
- Mysql_ab mysql 5.1.37
- Mysql_ab mysql 5.1.38
- Mysql_ab mysql 5.1.39
- Mysql_ab mysql 5.1.41
- Red_hat enterprise_linux_desktop 5 Client
- Ubuntu ubuntu_linux 6.06 LTS Powerpc
- Ubuntu ubuntu_linux 6.06 LTS I386
- Ubuntu ubuntu_linux 6.06 LTS Amd64
- Mysql_ab mysql 5.0.32
- Mysql_ab mysql 5.0.4
- Mysql_ab mysql 5.0.3
- Mysql_ab mysql 5.0.2
- Mysql_ab mysql 5.0.1
- Ubuntu ubuntu_linux 8.04 LTS Amd64
- Ubuntu ubuntu_linux 8.04 LTS I386
- Apple mac_os_x 10.5.2
- Apple mac_os_x_server 10.5.2
- Ubuntu ubuntu_linux 8.04 LTS Sparc
- Apple mac_os_x 10.5.4
- Apple mac_os_x_server 10.5.4
- Apple mac_os_x_server 10.5.0
- Mysql_ab mysql 5.0.75
- Apple mac_os_x 10.5
- Apple mac_os_x 10.6
- Apple mac_os_x_server 10.6
- Mysql_ab mysql 5.1.30
- Mysql_ab mysql 5.1.31
- Mysql_ab mysql 5.1.32
- Red_hat fedora 11
- Ubuntu ubuntu_linux 9.10 Amd64
- Ubuntu ubuntu_linux 9.10 I386
- Mandriva corporate_server 4.0.0 X86 64
- Ubuntu ubuntu_linux 9.10 Powerpc
- Ubuntu ubuntu_linux 9.10 Sparc
- Mysql_ab mysql 5.1.46
- Mysql_ab mysql 5.1.6
- Mysql_ab mysql 5.0.19
- Mysql_ab mysql 5.0.60
- Mysql_ab mysql 5.1.5
- Mandriva linux_mandrake 2010.0
- Ubuntu ubuntu_linux 9.10 Lpia
- Mysql_ab mysql 5.0.38
- Mysql_ab mysql 5.0.39
- Mysql_ab mysql 5.0.40
- Apple mac_os_x 10.5.3
- Apple mac_os_x_server 10.5.3
- Mandriva linux_mandrake 2008.0
- Mandriva linux_mandrake 2008.0 X86 64
- Apple mac_os_x 10.6.3
- Apple mac_os_x_server 10.6.3
- Apple mac_os_x 10.5.5
- Mandriva linux_mandrake 2010.0 X86 64
- Ubuntu ubuntu_linux 10.10 powerpc
- Apple mac_os_x 10.6.2
- Apple mac_os_x_server 10.6.2
- Mysql_ab mysql 5.0.44
- Mysql_ab mysql 5.0.45
- Apple mac_os_x 10.5.8
- Apple mac_os_x 10.5.0
- Ubuntu ubuntu_linux 10.10 i386
- Mysql_ab mysql 5.1.43
- Red_hat fedora 12
- Mysql_ab mysql 5.0.36
- Mysql_ab mysql 5.0.21
- Mysql_ab mysql 5.0.20
- Mysql_ab mysql 5.1.9
- Mysql_ab mysql 5.1.10
- Mandriva linux_mandrake 2009.0 X86 64
- Ubuntu ubuntu_linux 9.04 I386
- Debian linux 5.0
- Debian linux 5.0 Alpha
- Debian linux 5.0 Amd64
- Debian linux 5.0 Arm
- Debian linux 5.0 Hppa
- Debian linux 5.0 Ia-32
- Debian linux 5.0 Ia-64
- Debian linux 5.0 M68k
- Debian linux 5.0 Mips
- Debian linux 5.0 Mipsel
- Debian linux 5.0 Powerpc
- Debian linux 5.0 S/390
- Debian linux 5.0 Sparc
- Apple mac_os_x 10.5.7
- Mysql_ab mysql 5.1.42
- Ubuntu ubuntu_linux 10.04 ARM
- Ubuntu ubuntu_linux 10.10 ARM
- Mysql_ab mysql 5.0.24
- Mysql_ab mysql 5.0.0 .0-0
- Mysql_ab mysql 5.1.45
- Mysql_ab mysql 5.1.44
- Mandriva enterprise_server 5
- Mysql_ab mysql 5.1.42
- Mandriva linux_mandrake 2009.1
- Mysql_ab mysql 5.0.66
- Mysql_ab mysql 5.1.26
- Ubuntu ubuntu_linux 9.04 Lpia
- Ubuntu ubuntu_linux 9.04 Powerpc
- Ubuntu ubuntu_linux 9.04 Sparc
- Mandriva linux_mandrake 2009.1 X86 64
- Mandriva corporate_server 4.0
- Apple mac_os_x_server 10.5.7
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Red_hat enterprise_linux 5 Server
- Mandriva linux_mandrake 2009.0
- Mysql_ab mysql 5.1.23
- Ubuntu ubuntu_linux 8.04 LTS Lpia
- Ubuntu ubuntu_linux 8.04 LTS Powerpc
- Apple mac_os_x 10.6.1
- Mysql_ab mysql 5.1.13
- Mysql_ab mysql 5.1.14
- Mysql_ab mysql 5.1.15
- Mysql_ab mysql 5.1.16
- Mysql_ab mysql 5.1.17
- Mysql_ab mysql 5.1.18
- Mysql_ab mysql 5.0.42
- Gentoo linux
- Mysql_ab mysql 5.0.51A
- Suse suse_linux_enterprise 10 SP3
- Ubuntu ubuntu_linux 11.04 powerpc
- Mysql_ab mysql 5.0.22 -1-0.1
- Apple mac_os_x 10.5.6
- Apple mac_os_x_server 10.5.6
- Red_hat fedora 13
- Ubuntu ubuntu_linux 11.10 amd64
- Ubuntu ubuntu_linux 11.10 i386
- Ubuntu ubuntu_linux 10.10 amd64
- Ubuntu ubuntu_linux 10.04 Amd64
APP:HPOV:NNM-EXECVP-NC-OF - APP: HP OpenView Network Node Manager webappmon.exe execvp_nc Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in HP OpenView Network Node Manager (NNM) ov.dll, which is invoked by the CGI program webappmon.exe. It is due to a boundary error when processing maliciously crafted HTTP requests. A remote unauthenticated attacker can exploit this by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.53
HTTP:SYBASE-AGSOAP-EXE-BOF - HTTP: Sybase M-Business Anywhere agSoap.exe Closing Tag Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Sybase M-Business. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Sybase m-business_anywhere 6.7
- Sybase m-business_anywhere 7.0
DB:ORACLE:ORACLE-DSI - DB: Oracle Database DBMS_SNAP_INTERNAL Package Buffer Overflow
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in the Oracle Database Server. It is due to a boundary error within the DBMS_SNAP_INTERNAL package of the product. A remote authenticated attacker can send an overly long input to the affected package and cause a buffer overflow. A successful attack allows arbitrary code injection and execution with the privileges of the server process, usually System/root.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Oracle enterprise_manager_9i_release_2 9.2.0 8
- Oracle oracle9i_application_server 9.2.0 .0.7
- Hp oracle_for_openview_for_linux_ltu
- Oracle oracle10g_application_server 10.1.3 .0.0
- Oracle e-business_suite_11i 11.5.7
- Oracle e-business_suite 12.0.0
- Oracle peoplesoft_enterprise 8.48.08
- Oracle oracle10g_application_server 10.1.0 .5
- Oracle oracle10g_enterprise_edition 10.1.0 .5
- Oracle oracle9i_application_server 9.2.0 .8
- Oracle oracle9i_personal_edition 9.2.0 .8
- Oracle oracle10g_application_server 10.1.0 .0.4
- Oracle application_server 10.1.2.0.0
- Oracle oracle10g_application_server 10.1.2 .2.0
- Oracle secure_enterprise_search_10g_release_1 10.1.6
- Oracle oracle10g_standard_edition 10.1.0 .0.5
- Oracle oracle10g_enterprise_edition 10.2.0 .3
- Oracle oracle10g_personal_edition 10.1.0 .0.2
- Oracle oracle10g_personal_edition 10.2.0 .3
- Oracle oracle10g_application_server 10.1.2 .0.1
- Oracle oracle10g_application_server 10.1.2 .0.2
- Oracle oracle10g_application_server 10.1.2 .1.0
- Oracle peoplesoft_enterprise_human_capital_management 8.9
- Oracle collaboration_suite_release_1 10.1.2
- Oracle application_server 10.1.4.1.0
- Oracle application_server 10.1.3.2.0
- Oracle oracle10g_standard_edition 10.2.0.1
- Oracle peoplesoft_enterprise 8.47.12
- Hp oracle_for_openview 8.1.7
- Hp oracle_for_openview 9.2
- Ibm tivoli_compliance_insight_manager 7.0
- Oracle e-business_suite_11i 11.5.10.2
- Oracle oracle10g_standard_edition 10.2.0 .2
- Oracle oracle10g_personal_edition 10.2.0 .2
- Oracle oracle10g_personal_edition 10.2.0 .1
- Oracle oracle10g_enterprise_edition 10.2.0 .1
- Oracle oracle10g_enterprise_edition 10.2.0 .2
- Oracle oracle9i_enterprise_edition 9.2.0.7.0
- Oracle oracle9i_personal_edition 9.2.0 .7
- Oracle e-business_suite_11i 11.5.8
- Oracle e-business_suite_11i 11.5.9
- Oracle e-business_suite_11i 11.5.10 CU2
- Oracle application_server 10.1.3.0
- Ibm tivoli_compliance_insight_manager 6.0
- Oracle enterprise_manager_9i 9.0.1 5
- Ibm tivoli_compliance_insight_manager 8.0
- Oracle peoplesoft_enterprise 8.9
- Oracle application_server 10.1.2.0.2
- Oracle oracle9i_enterprise_edition 9.2.0 .0.5
- Oracle oracle9i_personal_edition 9.2.0 .0.5
- Oracle oracle10g_standard_edition 10.1.0 .0.2
- Hp oracle_for_openview 9.1.01
- Oracle oracle10g_enterprise_edition 10.1.0 .0.4
- Oracle oracle10g_standard_edition 10.1.0 .0.4
- Oracle oracle10g_standard_edition 10.2.0 .3
- Oracle oracle10g_personal_edition 10.1.0 .0.4
- Oracle e-business_suite_11i 11.5.10
- Oracle jd_edwards_enterpriseone 8.96.11
- Oracle oracle10g_enterprise_edition 10.1.0 .0.2
- Oracle peoplesoft_enterprise_peopletools 8.22
- Oracle application_server 9.0.4.3
- Oracle peoplesoft_enterprise_peopletools 8.47
- Oracle peoplesoft_enterprise_peopletools 8.48
- Oracle oracle9i_enterprise_edition 9.0.1 .5
- Oracle oracle9i_personal_edition 9.0.1 .5
- Oracle application_server 10.1.2.2
- Oracle e-business_suite_12 12.0.0
- Oracle oracle9i_enterprise_edition 9.2.0.8.0
- Oracle oracle10g_application_server 9.0.4 3
- Oracle jd_edwards_enterpriseone 8.96
- Oracle enterprise_manager_9i_release_2 9.2.0 7
- Oracle application_server 7.0.4.4
- Oracle oracle9i_personal_edition 9.2.0 .0.1
- Oracle oracle9i_enterprise_edition 9.2.0 .0.1
- Oracle jd_edwards_oneworld_tools SP23
- Oracle oracle10g_application_server 10.1.3 .1.0
- Oracle oracle10g_application_server 10.1.3 .2.0
- Oracle oracle10g_personal_edition 10.1.0.5
- Oracle peoplesoft_enterprise 8.22.14
HTTP:FOXIT-FF-URL-STG-BO - HTTP: Foxit Reader Plugin for Firefox URL String Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known flaw in Foxit Reader Plugin for Firefox. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known flaw in Nagios. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Nagios nagios 3.0.1
- Nagios nagios 3.0 (rc2)
- Nagios nagios 3.0 (beta2)
- Nagios nagios 3.0.4
- Icinga icinga 1.7.2
- Icinga icinga 1.7.3
- Icinga icinga 1.8.3
- Nagios nagios 3.0 (alpha3)
- Icinga icinga 1.7.0
- Nagios nagios 3.3.1
- Icinga icinga 1.7.1
- Icinga icinga 1.8.1
- Nagios nagios 3.0 (alpha1)
- Nagios nagios 3.0 (alpha4)
- Nagios nagios 3.4.2
- Nagios nagios up to 3.4.3
- Nagios nagios 3.0 (alpha2)
- Nagios nagios 3.2.1
- Nagios nagios 3.4.1
- Nagios nagios 3.2.0
- Nagios nagios 3.0 (rc3)
- Icinga icinga 1.6.0
- Nagios nagios 3.0 (beta6)
- Nagios nagios 3.0 (beta1)
- Nagios nagios 3.2.3
- Nagios nagios 3.1.2
- Nagios nagios 3.2.2
- Nagios nagios 3.0 (beta7)
- Icinga icinga 1.8.0
- Nagios nagios 3.0.6
- Nagios nagios 3.0 (alpha5)
- Icinga icinga 1.6.1
- Nagios nagios 3.0.5
- Nagios nagios 3.0 (beta3)
- Nagios nagios 3.1.1
- Nagios nagios 3.4.0
- Nagios nagios 3.1.0
- Nagios nagios 3.0 (beta5)
- Nagios nagios 3.0.3
- Icinga icinga 1.8.2
- Nagios nagios 3.0 (rc1)
- Nagios nagios 3.0 (beta4)
- Nagios nagios 3.0.2
DB:ORACLE:SDO_CS-TRANS-OF - DB: Oracle SDO_CS.TRANSFORM_LAYER Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Oracle database TNS. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Oracle oracle9i_application_server 9.0.3 .1
- Oracle oracle9i_enterprise_edition 9.0.1 .4
- Oracle oracle9i_enterprise_edition 9.0.1 .5 FIPS
- Oracle oracle9i_personal_edition 9.0.1 .5 FIPS
- Oracle oracle9i_standard_edition 9.0.1 .5 FIPS
- Oracle oracle10g_application_server 10.1.2 .0.1
- Oracle oracle10g_application_server 10.1.2 .0.2
- Oracle oracle10g_application_server 10.1.2 .1.0
- Oracle oracle10g_application_server 9.0.4 .2
- Oracle collaboration_suite_release_1 10.1.2
- Oracle jd_edwards_enterpriseone 8.95.0 F1
- Oracle oracle10g_standard_edition 10.1.0 .0.5
- Oracle oracle10g_standard_edition 10.2.0.1
- Oracle oracle9i_standard_edition 9.2.0 .7
- Oracle application_server_10g 9.0.4 .2
- Oracle oracle10g_application_server 9.0.4 .0
- Oracle developer_suite 9.0.4 .2
- Oracle oracle9i_application_server 9.0.2 .3
- Oracle jd_edwards_enterpriseone 8.95.0 B1
- Oracle oracle9i_enterprise_edition 9.0.1 .5
- Oracle oracle9i_personal_edition 9.0.1 .5
- Oracle oracle9i_standard_edition 9.0.1 .5
- Hp oracle_for_openview 9.1.01
- Hp oracle_for_openview 8.1.7
- Hp oracle_for_openview 9.2
- Oracle html_db 1.5.0
- Oracle html_db 1.6.0
- Oracle html_db 1.5.1
- Oracle html_db 1.6.1
- Oracle html_db 2.0.0
- Oracle oracle9i_standard_edition 9.0.1 .4
- Oracle peoplesoft_enterprise_peopletools 8.22
- Oracle peoplesoft_enterprise_peopletools 8.46
- Oracle peoplesoft_enterprise_peopletools 8.47
- Oracle peoplesoft_enterprise_peopletools 8.48
- Oracle peoplesoft_enterprise_portal 8.8
- Oracle peoplesoft_enterprise_portal 8.9
- Oracle developer_suite 9.0.4 .3
- Oracle developer_suite 6i
- Oracle developer_suite 10.1.2.0.2
- Oracle developer_suite 10.1.2.2
- Oracle jd_edwards_oneworld_tools SP23
- Oracle oracle10g_enterprise_edition 10.1.0 .0.3
- Oracle oracle10g_personal_edition 10.1.0 .0.3
- Oracle oracle10g_standard_edition 10.1.0 .0.3
- Oracle oracle9i_standard_edition 9.2.0 .6
- Oracle oracle9i_personal_edition 9.2.0 .6
- Oracle oracle9i_enterprise_edition 9.2.0.6.0
- Oracle collaboration_suite_release_2 9.0.4 .2
- Oracle oracle10g_application_server 9.0.4 .1
- Oracle oracle10g_application_server 10.1.2
- Oracle application_server_10g 9.0.4
- Oracle application_server_10g 9.0.4 .1
- Oracle application_server_release_2 9.0.2 .3
- Oracle e-business_suite_11i 11.5.7
- Oracle e-business_suite_11i 11.5.8
- Oracle e-business_suite_11i 11.5.9
- Oracle e-business_suite 11.0.0
- Oracle oracle9i_application_server 1.0.2 .2
- Oracle developer_suite 9.0.4 .1
- Oracle oracle10g_standard_edition 10.2.0 .2
- Oracle oracle10g_personal_edition 10.2.0 .2
- Oracle oracle10g_personal_edition 10.2.0 .1
- Oracle oracle10g_enterprise_edition 10.2.0 .1
- Oracle oracle10g_enterprise_edition 10.2.0 .2
- Oracle oracle9i_enterprise_edition 9.2.0.7.0
- Oracle oracle9i_personal_edition 9.2.0 .7
- Oracle oracle10g_application_server 10.1.3 .0.0
- Oracle e-business_suite_11i 11.5.10 CU2
- Oracle pharmaceutical_applications 4.5.0
- Oracle pharmaceutical_applications 4.5.1
- Oracle jd_edwards_enterpriseone 8.95
- Oracle jd_edwards_enterpriseone 8.95.J1
- Oracle peoplesoft_enterprise_tools 8.47 GA
- Oracle peoplesoft_enterprise_tools 8.47.01
- Oracle peoplesoft_enterprise_tools 8.47.02
- Oracle peoplesoft_enterprise_tools 8.47.03
- Oracle peoplesoft_enterprise_tools 8.46 GA
- Oracle peoplesoft_enterprise_tools 8.47.04
- Oracle peoplesoft_enterprise_tools 8.46.12
- Oracle oracle9i_enterprise_edition 9.2.0 .0.5
- Oracle oracle9i_personal_edition 9.2.0 .0.5
- Oracle oracle9i_standard_edition 9.2.0 .0.5
- Oracle oracle8i_enterprise_edition 8.1.7.4.0
- Oracle oracle10g_enterprise_edition 10.1.0 .0.4
- Oracle oracle10g_standard_edition 10.1.0 .0.4
- Oracle oracle10g_personal_edition 10.1.0 .0.4
- Oracle e-business_suite_11i 11.5.10
- Oracle application_server_10g 9.0.4 .3
- Oracle jd_edwards_enterpriseone 8.96
- Oracle oracle8i_standard_edition 8.1.7 .4
- Oracle oracle9i_personal_edition 9.0.1 .4
APP:NOVELL:HTTP-NOVELL-REDIRECT - APP: Novell eDirectory HTTP Server Redirection Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Novell eDirectory HTTP Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Novell edirectory 8.7.3.8 pre-SP9
- Novell edirectory 8.5.0
- Novell edirectory 8.0.0
- Novell edirectory 8.7.1 SU1
- Novell edirectory 8.5.12 a
- Novell edirectory 8.5.27
- Novell edirectory 8.7.3.8
- Novell edirectory 8.7.3
- Novell edirectory 8.7.1
- Novell edirectory 8.8
- Novell edirectory 8.8.1
- Novell edirectory 8.6.2
- Novell edirectory 8.7.0
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in PHP. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application. Failed exploit attempts can result in a denial-of-service condition.
Supported On:
DI-Base, DI-Server, idp-4.0.0, idp-4.0.110090709, idp-5.1.110161014, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-4.0.110090831, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Php php 5.4.0
- Php php 5.4.1
- Php php 5.4.2
- Php php 5.4.0beta2
- Php php 5.4.1RC1-DEV
NTP:CRYPTO-NAK-AUTH-BYPASS - NTP: Network Time Protocol Daemon crypto-NAK Authentication Bypass
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against NTP Daemon. The vulnerability is due to improper validation of crypto-NAK packets that leads to an NTP Symmetric association to be established with an unauthorized peer. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted crypto-NAK NTP packet to the vulnerable service. Successful exploitation will let the attacker change the time on the target system, resulting in a policy bypass and potentially other security vulnerabilities.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ntp ntp 4.3.43
- Ntp ntp 4.3.22
- Ntp ntp 4.3.38
- Ntp ntp 4.3.40
- Ntp ntp 4.3.11
- Ntp ntp 4.3.9
- Ntp ntp 4.3.41
- Ntp ntp 4.3.24
- Ntp ntp 4.3.36
- Ntp ntp 4.3.60
- Ntp ntp 4.3.8
- Ntp ntp 4.3.28
- Ntp ntp 4.3.46
- Ntp ntp 4.3.18
- Ntp ntp 4.3.35
- Ntp ntp 4.3.61
- Ntp ntp 4.3.7
- Ntp ntp 4.3.47
- Ntp ntp 4.3.59
- Ntp ntp 4.3.34
- Ntp ntp 4.3.62
- Ntp ntp 4.3.6
- Ntp ntp 4.3.71
- Ntp ntp 4.3.44
- Ntp ntp 4.3.58
- Ntp ntp 4.3.33
- Ntp ntp 4.3.63
- Ntp ntp 4.3.5
- Ntp ntp 4.3.45
- Ntp ntp 4.3.32
- Ntp ntp 4.3.64
- Ntp ntp 4.3.4
- Ntp ntp 4.3.31
- Ntp ntp 4.3.29
- Ntp ntp 4.3.3
- Ntp ntp 4.3.1
- Ntp ntp 4.3.17
- Ntp ntp 4.3.55
- Ntp ntp 4.3.30
- Ntp ntp 4.3.66
- Ntp ntp 4.3.37
- Ntp ntp 4.2.2
- Ntp ntp 4.3.65
- Ntp ntp 4.3.54
- Ntp ntp 4.3.69
- Ntp ntp 4.3.67
- Ntp ntp 4.2.4
- Ntp ntp 4.2.6
- Ntp ntp 4.3.13
- Ntp ntp 4.3.23
- Ntp ntp 4.3.57
- Ntp ntp 4.3.68
- Ntp ntp 4.2.5
- Ntp ntp 4.2.7p444
- Ntp ntp 4.3.56
- Ntp ntp 4.3.48
- Ntp ntp 4.3.25
- Ntp ntp 4.3.19
- Ntp ntp 4.3.74
- Ntp ntp 4.3.51
- Ntp ntp 4.3.49
- Ntp ntp 4.3.26
- Ntp ntp 4.3.72
- Ntp ntp 4.3.50
- Ntp ntp 4.3.27
- Ntp ntp 4.3.12
- Ntp ntp 4.2.7
- Ntp ntp 4.3.16
- Ntp ntp 4.3.53
- Ntp ntp 4.3.0
- Ntp ntp 4.3.20
- Ntp ntp 4.3.10
- Ntp ntp 4.3.39
- Ntp ntp 4.3.70
- Ntp ntp 4.3.73
- Ntp ntp 4.3.2
- Ntp ntp 4.2.8
- Ntp ntp 4.2.0
- Ntp ntp 4.3.21
- Ntp ntp 4.3.14
- Ntp ntp 4.3.76
- Ntp ntp 4.3.52
- Ntp ntp 4.3.42
- Ntp ntp 4.3.15
- Ntp ntp 4.3.75
HTTP:MISC:HP-SYS-IPRANGE-OF - HTTP: HP System Management Homepage iprange Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against HP System Management Homepage. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp system_management_homepage up to 7.2
- Hp system_management_homepage 7.0
- Hp system_management_homepage 7.1
MS-RPC:OF:ADVANTECH-WEBACS-BOF - MS-RPC: Advantech WebAccess Client bwswfcfg Stack-based Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Advantech WebAccess Client. A successful attack can lead to Buffer Overflow.
Supported On:
idp-5.1.110161014, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.110121210, srx-12.1, srx-branch-12.1, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Advantech webaccess 8.3.2
HTTP:STC:IE:MERGE-ATTRIB - HTTP: Microsoft Internet Explorer DOM mergeAttributes Memory Corruption
Severity: HIGH
Description:
This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due to insufficient input validation in the DOM mergeAttributes script method. A remote attacker can exploit this by enticing a target user to open a maliciously crafted HTML document. A successful attack can result in arbitrary code execution with privileges of the targeted user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft internet_explorer 6.0
- Nortel_networks contact_center_multimedia_&_outbound 7.0
- Microsoft internet_explorer 5.0.1
- Microsoft internet_explorer 6.0 SP1
- Nortel_networks media_processing_svr_100
- Avaya messaging_application_server
- Nortel_networks self-service_peri_workstation
- Avaya messaging_application_server MM 3.1
- Microsoft internet_explorer 5.0.1 SP4
- Nortel_networks self-service_speech_server
- Nortel_networks contact_center_multimedia_&_outbound 6.0
- Nortel_networks callpilot 1005R
- Nortel_networks callpilot 600R
- Nortel_networks callpilot 703T
- Nortel_networks media_processing_server
- Nortel_networks callpilot 201I
- Microsoft internet_explorer 5.0.1 For Windows 2000
- Avaya meeting_exchange-client_registration_server
- Avaya meeting_exchange-recording_server
- Avaya meeting_exchange-streaming_server
- Avaya meeting_exchange-web_conferencing_server
- Avaya meeting_exchange-webportal
- Nortel_networks self-service_peri_application
- Avaya messaging_application_server MM 1.1
- Nortel_networks callpilot 202I
- Nortel_networks self-service_peri_cti
- Nortel_networks self_service-cdd
- Nortel_networks contact_center_express
- Microsoft internet_explorer 5.0.1 SP2
- Avaya messaging_application_server MM 2.0
- Nortel_networks contact_center_administration_ccma 7.0
- Nortel_networks contact_center_administration_ccma 6.0
- Avaya messaging_application_server MM 3.0
- Nortel_networks media_processing_svr_1000_rel 3.0
- Nortel_networks media_processing_svr_500_rel 3.0
- Microsoft internet_explorer 5.0.1 SP3
- Nortel_networks self-service_media_processing_server
- Microsoft internet_explorer 5.0.1 SP1
HTTP:EFS-FILE-SERVER-BO - HTTP: EFS Software Easy File Sharing Web Server Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Easy File Management Web Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the current user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Sharing-file easy_file_sharing_web_server 7.2
APP:CVE-2017-5789-OV - APP: HPE LoadRunner and Performance Center libxdrutil.dll mxdr_string Heap Buffer Overflow
Severity: HIGH
Description:
A heap buffer overflow vulnerability exists in HP LoadRunner and Performance Center. Successful exploitation could result in execution of arbitrary code within the context of SYSTEM.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp loadrunner 12.53
- Hp performance_center 12.53
TFTP:HP-MGMT-TFTP-DATA-OF - TFTP: HP Intelligent Management Center TFTP Server DATA and ERROR Packets Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the HP Intelligent Management Center TFTP server. It is due to insufficient handling while processing malformed DATA and ERROR tftp packets. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp intelligent_management_center_(imc) 5.0_E0101
- Hp intelligent_management_center_(imc) 5.0_E0101L01
- 3com intelligent_management_center_(imc) 3.3.9 R2 606
- 3com intelligent_management_center_(imc) 3.3 SP1 R2 606
- 3com intelligent_management_center_(imc) 3.3 SP2 R2 606
HTTP:STC:ADOBE:PHOTOSHOP-ASSET - HTTP: Adobe Photoshop Asset Elements Stack Buffer Overflow
Severity: HIGH
Description:
A buffer overflow vulnerability has been reported in Adobe Photoshop. The vulnerability is due to insufficient validation of Collada asset elements. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to download a malicious file. This can lead to arbitrary code execution in the context of the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Adobe photoshop CS5
- Adobe photoshop CS5.1
NTP:NTPQ-DECODEARR-BO - NTP: Network Time Protocol ntpq decodearr Stack-based Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the monitoring and control program ntpq of Network Time Protocol daemon. Successful exploitation could result in arbitrary code execution in the security context of the user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Canonical ubuntu_linux 17.10
- Netapp element_software -
- Canonical ubuntu_linux 14.04
- Canonical ubuntu_linux 16.04
- Canonical ubuntu_linux 18.04
- Canonical ubuntu_linux 12.04
- Ntp ntp 4.2.8
- Freebsd freebsd 10.3
- Freebsd freebsd 11.1
- Freebsd freebsd 10.4
APP:CA:ARCSRV:BME-OP-117 - APP: CA BrightStor ARCserve Backup Message Engine Opcode 117 Buffer
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against Computer Associates BrightStor ARCserve. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Computer_associates brightstor_arcserve_backup 11.5.SP1
- Computer_associates brightstor_arcserve_backup 9.01
- Computer_associates brightstor_arcserve_backup 11.5.0
- Computer_associates brightstor_arcserve_backup 11.1.0
- Computer_associates server_protection_suite r2
- Computer_associates business_protection_suite r2
- Computer_associates business_protection_suite_for_microsoft_sbs_std_ed r2
- Computer_associates business_protection_suite_for_microsoft_sbs_pre_ed r2
- Computer_associates brightstor_arcserve_backup 11
- Computer_associates brightstor_arcserve_backup 10.5
SMTP:MAL:LOTUS-APPLIX - SMTP: IBM Lotus Notes Applix Graphics Parsing Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in IBM Lotus Notes Applix. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Symantec mail_security_appliance 5.0.0
- Ibm lotus_notes 6.0.3
- Ibm lotus_notes 6.5.1
- Ibm lotus_notes 6.0.2
- Symantec mail_security_for_microsoft_exchange 5.0.0
- Ibm lotus_notes 7.0.2
- Symantec mail_security_for_smtp 5.0
- Ibm lotus_notes 6.5.0
- Ibm lotus_notes 6.0.4
- Ibm lotus_notes 6.5.2
- Ibm lotus_notes 7.0.3
- Ibm lotus_notes 6.5.6 FP2
- Ibm lotus_notes 6.0.0
- Symantec mail_security_appliance 5.0.0.24
- Autonomy keyview_export_sdk 7
- Autonomy keyview_export_sdk 8
- Autonomy keyview_export_sdk 9
- Autonomy keyview_filter_sdk 9
- Autonomy keyview_filter_sdk 8
- Autonomy keyview_filter_sdk 7
- Autonomy keyview_viewer_sdk 7
- Autonomy keyview_viewer_sdk 8
- Autonomy keyview_viewer_sdk 9
- Autonomy keyview_viewer_sdk 10
- Autonomy keyview_filter_sdk 10
- Autonomy keyview_export_sdk 10
- Ibm lotus_notes 6.5.5
- Autonomy keyview_export_sdk 10.3.0
- Autonomy keyview_filter_sdk 10.3.0
- Autonomy keyview_viewer_sdk 10.3.0
- Ibm lotus_notes 7.0
- Activepdf docconverter 3.8.4.0
- Ibm lotus_notes 6.5.3
- Ibm lotus_notes 6.5.4
- Ibm lotus_notes 6.0.5
- Ibm lotus_notes 6.5.5 FP3
- Ibm lotus_notes 6.5.6
- Ibm lotus_notes 7.0.1
- Ibm lotus_notes 8.0
- Ibm lotus_notes 6.0.1
- Ibm lotus_notes 6.5.5 FP2
- Symantec mail_security_for_smtp 5.0.1
- Symantec mail_security_for_domino 7.5
- Ibm lotus_notes 7.0.2 FP1
APP:HPOV:OVWEBSNMPSRV-OF - APP: HP OpenView NNM ovwebsnmpsrv.exe Command Line Argument Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known buffer overflow vulerability in HP OpenView Network Node Manager (NNM) ovwebsnmpsrv.exe. It is due to a boundary error when handling HTTP requests sent to the jovgraph.exe CGI application. A remote unauthenticated attacker can exploit this by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account.
Supported On:
idp-5.1.110161014, DI-Client, DI-Server, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, DI-Base, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.53
HTTP:STC:DL:MS-VISIO-DXF-BO - HTTP: Microsoft Visio 2010 DXF File Format Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Microsoft Visio 2010. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft visio_viewer_2010_(32-bit_edition)
- Microsoft visio_viewer_2010_(64-bit_edition)
- Microsoft visio_viewer_2010_(32-bit_edition) SP1
- Microsoft visio_2010_(32-bit_editions)_sp1
- Microsoft visio_viewer_2010_(64-bit_edition) SP1
- Microsoft visio_2010_(64-bit_editions)_sp1
HTTP:STC:CVE-2018-18993-BO - HTTP: OMRON CX-One CX-Position cdmapi32 Stack-based Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the OMRON CX-One CX-Position module. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Omron cx-programmer 9.66
- Omron cx-server 5.0.23
- Omron cx-one 4.42
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in the Symantec VERITAS NetBackup Server, Backup Client Service (BPCD). A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Veritas_software netbackup_enterprise_server 5.0.0
- Veritas_software netbackup_enterprise_server 6.0.0
- Veritas_software netbackup_client 6.0.0
- Veritas_software netbackup_client 5.0.0
- Veritas_software netbackup_client 5.1.0
- Veritas_software netbackup_server 6.0.0
- Veritas_software netbackup_enterprise_server 5.1.0
- Veritas_software netbackup_server 5.1.0
- Veritas_software netbackup_server 5.0.0
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe PDF Reader. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Adobe reader 9.4.5
- Adobe acrobat 10.1.1
- Adobe reader 10.1.1
- Adobe acrobat 10.1.2
- Adobe reader 9.4.6
- Adobe reader 9.4
- Adobe reader 9.5
- Adobe reader 9.4.7
- Adobe acrobat 10.0.1
- Adobe reader 10.0.1
- Adobe reader 9.4.2
- Adobe acrobat 10.0.3
- Adobe reader 10.0.3
- Adobe reader 9.4.3
- Adobe reader 9.4.4
- Adobe acrobat 10.1.3
- Adobe reader 9.4.1
- Adobe reader 10.1.3
- Adobe reader 9.5.1
- Adobe acrobat 10.0.2
- Adobe reader 10.0.2
- Adobe reader 10.1.2
- Adobe acrobat 10.1
- Adobe reader 10.1
- Adobe acrobat 10.0
- Adobe reader 10.0
TFTP:OPEN-TFTP-SERVER-ERROR-BO - TFTP: OpenTFTP Server Error Packet Handling Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against the OpenTFTP Server. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Tftp_server tftp_server SP 1.4
HTTP:STC:DL:OO-OLE - HTTP: OpenOffice OLE File Stream Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in OpenOffice. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Openoffice openoffice.org up to 2.3.1
- Openoffice openoffice.org 2.0.3
- Openoffice openoffice.org 2.3
- Openoffice openoffice.org 2.2.1
- Openoffice openoffice.org 2.2
- Openoffice openoffice.org 2.1
HTTP:DOS:DRUPAL-XML-RPC-IEE - HTTP: Drupal Core XML-RPC Endpoint Internal Entity Expansion Denial of Service
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Drupal Core XML-RPC. The vulnerability is due to an input validation error when an XML-RPC endpoint handles Internal Entity Expansion. This can cause a very high CPU load and memory exhaustion. A successful attack can result in a denial-of-service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Debian debian_linux 7.0
- Drupal drupal 7.28
- Wordpress wordpress 3.9.0
- Wordpress wordpress 3.0.2
- Drupal drupal 7.9
- Wordpress wordpress 3.0.4
- Drupal drupal 7.22
- Wordpress wordpress 3.0.6
- Wordpress wordpress 3.3.3
- Drupal drupal 7.13
- Wordpress wordpress 3.4.1
- Drupal drupal 7.20
- Wordpress wordpress 3.8
- Wordpress wordpress 3.3.1
- Drupal drupal 7.11
- Drupal drupal 7.26
- Drupal drupal 6.21
- Drupal drupal 7.17
- Drupal drupal 7.24
- Drupal drupal 7.15
- Wordpress wordpress 3.5.1
- Wordpress wordpress 3.0
- Wordpress wordpress 3.8.1
- Drupal drupal 6.22
- Drupal drupal 7.19
- Wordpress wordpress 3.1.4
- Wordpress wordpress 3.2
- Drupal drupal 6.24
- Drupal drupal 7.5
- Drupal drupal 6.26
- Drupal drupal 6.19
- Wordpress wordpress 3.6
- Drupal drupal 6.28
- Wordpress wordpress 3.1.2
- Drupal drupal 6.15
- Wordpress wordpress 3.6.1
- Drupal drupal 6.1
- Drupal drupal 6.32
- Drupal drupal 6.17
- Drupal drupal 7.4
- Drupal drupal 6.30
- Drupal drupal 6.11
- Drupal drupal 7.30
- Drupal drupal 6.3
- Drupal drupal 6.13
- Drupal drupal 7.7
- Drupal drupal 7.0
- Wordpress wordpress 3.7.1
- Drupal drupal 6.7
- Wordpress wordpress 3.0.1
- Drupal drupal 6.9
- Drupal drupal 7.29
- Wordpress wordpress 3.0.3
- Drupal drupal 7.6
- Wordpress wordpress 3.9.1
- Wordpress wordpress 3.0.5
- Drupal drupal 7.8
- Wordpress wordpress 3.3.2
- Drupal drupal 7.23
- Drupal drupal 7.1
- Drupal drupal 7.12
- Wordpress wordpress 3.4.0
- Drupal drupal 7.21
- Drupal drupal 7.10
- Wordpress wordpress 3.4.2
- Drupal drupal 7.27
- Drupal drupal 7.16
- Drupal drupal 7.25
- Drupal drupal 6.5
- Wordpress wordpress 3.5.0
- Drupal drupal 7.14
- Drupal drupal 6.20
- Wordpress wordpress 3.1
- Drupal drupal 6.23
- Wordpress wordpress 3.3
- Drupal drupal 6.25
- Drupal drupal 7.18
- Drupal drupal 7.3
- Drupal drupal 6.27
- Drupal drupal 6.18
- Wordpress wordpress 3.7
- Wordpress wordpress 3.2.1
- Drupal drupal 6.29
- Wordpress wordpress 3.1.1
- Drupal drupal 6.14
- Wordpress wordpress 3.1.3
- Drupal drupal 7.2
- Drupal drupal 6.16
- Drupal drupal 6.0
- Drupal drupal 6.10
- Drupal drupal 7.x-dev
- Drupal drupal 6.2
- Drupal drupal 6.31
- Drupal drupal 6.12
- Drupal drupal 6.4
- Drupal drupal 6.6
- Drupal drupal 6.8
FTP:OVERFLOW:MS-IE-FTP-RES-MC - FTP: Microsoft Internet Explorer FTP Response Parsing Memory Corruption
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Microsoft internet_explorer 6.0
- Avaya vpnmanagertm_console
- Hp storage_management_appliance 2.1
- Microsoft internet_explorer 5.0.1
- Avaya s8100_media_servers R10
- Avaya s8100_media_servers
- Avaya s8100_media_servers R11
- Avaya agent_access
- Avaya cms_supervisor
- Avaya computer_telephony
- Avaya contact_center_express
- Avaya messaging_application_server
- Avaya basic_call_management_system_reporting_desktop
- Avaya s8100_media_servers R9
- Avaya s8100_media_servers R8
- Avaya s8100_media_servers R7
- Avaya s8100_media_servers R6
- Avaya ip_agent
- Avaya ip_softphone
- Microsoft internet_explorer 5.0.1 SP4
- Avaya network_reporting
- Avaya operational_analyst
- Avaya outbound_contact_management
- Avaya speech_access
- Avaya unified_messenger_(r)
- Avaya visual_messenger_tm
- Avaya visual_vector_client
- Nortel_networks centrex_ip_client_manager 8.0.0
- Avaya web_messenger
- Microsoft internet_explorer 6.0 SP1
- Avaya basic_call_management_system_reporting_desktop server
- Nortel_networks callpilot 703T
- Nortel_networks contact_center_manager_server
- Avaya enterprise_management
- Avaya unified_communication_center
- Nortel_networks contact_center
- Microsoft internet_explorer 5.0.1 SP2
- Nortel_networks callpilot 702T
- Avaya interaction_center
- Nortel_networks callpilot 1002Rp
- Avaya modular_messaging_(mas)
- Nortel_networks callpilot 200I
- Nortel_networks contact_center_express
- Nortel_networks contact_center_manager
- Avaya octelaccess(r)_server
- Nortel_networks callpilot 201I
- Avaya octeldesignertm
- Nortel_networks symposium_network_control_center_(ncc)
- Microsoft internet_explorer 7.0
- Nortel_networks centrex_ip_client_manager 9.0
- Avaya cvlan
- Avaya integrated_management
- Microsoft internet_explorer 5.0.1 SP1
- Nortel_networks centrex_ip_client_manager 7.0.0
- Avaya s8100_media_servers R12
- Microsoft internet_explorer 5.0.1 SP3
VOIP:SIP:DIGIUM-ASTERSK-BO - VOIP: Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow
Severity: HIGH
Description:
A buffer overflow has been reported in the CDR engine of Digium Asterisk. Successful exploitation could result in arbitrary code execution under the context of the user running the Asterisk service.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Digium asterisk 13.8.2
- Digium asterisk 13.13
- Digium asterisk 13.1.0
- Digium asterisk 13.13.0
- Digium asterisk 14.3.0
- Digium asterisk 14.01
- Digium asterisk 14.1.2
- Digium asterisk 14.2.1
- Digium asterisk 13.11.2
- Digium asterisk 14.02
- Digium asterisk 14.2.0
- Digium asterisk 13.4.0
- Digium asterisk 14.1.0
- Digium asterisk 14.1.1
- Digium asterisk 13.10.0
- Digium asterisk 13.3.2
- Digium asterisk 13.5.0
- Digium asterisk 13.14.0
- Digium certified_asterisk 13.13-cert2
- Digium asterisk 13.3.0
- Digium asterisk 13.9.1
- Digium asterisk 13.0.0
- Digium asterisk 13.9.0
- Digium asterisk 14.0
- Digium asterisk 13.0.1
- Digium asterisk 13.12.0
- Digium asterisk 13.0.2
- Digium asterisk 13.7.2
- Digium asterisk 13.12.1
- Digium asterisk 13.7.1
- Digium asterisk 13.12.2
- Digium asterisk 13.11.0
- Digium asterisk 13.2.0
- Digium asterisk 13.7.0
- Digium asterisk 14.0.2
- Digium asterisk 13.2.1
- Digium asterisk 13.8.0
- Digium asterisk 14.0.1
- Digium asterisk 13.8.1
- Digium asterisk 13.12
- Digium asterisk 14.0.0
- Digium asterisk 13.6.0
- Digium asterisk 13.11.1
- Digium asterisk 13.1.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Novell Netmail. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Novell netmail 3.52.0
- Novell netmail 3.52.0 C1
- Novell netmail 3.52.0 D
- Novell netmail 3.52.0 C
- Novell netmail 3.52.0 B
- Novell netmail 3.52.0 A
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the freeFTPd. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Jgaa warftpd up to 1.66
- Microsoft windows_nt
- Microsoft windows_95
APP:NOVELL:ZENWORKS-TFTPD-RCE - APP: Novell ZENworks Desktop Management on Linux TFTPD Code Execution
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Novell ZENworks Desktop Management on Linux. It is due to boundary error in the TFTPD server component. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Novell zenworks_desktop_management 7 SP1
APP:HP-DATA-PROTECTOR-SIGN-DOS - APP: HP Data Protector Media Operations SignInName Parameter Denial of Service
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the HP Data Protector Media Operations SignInName Parameter. A successful attack can result in a denial-of-service condition.
Supported On:
idp-5.1.110161014, DI-Server, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, DI-Base, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp data_protector_media_operations 6.11
HTTP:STC:PPT-CRAFTED-PATH - HTTP: Microsoft Office PowerPoint File Path Handling Buffer Overflow
Severity: HIGH
Description:
A stack buffer overflow vulnerability exists in Microsoft Office PowerPoint. The vulnerability is due to the way that the vulnerable application handles specially crafted file paths. This vulnerability may be exploited by remote unauthenticated attackers by enticing a user to open a maliciously crafted file. In attack scenarios where code execution is successful the behaviour of the target machine is completely dependent on the intention of the injected code, which will run in the security context of the currently logged in user. In cases where code execution is not successful the affected product may terminate abnormally.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft powerpoint_2002
- Microsoft powerpoint_2002 SP1
- Microsoft powerpoint_2002 SP2
- Microsoft powerpoint_2002 SP3
SMTP:OVERFLOW:MAILENABLE-BO - SMTP: MailEnable SMTP Authentication Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against SMTP authentication mechanism of MailEnable. The flaw is caused by insufficient boundary checking when handling the username argument in an AUTH command. A successful attacker can exploit this vulnerability to terminate the vulnerable service or execute arbitrary code with System privileges. Note: While the vendor claims that this vulnerability can only be exploited for denial-of-service attacks, testing has shown that it can be exploited for remote code execution attacks as well. In a simple attack case aimed at creating a denial of service condition, the affected service will terminate. If the service is not configured to restart automatically, then the MailEnable SMTP functionality will be unavailable until the server is restarted manually. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the service process, normally System.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- University_of_cambridge exim 4.42
- University_of_cambridge exim up to 4.40
- University_of_cambridge exim 4.41
APP:CITRIX:PROVISIONING-OPCODE - APP: Citrix Provisioning Services Opcode Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Citrix Provisioning Services. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
MS-RPC:OF:ADVANTECH-WA-BO - MS-RPC: Advantech WebAccess SCADA Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Advantech WebAccess SCADA. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Administrator.
Supported On:
idp-5.1.110161014, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.110121210, srx-12.1, srx-branch-12.1, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Advantech webaccess 8.3.5
APP:ORACLE:GOLDENGATE-SOAP-OF - APP: Oracle GoldenGate Veridata Server XML SOAP Request Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Oracle GoldenGate Veridata Server. Its due to a boundary error while parsing XML SOAP requests containing an overly long tag string. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Oracle goldengate_veridata 3.0.0.4
HTTP:OVERFLOW:MICROFOCUS-PST-OF - HTTP: Micro Focus GroupWise Post Office Agent Integer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Post Office Agent component of Micro Focus GroupWise. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Novell groupwise 2012
- Novell groupwise 2014
HTTP:OVERFLOW:WECON-LEVIS-HOF - HTTP: WECON LeviStudio Address Name Heap Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the WECON LeviStudio. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user process.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Ipswitch IMail IMAP server. The IMail server does not perform sufficient boundary checking when processing a STATUS command. Remote attackers can include a long mailbox name argument within a maliciously crafted STATUS command to overflow a stack buffer and execute arbitrary code with system level privileges.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Ipswitch imail 8.15.0 Hotfix 1
- Ipswitch imail 7.0.4
- Ipswitch imail 7.0.3
- Ipswitch imail 7.0.2
- Ipswitch imail 7.0.1
- Ipswitch imail 6.2.0
- Ipswitch imail 7.0.5
- Ipswitch imail 7.0.6
- Ipswitch imail 8.0.5
- Ipswitch imail 6.0.5
- Ipswitch imail 8.1.0
- Ipswitch imail 8.13.0
- Ipswitch imail 8.0.3
- Ipswitch imail 5.0.8
- Ipswitch imail 7.12.0
- Ipswitch imail 8.14.0
- Ipswitch imail 5.0.5
- Ipswitch imail 6.0.0
- Ipswitch imail 5.0.7
- Ipswitch imail 7.1.0
- Ipswitch imail 7.0.7
- Ipswitch imail 5.0.6
- Ipswitch imail 5.0.0
- Ipswitch imail 8.2.0
- Ipswitch imail 6.0.6
- Ipswitch imail 6.1.0
- Ipswitch imail 6.0.1
- Ipswitch imail 6.0.2
- Ipswitch imail 6.0.3
- Ipswitch imail 6.0.4
- Ipswitch imail 6.3.0
- Ipswitch imail 6.4.0
Severity: HIGH
Description:
This signature detects buffer overflow condition in relay e-mail addresses in an SMTP transmission. The address may be improperly formated, or it may contain binary data or invalid characters. A successful attack can result in malicious code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ipswitch imail_secure_server 2006
- Ipswitch imail_server 2006
- Ipswitch ipswitch_collaboration_suite_premium_edition 2006
- Ipswitch ipswitch_collaboration_suite_standard_edition 2006
- Ipswitch imail_plus
APP:CA:ARCSRV:SQL-OF - APP: Computer Associates BrightStor ARCserve Backup Buffer Overflow
Severity: HIGH
Description:
This signature detects an overly large chunk of data sent to a Computer Associates BrightStor SQL Agent. By sending a sufficiently large block of information to the agent, an attacker can execute arbitrary code on the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ca brightstor_arcserve_backup_agent 11.0 (:sap)
- Ca brightstor_arcserve_backup 11.0 (:oracle)
- Ca brightstor_enterprise_backup_agent 10.5 (:oracle)
- Ca brightstor_arcserve_backup_agent 11.1 (:sap)
- Ca brightstor_arcserve_backup_agent 11
- Ca brightstor_enterprise_backup_agent 10.0
- Ca brightstor_enterprise_backup_agent 10.5 (:sql)
- Ca brightstor_arcserve_backup_agent 9.0.1 (:sap)
- Ca brightstor_enterprise_backup 10.5
- Ca brightstor_arcserve_backup_agent 11 (:exchange)
- Ca brightstor_arcserve_backup 9.0_1
- Ca brightstor_enterprise_backup_agent 10.0 (:oracle)
- Ca brightstor_arcserve_backup 11.1 (:windows)
- Ca brightstor_arcserve_backup 9.0_1 (:oracle)
- Ca brightstor_arcserve_backup_agent 11.1 (:sql)
- Ca brightstor_arcserve_backup 9.0.1 (:windows)
- Ca brightstor_enterprise_backup_agent 10.0 (:sql)
- Ca brightstor_arcserve_backup 9.0.1
- Ca brightstor_arcserve_backup 11.0 (:windows)
- Ca brightstor_arcserve_backup_agent 9.0.1 (:exchange)
- Ca brightstor_arcserve_backup_agent 9.0.1 (:sql)
- Ca brightstor_arcserve_backup_agent 9.0.1
- Ca brightstor_arcserve_backup_agent 11.1 (:exchange)
- Ca brightstor_enterprise_backup_agent 10.0 (:sap)
- Ca brightstor_arcserve_backup 11.0
- Ca brightstor_enterprise_backup_agent 10.5
- Ca brightstor_enterprise_backup_agent 10.5 (:sap)
- Ca brightstor_arcserve_backup 11.1
- Ca brightstor_arcserve_backup 11.1 (:oracle)
- Ca brightstor_arcserve_backup_agent 11.0
- Ca brightstor_arcserve_backup_agent 11.1
- Ca brightstor_arcserve_backup_agent 11.0 (:sql)
- Ca brightstor_enterprise_backup 10.0
IMAP:EMPHASISMINE - IMAP: Shadow Brokers - EMPHASISMINE
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
APP:CA:ARCSRV:MEDIASERVER-BO1 - APP: Computer Associates BrightStor ARCserve Media Server Buffer Overflow1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in CA BrightStor ARCserve Media Server. Due to insufficient boundary checking when processing crafted strings supplied in SUN RPC requests, an unauthenticated attacker can terminate the service or cause a buffer overflow condition resulting in full control of the affected system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ca brightstor_arcserve_backup 11
- Ca server_protection_suite 2
- Ca brightstor_arcserve_backup 11 (:windows)
- Ca brightstor_arcserve_backup 11.1
- Ca business_protection_suite 2.0 (:microsoft_sbs_standard)
- Ca business_protection_suite 2.0
- Ca brightstor_arcserve_backup 11.5 (sp2)
- Ca brightstor_arcserve_backup 9.01
- Ca business_protection_suite 2.0 (:microsoft_sbs_premium)
APP:HPOV:SNMPVIEWER-APP-OF - APP: HP OpenView NNM snmpviewer.exe App Parameter Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against HP OpenView Network Node Manager. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.01
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.53
SMB:MS-CVE-2017-0144-MC - SMB: Microsoft Windows SMB Server SMBv1 Memory Corruption
Severity: HIGH
Description:
A remote code execution vulnerability has been reported in the SMBv1 component of Microsoft Windows SMB server. Successful exploitation could result in remote code execution.
Supported On:
idp-5.1.110161014, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, mx-16.1, srx-branch-19.2, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, isg-3.4.139899, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.0.110121210, srx-branch-19.1, vsrx3bsd-19.1, vsrx-15.1, idp-4.1.110110609, srx-19.2
References:
Affected Products:
- Microsoft server_message_block 1.0
DNS:REPERR:NAPRT-IOF - DNS: Name Authority Pointer Integer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Microsoft DNS server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Microsoft windows_server_2008_r2_itanium SP1
- Microsoft windows_server_2008_r2_x64 SP1
- Microsoft windows_server_2008_r2_datacenter
- Microsoft windows_server_2008_standard_edition - Sp2 Web
- Microsoft windows_server_2008_standard_edition SP2
- Microsoft windows_server_2008_for_x64-based_systems R2
- Microsoft windows_server_2008_for_itanium-based_systems R2
- Microsoft windows_server_2008_datacenter_edition SP2
- Microsoft windows_server_2008_enterprise_edition SP2
- Microsoft windows_server_2008_r2_standard_edition
- Microsoft windows_server_2008_for_32-bit_systems SP2
- Microsoft windows_server_2008_for_itanium-based_systems SP2
- Microsoft windows_server_2008_standard_edition - Gold Hpc
- Microsoft windows_server_2008_standard_edition - Gold Datacenter
- Microsoft windows_server_2008_standard_edition - Gold
- Microsoft windows_server_2008_r2_for_x64-based_systems SP1
- Microsoft windows_server_2008_for_itanium-based_systems
- Microsoft windows_server_2008_for_x64-based_systems SP2
- Microsoft windows_server_2008_r2_enterprise_edition
- Microsoft windows_server_2008_standard_edition Itanium
- Microsoft windows_server_2008_standard_edition - Gold Enterprise
- Microsoft windows_server_2008_standard_edition - Gold Itanium
- Microsoft windows_server_2008_standard_edition R2
- Microsoft windows_server_2008_standard_edition R2 SP1
- Microsoft windows_server_2008 - Sp2 Enterprise X64
- Microsoft windows_server_2008_standard_edition - Gold Standard
- Microsoft windows_server_2008_datacenter_edition
- Microsoft windows_server_2008_enterprise_edition Release Candidate
- Microsoft windows_server_2008_datacenter_edition Release Candidate
- Microsoft windows_server_2008_standard_edition - Gold Web
- Microsoft windows_server_2008_standard_edition Release Candidate
- Microsoft windows_server_2008_standard_edition - Sp2 Storage
- Microsoft windows_server_2008_standard_edition - Gold Storage
- Microsoft windows_server_2008_enterprise_edition
- Microsoft windows_server_2008_standard_edition
- Microsoft windows_server_2008_r2_x64
- Microsoft windows_server_2008_r2_itanium
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_server_2008_standard_edition - Sp2 Hpc
- Microsoft windows_server_2008 SP2 Beta
- Microsoft windows_server_2008_r2_datacenter SP1
HTTP:SQL:INJ:OVERSIZE-STATEMENT - HTTP: Oversized Cast And Convert Statement Possible SQL Injection Obfuscation
Severity: MEDIUM
Description:
This signature detects attempts to exploit Oversized Cast And Convert Statement SQL Injection vulnerability. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Severity: HIGH
Description:
This signature detects invalid HTTP requests to Microsoft Internet Information Server. An attacker can send these crafted URLs to a vulnerable Web server and execute code.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft internet_information_server 5.1
TFTP:TRANSPORT-BOF - TFTP: Multiple Vendors TFTP Transporting Mode Remote Buffer Overflow Vulnerability
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known buffer-overflow vulnerability against TFTPUtil GUI and 3COM TFTP server, a trivial file transfer protocol (TFTP) program. A successful attack allows an attacker to corrupt and overwrite memory and gain control of the affected application. An unsuccessful attack, can result in a denial-of-service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
HTTP:STC:DL:MAL-VBP - HTTP: Malformed Microsoft Visual Basic Project File
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Microsoft Visual Basic. A victim can download a malformed Visual Basic Project (VBP) file, resulting in a buffer overflow. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft visual_basic 6.0
APP:HPOV:NNM-RPING-BOF - APP: HP OpenView Network Node Manager rping Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in HP OpenView Network Node Manager. It is due to insufficient validation of user-supplied input. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.53
HTTP:STC:MS-IE-IFRAME-BO - HTTP: Microsoft Internet Explorer Iframe Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in CoolPlayer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Coolplayer coolplayer 215
- Coolplayer coolplayer 216
- Coolplayer coolplayer+_portable 2.19.1
- Coolplayer coolplayer 217
- Coolplayer coolplayer+_portable 2.19.2
- Coolplayer coolplayer 218
- Coolplayer coolplayer 219
IMAP:OVERFLOW:IBM-DOMINO-OF - IMAP: IBM Domino IMAP Mailbox Name Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in IBM Domino IMAP Server. Successful exploitation will result in the execution of arbitrary code with SYSTEM privileges. An unsuccessful attack could result in a denial of service condition of the affected service.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ibm domino 9.0.1.8
- Ibm domino 8.5.3
- Ibm domino 8.5.3.6
- Ibm domino 9.0.0.0
- Ibm domino 9.0.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Novell GroupWise Internet Agent. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Novell groupwise 7.0.0
- Novell groupwise 7.0.0 SP3
- Novell groupwise 7.0.0 SP1
- Novell groupwise 7.0.0 SP2
- Novell groupwise 7.01
- Novell groupwise 7.03
- Novell groupwise 7.03Hp1a
- Novell groupwise 8.0
- Novell groupwise 8.0 HP1
- Novell groupwise 7.02X
- Novell groupwise 7.03 HP2
VOIP:SIP:SDP:HDR-BOF - VOIP: Digium Asterisk SIP SDP Header Parsing Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Digium Asterisk. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.
Supported On:
idp-5.1.110161014, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Asterisk open_source 11.2.0 (rc1)
- Asterisk open_source 11.1.0 (rc3)
- Asterisk open_source 11.0.0 (rc1)
- Asterisk open_source 11.0.0 (rc2)
- Asterisk open_source 11.0.0 (beta2)
- Asterisk open_source 11.2.0 (rc2)
- Asterisk open_source 11.0.1
- Asterisk open_source 11.2.1
- Asterisk open_source 11.0.0 (beta1)
- Asterisk open_source 11.1.2
- Asterisk open_source 11.1.0 (rc1)
- Asterisk open_source 11.0.2
- Asterisk open_source 11.1.1
APP:IBM:TIVOLI-FASTBACK-OF - APP: IBM Tivoli Storage Manager FastBack Mount Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against IBM Tivoli. A successful exploit can lead to buffer overflow and arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ibm tivoli_storage_manager_fastback 6.1.9.1
- Ibm tivoli_storage_manager_fastback 6.1.10.1
- Ibm tivoli_storage_manager_fastback 6.1.0.1
- Ibm tivoli_storage_manager_fastback 6.1.8.0
- Ibm tivoli_storage_manager_fastback 6.1.9.0
- Ibm tivoli_storage_manager_fastback 6.1.8.1
- Ibm tivoli_storage_manager_fastback 6.1.7.2
- Ibm tivoli_storage_manager_fastback 6.1.10.0
- Ibm tivoli_storage_manager_fastback 6.1.11.0
- Ibm tivoli_storage_manager_fastback 6.1.1.0
Severity: INFO
Description:
This signature detects a SSL-SERVER-HELLO response with 'DHE_EXPORT' RSA cipher suites. Most 'modern' clients (e.g., web browsers) won't offer export grade cipher suites as part of the negotiation process as they are considered as weak encryption.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Apple safari *
- Mozilla firefox *
- Microsoft ie *
- Oracle jre 1.7.0
- Mozilla firefox_esr 38.1.0
- Oracle jre 1.8.0
- Openssl openssl 1.0.1f
- Openssl openssl 1.0.1g
- Canonical ubuntu_linux 14.04
- Google chrome -
- Canonical ubuntu_linux 14.10
- Suse linux_enterprise_server 11.0
- Oracle jrockit r28.3.6
- Oracle jdk 1.8.0
- Canonical ubuntu_linux 15.04
- Suse linux_enterprise_desktop 12
- Oracle jdk 1.7.0
- Debian debian_linux 8.0
- Mozilla network_security_services 3.19
- Openssl openssl 1.0.1i
- Hp hp-ux b.11.31
- Openssl openssl 1.0.1j
- Mozilla firefox_esr 31.8
- Openssl openssl 1.0.1k
- Suse linux_enterprise_software_development_kit 12
- Oracle jdk 1.6.0
- Openssl openssl 1.0.1l
- Mozilla firefox_os 2.2
- Oracle sparc-opl_service_processor 1121
- Openssl openssl 1.0.1m
- Ibm content_manager 8.5
- Openssl openssl 1.0.1
- Oracle jre 1.6.0
- Apple mac_os_x 10.10.3
- Openssl openssl 1.0.1h
- Suse suse_linux_enterprise_server 12
- Apple iphone_os 8.3
- Openssl openssl 1.0.1a
- Openssl openssl 1.0.2a
- Openssl openssl 1.0.1b
- Openssl openssl 1.0.2
- Debian debian_linux 7.0
- Mozilla firefox 39.0
- Openssl openssl 1.0.1c
- Mozilla thunderbird 38.1
- Mozilla seamonkey 2.35
- Mozilla thunderbird 31.8
- Openssl openssl 1.0.1d
- Opera opera_browser -
- Canonical ubuntu_linux 12.04
- Openssl openssl 1.0.1e
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Director file. A successful attack can lead to memory corruption and arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Adobe shockwave_player 11.5.2.602
- Adobe shockwave_player 11.5.1.601
- Adobe shockwave_player 10.0.1.004
- Adobe shockwave_player 11.0.3.471
- Adobe shockwave_player 10.1.1.016
- Adobe shockwave_player 6.0
- Adobe shockwave_player 8.0.204
- Adobe shockwave_player 8.5.1.105
- Adobe shockwave_player 10.1.4.020
- Adobe shockwave_player 11.0.0.456
- Adobe shockwave_player 9
- Adobe shockwave_player 8.5.1.106
- Adobe shockwave_player 10.1.0.11
- Adobe shockwave_player 8.5.325
- Adobe shockwave_player 8.0.196a
- Adobe shockwave_player 1.0
- Adobe shockwave_player 8.5.324
- Adobe shockwave_player 8.5.1.100
- Adobe shockwave_player 3.0
- Adobe shockwave_player 8.5.321
- Adobe shockwave_player 10.1.0.011
- Adobe shockwave_player 8.5.1.103
- Adobe shockwave_player 11.5.0.596
- Adobe shockwave_player 8.5.323
- Adobe shockwave_player 4.0
- Adobe shockwave_player 11.5.0.595
- Adobe shockwave_player 10.2.0.021
- Adobe shockwave_player 9.0.432
- Adobe shockwave_player 11.5.6.606
- Adobe shockwave_player 9.0.383
- Adobe shockwave_player 8.5.1
- Adobe shockwave_player 10.2.0.023
- Adobe shockwave_player 5.0
- Adobe shockwave_player 10.2.0.022
- Adobe shockwave_player 8.0
- Adobe shockwave_player 8.0.196
- Adobe shockwave_player 2.0
- Adobe shockwave_player 10.0.0.210
- Adobe shockwave_player 8.0.205
- Adobe shockwave_player up to 11.5.7.609
APP:HP-LOADRUNNER-BO - APP: HP LoadRunner Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against HP LoadRunner. A successful exploit can lead to buffer overflow and arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
APP:HPOV:NNMI-BO - APP: HP Network Node Manager(NNMi) ovopi.dll Options Handling Remote Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Network Node Manager I (NNMi). A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Network Node Manager I (NNMi).
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp network_node_manager_i 9.10
- Hp network_node_manager_i 9.0
- Hp network_node_manager_i 9.20
APP:NOVELL:GROUPWISE-WA - APP: Novell GroupWise WebAccess HTTP Basic Authentication Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Novell Groupwise WebAccess. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Novell groupwise 7.0.0
- Novell groupwise 7.0.0 SP1
RTSP:DESCRIBE-BOF - RTSP: RealNetworks Helix Server RTSP DESCRIBE Heap Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in RealNetworks Helix. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Real_networks helix_mobile_server 11.1.7
- Real_networks helix_mobile_server 11.1.4
- Real_networks helix_mobile_server 11.1.2
- Real_networks helix_mobile_server 11.1.6
- Real_networks helix_server 11.1.4
- Real_networks helix_server 11.1.2
- Real_networks helix_server 11.1.6
- Real_networks helix_server 11.1.7
- Real_networks helix_server 12.0.0
- Real_networks helix_mobile_server 12.0.0
APP:EMC-AUTOSTART-BOF - APP: EMC AutoStart Error Logging Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against EMC AutoStart Error Logging. A successful attack can lead to a stack-based overflow and arbitrary remote code execution within the context of the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Emc autostart 5.4
- Emc autostart 5.3
- Emc autostart 5.3 SP1
- Emc autostart 5.3 SP2
- Emc autostart 5.3 SP3
HTTP:STC:MOZILLA:MOZ-FLOAT-OF - HTTP: Mozilla Firefox Floating Point Number Conversion Memory Corruption
Severity: MEDIUM
Description:
A memory corruption vulnerability exists in Mozilla Firefox Browser. The vulnerability is due to a boundary error when processing very long floating point numbers. A remote attacker can exploit this vulnerability by enticing the target user to open a malicious web page. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful exploit attempt can crash the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Mozilla firefox 3.0.5
- Suse linux 11
- Suse suse_linux_enterprise 11
- Avaya message_networking
- Sun opensolaris Build Snv 99
- Red_hat enterprise_linux_desktop 5 Client
- Mozilla thunderbird 2.0.0.18
- Mozilla seamonkey 1.1.13
- Red_hat enterprise_linux_optional_productivity_application 5 Server
- K-meleon k-meleon 1.5.3
- Red_hat enterprise_linux_as 3
- Vmware esx_server 4.0
- Sun opensolaris Build Snv 101A
- Sun opensolaris Build Snv 119
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_ws 3
- Sun opensolaris Build Snv 121
- Sun opensolaris Build Snv 112
- Mozilla firefox 3.0
- Mandriva linux_mandrake 2009.1 X86 64
- Ubuntu ubuntu_linux 8.04 LTS Amd64
- Ubuntu ubuntu_linux 8.04 LTS I386
- Ubuntu ubuntu_linux 8.04 LTS Lpia
- Ubuntu ubuntu_linux 8.04 LTS Powerpc
- Ubuntu ubuntu_linux 8.04 LTS Sparc
- Red_hat desktop 3.0.0
- Mozilla firefox 3.0.11
- Sun opensolaris Build Snv 122
- Suse opensuse 10.3
- Red_hat desktop 4.0.0
- Mozilla firefox 3.0.4
- Sun opensolaris Build Snv 123
- Red_hat fedora 11
- Mozilla thunderbird 2.0.0.5
- Mozilla firefox 3.0.8
- Ubuntu ubuntu_linux 9.10 Amd64
- Ubuntu ubuntu_linux 9.10 I386
- Slackware linux 13.0 X86 64
- Ubuntu ubuntu_linux 9.10 Powerpc
- Ubuntu ubuntu_linux 9.10 Sparc
- Avaya intuity_audix_lx 2.0 SP2
- Mozilla firefox 3.0.7
- Sun opensolaris Build Snv 102
- Suse suse_linux_enterprise 10 SP2 DEBUGINFO
- Slackware linux 13.0
- Ubuntu ubuntu_linux 9.10 Lpia
- Mozilla thunderbird 2.0.0.4
- Mandriva enterprise_server 5 X86 64
- Vmware vma 4.0
- Suse suse_linux_enterprise_desktop 11
- Sun opensolaris Build Snv 127
- Sun opensolaris Build Snv 110
- Sun opensolaris Build Snv 111
- Mandriva linux_mandrake 2008.0
- Mandriva linux_mandrake 2008.0 X86 64
- Avaya intuity_audix_lx 2.0 SP1
- Suse linux 9
- Mozilla thunderbird 2.0.0.23
- Mozilla seamonkey 1.1.16
- Mozilla firefox 3.5.0
- Mandriva linux_mandrake 2010.0 X86 64
- Mandriva linux_mandrake 2010.0
- Avaya intuity_audix_lx 2.0
- Suse suse_linux_enterprise_server 11 DEBUGINFO
- Mozilla firefox 3.0.2
- Mozilla seamonkey 1.1.3
- Mozilla seamonkey 1.1.12
- Mozilla thunderbird 2.0.0.17
- Red_hat enterprise_linux_as 4.8.Z
- Red_hat enterprise_linux_es 4.8.Z
- Suse suse_linux_enterprise_sdk 10 SP3
- Suse suse_linux_enterprise_desktop 10 SP3
- Suse suse_linux_enterprise_server 10 SP3
- Suse suse_linux_enterprise 10 SP3 DEBUGINFO
- Suse suse_linux_enterprise_server 11
- Sun opensolaris Build Snv 101
- Sun opensolaris Build Snv 116
- Sun opensolaris Build Snv 117
- Avaya messaging_storage_server 5.0
- Mozilla seamonkey 1.1.2
- Sun opensolaris Build Snv 100
- Mozilla thunderbird 2.0.0.13
- Mozilla seamonkey 1.1.9
- Debian linux 5.0
- Debian linux 5.0 Alpha
- Avaya message_networking 3.1
- Debian linux 5.0 Arm
- Debian linux 5.0 Hppa
- Debian linux 5.0 Ia-32
- Debian linux 5.0 Ia-64
- Debian linux 5.0 M68k
- Debian linux 5.0 Mips
- Debian linux 5.0 Mipsel
- Debian linux 5.0 Powerpc
- Debian linux 5.0 S/390
- Mozilla firefox 3.0.1
- Ubuntu ubuntu_linux 9.04 Sparc
- Mozilla thunderbird 2.0.0.15
- Mozilla thunderbird 2.0.0.16
- Mozilla seamonkey 1.1.11
- Sun opensolaris Build Snv 108
- Mozilla firefox 3.0.10
- Suse opensuse 11.0
- Sun opensolaris Build Snv 118
- Mozilla thunderbird 2.0.0.8
- Mozilla seamonkey 1.1.5
- Mandriva enterprise_server 5
- Mandriva linux_mandrake 2009.1
- Ubuntu ubuntu_linux 9.04 Amd64
- Ubuntu ubuntu_linux 9.04 I386
- Ubuntu ubuntu_linux 9.04 Lpia
- Ubuntu ubuntu_linux 9.04 Powerpc
- Mozilla seamonkey 1.1.1
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Red_hat enterprise_linux 5 Server
- Mozilla seamonkey 1.1 Beta
- Sun opensolaris Build Snv 103
- Pardus linux_2008
- Sun opensolaris Build Snv 95
- Mozilla firefox 3.5.3
- Mozilla firefox 3.0.14
- Slackware linux -Current
- Sun opensolaris Build Snv 124
- Sun opensolaris Build Snv 125
- Mozilla seamonkey 1.1.6
- Red_hat fedora 10
- Sun opensolaris Build Snv 111A
- Sun opensolaris Build Snv 109
- Sun opensolaris Build Snv 96
- Red_hat enterprise_linux_optional_productivity_application 5.4.Z Server
- Sun opensolaris Build Snv 126
- Sun opensolaris Build Snv 114
- Slackware linux 12.0
- Mozilla thunderbird 3.0
- Mozilla sunbird 0.9
- Flock flock 2.5.2
- Mozilla firefox 3.0.9
- Sun opensolaris Build Snv 113
- Mozilla thunderbird 2.0.0.6
- Mozilla seamonkey 1.1.17
- Mozilla seamonkey 1.1.4
- Suse suse_linux_enterprise_desktop 10 SP2
- Suse suse_linux_enterprise_server 10 SP2
- Suse suse_linux_enterprise_sdk 10 SP2
- Mozilla firefox 3.5.2
- Mozilla thunderbird 2.0.0.22
- Ubuntu ubuntu_linux 8.10 I386
- Suse linux 10.0
- Ubuntu ubuntu_linux 8.10 Powerpc
- Ubuntu ubuntu_linux 8.10 Sparc
- Sun opensolaris Build Snv 120
- Ubuntu ubuntu_linux 8.10 Amd64
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_ws 4
- Red_hat enterprise_linux Desktop Version 4
- Mozilla seamonkey 1.1.14
- Avaya voice_portal 4.0
- Avaya voice_portal 4.1
- Ubuntu ubuntu_linux 8.10 Lpia
- Mozilla firefox 3.5.1
- Avaya message_networking MN 3.1
- Sun opensolaris Build Snv 98
- Slackware linux 11.0
- Mozilla seamonkey 1.1.10
- Mozilla thunderbird 2.0.0.14
- Mozilla firefox 3.0.6
- Mozilla thunderbird 2.0.0.21
- Mozilla seamonkey 1.1.15
- Debian linux 5.0 Sparc
- Mozilla firefox 3.0.3
- Mozilla camino 1.6.9
- Sun opensolaris Build Snv 115
- Suse opensuse 11.1
- Mozilla seamonkey 1.1.18
- Avaya messaging_storage_server 4.0
- Sun opensolaris Build Snv 104
- Sun opensolaris Build Snv 105
- Mozilla thunderbird 2.0.0.12
- Mozilla seamonkey 1.1.8
- Slackware linux 12.2
- Mozilla seamonkey 1.1.7
- Mozilla firefox 3.0.13
- Mozilla thunderbird 2.0.0 .19
- Mozilla firefox 3.0.12
- Mozilla thunderbird 2.0.0.9
- Debian linux 5.0 Amd64
- Sun opensolaris Build Snv 106
- Sun opensolaris Build Snv 107
- Debian linux 5.0 Armel
- Pardus linux_2009
HTTP:STC:RHINO-HDR-OF - HTTP: Rhino Software Serv-U Server HTTP Request Handling Buffer Overflow
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Rhino Software Serv-U. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Rhino_software serv-u_web_client 9.0.0.5
HTTP:IBM-INFORMIX-DS-BO - HTTP: IBM Informix Dynamic Server index.php testconn Heap Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in IBM's Informix Dynamic Server and Informix Open Admin Tool. Successful exploitation could result in code execution with SYSTEM privileges.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ibm informix_open_admin_tool 11.5
- Ibm informix_open_admin_tool 11.7
- Ibm informix_open_admin_tool 12.1
APP:HP-PM-EXP-DATA-LOGS - APP: HP Power Manager formExportDataLogs Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known buffer overflow vulnerability in HP Power Manager. It is due to insufficient bounds checking in the HP Power Manager while processing URL parameters. In a successful code execution attack the injected code is executed within the security context of the SYSTEM user. An unsuccessful exploit attempt can terminate the affected service abnormally and result in a denial-of-service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp power_manager 4.0Build10
- Hp power_manager 4.0Build11
- Hp power_manager 4.2.9
- Hp power_manager 4.2.7
- Hp power_manager
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cyber criminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
HTTP:NOVELL:GROUPWISE-NETAGT-BO - HTTP: Novell GroupWise Internet Agent HTTP Interface Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Novell GroupWise Internet Agent. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Novell groupwise 8.02 HP1
- Novell groupwise 8.0 SP1
- Novell groupwise 8.01X
- Novell groupwise 8.0 HP2
- Novell groupwise 8.02 HP2
- Novell groupwise 8.0
- Novell groupwise 8.0 HP1
- Novell groupwise 8.0 SP2
- Novell groupwise_internet_agent 8.0
- Novell groupwise 8.0 HP3
- Novell groupwise 8.02
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against SSL Client Master Key packet. OpenSSL 0.9.6d and earlier versions are vulnerable. Attackers can send malicious Key packets to exploit a buffer overflow condition in the KEY_ARG parameter. This signature also detects attempts to exploit the Server Stack overflow in Mozilla Network Services. A successful attack can allow arbitrary code execution on the target host.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Openssl_project openssl 0.9.6 A
- Apache_software_foundation apache 1.3.14 Mac
- Hp openssl_for_openvms_alpha 1.0.0
- Hp tcp/ip_services_for_openvms 5.3.0
- Hp openvms_secure_web_server 1.1.0 -1
- Hp openvms_secure_web_server 1.2.0
- Apache_software_foundation apache 2.0.28 Beta
- Cisco secure_content_accelerator_10000
- Apache_software_foundation apache 1.3.3
- Apache_software_foundation apache 1.3.14
- Sonicwall ssl-r3 4.0.0 .18
- Apache_software_foundation apache 1.3.17
- Sonicwall ssl-rx 4.0.0 .18
- Openssl_project openssl 0.9.4
- Apple mac_os_x 10.1.0
- Apache_software_foundation apache 1.3.0
- Apache_software_foundation apache 1.2.5
- Apache_software_foundation apache 1.3.1
- Oracle corporatetime_outlook_connector 3.1.1
- Oracle corporatetime_outlook_connector 3.1.2
- Oracle corporatetime_outlook_connector 3.3.0
- Apple mac_os_x 10.1.5
- Apache_software_foundation apache 2.0.40
- Hp virtualvault 4.5.0
- Apache_software_foundation apache 1.0.3
- Sonicwall ssl-r 4.0.0 .18
- Juniper_networks junos 5.0.0
- Juniper_networks junos 5.1.0
- Covalent fast_start_server 3.1.0
- Covalent enterprise_ready_server 2.1.0
- Covalent enterprise_ready_server 2.2.0
- Sonicwall ssl-r6 4.0.0 .18
- Rsa_security bsafe_ssl-c 2.1.0
- Rsa_security bsafe_ssl-c 2.2.0
- Rsa_security bsafe_ssl-c 2.3.0
- Ibm http_server 1.3.19
- Juniper_networks junos 5.6.0
- Juniper_networks junos 5.5.0
- Juniper_networks junos 5.4.0
- Juniper_networks junos 5.3.0
- Juniper_networks junos 5.2.0
- Juniper_networks sdx-300 3.1.0
- Juniper_networks sdx-300 3.1.1
- Secure_computing safeword_premieraccess 3.1.0
- Apple mac_os_x 10.0.2
- Oracle oracle9i_application_server
- Apache_software_foundation apache 1.0.0
- Apache_software_foundation apache 1.0.2
- Apache_software_foundation apache 1.0.5
- Apache_software_foundation apache 1.1.0
- Apache_software_foundation apache 1.1.1
- Novell netmail 3.10.0
- Novell netmail 3.10.0 b
- Novell netmail 3.10.0 a
- Oracle oracle9i_application_server 1.0.2
- Apple mac_os_x 10.1.2
- Apple mac_os_x 10.1.1
- Apple mac_os_x 10.0.4
- Apache_software_foundation apache 2.0.36
- Apache_software_foundation apache 2.0.35
- Apache_software_foundation apache 2.0.28
- Apple mac_os_x 10.1.3
- Gentoo linux 1.4.0 _rc3
- Gentoo linux 1.4.0 _rc2
- Apache_software_foundation apache 2.0.38
- Apache_software_foundation apache 2.0.37
- Apache_software_foundation apache 1.3.25
- Gentoo linux 0.5.0
- Gentoo linux 0.7.0
- Apache_software_foundation apache 1.3.4
- Apache_software_foundation apache 1.3.26
- Apache_software_foundation apache 1.2.0
- Apache_software_foundation apache 1.3.23
- Ibm linux_affinity_toolkit
- Apache_software_foundation apache 1.3.7 -Dev
- Novell netmail 3.10.0 c
- Novell netmail 3.10.0 d
- Apple mac_os_x 10.1.4
- Apache_software_foundation apache 1.3.15
- Apache_software_foundation apache 1.3.20
- Oracle oracle9i_application_server 1.0.2 .2
- Oracle oracle9i_application_server 1.0.2 .1s
- Oracle oracle_http_server 9.0.1
- Oracle oracle_http_server 9.2.0 .0
- Apache_software_foundation apache 1.3.13
- Apache_software_foundation apache 1.3.6
- Apache_software_foundation apache 1.3.9
- Apache_software_foundation apache 1.3.11
- Apple mac_os_x_server 10.0.0
- Apache_software_foundation apache 1.3.24
- Apache_software_foundation apache 2.0.28 -BETA
- Apache_software_foundation apache 2.0.34 -BETA
- Apache_software_foundation apache 2.0.32 -BETA
- Openssl_project openssl 0.9.7 Beta2
- Apple mac_os_x 10.0.0
- Oracle corporatetime_outlook_connector 3.1.0
- Hp secure_os_software_for_linux 1.0.0
- Openssl_project openssl 0.9.6 B
- Hp virtualvault 4.6.0
- Apache_software_foundation apache 2.0.32
- Apache_software_foundation apache 1.3.12
- Apache_software_foundation apache 2.0.0
- Openssl_project openssl 0.9.1 C
- Openssl_project openssl 0.9.2 B
- Openssl_project openssl 0.9.3
- Openssl_project openssl 0.9.5
- Apache_software_foundation apache 2.0.39
- Apache_software_foundation apache 1.3.16
- Apache_software_foundation apache 1.3.18
- Apache_software_foundation apache 1.3.22
- Apple mac_os_x 10.2.0
- Gentoo linux 1.2.0
- Gentoo linux 1.4.0 _rc1
- Gentoo linux 1.1.0 A
- Hp tru64_unix_compaq_secure_web_server 5.8.1
- Hp tru64_unix_internet_express 5.9.0
- Hp internet_express_eak 2.0.0
- Hp webproxy 1.0.0
- Hp webproxy 2.0.0
- Apple mac_os_x 10.0.1
- Openssl_project openssl 0.9.7 Beta1
- Apache_software_foundation apache 1.3.19
- Openssl_project openssl 0.9.6 D
- Openssl_project openssl 0.9.5 A
- Openssl_project openssl 0.9.6 C
- Apple mac_os_x 10.0.3
- Openssl_project openssl 0.9.6
HTTP:OFFICESCAN-CGIRECVFILE - HTTP: Trend Micro OfficeScan Server cgiRecvFile Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known buffer overflow vulnerability in Trend Micro's OfficeScan. It is due to a boundary error when handling HTTP requests. An unauthenticated remote attacker can leverage this to inject and execute arbitrary code with System level privileges on the target system. In a successful code injection and execution attack, the behavior of the target is entirely dependent on the intended function of the injected code. In an unsuccessful attack, the CGI process initiated for the session terminates abnormally.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Trend_micro client_server_messaging_security 3.6
- Trend_micro officescan 7.0
- Trend_micro officescan 7.3
- Trend_micro officescan 8.0
HTTP:STC:DL:QT-SMIL-FILEHAND - HTTP: Apple QuickTime SMIL File Handling Integer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Apple QuickTime. A successful attack can lead to an integer overflow and arbitrary remote code execution within the context of the application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Apple quicktime_player 7.1.2
- Apple quicktime_player 7.1
- Apple quicktime_player 6.5.1
- Apple quicktime_player 6.5.0
- Apple quicktime_player 6.5.2
- Apple quicktime_player 7.1.4
- Apple quicktime_player 7.0.2
- Apple quicktime_player 7.0.3
- Apple quicktime_player 6.1.0
- Apple quicktime_player 7.1.5
- Apple quicktime_player 7.0.1
- Apple quicktime_player 7.1.3
- Apple quicktime_player 6
- Apple quicktime_player 7.0.0
- Apple quicktime_player 5.0.2
- Apple quicktime_player 7.0.4
- Apple quicktime_player 7.1.1
MS-RPC:DCE-RPC-ADVANTECH-RCE - MS-RPC: Advantech Webaccess webvrpcs Directory Traversal Remote Code Execution
Severity: HIGH
Description:
This signature detects attempt to exploit a directory traversal and remote code execution vulnerability exists in Advantech WebAccess software. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the remote service. Successful exploitation could lead to remote code execution on the target server with privileges of the application process.
Supported On:
idp-5.1.110161014, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.110121210, srx-12.1, srx-branch-12.1, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Advantech webaccess 8.3.2
HTTP:STC:DL:MAL-WOFF - HTTP: Mozilla Firefox WOFF Font Processing Integer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known code execution vulnerability Mozilla Firefox. It is due to an integer overflow error in a font decompression routine within the Web Open Fonts Format (WOFF) decoder. This can be exploited by remote attackers to execute arbitrary code on the target machine by enticing a user to open a maliciously crafted WOFF file. In a successful attack the behavior of the target system depends entirely on the logic of the injected code, which runs within the security context of the currently logged in user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
HTTP:STC:DL:KINGVIEW-LOGFILE-BO - HTTP: WellinTech KingView KingMess Log File Parsing Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the WellinTech KingView SCADA software. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Wellintech kingview 6.55
- Wellintech kingview 6.52
- Wellintech kingview 6.53
DB:MYSQL:COMMANDS-BO - DB: Oracle MySQL Multiple Commands Heap Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Oracle MySQL database server. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Supported On:
idp-5.1.110161014, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Mariadb mariadb 5.5.28a
- Oracle mysql 5.5.19
IMAP:IPSWITCH:SEARCH-DATE - IMAP: Ipswitch IMail Server IMAP SEARCH Command Date String Stack Overflow
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known a buffer overflow vulnerability in the way Ipswitch IMail Server handles IMAP requests. It is due to lack of boundary protection while processing IMAP SEARCH command. A remote authenticated attacker can exploit this to cause a denial-of-service condition or inject and execute arbitrary code on the system within the security context of the affected service, normally System. In a successful code injection attack, the behavior of the target is entirely dependent on the intended function of the injected code. It would execute within the security context of the affected service, normally System. In an unsuccessful code injection attack the affected server terminates and reset all established connection.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ipswitch imail_server 2006
RPC:DCERPC:ARB-FILE-DEL - RPC: Advantech WebAccess webvrpcs Arbitrary File Deletion
Severity: HIGH
Description:
This signature detects attempts to exploit arbitrary file deletion vulnerability in Advantech WebAccess. Successful exploitation results in the deletion of arbitrary files from the target system.
Supported On:
idp-5.1.110161014, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.110121210, srx-12.1, srx-branch-12.1, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Advantech webaccess/nms 2.0.3
- Advantech webaccess 8.2_20170817
- Advantech webaccess_dashboard 2.0.15
- Advantech webaccess 8.3.0
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in CA BrightStor ARCserve Backup Tape Engine service. A successful attack can result in a denial-of-service condition.
Supported On:
idp-5.1.110161014, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, mx-16.1, srx-branch-19.2, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-12.1, srx-branch-12.1, idp-4.2.110100823, idp-5.0.110130325, idp-4.2.110101203, vsrx-12.1, idp-5.1.0, idp-5.0.110121210, srx-branch-19.1, vsrx-15.1, idp-4.1.110110609, srx-19.2
References:
Affected Products:
- Computer_associates brightstor_arcserve_backup 11.5
- Computer_associates brightstor_arcserve_backup_for_windows_(all) 11.1
- Computer_associates brightstor_arcserve_backup r12.0 Windows
- Computer_associates brightstor_arcserve_backup_for_windows_(all) 11.5.0
- Computer_associates brightstor_arcserve_backup 11.1.0
- Computer_associates server_protection_suite r2
- Computer_associates business_protection_suite r2
- Computer_associates business_protection_suite_for_microsoft_sbs_std_ed r2
- Computer_associates business_protection_suite_for_microsoft_sbs_pre_ed r2
- Computer_associates brightstor_arcserve_backup_for_windows 11.0.0
- Computer_associates brightstor_enterprise_backup 10.5.0
- Computer_associates brightstor_arcserve_backup r12
HTTP:STC:ADOBE:CVE-2018-12788CE - HTTP: Adobe Acrobat Reader CVE-2018-12788 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Adobe acrobat_dc 17.011.30059
- Adobe acrobat_reader_dc 15.006.30418
- Adobe acrobat_reader_dc 17.011.30079
- Adobe acrobat_dc 17.011.30066
- Adobe acrobat_reader_dc 17.011.30080
- Adobe acrobat_reader_dc 17.000.0000
- Adobe acrobat_reader_dc 17.011.30078
- Adobe acrobat_dc 17.012.20096
- Adobe acrobat_reader_dc 15.006.30416
- Adobe acrobat_reader_dc 18.011.20040
- Adobe acrobat_dc 17.011.30080
- Adobe acrobat_dc 15.006.30413
- Adobe acrobat_dc 17.011.30070
- Adobe acrobat_dc 17.011.30068
- Adobe acrobat_dc 15.006.30416
- Adobe acrobat_reader_dc 17.011.30068
- Adobe acrobat_reader_dc 18.011.20038
- Adobe acrobat_dc 15.006.30417
- Adobe acrobat_reader_dc 15.006.30417
- Adobe acrobat_dc 18.011.20040
- Adobe acrobat_dc 15.006.30418
- Adobe acrobat_reader_dc 17.011.30070
- Adobe acrobat_dc 17.011.30065
- Adobe acrobat_dc 17.011.30078
- Adobe acrobat_dc 18.011.20038
- Adobe acrobat_dc 17.000.0000
- Adobe acrobat_dc 17.011.30079
- Adobe acrobat_reader_dc 17.011.30065
- Adobe acrobat_reader_dc 17.011.30059
- Adobe acrobat_reader_dc 17.011.30066
- Adobe acrobat_reader_dc 15.006.30119
- Adobe acrobat_dc 17.012.20093
- Adobe acrobat_reader_dc 15.006.30280
- Adobe acrobat_dc 15.006.30392
- Adobe acrobat_dc 15.006.30354
- Adobe acrobat_dc 15.016.20045
- Adobe acrobat_reader_dc 15.006.30394
- Adobe acrobat_reader_dc 15.006.30306
- Adobe acrobat_reader_dc 15.006.30352
- Adobe acrobat_dc 15.006.30394
- Adobe acrobat_dc 15.009.20077
- Adobe acrobat_reader_dc 15.006.30392
- Adobe acrobat_reader_dc 15.009.20071
- Adobe acrobat_dc 15.006.30306
- Adobe acrobat_dc 15.006.30119
- Adobe acrobat_reader_dc 15.006.30060
- Adobe acrobat_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30354
- Adobe acrobat_reader_dc 15.020.20039
- Adobe acrobat_reader_dc 18.009.20044
- Adobe acrobat_dc 15.009.20071
- Adobe acrobat_reader_dc 17.012.20095
- Adobe acrobat_reader_dc 15.009.20077
- Adobe acrobat_reader_dc 15.006.30096
- Adobe acrobat_reader_dc 15.023.20053
- Adobe acrobat_dc 15.006.30060
- Adobe acrobat_dc 15.020.20039
- Adobe acrobat_reader_dc 15.009.20079
- Adobe acrobat_dc 15.023.20056
- Adobe acrobat_dc 15.006.30096
- Adobe acrobat_dc 15.009.20069
- Adobe acrobat_dc 15.006.30094
- Adobe acrobat_dc 18.009.20044
- Adobe acrobat_dc 15.023.20053
- Adobe acrobat_dc 15.009.20079
- Adobe acrobat_dc 15.006.30244
- Adobe acrobat_dc 15.010.20056
- Adobe acrobat_reader_dc 15.006.30201
- Adobe acrobat_reader_dc 15.006.30244
- Adobe acrobat_reader_dc 15.010.20056
- Adobe acrobat_reader_dc 17.012.20098
- Adobe acrobat_reader_dc 15.017.20053
- Adobe acrobat_reader_dc 15.006.30279
- Adobe acrobat_dc 15.006.30172
- Adobe acrobat_reader_dc 15.006.30174
- Adobe acrobat_dc 17.012.20098
- Adobe acrobat_dc 15.006.30174
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat_reader_dc 15.006.30172
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat_reader_dc 15.010.20060
- Adobe acrobat_dc 15.006.30279
- Adobe acrobat_dc 17.009.20044
- Adobe acrobat_dc 15.017.20053
- Adobe acrobat_dc 15.010.20060
- Adobe acrobat_dc 15.006.30355
- Adobe acrobat_reader_dc 17.009.20044
- Adobe acrobat_reader_dc 15.008.20082
- Adobe acrobat_reader_dc 15.017.20050
- Adobe acrobat_reader_dc 15.006.30355
- Adobe acrobat_dc 15.008.20082
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_reader_dc 15.006.30097
- Adobe acrobat_reader_dc 15.016.20039
- Adobe acrobat_reader_dc 15.006.30173
- Adobe acrobat_dc 15.006.30097
- Adobe acrobat_dc 15.006.30201
- Adobe acrobat_reader_dc 15.023.20056
- Adobe acrobat_reader_dc 15.020.20042
- Adobe acrobat_dc 15.006.30121
- Adobe acrobat_reader_dc 17.009.20058
- Adobe acrobat_dc 15.016.20039
- Adobe acrobat_reader_dc 15.006.30243
- Adobe acrobat_dc 18.009.20050
- Adobe acrobat_dc 15.006.30243
- Adobe acrobat_reader_dc 15.009.20069
- Adobe acrobat_dc 15.020.20042
- Adobe acrobat_reader_dc 15.006.30198
- Adobe acrobat_dc 17.009.20058
- Adobe acrobat_reader_dc 18.009.20050
- Adobe acrobat_reader_dc 15.006.30094
- Adobe acrobat_reader_dc 15.010.20059
- Adobe acrobat_dc 17.012.20095
- Adobe acrobat_dc 15.006.30198
- Adobe acrobat_dc 15.006.30173
- Adobe acrobat_reader_dc 15.016.20045
- Adobe acrobat_dc 15.010.20059
- Adobe acrobat_dc 15.017.20050
- Adobe acrobat_dc 15.016.20041
- Adobe acrobat_dc 15.006.30280
- Adobe acrobat_reader_dc 15.016.20041
- Adobe acrobat_reader_dc 17.012.20093
APP:HPOV:NNMRPTCONG-TEMPL - APP: HP OpenView Network Node Manager nnmRptConfig.exe Template Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against HP OpenView Network Node Manager (NNM) CGI program nnmRptConfig.exe. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.53
- Hp openview_network_node_manager 7.01
- Hp openview_network_node_manager 7.50
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.50.0 HP-UX 11.X
- Hp openview_network_node_manager 7.50.0 Solaris
- Hp openview_network_node_manager 7.50.0 Windows 2000/XP
- Hp openview_network_node_manager 7.50.0 Linux
- Hp openview_network_node_manager 7.50.0
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft ISAPI Indexing Service for IIS. Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier versions are vulnerable. Attackers can send a long argument to Internet Data Administration and Internet Data Query files to overflow the buffer in the ISAPI extension and execute arbitrary commands.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Cisco uone_enterprise_edition
- Cisco ics_7750
- Cisco building_broadband_service_manager_(bbsm) 5.0.0
- Cisco ics_firmware 1.0.0
- Cisco ics_firmware 2.0.0
- Cisco unity_server 3.1.0
- Cisco unity_server 3.2.0
- Cisco unity_server 3.3.0
- Cisco ip/vc_3540_application_server
- Microsoft index_server 2.0
- Cisco building_broadband_service_manager_(bbsm) 5.2.0
- Cisco unity_server 2.46.0
- Cisco unity_server 3.0.0
- Cisco call_manager 3.3.0 (3)
- Cisco call_manager 4.0.0
- Cisco collaboration_server
- Cisco dynamic_content_adapter
- Cisco media_blender
- Cisco trailhead
- Cisco call_manager 3.1.0 (2)
- Cisco call_manager 3.3.0
- Cisco call_manager
- Cisco call_manager 3.2.0
- Cisco building_broadband_service_manager_(bbsm) 5.1.0
- Cisco building_broadband_service_manager_(bbsm) 4.5.0
- Cisco building_broadband_service_manager_(bbsm) 4.4.0
- Cisco unity_server
- Cisco building_broadband_service_manager_(bbsm) 4.2.0
- Cisco building_broadband_service_manager_(bbsm) 4.0.1
- Cisco building_broadband_service_manager_(bbsm) 3.0.0
- Cisco building_broadband_service_manager_(bbsm) 2.5.1
- Cisco unity_server 4.0.0
- Microsoft indexing_services_for_windows_2000
- Cisco call_manager 3.0.0
- Cisco call_manager 2.0.0
- Cisco call_manager 1.0.0
- Cisco unity_server 2.0.0
- Cisco unity_server 2.1.0
- Cisco unity_server 2.2.0
- Cisco unity_server 2.3.0
- Cisco unity_server 2.4.0
- Cisco uone 3.0.0
- Cisco uone 2.0.0
- Cisco uone 4.0.0
- Cisco uone 1.0.0
- Cisco call_manager 3.1.0 (3a)
- Cisco building_broadband_service_manager_(bbsm) 4.3.0
- Cisco call_manager 3.1.0
APP:HPOV:NNM-SNMP-HOST - APP: HP OpenView Network Node Manager snmpviewer.exe Host Header Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known buffer overflow vulnerability in the HP OpenView Network Node Manager (NNM) CGI program snmpviewer.exe. It is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the Internet Guest account. In a successful attack, the behavior of the target is dependent on the logic of the malicious code.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.53
- Hp openview_network_node_manager 7.01
- Hp openview_network_node_manager 7.50
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.50.0 HP-UX 11.X
- Hp openview_network_node_manager 7.50.0 Solaris
- Hp openview_network_node_manager 7.50.0 Windows 2000/XP
- Hp openview_network_node_manager 7.50.0 Linux
- Hp openview_network_node_manager 7.50.0
APP:HPOV:NNM-LOGIN-BOF - APP: HP OpenView Network Node Manager ovsessionmgr.exe Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against HP OpenView Network Node Manager (NNM). The vulnerability is due to a boundary error in ovsessionmgr.exe when processing the 'userid' and 'passwd' parameters sent in an HTTP POST request. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to a target server, potentially causing arbitrary code to be injected and executed in the security context of the SYSTEM user. In an attack scenario, where arbitrary code is injected and executed on the target machine, the behavior of the target is dependent on the logic of the malicious code.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.53
- Hp openview_network_node_manager 7.01
- Hp openview_network_node_manager 7.50
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.50.0 HP-UX 11.X
- Hp openview_network_node_manager 7.50.0 Solaris
- Hp openview_network_node_manager 7.50.0 Windows 2000/XP
- Hp openview_network_node_manager 7.50.0 Linux
- Hp openview_network_node_manager 7.50.0
APP:MISC:HICP-HOSTNAME - APP: IntelliCom NetBiter Config Utility Hostname Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known buffer overflow vulnerability in Intellicom NetBiter Config utility. It is due to a boundary error in "NetbiterConfig.exe" while parsing an overly long "hn" (Hostname) parameter. Remote unauthenticated attackers can exploit this by sending a crafted UDP packet to port 3250 on the target host. Once the packet is received a NetBiter Config console user must be enticed to open the received message. A successful attack allows for executing arbitrary code on the target with the privileges of the currently logged on user. In an unsuccessful attack, the service terminates abnormally.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Intellicom_innovation netbiterconfig.exe 1.3.0
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in the HP OpenView Network Node Manager (NNM). A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.0.0.1
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.53
- Hp openview_network_node_manager 7.01
- Hp openview_network_node_manager 7.0.0.1 Solaris
- Hp openview_network_node_manager 7.0.0.1 HP-UX 11.X
- Hp openview_network_node_manager 7.01(IA)
- Hp openview_network_node_manager 7.0.0.1 Windows 2000/XP
HTTP:STC:IE:CVE-2014-0271-MC - HTTP: Microsoft Internet Explorer CVE-2014-0271 Memory Corruption
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft internet_explorer 7
- Microsoft internet_explorer 6
- Microsoft internet_explorer 11
- Microsoft vbscript 5.8
- Microsoft vbscript 5.7
- Microsoft internet_explorer 10
- Microsoft internet_explorer 9
- Microsoft vbscript 5.6
- Microsoft internet_explorer 8
DB:SYBASE:OPEN-SERVER-CE - DB: Sybase Open Server Function Pointer Array Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Sybase Open Server. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Sybase mfc/dc 15.x
- Sybase easerver 6.3.1
- Sybase adaptive_server_enterprise 15.0.0
- Sybase replication_server 15
- Sybase easerver 6.2
- Sybase easerver 6.0.2 Devel Edition
- Sybase easerver 6.0
- Sybase adaptive_server_enterprise 15.0.2 Linux
- Sybase open_switch 15
- Sybase adaptive_server_enterprise 15.0.2 Sun
- Sybase adaptive_server_enterprise 15.0.3 ESD#1
- Sybase open_switch
- Sybase adaptive_server_enterprise 15.0.3
- Sybase adaptive_server_enterprise 15.5
- Sybase adaptive_server_enterprise 15.0.2
- Sybase adaptive_server_enterprise 15.5 ESD#2
- Sybase easerver 6.3.1 ESD#2
- Sybase easerver 6.3.1 ESD#4
- Sybase easerver 6.3
- Sybase adaptive_server 15
- Sybase ecda 15.0
HTTP:NNMRPTCONFIG-EXE-RCE - HTTP: HP OpenView Network Node Manager nnmRptConfig.exe schd_select1 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in HP OpenView Network Node Manager. It is due to insufficient validation of user-supplied input. A remote attacker can exploit this by enticing a target to open a malicious URL link. A successful attack can result in arbitrary command execution and buffer overflow.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.53
APP:HPOV:OID-OF - APP: HP OpenView NNM snmp.exe Long OID Parameter
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in the Hewlett Packard OpenView Network Node Manager (NNM). A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.53
- Hp openview_network_node_manager 7.01
- Hp openview_network_node_manager 7.50
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.50.0 HP-UX 11.X
- Hp openview_network_node_manager 7.50.0 Solaris
- Hp openview_network_node_manager 7.50.0 Windows 2000/XP
- Hp openview_network_node_manager 7.50.0 Linux
- Hp openview_network_node_manager 7.50.0
HTTP:CISCO:CSUSERCGI-BOF - HTTP: Cisco User-Changeable Password CSuserCGI.exe Buffer Overflow
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability in Cisco User-Changeable Password. An attacker can create a malicious Web site containing Web pages with a large query to the CSuserCGI executable, which if accessed by a victim, allows the attacker to gain control of the victim's system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Cisco user-changeable_password_(ucp)
- Cisco user-changeable_password_(ucp) 3.3.4.12.5
APP:INGRES:DB-COMM-SVR-OF - APP: Ingress Database Communications Server Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Ingress Database Communications Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the servers.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Computer_associates cleverpath_aion_bpm 10.1
- Computer_associates unicenter_database_command_center 11.1
- Computer_associates unicenter_enterprise_job_manager 1.0 SP3
- Computer_associates unicenter_workload_control_center 1.0.SP4
- Computer_associates unicenter_workload_control_center 1.0 SP4
- Computer_associates advantage_data_transformer 2.2.0
- Computer_associates brightstor_arcserve_backup 11.1.0
- Computer_associates etrust_audit R8
- Computer_associates brightstor_arcserve_backup 11.5
- Computer_associates etrust_directory 8.1
- Computer_associates brightstor_arcserve_backup_for_linux 9.0.0
- Computer_associates brightstor_enterprise_backup_for_tru64 10.5.0
- Computer_associates brightstor_enterprise_backup_for_hp 10.5.0
- Computer_associates brightstor_enterprise_backup_for_aix 10.5.0
- Computer_associates brightstor_enterprise_backup_for_solaris 10.5.0
- Computer_associates brightstor_arcserve_backup_for_linux 11.1.0
- Ingres_corporation ingres_database 3.0.3
- Ingres_corporation ingres_database 2.5
- Ingres_corporation ingres_database 2.6
- Ingres_corporation ingres_database_2006
- Computer_associates allfusion_enterprise_workbench 1.1
- Computer_associates allfusion_enterprise_workbench 1.1 SP1
- Computer_associates allfusion_enterprise_workbench 7
- Computer_associates allfusion_enterprise_workbench 7.1
- Computer_associates allfusion_harvest_change_manager 7
- Computer_associates allfusion_harvest_change_manager 7.1
- Computer_associates arcserve_backup_for_laptops_and_desktops 11.5
- Computer_associates brightstor_storage_command_center 11.5
- Computer_associates brightstor_storage_resource_manager 11.5
- Computer_associates cleverpath_aion_bre 10.1
- Computer_associates docserver 1.1
- Computer_associates etrust_admin 8.1 SP1
- Computer_associates etrust_iam_suite 8
- Computer_associates etrust_iam_toolkit 8
- Computer_associates etrust_iam_toolkit 8.1
- Computer_associates etrust_identity_manager 8.1
- Computer_associates etrust_network_forensics 8.1
- Computer_associates etrust_single_sign-on 7
- Computer_associates etrust_single_sign-on 8
- Computer_associates etrust_single_sign-on 8.1
- Computer_associates etrust_web_access_control 1.0
- Computer_associates unicenter_advanced_systems_management 11
- Computer_associates unicenter_asset_intelligence 11
- Computer_associates unicenter_asset_management 11
- Computer_associates unicenter_asset_portfolio_management 11.2.1
- Computer_associates unicenter_asset_portfolio_management 11.3
- Computer_associates ccs 11
- Computer_associates unicenter_desktop_and_server_management 11
- Computer_associates unicenter_desktop_management_suite 11
- Computer_associates unicenter_enterprise_job_manager 1.0 SP4
- Computer_associates unicenter_job_management_option 11.0
- Computer_associates unicenter_lightweight_portal 2
- Computer_associates unicenter_management_portal 3.1.1
- Computer_associates unicenter_patch_management 11
- Computer_associates unicenter_remote_control 11
- Computer_associates unicenter_service_assure 11.1
- Computer_associates unicenter_service_assure 11
- Computer_associates unicenter_service_assure 2.2
- Computer_associates unicenter_service_catalog 11
- Computer_associates unicenter_service_delivery 11.1
- Computer_associates unicenter_service_intelligence 11
- Computer_associates unicenter_service_metric_analysis 11
- Computer_associates unicenter_service_metric_analysis 11.1
- Computer_associates unicenter_service_metric_analysis 3.0.2
- Computer_associates unicenter_service_metric_analysis 3.5.0
- Computer_associates unicenter_serviceplus_service_desk 5.5 SP3
- Computer_associates unicenter_serviceplus_service_desk 6.0 SP1
- Computer_associates unicenter_serviceplus_service_desk 11.1
- Computer_associates unicenter_serviceplus_service_desk 11
- Computer_associates unicenter_serviceplus_service_desk 11.2
- Computer_associates unicenter_software_delivery 11
- Computer_associates unicenter_tng 2.4.2J
- Computer_associates unicenter_ca_web_services_distributed_management 3.5
- Computer_associates wily_soa_manager 7.1
- Computer_associates unicenter_ca_web_services_distributed_management 3.11
- Computer_associates unicenter_tng 2.4.2
- Computer_associates cleverpath_predictive_analysis_server 3.0.0
- Computer_associates etrust_admin 8.0.0
- Computer_associates etrust_admin 8.1.0
- Computer_associates etrust_admin 8.1 SP2
- Computer_associates unicenter_network_and_systems_management 3.0
- Computer_associates unicenter_network_and_systems_management 3.1
- Computer_associates unicenter_network_and_systems_management 11
- Computer_associates unicenter_remote_control 6.0.0
- Computer_associates unicenter_tng 2.2.0
- Computer_associates unicenter_service_delivery 11.0.0
- Computer_associates unicenter_asset_portfolio_management 11.0.0
- Computer_associates etrust_secure_content_manager 8.0.0
- Computer_associates unicenter_serviceplus_service_desk 6.0.0
SMTP:MAL:LOTUS-MIF-VIEWER - SMTP: IBM Lotus Notes MIF Attachment Viewer Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the IBM Lotus Notes MIF Attachment Viewer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Symantec mail_security_appliance 5.0.0
- Activepdf docconverter 3.8.2.5
- Symantec mail_security_for_microsoft_exchange 5.0.0
- Ibm lotus_notes 7.0.2
- Symantec mail_security_for_smtp 5.0
- Symantec mail_security_for_domino 7.5.0.19
- Symantec mail_security_for_microsoft_exchange 5.0.7.373
- Symantec mail_security_appliance 5.0.0.24
- Autonomy keyview_export_sdk 7
- Autonomy keyview_export_sdk 8
- Autonomy keyview_export_sdk 9
- Autonomy keyview_filter_sdk 9
- Autonomy keyview_filter_sdk 8
- Autonomy keyview_filter_sdk 7
- Autonomy keyview_viewer_sdk 7
- Autonomy keyview_viewer_sdk 8
- Autonomy keyview_viewer_sdk 9
- Symantec mail_security_for_microsoft_exchange 5.0.0.024
- Symantec mail_security_for_smtp 5.0.1
- Symantec mail_security_for_domino 7.5
- Symantec mail_security_for_microsoft_exchange 5.0.6.368
HTTP:PROXY:SQUID-DOS - HTTP: Squid Proxy Processing Denial of Service
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Squid proxy. A successful attack can result in a denial-of-service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Squid-cache squid 3.4.3
- Squid-cache squid 3.2.0.5
- Squid-cache squid 3.1.0.17
- Squid-cache squid 3.2.0.15
- Squid-cache squid 3.2.0.3
- Squid-cache squid 3.0.stable19
- Squid-cache squid 4.0.6
- Squid-cache squid 3.3.2
- Squid-cache squid 3.2.0.1
- Squid-cache squid 4.0.4
- Squid-cache squid 3.1.3
- Squid-cache squid 3.4.9
- Squid-cache squid 3.4.12
- Squid-cache squid 4.0.2
- Squid-cache squid 3.2.0.13
- Squid-cache squid 3.1.0.7
- Squid-cache squid 3.3.9
- Squid-cache squid 3.1
- Squid-cache squid 3.1.1
- Squid-cache squid 3.1.0.2
- Squid-cache squid 3.2.0.9
- Squid-cache squid 3.1.0.3
- Squid-cache squid 3.1.0.4
- Squid-cache squid 3.1.15
- Squid-cache squid 3.2.3
- Squid-cache squid 3.1.0.16
- Squid-cache squid 3.2.1
- Squid-cache squid 3.2.7
- Squid-cache squid 3.1.0.9
- Squid-cache squid 3.2.5
- Squid-cache squid 3.0.stable8
- Squid-cache squid 3.0.stable20
- Squid-cache squid 3.2.9
- Squid-cache squid 3.1.11
- Squid-cache squid 3.0.stable22
- Squid-cache squid 3.3.3
- Squid-cache squid 3.2.0.17
- Squid-cache squid 3.3.0.3
- Squid-cache squid 3.0.stable24
- Squid-cache squid 3.5.0.2
- Squid-cache squid 3.0.stable14
- Squid-cache squid 3.2.0.19
- Squid-cache squid 3.4.4
- Squid-cache squid 3.5.0.4
- Squid-cache squid 3.0.stable16
- Squid-cache squid 3.4.0.1
- Squid-cache squid 3.0.stable2
- Squid-cache squid 3.2.0.10
- Squid-cache squid 3.4.0.3
- Squid-cache squid 3.1.0.10
- Squid-cache squid 3.3.12
- Squid-cache squid 3.2.0.18
- Squid-cache squid 3.2.0.6
- Squid-cache squid 3.0.stable12
- Squid-cache squid 3.1.10
- Squid-cache squid 3.3.4
- Squid-cache squid 3.3.10
- Squid-cache squid 3.4.2
- Squid-cache squid 3.2.0.4
- Squid-cache squid 3.1.12
- Squid-cache squid 3.1.0.14
- Squid-cache squid 3.2.0.14
- Squid-cache squid 3.2.0.2
- Squid-cache squid 3.2.0.11
- Squid-cache squid 3.3.0
- Squid-cache squid 3.1.14
- Squid-cache squid 3.2.0.16
- Squid-cache squid 3.0.stable18
- Squid-cache squid 3.4.11
- Squid-cache squid 4.0.5
- Squid-cache squid 3.1.0.18
- Squid-cache squid 3.1.9
- Squid-cache squid 3.4.8
- Squid-cache squid 3.1.5
- Squid-cache squid 4.0.3
- Squid-cache squid 3.2.0.12
- Squid-cache squid 3.4.13
- Squid-cache squid 3.4.1
- Squid-cache squid 4.0.1
- Squid-cache squid 3.4.0.2
- Squid-cache squid 3.0
- Squid-cache squid 3.1.0.6
- Squid-cache squid 3.3.8
- Squid-cache squid 3.3.7
- Squid-cache squid 3.1.0.8
- Squid-cache squid 3.2.0.8
- Squid-cache squid 3.1.4
- Squid-cache squid 3.0.stable10
- Squid-cache squid 3.2.2
- Squid-cache squid 3.1.2
- Squid-cache squid 3.3.13
- Squid-cache squid 3.2.13
- Squid-cache squid 3.3.6
- Squid-cache squid 3.2.6
- Squid-cache squid 3.4.10
- Squid-cache squid 3.5.1
- Squid-cache squid 3.2.4
- Squid-cache squid 3.1.8
- Squid-cache squid 3.0.stable4
- Squid-cache squid 3.0.stable9
- Squid-cache squid 3.1.5.1
- Squid-cache squid 3.3.5
- Squid-cache squid 3.2.8
- Squid-cache squid 3.2.11
- Squid-cache squid 3.1.6
- Squid-cache squid 3.0.stable21
- Squid-cache squid 3.5.0.1
- Squid-cache squid 3.3.11
- Squid-cache squid 3.0.stable23
- Squid-cache squid 3.5.0.3
- Squid-cache squid 3.0.stable15
- Squid-cache squid 3.1.0.5
- Squid-cache squid 3.0.stable1
- Squid-cache squid 3.1.0.12
- Squid-cache squid 3.0.stable25
- Squid-cache squid 3.0.stable17
- Squid-cache squid 3.2.10
- Squid-cache squid 3.1.0.1
- Squid-cache squid 3.0.stable3
- Squid-cache squid 3.0.stable11
- Squid-cache squid 3.2.12
- Squid-cache squid 3.1.0.11
- Squid-cache squid 3.0.stable6
- Squid-cache squid 3.0.stable5
- Squid-cache squid 3.0.stable13
- Squid-cache squid 3.3.1
- Squid-cache squid 3.1.0.13
- Squid-cache squid 3.0.stable7
- Squid-cache squid 3.3.0.2
- Squid-cache squid 3.1.7
- Squid-cache squid 3.2.0.7
- Squid-cache squid 3.1.13
- Squid-cache squid 3.1.0.15
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in MailEnable IMAP Service. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
APP:HPOV:OPE-AGENT-CODA-BO - APP: HP Operations Agent Opcode coda.exe Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the HP Operations Agent. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp operations_agent 11.03
- Hp operations_agent 11.01
- Hp operations_agent 11.0
- Hp performance_agent 5.0
- Hp operations_agent 8.60
Severity: HIGH
Description:
This signature detects scripts obfuscated (made unclear) with JavaScript. This is a technique commonly used by malicious Web sites to hide the malicious nature of the Web pages being downloaded by a user. A successful attack allows the Web page creator to take control of the victim's system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
APP:HPOV:OVTRACE - APP: Hewlett-Packard OpenView OVTrace Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Hewlett-Packard OpenView. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the super user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp service_desk_process_insight 2.10
- Hp service_desk_process_insight 2.0
- Hp service_desk_process_insight 1.0
- Hp service_desk_process_insight 1.10
- Hp openview_dashboard 2.01
- Hp openview_performance_insight 5.0
- Hp openview_performance_insight 5.1
- Hp openview_performance_insight 5.1.1
- Hp openview_performance_insight 5.1.2
- Hp openview_performance_insight 5.2
- Hp openview_network_node_manager 6.41
- Hp openview_business_process_insight 2.10
- Hp openview_operations 8.1
- Hp openview_network_node_manager 7.01
- Hp openview_network_node_manager 7.50
- Hp openview_network_node_manager 7.51
- Hp openview_internet_services 6.00
- Hp openview_internet_services 6.10
- Hp openview_internet_services 6.11 (Japanese)
- Hp openview_internet_services 6.20
- Hp openview_performance_manager 5.0
- Hp openview_performance_manager 6.0
- Hp openview_performance_agent 4.5
- Hp openview_performance_agent 4.6
- Hp openview_reporter 3.7
- Hp openview_operations_manager_for_windows 7.5
- Hp openview_quality_manager 1.2 SP1
- Hp openview_quality_manager 1.3
- Hp openview_quality_manager 1.40
- Hp openview_business_process_insight 1.0
- Hp openview_business_process_insight 1.1
- Hp openview_business_process_insight 2.0
- Hp openview_operations 8.0
- Hp business_process_insight 2.10
- Hp business_process_insight 2.0
- Hp business_process_insight 1.1
- Hp business_process_insight 1.0
- Hp openview_service_desk_process_insight 1.0
- Hp openview_service_desk_process_insight 1.1
- Hp openview_service_desk_process_insight 2.0
- Hp openview_service_desk_process_insight 2.10
HTTP:STC:ADOBE:CVE-2018-5067-ID - HTTP: Adobe Acrobat Pro CVE-2018-5067 Information Disclosure
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Pro. A successful attack can lead to Information Disclosure.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Adobe acrobat_dc 17.011.30059
- Adobe acrobat_reader_dc 15.006.30418
- Adobe acrobat_reader_dc 17.011.30079
- Adobe acrobat_dc 17.011.30066
- Adobe acrobat_reader_dc 17.011.30080
- Adobe acrobat_reader_dc 17.000.0000
- Adobe acrobat_reader_dc 17.011.30078
- Adobe acrobat_dc 17.012.20096
- Adobe acrobat_reader_dc 15.006.30416
- Adobe acrobat_reader_dc 18.011.20040
- Adobe acrobat_dc 17.011.30080
- Adobe acrobat_dc 15.006.30413
- Adobe acrobat_dc 17.011.30070
- Adobe acrobat_dc 17.011.30068
- Adobe acrobat_dc 15.006.30416
- Adobe acrobat_reader_dc 17.011.30068
- Adobe acrobat_reader_dc 18.011.20038
- Adobe acrobat_dc 15.006.30417
- Adobe acrobat_reader_dc 15.006.30417
- Adobe acrobat_dc 18.011.20040
- Adobe acrobat_dc 15.006.30418
- Adobe acrobat_reader_dc 17.011.30070
- Adobe acrobat_dc 17.011.30065
- Adobe acrobat_dc 17.011.30078
- Adobe acrobat_dc 18.011.20038
- Adobe acrobat_dc 17.000.0000
- Adobe acrobat_dc 17.011.30079
- Adobe acrobat_reader_dc 17.011.30065
- Adobe acrobat_reader_dc 17.011.30059
- Adobe acrobat_reader_dc 17.011.30066
- Adobe acrobat_reader_dc 15.006.30119
- Adobe acrobat_dc 17.012.20093
- Adobe acrobat_reader_dc 15.006.30280
- Adobe acrobat_dc 15.006.30392
- Adobe acrobat_dc 15.006.30354
- Adobe acrobat_dc 15.016.20045
- Adobe acrobat_reader_dc 15.006.30394
- Adobe acrobat_reader_dc 15.006.30306
- Adobe acrobat_reader_dc 15.006.30352
- Adobe acrobat_dc 15.006.30394
- Adobe acrobat_dc 15.009.20077
- Adobe acrobat_reader_dc 15.006.30392
- Adobe acrobat_reader_dc 15.009.20071
- Adobe acrobat_dc 15.006.30306
- Adobe acrobat_dc 15.006.30119
- Adobe acrobat_reader_dc 15.006.30060
- Adobe acrobat_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30354
- Adobe acrobat_reader_dc 15.020.20039
- Adobe acrobat_reader_dc 18.009.20044
- Adobe acrobat_dc 15.009.20071
- Adobe acrobat_reader_dc 17.012.20095
- Adobe acrobat_reader_dc 15.009.20077
- Adobe acrobat_reader_dc 15.006.30096
- Adobe acrobat_reader_dc 15.023.20053
- Adobe acrobat_dc 15.006.30060
- Adobe acrobat_dc 15.020.20039
- Adobe acrobat_reader_dc 15.009.20079
- Adobe acrobat_dc 15.023.20056
- Adobe acrobat_dc 15.006.30096
- Adobe acrobat_dc 15.009.20069
- Adobe acrobat_dc 15.006.30094
- Adobe acrobat_dc 18.009.20044
- Adobe acrobat_dc 15.023.20053
- Adobe acrobat_dc 15.009.20079
- Adobe acrobat_dc 15.006.30244
- Adobe acrobat_dc 15.010.20056
- Adobe acrobat_reader_dc 15.006.30201
- Adobe acrobat_reader_dc 15.006.30244
- Adobe acrobat_reader_dc 15.010.20056
- Adobe acrobat_reader_dc 17.012.20098
- Adobe acrobat_reader_dc 15.017.20053
- Adobe acrobat_reader_dc 15.006.30279
- Adobe acrobat_dc 15.006.30172
- Adobe acrobat_reader_dc 15.006.30174
- Adobe acrobat_dc 17.012.20098
- Adobe acrobat_dc 15.006.30174
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat_reader_dc 15.006.30172
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat_reader_dc 15.010.20060
- Adobe acrobat_dc 15.006.30279
- Adobe acrobat_dc 17.009.20044
- Adobe acrobat_dc 15.017.20053
- Adobe acrobat_dc 15.010.20060
- Adobe acrobat_dc 15.006.30355
- Adobe acrobat_reader_dc 17.009.20044
- Adobe acrobat_reader_dc 15.008.20082
- Adobe acrobat_reader_dc 15.017.20050
- Adobe acrobat_reader_dc 15.006.30355
- Adobe acrobat_dc 15.008.20082
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_reader_dc 15.006.30097
- Adobe acrobat_reader_dc 15.016.20039
- Adobe acrobat_reader_dc 15.006.30173
- Adobe acrobat_dc 15.006.30097
- Adobe acrobat_dc 15.006.30201
- Adobe acrobat_reader_dc 15.023.20056
- Adobe acrobat_reader_dc 15.020.20042
- Adobe acrobat_dc 15.006.30121
- Adobe acrobat_reader_dc 17.009.20058
- Adobe acrobat_dc 15.016.20039
- Adobe acrobat_reader_dc 15.006.30243
- Adobe acrobat_dc 18.009.20050
- Adobe acrobat_dc 15.006.30243
- Adobe acrobat_reader_dc 15.009.20069
- Adobe acrobat_dc 15.020.20042
- Adobe acrobat_reader_dc 15.006.30198
- Adobe acrobat_dc 17.009.20058
- Adobe acrobat_reader_dc 18.009.20050
- Adobe acrobat_reader_dc 15.006.30094
- Adobe acrobat_reader_dc 15.010.20059
- Adobe acrobat_dc 17.012.20095
- Adobe acrobat_dc 15.006.30198
- Adobe acrobat_dc 15.006.30173
- Adobe acrobat_reader_dc 15.016.20045
- Adobe acrobat_dc 15.010.20059
- Adobe acrobat_dc 15.017.20050
- Adobe acrobat_dc 15.016.20041
- Adobe acrobat_dc 15.006.30280
- Adobe acrobat_reader_dc 15.016.20041
- Adobe acrobat_reader_dc 17.012.20093
HTTP:CGI:NAGIOS-CORE-DOS - HTTP: Nagios core CGI Process_cgivars Off-By-One
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Nagios core. The problem is caused by improper boundary check when validating the parameters passed to the application. A remote authenticated attacker could exploit this vulnerability by sending a request with a crafted long parameter value. Successful exploitation could result in the CGI crash.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Icinga icinga 1.9.0
- Icinga icinga 1.2.1
- Nagios nagios 3.0 (rc2)
- Nagios nagios 3.0.5
- Icinga icinga 1.8.3
- Icinga icinga 1.2.0
- Icinga icinga 1.7.4
- Icinga icinga 0.8.4
- Nagios nagios 3.0 (beta2)
- Icinga icinga 1.9.3
- Nagios nagios 3.0.1
- Icinga icinga 1.3.1
- Icinga icinga 1.9.2
- Icinga icinga 1.7.2
- Icinga icinga up to 1.8.4
- Icinga icinga 1.7.3
- Icinga icinga 1.0.1
- Nagios nagios 3.0 (beta3)
- Nagios nagios 3.0 (alpha3)
- Icinga icinga 1.7.0
- Icinga icinga 0.8.0
- Nagios nagios up to 4.0.2
- Nagios nagios 3.3.1
- Icinga icinga 1.0 (rc1)
- Nagios nagios 3.0 (beta1)
- Icinga icinga 1.0.3
- Icinga icinga 0.8.1
- Nagios nagios 3.0 (alpha1)
- Icinga icinga 1.9.1
- Nagios nagios 3.4.3
- Icinga icinga 1.0.2
- Icinga icinga 0.8.2
- Nagios nagios 3.5.1
- Icinga icinga 1.7.1
- Nagios nagios 3.4.2
- Icinga icinga 1.8.1
- Icinga icinga 0.8.3
- Nagios nagios 3.0 (alpha2)
- Nagios nagios 3.2.1
- Nagios nagios 3.4.1
- Icinga icinga 1.4.1
- Nagios nagios 3.0 (alpha4)
- Nagios nagios 3.2.0
- Nagios nagios 3.0 (rc3)
- Icinga icinga 1.6.0
- Nagios nagios 3.0 (beta6)
- Icinga icinga 1.4.0
- Nagios nagios 3.2.3
- Nagios nagios 3.1.2
- Nagios nagios 3.2.2
- Icinga icinga 1.10.1
- Nagios nagios 3.0 (beta7)
- Icinga icinga 1.8.0
- Nagios nagios 3.0.6
- Nagios nagios 3.0 (alpha5)
- Icinga icinga 1.10.0
- Icinga icinga 1.6.1
- Nagios nagios 3.1.0
- Icinga icinga 1.6.2
- Nagios nagios 3.0.4
- Nagios nagios 3.4.0
- Icinga icinga 1.3.0
- Nagios nagios 3.0 (beta5)
- Nagios nagios 3.0.3
- Icinga icinga 1.8.2
- Nagios nagios 3.0 (rc1)
- Nagios nagios 3.0 (beta4)
- Nagios nagios 3.1.1
- Nagios nagios 3.0.2
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the ABB MicroSCADA Wserver. The vulnerabilities are because user controlled data is copied to stack-based buffers without verification of the size. It may enable arbitrary code execution. A remote unauthenticated attacker can exploit this vulnerability by sending requests with a malicious parameter to the vulnerable service. Successful exploitation could lead to arbitrary code execution in the context of the Wserver process.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
DB:ORACLE:XDB-DROPMETADATA - DB: Oracle Database Server XDB PITRIG_DROPMETADATA Procedure Buffer Overflow
Severity: HIGH
Description:
There exists a buffer overflow vulnerability in Oracle Database Server product. The vulnerability exists due to insufficient validation of the arguments supplied to procedure PITRIG_DROPMETADATA in XDB.XDB_PITRIG_PKG package. A remote attacker with valid user credentials may leverage this vulnerability to execute arbitrary code within the security context of the affected service. In case the attack is aiming at a denial of service attack, the vulnerable Oracle database server process will terminate, and the database service will no longer be available until it is restarted. It is also possible that the database data will be corrupted during the database server termination. In case the attacker has successfully injected and executed malicious code on the vulnerable target host, the behaviour of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the Oracle database server process. On Windows systems, the Oracle database server process runs as the System user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Oracle oracle10g_enterprise_edition 10.2.0 .3
- Oracle oracle10g_standard_edition 10.2.0 .3
- Oracle oracle10g_personal_edition 10.2.0 .3
- Oracle oracle10g_standard_edition 10.2.0.1
- Oracle oracle10g_standard_edition 10.2.0 .2
- Oracle oracle10g_personal_edition 10.2.0 .2
- Oracle oracle10g_personal_edition 10.2.0 .1
- Oracle oracle10g_enterprise_edition 10.2.0 .1
- Oracle oracle10g_enterprise_edition 10.2.0 .2
HTTP:PROXY:SQUID-ESI-BO - HTTP: Squid Proxy ESI Component Stack Buffer Overflow
Severity: HIGH
Description:
A stack-based buffer overflow vulnerability has been reported in the Edge Side Includes (ESI) component of the Squid proxy. Successful exploitation allows the attacker to execute arbitrary code on the target under context of the service.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Squid-cache squid 3.4.3
- Squid-cache squid 3.1.22
- Squid-cache squid 3.2.0.5
- Squid-cache squid 3.3.1
- Squid-cache squid 3.2.0.15
- Squid-cache squid 3.2.0.3
- Squid-cache squid 4.0.6
- Squid-cache squid 3.1.0.10
- Squid-cache squid 3.1.12.2
- Squid-cache squid 3.3.2
- Canonical ubuntu_linux 12.04
- Squid-cache squid 3.2.0.1
- Squid-cache squid 3.1.19
- Squid-cache squid 4.0.4
- Squid-cache squid 3.4.14
- Squid-cache squid 3.4.9
- Squid-cache squid 3.1.0.15
- Squid-cache squid 3.4.12
- Squid-cache squid 4.0.2
- Squid-cache squid 3.4.10
- Squid-cache squid 3.2.0.13
- Squid-cache squid 3.1.0.7
- Squid-cache squid 3.3.9
- Squid-cache squid 3.2.12
- Squid-cache squid 3.1.0.17
- Squid-cache squid 3.1.0.1
- Squid-cache squid 3.1.2
- Squid-cache squid 3.5.8
- Squid-cache squid 3.2.0.9
- Squid-cache squid 3.1.3
- Squid-cache squid 3.2.0.17
- Squid-cache squid 3.2.3
- Squid-cache squid 3.1.0.16
- Squid-cache squid 3.2.1
- Squid-cache squid 4.0.8
- Squid-cache squid 3.2.7
- Squid-cache squid 3.1.0.9
- Canonical ubuntu_linux 14.04
- Squid-cache squid 3.4.0.3
- Squid-cache squid 3.2.5
- Squid-cache squid 3.5.2
- Squid-cache squid 3.5.11
- Squid-cache squid 3.5.4
- Squid-cache squid 3.2.9
- Squid-cache squid 3.5.13
- Squid-cache squid 3.4.4.1
- Squid-cache squid 3.5.6
- Squid-cache squid 3.5.15
- Squid-cache squid 3.1.5
- Squid-cache squid 3.5.0.2
- Squid-cache squid 3.2.0.19
- Squid-cache squid 3.4.4
- Squid-cache squid 3.5.0.4
- Squid-cache squid 3.2.11
- Squid-cache squid 3.3.14
- Squid-cache squid 3.4.8
- Squid-cache squid 3.1.16
- Squid-cache squid 3.3.6
- Squid-cache squid 3.3.12
- Squid-cache squid 3.2.0.18
- Squid-cache squid 3.2.0.6
- Squid-cache squid 3.1.10
- Squid-cache squid 3.1.0.12
- Squid-cache squid 3.1.14
- Squid-cache squid 3.3.10
- Squid-cache squid 3.4.2
- Squid-cache squid 3.1.21
- Squid-cache squid 3.2.0.4
- Squid-cache squid 3.1.12
- Squid-cache squid 3.1.0.14
- Squid-cache squid 3.2.0.14
- Squid-cache squid 3.2.0.2
- Squid-cache squid 3.2.0.11
- Squid-cache squid 3.2.10
- Squid-cache squid 4.0.7
- Squid-cache squid 3.3.0
- Squid-cache squid 3.4.0.1
- Squid-cache squid 3.2.0.16
- Squid-cache squid 3.4.11
- Squid-cache squid 4.0.5
- Squid-cache squid 3.1.0.18
- Squid-cache squid 3.1.9
- Squid-cache squid 3.2.0.10
- Squid-cache squid 3.1.0.5
- Squid-cache squid 4.0.3
- Squid-cache squid 3.1.12.1
- Squid-cache squid 3.1
- Squid-cache squid 3.2.0.12
- Squid-cache squid 4.0.1
- Squid-cache squid 3.1.17
- Squid-cache squid 3.0
- Canonical ubuntu_linux 16.04
- Canonical ubuntu_linux 15.10
- Squid-cache squid 3.1.6
- Squid-cache squid 3.3.8
- Squid-cache squid 3.3.7
- Squid-cache squid 3.1.0.8
- Squid-cache squid 3.5.9
- Squid-cache squid 3.2.0.8
- Squid-cache squid 3.1.0.4
- Squid-cache squid 3.1.4
- Squid-cache squid 3.1.0.3
- Squid-cache squid 3.2.2
- Squid-cache squid 3.1.0.2
- Squid-cache squid 3.2.13
- Oracle linux 6.0
- Squid-cache squid 3.2.6
- Squid-cache squid 3.1.5.1
- Squid-cache squid 3.1.7
- Squid-cache squid 3.1.12.3
- Squid-cache squid 3.5.1
- Squid-cache squid 3.2.4
- Squid-cache squid 3.1.8
- Squid-cache squid 3.3.0.3
- Squid-cache squid 3.5.3
- Squid-cache squid 3.4.13
- Squid-cache squid 3.1.0.13
- Squid-cache squid 3.5.5
- Squid-cache squid 3.2.8
- Squid-cache squid 3.5.10
- Squid-cache squid 3.1.0.6
- Squid-cache squid 3.5.0.1
- Squid-cache squid 3.5.7
- Squid-cache squid 3.5.12
- Squid-cache squid 3.4.4.2
- Squid-cache squid 3.4.1
- Squid-cache squid 3.5.0.3
- Squid-cache squid 3.5.14
- Oracle linux 7.0
- Squid-cache squid 3.3.4
- Squid-cache squid 3.1.18
- Squid-cache squid 3.1.15
- Squid-cache squid 3.5.16
- Squid-cache squid 3.1.1
- Squid-cache squid 3.4.0.2
- Squid-cache squid 3.1.0.11
- Squid-cache squid 3.3.13
- Squid-cache squid 3.3.0.1
- Squid-cache squid 3.1.11
- Squid-cache squid 3.3.5
- Squid-cache squid 3.3.11
- Squid-cache squid 3.3.0.2
- Squid-cache squid 3.1.20
- Squid-cache squid 3.2.0.7
- Squid-cache squid 3.1.13
- Squid-cache squid 3.3.3
HTTP:STC:ADOBE:CVE-2017-11227CE - HTTP: Adobe Acrobate Reader CVE-2017-11227 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Acrobate reader. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Adobe acrobat 11.0.7
- Adobe reader 11.0.07
- Adobe acrobat_dc 15.006.30280
- Adobe acrobat_dc 15.016.20041
- Adobe reader 11.0.10
- Adobe acrobat_reader_dc 15.016.20041
- Adobe acrobat_reader_dc 17.000.0000
- Adobe acrobat 11.0.5
- Adobe reader 11.0.01
- Adobe acrobat 17.011.30065
- Adobe reader 11.0.16
- Adobe acrobat_dc 15.017.20050
- Adobe acrobat 11.0.18
- Adobe reader 11.0.03
- Adobe acrobat_reader_dc 15.017.20050
- Adobe reader 11.0.14
- Adobe acrobat 11.0.9
- Adobe acrobat_dc 15.006.30198
- Adobe acrobat_dc 17.000.0000
- Adobe acrobat_reader_dc 15.010.20059
- Adobe reader 11.0.18
- Adobe acrobat_dc 15.009.20069
- Adobe acrobat_dc 17.009.20058
- Adobe acrobat_reader 17.011.30066
- Adobe acrobat_reader_dc 15.006.30198
- Adobe acrobat 11.0.10
- Adobe acrobat_dc 15.020.20042
- Adobe acrobat_reader_dc 15.009.20069
- Adobe acrobat 11.0.12
- Adobe acrobat_dc 15.006.30243
- Adobe acrobat 11.0.14
- Adobe acrobat_reader_dc 15.006.30243
- Adobe acrobat_dc 15.016.20039
- Adobe acrobat_reader_dc 17.009.20058
- Adobe reader 11.0.0
- Adobe acrobat_reader_dc 15.020.20042
- Adobe acrobat_reader_dc 15.006.30201
- Adobe acrobat_dc 15.023.20056
- Adobe acrobat_dc 15.006.30097
- Adobe acrobat_reader_dc 15.006.30173
- Adobe acrobat_reader_dc 15.016.20039
- Adobe acrobat_reader_dc 15.006.30097
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_dc 15.008.20082
- Adobe acrobat_dc 15.006.30173
- Adobe acrobat_reader_dc 15.008.20082
- Adobe acrobat_dc 15.010.20056
- Adobe acrobat 17.011.30059
- Adobe reader 11.0.08
- Adobe acrobat_reader_dc 17.009.20044
- Adobe acrobat_dc 15.010.20059
- Adobe acrobat_dc 15.010.20060
- Adobe reader 11.0.04
- Adobe acrobat 11.0.16
- Adobe reader 11.0.13
- Adobe acrobat 11.0.0
- Adobe reader 11.0.06
- Adobe reader 11.0.11
- Adobe acrobat_dc 15.017.20053
- Adobe acrobat_dc 17.009.20044
- Adobe acrobat 11.0.6
- Adobe acrobat_dc 15.006.30279
- Adobe acrobat_reader_dc 15.010.20060
- Adobe reader 11.0.17
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat_reader_dc 15.006.30172
- Adobe acrobat 11.0.19
- Adobe acrobat 11.0.4
- Adobe reader 11.0.02
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat_dc 15.006.30174
- Adobe acrobat 17.011.30066
- Adobe reader 11.0.15
- Adobe acrobat_reader_dc 15.006.30174
- Adobe acrobat_dc 15.006.30172
- Adobe acrobat_reader_dc 15.006.30279
- Adobe acrobat 11.0.8
- Adobe acrobat_reader_dc 15.017.20053
- Adobe acrobat_reader 17.011.30065
- Adobe reader 11.0.19
- Adobe acrobat 11.0.11
- Adobe acrobat_reader_dc 15.016.20045
- Adobe acrobat_reader_dc 15.010.20056
- Adobe acrobat 11.0.13
- Adobe acrobat_reader_dc 15.006.30244
- Adobe acrobat 11.0.15
- Adobe acrobat_reader_dc 15.023.20056
- Adobe acrobat 11.0.17
- Adobe acrobat_dc 15.006.30244
- Adobe acrobat_dc 15.009.20079
- Adobe acrobat_dc 15.023.20053
- Adobe acrobat_dc 15.006.30094
- Adobe acrobat 11.0.2
- Adobe acrobat_dc 15.006.30096
- Adobe acrobat_dc 15.006.30201
- Adobe acrobat_dc 15.006.30121
- Adobe acrobat_reader_dc 15.009.20079
- Adobe acrobat_dc 15.020.20039
- Adobe acrobat_dc 15.006.30060
- Adobe acrobat_reader_dc 15.023.20053
- Adobe acrobat_reader_dc 15.006.30096
- Adobe acrobat_reader_dc 15.009.20077
- Adobe acrobat 11.0.1
- Adobe acrobat_dc 15.009.20071
- Adobe acrobat_reader_dc 15.006.30094
- Adobe acrobat_reader_dc 15.020.20039
- Adobe acrobat 17.011.30056
- Adobe acrobat_reader_dc 15.006.30060
- Adobe acrobat_dc 15.006.30119
- Adobe acrobat_dc 15.006.30306
- Adobe acrobat_reader_dc 15.009.20071
- Adobe reader 11.0.09
- Adobe acrobat_dc 15.009.20077
- Adobe acrobat 11.0.3
- Adobe acrobat_reader_dc 15.006.30306
- Adobe acrobat_dc 15.016.20045
- Adobe acrobat_reader_dc 15.006.30280
- Adobe reader 11.0.05
- Adobe reader 11.0.12
- Adobe acrobat_reader_dc 15.006.30119
- Adobe acrobat_reader 17.011.30059
- Adobe reader 11.0.20
- Adobe acrobat 11.0.20
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against the ASP .Net ViewState module. Attackers can remotely send malformed input to the module to overflow a buffer and execute arbitrary code.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
APP:REAL:RMP-FILE-OF - APP: RealNetworks RealPlayer RMP File Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in RealPlayer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Realnetworks realplayer 16.0.2.32
- Realnetworks realplayer 16.0.3.51
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Java JRE implementation. Attackers can create a malicious JNLP file that, when loaded by a user, can compromise the user's computer.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Apple mac_os_x 10.5.1
- Apple mac_os_x_server 10.5
- Vmware esx_server 3.0.1
- Apple mac_os_x 10.4.7
- Apple mac_os_x_server 10.4.7
- Red_hat desktop_extras 3
- Sun sdk_(linux_production_release) 1.4.2 15
- Sun sdk_(solaris_production_release) 1.4.2 15
- Sun sdk_(windows_production_release) 1.4.2 15
- Red_hat enterprise_linux_supplementary 5 Server
- Sun sdk_(windows_production_release) 1.4.2 10
- Sun jre_(windows_production_release) 1.4.2 03
- Sun jre_(linux_production_release) 1.4.2 06
- Sun jre_(windows_production_release) 1.4.2 06
- Sun jre_(solaris_production_release) 1.4.2 06
- Sun jre_(linux_production_release) 1.4.2 13
- Sun jre_(linux_production_release) 1.4.2 14
- Vmware virtualcenter 2.5
- Nortel_networks self-service_mps_500
- Vmware virtualcenter 2.5 Update 2
- Vmware virtualcenter 2.0.2
- Vmware virtualcenter 2.0.2 Update 1
- Vmware virtualcenter 2.0.2 Update 2
- Vmware virtualcenter 2.0.2 Update 3
- Vmware virtualcenter 2.0.2 Update 4
- Vmware virtualcenter 2.5 Update 5
- Vmware virtualcenter 2.0.2 Update 5
- Sun sdk_(windows_production_release) 1.4.2 03
- Apple mac_os_x 10.5.2
- Apple mac_os_x_server 10.5.2
- Sun jre_(linux_production_release) 1.5.0 15
- Apple mac_os_x 10.5.4
- Apple mac_os_x_server 10.5.4
- Red_hat red_hat_network_satellite_(for_rhel_4) 5.1
- Nortel_networks self-service_ccxml
- Nortel_networks self_service_voicexml
- Apple mac_os_x 10.5
- Nortel_networks self-service_peri_ctx
- Red_hat desktop_extras 4
- Sun jre_(solaris_production_release) 1.4.2 04
- Nortel_networks mps 1.0
- Suse core 9
- Sun jre_(windows_production_release) 1.4.2 05
- Sun sdk_(solaris_production_release) 1.4.2 09
- Apple mac_os_x 10.4.1
- Apple mac_os_x_server 10.4.1
- Avaya interactive_response 2.0
- Suse open-enterprise-server
- Vmware virtualcenter 2.5 Update 1
- Sun jre_(linux_production_release) 1.4.2 01
- Sun jre_(solaris_production_release) 1.4.2 05
- Sun jre_(solaris_production_release) 1.4.2 01
- Sun jre_(solaris_production_release) 1.4.2 02
- Sun jdk_(linux_production_release) 1.5.0 07
- Apple mac_os_x_server 10.5.3
- Sun jre_(windows_production_release) 1.4.2 02
- Sun jre_(linux_production_release) 1.4.2 17
- Sun jre_(solaris_production_release) 1.4.2 17
- Sun jdk_(linux_production_release) 1.6.0 01
- Sun jdk_(linux_production_release) 1.5.0 .0 05
- Apple mac_os_x 10.4.6
- Apple mac_os_x_server 10.4.6
- Sun jre_(linux_production_release) 1.4.2 11
- Sun jre_(windows_production_release) 1.4.2 08
- Apple mac_os_x 10.4.4
- Apple mac_os_x_server 10.4.4
- Apple mac_os_x 10.4.5
- Apple mac_os_x_server 10.4.5
- Suse suse_linux_enterprise 10
- Sun jre_(linux_production_release) 1.4.2 08
- Nortel_networks enterprise_voip TM-CS1000
- Sun jdk_(linux_production_release) 1.6.0 02
- Nortel_networks self-service_mps_1000
- Sun jre_(linux_production_release) 1.6.0 02
- Sun jdk_(linux_production_release) 1.6.0 04
- Sun jdk_(linux_production_release) 1.6.0
- Sun jre_(linux_production_release) 1.4.2 16
- Sun jre_(solaris_production_release) 1.4.2 16
- Sun jre_(windows_production_release) 1.4.2 16
- Sun jre_(windows_production_release) 1.4.2 15
- Nortel_networks mps_developer
- Sun jdk_(linux_production_release) 1.5.0 13
- Sun jre_(linux_production_release) 1.5.0 12
- Nortel_networks mps 3.0
- Nortel_networks mps_speech_server 6.0
- Apple mac_os_x 10.4.3
- Sun jdk_(linux_production_release) 1.6.0 03
- Sun sdk_(linux_production_release) 1.4.2 17
- Suse novell_linux_pos 9
- Sun sdk_(solaris_production_release) 1.4.2 17
- Sun jre_(linux_production_release) 1.6.0 03
- Sun sdk_(windows_production_release) 1.4.2 17
- Sun jdk_(linux_production_release) 1.5.0.0 12
- Sun jre_(linux_production_release) 1.5.0 13
- Avaya interactive_response 3.0
- Sun jdk_(linux_production_release) 1.5.0.0 03
- Sun jdk_(linux_production_release) 1.6.0 05
- Sun jre_(linux_production_release) 1.6.0 05
- Sun sdk_(solaris_production_release) 1.4.2 05
- Sun sdk_(linux_production_release) 1.4.2 05
- Sun sdk_(windows_production_release) 1.4.2 05
- Sun jre_(windows_production_release) 1.4.2 17
- Sun jdk_(linux_production_release) 1.5.0 15
- Sun jdk_(linux_production_release) 1.6.0 06
- Sun jdk_(solaris_production_release) 1.5.0 15
- Sun jre_(solaris_production_release) 1.5.0 15
- Sun jre_(linux_production_release) 1.6.0 06
- Sun jdk_(linux_production_release) 1.5.0 14
- Apple mac_os_x_server 10.4.8
- Apple mac_os_x 10.4.10
- Sun jdk_(linux_production_release) 1.5.0.0 04
- Red_hat enterprise_linux_desktop_supplementary 5 Client
- Apple mac_os_x_server 10.4.10
- Sun jre_(linux_production_release) 1.5.0 08
- Sun jre_(linux_production_release) 1.5.0 09
- Sun jre_(linux_production_release) 1.5.0 10
- Sun jre_(linux_production_release) 1.4.2 03
- Sun jre_(solaris_production_release) 1.4.2 03
- Sun jre_(linux_production_release) 1.5.0 11
- Sun sdk_(linux_production_release) 1.4.2 01
- Sun sdk_(linux_production_release) 1.4.2 03
- Sun sdk_(solaris_production_release) 1.4.2 08
- Sun jre_(linux_production_release) 1.4.2 15
- Sun sdk_(windows_production_release) 1.4.2 08
- Sun jre_(solaris_production_release) 1.4.2 15
- Sun sdk_(linux_production_release) 1.4.2 04
- Sun sdk_(solaris_production_release) 1.4.2 04
- Sun sdk_(solaris_production_release) 1.4.2 03
- Sun sdk_(solaris_production_release) 1.4.2
- Sun sdk_(windows_production_release) 1.4.2
- Sun jre_(solaris_production_release) 1.4.2 12
- Sun jre_(linux_production_release) 1.4.2 12
- Sun jre_(linux_production_release) 1.5.0 07
- Nortel_networks mps_manager
- Sun jre_(windows_production_release) 1.4.2 12
- Sun jre_(linux_production_release) 1.6.0 04
- Gentoo linux
- Apple mac_os_x_server 10.5.1
- Apple mac_os_x 10.4.0
- Apple mac_os_x_server 10.4.0
- Sun jre_(windows_production_release) 1.4.2 01
- Vmware esx_server 3.0.2
- Sun jre_(linux_production_release) 1.4.2
- Sun jre_(solaris_production_release) 1.4.2
- Sun jre_(windows_production_release) 1.4.2
- Sun sdk_(solaris_production_release) 1.4.2 14
- Vmware esx_server 3.5
- Sun jdk_(linux_production_release) 1.5.0.0 11
- Apple mac_os_x 10.4.8
- Sun sdk_(linux_production_release) 1.4.2 09
- Sun sdk_(linux_production_release) 1.4.2 10
- Sun sdk_(linux_production_release) 1.4.2 11
- Sun sdk_(linux_production_release) 1.4.2 12
- Sun sdk_(linux_production_release) 1.4.2 13
- Sun sdk_(linux_production_release) 1.4.2 14
- Red_hat enterprise_linux_extras 4
- Sun sdk_(solaris_production_release) 1.4.2 10
- Sun sdk_(solaris_production_release) 1.4.2 11
- Sun sdk_(solaris_production_release) 1.4.2 12
- Sun sdk_(solaris_production_release) 1.4.2 13
- Suse suse_linux_enterprise_server 10
- Sun sdk_(windows_production_release) 1.4.2 09
- Suse suse_linux_enterprise_desktop 10 SP2
- Sun sdk_(windows_production_release) 1.4.2 11
- Sun sdk_(windows_production_release) 1.4.2 12
- Sun sdk_(windows_production_release) 1.4.2 13
- Sun sdk_(windows_production_release) 1.4.2 14
- Sun jre_(windows_production_release) 1.4.2 07
- Suse suse_linux_enterprise_server 9
- Sun jre_(windows_production_release) 1.4.2 09
- Sun jre_(linux_production_release) 1.4.2 04
- Sun jre_(windows_production_release) 1.4.2 11
- Sun jre_(windows_production_release) 1.4.2 13
- Sun jre_(windows_production_release) 1.4.2 14
- Sun jre_(solaris_production_release) 1.4.2 07
- Sun jre_(solaris_production_release) 1.4.2 08
- Sun sdk_(linux_production_release) 1.4.2 08
- Sun jre_(solaris_production_release) 1.4.2 10
- Sun jre_(solaris_production_release) 1.4.2 11
- Sun jre_(solaris_production_release) 1.4.2 13
- Sun jre_(solaris_production_release) 1.4.2 14
- Sun jre_(windows_production_release) 1.4.2 04
- Sun jre_(linux_production_release) 1.4.2 10
- Apple mac_os_x 10.4.2
- Apple mac_os_x_server 10.4.2
- Sun jre_(linux_production_release) 1.4.2 10-B03
- Sun sdk_(windows_production_release) 1.4.2 04
- Vmware esx_server 3.0.3
- Sun jre_(linux_production_release) 1.4.2 05
- Apple mac_os_x_server 10.4.3
- Sun sdk_(linux_production_release) 1.4.2 16
- Sun sdk_(solaris_production_release) 1.4.2 16
- Sun sdk_(windows_production_release) 1.4.2 16
- Sun jre_(windows_production_release) 1.4.2 10
- Sun jre_(linux_production_release) 1.4.2 02
- Sun sdk_(linux_production_release) 1.4.2 02
- Sun sdk_(linux_production_release) 1.4.2
- Sun jdk_(linux_production_release) 1.5.0 0 10
- Sun jdk_(linux_production_release) 1.5.0.0 09
- Suse suse_linux_enterprise_server 10 SP2
- Apple mac_os_x 10.5.5
- Apple mac_os_x_server 10.5.5
- Sun jre_(linux_production_release) 1.5.0 14
- Suse suse_linux_enterprise_desktop 10 SP1
- Suse suse_linux_enterprise_server 10 SP1
- Sun jre_(linux_production_release) 1.6.0 01
- Sun jre_(linux_production_release) 1.4.2 07
- Apple mac_os_x 10.4.9
- Apple mac_os_x_server 10.4.9
- Nortel_networks mps 2.1
- Sun jdk_(linux_production_release) 1.5.0 06
- Sun jre_(solaris_production_release) 1.4.2 09
- Sun jre_(linux_production_release) 1.5.0 06
- Apple mac_os_x 10.5.3
- Sun jre_(linux_production_release) 1.4.2 09
- Apple mac_os_x 10.4.11
- Apple mac_os_x_server 10.4.11
- Sun jdk_(linux_production_release) 1.5.0 01
- Sun jdk_(linux_production_release) 1.5.0 02
- Red_hat enterprise_linux_as_extras 3
- Sun jdk_(linux_production_release) 1.5.0.0 08
- Red_hat enterprise_linux_es_extras 3
- Red_hat enterprise_linux_ws_extras 3
- Red_hat enterprise_linux_ws_extras 4
- Red_hat enterprise_linux_es_extras 4
- Red_hat enterprise_linux_as_extras 4
HTTP:MITSUBISHI-ELECTRIC-SBO - HTTP: Mitsubishi Electric E-Designer SetupAlarm Font Stack Buffer Overflow
Severity: HIGH
Description:
A stack-based buffer overflow vulnerability exists in Mitsubishi's Electric E-Designer. A remote attacker can exploit this vulnerability by enticing a user to visit a maliciously crafted website. This can lead to arbitrary code execution in the context of the affected user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Mitsubishielectric e-designer 7.52
HTTP:RUBY-GEM-SEMICOLON1 - HTTP: Ruby Gem Multiple Wrappers Command Injection1
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against Ruby Gem Minimagic, Curl and Fastreader 1.0.8 wrappers. A successful attack can lead to command injection and arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
HTTP:STC:MITSUBISHI-E-DESIGN-BO - HTTP: Mitsubishi Electric E-Designer BEComliSlave Buffer Overflow
Severity: HIGH
Description:
A stack-based buffer overflow vulnerability exists in Mitsubishi's Electric E-Designer. A remote attacker can exploit this vulnerability by enticing a user to visit a maliciously crafted website. This can lead to arbitrary code execution in the context of the affected user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Mitsubishielectric e-designer 7.52
Severity: HIGH
Description:
This signature detects a long string of "No Operation" (NOOP) commands sent in an HTTP request that has been malformed. Some vulnerability testing tools incorrectly send a NOOP sled without completing the request. This is generally a benign request that would not exploit the target. Your server is possibly being probed by a test tool.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Novell imonitor 2.4
- Novell edirectory 8.8
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in the Ingres Database. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server, typically root.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Computer_associates cleverpath_aion_bpm 10.1
- Computer_associates unicenter_database_command_center 11.1
- Computer_associates unicenter_enterprise_job_manager 1.0 SP3
- Computer_associates unicenter_workload_control_center 1.0.SP4
- Computer_associates unicenter_workload_control_center 1.0 SP4
- Computer_associates advantage_data_transformer 2.2.0
- Computer_associates brightstor_arcserve_backup 11.1.0
- Computer_associates etrust_audit R8
- Computer_associates brightstor_arcserve_backup 11.5
- Computer_associates etrust_directory 8.1
- Computer_associates brightstor_arcserve_backup_for_linux 9.0.0
- Computer_associates brightstor_enterprise_backup_for_tru64 10.5.0
- Computer_associates brightstor_enterprise_backup_for_hp 10.5.0
- Computer_associates brightstor_enterprise_backup_for_aix 10.5.0
- Computer_associates brightstor_enterprise_backup_for_solaris 10.5.0
- Computer_associates brightstor_arcserve_backup_for_linux 11.1.0
- Ingres_corporation ingres_database 3.0.3
- Ingres_corporation ingres_database 2.5
- Ingres_corporation ingres_database 2.6
- Ingres_corporation ingres_database_2006
- Computer_associates allfusion_enterprise_workbench 1.1
- Computer_associates allfusion_enterprise_workbench 1.1 SP1
- Computer_associates allfusion_enterprise_workbench 7
- Computer_associates allfusion_enterprise_workbench 7.1
- Computer_associates allfusion_harvest_change_manager 7
- Computer_associates allfusion_harvest_change_manager 7.1
- Computer_associates arcserve_backup_for_laptops_and_desktops 11.5
- Computer_associates brightstor_storage_command_center 11.5
- Computer_associates brightstor_storage_resource_manager 11.5
- Computer_associates cleverpath_aion_bre 10.1
- Computer_associates docserver 1.1
- Computer_associates etrust_admin 8.1 SP1
- Computer_associates etrust_iam_suite 8
- Computer_associates etrust_iam_toolkit 8
- Computer_associates etrust_iam_toolkit 8.1
- Computer_associates etrust_identity_manager 8.1
- Computer_associates etrust_network_forensics 8.1
- Computer_associates etrust_single_sign-on 7
- Computer_associates etrust_single_sign-on 8
- Computer_associates etrust_single_sign-on 8.1
- Computer_associates etrust_web_access_control 1.0
- Computer_associates unicenter_advanced_systems_management 11
- Computer_associates unicenter_asset_intelligence 11
- Computer_associates unicenter_asset_management 11
- Computer_associates unicenter_asset_portfolio_management 11.2.1
- Computer_associates unicenter_asset_portfolio_management 11.3
- Computer_associates ccs 11
- Computer_associates unicenter_desktop_and_server_management 11
- Computer_associates unicenter_desktop_management_suite 11
- Computer_associates unicenter_enterprise_job_manager 1.0 SP4
- Computer_associates unicenter_job_management_option 11.0
- Computer_associates unicenter_lightweight_portal 2
- Computer_associates unicenter_management_portal 3.1.1
- Computer_associates unicenter_patch_management 11
- Computer_associates unicenter_remote_control 11
- Computer_associates unicenter_service_assure 11.1
- Computer_associates unicenter_service_assure 11
- Computer_associates unicenter_service_assure 2.2
- Computer_associates unicenter_service_catalog 11
- Computer_associates unicenter_service_delivery 11.1
- Computer_associates unicenter_service_intelligence 11
- Computer_associates unicenter_service_metric_analysis 11
- Computer_associates unicenter_service_metric_analysis 11.1
- Computer_associates unicenter_service_metric_analysis 3.0.2
- Computer_associates unicenter_service_metric_analysis 3.5.0
- Computer_associates unicenter_serviceplus_service_desk 5.5 SP3
- Computer_associates unicenter_serviceplus_service_desk 6.0 SP1
- Computer_associates unicenter_serviceplus_service_desk 11.1
- Computer_associates unicenter_serviceplus_service_desk 11
- Computer_associates unicenter_serviceplus_service_desk 11.2
- Computer_associates unicenter_software_delivery 11
- Computer_associates unicenter_tng 2.4.2J
- Computer_associates unicenter_ca_web_services_distributed_management 3.5
- Computer_associates wily_soa_manager 7.1
- Computer_associates unicenter_ca_web_services_distributed_management 3.11
- Computer_associates unicenter_tng 2.4.2
- Computer_associates cleverpath_predictive_analysis_server 3.0.0
- Computer_associates etrust_admin 8.0.0
- Computer_associates etrust_admin 8.1.0
- Computer_associates etrust_admin 8.1 SP2
- Computer_associates unicenter_network_and_systems_management 3.0
- Computer_associates unicenter_network_and_systems_management 3.1
- Computer_associates unicenter_network_and_systems_management 11
- Computer_associates unicenter_remote_control 6.0.0
- Computer_associates unicenter_tng 2.2.0
- Computer_associates unicenter_service_delivery 11.0.0
- Computer_associates unicenter_asset_portfolio_management 11.0.0
- Computer_associates etrust_secure_content_manager 8.0.0
- Computer_associates unicenter_serviceplus_service_desk 6.0.0
HTTP:STC:DL:DIRECTX-SAMI - HTTP: Microsoft DirectX SAMI File Parsing Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known buffer overflow vulnerability in Microsoft DirectX application framework. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft directx 8.1
- Hp storage_management_appliance 2.1
- Avaya messaging_application_server MM 3.1
- Nortel_networks centrex_ip_client_manager 9.0
- Hp storage_management_appliance I
- Hp storage_management_appliance II
- Hp storage_management_appliance III
- Nortel_networks callpilot 703T
- Avaya messaging_application_server MM 2.0
- Nortel_networks callpilot 201I
- Nortel_networks callpilot 200I
- Avaya messaging_application_server MM 3.0
- Nortel_networks callpilot 702T
- Avaya messaging_application_server MM 1.1
- Avaya messaging_application_server
- Nortel_networks centrex_ip_client_manager 10.0
- Nortel_networks callpilot 1002Rp
- Microsoft directx 7.0
APP:REAL:RAM-FILE-OF - APP: RealMedia RAM File Processing Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in RealNetworks RealPlayer products. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Real_networks realone_player 6.0.11 .830
- Real_networks realone_player 6.0.11 .853
- Real_networks realone_player_for_osx 9.0.0 .297
- Real_networks realone_player_for_osx 9.0.0 .288
- Red_hat enterprise_linux_es 3
- Red_hat enterprise_linux_ws 3
- Real_networks realplayer 8.0.0 Unix
- Real_networks realone_player 1.0.0
- Real_networks realone_player 6.0.11 .868
- Real_networks realplayer 10.0.0
- Red_hat enterprise_linux_as 3
- Real_networks realplayer 8.0.0 Mac
- Real_networks realplayer_10_for_mac_os 10.0.0.305
- Red_hat desktop 3.0.0
- Real_networks realplayer 10.5.0 V6.0.12.1056
- Real_networks realplayer_10_for_mac_os 10.0.0.325
- Real_networks realplayer 10.5.0 V6.0.12.1053
- Real_networks realplayer 10.5.0 V6.0.12.1040
- Real_networks realplayer_10_for_mac_os
- Real_networks realplayer_10_for_linux
- Real_networks helix_player_for_linux 1.0.0
- Real_networks realplayer_enterprise 1.7.0
- Real_networks realplayer_enterprise 1.1.0
- Real_networks realplayer_enterprise 1.2.0
- Real_networks realplayer_enterprise 1.5.0
- Real_networks realplayer_enterprise 1.6.0
- Real_networks realplayer_enterprise
- Real_networks realone_player 6.0.11 .840
- Real_networks realplayer_for_unix 10.0.3
- Real_networks helix_player_for_linux 1.0.3
- Real_networks helix_player_for_linux 1.0.2
- Real_networks helix_player_for_linux 1.0.1
- Real_networks realone_player 6.0.11 .872
- Real_networks realplayer 8.0.0 Win32
- Real_networks realone_player 6.0.11 .818
HTTP:STC:IE:MOUSE-MOVE-MEM - HTTP: Microsoft Internet Explorer Uninitialized Memory Corruption (CVE-2010-0267)
Severity: HIGH
Description:
This signature detects attempts to exploit a known memory corruption vulnerability in Microsoft Internet Explorer. It is due to the way that Internet Explorer handles certain type of mouse movement events. A remote attacker can exploit this by enticing a target user to open a maliciously crafted HTML document. In a successful code injection attack, the behavior of the target host is entirely dependent on the logic of the injected code and executes within the security context of the currently logged in user. In an unsuccessful attack, the application can terminate abnormally.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft internet_explorer 6.0
- Avaya messaging_application_server 4
- Avaya messaging_application_server 5
- Avaya messaging_application_server
- Avaya messaging_application_server MM 3.1
- Microsoft internet_explorer 6.0 SP1
- Microsoft internet_explorer 7.0
- Avaya messaging_application_server MM 2.0
- Avaya messaging_application_server MM 1.1
- Avaya meeting_exchange-client_registration_server
- Avaya meeting_exchange-recording_server
- Avaya meeting_exchange-streaming_server
- Avaya meeting_exchange-web_conferencing_server
- Avaya meeting_exchange-webportal
- Avaya messaging_application_server MM 3.0
HTTP:ALTN-SG-OF - HTTP: Alt-N Security Gateway Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Alt-N Security Gateway. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Web server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Alt-n securitygateway 1.0.1
HTTP:CA-XOSOFT-XOSOAP - HTTP: Computer Associates XOsoft xosoapapi.asmx Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known buffer overflow vulnerability in CA XOsoft Multiple Products. It is due to insufficient boundary checking when handling certain HTTP requests sent to the ws_man.exe process. A remote unauthenticated attacker can exploit this by sending a malicious HTTP request to a target server. In a successful attack, where arbitrary code is injected and executed on the vulnerable target host, the behavior of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the service. In an unsuccessful attack, the application can terminate abnormally.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Computer_associates xosoft_content_distribution r12
- Computer_associates xosoft_content_distribution r12.5
- Computer_associates xosoft_high_availability r12.5
- Computer_associates xosoft_replication r12.5
- Computer_associates xosoft_replication r12
- Computer_associates xosoft_high_availability r12
APP:HP-MGMT-UAM-BO - APP: HP Intelligent Management Center uam Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the HP Intelligent Management Center uam component. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
APP:HPOV:OVALARMSRV-DOS2 - APP: Hewlett-Packard OpenView Alarm Denial of Service (2)
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability in the Hewlett-Packard OpenView Alarm Service. A successful attack can lead to a buffer overflow and cause the service to crash, denying use of the service (DoS).
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.01
- Hp openview_network_node_manager 7.50
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.53
VNC:OVERFLOW:ULTRAVNC-HEAP - VNC: UltraVNC VNC Server File Transfer Offer Handler Heap-based Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the VNC Server of UltraVNC. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the VNC Server of UltraVNC.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Uvnc ultravnc 1.1.9.3
- Uvnc ultravnc 1.2.1.6
- Uvnc ultravnc 1.2.2.2
- Uvnc ultravnc 1.2.0.5
- Uvnc ultravnc 1.2.1.7
- Uvnc ultravnc 1.1.9.6
- Uvnc ultravnc 1.0.9.6.2
- Uvnc ultravnc 1.2.1.0
- Uvnc ultravnc 1.1.8.9
- Uvnc ultravnc 1.2.0.9
- Uvnc ultravnc 1.2.1.2
DNS:ISC-BIND-ASSERT-DOS - DNS: ISC BIND DNS options Assertion Failure Denial of Service
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the ISC BIND. Successful exploitation could lead to a denial-of-service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Isc bind 9.3.4
- Isc bind 9.7.1
- Isc bind 9.8.0
- Isc bind 9.7.0
- Isc bind 9.8.1
- Isc bind 9.5.0
- Isc bind 9.4
- Isc bind 9.2.1
- Isc bind 9.8.2
- Isc bind 9.6.3
- Isc bind 9.5
- Isc bind 9.8.3
- Isc bind 9.6.0
- Isc bind 9.8.4
- Isc bind 9.6.1
- Isc bind 9.2.0
- Isc bind 9.2.8
- Isc bind 9.1
- Isc bind 9.2.9
- Isc bind 9.2
- Isc bind 9.3.1
- Isc bind 9.6
- Isc bind 9.1.1
- Isc bind 9.3
- Isc bind 9.1.0
- Isc bind 9.3.6
- Isc bind 9.2.6
- Isc bind 9.1.3
- Isc bind 9.3.3
- Isc bind 9.1.2
- Isc bind 9.3.2
- Isc bind 9.7.7
- Isc bind 9.2.4
- Isc bind 9.7.6
- Isc bind 9.4.0
- Isc bind 9.5.1
- Isc bind 9.2.7
- Isc bind 9.2.5
- Isc bind 9.7.5
- Isc bind 9.4.1
- Isc bind 9.9.1
- Isc bind 9.3.0
- Isc bind 9.6.2
- Isc bind 9.2.2
- Isc bind 9.7.4
- Isc bind 9.4.2
- Isc bind 9.9.0
- Isc bind 9.5.3
- Isc bind 9.2.3
- Isc bind 9.7.3
- Isc bind 9.4.3
- Isc bind 9.5.2
- Isc bind 9.3.5
- Isc bind 9.7.2
- Isc bind 9.9.2
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in the Oracle Database Server DBMS_AQELM Package. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server, typically root.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Oracle oracle10g_standard_edition 10.1.0 .5
- Bea_systems weblogic_server 7.0.0 SP 1
- Hp oracle_for_openview_for_linux_ltu
- Bea_systems weblogic_server 6.1.0 SP 3
- Oracle oracle10g_application_server 10.1.2
- Bea_systems weblogic_server 8.1.0 SP 1
- Bea_systems weblogic_server 8.1.0 SP 6
- Bea_systems weblogic_server 7.0.0 SP 4
- Bea_systems weblogic_server 8.1.0 SP 2
- Oracle oracle10g_enterprise_edition 10.1.0 .5
- Oracle oracle9i_personal_edition 9.2.0 .8
- Bea_systems weblogic_server 6.1.0
- Bea_systems weblogic_server 6.1.0 SP 1
- Bea_systems weblogic_server 6.1.0 SP 2
- Oracle oracle9i_enterprise_edition 9.0.1 .5 FIPS
- Oracle oracle10g_standard_edition 10.2.0 .3
- Oracle oracle10g_personal_edition 10.2.0 .3
- Bea_systems weblogic_server 9.0
- Bea_systems weblogic_server 7.0.0 SP 3
- Oracle oracle10g_standard_edition 10.2.0.4
- Oracle oracle10g_enterprise_edition 10.2.0.4
- Oracle oracle10g_personal_edition 10.2.0.4
- Oracle timesten_in-memory_database 7.0.3.0.0
- Oracle oracle10g_application_server 10.1.2.3.0
- Oracle hyperion_bi_plus 9.2.0.3
- Oracle hyperion_bi_plus 9.2.1.0
- Hp oracle_for_openview 8.1.7
- Bea_systems weblogic_server 6.1.0 SP 5
- Oracle hyperion_performance_suite 8.3.2.4
- Bea_systems weblogic_server 6.1.0 SP 4
- Oracle e-business_suite_11i 11.5.10.2
- Oracle hyperion_bi_plus 9.3.1.0
- Oracle oracle10g_personal_edition 10.2.0 .2
- Bea_systems weblogic_server 7.0.0 SP 6
- Oracle peoplesoft_enterprise_peopletools 8.49.12
- Oracle oracle10g_enterprise_edition 10.2.0 .2
- Bea_systems weblogic_server 10.0
- Hp oracle_for_openview 9.2
- Oracle oracle9i_application_server 1.0.2 .2
- Oracle enterprise_manager_database_control_11i 11.1.0.6
- Oracle oracle9i_standard_edition 9.2.0 .8DV
- Oracle oracle9i_personal_edition 9.2.0 .8DV
- Oracle oracle9i_enterprise_edition 9.2.0 .8DV
- Oracle oracle10g_application_server 10.1.3 .1.0
- Hp oracle_for_openview 10g
- Hp oracle_for_openview 10gR2
- Oracle oracle10g_application_server 10.1.3 .3.0
- Oracle hyperion_performance_suite 8.5.0.3
- Bea_systems weblogic_server 9.2 Maintenance Pack 3
- Oracle peoplesoft_enterprise_customer_relationship_manage 8.9
- Oracle peoplesoft_enterprise_customer_relationship_manage 9.0
- Oracle oracle11g_standard_edition 11.1.0 6
- Oracle oracle10g_enterprise_edition 10.2.0 .3
- Oracle oracle11g_enterprise_edition 11.1.0 6
- Hp oracle_for_openview 9.1.01
- Oracle oracle10g_standard_edition 10.2.0 .2
- Bea_systems weblogic_server 7.0.0 SP 5
- Oracle oracle9i_personal_edition 9.0.1 .5 FIPS
- Bea_systems weblogic_server 8.1.0 SP 5
- Hp oracle_for_openview_for_linux_ltu_service_bureaus
- Oracle enterprise_manager_database_control_10g 10.2.0.4
- Bea_systems weblogic_server 10.0 MP1
- Oracle oracle9i_standard_edition 9.0.1 .5 FIPS
- Oracle peoplesoft_enterprise_peopletools 8.48.18
- Bea_systems weblogic_server 7.0.0 SP 2
- Oracle enterprise_manager_grid_control_10g 10.1.0 6
- Oracle enterprise_manager_database_control_10g 10.1.0.5
- Oracle enterprise_manager_database_control_10g 10.2.0.2
- Oracle enterprise_manager_database_control_10g 10.2.0.3
- Oracle oracle9i_enterprise_edition 9.2.0.8.0
- Oracle oracle10g_application_server 9.0.4 3
- Oracle oracle9i_standard_edition 9.2.0.8
- Oracle oracle11g_standard_edition_one 11.1.0 6
- Oracle enterprise_manager_grid_control_10g 10.1.0 .5
- Bea_systems weblogic_server 6.1.0 SP 7
- Bea_systems weblogic_server 9.2
- Oracle e-business_suite_12 12.0.4
- Oracle oracle10g_personal_edition 10.1.0.5
- Bea_systems weblogic_server 8.1.0 SP 4
- Bea_systems weblogic_server 7.0.0 SP 7
- Bea_systems weblogic_server 8.1.0 SP 3
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Reader. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, mx-11.4, idp-4.1.0, mx-16.1, srx-branch-19.2, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-12.1, srx-branch-12.1, vsrx3bsd-19.2, vsrx-12.1, srx-branch-19.1, vsrx-15.1, srx-19.2
References:
Affected Products:
- Adobe reader 11.0.15
- Adobe acrobat_reader_dc 15.010.20060
- Adobe acrobat_dc 15.010.20060
- Adobe acrobat 11.0.15
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_dc 15.006.30121
HTTP:STC:CVE-2018-8344-CE - HTTP: Microsoft Graphics CVE-2018-8344 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known Integer Overflow vulnerability against Microsoft Windows 10. A Successful exploitation of this vulnerability could achieve Remote Code Execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_server_2012 r2
- Microsoft windows_server_2008 -
- Microsoft windows_server_2016 -
- Microsoft windows_10 1703
- Microsoft windows_10 -
- Microsoft windows_7 -
- Microsoft windows_10 1709
- Microsoft windows_server_2012 -
- Microsoft windows_server_2008 r2
- Microsoft windows_8.1 -
- Microsoft windows_server_2016 1709
- Microsoft windows_server_2016 1803
- Microsoft windows_10 1607
- Microsoft windows_rt_8.1 -
- Microsoft windows_10 1803
HTTP:WEBSPHERE:SERVER-OF - HTTP: WebSphere Application Server Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against IBM WebSphere Application Server. The WebSphere server does not properly validate user input during the application authentication process. Attackers can provide malicious input to terminate the server process, or inject and execute arbitrary code on the target.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ibm websphere_application_server 5.0.2 .3
- Ibm websphere_application_server 5.0.2 .4
- Ibm websphere_application_server 5.0.2 .5
- Ibm websphere_application_server 5.0.2 .6
- Ibm websphere_application_server 5.0.2 .7
- Ibm websphere_application_server 5.0.2 .2
- Ibm websphere_application_server 5.0.2 .8
- Ibm websphere_application_server 5.0.2.10
- Ibm websphere_application_server 5.0.2 .9
- Ibm websphere_application_server 5.0.2
- Ibm websphere_application_server 5.0.2 .1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the IBM Lotus Sametime Multiplexer. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Web server.
Supported On:
idp-5.1.110161014, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ibm lotus_sametime 7.5.1
- Ibm lotus_sametime 8.0
- Ibm lotus_sametime 7.0
- Ibm lotus_sametime 7.5
FTP:OVERFLOW:S2C-PATH-OF - FTP: FlashGet FTP PWD Command Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the IE FlashGet application. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.
Supported On:
idp-5.1.110161014, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
SMTP:SPAMASS-DOS - SMTP: SpamAssassin Content-Type Denial of Service
Severity: MEDIUM
Description:
This signature detects a malformed e-mail that can trigger a denial-of-service condition within the SpamAssassin daemon. This attack could be used to disable the spam filtering system of a mail server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, isg-3.5.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Red_hat fedora Core4
- Suse linux_personal 9.3.0
- Red_hat fedora Core3
- Suse linux_personal 9.2.0 X86 64
- Spamassassin spamassassin 3.0.1
- Spamassassin spamassassin 3.0.2
- Spamassassin spamassassin 3.0.3
- Red_hat enterprise_linux_as 4
- Red_hat enterprise_linux_es 4
- Suse linux_professional 9.2.0
- Suse linux_professional 9.3.0
- Suse linux_professional 9.3.0 X86 64
- Suse linux_professional 9.2.0 X86 64
- Red_hat fedora Core1
- Spamassassin spamassassin 2.60.0
- Spamassassin spamassassin 2.63.0
- Spamassassin spamassassin 2.55.0
- Mandriva linux_mandrake 10.1.0
- Mandriva linux_mandrake 10.1.0 X86 64
- Spamassassin spamassassin 2.44.0
- Red_hat desktop 4.0.0
- Suse linux_personal 9.2.0
- Suse linux_personal 9.3.0 X86 64
- Gentoo linux
- Red_hat enterprise_linux_ws 4
- Spamassassin spamassassin 2.40.0
- Spamassassin spamassassin 2.41.0 0
- Spamassassin spamassassin 2.42.0 0
- Spamassassin spamassassin 2.43.0 0
- Spamassassin spamassassin 2.50.0 0
- Mandriva linux_mandrake 10.2.0
- Mandriva linux_mandrake 10.2.0 X86 64
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in the ServU FTP server CHMOD command. The CHMOD command is typically used to change server file permissions. Attackers can send an overly long filename argument to the CHMOD command to execute arbitrary code with system privileges.
Supported On:
DI-Base, DI-Server, idp-4.0.0, idp-4.0.110090709, idp-5.1.110161014, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-4.0.110090831, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Rhino_software serv-u 4.1.0 .0.11
- Rhino_software serv-u 4.0.0 .0.4
- Rhino_software serv-u 4.1.0
- Rhino_software serv-u 3.1.0
- Rhino_software serv-u 5.0.0 .0.4
APP:NOVELL:MESSENGER-BOF - APP: Novell Messenger Client Filename Parameter Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Novell Messenger. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Novell groupwise_messenger 1.0.6
- Novell groupwise_messenger 2.0
- Novell messenger up to 2.2.1
- Novell messenger 2.2.0
- Novell messenger up to 2.1
- Novell groupwise_messenger 2.0.2
- Novell groupwise_messenger up to 2.0.4
HTTP:STC:CVE-2019-6537-RCE - HTTP: WECON LeviStudio DataLogTool Multiple Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against WECON LeviStudio DataLogTool. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- We-con levistudiou 1.8.56
MS-RPC:CVE-2019-6550-RCE - MS-RPC: Advantech WebAccess SCADA Remote Code Execution
Severity: HIGH
Description:
This signature detects attempt to exploit a directory traversal and remote code execution vulnerability exists in Advantech WebAccess software. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.110121210, srx-12.1, srx-branch-12.1, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Advantech webaccess 8.3.5
APP:IBM:TIVOLI-OF - APP: IBM Tivoli Management Framework Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known flaw in IBM Tivoli Management Framework. An attacker can send an overly long parameter, which could result in arbitrary code execution or a denial of service.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ibm tivoli_management_framework 4.1.1
- Ibm tivoli_management_framework 4.1
- Ibm tivoli_management_framework 4.3.1
CHAT:ICQ:ISS-BLACKICE-OF - ICQ: ISS BlackIce ICQ Decoder META_USER Buffer Overflow
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in the ICQ decoder on ISS BlackIce network devices. Attackers can remotely execute arbitrary code.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ibm realsecure_server_sensor 6.0.1 Win SR1.1
- Ibm realsecure_server_sensor 6.5.0 Win SR3.1
- Ibm realsecure_sentry 3.6.0 ecb
- Ibm realsecure_server_sensor 5.0.0 Win
- Ibm realsecure_server_sensor 5.5.0 Win
- Ibm realsecure_server_sensor 5.5.2 Win
- Ibm realsecure_server_sensor 6.0.0 Win
- Ibm realsecure_server_sensor 6.0.1 Win
- Ibm realsecure_server_sensor 5.5.1 Win
- Ibm blackice_agent_for_server 3.6.0 eca
- Ibm blackice_server_protection 3.6.0 cbz
- Ibm realsecure_desktop 3.6.0 eca
- Ibm realsecure_desktop 7.0.0 ebg
- Ibm blackice_agent_for_server 3.6.0 ecb
- Ibm realsecure_desktop 7.0.0 ebh
- Ibm realsecure_desktop 3.6.0 ecb
- Ibm blackice_server_protection 3.6.0 ccb
- Ibm blackice_pc_protection 3.6.0 ccb
- Ibm realsecure_network_sensor 7.0.0 XPU 20.11
- Ibm proventia_g_series XPU 22.4
- Ibm realsecure_server_sensor 7.0.0 XPU 22.9
- Ibm realsecure_desktop 7.0.0 eba
- Ibm proventia_a_series XPU 22.9
- Ibm realsecure_server_sensor 7.0.0 XPU 22.11
- Ibm proventia_a_series XPU 20.11
- Ibm proventia_g_series XPU 22.11
- Ibm realsecure_server_sensor 7.0.0 XPU 22.8
- Ibm realsecure_server_sensor 7.0.0 XPU 22.7
- Ibm realsecure_server_sensor 7.0.0 XPU 22.6
- Ibm realsecure_server_sensor 7.0.0 XPU 22.5
- Ibm proventia_a_series XPU 22.8
- Ibm realsecure_server_sensor 7.0.0 XPU 22.4
- Ibm realsecure_server_sensor 7.0.0 XPU 22.3
- Ibm realsecure_server_sensor 7.0.0 XPU 22.2
- Ibm realsecure_server_sensor 7.0.0 XPU 22.1
- Ibm proventia_a_series XPU 22.7
- Ibm proventia_a_series XPU 22.6
- Ibm proventia_a_series XPU 22.5
- Ibm proventia_a_series XPU 22.4
- Ibm proventia_a_series XPU 22.3
- Ibm proventia_a_series XPU 22.2
- Ibm proventia_a_series XPU 22.1
- Ibm proventia_g_series XPU 22.8
- Ibm proventia_g_series XPU 22.7
- Ibm proventia_g_series XPU 22.6
- Ibm proventia_g_series XPU 22.5
- Ibm realsecure_desktop 3.6.0 ece
- Ibm proventia_g_series XPU 22.2
- Ibm proventia_g_series XPU 22.1
- Ibm proventia_m_series XPU 1.6
- Ibm proventia_m_series XPU 1.5
- Ibm proventia_m_series XPU 1.4
- Ibm realsecure_network_sensor 7.0.0 XPU 22.9
- Ibm proventia_m_series XPU 1.1
- Ibm proventia_m_series XPU 1.9
- Ibm realsecure_desktop 7.0.0 ebk
- Ibm realsecure_desktop 7.0.0 ebl
- Ibm realsecure_guard 3.6.0 ecb
- Ibm realsecure_desktop 3.6.0 ecf
- Ibm realsecure_guard 3.6.0 eca
- Ibm realsecure_guard 3.6.0 ecc
- Ibm proventia_g_series XPU 22.3
- Ibm realsecure_guard 3.6.0 ecf
- Ibm proventia_m_series XPU 1.3
- Ibm proventia_m_series XPU 1.7
- Ibm realsecure_sentry 3.6.0 ecc
- Ibm realsecure_sentry 3.6.0 ece
- Ibm realsecure_desktop 7.0.0 ebj
- Ibm realsecure_desktop 3.6.0 ecd
- Ibm realsecure_guard 3.6.0 ecd
- Ibm realsecure_sentry 3.6.0 ecd
- Ibm realsecure_sentry 3.6.0 eca
- Ibm blackice_server_protection 3.6.0 ccd
- Ibm proventia_a_series XPU 22.10
- Ibm proventia_g_series XPU 22.10
- Ibm proventia_m_series XPU 1.8
- Ibm realsecure_server_sensor 6.5.0 Win SR3.9
- Ibm realsecure_network_sensor 7.0.0 XPU 22.10
- Ibm realsecure_server_sensor 6.5.0 Win SR3.8
- Ibm realsecure_server_sensor 6.5.0 Win SR3.7
- Ibm realsecure_server_sensor 6.5.0 Win SR3.6
- Ibm realsecure_server_sensor 6.5.0 Win SR3.5
- Ibm realsecure_server_sensor 7.0.0 XPU 22.10
- Ibm realsecure_server_sensor 6.5.0 Win SR3.2
- Ibm blackice_pc_protection 3.6.0 cca
- Ibm blackice_pc_protection 3.6.0 ccc
- Ibm blackice_pc_protection 3.6.0 ccf
- Ibm blackice_pc_protection 3.6.0 cce
- Ibm realsecure_sentry 3.6.0 ecf
- Ibm blackice_server_protection 3.6.0 cca
- Ibm blackice_server_protection 3.6.0 ccc
- Ibm blackice_server_protection 3.6.0 cce
- Ibm blackice_server_protection 3.6.0 ccf
- Ibm blackice_agent_for_server 3.6.0 ecc
- Ibm blackice_agent_for_server 3.6.0 ecd
- Ibm blackice_pc_protection 3.6.0 ccd
- Ibm blackice_agent_for_server 3.6.0 ecf
- Ibm realsecure_server_sensor 6.5.0 Win SR3.10
- Ibm blackice_agent_for_server 3.6.0 ebz
- Ibm realsecure_network_sensor 7.0.0 XPU 22.4
- Ibm realsecure_desktop 7.0.0 ebf
- Ibm realsecure_desktop 3.6.0 ebz
- Ibm realsecure_guard 3.6.0 ebz
- Ibm realsecure_sentry 3.6.0 ebz
- Ibm realsecure_server_sensor 6.5.0 Win SR3.4
- Ibm realsecure_network_sensor 7.0.0
- Ibm realsecure_server_sensor 6.5.0 Win SR3.3
- Ibm proventia_m_series XPU 1.2
- Ibm realsecure_guard 3.6.0 ece
- Ibm blackice_pc_protection 3.6.0 .cbz
- Ibm blackice_agent_for_server 3.6.0 ece
- Ibm blackice_agent 3.1.0
- Ibm realsecure_server_sensor 6.5.0 Win
- Ibm proventia_g_series XPU 22.9
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the mIRC client. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Khaled_mardam-bey mirc 6.34
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability in the Oracle Database Server Package. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server, typically root.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Oracle oracle10g_standard_edition 10.1.0 .5
- Bea_systems weblogic_server 7.0.0 SP 1
- Hp oracle_for_openview_for_linux_ltu
- Bea_systems weblogic_server 6.1.0 SP 3
- Oracle oracle10g_application_server 10.1.2
- Bea_systems weblogic_server 8.1.0 SP 1
- Bea_systems weblogic_server 8.1.0 SP 6
- Bea_systems weblogic_server 7.0.0 SP 4
- Bea_systems weblogic_server 8.1.0 SP 2
- Oracle oracle10g_enterprise_edition 10.1.0 .5
- Oracle oracle9i_personal_edition 9.2.0 .8
- Bea_systems weblogic_server 6.1.0
- Bea_systems weblogic_server 6.1.0 SP 1
- Bea_systems weblogic_server 6.1.0 SP 2
- Oracle oracle9i_enterprise_edition 9.0.1 .5 FIPS
- Oracle oracle10g_standard_edition 10.2.0 .3
- Oracle oracle10g_personal_edition 10.2.0 .3
- Bea_systems weblogic_server 9.0
- Bea_systems weblogic_server 7.0.0 SP 3
- Oracle oracle10g_standard_edition 10.2.0.4
- Oracle oracle10g_enterprise_edition 10.2.0.4
- Oracle oracle10g_personal_edition 10.2.0.4
- Oracle timesten_in-memory_database 7.0.3.0.0
- Oracle oracle10g_application_server 10.1.2.3.0
- Oracle hyperion_bi_plus 9.2.0.3
- Oracle hyperion_bi_plus 9.2.1.0
- Hp oracle_for_openview 8.1.7
- Bea_systems weblogic_server 6.1.0 SP 5
- Oracle hyperion_performance_suite 8.3.2.4
- Bea_systems weblogic_server 6.1.0 SP 4
- Oracle e-business_suite_11i 11.5.10.2
- Oracle hyperion_bi_plus 9.3.1.0
- Oracle oracle10g_personal_edition 10.2.0 .2
- Bea_systems weblogic_server 7.0.0 SP 6
- Oracle peoplesoft_enterprise_peopletools 8.49.12
- Oracle oracle10g_enterprise_edition 10.2.0 .2
- Bea_systems weblogic_server 10.0
- Hp oracle_for_openview 9.2
- Oracle oracle9i_application_server 1.0.2 .2
- Oracle enterprise_manager_database_control_11i 11.1.0.6
- Oracle oracle9i_standard_edition 9.2.0 .8DV
- Oracle oracle9i_personal_edition 9.2.0 .8DV
- Oracle oracle9i_enterprise_edition 9.2.0 .8DV
- Oracle oracle10g_application_server 10.1.3 .1.0
- Hp oracle_for_openview 10g
- Hp oracle_for_openview 10gR2
- Oracle oracle10g_application_server 10.1.3 .3.0
- Oracle hyperion_performance_suite 8.5.0.3
- Bea_systems weblogic_server 9.2 Maintenance Pack 3
- Oracle peoplesoft_enterprise_customer_relationship_manage 8.9
- Oracle peoplesoft_enterprise_customer_relationship_manage 9.0
- Oracle oracle11g_standard_edition 11.1.0 6
- Oracle oracle10g_enterprise_edition 10.2.0 .3
- Oracle oracle11g_enterprise_edition 11.1.0 6
- Hp oracle_for_openview 9.1.01
- Oracle oracle10g_standard_edition 10.2.0 .2
- Bea_systems weblogic_server 7.0.0 SP 5
- Oracle oracle9i_personal_edition 9.0.1 .5 FIPS
- Bea_systems weblogic_server 8.1.0 SP 5
- Hp oracle_for_openview_for_linux_ltu_service_bureaus
- Oracle enterprise_manager_database_control_10g 10.2.0.4
- Bea_systems weblogic_server 10.0 MP1
- Oracle oracle9i_standard_edition 9.0.1 .5 FIPS
- Oracle peoplesoft_enterprise_peopletools 8.48.18
- Bea_systems weblogic_server 7.0.0 SP 2
- Oracle enterprise_manager_grid_control_10g 10.1.0 6
- Oracle enterprise_manager_database_control_10g 10.1.0.5
- Oracle enterprise_manager_database_control_10g 10.2.0.2
- Oracle enterprise_manager_database_control_10g 10.2.0.3
- Oracle oracle9i_enterprise_edition 9.2.0.8.0
- Oracle oracle10g_application_server 9.0.4 3
- Oracle oracle9i_standard_edition 9.2.0.8
- Oracle oracle11g_standard_edition_one 11.1.0 6
- Oracle enterprise_manager_grid_control_10g 10.1.0 .5
- Bea_systems weblogic_server 6.1.0 SP 7
- Bea_systems weblogic_server 9.2
- Oracle e-business_suite_12 12.0.4
- Oracle oracle10g_personal_edition 10.1.0.5
- Bea_systems weblogic_server 8.1.0 SP 4
- Bea_systems weblogic_server 7.0.0 SP 7
- Bea_systems weblogic_server 8.1.0 SP 3
APP:CITRIX:XENAPP-XML-RCE - APP: Citrix XenApp and XenDesktop XML Service Interface Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Citrix XenApp and XenDesktop XML Service. A successful attack can lead to a stack overflow and arbitrary remote code execution within the context of the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Citrix xenapp 4.5
- Citrix xenapp 4.5 Feature Pack 1
- Citrix xenapp 5.0
- Citrix xenapp 6.0
- Citrix xenapp_fundamentals 3.0
- Citrix xenapp_fundamentals 6.0
- Citrix xendesktop 4
- Citrix xenapp_fundamentals 2.0
HTTP:STC:ADOBE:CVE-2018-4895RCE - HTTP: Adobe Acrobat and Reader CVE-2018-4895 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Reader.A successful attack can lead to Remote Code Execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Adobe acrobat_dc 17.012.20096
- Adobe acrobat_dc 15.006.30033
- Adobe acrobat_reader_dc 15.006.30033
- Adobe acrobat_reader 17.000.0000
- Adobe acrobat_reader_dc 15.000.0000
- Adobe acrobat 17.008.30051
- Adobe acrobat_dc 17.000.0000
- Adobe acrobat_reader 17.011.30059
- Adobe acrobat_reader_dc 15.006.30119
- Adobe acrobat_dc 17.012.20093
- Adobe acrobat_reader_dc 15.006.30280
- Adobe acrobat_dc 15.006.30392
- Adobe acrobat_dc 15.006.30354
- Adobe acrobat_dc 15.016.20045
- Adobe acrobat_reader 17.011.30068
- Adobe acrobat_reader_dc 15.006.30394
- Adobe acrobat_reader_dc 15.006.30306
- Adobe acrobat_reader_dc 15.006.30352
- Adobe acrobat_dc 15.006.30394
- Adobe acrobat_dc 15.009.20077
- Adobe acrobat_reader_dc 15.006.30392
- Adobe acrobat_reader_dc 15.009.20071
- Adobe acrobat_dc 15.006.30306
- Adobe acrobat_dc 15.006.30119
- Adobe acrobat_reader_dc 15.006.30060
- Adobe acrobat_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30354
- Adobe acrobat_reader_dc 15.020.20039
- Adobe acrobat_reader_dc 18.009.20044
- Adobe acrobat_dc 15.009.20071
- Adobe acrobat_reader_dc 17.012.20095
- Adobe acrobat_reader_dc 15.009.20077
- Adobe acrobat_reader_dc 15.006.30096
- Adobe acrobat_reader_dc 15.023.20053
- Adobe acrobat_dc 15.006.30060
- Adobe acrobat_dc 15.020.20039
- Adobe acrobat_reader_dc 15.009.20079
- Adobe acrobat_dc 15.023.20056
- Adobe acrobat_dc 15.006.30096
- Adobe acrobat_dc 15.009.20069
- Adobe acrobat_dc 15.006.30094
- Adobe acrobat_dc 18.009.20044
- Adobe acrobat_dc 15.023.20053
- Adobe acrobat_dc 15.009.20079
- Adobe acrobat_dc 15.006.30244
- Adobe acrobat_dc 15.010.20056
- Adobe acrobat_reader_dc 15.023.20056
- Adobe acrobat_reader_dc 15.006.30244
- Adobe acrobat_reader_dc 15.010.20056
- Adobe acrobat_reader_dc 17.012.20098
- Adobe acrobat_reader 17.011.30065
- Adobe acrobat_reader_dc 15.017.20053
- Adobe acrobat_reader_dc 15.006.30279
- Adobe acrobat_dc 15.006.30172
- Adobe acrobat_reader_dc 15.006.30174
- Adobe acrobat_dc 17.012.20098
- Adobe acrobat 17.011.30066
- Adobe acrobat_dc 15.006.30174
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat_reader_dc 15.006.30172
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat 17.000.0000
- Adobe acrobat 17.011.30056
- Adobe acrobat_dc 15.000.0000
- Adobe acrobat_reader_dc 17.000.0000
- Adobe acrobat_reader_dc 15.010.20060
- Adobe acrobat_dc 15.006.30279
- Adobe acrobat_dc 17.009.20044
- Adobe acrobat_dc 15.017.20053
- Adobe acrobat_reader_dc 17.009.20058
- Adobe acrobat 17.011.30068
- Adobe acrobat_dc 15.010.20060
- Adobe acrobat_dc 15.006.30355
- Adobe acrobat_reader_dc 17.009.20044
- Adobe acrobat 17.011.30059
- Adobe acrobat_reader_dc 15.008.20082
- Adobe acrobat_dc 15.006.30173
- Adobe acrobat_reader_dc 15.006.30355
- Adobe acrobat_dc 15.008.20082
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_reader_dc 15.006.30097
- Adobe acrobat_reader_dc 15.016.20039
- Adobe acrobat_reader_dc 15.006.30173
- Adobe acrobat_dc 15.006.30097
- Adobe acrobat_dc 15.006.30201
- Adobe acrobat_reader_dc 15.006.30201
- Adobe acrobat_reader_dc 15.020.20042
- Adobe acrobat_dc 15.006.30121
- Adobe acrobat 17.011.30070
- Adobe acrobat_dc 15.016.20039
- Adobe acrobat_reader_dc 15.006.30243
- Adobe acrobat_dc 18.009.20050
- Adobe acrobat_reader 17.011.30070
- Adobe acrobat_dc 15.006.30243
- Adobe acrobat_reader_dc 15.009.20069
- Adobe acrobat_dc 15.020.20042
- Adobe acrobat_reader_dc 15.006.30198
- Adobe acrobat_reader 17.011.30066
- Adobe acrobat_dc 17.009.20058
- Adobe acrobat_reader_dc 18.009.20050
- Adobe acrobat_reader_dc 15.006.30094
- Adobe acrobat_reader_dc 15.010.20059
- Adobe acrobat_dc 17.012.20095
- Adobe acrobat_dc 15.006.30198
- Adobe acrobat_reader_dc 15.017.20050
- Adobe acrobat_reader_dc 15.016.20045
- Adobe acrobat_dc 15.010.20059
- Adobe acrobat_dc 15.017.20050
- Adobe acrobat 17.011.30065
- Adobe acrobat_dc 15.016.20041
- Adobe acrobat_dc 15.006.30280
- Adobe acrobat_reader_dc 15.016.20041
- Adobe acrobat_reader_dc 17.012.20093
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against MailEnable Professional. MailEnable Professional version 1.5 and earlier might be vulnerable. Attackers can supply the STATUS command with a large input string attempting to exploit this vulnerability. Successful exploitation can lead to arbitrary remote code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Mailenable mailenable_enterprise_edition 1.0.0 1
- Mailenable mailenable_professional 1.5.0
- Mailenable mailenable_professional 1.54.0
- Mailenable mailenable_enterprise_edition 1.0.0
- Mailenable mailenable_enterprise_edition 1.0.0 2
- Mailenable mailenable_enterprise_edition 1.0.0 3
- Mailenable mailenable_enterprise_edition 1.0.0 4
- Mailenable mailenable_professional 1.53.0
- Mailenable mailenable_professional 1.51.0
- Mailenable mailenable_professional 1.52.0
HTTP:STC:IE:MEMCORRUPT2 - HTTP: Internet Explorer HTML Objects Memory Corruption (2)
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. Version 7 is vulnerable. Successful attackers can crash the application and possibly execute arbitrary code.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft internet_explorer 6.0
- Hp storage_management_appliance 2.1
- Microsoft internet_explorer 5.0.1
- Nortel_networks self-service_peri_workstation
- Nortel_networks contact_center-contact_recording
- Nortel_networks contact_center-quality_monitoring
- Microsoft internet_explorer 5.0.1 SP4
- Nortel_networks self-service_speech_server
- Microsoft internet_explorer 6.0 SP1
- Nortel_networks contact_center_manager_server
- Nortel_networks contact_center
- Microsoft internet_explorer 5.0.1 SP2
- Nortel_networks media_processing_server
- Nortel_networks media_processing_svr_100
- Nortel_networks self-service_peri_application
- Nortel_networks contact_center_express
- Nortel_networks contact_center_multimedia
- Nortel_networks contact_center_manager
- Nortel_networks self-service-peri_application_rel 3.0
- Nortel_networks media_processing_svr_1000_rel 3.0
- Nortel_networks media_processing_svr_500_rel 3.0
- Microsoft internet_explorer 5.0.1 SP3
- Nortel_networks self-service_media_processing_server
- Nortel_networks mps_speech_server 6.0
- Microsoft internet_explorer 5.0.1 SP1
Severity: HIGH
Description:
This signature detects Web pages obfuscated (made unclear) with JavaScript. This is a technique commonly used by malicious Web sites to hide the malicious nature of the Web pages being downloaded by a user. A successful attack allows the Web page creator to take control of the victim's system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against IBM's DB2 database server. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, idp-5.0.110121210, srx-12.1, srx-branch-12.1, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Ibm db2_universal_database_for_aix 9.1 FixPak 3
- Ibm db2_universal_database_for_hp-ux 9.1 FixPak 3
- Ibm db2_universal_database_for_linux 9.1 FixPak 3
- Ibm db2_universal_database_for_solaris 9.1 FixPak 3
- Ibm db2_universal_database_for_windows 9.1 FixPak 3
- Ibm db2_universal_database_for_aix 9.1 FixPak 4a
- Ibm db2_universal_database_for_hp-ux 9.1 FixPak 4a
- Ibm db2_universal_database_for_linux 9.1 FixPak 4a
- Ibm db2_universal_database_for_solaris 9.1 FixPak 4a
- Ibm db2_universal_database_for_hp-ux 9.1
- Ibm db2_universal_database_for_linux 9.1
- Ibm db2_universal_database_for_hp-ux 9.1 Fixpak 4
- Ibm db2_universal_database_for_solaris 9.1
- Ibm db2_universal_database_for_windows 9.1
- Ibm db2_universal_database_for_aix 9.1 FixPack 2
- Ibm db2_universal_database_for_aix 9.1
- Ibm db2_universal_database_for_hp-ux 9.1 FixPack 2
- Ibm db2_universal_database_for_linux 9.1 FixPack 2
- Ibm db2_universal_database_for_solaris 9.1 FixPack 2
- Ibm db2_universal_database_for_windows 9.1 FixPack 2
- Ibm db2_universal_database_for_aix 9.1 FixPak 4
- Ibm db2_universal_database_for_linux 9.1 FixPak 4
- Ibm db2_universal_database_for_solaris 9.1 FixPak 4
- Ibm db2_universal_database_for_windows 9.1 FixPak 4
- Ibm db2_universal_database_for_windows 9.1Fix Pak 4a
HTTP:LIBGD-HEAP-BO - HTTP: GD Library libgd gd_gd2.c Heap Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against LibGD. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Libgd libgd 2.1.1
- Debian debian_linux 7.0
- Debian debian_linux 8.0
HTTP:EXPLOIT-KIT-STYX-PLU - HTTP: Styx Exploit Kit Plugin Detection Connection
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known vulnerability against WinFtp Server 2.0.2. A successful attack can result in a denial-of-service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Winftp_server winftp_server 2.0.2
DB:ORACLE:ODCITABLESTART-OF - DB: Oracle Database SYS.OLAPIMPL_T Package ODCITABLESTART Buffer Overflow
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in the Oracle Database SYS.OLAPIMPL_T Package. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server, typically SYSTEM.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Bea_systems weblogic_portal 8.1.0 SP6
- Oracle oracle10g_standard_edition 10.1.0 .5
- Bea_systems weblogic_server 7.0.0 .0.1
- Bea_systems weblogic_server 7.0.0 SP 1
- Oracle oracle10g_personal_edition 10.1.0.5
- Bea_systems weblogic_server 7.0.0
- Oracle collaboration_suite_release_1 10.1.2
- Bea_systems weblogic_server 8.1.0 SP 6
- Bea_systems weblogic_server 7.0.0 SP 4
- Bea_systems weblogic_server 7.0.0 .0.1 SP 1
- Bea_systems weblogic_server 7.0.0 .0.1 SP 4
- Bea_systems weblogic_server 7.0.0 .0.1 SP 3
- Bea_systems weblogic_server 8.1.0 SP 2
- Oracle oracle10g_enterprise_edition 10.1.0 .5
- Oracle secure_backup 10.2.0.3
- Bea_systems weblogic_server 8.1
- Bea_systems weblogic_server 7.0.0 SP 5
- Bea_systems weblogic_server 7.0.0 SP 6
- Oracle oracle10g_enterprise_edition 10.2.0 .3
- Oracle oracle10g_standard_edition 10.2.0 .3
- Oracle oracle10g_personal_edition 10.2.0 .3
- Bea_systems weblogic_portal 8.1.0 SP5
- Bea_systems weblogic_server 9.0
- Bea_systems weblogic_server 7.0.0 SP 3
- Oracle oracle10g_standard_edition 10.2.0.4
- Oracle oracle10g_enterprise_edition 10.2.0.4
- Oracle oracle10g_personal_edition 10.2.0.4
- Oracle oracle10g_application_server 10.1.2.3.0
- Bea_systems weblogic_server 7.0 SP7
- Bea_systems weblogic_server 9.1
- Oracle secure_backup 10.2.0.2
- Bea_systems weblogic_server 7.0.0 .0.1 SP 2
- Oracle secure_backup 10.1.0.1
- Oracle oracle10g_personal_edition 10.2.0 .2
- Oracle secure_backup 10.1.0.3
- Oracle timesten_in-memory_database 7.0.5.1.0
- Bea_systems weblogic_portal 8.1.0 SP2
- Bea_systems weblogic_portal 8.1.0 SP3
- Oracle timesten_in-memory_database 7.0.5.4.0
- Oracle e-business_suite_12 12.0.6
- Oracle enterprise_manager_grid_control_10g 10.2.0.4
- Oracle oracle9i_standard_edition 9.2.0 .8DV
- Oracle oracle9i_personal_edition 9.2.0 .8DV
- Oracle oracle9i_enterprise_edition 9.2.0 .8DV
- Oracle oracle10g_enterprise_edition 10.2.0 .2
- Bea_systems weblogic_portal 10.0 MP1
- Bea_systems weblogic_portal 10.2
- Oracle oracle10g_application_server 10.1.3 .3.0
- Bea_systems weblogic_server 7.0.0 SP 2
- Bea_systems weblogic_server 9.2 Maintenance Pack 3
- Bea_systems weblogic_portal 10.3
- Bea_systems weblogic_server 10.3
- Oracle e-business_suite_11i 11.5.10.2
- Bea_systems weblogic_portal 10.0
- Oracle oracle11g_standard_edition_one 11.1.0 6
- Oracle oracle11g_enterprise_edition 11.1.0 6
- Bea_systems weblogic_server 8.1.0 SP 3
- Oracle oracle10g_standard_edition 10.2.0 .2
- Oracle oracle10g_enterprise_edition 10.2.0.2 64 bit
- Bea_systems weblogic_server 8.1.0 SP 1
- Oracle secure_backup 10.1.0.2
- Bea_systems weblogic_server 10.0 MP1
- Bea_systems weblogic_server 8.1.0
- Bea_systems weblogic_portal 8.1.0
- Oracle timesten_in-memory_database 7.0.5.2.0
- Oracle oracle11g_standard_edition 11.1.0 6
- Bea_systems weblogic_portal 8.1.0 SP1
- Oracle oracle9i_enterprise_edition 9.2.0.8.0
- Oracle oracle9i_personal_edition 9.2.0 .8
- Oracle oracle9i_standard_edition 9.2.0.8
- Oracle oracle10g_application_server 10.1.2 .2.0
- Bea_systems weblogic_portal 9.2 MP3
- Oracle timesten_in-memory_database 7.0.5.3.0
- Bea_systems weblogic_server 10.0
- Bea_systems weblogic_server 9.2
- Bea_systems weblogic_portal 8.1.0 SP4
- Bea_systems weblogic_server 8.1.0 SP 4
- Bea_systems weblogic_portal 9.2
- Bea_systems weblogic_server 7.0.0 SP 7
- Bea_systems weblogic_server 8.1.0 SP 5
HTTP:STC:IE:EVENT-HANDLER-RCE - HTTP: Microsoft Internet Explorer Event Handler Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Avaya meeting_exchange 5.2
- Microsoft internet_explorer 7.0
- Microsoft internet_explorer 6.0 SP3
- Microsoft internet_explorer 7.0
- Avaya callpilot 4.0
- Avaya callpilot 5.0
- Avaya communication_server_1000_telephony_manager 3.0
- Avaya communication_server_1000_telephony_manager 4.0
- Avaya messaging_application_server 5.2
- Avaya meeting_exchange 5.0 SP1
- Avaya meeting_exchange 5.0 SP2
- Avaya meeting_exchange 5.1 SP1
- Avaya meeting_exchange 5.0
- Microsoft internet_explorer 6.0 SP1
- Avaya meeting_exchange-client_registration_server
- Avaya meeting_exchange 5.0.0.0.52
- Avaya meeting_exchange-streaming_server
- Avaya meeting_exchange-web_conferencing_server
- Avaya meeting_exchange-webportal
- Microsoft internet_explorer 6.0 SP2
- Microsoft internet_explorer 6.0
- Avaya messaging_application_server 5
- Avaya meeting_exchange-recording_server
- Avaya aura_conferencing 6.0 Standard
- Avaya meeting_exchange 5.1
- Avaya meeting_exchange 5.2 SP2
- Avaya meeting_exchange 5.2 SP1
FTP:FREEFLOAT-CMD-BO - FTP: FreeFloat FTP Server Invalid Command Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the FreeFloat FTP Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Freefloat freefloat_ftp_server 1.0
Severity: CRITICAL
Description:
This signature detects an attempt to exploit a known vulnerability in the Sybase EAServer WebConsole. Sybase EAServer versions 5.2 and earlier are vulnerable. By supplying a maliciously crafted URL request, the client can potentially execute arbitrary commands on the server with daemon permissions.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Sybase enterprise_application_server 4.2.0
- Sybase enterprise_application_server 4.2.2
- Sybase enterprise_application_server 4.2.5
- Sybase enterprise_application_server 5.0.0
- Sybase enterprise_application_server 5.1.0
- Sybase enterprise_application_server 5.2.0
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the BEA Weblogic. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Bea_systems weblogic_portal 8.1.0 SP6
- Oracle oracle10g_standard_edition 10.1.0 .5
- Bea_systems weblogic_server 7.0.0 .0.1
- Bea_systems weblogic_server 7.0.0 SP 1
- Oracle oracle10g_personal_edition 10.1.0.5
- Bea_systems weblogic_server 7.0.0
- Oracle collaboration_suite_release_1 10.1.2
- Bea_systems weblogic_server 8.1.0 SP 6
- Bea_systems weblogic_server 7.0.0 SP 4
- Bea_systems weblogic_server 7.0.0 .0.1 SP 1
- Bea_systems weblogic_server 7.0.0 .0.1 SP 4
- Bea_systems weblogic_server 7.0.0 .0.1 SP 3
- Bea_systems weblogic_server 8.1.0 SP 2
- Oracle oracle10g_enterprise_edition 10.1.0 .5
- Oracle secure_backup 10.2.0.3
- Bea_systems weblogic_server 8.1
- Bea_systems weblogic_server 7.0.0 SP 5
- Bea_systems weblogic_server 7.0.0 SP 6
- Oracle oracle10g_enterprise_edition 10.2.0 .3
- Oracle oracle10g_standard_edition 10.2.0 .3
- Oracle oracle10g_personal_edition 10.2.0 .3
- Bea_systems weblogic_portal 8.1.0 SP5
- Bea_systems weblogic_server 9.0
- Bea_systems weblogic_server 7.0.0 SP 3
- Oracle oracle10g_standard_edition 10.2.0.4
- Oracle oracle10g_enterprise_edition 10.2.0.4
- Oracle oracle10g_personal_edition 10.2.0.4
- Oracle oracle10g_application_server 10.1.2.3.0
- Bea_systems weblogic_server 7.0 SP7
- Bea_systems weblogic_server 9.1
- Oracle secure_backup 10.2.0.2
- Bea_systems weblogic_server 7.0.0 .0.1 SP 2
- Oracle secure_backup 10.1.0.1
- Oracle oracle10g_personal_edition 10.2.0 .2
- Oracle secure_backup 10.1.0.3
- Oracle timesten_in-memory_database 7.0.5.1.0
- Bea_systems weblogic_portal 8.1.0 SP2
- Bea_systems weblogic_portal 8.1.0 SP3
- Oracle timesten_in-memory_database 7.0.5.4.0
- Oracle e-business_suite_12 12.0.6
- Oracle enterprise_manager_grid_control_10g 10.2.0.4
- Oracle oracle9i_standard_edition 9.2.0 .8DV
- Oracle oracle9i_personal_edition 9.2.0 .8DV
- Oracle oracle9i_enterprise_edition 9.2.0 .8DV
- Oracle oracle10g_enterprise_edition 10.2.0 .2
- Bea_systems weblogic_portal 10.0 MP1
- Bea_systems weblogic_portal 10.2
- Oracle oracle10g_application_server 10.1.3 .3.0
- Bea_systems weblogic_server 7.0.0 SP 2
- Bea_systems weblogic_server 9.2 Maintenance Pack 3
- Bea_systems weblogic_portal 10.3
- Bea_systems weblogic_server 10.3
- Oracle e-business_suite_11i 11.5.10.2
- Bea_systems weblogic_portal 10.0
- Oracle oracle11g_standard_edition_one 11.1.0 6
- Oracle oracle11g_enterprise_edition 11.1.0 6
- Bea_systems weblogic_server 8.1.0 SP 3
- Oracle oracle10g_standard_edition 10.2.0 .2
- Oracle oracle10g_enterprise_edition 10.2.0.2 64 bit
- Bea_systems weblogic_server 8.1.0 SP 1
- Oracle secure_backup 10.1.0.2
- Bea_systems weblogic_server 10.0 MP1
- Bea_systems weblogic_server 8.1.0
- Bea_systems weblogic_portal 8.1.0
- Oracle timesten_in-memory_database 7.0.5.2.0
- Oracle oracle11g_standard_edition 11.1.0 6
- Bea_systems weblogic_portal 8.1.0 SP1
- Oracle oracle9i_enterprise_edition 9.2.0.8.0
- Oracle oracle9i_personal_edition 9.2.0 .8
- Oracle oracle9i_standard_edition 9.2.0.8
- Oracle oracle10g_application_server 10.1.2 .2.0
- Bea_systems weblogic_portal 9.2 MP3
- Oracle timesten_in-memory_database 7.0.5.3.0
- Bea_systems weblogic_server 10.0
- Bea_systems weblogic_server 9.2
- Bea_systems weblogic_portal 8.1.0 SP4
- Bea_systems weblogic_server 8.1.0 SP 4
- Bea_systems weblogic_portal 9.2
- Bea_systems weblogic_server 7.0.0 SP 7
- Bea_systems weblogic_server 8.1.0 SP 5
HTTP:STC:DL:MSWMM-OF - HTTP: Microsoft Windows Movie Maker and Producer Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Microsoft Movie Maker. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_movie_maker 2.1
- Microsoft windows_movie_maker 6.0
- Microsoft windows_movie_maker 2.6
- Microsoft producer_2003
SMTP:MAL:LOTUS-MAILTO - SMTP: IBM Lotus Domino nrouter.exe iCalendar MAILTO Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known stack buffer overflow vulnerability in IBM Lotus Domino Server. It is due an error in processing e-mail messages containing iCalendar requests. A remote unauthenticated attacker could leverage this by sending a malicious iCalendar e-mail message to a target server. A successful attack can lead to the execution of arbitrary code on a target server, within the security context of the affected service. In an unsuccessful attack, the target server can terminate abnormally.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Ibm lotus_domino 6.5.0
- Ibm lotus_domino 8.0.2
- Ibm lotus_domino 4.6.1
- Ibm lotus_domino 6.0.1.3
- Ibm lotus_domino 8.5
- Ibm lotus_domino 6.0.1.1
- Ibm lotus_domino 4.6.4
- Ibm lotus_domino 5.0.10
- Ibm lotus_domino 5.0.4A
- Ibm lotus_domino 6.5.5
- Ibm lotus_domino 6.5.6
- Ibm lotus_domino 6.0.2.2
- Ibm lotus_domino 7.0.2 FP1
- Ibm lotus_domino 7.0.4
- Ibm lotus_domino 6.5.5 FP3
- Ibm lotus_domino 6.0.2 CF2
- Ibm lotus_domino 5.0.2
- Ibm lotus_domino 6.5.3
- Ibm lotus_domino 8.5 FP1
- Ibm lotus_domino 5.0.7
- Ibm lotus_domino 6.5.3.1
- Ibm lotus_domino 6.5.2.1
- Ibm lotus_domino 5.0.8A
- Ibm lotus_domino 6.0.1.2
- Ibm lotus_domino 6.5.4
- Ibm lotus_domino 5.0.6A
- Ibm lotus_domino 5.0.5
- Ibm lotus_domino 5.0.6
- Ibm lotus_domino 5.0.3
- Ibm lotus_domino 5.0.11
- Ibm lotus_domino 5.0.9
- Ibm lotus_domino 4.6.3
- Ibm lotus_domino 5.0.13
- Ibm lotus_domino 5.0.8
- Ibm lotus_domino 6.0.4
- Ibm lotus_domino 6.5
- Ibm lotus_domino 6.5.4.3
- Ibm lotus_domino 8.0
- Ibm lotus_domino 6.5.4 FP 1
- Ibm lotus_domino 6.5.4 FP 2
- Ibm lotus_domino 5.0.9A
- Ibm lotus_domino 5.0.7A
- Ibm lotus_domino 6.0.5
- Ibm lotus_domino 5.0
- Ibm lotus_domino 6.0.3
- Ibm lotus_domino 7.0.3 Fix Pack 1 (FP1)
- Ibm lotus_domino 8.0.1
- Ibm lotus_domino 7.0.0
- Ibm lotus_domino 5.0.4
- Ibm lotus_domino 6.0.0
- Ibm lotus_domino 6.5.2
- Ibm lotus_domino 6.5.5 FP2
- Ibm lotus_domino 6.5.5 FP1
- Ibm lotus_domino 7.0.2
- Ibm lotus_domino 5.0.1
- Ibm lotus_domino 7.0.2 FP2
- Ibm lotus_domino 6.0.2
- Ibm lotus_domino 7.0.3
- Ibm lotus_domino 6.0.1
- Ibm lotus_domino 7.0.2 FP3
- Ibm lotus_domino 6.5.1
- Ibm lotus_domino 7.0.1
- Ibm lotus_domino 6.0.2.1
- Ibm lotus_domino 6.5.0 .0
HTTP:STC:JAVA:DOCBASE-BOF - HTTP: Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known code execution vulnerability in Oracle Java. It is contained in the Java plugin handler for Internet Explorer, JP2IEXP.dll. While parsing the parameter docbase, the value is copied into a fixed length buffer on the stack without validation. This can lead to a stack buffer overflow. An attacker can exploit this by enticing a user to visit a specially crafted Web site. This can lead to arbitrary code execution in the context of the affected application
Supported On:
idp-5.1.110161014, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Red_hat enterprise_linux_supplementary 5 Server
- Sun jdk_(solaris_production_release) 1.6.0 10
- Sun jdk_(windows_production_release) 1.6.0 10
- Sun jdk_(solaris_production_release) 1.6.0 04
- Sun jdk_(windows_production_release) 1.6.0 04
- Sun jdk_(solaris_production_release) 1.6.0 14
- Sun jdk_(windows_production_release) 1.6.0 14
- Sun jdk_(solaris_production_release) 1.6.0 13
- Sun jdk_(windows_production_release) 1.6.0 13
- Sun jdk_(solaris_production_release) 1.6.0 11
- Sun jdk_(windows_production_release) 1.6.0 11
- Sun jre_(linux_production_release) 1.6.0 13
- Sun jdk_(solaris_production_release) 1.6.0 05
- Sun jdk_(windows_production_release) 1.6.0 05
- Sun jdk_(windows_production_release) 1.6.0 06
- Sun jdk_(solaris_production_release) 1.6.0 06
- Sun jdk_(solaris_production_release) 1.6.0 07
- Sun jdk_(windows_production_release) 1.6.0 07
- Sun jdk_(solaris_production_release) 1.6.0
- Sun jdk_(windows_production_release) 1.6.0
- Sun jre_(solaris_production_release) 1.6.0
- Sun jre_(windows_production_release) 1.6.0
- Sun jre_(solaris_production_release) 1.6.0 10
- Sun jre_(windows_production_release) 1.6.0 10
- Avaya proactive_contact 3.0.3
- Sun jre_(solaris_production_release) 1.6.0 12
- Sun jre_(windows_production_release) 1.6.0 12
- Sun jre_(solaris_production_release) 1.6.0 13
- Sun jre_(windows_production_release) 1.6.0 13
- Sun jre_(solaris_production_release) 1.6.0 04
- Sun jre_(windows_production_release) 1.6.0 04
- Sun jre_(solaris_production_release) 1.6.0 05
- Sun jre_(windows_production_release) 1.6.0 05
- Sun jre_(solaris_production_release) 1.6.0 06
- Sun jre_(windows_production_release) 1.6.0 06
- Sun jre_(solaris_production_release) 1.6.0 07
- Sun jre_(windows_production_release) 1.6.0 07
- Vmware esx 4.1 Update 1
- Avaya aura_conferencing 6.0 Standard
- Hp hp-ux B.11.31
- Sun jdk_(windows_production_release) 1.6.0 18
- Sun jdk_(solaris_production_release) 1.6.0 18
- Sun jdk_(linux_production_release) 1.6.0 18
- Sun jre_(linux_production_release) 1.6.0 18
- Sun jre_(windows_production_release) 1.6.0 18
- Sun jre_(solaris_production_release) 1.6.0 18
- Hp hp-ux B.11.23
- Sun jdk_(linux_production_release) 1.6.0_21
- Sun jdk_(solaris_production_release) 1.6.0_21
- Sun jdk_(windows_production_release) 1.6.0_21
- Sun jre_(linux_production_release) 1.6.0_21
- Sun jre_(solaris_production_release) 1.6.0_21
- Sun jre_(windows_production_release) 1.6.0_21
- Vmware vcenter 4.1
- Vmware vcenter 4.1 Update 1
- Hp hp-ux B.11.11
- Sun jdk_(linux_production_release) 1.6.0 02
- Sun jdk_(windows_production_release) 1.6.0 02
- Sun jre_(linux_production_release) 1.6.0 04
- Sun jre_(linux_production_release) 1.6.0 02
- Sun jdk_(linux_production_release) 1.6.0 04
- Sun jdk_(linux_production_release) 1.6.0
- Sun jre_(windows_production_release) 1.6.0 01
- Sun jre_(windows_production_release) 1.6.0 02
- Sun jre_(linux_production_release) 1.6.0 20
- Sun jre_(windows_production_release) 1.6.0 20
- Sun jre_(linux_production_release) 1.6.0 19
- Sun jre_(linux_production_release) 1.6.0 07
- Sun jdk_(linux_production_release) 1.6.0 07
- Sun jdk_(solaris_production_release) 1.6.0 19
- Sun jdk_(windows_production_release) 1.6.0 19
- Sun jdk_(linux_production_release) 1.6.0 19
- Sun jdk_(solaris_production_release) 1.6.0 03
- Sun jdk_(linux_production_release) 1.6.0 03
- Sun jdk_(windows_production_release) 1.6.0 20
- Suse suse_linux_enterprise 11
- Sun jdk_(linux_production_release) 1.6.0 13
- Sun jdk_(windows_production_release) 1.6.0 03
- Sun jre_(linux_production_release) 1.6.0 03
- Sun jre_(solaris_production_release) 1.6.0 03
- Sun jre_(windows_production_release) 1.6.0 03
- Sun jre_(linux_production_release) 1.6.0 12
- Sun jdk_(solaris_production_release) 1.6.0 02
- Sun jdk_(linux_production_release) 1.6.0 05
- Sun jre_(linux_production_release) 1.6.0 05
- Sun jre_(linux_production_release) 1.6.0 11
- Sun jdk_(solaris_production_release) 1.6.0 17
- Sun jdk_(linux_production_release) 1.6.0 06
- Sun jre_(linux_production_release) 1.6.0
- Sun jre_(linux_production_release) 1.6.0 10
- Sun jre_(linux_production_release) 1.6.0 06
- Red_hat enterprise_linux_desktop_supplementary 5 Client
- Sun jdk_(windows_production_release) 1.6.0 01
- Sun jdk_(linux_production_release) 1.6.0 01
- Sun jdk_(windows_production_release) 1.6.0 01-B06
- Hp hp-ux B.11.23
- Sun jdk_(solaris_production_release) 1.6.0 01
- Sun jdk_(linux_production_release) 1.6.0 01-B06
- Sun jre_(linux_production_release) 1.6.0 01
- Gentoo linux
- Sun jdk_(linux_production_release) 1.6.0 14
- Sun jre_(solaris_production_release) 1.6.0 01
- Sun jre_(solaris_production_release) 1.6.0 02
- Sun jdk_(linux_production_release) 1.6.0 15
- Sun jdk_(windows_production_release) 1.6.0 15
- Sun jdk_(solaris_production_release) 1.6.0 15
- Sun jre_(solaris_production_release) 1.6.0 15
- Sun jre_(windows_production_release) 1.6.0 15
- Sun jre_(linux_production_release) 1.6.0 15
- Sun jdk_(solaris_production_release) 1.6.0 20
- Sun jdk_(linux_production_release) 1.6.0 20
- Sun jre_(linux_production_release) 1.6.0 14
- Sun jre_(windows_production_release) 1.6.0 14
- Sun jre_(solaris_production_release) 1.6.0 14
- Suse suse_linux_enterprise 11 SP1
- Red_hat enterprise_linux_extras 4
- Hp hp-ux B.11.23
- Sun jdk_(linux_production_release) 1.6.0 10
- Sun jre_(solaris_production_release) 1.6.0 2
- Sun jre_(windows_production_release) 1.6.0 2
- Avaya proactive_contact 3.0.2
- Sun jre_(windows_production_release) 1.6.0 19
- Sun jre_(solaris_production_release) 1.6.0 19
- Sun jre_(linux_production_release) 1.6.0 17
- Sun jre_(solaris_production_release) 1.6.0 17
- Sun jre_(windows_production_release) 1.6.0 17
- Suse opensuse 11.3
- Sun jdk_(linux_production_release) 1.6.0 17
- Sun jre_(solaris_production_release) 1.6.0 11
- Sun jre_(windows_production_release) 1.6.0 11
- Sun jdk_(windows_production_release) 1.6.0 17
- Suse opensuse 11.2
- Red_hat enterprise_linux_extras 4.8.Z
- Hp hp-ux B.11.11
- Vmware esx 4.1
- Hp hp-ux B.11.31
- Sun jdk_(linux_production_release) 1.6.0 11
- Sun jdk_(solaris_production_release) 1.6.0 01-B06
- Suse opensuse 11.1
- Avaya proactive_contact 3.0
SMTP:IIS:CDO-OF - SMTP: Collaboration Data Objects Vulnerability
Severity: MEDIUM
Description:
This signature detects the SMTP transmission of a maliciously crafted e-mail, designed to exploit a vulnerability in Microsoft IIS.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Microsoft windows_xp_professional
- Microsoft windows_xp_home
- Microsoft windows_2000_datacenter_server
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_server SP3
- Microsoft windows_2000_advanced_server SP3
- Microsoft exchange_server_2000 SP3
- Microsoft windows_2000_datacenter_server SP3
- Microsoft exchange_server_2000 SP2
- Microsoft windows_xp_tablet_pc_edition SP2
- Microsoft windows_2000_datacenter_server SP1
- Microsoft exchange_server_2000 SP3
- Microsoft windows_2000_professional
- Microsoft iis 5.0
- Microsoft windows_2000_server
- Microsoft windows_2000_advanced_server
- Microsoft windows_2000_advanced_server SP1
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_server SP4
- Nortel_networks centrex_ip_client_manager 2.5.0
- Nortel_networks centrex_ip_client_manager 7.0.0
- Nortel_networks centrex_ip_client_manager 8.0.0
- Nortel_networks centrex_ip_element_manager 8.0.0
- Nortel_networks centrex_ip_element_manager 7.0.0
- Nortel_networks centrex_ip_element_manager 2.5.0
- Microsoft windows_xp_media_center_edition
- Microsoft windows_2000_server SP1
- Microsoft windows_xp_home SP1
- Microsoft windows_server_2003_standard_edition
- Microsoft iis 5.1
- Microsoft windows_2000_professional SP1
- Microsoft windows_xp_media_center_edition SP2
- Microsoft exchange_server_2000 SP1
- Microsoft windows_server_2003_standard_x64_edition
- Microsoft windows_server_2003_enterprise_x64_edition
- Microsoft windows_xp_professional SP1
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_server_2003_datacenter_edition SP1
- Microsoft windows_server_2003_datacenter_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition SP1
- Microsoft windows_server_2003_standard_edition SP1
- Microsoft windows_server_2003_web_edition SP1
- Microsoft windows_2000_advanced_server SP2
- Microsoft windows_2000_datacenter_server SP2
- Microsoft windows_2000_professional SP2
- Microsoft windows_2000_server SP2
- Nortel_networks centrex_ip_client_manager
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_web_edition
- Microsoft windows_server_2003_enterprise_edition_itanium
- Microsoft windows_server_2003_datacenter_edition_itanium
- Microsoft iis 6.0
- Microsoft exchange_server_2000
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_professional SP2
- Microsoft windows_xp_tablet_pc_edition SP1
- Microsoft windows_xp_media_center_edition SP1
APP:IBM:INFORMIX-CMD-OF - APP: IBM Informix Dynamic Server Command Argument Processing Stack Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the IBM Informix Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ibm informix_ids 10.0 xC3
- Ibm informix_ids 11.10
- Ibm informix_ids 9.40.0 .UC1
- Ibm informix_ids 7.3
- Ibm informix_ids 9.40.0 .UC2
- Ibm informix_ids 9.40.0 .UC3
- Ibm informix_ids 11.10.xC2
- Ibm informix_ids 9.40.UC5
- Ibm informix_ids 10.00.xC7W1
- Ibm informix_ids 10.00.xC8
- Ibm informix_ids 9.4
- Ibm informix_ids 10.0
- Ibm informix_ids 9.3.0
- Ibm informix_ids 9.40.TC5
- Ibm informix_ids 7.31 .xD9
- Ibm informix_ids 9.40.xD8
- Ibm informix_ids 10.0.xC4
- Ibm informix_ids 7.31 .xD8
- Ibm informix_ids 9.40
APP:CITRIX:STREAMPROCESS-BOF - APP: Citrix Provisioning Services streamprocess.exe Component Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Citrix Provisioning Services. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Citrix provisioning_services 5.6
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Squid Web Proxy, a free Web proxy cache for UNIX systems. Squid Proxy Web Cache 2.5 STABLE6 or 3.0 PRE3 and earlier versions are vulnerable. Attackers can send excessively large NTLM proxy authentication messages to the Squid Web Proxy to overflow the buffer and execute arbitrary code with Proxy privileges (typically a dedicated user). Other proxy servers (including Squid after 2.5 STABLE6 or 3.0 PRE3) support long NTLM without error. You should only use this Attack Object to protect Squid servers 2.5 STABLE5 and earlier, otherwise, this Attack Object will generate considerable non-attack alerts.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Trustix secure_linux 2.0.0
- Trustix secure_linux 2.1.0
- Squid web_proxy_cache 2.5.0 .STABLE6
- Mandriva linux_mandrake 10.0.0 amd64
- Squid web_proxy_cache 3.0.0 PRE2
- Squid web_proxy_cache 3.0.0 PRE3
- Red_hat linux 9.0.0 I386
- Mandriva linux_mandrake 9.2.0 amd64
- Gentoo linux 1.4.0
- Squid web_proxy_cache 2.4.0
- Red_hat fedora Core1
- Mandriva linux_mandrake 9.2.0
- Squid web_proxy_cache 2.5.0 .STABLE1
- Mandriva linux_mandrake 10.0.0
- Trustix secure_enterprise_linux 2.0.0
- Red_hat fedora Core2
- Ubuntu ubuntu_linux 4.1.0 Ia64
- Ubuntu ubuntu_linux 4.1.0 Ia32
- Ubuntu ubuntu_linux 4.1.0 Ppc
- Squid web_proxy_cache 3.0.0 PRE1
- Red_hat linux 7.3.0 I386
- Squid web_proxy_cache 2.0.0 PATCH2
- Squid web_proxy_cache 2.1.0 PATCH2
- Squid web_proxy_cache 2.5.0 .STABLE5
- Squid web_proxy_cache 2.3.0 .STABLE5
- Squid web_proxy_cache 2.4.0 .STABLE7
- Squid web_proxy_cache 2.5.0 .STABLE3
- Squid web_proxy_cache 2.5.0 .STABLE4
APP:UPNP:LIBUPNP-ROOT-DSN-BOF - APP: Portable SDK for UPnP Devices libupnp Root Device Service Name Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects possible attempts to exploit a known vulnerability in the Portable SDK for UPnP Devices libupnp Root Device. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.7
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.6
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.5
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.5
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.4
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.4
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.3
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.7
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.2
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.6
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.1
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.1
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.13
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.0
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.0
- Portable_sdk_for_upnp_project portable_sdk_for_upnp up to 1.6.17
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.12
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.3
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.11
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.2
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.10
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.16
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.15
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.14
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.9
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.8
APP:UPNP:LIBUPNP-UUID-BOF - APP: Portable SDK for UPnP Devices libupnp UUID Service Name Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects possible attempts to exploit a known vulnerability in the Portable SDK for UPnP Devices libupnp UUID. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.7
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.6
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.5
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.5
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.4
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.4
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.3
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.7
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.2
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.6
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.1
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.1
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.13
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.0
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.0
- Portable_sdk_for_upnp_project portable_sdk_for_upnp up to 1.6.17
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.12
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.3
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.11
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.2
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.10
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.16
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.15
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.14
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.9
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.8
APP:UPNP:LIBUPNP-DSN-BOF - APP: Portable SDK for UPnP Devices libupnp Device Service Name Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects possible attempts to exploit a known vulnerability in the Portable SDK for UPnP Devices libupnp Device Service Name. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.7
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.6
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.5
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.5
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.4
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.4
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.3
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.7
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.2
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.6
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.1
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.1
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.13
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.4.0
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.0
- Portable_sdk_for_upnp_project portable_sdk_for_upnp up to 1.6.17
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.12
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.3
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.11
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.2
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.10
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.16
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.15
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.14
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.9
- Portable_sdk_for_upnp_project portable_sdk_for_upnp 1.6.8
APP:HPOV:NNM-DISPLAYWIDTH-BOF - APP: HP OpenView Network Node Manager displayWidth Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the HP OpenView Network Node Manager jovgraph.exe. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.53
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Apple iTunes. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Apple itunes 7.3.2
- Apple itunes 7.4
- Apple itunes 8.0.2.20
- Apple itunes 8.1
- Apple itunes 7.0.2
- Apple itunes 8.0
- Apple itunes 7.3.0
- Apple itunes 7.3.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Sun Java Web Start. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Apple mac_os_x 10.4.7
- Apple mac_os_x_server 10.4.7
- Sun jre_(solaris_reference_release) 1.1.8 007
- Vmware esx_server 3.0.1
- Sun jre_(windows_production_release) 1.4.2 12
- Sun jre_(solaris_reference_release) 1.1.8
- Apple mac_os_x 10.5.4
- Apple mac_os_x_server 10.5.4
- Sun jdk_(reference_release) 1.1.8 008
- Mandriva corporate_server 4.0.0 X86 64
- Sun jdk_(windows_production_release) 1.5.0.0 06
- Suse open-enterprise-server
- Nortel_networks self-service_wvads
- Sun jre_(linux_production_release) 1.3.1 08
- Sun jre_(linux_production_release) 1.3.1 09
- Sun jre_(linux_production_release) 1.4.2 01
- Sun jre_(solaris_production_release) 1.3.1 08
- Sun jre_(solaris_production_release) 1.3.1 09
- Sun jre_(solaris_production_release) 1.4.2 01
- Sun jre_(solaris_production_release) 1.4.2 02
- Sun jre_(windows_production_release) 1.3.1 08
- Sun jre_(windows_production_release) 1.3.1 09
- Sun jre_(windows_production_release) 1.4.2 02
- Mandriva linux_mandrake 2008.0
- Mandriva linux_mandrake 2008.0 X86 64
- Apple mac_os_x 10.4.6
- Apple mac_os_x_server 10.4.6
- Sun sdk_(solaris_production_release) 1.4.2 04
- Apple mac_os_x 10.4.10
- Apple mac_os_x_server 10.4.10
- Mandriva linux_mandrake 2007.1
- Mandriva linux_mandrake 2007.1 X86 64
- Nortel_networks optivity_telephony_manager_tm-cs1000
- Red_hat advanced_workstation_for_the_itanium_processor 2.1.0 IA64
- Suse novell_linux_pos 9
- Sun jre_(windows_production_release) 1.1.8 005
- Sun jre_(windows_production_release) 1.1.7 B 007
- Sun jre_(windows_production_release) 1.1.6 09
- Sun jre_(solaris_reference_release) 1.1.8 005
- Sun jre_(solaris_reference_release) 1.1.7 B 007
- Sun jre_(solaris_reference_release) 1.1.6 009
- Sun jre_(solaris_production_release) 1.1.8 12
- Sun jdk_(linux_production_release) 1.4.2 11
- Mozilla firefox 2.0.0.8
- Mozilla firefox 2.0.0.2
- Sun jre_(windows_production_release) 1.2.2 12
- Mozilla seamonkey 1.1.5
- Sun jdk_(solaris_production_release) 1.5.0 0 03
- Apple mac_os_x 10.4.8
- Apple mac_os_x_server 10.4.8
- Bea_systems jrockit R27.3.1
- Sun jre_(linux_production_release) 1.4.2 03
- Sun jre_(solaris_production_release) 1.4.2 03
- Sun jre_(windows_production_release) 1.4.2 03
- Sun sdk_(linux_production_release) 1.4.2 01
- Sun jre_(linux_production_release) 1.1.7B 07
- Sun jre_(linux_production_release) 1.4.2 04
- Sun jre_(solaris_production_release) 1.4.2 04
- Sun jre_(windows_production_release) 1.4.2 04
- Sun jdk_(windows_production_release) 1.4.2 05
- Sun jdk_(solaris_production_release) 1.4.2 05
- Sun jdk_(reference_release) 1.1.8 003
- Sun sdk_(solaris_production_release) 1.4.2 03
- Sun sdk_(solaris_production_release) 1.4.2
- Sun sdk_(windows_production_release) 1.4.2
- Sun jre_(solaris_production_release) 1.4.2 12
- Sun jre_(linux_production_release) 1.4.2 12
- Sun sdk_(solaris_production_release) 1.2.2 05A
- Sun sdk_(solaris_production_release) 1.2.1
- Sun jdk_(solaris_production_release) 1.1.8 11
- Sun jre_(solaris_production_release) 1.2.2 05A
- Sun jre_(solaris_production_release) 1.2.1
- Sun jre_(solaris_production_release) 1.1.8 10
- Sun jre_(solaris_production_release) 1.1.7 B
- Sun jre_(solaris_production_release) 1.1.6
- Sun sdk_(linux_production_release) 1.2.2 005
- Sun jre_(linux_production_release) 1.2.2 005
- Sun jre_(solaris_reference_release) 1.4.2 12
- Suse opensuse 10.2
- Sun jdk_(linux_production_release) 1.3.1 14
- Apple mac_os_x 10.4.0
- Apple mac_os_x_server 10.4.0
- Sun jdk_(linux_production_release) 1.4.2 10
- Sun jdk_(linux_production_release) 1.4.2 06
- Sun jdk_(linux_production_release) 1.4.1 07
- Sun jre_(linux_production_release) 1.2.2
- Sun jre_(linux_production_release) 1.3.1
- Sun jdk_(linux_production_release) 1.4.1 01
- Sun sdk_(windows_production_release) 1.3.1 11
- Sun jre_(linux_production_release) 1.2.2 004
- Sun jdk_(linux_production_release) 1.3.1 01
- Sun jre_(solaris_production_release) 1.4.2 16
- Suse suse_linux_enterprise_server 9
- Apple mac_os_x_server 10.4.3
- Sun jdk_(solaris_production_release) 1.5.0 0 10
- Apple mac_os_x 10.4.3
- Sun jre_(windows_production_release) 1.3.0 .0 04
- Sun jre_(solaris_production_release) 1.3.1 10
- Sun sdk_(linux_production_release) 1.4.2 16
- Sun sdk_(solaris_production_release) 1.4.2 16
- Sun sdk_(windows_production_release) 1.4.2 16
- Sun sdk_(windows_production_release) 1.3.1 20
- Sun sdk_(linux_production_release) 1.3.1 20
- Sun jre_(linux_production_release) 1.3.1 21
- Sun jre_(solaris_production_release) 1.3.1 21
- Sun jre_(windows_production_release) 1.3.1 21
- Sun sdk_(solaris_production_release) 1.3.1 21
- Sun sdk_(windows_production_release) 1.3.1 21
- Sun jre_(linux_production_release) 1.3.1 21
- Apple mac_os_x 10.5.5
- Apple mac_os_x_server 10.5.5
- Nortel_networks enterprise_network_management_system
- Sun jre_(linux_production_release) 1.5.0 14
- Suse suse_linux_enterprise_desktop 10 SP1
- Suse suse_linux_enterprise_server 10 SP1
- Mozilla firefox 2.0.0.1
- Sun jre_(linux_production_release) 1.3.1 18
- Sun jre_(linux_production_release) 1.5.0 07
- Sun jre_(linux_production_release) 1.3.1 19
- Sun jre_(solaris_production_release) 1.4.1 02
- Sun java_plug-in 1.4.0
- Sun jre_(windows_production_release) 1.4.1 02
- Sun jdk_(linux_production_release) 1.7.0
- Sun jdk_(linux_production_release) 1.4.2 14
- Sun jdk_(linux_production_release) 1.5.0 01
- Sun jdk_(linux_production_release) 1.5.0 02
- Sun jdk_(windows_production_release) 1.4.2 02
- Sun jdk_(reference_release) 1.1.7 B 005
- Sun sdk_(linux_production_release) 1.4.2 15
- Sun sdk_(solaris_production_release) 1.4.2 15
- Sun sdk_(windows_production_release) 1.4.2 15
- Sun jre_(linux_production_release) 1.4.2 06
- Sun jre_(windows_production_release) 1.4.2 06
- Sun jre_(solaris_production_release) 1.4.2 06
- Sun jre_(linux_production_release) 1.4.2 10-B03
- Nortel_networks self-service_mps_500
- Nortel_networks self-service_mps_1000
- Nortel_networks self-service_speech_server
- Vmware virtualcenter_management_server 2
- Sun sdk_(windows_production_release) 1.4.2 03
- Apple mac_os_x 10.5
- Suse core 9
- Sun sdk_(linux_production_release) 1.3.1 21
- Apple mac_os_x 10.4.1
- Apple mac_os_x_server 10.4.1
- Sun jre_(linux_production_release) 1.2.2 12
- Sun jre_(linux_production_release) 1.4.2 02
- Sun java_plug-in 1.4.2 _02
- Sun jre_(linux_production_release) 1.2.2 011
- Sun jdk_(windows_production_release) 1.4.2 09
- Sun jdk_(windows_production_release) 1.5.0 .0 05
- Sun jdk_(linux_production_release) 1.5.0 .0 05
- Sun jdk_(linux_production_release) 1.4.2 09
- Sun jdk_(solaris_production_release) 1.4.2 09
- Sun jdk_(solaris_production_release) 1.5.0 .0 05
- Sun jdk_(linux_production_release) 1.4.2 08
- Sun jdk_(solaris_production_release) 1.4.2 08
- Sun jdk_(windows_production_release) 1.4.2 08
- Sun jre_(windows_production_release) 1.3.1 02
- Sun jre_(linux_production_release) 1.4.2 07
- Sun sdk_(windows_production_release) 1.3.1 02
- Sun jre_(windows_production_release) 1.5.0 11
- Sun jre_(solaris_production_release) 1.3.0 01
- Sun sdk_(linux_production_release) 1.3.1 08
- Sun sdk_(linux_production_release) 1.3.1 09
- Sun sdk_(linux_production_release) 1.3.1 10
- Sun sdk_(linux_production_release) 1.3.1 11
- Sun sdk_(linux_production_release) 1.3.1 12
- Sun sdk_(linux_production_release) 1.3.1 13
- Sun sdk_(linux_production_release) 1.3.1 14
- Sun sdk_(solaris_production_release) 1.3.1 08
- Sun sdk_(solaris_production_release) 1.3.1 09
- Sun sdk_(solaris_production_release) 1.3.1 10
- Sun sdk_(solaris_production_release) 1.3.1 11
- Sun sdk_(solaris_production_release) 1.3.1 12
- Sun sdk_(solaris_production_release) 1.3.1 13
- Sun sdk_(solaris_production_release) 1.3.1 14
- Sun sdk_(windows_production_release) 1.3.1 08
- Sun sdk_(windows_production_release) 1.3.1 09
- Sun sdk_(windows_production_release) 1.3.1 10
- Sun jdk_(solaris_production_release) 1.3.1 14
- Sun sdk_(windows_production_release) 1.3.1 12
- Sun sdk_(windows_production_release) 1.3.1 13
- Sun sdk_(windows_production_release) 1.3.1 14
- Sun jre_(linux_production_release) 1.3.1 10
- Sun jre_(linux_production_release) 1.3.1 11
- Sun jre_(linux_production_release) 1.3.1 13
- Sun jre_(linux_production_release) 1.3.1 14
- Sun jre_(solaris_production_release) 1.3.1 11
- Sun jre_(solaris_production_release) 1.3.1 12
- Sun jre_(solaris_production_release) 1.3.1 13
- Sun jre_(solaris_production_release) 1.3.1 14
- Sun jre_(windows_production_release) 1.3.1 10
- Sun jre_(windows_production_release) 1.3.1 11
- Sun jre_(windows_production_release) 1.3.1 12
- Sun jre_(windows_production_release) 1.3.1 13
- Sun jre_(windows_production_release) 1.3.1 14
- Sun jre_(linux_production_release) 1.3.1 12
- Apple mac_os_x 10.4.9
- Sun jre_(linux_production_release) 1.2.2 015
- Sun jre_(solaris_reference_release) 1.2.2 015
- Sun jdk_(solaris_production_release) 1.1.8 13
- Sun jre_(solaris_production_release) 1.3.0 03
- Sun jdk_(solaris_production_release) 1.1.8
- Sun jre_(solaris_production_release) 1.4.0 .0 04
- Sun jre_(linux_production_release) 1.4.0 .0 04
- Sun jre_(linux_production_release) 1.6.0
- Sun jre_(linux_production_release) 1.6.0 10
- Sun sdk_(solaris_production_release) 1.3.0 02
- Sun sdk_(solaris_reference_release) 1.2.2 _010
- Nortel_networks self-service
- Sun jdk_(solaris_reference_release) 1.1.8 007
- Sun sdk_(solaris_production_release) 1.2.2 12
- Sun jre_(linux_production_release) 1.4.2 15
- Sun jre_(windows_production_release) 1.4.2 15
- Sun jre_(solaris_production_release) 1.4.2 15
- Sun sdk_(windows_production_release) 1.4.0
- Sun sdk_(linux_production_release) 1.2.2 12
- Sun jre_(windows_production_release) 1.4.0
- Sun sdk_(windows_production_release) 1.1.8 007
- Red_hat fedora 8
- Sun jdk_(solaris_production_release) 1.6.0 01
- Sun jre_(solaris_production_release) 1.4.0
- Sun jre_(windows_production_release) 1.3.1 18
- Sun jre_(windows_production_release) 1.3.1 19
- Mozilla firefox 2.0
- Sun jre_(solaris_production_release) 1.3.1 19
- Sun jre_(solaris_production_release) 1.5.0 10
- Sun jre_(solaris_production_release) 1.2.2 11
- Sun sdk_(linux_production_release) 1.4.2 09
- Sun sdk_(linux_production_release) 1.4.2 10
- Sun sdk_(linux_production_release) 1.4.2 11
- Sun sdk_(linux_production_release) 1.4.2 12
- Sun sdk_(linux_production_release) 1.4.2 13
- Sun sdk_(linux_production_release) 1.4.2 14
- Sun sdk_(solaris_production_release) 1.4.2 09
- Sun sdk_(solaris_production_release) 1.4.2 10
- Sun sdk_(solaris_production_release) 1.4.2 11
- Sun sdk_(solaris_production_release) 1.4.2 12
- Sun sdk_(solaris_production_release) 1.4.2 13
- Sun sdk_(solaris_production_release) 1.4.2 14
- Sun sdk_(windows_production_release) 1.4.2 09
- Sun sdk_(windows_production_release) 1.4.2 10
- Sun sdk_(windows_production_release) 1.4.2 11
- Sun sdk_(windows_production_release) 1.4.2 12
- Sun sdk_(windows_production_release) 1.4.2 13
- Sun sdk_(windows_production_release) 1.4.2 14
- Sun jre_(windows_production_release) 1.4.2 07
- Sun jre_(windows_production_release) 1.4.2 08
- Sun jre_(windows_production_release) 1.4.2 09
- Sun jre_(windows_production_release) 1.4.2 10
- Sun jre_(windows_production_release) 1.4.2 11
- Sun jre_(windows_production_release) 1.4.2 13
- Sun jre_(windows_production_release) 1.4.2 14
- Sun jre_(solaris_production_release) 1.4.2 07
- Sun jre_(solaris_production_release) 1.4.2 08
- Sun jre_(solaris_production_release) 1.4.2 09
- Sun jre_(solaris_production_release) 1.4.2 10
- Sun jre_(solaris_production_release) 1.4.2 11
- Sun jre_(solaris_production_release) 1.4.2 13
- Sun jre_(solaris_production_release) 1.4.2 14
- Sun jre_(linux_production_release) 1.4.2 10
- Sun jre_(linux_production_release) 1.4.2 11
- Sun jre_(linux_production_release) 1.4.2 13
- Sun jre_(linux_production_release) 1.4.2 14
- Sun jre_(linux_production_release) 1.3.1 04
- Sun sdk_(windows_production_release) 1.3.0 .0 02
- Sun jre_(windows_production_release) 1.3.0 .0 02
- Sun sdk_(windows_production_release) 1.2.2 007
- Sun jre_(windows_production_release) 1.2.2 007
- Sun jre_(windows_production_release) 1.2.1
- Sun sdk_(windows_production_release) 1.2.1
- Sun sdk_(windows_production_release) 1.2.0
- Sun jre_(windows_production_release) 1.2.0
- Sun sdk_(windows_release_version) 1.2.2 _007
- Sun jre_(solaris_reference_release) 1.2.2 007
- Sun sdk_(solaris_reference_release) 1.2.2 _007
- Sun jre_(solaris_reference_release) 1.2.1
- Sun sdk_(solaris_reference_release) 1.2.1
- Sun jre_(solaris_reference_release) 1.2.0
- Sun sdk_(solaris_reference_release) 1.2.0
- Sun jre_(solaris_production_release) 1.3.0 .0 02
- Sun sdk_(solaris_production_release) 1.3.0 .0 02
- Sun jre_(solaris_production_release) 1.2.2 07
- Sun sdk_(solaris_production_release) 1.2.2 07
- Sun jre_(solaris_production_release) 1.2.0
- Sun sdk_(solaris_production_release) 1.2.0
- Sun jre_(linux_production_release) 1.3.0 .0 03
- Sun sdk_(linux_production_release) 1.3.0 .0 02
- Sun jre_(linux_production_release) 1.2.2 007
- Sun jdk_(linux_production_release) 1.5.0 06
- Sun jdk_(solaris_production_release) 1.5.0 06
- Sun jre_(solaris_production_release) 1.5.0
- Sun jre_(linux_production_release) 1.5.0
- Sun jre_(windows_production_release) 1.5.0
- Sun jre_(windows_production_release) 1.5.0 06
- Sun jre_(solaris_production_release) 1.5.0 06
- Sun jre_(linux_production_release) 1.5.0 06
- Sun jre_(linux_production_release) 1.5.0 03
- Sun jre_(linux_production_release) 1.5.0 04
- Sun jre_(linux_production_release) 1.4.2 09
- Sun jre_(linux_production_release) 1.3.1 16
- Sun jre_(linux_production_release) 1.3.1 17
- Apple mac_os_x 10.4.11
- Apple mac_os_x_server 10.4.11
- Sun jre_(linux_production_release) 1.2.2 010
- Sun jre_(linux_production_release) 1.4.1 03
- Sun jre_(solaris_production_release) 1.4.1 03
- Sun jre_(windows_production_release) 1.4.1 03
- Sun sdk_(windows_production_release) 1.4.1 03
- Sun sdk_(solaris_production_release) 1.4.1 03
- Sun sdk_(linux_production_release) 1.4.1 03
- Apple mac_os_x 10.5.1
- Apple mac_os_x_server 10.5
- Apple mac_os_x_server 10.5.1
- Sun jre_(solaris_production_release) 1.5.0 05
- Sun jdk_(solaris_reference_release) 1.1.8 002
- Nortel_networks self-service_peri_application
- Mozilla firefox 2.0.0.9
- Nortel_networks contact_center-cct
- Sun jdk_(linux_production_release) 1.2.0
- Nortel_networks self-service_ccxml
- Nortel_networks self_service_voicexml
- Suse linux 10.1 X86
- Suse linux 10.1 X86-64
- Suse linux 10.1 Ppc
- Mozilla firefox 2.0.0.5
- Sun jdk_(windows_production_release) 1.2.2 006
- Sun jre_(windows_production_release) 1.3.1 05
- Sun jre_(solaris_production_release) 1.3.1 20
- Avaya interactive_response 2.0
- Sun sdk_(linux_production_release) 1.2.2 007
- Sun jre_(solaris_production_release) 1.4.1
- Mozilla firefox 2.0.0.7
- Sun sdk_(solaris_production_release) 1.4.0 .0 03
- Sun jdk_(linux_production_release) 1.5.0
- Apple mac_os_x 10.5.3
- Apple mac_os_x_server 10.5.3
- Red_hat fedora 7
- Sun jre_(linux_production_release) 1.5.0 01
- Sun jre_(linux_production_release) 1.5.0 02
- Sun jre_(linux_production_release) 1.5.0 05
- Mozilla seamonkey 1.1.3
- Sun sdk_(linux_production_release) 1.3.1 05
- Apple mac_os_x 10.4.4
- Apple mac_os_x_server 10.4.4
- Apple mac_os_x 10.4.5
- Apple mac_os_x_server 10.4.5
- Sun jre_(windows_production_release) 1.4.1 07
- Sun jre_(linux_production_release) 1.4.2 08
- Sun jre_(linux_production_release) 1.5.0 .0 Beta
- Sun jre_(linux_production_release) 1.6.0 04
- Sun jdk_(linux_production_release) 1.6.0 04
- Sun jdk_(linux_production_release) 1.6.0
- Sun jre_(solaris_production_release) 1.2.2 014
- Sun jdk_(windows_production_release) 1.5.0 11-B03
- Sun jre_(windows_production_release) 1.4.1 01
- Sun jdk_(windows_production_release) 1.5.0.0 12
- Sun jdk_(linux_production_release) 1.5.0.0 12
- Sun jdk_(solaris_production_release) 1.6.0 02
- Avaya interactive_response 3.0
- Sun jdk_(linux_production_release) 1.4.1
- Sun jdk_(linux_production_release) 1.4.2
- Sun jdk_(linux_production_release) 1.3.1 17
- Sun jdk_(linux_production_release) 1.3.1 18
- Mozilla seamonkey 1.1.1
- Sun jdk_(linux_production_release) 1.5.0.0 03
- Sun jre_(solaris_production_release) 1.3.0 04
- Sun jdk_(solaris_production_release) 1.5.0 .0 03
- Sun jdk_(windows_production_release) 1.5.0 .0 03
- Sun jdk_(windows_production_release) 1.5.0 .0 04
- Sun jdk_(linux_production_release) 1.5.0.0 04
- Sun jdk_(solaris_production_release) 1.5.0 .0 04
- Sun jre_(solaris_production_release) 1.3.1
- Sun jre_(linux_production_release) 1.3.1 15
- Sun sdk_(windows_production_release) 1.3.1 15
- Sun sdk_(linux_production_release) 1.3.1 15
- Sun sdk_(solaris_production_release) 1.3.1 15
- Sun sdk_(solaris_production_release) 1.4.2 08
- Sun sdk_(linux_production_release) 1.4.2 08
- Sun sdk_(windows_production_release) 1.4.2 08
- Sun jdk_(windows_production_release) 1.5.0 07-B03
- Sun jre_(linux_production_release) 1.3.1 01A
- Sun jdk_(windows_production_release) 1.6.0 01-B06
- Mozilla firefox 2.0.0.10
- Sun jdk_(solaris_production_release) 1.5.0 0 09
- Mozilla seamonkey 1.1.6
- Sun jre_(linux_production_release) 1.4.1 01
- Sun jre_(solaris_production_release) 1.4.0 .0 03
- Sun jdk_(linux_production_release) 1.5.0 07-B03
- Sun jdk_(linux_production_release) 1.5.0 11-B03
- Sun jdk_(linux_production_release) 1.6.0 01-B06
- Gentoo linux
- Sun jdk_(linux_production_release) 1.5.0 0 10
- Vmware esx_server 3.0.2
- Sun jdk_(windows_production_release) 1.5.0 0 10
- Sun jre_(linux_production_release) 1.4.2
- Sun jre_(solaris_production_release) 1.4.2
- Sun jre_(windows_production_release) 1.4.2
- Sun jre_(windows_production_release) 1.4.0 .0 01
- Sun jre_(windows_production_release) 1.3.1 01
- Sun jre_(windows_production_release) 1.3.1 04
- Mozilla firefox 2.0.0.6
- Sun sdk_(windows_production_release) 1.4.0 .0 01
- Sun sdk_(windows_production_release) 1.3.1 04
- Sun sdk_(solaris_reference_release) 1.2.2 _012
- Sun jre_(solaris_reference_release) 1.2.2 012
- Sun jre_(solaris_production_release) 1.4.0 .0 01
- Sun jre_(solaris_production_release) 1.3.1 04
- Sun jre_(solaris_production_release) 1.2.2 012
- Sun sdk_(linux_production_release) 1.3.0 05
- Sun jre_(linux_production_release) 1.2.2 006
- Mozilla seamonkey 1.1.4
- Sun jdk_(windows_production_release) 1.6.0 02
- Suse suse_linux_enterprise_server 10 SP2
- Sun jre_(windows_production_release) 1.5.0.0 07
- Sun jre_(solaris_production_release) 1.5.0.0 07
- Sun jdk_(windows_production_release) 1.5.0.0 08
- Sun jdk_(linux_production_release) 1.5.0.0 08
- Sun jre_(windows_production_release) 1.5.0.0 08
- Sun jre_(solaris_production_release) 1.5.0.0 08
- Sun jdk_(windows_production_release) 1.5.0.0 09
- Sun jdk_(linux_production_release) 1.5.0.0 09
- Sun jre_(windows_production_release) 1.5.0.0 09
- Sun jre_(solaris_production_release) 1.5.0.0 09
- Sun jre_(solaris_production_release) 1.5.0 14
- Sun jre_(solaris_production_release) 1.6.0 2
- Sun jre_(linux_production_release) 1.4.1 02
- Sun jre_(windows_production_release) 1.6.0 2
- Sun jre_(windows_production_release) 1.5.0 14
- Sun jre_(linux_production_release) 1.3.1 07
- Sun jre_(solaris_production_release) 1.3.1 07
- Sun jre_(windows_production_release) 1.3.1 07
- Sun sdk_(linux_production_release) 1.3.1 07
- Sun sdk_(solaris_production_release) 1.3.1 07
- Sun sdk_(windows_production_release) 1.3.1 07
- Sun sdk_(linux_production_release) 1.4.1 02
- Sun sdk_(solaris_production_release) 1.4.1 02
- Sun sdk_(windows_production_release) 1.4.1 02
- Sun jre_(linux_production_release) 1.3.0 .0 02
- Sun jre_(windows_production_release) 1.4.2 05
- Sun jre_(linux_production_release) 1.4.2 05
- Sun jre_(linux_production_release) 1.3.0 .0 01
- Sun jre_(windows_production_release) 1.3.0
- Sun jre_(windows_production_release) 1.2.2 010
- Sun jre_(windows_production_release) 1.1.8 007
- Sun jre_(windows_production_release) 1.1.8
- Sun jre_(windows_production_release) 1.2.2
- Sun jre_(linux_production_release) 1.3.0 .0 04
- Sun jdk_(linux_production_release) 1.5.0 07
- Sun jre_(linux_production_release) 1.2.2 003
- Sun jre_(linux_production_release) 1.3.0 .0
- Sun jre_(windows_production_release) 1.3.1 20
- Sun jre_(solaris_production_release) 1.5.0 11
- Sun jre_(solaris_production_release) 1.1.8 13
- Sun jre_(solaris_production_release) 1.1.8
- Sun jre_(solaris_production_release) 1.2.2 010
- Sun jre_(solaris_production_release) 1.2.2
- Sun sdk_(solaris_production_release) 1.3.1 02
- Sun jre_(solaris_production_release) 1.3.1 02
- Sun jre_(linux_production_release) 1.3.1 02
- Sun sdk_(linux_production_release) 1.3.1 02
- Apple mac_os_x_server 10.4.9
- Sun sdk_(linux_production_release) 1.2.2 010
- Sun jre_(windows_production_release) 1.2.2 015
- Sun jre_(windows_production_release) 1.4.0 .0 04
- Sun sdk_(solaris_production_release) 1.2.2 10
- Sun sdk_(solaris_production_release) 1.2.2
- Sun sdk_(solaris_production_release) 1.3.0
- Mozilla firefox 2.0.0.12
- Sun jdk_(reference_release) 1.1.8 009
- Sun jdk_(solaris_production_release) 1.1.8 15
- Sun jdk_(solaris_reference_release) 1.1.8
- Sun jre_(solaris_production_release) 1.3.1 17
- Sun jre_(windows_production_release) 1.3.1 16
- Sun sdk_(linux_production_release) 1.4.0 .0 4
- Sun jdk_(windows_production_release) 1.1.8 007
- Sun sdk_(windows_production_release) 1.4.0 .0 4
- Sun sdk_(windows_production_release) 1.2.2 015
- Sun sdk_(solaris_reference_release) 1.2.2 _015
- Sun sdk_(linux_production_release) 1.2.2 015
- Sun jre_(windows_production_release) 1.5.0 10
- Sun jre_(windows_production_release) 1.3.0 01
- Sun jre_(solaris_production_release) 1.3.1 01A
- Sun sdk_(solaris_production_release) 1.2.2 11
- Sun jre_(solaris_production_release) 1.5.0 01
- Sun jre_(windows_production_release) 1.5.0 01
- Sun jre_(solaris_production_release) 1.5.0 02
- Sun jre_(windows_production_release) 1.5.0 02
- Sun jre_(solaris_production_release) 1.5.0 03
- Sun jre_(windows_production_release) 1.5.0 03
- Sun jre_(solaris_production_release) 1.5.0 04
- Sun jre_(windows_production_release) 1.5.0 04
- Sun jdk_(windows_production_release) 1.2.2 004
- Sun jdk_(solaris_reference_release) 1.2.2 004
- Sun jdk_(windows_production_release) 1.2.1 003
- Sun jdk_(solaris_reference_release) 1.2.1 003
- Sun jdk_(windows_production_release) 1.1.8 002
- Sun jre_(windows_production_release) 1.5.0 05
- Sun jdk_(windows_production_release) 1.1.7 B 005
- Sun jdk_(solaris_reference_release) 1.1.7 B 005
- Sun jdk_(windows_production_release) 1.1.6 007
- Sun jdk_(solaris_reference_release) 1.1.6 007
- Sun jdk_(solaris_production_release) 1.2.2 05
- Sun jdk_(solaris_production_release) 1.2.1
- Sun jdk_(solaris_production_release) 1.1.8 10
- Sun jdk_(solaris_production_release) 1.1.7 B
- Sun jdk_(solaris_production_release) 1.1.6
- Sun jdk_(linux_production_release) 1.2.2 05
- Red_hat enterprise_linux_supplementary 5 Server
- Sun jdk_(windows_production_release) 1.2.1 004
- Sun jdk_(windows_production_release) 1.1.8 005
- Sun jdk_(windows_production_release) 1.1.7 B 007
- Sun jdk_(windows_production_release) 1.1.6 009
- Sun jdk_(solaris_reference_release) 1.2.2 006
- Sun jdk_(solaris_reference_release) 1.2.1 004
- Sun jdk_(solaris_reference_release) 1.1.8 005
- Sun jdk_(solaris_reference_release) 1.1.7 B 007
- Sun jdk_(solaris_reference_release) 1.1.6 009
- Sun jdk_(solaris_production_release) 1.2.2 06
- Sun jdk_(solaris_production_release) 1.1.8 12
- Sun jdk_(linux_production_release) 1.2.2 06
- Sun java_plug-in 1.3.1
- Sun java_plug-in 1.3.0 _02
- Apple mac_os_x 10.5.2
- Apple mac_os_x_server 10.5.2
- Mozilla seamonkey 1.1.7
- Red_hat red_hat_network_satellite_(for_rhel_4) 5.1
- Sun jre_(linux_production_release) 1.2.1 04
- Rpath rpath_linux 1
- Suse opensuse 10.3
- Sun jre_(windows_production_release) 1.1.8 009
- Sun jdk_(linux_production_release) 1.1.8 09
- Sun jdk_(solaris_reference_release) 1.1.8 099
- Sun jdk_(solaris_production_release) 1.1.8 009
- Sun jdk_(windows_production_release) 1.1.8 009
- Sun jre_(linux_production_release) 1.3.1 03
- Sun jre_(solaris_production_release) 1.1.8 009
- Sun jre_(solaris_reference_release) 1.2.2 011
- Sun jre_(solaris_production_release) 1.2.2 011
- Sun jre_(solaris_production_release) 1.3.1 03
- Sun jre_(solaris_reference_release) 1.1.8 099
- Sun jre_(windows_production_release) 1.2.2 011
- Sun jre_(windows_production_release) 1.3.1 03
- Sun sdk_(linux_production_release) 1.2.2 011
- Sun sdk_(linux_production_release) 1.3.1 03
- Sun sdk_(solaris_reference_release) 1.2.2 _011
- Sun sdk_(windows_production_release) 1.2.2 011
- Sun sdk_(windows_production_release) 1.3.1 03
- Sun sdk_(solaris_production_release) 1.3.1 03
- Sun sdk_(solaris_production_release) 1.2.2 011
- Sun jre_(windows_production_release) 1.6.0 02
- Gentoo dev-java/ibm-jdk-bin 1.5.0.6
- Sun sdk_(linux_production_release) 1.4.2 02
- Sun sdk_(linux_production_release) 1.3.1 06
- Sun sdk_(solaris_production_release) 1.4.0 .0 4
- Mozilla firefox 2.0.0.11
- Sun jre_(solaris_production_release) 1.3.1 15
- Sun sdk_(solaris_production_release) 1.3.1 20
- Sun jre_(windows_production_release) 1.3.1 15
- Suse suse_linux_enterprise_sdk 10.SP1
- Sun java_plug-in 1.4.2 _01
- Mozilla firefox 2.0.0.3
- Nortel_networks enterprise_voip TM-CS1000
- Sun jdk_(linux_production_release) 1.1.0
- Sun jdk_(linux_production_release) 1.6.0 02
- Nortel_networks self-service-web_centric CCXML
- Sun jre_(linux_production_release) 1.6.0 01
- Sun jre_(linux_production_release) 1.6.0 02
- Sun jre_(solaris_production_release) 1.6.0 01
- Sun jre_(solaris_production_release) 1.6.0 02
- Sun jre_(windows_production_release) 1.6.0 01
- Mozilla firefox 2.0.0.4
- Sun jdk_(windows_production_release) 1.4.2 10
- Sun jdk_(windows_production_release) 1.4.2 11
- Sun jre_(linux_production_release) 1.4.2 16
- Mozilla seamonkey 1.1.2
- Sun jre_(windows_production_release) 1.4.2 16
- Sun jdk_(windows_production_release) 1.5.0 12
- Sun jdk_(windows_production_release) 1.5.0 13
- Sun jdk_(solaris_production_release) 1.5.0 11
- Sun jdk_(solaris_production_release) 1.5.0 12
- Sun jre_(solaris_production_release) 1.3.1 16
- Sun jdk_(linux_production_release) 1.5.0 13
- Sun jre_(linux_production_release) 1.5.0 12
- Sun jre_(linux_production_release) 1.5.0 13
- Sun jre_(solaris_production_release) 1.5.0 12
- Sun jre_(solaris_production_release) 1.5.0 13
- Sun jre_(windows_production_release) 1.5.0 12
- Sun jre_(windows_production_release) 1.5.0 13
- Sun jdk_(solaris_production_release) 1.6.0 03
- Sun jdk_(linux_production_release) 1.6.0 03
- Suse novell_linux_desktop 9.0.0
- Sun jdk_(windows_production_release) 1.6.0 03
- Sun jre_(linux_production_release) 1.6.0 03
- Sun jre_(solaris_production_release) 1.6.0 03
- Sun jre_(windows_production_release) 1.6.0 03
- Sun jdk_(reference_release) 1.1.6 007
- Sun jre_(solaris_production_release) 1.4.2 05
- Sun sdk_(solaris_production_release) 1.4.2 05
- Sun sdk_(linux_production_release) 1.4.2 05
- Sun sdk_(windows_production_release) 1.4.2 05
- Sun jre_(windows_production_release) 1.3.1 01A
- Sun sdk_(windows_production_release) 1.3.1 01A
- Sun sdk_(windows_production_release) 1.3.0 .0 05
- Sun jre_(windows_production_release) 1.3.0 .0 05
- Sun jre_(windows_production_release) 1.1.8 008
- Sun jdk_(windows_production_release) 1.1.8 008
- Sun jdk_(solaris_reference_release) 1.1.8 008
- Sun jre_(solaris_reference_release) 1.1.8 008
- Sun jre_(solaris_production_release) 1.3.1 01
- Sun sdk_(solaris_production_release) 1.3.1 01
- Sun sdk_(solaris_production_release) 1.3.0 05
- Sun jre_(solaris_production_release) 1.3.0 .0 05
- Sun jre_(solaris_production_release) 1.1.8 14
- Sun jdk_(solaris_production_release) 1.1.8 14
- Sun sdk_(linux_production_release) 1.3.1 01
- Sun jre_(linux_production_release) 1.3.1 01
- Sun jre_(linux_production_release) 1.3.0 .0 05
- Mandriva corporate_server 4.0
- Sun sdk_(windows_production_release) 1.2.2 010
- Sun sdk_(windows_production_release) 1.2.2 012
- Sun jre_(linux_production_release) 1.4.0
- Sun sdk_(linux_production_release) 1.4.0
- Red_hat enterprise_linux_desktop_supplementary 5 Client
- Mandriva corporate_server 3.0.0
- Sun sdk_(solaris_production_release) 1.4.0
- Sun jre_(solaris_production_release) 1.3.0
- Sun jre_(linux_production_release) 1.5.0 08
- Sun jre_(linux_production_release) 1.5.0 09
- Sun jre_(linux_production_release) 1.5.0 10
- Sun jdk_(linux_production_release) 1.5.0.0 11
- Sun jdk_(windows_production_release) 1.5.0.0 11
- Sun jre_(linux_production_release) 1.5.0 11
- Sun sdk_(solaris_production_release) 1.3.1 20
- Sun jdk_(windows_production_release) 1.6.0 01
- Sun jdk_(linux_production_release) 1.6.0 01
- Sun jre_(linux_production_release) 1.3.1 20
- Sun jdk_(linux_production_release) 1.3.1 20
- Sun jdk_(windows_production_release) 1.3.1 20
- Sun jre_(windows_production_release) 1.3.1 17
- Sun sdk_(windows_production_release) 1.4.1
- Sun jre_(windows_production_release) 1.4.1
- Sun jre_(windows_production_release) 1.4.0 .0 02
- Sun sdk_(windows_production_release) 1.4.0 .0 02
- Sun sdk_(windows_production_release) 1.3.1 05
- Sun jre_(windows_production_release) 1.4.2 01
- Sun jre_(windows_production_release) 1.2.2 013
- Sun sdk_(windows_production_release) 1.2.2 013
- Sun sdk_(solaris_reference_release) 1.2.2 _013
- Sun jre_(solaris_reference_release) 1.2.2 013
- Sun jre_(solaris_production_release) 1.3.1 18
- Sun sdk_(solaris_production_release) 1.4.1
- Sun sdk_(solaris_production_release) 1.4.0 .0 02
- Sun jre_(solaris_production_release) 1.4.0 .0 02
- Sun jre_(solaris_production_release) 1.3.1 05
- Sun sdk_(solaris_production_release) 1.3.1 05
- Sun sdk_(solaris_production_release) 1.2.2 13
- Sun jre_(solaris_production_release) 1.2.2 013
- Sun jre_(linux_production_release) 1.2.2 013
- Sun sdk_(linux_production_release) 1.2.2 13
- Sun sdk_(solaris_production_release) 1.2.2 07A
- Sun jre_(linux_production_release) 1.3.1 05
- Sun jre_(linux_production_release) 1.4.0 .0 02
- Sun sdk_(linux_production_release) 1.4.0 .0 02
- Sun sdk_(linux_production_release) 1.4.1
- Sun jre_(linux_production_release) 1.4.1
- Vmware esx_server 3.5
- Sun sdk_(windows_production_release) 1.4.1 01
- Sun sdk_(windows_production_release) 1.4.0 .0 03
- Sun jre_(windows_production_release) 1.4.0 .0 03
- Sun jre_(windows_production_release) 1.3.1 06
- Sun sdk_(windows_production_release) 1.3.1 06
- Sun sdk_(windows_production_release) 1.2.2 014
- Sun jre_(windows_production_release) 1.2.2 014
- Sun jre_(solaris_reference_release) 1.2.2 014
- Sun sdk_(solaris_reference_release) 1.2.2 _014
- Sun sdk_(solaris_production_release) 1.4.1 01
- Sun jre_(solaris_production_release) 1.4.1 01
- Red_hat enterprise_linux_extras 3
- Red_hat enterprise_linux_extras 4
- Sun sdk_(solaris_production_release) 1.3.1 06
- Sun jre_(solaris_production_release) 1.3.1 06
- Sun jre_(linux_production_release) 1.1.8 06
- Sun sdk_(solaris_production_release) 1.2.2 14
- Sun sdk_(linux_production_release) 1.4.1 01
- Mozilla seamonkey 1.1.8
- Sun jre_(linux_production_release) 1.4.0 .0 03
- Sun sdk_(linux_production_release) 1.4.0 .0 03
- Sun sdk_(linux_production_release) 1.4.2 03
- Sun jre_(linux_production_release) 1.3.1 06
- Sun jre_(linux_production_release) 1.2.2 014
- Sun sdk_(linux_production_release) 1.2.2 014
- Sun jre_(linux_production_release) 1.1.6 09
- Apple mac_os_x 10.4.2
- Apple mac_os_x_server 10.4.2
- Sun sdk_(windows_production_release) 1.4.2 04
- Sun jdk_(solaris_production_release) 1.5.0 13
- Sun sdk_(linux_production_release) 1.4.2 04
- Bea_systems jrockit R27.5.0
- Sun jdk_(linux_production_release) 1.4.2 05
- Gentoo dev-java/ibm-jdk-bin 1.4.2.10
- Gentoo dev-java/ibm-jre-bin 1.4.2.10
- Gentoo dev-java/ibm-jre-bin 1.5.0.6
- Sun jre_(solaris_reference_release) 1.2.2 010
- Mandriva corporate_server 3.0.0 X86 64
- Sun jre_(solaris_reference_release) 1.2.2
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against MS-RPC Message Queue request. By sending overlong free-form string queue requests, which can cause invalid client replies, an attacker can cause a buffer overflow and compromise the affected system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_xp_professional
- Microsoft windows_98 A
- Microsoft windows_98 B
- Microsoft windows_98se
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_server SP3
- Microsoft windows_2000_advanced_server SP3
- Microsoft windows_xp_home
- Microsoft windows_2000_datacenter_server SP3
- Microsoft windows_xp_64-bit_edition SP1
- Microsoft windows_xp_embedded SP1
- Microsoft windows_2000_datacenter_server SP1
- Microsoft windows_2000_datacenter_server
- Microsoft windows_2000_professional
- Microsoft windows_2000_server
- Microsoft windows_2000_professional SP1
- Microsoft windows_2000_advanced_server SP1
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_server SP4
- Microsoft windows_xp_64-bit_edition_version_2003
- Microsoft windows_xp_media_center_edition
- Microsoft windows_xp_tablet_pc_edition
- Microsoft windows_2000_server SP1
- Microsoft windows_2000_advanced_server
- Microsoft windows_98 SP1
- Microsoft windows_xp_64-bit_edition
- Microsoft windows_xp_embedded
- Microsoft windows_98 J
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_professional SP1
- Microsoft windows_2000_advanced_server SP2
- Microsoft windows_2000_datacenter_server SP2
- Microsoft windows_2000_professional SP2
- Microsoft windows_2000_server SP2
- Microsoft windows_98
- Microsoft windows_xp_64-bit_edition_version_2003 SP1
- Microsoft windows_xp_tablet_pc_edition SP1
- Microsoft windows_xp_media_center_edition SP1
HTTP:STC:DL:QT-TEXML-BOF - HTTP: Apple QuickTime TeXML Parsing Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Apple QuickTime TeXML parsing. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Apple quicktime_player 7.6.6
- Apple quicktime_player 7.6.9
- Apple quicktime_player 7.6.8
- Apple quicktime_player 7.5.5
- Apple quicktime_player 7.4
- Apple quicktime_player 7.7.1
- Apple quicktime_player 7.6.5
- Apple quicktime_player 7.5
- Apple quicktime_player 7.6.4
- Apple quicktime_player 7.4.1
- Apple quicktime_player 7.7
- Apple quicktime_player 7.4.5
- Apple quicktime_player 7.64.17.73
- Apple quicktime_player 7.6.7
- Apple quicktime_player 7.6.6 (1671)
- Apple quicktime_player 7.6.2
- Apple quicktime_player 7.6.1
- Apple quicktime_player 7.6
HTTP:MISC:WAVELINK-HDR-PARSE-BO - HTTP: Wavelink Emulation License Server HTTP Header Processing Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Wavelink Terminal Emulation. A successful exploit can lead to buffer overflow and remote code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Wavelink terminal_emulation -
APP:HPOV:OVDLL-OVBUILDPATH-BOF - APP: HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
Severity: HIGH
Description:
This signature detects possible attempts to exploit a known vulnerability in the HPOV Network Node Manager ov.dll _OVBuildPath. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.53
SMB:NETBIOS:CVE-2017-0004-MC - SMB: Microsoft Windows CVE-2017-0004 Memory Corruption
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_7 -
- Microsoft windows_vista -
- Microsoft windows_server_2008 -
- Microsoft windows_server_2008 r2
Severity: HIGH
Description:
This signature detects overly long commands sent to an FTP server (greater than 1024 bytes). Such activity could be an indication of an exploit attempt.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Slackware linux 12.1
- Debian linux 5.0 Ia-32
- Debian linux 5.0 Ia-64
- Slackware linux X86 64 -Current
- Debian linux 5.0 Mips
- Debian linux 5.0 Mipsel
- Debian linux 5.0 Powerpc
- Debian linux 5.0 S/390
- Debian linux 5.0 Sparc
- Debian linux 5.0 M68k
- Red_hat fedora 14
- Mandriva corporate_server 4.0.0 X86 64
- Proftpd_project proftpd 1.3.3
- Mandriva enterprise_server 5 X86 64
- Mandriva enterprise_server 5
- Mandriva linux_mandrake 2009.0
- Mandriva linux_mandrake 2009.0 X86 64
- Mandriva linux_mandrake 2009.1 X86 64
- Mandriva linux_mandrake 2010.1 X86 64
- Mandriva linux_mandrake 2010.1
- Mandriva corporate_server 4.0
- Slackware linux 11.0
- Slackware linux 12.0
- Mandriva linux_mandrake 2010.0
- Slackware linux -Current
- Slackware linux 13.1
- Slackware linux 13.1 X86 64
- Debian linux 5.0 Hppa
- Slackware linux 12.2
- Mandriva linux_mandrake 2009.1
- Red_hat fedora 12
- Mandriva linux_mandrake 2010.0 X86 64
- Slackware linux 13.0
- Slackware linux 13.0 X86 64
- Red_hat fedora 13
- Debian linux 5.0 Armel
- Debian linux 5.0
- Debian linux 5.0 Alpha
- Debian linux 5.0 Amd64
- Debian linux 5.0 Arm
HTTP:STC:DL:MAL-PLF - HTTP: Malformed Play List File (PLF)
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in DVD X Player and Aviosoft DTV Player. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Dvd_x_studios dvd_x_players 4.1
- Dvd_x_studios dvd_x_players 5.5
HTTP:MAL-CNC-SRVREQ - HTTP: Malware Command and Control Communication Request Detected
Severity: HIGH
Description:
This signature detects an attempt to exploit a compromised host for malicious C&C communications. Successful exploitation could allow an attacker to gain access to sensitive information which could lead to further attacks.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against RSA Authentication Agent for Web Redirect. Attackers can send malicious data that can cause a buffer overflow leading to arbitrary remote code execution within the context of the Agent service.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Rsa_security rsa_authentication_agent_for_web 5.2.0
- Rsa_security rsa_authentication_agent_for_web 5.3.0
- Rsa_security rsa_authentication_agent_for_web 5.0.0
HTTP:STC:DL:MAL-MIC-BICLRUSED - HTTP: Windows Graphics Rendering Engine MIC File Malformed biClrUsed Parameter
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft's Graphics Rendering Engine. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_xp_professional
- Microsoft windows_2000_professional SP3
- Microsoft windows_vista SP1
- Microsoft windows_xp_64-bit_edition SP1
- Microsoft windows_vista Home Premium SP2
- Microsoft windows_vista SP2
- Microsoft windows_vista_ultimate_64-bit_edition SP2
- Microsoft windows_vista Ultimate SP2
- Avaya communication_server_1000_telephony_manager 3.0
- Avaya communication_server_1000_telephony_manager 4.0
- Avaya messaging_application_server 5.2
- Avaya aura_conferencing 6.0.0 Standard
- Microsoft windows_server_2008_for_32-bit_systems SP2
- Microsoft windows_2000_professional
- Microsoft windows_server_2008_for_itanium-based_systems SP2
- Microsoft windows_server_2008_for_x64-based_systems SP2
- Microsoft windows_2000_professional SP1
- Microsoft windows_xp_media_center_edition SP1
- Microsoft windows_2000_professional SP4
- Microsoft windows_server_2003_x64 SP2
- Microsoft windows_xp_media_center_edition
- Microsoft windows_vista Ultimate
- Avaya meeting_exchange-client_registration_server
- Avaya meeting_exchange-recording_server
- Avaya meeting_exchange-streaming_server
- Avaya meeting_exchange-web_conferencing_server
- Avaya meeting_exchange-webportal
- Microsoft windows_xp_64-bit_edition
- Avaya messaging_application_server 4
- Avaya messaging_application_server 5
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_professional SP1
- Microsoft windows_server_2003 SP1
- Microsoft windows_server_2003 SP2
- Microsoft windows_xp_professional SP3
- Microsoft windows_xp_media_center_edition SP3
- Microsoft windows_xp_home SP3
- Microsoft windows_vista Home Premium SP1
- Microsoft windows_vista Ultimate SP1
- Microsoft windows_vista_ultimate_64-bit_edition
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_vista_ultimate_64-bit_edition SP1
- Microsoft windows_server_2003_x64 SP1
- Microsoft windows_2000_professional SP2
- Avaya callpilot 4.0
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_server_2003_itanium
- Microsoft windows_server_2003_itanium SP1
- Microsoft windows_server_2003_itanium SP2
- Avaya callpilot 5.0
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_server_2008_for_itanium-based_systems
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_professional SP2
- Microsoft windows_xp
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the IIS 5.0 FTPd. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, DI-Worm, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Microsoft iis 5.1
- Microsoft iis 5.0
- Microsoft iis 6.0
HTTP:OVERFLOW:EFS-FILE-SERVE-BO - HTTP: EFS Software Easy File Sharing Web Server sendemail.ghp Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Easy File Sharing Web Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the current user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
HTTP:WEBLOGIC:ENCODING - HTTP: BEA Weblogic Encoding Value Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in BEA Weblogic. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Oracle peoplesoft_enterprise_peopletools 8.49.14
- Oracle jd_edwards_enterpriseone 8.97
- Bea_systems weblogic_server 7.0.0 .0.1
- Bea_systems weblogic_server 7.0.0 SP 1
- Bea_systems weblogic_workshop 8.1.0 SP 4
- Bea_systems weblogic_server 7.0.0
- Bea_systems weblogic_workshop 10.3 GA
- Bea_systems weblogic_server 6.1.0 SP 3
- Oracle oracle10g_enterprise_edition 10.1.0 .5
- Bea_systems weblogic_server 8.1.0 SP 1
- Bea_systems weblogic_server 8.1.0 SP 6
- Bea_systems weblogic_server 7.0.0 SP 4
- Bea_systems weblogic_server 7.0.0 .0.1 SP 1
- Bea_systems weblogic_server 7.0.0 .0.1 SP 4
- Bea_systems weblogic_server 7.0.0 .0.1 SP 3
- Bea_systems weblogic_workshop 8.1.0 SP 5
- Bea_systems weblogic_server 8.1.0 SP 2
- Bea_systems weblogic_workshop 8.1.0 SP 3
- Bea_systems weblogic_workshop 8.1.0 SP 2
- Bea_systems weblogic_workshop 9.2
- Oracle oracle10g_application_server 9.0.4 3
- Bea_systems weblogic_server 6.1.0
- Bea_systems weblogic_server 6.1.0 SP 1
- Bea_systems weblogic_server 7.0.0 SP 6
- Oracle oracle10g_enterprise_edition 10.2.0 .3
- Oracle oracle10g_standard_edition 10.2.0 .3
- Bea_systems weblogic_workshop 10.2 GA
- Bea_systems weblogic_server 6.1.0 SP6
- Bea_systems weblogic_server 9.0
- Bea_systems weblogic_server 7.0.0 SP 3
- Oracle oracle10g_standard_edition 10.2.0.4
- Oracle oracle10g_enterprise_edition 10.2.0.4
- Oracle oracle10g_personal_edition 10.2.0.4
- Oracle oracle10g_application_server 10.1.2.3.0
- Bea_systems weblogic_server 9.1
- Bea_systems weblogic_server 6.1.0 SP 5
- Bea_systems weblogic_server 7.0.0 SP 2
- Bea_systems weblogic_server 7.0.0 .0.1 SP 2
- Oracle oracle10g_standard_edition 10.2.0 .2
- Oracle oracle10g_personal_edition 10.2.0 .2
- Bea_systems weblogic_server 6.1.0 SP 2
- Bea_systems weblogic_workshop 10.0
- Oracle oracle10g_enterprise_edition 10.2.0 .2
- Bea_systems weblogic_server 10.0
- Oracle oracle10g_personal_edition 10.1.0.5
- Oracle oracle9i_enterprise_edition 9.2.0 .8DV
- Oracle jd_edwards_enterpriseone 8.98
- Oracle oracle10g_application_server 10.1.3 .3.0
- Bea_systems weblogic_server 6.1.0 SP 4
- Bea_systems weblogic_server 9.2 Maintenance Pack 3
- Oracle peoplesoft_enterprise_customer_relationship_manage 8.9
- Oracle peoplesoft_enterprise_customer_relationship_manage 9.0
- Bea_systems weblogic_server 10.3
- Oracle e-business_suite_11i 11.5.10.2
- Oracle oracle11g_standard_edition_one 11.1.0 6
- Oracle oracle11g_enterprise_edition 11.1.0 6
- Bea_systems weblogic_server 8.1.0 SP 3
- Bea_systems weblogic_workshop 9.0
- Bea_systems weblogic_workshop 10.0 MP1
- Bea_systems weblogic_server 7.0.0 SP 5
- Bea_systems weblogic_workshop 9.1
- Bea_systems weblogic_server 10.0 MP1
- Oracle oracle10g_personal_edition 10.2.0 .3
- Bea_systems weblogic_server 8.1.0
- Oracle peoplesoft_enterprise_peopletools 8.48.18
- Oracle oracle11g_standard_edition 11.1.0 6
- Bea_systems weblogic_workshop 9.2
- Bea_systems weblogic_server 9.2
- Oracle oracle9i_enterprise_edition 9.2.0.8.0
- Bea_systems weblogic_server 8.1
- Oracle oracle10g_application_server 10.1.3 .4.0
- Bea_systems weblogic_server 7.0.0 SP 7
- Bea_systems weblogic_server 6.1.0 SP 7
- Bea_systems weblogic_workshop 8.1.0 SP 6
- Oracle e-business_suite_12 12.0.4
- Bea_systems weblogic_server 8.1.0 SP 4
- Bea_systems weblogic_server 7.0 SP7
- Bea_systems weblogic_server 8.1.0 SP 5
HTTP:OVERFLOW:OVWEBHELP-BO - HTTP: HP OpenView Network Node Manager OvWebHelp.exe CGI Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against HP Openview. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits can completely compromise affected computers. Failed exploit attempts can result in a denial-of-service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.53
- Hp openview_network_node_manager 7.01
- Hp openview_network_node_manager 7.50
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.50.0 HP-UX 11.X
- Hp openview_network_node_manager 7.50.0 Solaris
- Hp openview_network_node_manager 7.50.0 Windows 2000/XP
- Hp openview_network_node_manager 7.50.0 Linux
- Hp openview_network_node_manager 7.50.0
TROJAN:CRYPTOWALL-DOCS-CAMP - TROJAN: Cryptowall docs Campaign Encrypted Binary Detected
Severity: HIGH
Description:
This signature detects the connection from malicious TROJAN Cryptowall.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
HTTP:STC:DIRECTSHOW-AVI-EXEC - HTTP: Microsoft Windows DirectShow AVI File Code Execution
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Windows Media Player. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_vista_enterprise_64-bit_edition
- Microsoft windows_vista Business SP2
- Microsoft windows_vista_business_64-bit_edition SP2
- Microsoft windows_vista_enterprise_64-bit_edition SP2
- Microsoft windows_vista Enterprise SP2
- Microsoft windows_vista_home_basic_64-bit_edition SP2
- Microsoft windows_vista Home Basic SP2
- Microsoft windows_vista_home_premium_64-bit_edition SP2
- Microsoft windows_vista Home Premium SP2
- Microsoft windows_vista_ultimate_64-bit_edition SP2
- Microsoft windows_vista Ultimate SP2
- Nortel_networks contact_center_ncc
- Nortel_networks symposium
- Microsoft windows_server_2008_for_32-bit_systems SP2
- Avaya messaging_application_server
- Microsoft windows_server_2008_for_x64-based_systems SP2
- Microsoft windows_vista_ultimate_64-bit_edition
- Avaya messaging_application_server MM 3.0
- Avaya messaging_application_server MM 3.1
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_professional SP4
- Microsoft windows_server_2003_x64 SP2
- Nortel_networks callpilot 1005R
- Nortel_networks callpilot 600R
- Nortel_networks contact_center-tapi_server
- Nortel_networks callpilot 703T
- Nortel_networks contact_center_manager_server
- Nortel_networks callpilot 201I
- Avaya meeting_exchange-client_registration_server
- Nortel_networks callpilot 702T
- Avaya meeting_exchange-streaming_server
- Avaya meeting_exchange-web_conferencing_server
- Avaya meeting_exchange-webportal
- Nortel_networks callpilot 1002Rp
- Avaya messaging_application_server MM 1.1
- Avaya messaging_application_server 4
- Avaya messaging_application_server 5
- Nortel_networks callpilot 202I
- Nortel_networks contact_center_express
- Microsoft windows_xp_tablet_pc_edition SP3
- Microsoft windows_xp_professional SP3
- Microsoft windows_xp_media_center_edition SP3
- Microsoft windows_xp_home SP3
- Microsoft windows_vista Business SP1
- Microsoft windows_vista Home Basic SP1
- Microsoft windows_vista_business_64-bit_edition
- Microsoft windows_vista Enterprise SP1
- Microsoft windows_vista Ultimate SP1
- Microsoft windows_vista_business_64-bit_edition SP1
- Microsoft windows_vista_home_premium_64-bit_edition
- Microsoft windows_vista_home_basic_64-bit_edition SP1
- Microsoft windows_vista_home_premium_64-bit_edition SP1
- Microsoft windows_vista_ultimate_64-bit_edition SP1
- Nortel_networks contact_center_administration
- Microsoft windows_xp_tablet_pc_edition SP2
- Microsoft windows_2000_server SP4
- Microsoft windows_vista_enterprise_64-bit_edition SP1
- Avaya meeting_exchange-recording_server
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_vista_home_basic_64-bit_edition
- Avaya messaging_application_server MM 2.0
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_professional SP2
- Microsoft mpeg_layer-3_codecs
- Microsoft windows_vista Home Premium SP1
APP:WINMEDIASRV-RCE - APP: Microsoft Windows Media Service Remote Code Execution
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against Windows Media Service. A successful attack can allow attackers to take complete control of an affected system. Thereby enabling them to install programs; view, change, delete data; or create new accounts with full user rights.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_2000_datacenter_server
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_advanced_server SP3
- Microsoft windows_2000_datacenter_server SP3
- Microsoft windows_2000_datacenter_server SP1
- Microsoft windows_2000_professional
- Microsoft windows_2000_advanced_server
- Microsoft windows_2000_advanced_server SP1
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_professional SP4
- Nortel_networks self-service_mps_1000
- Nortel_networks self-service_speech_server
- Nortel_networks ensm_visualization_performance_fault_manager_vpfm
- Microsoft windows_2000_professional SP1
- Nortel_networks self-service_peri_application
- Nortel_networks self_service-cdd
- Microsoft windows_2000_advanced_server SP2
- Microsoft windows_2000_datacenter_server SP2
- Microsoft windows_2000_professional SP2
- Nortel_networks self-service_mps_500
- Nortel_networks self-service_media_processing_server
DB:POSTGRESQL:CHANGE-PASS-BO - DB: PostgreSQL Database Password Change Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the PostgreSQL Database. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, isg-3.5.0, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Postgresql postgresql 10.3
- Postgresql postgresql 10.6
- Postgresql postgresql 11.0
- Postgresql postgresql 10.2
- Redhat enterprise_linux 8.0
- Postgresql postgresql 11.1
- Postgresql postgresql 10.5
- Postgresql postgresql 10.8
- Postgresql postgresql 10.1
- Postgresql postgresql 11.2
- Postgresql postgresql 10.4
- Postgresql postgresql 10.0
- Postgresql postgresql 11.3
- Postgresql postgresql 10.7
Severity: HIGH
Description:
This signature detects long source attributes in <embed> tags. A malicious Web page can contain these tags and attempt to crash the target's browser. A successful result can lead to possible code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_xp_home
- Microsoft windows_2000_datacenter_server
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_server SP3
- Microsoft windows_2000_advanced_server SP3
- Microsoft windows_2000_datacenter_server SP3
- Microsoft windows_2000_datacenter_server SP1
- Microsoft windows_xp_tablet_pc_edition SP2
- Microsoft windows_2000_professional
- Microsoft windows_2000_server
- Microsoft windows_2000_professional SP1
- Microsoft windows_2000_advanced_server SP1
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_server SP4
- Microsoft windows_xp_media_center_edition
- Microsoft windows_xp_tablet_pc_edition
- Microsoft windows_2000_server SP1
- Microsoft windows_xp_home SP1
- Microsoft windows_server_2003_standard_edition
- Microsoft windows_2000_advanced_server
- Microsoft windows_xp
- Microsoft windows_server_2003_standard_x64_edition
- Microsoft windows_server_2003_enterprise_x64_edition
- Microsoft windows_xp_professional SP1
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_server_2003_datacenter_edition SP1
- Microsoft windows_server_2003_enterprise_edition SP1
- Microsoft windows_server_2003_standard_edition SP1
- Microsoft windows_server_2003_web_edition SP1
- Microsoft windows_2000_advanced_server SP2
- Microsoft windows_2000_datacenter_server SP2
- Microsoft windows_2000_professional SP2
- Microsoft windows_2000_server SP2
- Microsoft windows_xp_professional
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_web_edition
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_professional SP2
- Microsoft windows_xp_tablet_pc_edition SP1
- Microsoft windows_xp_media_center_edition SP1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Hewlett Packard Power Manager. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Web server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp power_manager 4.0Build10
- Hp power_manager 4.0Build11
- Hp power_manager 4.2.9
- Hp power_manager 4.2.7
- Hp power_manager
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the IBM Lotus Domino Web Server. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Web server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ibm lotus_domino 7.0.0
- Ibm lotus_domino 6.0.0
- Ibm lotus_domino 7.0.3
- Ibm lotus_domino 6.5.0 .0
- Ibm lotus_domino 8.0
APP:IBM:LDAP-MODIFYREQUEST-BO - APP: IBM Domino LDAP Server ModifyRequest Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against IBM Domino LDAP Server. A successful exploit can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ibm domino 8.5.0
- Ibm domino 8.5.1
- Ibm domino 8.5.2
- Ibm domino 9.0.1
- Ibm domino 8.5.3
HTTP:MISC:OMRON-CX-SBO - HTTP: OMRON CX-One CX-FLnet cdmapi32 wcscpy Stack-based Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in OMRON CX-One CX-FLnet module. Successful exploitation could result in arbitrary code execution in the context of the target user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Omron cx-programmer 9.65
- Omron cx-server 5.0.22
- Omron network_configurator 3.63
- Omron cx-protocol 1.992
- Omron cx-one 4.42
- Omron cx-flnet 1.00
- Omron switch_box_utility 1.68
TROJAN:BEACON-CNC - TROJAN: Beacon Command and Control Traffic
Severity: HIGH
Description:
This signature detects the Command and Control traffic for the Beacon trojan. The source IP host is infected and should be removed from the network for analysis.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against MailEnable Professional. MailEnable Professional version 1.5 and earlier can be vulnerable. Attackers can supply the SELECT command with a large input string attempting to exploit this vulnerability. Successful exploitation can lead to arbitrary remote code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Mailenable mailenable_enterprise_edition 1.0.0 1
- Mailenable mailenable_professional 1.5.0
- Mailenable mailenable_professional 1.54.0
- Mailenable mailenable_enterprise_edition 1.0.0
- Mailenable mailenable_enterprise_edition 1.0.0 2
- Mailenable mailenable_enterprise_edition 1.0.0 3
- Mailenable mailenable_enterprise_edition 1.0.0 4
- Mailenable mailenable_professional 1.53.0
- Mailenable mailenable_professional 1.51.0
- Mailenable mailenable_professional 1.52.0
HTTP:MISC:ORMON-CXM-SBO - HTTP: OMRON CX-One CX-Motion Stack-based Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against OMRON CX-One CX-Motion module. A successful attack can lead to arbitrary code execution in the context of the target user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Omron cx-programmer 9.65
- Omron cx-server 5.0.22
- Omron network_configurator 3.63
- Omron cx-protocol 1.992
- Omron cx-one 4.42
- Omron cx-flnet 1.00
- Omron switch_box_utility 1.68
MS-RPC:ADVTC-WEBSCADA-BO - MS-RPC: Advantech WebAccess SCADA bwmakdir Stack-based Buffer Overflow
Severity: HIGH
Description:
This signature detects attempt to exploit a stack-based buffer overflow vulnerability which has been reported in the webvrpcs service of Advantech WebAccess. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted RPC request to the target server. Successful exploitation could lead to arbitrary code execution under context of Administrator.
Supported On:
idp-5.1.110161014, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.110121210, srx-12.1, srx-branch-12.1, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Advantech webaccess/nms 2.0.3
- Advantech webaccess 8.2_20170817
- Advantech webaccess_dashboard 2.0.15
- Advantech webaccess 8.3.0
HTTP:WECON-LEVISTUDIO-BO - HTTP: WECON LeviStudio Multiple Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the WECON LeviStudio. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user process.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
HTTP:STC:DL:MAL-ASX-OF - HTTP: ASX Malformed File Remote Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the asx malformed file. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Gom_player gom_player 2.0.12.3375
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in Microsoft NNTP servers. Attackers can send an xpat command with an overly long pattern to overflow the buffer in the NNTP server and gain complete control of the target system.
Supported On:
idp-5.1.110161014, DI-Client, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, DI-Base, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Microsoft windows_2000_datacenter_server
- Microsoft windows_2000_server SP3
- Microsoft windows_2000_advanced_server SP3
- Microsoft windows_2000_datacenter_server SP3
- Microsoft exchange_server_2000 SP2
- Microsoft windows_nt_server 4.0
- Microsoft windows_2000_datacenter_server SP1
- Avaya s3400_message_application_server
- Avaya s8100_media_servers
- Avaya definityone_media_servers
- Microsoft exchange_server_2003
- Microsoft exchange_server_2000 SP3
- Microsoft windows_nt_enterprise_server 4.0
- Microsoft windows_2000_server
- Microsoft windows_2000_advanced_server
- Microsoft windows_2000_advanced_server SP1
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_datacenter_server SP4
- Avaya modular_messaging_(mss) 2.0.0
- Microsoft windows_2000_server SP4
- Microsoft windows_2000_server SP1
- Microsoft windows_server_2003_standard_edition
- Microsoft exchange_server_2003 SP1
- Microsoft exchange_server_2000 SP1
- Microsoft windows_nt_enterprise_server 4.0 SP1
- Microsoft windows_nt_enterprise_server 4.0 SP2
- Microsoft windows_nt_enterprise_server 4.0 SP4
- Microsoft windows_nt_enterprise_server 4.0 SP3
- Microsoft windows_nt_enterprise_server 4.0 SP5
- Microsoft windows_nt_enterprise_server 4.0 SP6
- Microsoft windows_nt_enterprise_server 4.0 SP6a
- Microsoft windows_nt_server 4.0 SP1
- Microsoft windows_nt_server 4.0 SP2
- Microsoft windows_nt_server 4.0 SP3
- Microsoft windows_nt_server 4.0 SP4
- Microsoft windows_nt_server 4.0 SP5
- Microsoft windows_nt_server 4.0 SP6
- Avaya modular_messaging_(mss) 1.1.0
- Microsoft windows_2000_advanced_server SP2
- Microsoft windows_2000_datacenter_server SP2
- Microsoft windows_2000_server SP2
- Microsoft windows_nt_server 4.0 SP6a
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_web_edition
- Microsoft windows_server_2003_enterprise_edition_itanium
- Microsoft windows_server_2003_datacenter_edition_itanium
- Avaya ip600_media_servers
- Microsoft exchange_server_2000
HTTP:STC:MS-WIN-GDI-ID - HTTP: Microsoft Windows Graphics Device Interface Information Disclosure
Severity: MEDIUM
Description:
This signature detects attempt to exploit an information disclosure vulnerability which exists in the Graphics Device Interface (GDI) components of Microsoft Windows. Successful exploitation could result in disclosure of information which could be used to further compromise the target system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_server_2016 *
- Microsoft windows_server_2012 *
- Microsoft windows_10 1803
- Microsoft windows_10 1709
- Microsoft windows_server_2008 sp2
- Microsoft windows_10 1607
- Microsoft windows_server_2016 1803
- Microsoft windows_server_2016 1709
- Microsoft windows_8.1 -
- Microsoft windows_server_2008 r2
- Microsoft windows_7 -
- Microsoft windows_10 -
- Microsoft windows_10 1703
- Microsoft windows_server_2012 r2
HTTP:PERL-TAR-ZIP-FO - HTTP: Perl Archive Tar and ZIP Arbitrary File Overwrite
Severity: HIGH
Description:
This signature detects an attempt to exploit an arbitrary file overwrite vulnerability which has been reported in the Perl Archive::Tar and Archive::Zip module. Successful exploitation could result in arbitrary file overwrite in the target user's system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Archive::tar_project archive::tar 2.28
- Apple mac_os_x 10.3.2
- Apple mac_os_x 10.5.3
- Netapp data_ontap_edge -
- Apple mac_os_x 10.8.3
- Apple mac_os_x 10.3.0
- Apple mac_os_x 10.5.5
- Apple mac_os_x 10.0.1
- Apple mac_os_x 10.13
- Apple mac_os_x 10.8.5
- Apple mac_os_x 10.13.2
- Apple mac_os_x 10.5.7
- Apple mac_os_x 10.0.3
- Apple mac_os_x 10.13.0
- Apple mac_os_x 10.10.4
- Apple mac_os_x 10.13.6
- Apple mac_os_x 10.4.4
- Apple mac_os_x 10.13.4
- Apple mac_os_x 10.4.6
- Apple mac_os_x 10.10.0
- Apple mac_os_x 10.12.3
- Apple mac_os_x 10.4.0
- Apple mac_os_x 10.10.2
- Apple mac_os_x 10.7.3
- Apple mac_os_x 10.2.3
- Apple mac_os_x 10.4.2
- Apple mac_os_x 10.4
- Apple mac_os_x 10.7.1
- Apple mac_os_x 10.2.1
- Apple mac_os_x 10.2.7
- Apple mac_os_x 10.9.5
- Netapp snap_creator_framework -
- Apple mac_os_x 10.0
- Apple mac_os_x 10.7.5
- Apple mac_os_x 10.2.5
- Apple mac_os_x 10.4.8
- Apple mac_os_x 10.2
- Apple mac_os_x 10.1.5
- Apple mac_os_x 10.9.1
- Apple mac_os_x 10.12.6
- Apple mac_os_x 10.6.6
- Apple mac_os_x 10.9.3
- Apple mac_os_x 10.12.4
- Apple mac_os_x 10.11.1
- Apple mac_os_x 10.5.8
- Apple mac_os_x 10.1.1
- Apple mac_os_x 10.6.4
- Apple mac_os_x 10.12.2
- Apple mac_os_x 10.11.3
- Apple mac_os_x 10.1.3
- Apple mac_os_x 10.6.2
- Apple mac_os_x 10.12.0
- Apple mac_os_x 10.11.5
- Apple mac_os_x 10.6.0
- Apple mac_os_x 10.14.2
- Apple mac_os_x 10.4.10
- Apple mac_os_x 10.3.7
- Apple mac_os_x 10.5.0
- Apple mac_os_x 10.14
- Apple mac_os_x 10.3.5
- Apple mac_os_x 10.5.2
- Apple mac_os_x 10.8.0
- Apple mac_os_x 10.3.3
- Apple mac_os_x 10.5.4
- Apple mac_os_x 10.6.8
- Apple mac_os_x 10.8.2
- Apple mac_os_x 10.3.1
- Apple mac_os_x 10.5.6
- Apple mac_os_x 10.0.0
- Apple mac_os_x -
- Apple mac_os_x 10.12
- Apple mac_os_x 10.8.4
- Apple mac_os_x 10.13.3
- Apple mac_os_x 10.0.2
- Apple mac_os_x 10.10.5
- Apple mac_os_x 10.13.1
- Apple mac_os_x 10.4.5
- Apple mac_os_x 10.0.4
- Apple mac_os_x 10.4.7
- Apple mac_os_x 10.10.1
- Apple mac_os_x 10.3.9
- Apple mac_os_x 10.4.1
- Apple mac_os_x 10.10.3
- Apple mac_os_x 10.7.2
- Apple mac_os_x 10.4.3
- Apple mac_os_x 10.5
- Apple mac_os_x 10.7.0
- Apple mac_os_x 10.2.2
- Apple mac_os_x 10.2.0
- Apple mac_os_x 10.9.4
- Apple mac_os_x 10.1
- Apple mac_os_x 10.7.4
- Apple mac_os_x 10.2.6
- Apple mac_os_x 10.4.9
- Netapp oncommand_workflow_automation -
- Apple mac_os_x 10.3
- Apple mac_os_x 10.1.4
- Apple mac_os_x 10.2.4
- Netapp snapdrive -
- Apple mac_os_x 10.6.7
- Apple mac_os_x 10.9.2
- Apple mac_os_x 10.3.8
- Apple mac_os_x 10.12.5
- Apple mac_os_x 10.11.0
- Apple mac_os_x 10.1.0
- Apple mac_os_x 10.2.8
- Apple mac_os_x 10.6.5
- Apple mac_os_x 10.9
- Apple mac_os_x 10.11.2
- Apple mac_os_x 10.1.2
- Apple mac_os_x 10.6.3
- Apple mac_os_x 10.14.1
- Apple mac_os_x 10.12.1
- Apple mac_os_x 10.11.4
- Apple mac_os_x 10.6.1
- Apple mac_os_x 10.13.5
- Apple mac_os_x 10.4.11
- Apple mac_os_x 10.11.6
- Apple mac_os_x 10.3.6
- Apple mac_os_x 10.3.4
- Apple mac_os_x 10.5.1
- Apple mac_os_x 10.8.1
- Canonical ubuntu_linux 12.04
- Canonical ubuntu_linux 18.04
- Canonical ubuntu_linux 16.04
- Canonical ubuntu_linux 14.04
- Debian debian_linux 9.0
- Debian debian_linux 8.0
- Perl perl 5.26.2
- Canonical ubuntu_linux 17.10
HTTP:DIGIUM-ASTERISK-BO - HTTP: Digium Asterisk Management Interface HTTP Digest Authentication Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Digium Asterisk Management Interface. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Digium asterisk 1.8.1.2
- Digium asterisk 1.8.2.4
- Digium asterisk 1.8.4.1
- Digium asterisk 1.8.0 (beta1)
- Digium asterisk 1.8.7.0 (rc2)
- Digium asterisk 1.8.6.0 (rc1)
- Digium asterisk 1.8.8.0 (rc1)
- Digium asterisk 1.8.3 (rc3)
- Digium asterisk 1.8.6.0 (rc3)
- Digium asterisk 10.2.0 (rc3)
- Digium asterisk 10.0.0 (rc1)
- Digium asterisk 1.8.0 (beta3)
- Digium asterisk 1.8.0 (beta2)
- Digium asterisk 1.8.3 (rc1)
- Digium asterisk 1.8.4.4
- Digium asterisk 10.2.0 (rc2)
- Digium asterisk 1.8.0 (rc5)
- Digium asterisk 1.8.5 (rc1)
- Digium asterisk 1.8.0 (rc2)
- Digium asterisk 1.8.9.3
- Digium asterisk 1.8.5.0
- Digium asterisk 1.8.0 (beta4)
- Digium asterisk 1.8.3 (rc2)
- Digium asterisk 1.8.2.2
- Digium asterisk 1.8.0 (rc3)
- Digium asterisk 1.8.6.0 (rc2)
- Digium asterisk 1.8.9.1
- Digium asterisk 1.8.1.1
- Digium asterisk 1.8.2
- Digium asterisk 10.0.0 (rc2)
- Digium asterisk 1.8.9.0 (rc1)
- Digium asterisk 1.8.7.0 (rc1)
- Digium asterisk 1.8.10.0 (rc2)
- Digium asterisk 1.8.10.0 (rc4)
- Digium asterisk 10.2.0 (rc1)
- Digium asterisk 1.8.7.1
- Digium asterisk 10.0.0 (beta2)
- Digium asterisk 1.8.8.0 (rc3)
- Digium asterisk 1.8.9.0 (rc2)
- Digium asterisk 1.8.8.0 (rc2)
- Digium asterisk 10.1.2
- Digium asterisk 1.8.0 (rc4)
- Digium asterisk 10.1.3
- Digium asterisk 1.8.8.1
- Digium asterisk 10.0.1
- Digium asterisk 1.8.9.0 (rc3)
- Digium asterisk 10.0.0 (beta1)
- Digium asterisk 1.8.4 (rc2)
- Digium asterisk 1.8.10.0 (rc1)
- Digium asterisk 1.8.4 (rc1)
- Digium asterisk 1.8.2.3
- Digium asterisk 1.8.8.0 (rc5)
- Digium asterisk 1.8.2.1
- Digium asterisk 10.0.0 (rc3)
- Digium asterisk 10.1.0 (rc1)
- Digium asterisk 10.1.0 (rc2)
- Digium asterisk 10.1.1
- Digium asterisk 1.8.3.1
- Digium asterisk 1.8.0 (beta5)
- Digium asterisk 1.8.10.0 (rc3)
- Digium asterisk 1.8.4 (rc3)
- Digium asterisk 1.8.4.2
- Digium asterisk 10.2.0 (rc4)
- Digium asterisk 1.8.8.2
- Digium asterisk 1.8.9.2
- Digium asterisk 1.8.3.3
- Digium asterisk 1.8.4.3
- Digium asterisk 1.8.8.0 (rc4)
- Digium asterisk 1.8.3.2
HTTP:STC:WECON-LEVI-SBO - HTTP: WECON LeviStudio InstallmentSet InstallmentTrigAddOpen Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the WECON LeviStudio InstallmentSet. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the User.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- We-con levistudiou 1.8.56
HTTP:NOVELL:NETMAIL-WEBADMIN - HTTP: Novell NetMail WebAdmin Username Stack Buffer Overflow
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in Novell Netmail WebAdmin. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Novell netmail 3.52e-ftfl
- Novell netmail 3.52.0
- Novell netmail 3.52.0 C1
- Novell netmail 3.52.0 D
- Novell netmail 3.52.0 C
- Novell netmail 3.52.0 B
- Novell netmail 3.52.0 A
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in the Netfilter iptables. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the root user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
HTTP:STC:NTP-DECODENETNUM-AF - HTTP: Network Time Protocol Daemon decodenetnum Assertion Failure
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Network Time Protocol daemon (NTPD). A successful attack can lead to denial-of-service.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Ntp ntp 4.3.43
- Ntp ntp 4.3.22
- Ntp ntp 4.3.38
- Ntp ntp 4.3.40
- Ntp ntp 4.3.11
- Ntp ntp 4.3.9
- Ntp ntp 4.3.41
- Ntp ntp 4.3.24
- Ntp ntp 4.3.36
- Ntp ntp 4.3.60
- Ntp ntp 4.3.8
- Ntp ntp 4.3.28
- Ntp ntp 4.3.46
- Ntp ntp 4.3.18
- Ntp ntp 4.3.35
- Ntp ntp 4.3.61
- Ntp ntp 4.3.7
- Ntp ntp 4.3.47
- Ntp ntp 4.3.59
- Ntp ntp 4.3.34
- Ntp ntp 4.3.62
- Ntp ntp 4.3.6
- Ntp ntp 4.3.71
- Ntp ntp 4.3.44
- Ntp ntp 4.3.58
- Ntp ntp 4.3.33
- Ntp ntp 4.3.63
- Ntp ntp 4.3.5
- Ntp ntp 4.3.45
- Ntp ntp 4.3.32
- Ntp ntp 4.3.64
- Ntp ntp 4.3.4
- Ntp ntp 4.3.31
- Ntp ntp 4.3.29
- Ntp ntp 4.3.3
- Ntp ntp 4.3.1
- Ntp ntp 4.3.17
- Ntp ntp 4.3.55
- Ntp ntp 4.3.30
- Ntp ntp 4.3.66
- Ntp ntp 4.3.37
- Ntp ntp 4.2.2
- Ntp ntp 4.3.65
- Ntp ntp 4.3.54
- Ntp ntp 4.3.69
- Ntp ntp 4.3.67
- Ntp ntp 4.2.4
- Ntp ntp 4.2.6
- Ntp ntp 4.3.13
- Ntp ntp 4.3.23
- Ntp ntp 4.3.57
- Ntp ntp 4.3.68
- Ntp ntp 4.2.5
- Ntp ntp 4.2.7p444
- Ntp ntp 4.3.56
- Ntp ntp 4.3.48
- Ntp ntp 4.3.25
- Ntp ntp 4.3.19
- Ntp ntp 4.3.74
- Ntp ntp 4.3.51
- Ntp ntp 4.3.49
- Ntp ntp 4.3.26
- Ntp ntp 4.3.72
- Ntp ntp 4.3.50
- Ntp ntp 4.3.27
- Ntp ntp 4.3.12
- Ntp ntp 4.2.7
- Ntp ntp 4.3.16
- Ntp ntp 4.3.53
- Ntp ntp 4.3.0
- Ntp ntp 4.3.20
- Ntp ntp 4.3.10
- Ntp ntp 4.3.39
- Ntp ntp 4.3.70
- Ntp ntp 4.3.73
- Ntp ntp 4.3.2
- Ntp ntp 4.2.8
- Ntp ntp 4.2.0
- Ntp ntp 4.3.21
- Ntp ntp 4.3.14
- Ntp ntp 4.3.76
- Ntp ntp 4.3.52
- Ntp ntp 4.3.42
- Ntp ntp 4.3.15
- Ntp ntp 4.3.75
SSL:OPENSSL-CVE-2017-3730 - SSL: OpenSSL invalid Diffie-Hellman Parameter NULL Pointer Dereference
Severity: HIGH
Description:
A NULL pointer dereference vulnerability exists in OpenSSL. Successful exploitation results in a denial of service condition on the affected service.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Oracle jd_edwards_enterpriseone_tools 9.2
- Oracle jd_edwards_world_security a9.3
- Oracle communications_application_session_controller 3.8.0
- Oracle jd_edwards_world_security a9.4
- Oracle communications_operations_monitor 3.4
- Oracle agile_engineering_data_management 6.1.3
- Oracle communications_application_session_controller 3.7.1
- Oracle communications_operations_monitor 4.0
- Oracle jd_edwards_world_security a9.1
- Oracle communications_eagle_lnp_application_processor 10.2
- Oracle agile_engineering_data_management 6.2.0
- Oracle communications_eagle_lnp_application_processor 10.0
- Oracle jd_edwards_world_security a9.2
- Oracle communications_eagle_lnp_application_processor 10.1
- Openssl openssl 1.1.0a
- Openssl openssl 1.1.0b
- Openssl openssl 1.1.0c
- Openssl openssl 1.1.0
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against Oracle database servers. An over-long parameter sent to the sys.pbsde.init procedure, can allow code to be injected into the server's memory. The injected code is executed with the privileges of the user "System" on windows based platforms and the user "Oracle" on Unix based platforms. An unsuccessful attack can terminate the application and create a denial-of-service condition of the database server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Oracle oracle9i_application_server 9.0.3 .1
- Oracle oracle9i_enterprise_edition 9.0.1 .4
- Oracle oracle9i_standard_edition 9.2.0 .6
- Oracle oracle9i_enterprise_edition 9.0.1 .5 FIPS
- Oracle oracle9i_personal_edition 9.0.1 .5 FIPS
- Oracle oracle9i_standard_edition 9.0.1 .5 FIPS
- Oracle enterprise_manager_grid_control_10g 10.1.0 .4
- Oracle application_server_10g 9.0.4 .2
- Oracle oracle9i_application_server_web_cache 9.0.3 .1
- Oracle oracle9i_application_server_web_cache 9.0.2 .3
- Hp hp-ux 11.23.0
- Oracle collaboration_suite_release_1 10.1.1
- Oracle clinical 4.5.0
- Oracle clinical 4.5.1
- Oracle enterprise_manager_application_server_control 9.0.4 .2
- Oracle oracle9i_application_server 9.2.0 .0.7
- Oracle developer_suite 9.0.2 .1
- Oracle developer_suite 9.0.4 .2
- Oracle oracle10g_standard_edition 10.1.0 .4.2
- Peoplesoft peopletools 8.46.3
- Peoplesoft crm 8.8.1
- Peoplesoft crm 8.9.0
- Oracle jd_edwards_enterpriseone 8.95.0 B1
- Oracle jd_edwards_enterpriseone 8.94.0 Q1
- Oracle jd_edwards_enterpriseone SP23 K1
- Oracle application_server 10.1.2.0.2
- Oracle oracle9i_enterprise_edition 9.0.1 .5
- Oracle oracle9i_personal_edition 9.0.1 .5
- Oracle oracle9i_standard_edition 9.0.1 .5
- Oracle e-business_suite_11i 11.5.10
- Peoplesoft peopletools 8.20.7
- Peoplesoft peopletools 8.45.5
- Oracle oracle8 8.0.6
- Hp hp-ux B.11.11
- Oracle oracle9i_standard_edition 9.0.1 .4
- Oracle oracle8i_standard_edition 8.0.6 .3
- Hp hp-ux B.11.23
- Oracle oracle10g_enterprise_edition 10.1.0 .0.3.1
- Oracle oracle10g_application_server 10.1.0 .0.3
- Oracle oracle10g_application_server 10.1.0 .0.3.1
- Oracle oracle10g_enterprise_edition 10.1.0 .0.3
- Oracle oracle10g_personal_edition 10.1.0 .0.3
- Oracle oracle10g_standard_edition 10.1.0 .0.3
- Oracle e-business_suite_11i 11.5.0
- Oracle oracle9i_personal_edition 9.2.0 .6
- Oracle oracle9i_enterprise_edition 9.2.0.6.0
- Oracle oracle9i_application_server 9.2.0 .0.6
- Oracle oracle8i_standard_edition 8.0.6
- Oracle collaboration_suite_release_2 9.0.4 .2
- Oracle oracle10g_application_server 10.1.2
- Oracle oracle8 8.0.6 .3
- Oracle oracle10g_enterprise_edition 10.1.0 .0.4
- Oracle oracle10g_standard_edition 10.1.0 .0.4
- Oracle application_server_release_2 9.0.2 .3
- Peoplesoft peopletools 8.43.0
- Peoplesoft peopletools 8.20.0
- Oracle oracle10g_standard_edition 10.1.0 .0.2
- Oracle oracle10g_personal_edition 10.1.0 .0.2
- Oracle oracle10g_enterprise_edition 10.1.0 .0.2
- Oracle oracle10g_application_server 10.1.0 .0.2
- Hp hp-ux 11.11.0
- Peoplesoft peopletools 8.40.0
- Peoplesoft peopletools 8.10.0
- Peoplesoft peopletools 8.11.0
- Peoplesoft peopletools 8.12.0
- Peoplesoft peopletools 8.13.0
- Peoplesoft peopletools 8.41.0
- Peoplesoft peopletools 8.15.0
- Peoplesoft peopletools 8.16.0
- Peoplesoft peopletools 8.18.0
- Peoplesoft peopletools 8.42.0
- Oracle e-business_suite_11i 11.5.1
- Oracle e-business_suite_11i 11.5.2
- Oracle e-business_suite_11i 11.5.3
- Oracle e-business_suite_11i 11.5.4
- Oracle e-business_suite_11i 11.5.5
- Oracle e-business_suite_11i 11.5.6
- Oracle e-business_suite_11i 11.5.7
- Oracle e-business_suite_11i 11.5.8
- Oracle e-business_suite_11i 11.5.9
- Oracle e-business_suite 11.0.0
- Peoplesoft peopletools 8.19.0
- Oracle application_server_release_2 10.1.2 .0.0
- Oracle application_server_release_2 10.1.2 .0.1
- Oracle application_server_release_2 10.1.2 .0.2
- Oracle oracle10g_enterprise_edition 10.1.0.4.2
- Oracle collaboration_suite_release_1
- Oracle enterprise_manager_database_control_10g 10.1.0 .0.4
- Oracle enterprise_manager_database_control_10g 10.1.0 .0.3
- Oracle oracle10g_application_server 10.1.0 .0.4
- Oracle enterprise_manager_application_server_control 9.0.4 .1
- Oracle workflow 11.5.1
- Oracle workflow 11.5.9 .5
- Oracle oracle9i_application_server 9.0.2 .3
- Oracle developer_suite 9.0.4 .1
- Oracle developer_suite 10.1.2
- Peoplesoft peopletools 8.17.0
- Oracle oracle8 8.1.7 .4
- Oracle oracle9i_enterprise_edition 9.2.0.7.0
- Oracle oracle9i_personal_edition 9.2.0 .7
- Peoplesoft peopletools 8.14.0
- Oracle peoplesoft_enterprise_customer_relationship_manage 8.9
- Oracle oracle9i_enterprise_edition 9.2.0 .0.5
- Oracle oracle9i_personal_edition 9.2.0 .0.5
- Oracle oracle9i_standard_edition 9.2.0 .0.5
- Oracle oracle8i_enterprise_edition 8.1.7.4.0
- Oracle oracle10g_personal_edition 10.1.0 .0.3.1
- Oracle oracle10g_standard_edition 10.1.0 .0.3.1
- Oracle application_server_10g 9.0.4
- Oracle application_server_10g 9.0.4 .1
- Oracle oracle10g_personal_edition 10.1.0 .0.4
- Oracle application_server_release_2 9.0.2 .1
- Oracle oracle_9i_application_server_release_1 1.0.2 .2
- Oracle enterprise_manager_grid_control_10g 10.1.0 .3
- Oracle enterprise_manager 9.0.4 .1
- Oracle oracle8i_standard_edition 8.1.7 .4
- Oracle oracle9i_personal_edition 9.0.1 .4
APP:BLUECOAT-AAA-OF - APP: Blue Coat Authentication and Authorization Agent Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Blue Coat Authentication and Authorization Agent. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in Apple QuickTime. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Gentoo linux
- Gentoo media-libs/win32codecs 20071007-r2
- Linden_research,_inc. second_life_viewer
- Linden_research,_inc. second_life_viewer 1.18.5.3
- Apple quicktime_player 7.3
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against Mercury Mail Transport System. A successful attack allows attackers to execute arbitrary code through a long LOGIN command. The foundation for this signature comes from the public PoC for Metasploit.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Pegasus_mail mercury_mail_transport_system 4.01b
HTTP:XIPH-CAST-URL-AUTH-1 - HTTP: Xiph.org Icecast Server auth_url Stack Buffer Overflow (1)
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Icecast server. The vulnerability is due to improper offset calculations while copying user-supplied data into a stack-based buffer within url_add_client in auth_url.c. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted HTTP request to the target server. Successful exploitation could potentially lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known flaw in GAMSoft Telsrv. A successful exploit would result in a Denial of Service (DoS).
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Gamsoft telsrv 1.4.0
- Gamsoft telsrv 1.5.0
TELNET:OVERFLOW:BSD-ENCRY-KEYID - TELNET: Multiple Vendors BSD telnetd Encryption Key Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known flaw in BSD telnetd. The vulnerability is due to the copying of an encryption key into a fixed-length buffer without validation of the key's length. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted packet to telnetd. A successful exploitation attempt could result in the execution of arbitrary code in the security context of the Telnet daemon.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Red_hat enterprise_linux_desktop 6
- Red_hat enterprise_linux_hpc_node 6
- Red_hat enterprise_linux_desktop 5 Client
- Red_hat enterprise_linux_workstation 6
- Mit kerberos_5 1.7.1
- Mit kerberos_5 1.3.0 -Alpha1
- Mit kerberos_5 1.2.2
- Mit kerberos_5 1.2.0
- Freebsd freebsd 7.3-RELEASE
- Freebsd freebsd 8.0-RC1
- Freebsd freebsd 8.0
- Freebsd freebsd 7.4-STABLE
- Freebsd freebsd 7.4-RELEASE-p2
- Freebsd freebsd 8.2-STABLE
- Mit kerberos_5 1.0.8
- Freebsd freebsd 8.2-RELEASE-p2
- Freebsd freebsd 7.3-RELEASE-p6
- Mit kerberos_5 1.6.3
- Freebsd freebsd 7.1-RELEASE-P6
- Freebsd freebsd 7.2-RELEASE-P1
- Freebsd freebsd 7.2-STABLE
- Freebsd freebsd 8.2-RELEASE-p1
- Suse suse_core_9_for_x86
- Mit kerberos_5 1.3.4
- Mit kerberos_5 1.5.1
- Mit kerberos_5 1.2.5
- Mit kerberos_5 1.2.4
- Mit kerberos_5 1.2.3
- Mit kerberos_5 1.0.6
- Freebsd freebsd 7.1 -RELEASE-P2
- Mandriva linux_mandrake 2011
- Suse suse_linux_enterprise_desktop 10 SP4
- Suse suse_linux_enterprise_sdk 10 SP4
- Suse suse_linux_enterprise_server 10 SP4
- Red_hat enterprise_linux_server 6
- Freebsd freebsd 9.0-RC3
- Freebsd freebsd 9.0-STABLE
- Freebsd freebsd 9.0-RELEASE
- Mit kerberos_5 1.6.4
- Oracle enterprise_linux 5
- Oracle enterprise_linux 6
- Suse core 9
- Mit kerberos_5 1.6.0
- Freebsd freebsd 7.0-RELEASE
- Freebsd freebsd 7.0-STABLE
- Mit kerberos_5 1.6.1
- Mit kerberos_5 1.4.0
- Red_hat fedora 16
- Suse suse_linux_enterprise_server_for_vmware 11 SP1
- Freebsd freebsd 7.0 BETA4
- Oracle enterprise_linux 4
- Red_hat enterprise_linux_server 6.0.z
- Freebsd freebsd 8.0-RELEASE
- Freebsd freebsd 7.2-RELEASE-P4
- Freebsd freebsd 7.0
- Freebsd freebsd 7.1
- Freebsd freebsd 7.0-RELEASE-P3
- Freebsd freebsd 7.1 Rc1
- Freebsd freebsd 8.0-STABLE
- Mit kerberos_5 1.5.0
- Mit kerberos_5 1.2.2 -Beta1
- Mit kerberos_5 1.2.6
- Suse suse_linux_enterprise_server 11 SP1
- Suse suse_linux_enterprise_sdk 11 SP1
- Mit kerberos_5 1.0.0
- Mit kerberos_5 1.1.0
- Freebsd freebsd 8.1-RELEASE-p4
- Freebsd freebsd 8.1-RELEASE
- Freebsd freebsd 8.1-PRERELEASE
- Freebsd freebsd 7.3-RELEASE-P1
- Freebsd freebsd 7.3-STABLE
- Freebsd freebsd 7.0-RELEASE-P12
- Freebsd freebsd 7.1-RELEASE-P5
- Freebsd freebsd 7.2-RC2
- Red_hat enterprise_linux_as 4
- Red_hat fedora 15
- Freebsd freebsd 7.0 -PRERELEASE
- Freebsd freebsd 7.0 -RELENG
- Suse opensuse 11.4
- Mit kerberos_5 1.3.6
- Freebsd freebsd 7.0-RELEASE-P8
- Freebsd freebsd 7.1-STABLE
- Mit kerberos_5 1.5.5
- Freebsd freebsd 7.1 -PRE-RELEASE
- Mandriva enterprise_server 5
- Mit kerberos_5 1.3.0
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Red_hat enterprise_linux 5 Server
- Debian linux 6.0 ia-32
- Debian linux 6.0 amd64
- Debian linux 6.0 arm
- Debian linux 6.0 powerpc
- Debian linux 6.0 sparc
- Debian linux 6.0 ia-64
- Debian linux 6.0 mips
- Cisco ironport_email_security_appliance_x-series
- Debian linux 6.0 s/390
- Freebsd freebsd 7.3 - RELEASE - p7
- Freebsd freebsd 8.2-STABLE
- Freebsd freebsd 8.2 - RELEASE -p3
- Freebsd freebsd 8.1-RELEASE-p5
- Freebsd freebsd 9.0-RC1
- Suse suse_linux_enterprise_desktop 11 SP1
- Gentoo linux
- Mit kerberos_5 1.7
- Freebsd freebsd 8.1
- Red_hat enterprise_linux_desktop 4.0
- Suse suse_linux_enterprise_server 10 SP3 LTSS
- Mit kerberos_5 1.1.1
- Suse suse_linux_enterprise_server 10 SP2
- Mit kerberos_5 1.6.2
- Mit kerberos_5 1.5.4
- Mit kerberos_5 1.5.2
- Mit kerberos_5 1.5.3
- Mit kerberos_5 1.3.5
- Mit kerberos_5 1.2.8
- Red_hat enterprise_linux_es 4
- Mit kerberos_5 1.3.2
- Cisco ironport_email_security_appliance_c-series 7.0.1
- Cisco ironport_email_security_appliance_x-series 7.0.1
- Cisco ironport_email_security_appliance_c-series
- Mandriva linux_mandrake 2010.1 X86 64
- Mandriva linux_mandrake 2010.1
- Freebsd freebsd 7.0 -RELEASE-P9
- Freebsd freebsd 7.4 -RELEASE-p3
- Cisco ironport_security_management_appliance
- Mandriva linux_mandrake 2011 x86_64
- Oracle enterprise_linux 6.2
- Freebsd freebsd 8-RELENG
- Freebsd freebsd 8.1-STABLE
- Freebsd freebsd 8.0 -RELEASE-p5
- Freebsd freebsd 8.1-RELEASE-p1
- Freebsd freebsd 8.1-RELENG
- Freebsd freebsd 7.3-RELENG
- Freebsd freebsd 7.1 -RELEASE-P1
- Freebsd freebsd 7.3-RELEASE-p3
- Freebsd freebsd 7.1 -RELEASE-p14
- Mit kerberos_5 1.7.2
- Mit kerberos_5 1.4.1
- Mit kerberos_5 1.4.2
- Mit kerberos_5 1.4.3
- Mit kerberos_5 1.2.1
- Freebsd freebsd 7.1-RELENG
- Mit kerberos_5 1.2.7
- Suse opensuse 11.3
- Mandriva enterprise_server 5 X86 64
- Mit kerberos_5 1.3.1
- Red_hat enterprise_linux_ws 4
- Freebsd freebsd 7.2
- Freebsd freebsd 7.3
- Freebsd freebsd 7.4
- Mit kerberos_5 1.3.3
- Freebsd freebsd 8.2
- Vmware esx 4.0
- Freebsd freebsd 7.2-PRERELEASE
- Freebsd freebsd 7.1-RELEASE-P4
- Freebsd freebsd 7.0-RELEASE-P11
Severity: MEDIUM
Description:
This signature detects attempts to exploit a known buffer overflow vulnerability in MailEnable application. It is due to insufficient bound checking on a user-supplied buffer length value in a APPEND command. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the MailEnable application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Mailenable mailenable_professional 2.35
- Mailenable mailenable_professional 2.33
- Mailenable mailenable_professional 2.37
- Mailenable mailenable_professional 2.32
HTTP:DIR:FILEMGR-DIRTRV - HTTP: Responsive FileManager Zip Directory Traversal
Severity: HIGH
Description:
A zip directory traversal vulnerability has been reported in Responsive FileManager. Successful exploitation could result in the creation or overwriting of files writable by the user running FileManager, leading to the possibility of arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Tecrail responsive_filemanager 9.8.1
- Tecrail responsive_filemanager 9.12.1
- Tecrail responsive_filemanager 9.12.0
- Tecrail responsive_filemanager 9.7.3
- Tecrail responsive_filemanager 9.9.0
- Tecrail responsive_filemanager 9.8
- Tecrail responsive_filemanager 9.9.1
- Tecrail responsive_filemanager 9.7.2
- Tecrail responsive_filemanager 9.9.2
- Tecrail responsive_filemanager 9.10.2
- Tecrail responsive_filemanager 9.9.3
- Tecrail responsive_filemanager 9.10.1
- Tecrail responsive_filemanager .9.14.0
- Tecrail responsive_filemanager 9.10.0
- Tecrail responsive_filemanager .9.10.1
- Tecrail responsive_filemanager 9.9.5
- Tecrail responsive_filemanager 9.13.0
- Tecrail responsive_filemanager 9.9.6
- Tecrail responsive_filemanager 9.6.0
- Tecrail responsive_filemanager 9.12.2
- Tecrail responsive_filemanager 9.13.1
- Tecrail responsive_filemanager 9.9.4
- Tecrail responsive_filemanager 9.9.7
- Tecrail responsive_filemanager 9.13.3
- Tecrail responsive_filemanager 9.11.3
- Tecrail responsive_filemanager 9.11.0
APP:CITRIX:PROVISIONINGSERV-UF - APP: Citrix Provisioning Services streamprocess.exe Integer Underflow
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known flaw in Citrix Provisioning Service. A remote, unauthenticated attacker could exploit this vulnerability by sending a malicious request to the target service. A successful attack may allow execution of arbitrary code on the target machine within the security context of the service, which is SYSTEM. If the attack is not successful, the vulnerable service may terminate abnormally, causing a denial-of-service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Citrix provisioning_services 5.6
- Citrix provisioning_services 5.6 SP1
DB:MYSQL:GRANT-FILE-BO - DB: Oracle MySQL Grant File Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Oracle MySQL database server. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Supported On:
idp-5.1.110161014, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Mariadb mariadb 5.1.50
- Mariadb mariadb 5.3.0
- Mariadb mariadb 5.1.49
- Mariadb mariadb 5.1.51
- Mariadb mariadb 5.3.1
- Oracle mysql 5.5.19
- Mariadb mariadb 5.5.25
- Mariadb mariadb 5.1.61
- Mariadb mariadb 5.1.53
- Mariadb mariadb 5.5.24
- Mariadb mariadb 5.2.8
- Mariadb mariadb 5.1.60
- Mariadb mariadb 5.2.11
- Mariadb mariadb 5.5.27
- Mariadb mariadb 5.2.3
- Mariadb mariadb 5.1.55
- Mariadb mariadb 5.2.2
- Mariadb mariadb 5.1.62
- Mariadb mariadb 5.2.5
- Mariadb mariadb 5.5.21
- Mariadb mariadb 5.2.1
- Mariadb mariadb 5.2.12
- Mariadb mariadb 5.5.20
- Mariadb mariadb 5.2.0
- Mariadb mariadb 5.5.23
- Mariadb mariadb 5.2.7
- Mariadb mariadb 5.5.22
- Mariadb mariadb 5.2.6
- Mariadb mariadb 5.1.42
- Mariadb mariadb 5.3.8
- Oracle mysql 5.1.53
- Mariadb mariadb 5.1.41
- Mariadb mariadb 5.3.9
- Mariadb mariadb 5.3.6
- Mariadb mariadb 5.3.10
- Mariadb mariadb 5.1.47
- Mariadb mariadb 5.2.10
- Mariadb mariadb 5.3.7
- Mariadb mariadb 5.2.9
- Mariadb mariadb 5.1.44
- Mariadb mariadb 5.5.28
- Mariadb mariadb 5.3.5
- Mariadb mariadb 5.3.4
- Mariadb mariadb 5.2.4
- Mariadb mariadb 5.3.2
- Mariadb mariadb 5.3.3
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in the Microsoft Wordpad. A successful attack can lead to a buffer overflow and arbitrary remote code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Microsoft windows_2000 (sp2)
- Microsoft windows_nt 4.0 (sp1:workstation)
- Microsoft windows_2003_server r2
- Microsoft windows_2000 (sp2:datacenter_server)
- Microsoft windows_2000 (:professional)
- Microsoft windows_nt 4.0 (sp2:workstation)
- Microsoft windows_nt 4.0 (:workstation)
- Microsoft windows_xp (:64-bit)
- Microsoft windows_2000 (sp1:server)
- Microsoft windows_nt 4.0 (sp6a:workstation)
- Microsoft windows_2000 (:server)
- Microsoft windows_xp (sp1)
- Microsoft windows_2000 (sp4:professional)
- Microsoft windows_nt 4.0 (sp3:workstation)
- Microsoft windows_nt 4.0 (:terminal_server)
- Microsoft windows_nt 4.0 (sp1:server)
- Microsoft windows_98 (gold)
- Microsoft windows_nt 4.0 (sp6:terminal_server)
- Microsoft windows_2000 (sp4)
- Microsoft windows_2003_server r2 (:64-bit)
- Microsoft windows_xp (sp2)
- Microsoft windows_2003_server standard
- Microsoft windows_nt 4.0 (sp6a)
- Microsoft windows_nt 4.0 (sp6:workstation)
- Microsoft windows_2000 (sp3:professional)
- Microsoft windows_2000 (sp1:professional)
- Microsoft windows_2000 (sp3:datacenter_server)
- Microsoft windows_2000 (sp4:advanced_server)
- Microsoft windows_nt 4.0 (sp1:terminal_server)
- Microsoft windows_2000 (sp3:advanced_server)
- Microsoft windows_nt 4.0 (sp6)
- Microsoft windows_nt 4.0 (sp5:server)
- Microsoft windows_2000 (sp2:server)
- Microsoft windows_nt 4.0 (sp4)
- Microsoft windows_nt 4.0 (sp5)
- Microsoft windows_nt 4.0 (sp4:enterprise_server)
- Microsoft windows_nt 4.0 (sp2)
- Microsoft windows_nt 4.0 (:enterprise_server)
- Microsoft windows_2000 (sp3)
- Microsoft windows_nt 4.0 (sp1)
- Microsoft windows_2003_server web
- Microsoft windows_nt 4.0 (sp3:server)
- Microsoft windows_nt 4.0 (sp4:terminal_server)
- Microsoft windows_2000 (:advanced_server)
- Microsoft windows_2003_server r2 (:datacenter_64-bit)
- Microsoft windows_2003_server enterprise_64-bit
- Microsoft windows_xp (gold)
- Microsoft windows_nt 4.0 (sp6a:server)
- Microsoft windows_2003_server standard (:64-bit)
- Microsoft windows_nt 4.0 (sp2:enterprise_server)
- Microsoft windows_2000 (:datacenter_server)
- Microsoft windows_2003_server enterprise (:64-bit)
- Microsoft windows_xp (sp1:home)
- Microsoft windows_xp (sp2:home)
- Microsoft windows_nt 4.0 (sp4:workstation)
- Microsoft windows_nt 4.0 (sp2:terminal_server)
- Microsoft windows_2000 (sp4:server)
- Microsoft windows_2000 (sp3:server)
- Microsoft windows_nt 4.0 (sp6:enterprise_server)
- Microsoft windows_nt 4.0 (sp2:server)
- Microsoft windows_xp (:home)
- Microsoft windows_nt 4.0 (sp3)
- Microsoft windows_nt 4.0 (sp6:server)
- Microsoft windows_2000 (sp1)
- Microsoft windows_nt 4.0 (sp3:terminal_server)
- Microsoft windows_2000 (sp1:advanced_server)
- Microsoft windows_xp (gold:professional)
- Microsoft windows_2000 (sp4:datacenter_server)
- Microsoft windows_xp (sp1:64-bit)
- Microsoft windows_nt 4.0 (sp5:enterprise_server)
- Microsoft windows_nt 4.0 (sp6a:enterprise_server)
- Microsoft windows_nt 4.0 (sp3:enterprise_server)
- Microsoft windows_nt 4.0
- Microsoft windows_me
- Microsoft windows_nt 4.0 (:server)
- Microsoft windows_2000 (sp2:professional)
- Microsoft windows_nt 4.0 (sp4:server)
- Microsoft windows_nt 4.0 (sp5:terminal_server)
- Microsoft windows_nt 4.0 (sp1:enterprise_server)
- Microsoft windows_nt 4.0 (sp5:workstation)
- Microsoft windows_98se
- Microsoft windows_2000 (sp1:datacenter_server)
- Microsoft windows_2000 (sp2:advanced_server)
- Microsoft windows_2003_server enterprise
APP:ORACLE:GOLDENGATE-BOF - APP: Oracle GoldenGate Manager Command Stack Buffer Overflow
Severity: HIGH
Description:
A stack-based buffer overflow exists in Oracle GoldenGate Manager. The vulnerability is due an input validation error when processing overly long command name. Successful exploitation could lead to arbitrary code execution
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Oracle goldengate 12.2.0.2.0
- Oracle goldengate 12.3.0.1.0
- Oracle goldengate 12.1.2.1.0
HTTP:STC:DL:GDI-WMF-ID - HTTP: Microsoft Graphics Component CVE-2018-8472 Information Disclosure
Severity: MEDIUM
Description:
An information disclosure vulnerability exists in the GDI components of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing a user to open a specially crafted document, or webpage. Successful exploitation could result in the disclosure of information that can be used to circumvent Address Space Layout Randomization (ASLR) in Windows.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_8.1 *
- Microsoft windows_10 1607
- Microsoft windows_rt_8.1 -
- Microsoft windows_10 1803
- Microsoft windows_10 1809
- Microsoft windows_server_2019 -
- Microsoft windows_server_2016 1709
- Microsoft windows_server_2016 1803
- Microsoft windows_server_2008 r2
- Microsoft windows_server_2012 -
- Microsoft windows_10 1709
- Microsoft windows_7 -
- Microsoft windows_10 -
- Microsoft windows_10 1703
- Microsoft windows_server_2016 -
- Microsoft windows_server_2008 -
- Microsoft windows_server_2012 r2
HTTP:PHP:CVE-2016-10159-IOV - HTTP: PHP phar_parse_pharfile Function filename_len Property Integer Overflow
Severity: HIGH
Description:
An integer overflow vulnerability, which leads to a buffer over read, has been reported in PHP. Successful exploitation could lead to denial of service of the affected system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Php php 7.0.1
- Php php 7.0.12
- Php php 7.0.0
- Php php 7.0.11
- Php php 7.0.5
- Php php 5.6.29
- Php php 7.0.7
- Php php 7.0.3
- Php php 7.0.4
- Php php 7.0.10
- Php php 7.0.2
- Php php 7.0.9
- Php php 7.0.14
- Php php 7.0.8
- Php php 7.0.13
- Php php 7.0.6
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Oracle Database Server product. It is due to insufficient validation of the arguments supplied to DBMS_XMLSCHEMA packages. in a successful attack, a remote attacker with valid user credentials can exploit this to execute arbitrary code with database server process privileges.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Oracle oracle9i_standard_edition 9.2.0 .6
- Oracle oracle9i_enterprise_edition 9.0.1 .4
- Oracle oracle8i_standard_edition 8.0.6
- Oracle collaboration_suite_release_2 9.0.4 .2
- Oracle e-business_suite_11i 11.5.9
- Oracle oracle10g_application_server 9.0.4 .1
- Oracle oracle10g_application_server 10.1.2
- Oracle oracle8 8.0.6 .3
- Oracle application_server_10g 9.0.4
- Oracle oracle10g_enterprise_edition 10.1.0 .0.3
- Oracle application_server_10g 9.0.4 .1
- Oracle application_server_10g 10.1.2
- Oracle workflow 11.5.1
- Oracle workflow 11.5.9 .5
- Oracle oracle10g_application_server 10.1.2 .0.1
- Oracle developer_suite 9.0.4 .1
- Oracle oracle10g_application_server 10.1.2 .1.0
- Oracle developer_suite 10.1.2
- Oracle collaboration_suite_release_1 10.1.2
- Oracle jd_edwards_enterpriseone 8.95.0 F1
- Oracle jd_edwards_enterpriseone SP23_L1
- Oracle oracle10g_standard_edition 10.1.0 .0.5
- Oracle oracle10g_standard_edition 10.2.0.1
- Oracle oracle9i_standard_edition 9.2.0 .7
- Peoplesoft enterprise_portal 8.4.0
- Peoplesoft enterprise_portal 8.8.0
- Peoplesoft enterprise_portal 8.9.0
- Oracle enterprise_manager_grid_control_10g 10.1.0 .4
- Oracle application_server_10g 9.0.4 .2
- Oracle e-business_suite_11i 11.5.1
- Oracle e-business_suite_11i 11.5.2
- Oracle e-business_suite_11i 11.5.3
- Oracle e-business_suite_11i 11.5.4
- Oracle oracle8 8.1.7 .4
- Oracle e-business_suite_11i 11.5.6
- Oracle e-business_suite_11i 11.5.7
- Oracle e-business_suite_11i 11.5.8
- Oracle developer_suite 9.0.2 .1
- Oracle developer_suite 9.0.4 .2
- Oracle oracle10g_standard_edition 10.1.0 .4.2
- Oracle oracle8 8.0.6
- Oracle oracle9i_enterprise_edition 9.0.1 .5 FIPS
- Oracle oracle8i_enterprise_edition 8.1.7.4.0
- Hp oracle_for_openview 9.1.01
- Oracle oracle10g_enterprise_edition 10.1.0 .0.4
- Oracle oracle10g_standard_edition 10.1.0 .0.4
- Oracle oracle10g_personal_edition 10.1.0 .0.4
- Oracle e-business_suite_11i 11.5.10
- Oracle enterprise_manager_grid_control_10g 10.1.0 .3
- Oracle application_server_release_2 10.1.2 .0.1
- Oracle oracle8i_standard_edition 8.0.6 .3
- Oracle application_server_release_2 10.1.2 .0.2
- Oracle application_server_release_2 10.1.2 .0.0
- Oracle collaboration_suite_release_1 10.1.1
- Oracle e-business_suite_11i 11.5.5
- Oracle oracle9i_application_server 1.0.2 .2
- Oracle oracle9i_enterprise_edition 9.0.1 .5
- Oracle oracle8i_standard_edition 8.1.7 .4
- Hp oracle_for_openview 8.1.7
- Oracle oracle10g_personal_edition 10.1.0 .0.3
- Oracle collaboration_suite_release_1
- Oracle oracle10g_standard_edition 10.1.0 .0.3
- Hp oracle_for_openview 9.2
- Oracle oracle10g_application_server 10.1.2 .0.2
- Oracle oracle_9i_application_server_release_1 1.0.2 .2
- Oracle oracle10g_application_server 9.0.4 .2
HTTP:STC:DL:VISIO-OBJ-CONFUSION - HTTP: Microsoft Visio Object Type Confusion Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Visio. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
- Microsoft visio_viewer_2010_(32-bit_edition) SP1
- Microsoft visio_viewer_2010_(64-bit_edition)
- Microsoft visio_viewer_2010_(64-bit_edition) SP1
- Microsoft visio_viewer_2010_(32-bit_edition)
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against the MDaemon mail server. MDaemon 6.7.9 and older versions are vulnerable. Attackers can send an overly long SMTP, SAML, SOML, or SEND command to overflow the buffer and crash the MDaemon service; attackers can also obtain complete server control with SYSTEM level access.
Supported On:
DI-Base, DI-Server, idp-4.0.0, idp-4.0.110090709, idp-5.1.110161014, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-4.0.110090831, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
APP:ORACLE:CVE-2017-10278-OF - APP: Oracle Tuxedo Jolt Protocol CVE-2017-10278 Heap Buffer Overflow
Severity: HIGH
Description:
A heap buffer vulnerability exists in Oracle's Tuxedo and PeopleSoft products. Successful exploitation will result in arbitrary code execution with the privileges of the server process.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Oracle tuxedo 12.1.3
- Oracle tuxedo 11.1.1
- Oracle tuxedo 12.2.2
- Oracle tuxedo 12.1.1
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability in EMC's Legato NetWorker. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server (typically "root").
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Emc legato_networker 7.2.0
- Emc legato_networker 7.2.1
- Emc legato_networker 7.0.0
- Emc legato_networker 7.3.2
- Emc legato_networker 7.1.3
APP:ORACLE:OUTSIDE-JPEG2-CODCOC - APP: Oracle Outside In JPEG 2000 COD and COC Parameter Heap Buffer Overflow
Severity: HIGH
Description:
A heap buffer overflow vulnerability exists in Oracle Outside In, a set of libraries used to decode many file formats. The vulnerability is exposed when the product is used to handle JPEG 2000 files. Oracle Outside In is embedded in many enterprise applications. This vulnerability can be exploited by causing an application that uses the vulnerable library to handle a malformed JPEG 2000 file. Depending on the application, user interaction may be required. Successful exploitation can result in arbitrary code execution in the context of the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Mandriva linux_mandrake 2011 x86_64
- Oracle enterprise_linux 4
- Red_hat fedora 16
- Ubuntu ubuntu_linux 11.04 amd64
- Ubuntu ubuntu_linux 11.10 amd64
- Ubuntu ubuntu_linux 11.10 i386
- Ubuntu ubuntu_linux 11.04 powerpc
- Ubuntu ubuntu_linux 10.04 Amd64
- Red_hat enterprise_linux_desktop 6
- Red_hat enterprise_linux_desktop_optional 6
- Red_hat enterprise_linux_hpc_node 6
- Jasper jasper 1.900
- Red_hat enterprise_linux_server 6
- Red_hat enterprise_linux_server_optional 6
- Red_hat enterprise_linux_workstation 6
- Red_hat enterprise_linux_workstation_optional 6
- Oracle enterprise_linux 6
- Ubuntu ubuntu_linux 10.10 i386
- Avaya aura_experience_portal 6.0
- Debian linux 6.0 powerpc
- Ubuntu ubuntu_linux 10.04 ARM
- Ubuntu ubuntu_linux 8.04 LTS Sparc
- Red_hat enterprise_linux_as 4
- Ubuntu ubuntu_linux 11.04 ARM
- Red_hat enterprise_linux_ws 4
- Red_hat enterprise_linux Desktop Version 4
- Oracle outside_in 8.3.5.0
- Mandriva linux_mandrake 2010.1 X86 64
- Mandriva linux_mandrake 2010.1
- Debian linux 6.0 amd64
- Ubuntu ubuntu_linux 8.04 LTS Amd64
- Ubuntu ubuntu_linux 8.04 LTS I386
- Ubuntu ubuntu_linux 8.04 LTS Lpia
- Red_hat enterprise_linux_desktop_workstation 5 Client
- Red_hat enterprise_linux 5 Server
- Oracle enterprise_linux 6.2
- Symantec enterprise_vault 9.0.2
- Mandriva enterprise_server 5
- Suse suse_linux_enterprise_server_for_vmware 11 SP1
- Ubuntu ubuntu_linux 10.10 amd64
- Ubuntu ubuntu_linux 10.10 powerpc
- Debian linux 6.0 arm
- Red_hat fedora 15
- Debian linux 6.0 sparc
- Debian linux 6.0 ia-64
- Debian linux 6.0 mips
- Debian linux 6.0 s/390
- Oracle outside_in 8.3.5.0
- Suse suse_linux_enterprise_desktop 11 SP1
- Ubuntu ubuntu_linux 8.04 LTS Powerpc
- Jasper jasper 1.900.1
- Gentoo linux
- Suse opensuse 11.3
- Ubuntu ubuntu_linux 11.04 i386
- Mandriva enterprise_server 5 X86 64
- Symantec enterprise_vault 10.0
- Symantec enterprise_vault 9.0
- Ubuntu ubuntu_linux 10.04 Sparc
- Symantec enterprise_vault 9.0.1
- Red_hat enterprise_linux_es 4
- Red_hat enterprise_linux_desktop 5 Client
- Jasper jasper 1.701
- Mandriva linux_mandrake 2011
- Ubuntu ubuntu_linux 10.10 ARM
- Oracle outside_in 8.3.7
- Suse suse_linux_enterprise_server 11 SP1
- Ubuntu ubuntu_linux 10.04 I386
- Suse suse_linux_enterprise_sdk 11 SP1
- Oracle enterprise_linux 5
- Debian linux 6.0 ia-32
- Red_hat enterprise_linux_hpc_node_optional 6
- Suse opensuse 11.4
- Ubuntu ubuntu_linux 10.04 Powerpc
APP:MISC:AVAYA-WINPDM - APP: Avaya Windows Portable Device Manager Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Avaya WinPDM. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Avaya_inc. avayawinpdm 3.8.2
APP:HPOV:NNM-GETNNMDATA-OF - APP: HP OpenView Network Node Manager getnnmdata.exe Parameter Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the HP OpenView Network Node Manager. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Hp openview_network_node_manager 7.01
- Hp openview_network_node_manager 7.51
- Hp openview_network_node_manager 7.53
HTTP:STC:ADOBE:CVE-2017-16416CE - HTTP: Adobe Acrobat Reader CVE-2017-16416 Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Adobe Acrobat Reader. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Adobe acrobat 17.000.0000
- Adobe acrobat 17.011.30056
- Adobe acrobat_dc 15.000.0000
- Adobe acrobat_reader_dc 17.000.0000
- Adobe acrobat_dc 17.012.20096
- Adobe acrobat_dc 15.006.30033
- Adobe acrobat_reader_dc 15.006.30033
- Adobe acrobat_reader 17.000.0000
- Adobe acrobat_reader_dc 15.000.0000
- Adobe acrobat 17.008.30051
- Adobe acrobat_dc 17.000.0000
- Adobe acrobat_reader 17.011.30059
- Adobe acrobat_reader_dc 15.006.30119
- Adobe acrobat_dc 17.012.20093
- Adobe acrobat_reader_dc 15.006.30280
- Adobe acrobat_dc 15.006.30354
- Adobe acrobat_dc 15.016.20045
- Adobe acrobat_reader_dc 15.006.30306
- Adobe acrobat_reader_dc 15.006.30352
- Adobe acrobat 11.0.22
- Adobe acrobat_dc 15.009.20077
- Adobe acrobat_reader_dc 15.009.20071
- Adobe acrobat_dc 15.006.30306
- Adobe acrobat_dc 15.006.30119
- Adobe acrobat_reader_dc 15.006.30060
- Adobe acrobat_dc 15.006.30352
- Adobe acrobat_reader_dc 15.006.30354
- Adobe acrobat_reader_dc 15.020.20039
- Adobe acrobat_reader_dc 15.006.30094
- Adobe acrobat_dc 15.009.20071
- Adobe acrobat_reader_dc 17.012.20095
- Adobe acrobat_reader_dc 15.009.20077
- Adobe acrobat_reader_dc 15.006.30096
- Adobe acrobat_reader_dc 15.023.20053
- Adobe acrobat_dc 15.006.30060
- Adobe acrobat_dc 15.020.20039
- Adobe acrobat_reader_dc 15.009.20079
- Adobe acrobat_dc 15.023.20056
- Adobe acrobat_dc 15.006.30096
- Adobe acrobat_dc 15.006.30094
- Adobe acrobat_dc 15.023.20053
- Adobe acrobat_dc 15.009.20079
- Adobe acrobat_dc 15.006.30244
- Adobe acrobat_dc 15.010.20056
- Adobe acrobat_reader_dc 15.006.30201
- Adobe acrobat_reader_dc 15.006.30244
- Adobe acrobat_reader_dc 15.010.20056
- Adobe acrobat_reader_dc 17.012.20098
- Adobe acrobat_reader 17.011.30065
- Adobe acrobat_reader_dc 15.017.20053
- Adobe acrobat_reader_dc 15.006.30279
- Adobe acrobat_dc 15.006.30172
- Adobe acrobat_reader_dc 15.006.30174
- Adobe acrobat_dc 17.012.20098
- Adobe acrobat 17.011.30066
- Adobe acrobat_dc 15.006.30174
- Adobe acrobat_dc 15.023.20070
- Adobe acrobat_reader 11.0.22
- Adobe acrobat_reader_dc 15.006.30172
- Adobe acrobat_reader_dc 15.023.20070
- Adobe acrobat_reader_dc 15.010.20060
- Adobe acrobat_dc 15.006.30279
- Adobe acrobat_dc 17.009.20044
- Adobe acrobat_dc 15.017.20053
- Adobe acrobat_dc 15.010.20060
- Adobe acrobat_dc 15.006.30355
- Adobe acrobat_reader_dc 17.009.20044
- Adobe acrobat 17.011.30059
- Adobe acrobat_reader_dc 15.008.20082
- Adobe acrobat_reader_dc 15.017.20050
- Adobe acrobat_reader_dc 15.006.30355
- Adobe acrobat_dc 15.008.20082
- Adobe acrobat_reader_dc 15.006.30121
- Adobe acrobat_reader_dc 15.006.30097
- Adobe acrobat_reader_dc 15.016.20039
- Adobe acrobat_reader_dc 15.006.30173
- Adobe acrobat_dc 15.006.30097
- Adobe acrobat_dc 15.006.30201
- Adobe acrobat_reader_dc 15.023.20056
- Adobe acrobat_reader_dc 15.020.20042
- Adobe acrobat_dc 15.006.30121
- Adobe acrobat_reader_dc 17.009.20058
- Adobe acrobat_dc 15.016.20039
- Adobe acrobat_reader_dc 15.006.30243
- Adobe acrobat_dc 15.006.30243
- Adobe acrobat_reader_dc 15.009.20069
- Adobe acrobat_dc 15.020.20042
- Adobe acrobat_reader_dc 15.006.30198
- Adobe acrobat_reader 17.011.30066
- Adobe acrobat_dc 17.009.20058
- Adobe acrobat_dc 15.009.20069
- Adobe acrobat_reader_dc 15.010.20059
- Adobe acrobat_dc 17.012.20095
- Adobe acrobat_dc 15.006.30198
- Adobe acrobat_dc 15.006.30173
- Adobe acrobat_reader_dc 15.016.20045
- Adobe acrobat_dc 15.010.20059
- Adobe acrobat_dc 15.017.20050
- Adobe acrobat 17.011.30065
- Adobe acrobat_dc 15.016.20041
- Adobe acrobat_dc 15.006.30280
- Adobe acrobat_reader_dc 15.016.20041
- Adobe acrobat_reader_dc 17.012.20093
HTTP:MISC:DISKPULSE-SERVER-BO - HTTP: Disk Pulse Enterprise Server HttpParser Buffer Overflow
Severity: HIGH
Description:
This signature attempts to detect buffer overflow vulnerability in the web server component of Disk Pulse Enterprise Server. Successful exploitation allows the attacker to execute arbitrary code in the security context of system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
HTTP:EK-MULTIPLE-FLASH - HTTP: Multiple Exploit Kit Flash File Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
APP:MISC:BIGANT-DDNF-BO - APP: BigAnt Server DDNF Request Stack Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the BigAnt Server. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
HTTP:STC:DL:EMF-IMG-FILE-RCE - HTTP: Microsoft Windows Graphic Component EMF Image File Processing Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Windows. A successful exploit can lead to remote code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_7 *
- Microsoft windows_vista *
- Microsoft windows_server_2008 *
- Microsoft windows_server_2003 *
- Microsoft windows_server_2008 r2
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against several McAfee system security management products. It is due to improper boundary checks when parsing HTTP request header fields. A successful unauthenticated remote attacker can execute arbitrary code with System level privileges.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Mcafee epolicy_orchestrator 1.0.0
- Mcafee epolicy_orchestrator 3.5
- Mcafee epolicy_orchestrator 2.0.0
- Mcafee epolicy_orchestrator 2.5.0
- Mcafee epolicy_orchestrator 3.5 patch 5
- Mcafee epolicy_orchestrator 1.1.0
- Mcafee protectionpilot 1.1.1
- Mcafee protectionpilot 1.1.0
- Mcafee epolicy_orchestrator 2.5.0 SP1
- Mcafee epolicy_orchestrator 2.5.1
- Mcafee epolicy_orchestrator 3.0.0
- Mcafee epolicy_orchestrator 3.0.0 SP2a
- Mcafee protectionpilot 1.1.1 patch 2
Severity: HIGH
Description:
This signature detects metafiles that contain invalid size information being sent over HTTP. Attackers can use Windows Metafiles and Enhanced Metafiles to exploit vulnerabilities in the Windows Graphical Device Interface. Metafiles can appear as an attachment or link within an e-mail message; the target user must activate the metafile for the exploit to occur. If the exploit is successful, attackers can deposit instructions or arbitrary code on a target system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_xp_professional
- Microsoft windows_xp_home
- Microsoft windows_2000_datacenter_server
- Microsoft windows_2000_professional SP3
- Microsoft windows_2000_server SP3
- Microsoft windows_2000_advanced_server SP3
- Microsoft windows_xp_64-bit_edition
- Microsoft windows_2000_datacenter_server SP3
- Microsoft windows_xp_64-bit_edition SP1
- Avaya definityone_media_servers R10
- Microsoft windows_2000_datacenter_server SP1
- Avaya ip600_media_servers R12
- Avaya ip600_media_servers R10
- Avaya s8100_media_servers R10
- Avaya s8100_media_servers R12
- Avaya s8100_media_servers R11
- Avaya definityone_media_servers R11
- Avaya ip600_media_servers R11
- Avaya ip600_media_servers R9
- Avaya ip600_media_servers R8
- Avaya ip600_media_servers R7
- Avaya ip600_media_servers R6
- Avaya definityone_media_servers R6
- Microsoft windows_2000_professional
- Avaya definityone_media_servers R8
- Avaya definityone_media_servers R9
- Avaya definityone_media_servers R7
- Avaya s8100_media_servers R8
- Microsoft windows_2000_advanced_server
- Microsoft windows_2000_advanced_server SP1
- Microsoft windows_2000_advanced_server SP4
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_server SP4
- Microsoft windows_xp_64-bit_edition_version_2003
- Microsoft windows_xp_media_center_edition
- Microsoft windows_2000_server
- Microsoft windows_xp_home SP1
- Microsoft windows_2000_professional SP1
- Avaya s8100_media_servers R7
- Avaya s8100_media_servers R6
- Microsoft windows_server_2003_standard_x64_edition
- Microsoft windows_server_2003_enterprise_x64_edition
- Microsoft windows_xp_professional SP1
- Microsoft windows_2000_server SP1
- Microsoft windows_server_2003_datacenter_x64_edition
- Avaya definityone_media_servers R12
- Microsoft windows_2000_server SP2
- Avaya modular_messaging_(mss) 1.1.0
- Microsoft windows_2000_advanced_server SP2
- Microsoft windows_2000_datacenter_server SP2
- Microsoft windows_2000_professional SP2
- Avaya modular_messaging_(mss) 2.0.0
- Avaya s3400_message_application_server
- Avaya s8100_media_servers R9
- Avaya s8100_media_servers
- Avaya definityone_media_servers
- Avaya ip600_media_servers
- Microsoft windows_xp_64-bit_edition_version_2003 SP1
- Microsoft windows_xp_media_center_edition SP1
HTTP:FLEXENSE-VX-SEARCH-BO - HTTP: Flexense VX Search Enterprise add_command Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the web server component of VX Search Enterprise. Successful exploitation allows the attacker to execute arbitrary code under the security context of SYSTEM.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
APP:NOVELL:GROUPWISE-ADDRESS - APP: Novell GroupWise Addressbook Heap Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Novell Groupware Client. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Novell groupwise_8.0
- Novell groupwise_8.02hp3
APP:TMIC:OFFICESCAN-PW-OF - APP: Trend Micro OfficeScan Password Data Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Trend Micro OfficeScan. A successful attack can allow the attacker to execute arbitrary code with the privileges of the user running the application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Trend_micro officescan_corporate_edition 8.0
- Trend_micro officescan_corporate_edition 5.5.0
- Trend_micro officescan_corporate_edition 3.5.0
- Trend_micro officescan_corporate_edition 6.5.0
- Trend_micro officescan_corporate_edition 8.0 Patch 2 Build 1189
- Trend_micro officescan_corporate_edition 7.3 Build 1314
- Trend_micro officescan_corporate_edition 6.0
- Trend_micro officescan_corporate_edition 3.54.0
- Trend_micro officescan_corporate_edition 8.0.patch build 1042
- Trend_micro officescan_corporate_edition 7.0
- Trend_micro officescan_corporate_edition 6.5
- Trend_micro officescan_corporate_edition 3.0.0
- Trend_micro officescan_corporate_edition 3.11.0
- Trend_micro officescan_corporate_edition 3.13.0
- Trend_micro officescan_corporate_edition 7.3
- Trend_micro officescan_corporate_edition 7.0.0
- Trend_micro officescan_corporate_edition 5.0.0 2
- Trend_micro officescan_corporate_edition 5.58.0
HTTP:EK-FLASH-DWNLD - Multiple exploit kit flash file download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
HTTP:EK-REDKIT-LP2 - HTTP: Redkit Exploit Kit Landing Page 2
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:EK-COTTONCASTLE-FLASH-OC - HTTP: CottonCastle Exploit Kit Flash Outbound Connection
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:EK-COTTONCASTLE-JAVA-OC - HTTP: CottonCastle Exploit Kit Java Outbound Connection
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:STC:DL:MS-GDI-EMF - HTTP: Microsoft GDI+ EMF+ Integer Wrap Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft GDI+. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_xp_professional
- Microsoft windows_xp_home
- Microsoft windows_xp Gold Professional
- Microsoft windows_vista_business_64-bit_edition SP2
- Microsoft windows_xp_embedded
- Microsoft windows_xp_embedded SP1
- Microsoft windows_vista_home_basic_64-bit_edition SP2
- Microsoft windows_vista Home Basic SP2
- Microsoft windows_vista_home_premium_64-bit_edition SP2
- Microsoft windows_vista Home Premium SP2
- Microsoft windows_vista SP2
- Microsoft windows_vista_ultimate_64-bit_edition SP2
- Microsoft windows_server_2008_standard_edition X64
- Microsoft windows_vista_x64_edition SP2
- Microsoft windows_server_2008_datacenter_edition SP2
- Microsoft windows_server_2008_enterprise_edition SP2
- Microsoft windows_server_2008_standard_edition SP2
- Microsoft windows_server_2008_for_32-bit_systems SP2
- Microsoft windows_server_2008_for_itanium-based_systems SP2
- Microsoft windows_server_2008_for_x64-based_systems SP2
- Microsoft windows_vista_home_basic_64-bit_edition SP1
- Microsoft windows_server_2008_standard_edition - Gold Standard
- Microsoft windows_server_2003_x64 SP2
- Avaya meeting_exchange 5.0.0.0.52
- Microsoft windows_vista_enterprise_64-bit_edition SP2
- Microsoft windows_server_2008_standard_edition - Gold Itanium
- Microsoft windows_server_2008_datacenter_edition
- Microsoft windows_server_2008_enterprise_edition
- Microsoft windows_server_2008_standard_edition
- Microsoft windows_vista Home Basic SP1
- Microsoft windows_vista Home Premium SP1
- Microsoft windows_vista Ultimate SP1
- Microsoft windows_vista_business_64-bit_edition SP1
- Microsoft windows_vista_enterprise_64-bit_edition SP1
- Microsoft windows_server_2008_standard_edition - Gold Web
- Microsoft windows_vista_home_premium_64-bit_edition SP1
- Microsoft windows_vista_ultimate_64-bit_edition SP1
- Microsoft windows_server_2003_x64 SP1
- Avaya aura_conferencing 6.0 Standard
- Microsoft windows_server_2003_enterprise_edition_itanium SP2
- Microsoft windows_server_2003_enterprise_edition_itanium Sp2 Itanium
- Microsoft windows_vista_home_basic_64-bit_edition Sp1 X64
- Microsoft windows_vista_home_basic_64-bit_edition Sp2 X64
- Microsoft windows_vista_x64_edition
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_server_2003_itanium
- Microsoft windows_server_2003_itanium SP1
- Microsoft windows_server_2003_itanium SP2
- Microsoft windows_server_2003_datacenter_x64_edition SP2
- Microsoft windows_server_2003_enterprise_x64_edition SP2
- Microsoft windows_server_2003_standard_edition SP2
- Microsoft windows_xp_tablet_pc_edition SP1
- Avaya meeting_exchange 5.2
- Avaya callpilot 4.0
- Avaya callpilot 5.0
- Avaya communication_server_1000_telephony_manager 3.0
- Avaya communication_server_1000_telephony_manager 4.0
- Microsoft windows_server_2008_standard_edition - Gold Datacenter
- Microsoft office_xp
- Microsoft windows_server_2008_standard_edition - Gold
- Avaya meeting_exchange 5.0 SP1
- Avaya meeting_exchange 5.0 SP2
- Avaya meeting_exchange 5.1 SP1
- Microsoft windows_server_2008_standard_edition - Sp2 Hpc
- Microsoft windows_xp_media_center_edition
- Microsoft windows_xp_tablet_pc_edition
- Microsoft windows_vista_x64_edition SP1
- Microsoft windows_xp Gold Tablet Pc
- Microsoft windows_xp_home SP1
- Microsoft windows_xp_professional SP1
- Microsoft windows_xp_tablet_pc_edition SP3
- Microsoft windows_xp_professional SP3
- Microsoft windows_xp_media_center_edition SP3
- Microsoft windows_xp_home SP3
- Microsoft windows_server_2003_datacenter_edition SP1
- Microsoft windows_server_2003_datacenter_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition_itanium SP1
- Microsoft windows_server_2003_enterprise_edition SP1
- Microsoft windows_server_2003_standard_edition SP1
- Microsoft windows_server_2003_enterprise_edition
- Microsoft windows_server_2003_datacenter_edition
- Microsoft windows_server_2003_enterprise_edition_itanium
- Microsoft windows_server_2003_datacenter_edition_itanium
- Microsoft windows_xp_service_pack_3
- Microsoft windows_xp_media_center_edition SP1
- Microsoft office_xp SP2
- Microsoft windows_server_2008_standard_edition - Gold Storage
- Microsoft windows_server_2008_standard_edition - Sp2 Web
- Microsoft windows_server_2008_for_x64-based_systems R2
- Microsoft windows_server_2008_for_itanium-based_systems R2
- Microsoft windows_xp_tablet_pc_edition SP2
- Avaya aura_conferencing 6.0 SP1 Standard
- Microsoft windows_xp_embedded SP2
- Microsoft windows_xp_embedded SP3
- Microsoft windows_xp Gold Media Center
- Microsoft office_xp SP1
- Avaya meeting_exchange-client_registration_server
- Avaya meeting_exchange-recording_server
- Avaya meeting_exchange-streaming_server
- Avaya meeting_exchange-web_conferencing_server
- Avaya meeting_exchange-webportal
- Microsoft windows_server_2003_datacenter_edition SP1 Beta 1
- Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
- Microsoft windows_server_2003_enterprise_edition_itanium SP1 Beta 1
- Microsoft windows_server_2003_enterprise_edition SP1 Beta 1
- Microsoft windows_server_2003 SP1
- Microsoft windows_server_2003 SP2
- Microsoft windows_xp_gold
- Microsoft windows_vista Ultimate SP2
- Microsoft windows_server_2008_standard_edition - Sp2 Storage
- Microsoft windows_xp_home SP2
- Microsoft windows_xp_professional SP2
- Avaya meeting_exchange 5.2 SP1
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_vista SP1
- Microsoft windows_server_2008_standard_edition - Gold Hpc
- Microsoft office_xp SP3
- Avaya meeting_exchange 5.0
- Microsoft windows_server_2008_standard_edition Itanium
- Microsoft windows_vista Ultimate
- Microsoft windows_vista Home Premium
- Microsoft windows_vista Home Basic
- Microsoft windows_vista Enterprise
- Microsoft windows_server_2003_standard_edition
- Microsoft windows_server_2008_standard_edition - Gold Enterprise
- Microsoft windows_xp
- Avaya messaging_application_server 4
- Avaya messaging_application_server 5
- Avaya meeting_exchange 5.1
- Microsoft windows_server_2003_enterprise_x64_edition
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_vista_business_64-bit_edition
- Microsoft windows_vista_enterprise_64-bit_edition
- Microsoft windows_vista_home_basic_64-bit_edition
- Microsoft windows_vista_home_premium_64-bit_edition
- Microsoft windows_vista_ultimate_64-bit_edition
- Microsoft windows_server_2008_standard_edition Release Candidate
- Avaya meeting_exchange 5.2 SP2
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_server_2008_for_itanium-based_systems
- Microsoft windows_xp Gold Embedded
- Microsoft windows_xp
HTTP:EK-COTTONCASTLE-DECRYPT-OR - HTTP: CottonCastle Exploit Kit Decryption Page Outbound Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:EK-FLASHPACK-SAFE-CRITX - HTTP: Flashpack/Safe/CritX Exploit Kit Executable Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:EK-FLASHPACK-SAFE-JAR - HTTP: Flashpack/Safe/CritX Exploit Kit Jar File Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:EK-URI-MALREQ - HTTP: Exploit Kit URI Request For Known Malicious URI
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:EK-DOTKACHEF-MAL-CAMP - HTTP: DotkaChef/Rmayana/DotCache Exploit Kit Malvertising Campaign
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the Novell iManager. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the daemon.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Novell imanager 1.5.0
- Novell imanager 2.5.0
- Novell imanager 2.0.2
- Novell imanager 2.0.0
TROJAN:FILEENCODER-CNC - TROJAN: FileEncoder Variant Outbound Connection Detected
Severity: HIGH
Description:
This signature detects the Command and Control traffic for the Fileencoder trojan. The source IP host is infected and should be removed from the network for analysis.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
HTTP:NUCLEAR-EK-BIN-DL - HTTP: Nuclear Pack Exploit Kit Binary Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against IPSwitch IMAP server. Attackers can send an overly long delete command (DELETE), to overflow the buffer and take complete control of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
References:
Affected Products:
SMB:OF:MS-BROWSER-ELECT - SMB: Microsoft Windows BROWSER ELECTION Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known flaw in Microsoft Windows Browser Protocol Handler. It is due to a boundary error in the kernel component of the Windows Browsing service that is responsible for handling the incoming datagrams. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_2003_server (r2)
- Microsoft windows_2003_server (r2:x64)
- Microsoft windows_server_2003 (sp2:itanium)
- Microsoft windows_2003_server (sp2)
- Microsoft windows_server_2003 (sp2:x64)
- Microsoft windows_server_2003 (sp2)
- Microsoft windows_server_2003 (:x64)
- Microsoft windows_2003_server (sp2:itanium)
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Supermicro IPMI. A successful attack can lead to remote code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Blue Coat proxy appliance. Blue Coat Reporter 7.1.1.1 and earlier might be vulnerable. Attackers can craft a malicious HTTP request, which might allow them to gain control of the affected system with elevated privileges.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Blue_coat_systems webproxy 6.0.0
- Blue_coat_systems proxyav Null
HTTP:CRITX-EK-JAVA-DL - HTTP: CritX Exploit Kit Java Exploit Download Attempt
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:EK-ANGLER-JAVA-REQ - HTTP: Angler Exploit Kit Outbound Oracle Java Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
HTTP:EK-HELLSPAWN-JAVA-REQ - HTTP: Hellspawn Exploit Kit Outbound Oracle Java Jar Request
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:CRITX-EK-PE-DL - HTTP: CritX Exploit Kit Portable Executable Download
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:JDB-EK-LANDPAGE - HTTP: JDB Exploit Kit Landing Page Retrieval
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
HTTP:JAVAUA-PE-DL-EK - HTTP: Java UA PE Download Exploit Kit Behavior
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
HTTP:STC:STREAM:GDI-WMF-HEADER - HTTP: Microsoft Windows GDI WMF File HeaderSize Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Windows Graphic Component. A successful exploit can lead to buffer overflow and remote code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_xp_media_center_edition SP2
- Microsoft windows_server_2003_standard_edition SP2
- Microsoft windows_vista Enterprise SP1
- Microsoft windows_server_2003_standard_edition SP1
- Microsoft windows_vista_x64_edition
- Microsoft windows_vista Ultimate SP1
- Microsoft windows_xp_professional SP3
- Microsoft windows_server_2003_web_edition SP2
- Microsoft windows_server_2003_enterprise_edition SP1
- Microsoft windows_server_2003_web_edition SP1
- Nortel_networks contact_center_ncc
- Microsoft windows_xp_tablet_pc_edition SP2
- Microsoft windows_server_2003_enterprise_x64_edition SP2
- Nortel_networks self-service_peri_workstation
- Nortel_networks self-service_wvads
- Microsoft windows_vista_home_basic_64-bit_edition SP1
- Microsoft windows_2000_advanced_server SP4
- Nortel_networks self-service_mps_100
- Microsoft windows_2000_professional SP4
- Microsoft windows_2000_server SP4
- Nortel_networks self-service_speech_server
- Nortel_networks callpilot 1005R
- Nortel_networks callpilot 600R
- Nortel_networks contact_center-tapi_server
- Nortel_networks contact_center_express
- Microsoft windows_vista_home_premium_64-bit_edition
- Nortel_networks callpilot 703T
- Nortel_networks contact_center_manager_server
- Microsoft windows_vista Home Basic
- Microsoft windows_vista Business
- Microsoft windows_vista Enterprise
- Microsoft windows_server_2003 SP1
- Microsoft windows_vista Home Premium
- Microsoft windows_vista_business_64-bit_edition
- Nortel_networks self-service_peri_application
- Hp storage_management_appliance 2.1
- Microsoft windows_vista_x64_edition SP1
- Microsoft windows_server_2003_datacenter_x64_edition SP2
- Microsoft windows_server_2008_datacenter_edition
- Nortel_networks self-service-ccss7
- Microsoft windows_server_2003_datacenter_edition_itanium SP1 Beta 1
- Microsoft windows_server_2003_enterprise_x64_edition
- Nortel_networks contact_center_manager
- Nortel_networks self-service_ccxml
- Nortel_networks self_service_voicexml
- Microsoft windows_xp_professional_x64_edition
- Microsoft windows_xp_media_center_edition SP3
- Microsoft windows_xp_home SP3
- Microsoft windows_xp_tablet_pc_edition SP3
- Microsoft windows_vista Business SP1
- Microsoft windows_vista Home Basic SP1
- Nortel_networks callpilot 201I
- Microsoft windows_vista_enterprise_64-bit_edition
- Microsoft windows_vista_home_basic_64-bit_edition
- Microsoft windows_vista_business_64-bit_edition SP1
- Microsoft windows_2000_datacenter_server SP4
- Microsoft windows_vista_ultimate_64-bit_edition
- Microsoft windows_vista_home_premium_64-bit_edition SP1
- Microsoft windows_vista_ultimate_64-bit_edition SP1
- Nortel_networks callpilot 1002Rp
- Nortel_networks self-service_mps_500
- Microsoft windows_server_2003 SP2
- Microsoft windows_xp_professional SP2
- Microsoft windows_server_2003_standard_x64_edition
- Nortel_networks self-service_mps_1000
- Microsoft windows_vista_enterprise_64-bit_edition SP1
- Microsoft windows_server_2008_enterprise_edition
- Nortel_networks symposium_agent
- Microsoft windows_server_2003_datacenter_x64_edition
- Microsoft windows_server_2008_standard_edition
- Microsoft windows_vista Home Premium SP1
- Microsoft windows_xp_professional_x64_edition SP2
- Microsoft windows_server_2003_itanium SP1
- Microsoft windows_server_2003_itanium SP2
- Microsoft windows_server_2003_datacenter_edition SP1
- Microsoft windows_server_2008_for_32-bit_systems
- Microsoft windows_server_2008_for_x64-based_systems
- Microsoft windows_server_2008_for_itanium-based_systems
- Microsoft windows_xp_home SP2
- Microsoft windows_server_2003_x64 SP2
- Microsoft windows_vista Ultimate
- Microsoft windows_server_2003_enterprise_edition_itanium SP1
HTTP:ABB-PANEL-BLDR-BO - HTTP: ABB Panel Builder 800 Comli CommandLineOptions Stack-based Buffer Overflow
Severity: HIGH
Description:
This signature detects attempt to exploit a stack-based buffer overflow exists in ABB Panel Builder 800. A remote attacker could exploit this vulnerability by enticing a target user into opening a maliciously crafted project file, or a web page. Successful exploitation could result in arbitrary code execution in the context of the target user.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
HTTP:EK-ANGLER-LP-2 - HTTP: Angler Exploit Kit Landing Page2
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
SMB:CVE-2017-11885-RCE - SMB: Windows CVE-2017-11885 Remote Code Execution
Severity: HIGH
Description:
Signature attempts to capture An Arbitrary Pointer Dereference vulnerability in Windows systems. Successful exploitation of this vulnerability can achieve Remote Code Execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft windows_8.1 *
- Microsoft windows_rt_8.1 -
- Microsoft windows_10 1607
- Microsoft windows_10 1511
- Microsoft windows_server_2016 1709
- Microsoft windows_server_2008 r2
- Microsoft windows_server_2012 -
- Microsoft windows_10 1709
- Microsoft windows_7 -
- Microsoft windows_10 -
- Microsoft windows_10 1703
- Microsoft windows_server_2016 -
- Microsoft windows_server_2008 -
- Microsoft windows_server_2012 r2
HTTP:NOVELL:REPORTER-AGENT - HTTP: Novell File Reporter Agent XML Parsing Remote Code Execution
Severity: CRITICAL
Description:
This signature detects attempts to exploit a known vulnerability against Novell File Reporter Agent. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Novell file_reporter 1.0.2
MS-RPC:OF:ADVANTECH-WEB-SCADA - MS-RPC: Advantech WebAccess SCADA bwnodeip Stack-based Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in the webvrpcs service of Advantech WebAccess. The vulnerability is due to a lack of boundary checks while copying user-supplied data into a stack-based buffer within BwNodeIP.exe. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted RPC request to the target server. Successful exploitation could lead to arbitrary code execution under context of Administrator.
Supported On:
idp-5.1.110161014, mx-16.1, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, idp-5.1.110170603, vsrx3bsd-18.2, srx-18.2, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.110121210, srx-12.1, srx-branch-12.1, idp-5.0.110130325, vsrx-12.1, vsrx-15.1
References:
Affected Products:
- Advantech webaccess 8.3.1
HTTP:STC:GNU-LIBEXTRACTOR-OOB - HTTP: GNU Libextractor ZIP File Comment Out-of-Bounds Read
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Libextractor. The vulnerability is due to improper handling of long File Comment fields within ZIP files. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to open a maliciously crafted file using Libextractor. Successful exploitation of this vulnerability could lead to denial-of-service conditions or, in the worst case, disclosure of sensitive information.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, isg-3.0.0, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Debian debian_linux 8.0
- Debian debian_linux 9.0
- Gnu libextractor 1.7
HTTP:STC:DL:VISIO-VSD-MEM - HTTP: Microsoft Visio VSD File Format Memory Corruption Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Microsoft Visio. A successful attack can lead to arbitrary code execution.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Microsoft visio_viewer_2010_(32-bit_edition) SP1
- Microsoft visio_viewer_2010_(64-bit_edition)
- Microsoft visio_viewer_2010_(64-bit_edition) SP1
- Microsoft visio_viewer_2010_(32-bit_edition)
HTTP:STC:DL:MAL-MEDIA-RCE - HTTP: Malformed Media Files Processing Remote Code Execution
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability against Malformed Media File. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the affected application.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
HTTP:EK-STYX-LP-3 - HTTP: Styx Exploit Kit Landing Page 3
Severity: HIGH
Description:
This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, idp-5.0.0, vsrx-17.4, srx-branch-17.4, isg-3.0.0, idp-5.1.110170603, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, j-series-9.5, vsrx-19.2, srx-19.2, srx-branch-19.2, idp-4.2.110100823, idp-4.2.110101203, idp-5.1.0, srx-branch-19.1, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, vsrx3bsd-19.2, isg-3.5.141818, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, srx-17.4, isg-3.1.134269, vsrx-15.1
SMTP:OVERFLOW:NTLM-AUTH-OF - SMTP: MailEnable NTLM Authentication Buffer Overflow
Severity: HIGH
Description:
This signature detects attempts to exploit a known vulnerability in MailEnable's SMTP NTLM authentication. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Supported On:
idp-5.1.110161014, idp-4.0.0, idp-4.0.110090709, idp-4.0.110090831, idp-4.1.0, mx-16.1, idp-4.2.0, srx-17.3, vmx-17.4, isg-3.5.141818, vsrx-17.4, srx-branch-17.4, srx-17.4, isg-3.1.134269, isg-3.1.135801, isg-3.4.0, vsrx3bsd-18.2, isg-3.5.0, srx-19.1, vsrx3bsd-19.1, vsrx-19.1, srx-branch-19.1, vsrx-19.2, srx-19.2, srx-branch-19.2, vsrx3bsd-19.2, idp-4.2.110101203, idp-5.1.0, j-series-9.5, idp-4.1.110110609, idp-4.1.110110719, mx-11.4, idp-4.2.110100823, idp-5.0.0, srx-18.2, isg-3.4.139899, idp-5.0.110121210, srx-12.1, srx-branch-12.1, isg-3.4.140032, idp-5.0.110130325, vsrx-12.1, isg-3.0.0, idp-5.1.110170603, vsrx-15.1
References:
Affected Products:
- Mailenable mailenable_professional 2.351
- Mailenable mailenable_enterprise_edition 2.0
- Mailenable mailenable_professional 2.0
- Mailenable mailenable_enterprise_edition 2.33
- Mailenable mailenable_professional 2.34
- Mailenable mailenable_professional 2.35
- Mailenable mailenable_enterprise_edition 2.35
- Mailenable mailenable_enterprise_edition 2.34
- Mailenable mailenable_professional 2.32
- Mailenable mailenable_enterprise_edition 2.32
- Mailenable mailenable_professional 2.33