*** NetKeeper 8.536 Release ***
Total number of signatures: 3048
Signature update 8.536 is for NetKeeper series devices.
  NK6000 (NK6105, NK6210C/F/G)
  NK3500 (NK3520, NK3550)
  NK5500 NK5900
  NK7210


Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities 
and applications as below:

Different from the version 8.534 ***
Modify 27 Rules:
--------------------------------------------------------------------
1130191	WEB-CLIENT Microsoft Windows OLE Automation Array Remote Code Execution Vulnerability -1 (CVE-2014-6332)
1133321	WEB Generic Remote Javascript Upload and Execution -2.x
1133374	WEB Zyxel P660HN-T v1 Router Unauthenticated Remote Command Execution
1133375	WEB Zyxel P660HN-T v2 Router Unauthenticated Remote Command Execution
1133376	WEB Billion 5200W-T Router Unauthenticated Remote Command Execution
1133377	WEB Billion 5200W-T Router Authenticated Remote Command Execution
1133399	FILE Adobe Reader and Acrobat Libtiff Heap Overflow (CVE-2017-2966)
1133214	WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability -1 (CVE-2016-7242)
1133224	WEB-CLIENT Microsoft Microsoft Edge Remote Code Execution Vulnerability -1 (CVE-2016-7241)
1133293	FILE Microsoft Windows Graphics Component CVE-2016-7272 Remote Code Execution (CVE-2016-7272)
1133295	WEB-CLIENT Microsoft Internet Explorer CWigglyShape Information Disclosure (CVE-2016-7283)
1133298	WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability -1 (CVE-2016-7287)
1133387	WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability -2 (CVE-2016-7287)
1133386	FILE Adobe Flash MovieClip attachMovie Use-After-Free (CVE-2015-5551)
1133310	WEB Netgear R7000 Command Injection -1.1
1120000	WEB URI Handler Buffer Overflow - GET -1
1132120	WEB Generic Remote Javascript Upload and Execution -2.a
1132591	TELNET Brute Force Login
1120847	WEB Cross-Site Scripting -7
1050015	WEB Cross-site Scripting -34
1064162	IM QQ/TM login via UDP -1
1053205	IM Gadu-Gadu login via TCP -2
1053303	TERMINAL GoToMyPC login via SSL -1
1064028	TERMINAL GoToMyPC login via TCP -1
1065932	TERMINAL GoToMyPC access via TCP -2
1066214	TERMINAL GoToMeeting login via SSL -1
1053286	STOCK Qianlong login via TCP -1

Add 54 Rules:
--------------------------------------------------------------------
1133421	WEB-CLIENT Microsoft Windows OLE Automation Array Remote Code Execution Vulnerability -8 (CVE-2014-6332)
1133441	WEB-CLIENT Generic Javascript Obfuscation -14
1133407	WEB Brute Force Login -1
1133408	WEB Brute Force Login -2
1133432	VIRUS Eicar test string -4
1133438	WEB-CLIENT Cisco WebEx Chrome Extension Remote Code Execution (CVE-2017-3823)
1133451	WEB Cross-site Scripting -36
1133449	SMB Microsoft SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability (CVE-2017-0016)
1133418	FILE Adobe Reader DC JPEG2000 CVE-2016-7854 Out-of-Bounds Read (CVE-2016-7854)
1133427	WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability -2 (CVE-2016-7242)
1133429	WEB-CLIENT Microsoft Microsoft Edge Remote Code Execution Vulnerability -2 (CVE-2016-7241)
1133436	FILE Microsoft Office CVE-2016-7264 Out of Bounds Read (CVE-2016-7264)
1133447	FILE Microsoft Windows Uniscribe Integer Overflow (CVE-2016-7274)
1133450	FILE Microsoft Excel CVE-2016-7262 Security Feature Bypass (CVE-2016-7262)
1133452	FILE Microsoft Windows Image File Handling Information Disclosure (CVE-2016-7212)
1133422	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 85 (Ransomware Attack Vector)
1133423	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 86 (Ransomware Attack Vector)
1133424	WEB-CLIENT Suspicious HTML Iframe Tag -20 (Ransomware Attack Vector)
1133448	WEB Multiple NETGEAR Products Information Disclosure Vulnerability (CVE-2017-5521)
1133405	DNS ISC BIND DNAME Response Processing Denial of Service (CVE-2016-8864)
1133409	EXPLOIT Memcached process_bin_sasl_auth Integer Underflow (CVE-2016-8706)
1133410	EXPLOIT Memcached process_bin_update body_len Integer Overflow -1 (CVE-2016-8705)
1133411	EXPLOIT Memcached process_bin_update body_len Integer Overflow -2 (CVE-2016-8705)
1133412	EXPLOIT Memcached process_bin_update body_len Integer Overflow -3 (CVE-2016-8705)
1133413	EXPLOIT Memcached process_bin_update body_len Integer Overflow -4 (CVE-2016-8705)
1133414	EXPLOIT Memcached process_bin_update body_len Integer Overflow -5 (CVE-2016-8705)
1133415	EXPLOIT Memcached process_bin_update body_len Integer Overflow -6 (CVE-2016-8705)
1133416	EXPLOIT Memcached process_bin_append_prepend Integer Overflow -1 (CVE-2016-8704)
1133417	EXPLOIT Memcached process_bin_append_prepend Integer Overflow -2 (CVE-2016-8704)
1133419	WEB Netgear R7000 Command Injection -1.2
1133420	SSH OpenSSH kex_input_kexinit Denial of Service (CVE-2016-8858)
1133426	WEB Trend Micro Smart Protection Server ccca_ajaxhandler.php Command Injection -2 (CVE-2016-6266)
1133428	NTP Network Time Protocol Daemon read_mru_list Denial of Service -1 (CVE-2016-7434)
1133430	NTP Network Time Protocol Daemon read_mru_list Denial of Service -2 (CVE-2016-7434)
1133431	NTP Network Time Protocol Daemon read_mru_list Denial of Service -3 (CVE-2016-7434)
1133435	WEB Trend Micro Smart Protection Server ccca_ajaxhandler.php Command Injection -1 (CVE-2016-6266)
1133439	EXPLOIT Vim modelines Remote Command Execution -1 (CVE-2016-1248)
1133440	EXPLOIT Vim modelines Remote Command Execution -2 (CVE-2016-1248)
1133453	SSH D-Link DWR-932B Backdoor Access -1 (CVE-2016-10177)
1133454	SSH D-Link DWR-932B Backdoor Access -2 (CVE-2016-10177)
1133442	WEB-CLIENT Microsoft IE MIME Header Attachment Execution Vulnerability -1 (CVE-2001-0154)
1133443	WEB-CLIENT Microsoft IE MIME Header Attachment Execution Vulnerability -2 (CVE-2001-0154)
1133444	WEB-CLIENT Microsoft IE MIME Header Attachment Execution Vulnerability -3 (CVE-2001-0154)
1133445	WEB-CLIENT Microsoft IE MIME Header Attachment Execution Vulnerability -4 (CVE-2001-0154)
1133446	WEB-CLIENT Microsoft IE MIME Header Attachment Execution Vulnerability -5 (CVE-2001-0154)
1133434	EXPLOIT Microsoft RDP Client for Mac Remote Code Execution
1132799	WEB-CLIENT Generic Javascript Remote Code Execution -3
1160101	IM AIM/ICQ/iIM access via SSL -4
1160102	IM Gadu-Gadu access via SSL -1
1160086	MEDIA YouTube access via SSL -3
1160087	MEDIA YouTube access via SSL -4
1160085	TERMINAL GoToAssist access via SSL -1
1160094	TERMINAL GoToMyPC login via SSL -2
1160095	TERMINAL GoToMyPC access via SSL -1

Delete 69 Rules:
--------------------------------------------------------------------
1132968	WEB Apache Continuum Arbitrary Command Execution -2
1132966	WEB-CLIENT Microsoft Browser Information Disclosure Vulnerability -2 (CVE-2016-3327)
1132967	WEB-CLIENT Microsoft Browser Information Disclosure Vulnerability -3 (CVE-2016-3327)
1132996	EXPLOIT Microsoft Windows Authentication Kerberos NTLM Fallback Security Bypass (CVE-2016-3237)
1132997	WEB-CLIENT Microsoft Internet Explorer CVE-2016-3288 Memory Corruption -2 (CVE-2016-3288)
1132998	FILE Microsoft Windows Graphics Component CVE-2016-3301 Code Execution -1 (CVE-2016-3301)
1132999	FILE Microsoft Windows Graphics Component CVE-2016-3301 Code Execution -2 (CVE-2016-3301)
1133000	FILE Microsoft Windows Uniscribe Integer Underflow (CVE-2015-6130)
1133001	FILE Microsoft Windows COMSVCS.DLL Insecure Library Loading -1 (CVE-2015-6132)
1133003	FILE Microsoft Windows COMSVCS.DLL Insecure Library Loading -2 (CVE-2015-6132)
1133004	FILE Microsoft Windows Els.dll Insecure Library Loading -1 (CVE-2015-6128)
1133005	FILE Microsoft Windows Els.dll Insecure Library Loading -2 (CVE-2015-6128)
1133006	FILE Microsoft Windows Els.dll Insecure Library Loading -3 (CVE-2015-6128)
1133007	FILE Microsoft Windows Els.dll Insecure Library Loading -4 (CVE-2015-6128)
1133008	FILE Microsoft Windows Els.dll Insecure Library Loading -5 (CVE-2015-6128)
1133009	FILE Microsoft Windows Els.dll Insecure Library Loading -6 (CVE-2015-6128)
1132885	WEB Squid Long String Header Processing Assertion Failure -1.1021 (CVE-2016-2569)
1132965	WEB CA Total Defense Suite UNCWS Multiple Report Stored Procedure SQL Injections (CVE-2011-1653)
1132969	FILE Foxit Reader GoToR Action Stack Buffer Overflow (ZDI-16-391)
1132970	WEB WECON LeviStudio ScreenInfo ScrnName Heap Buffer Overflow
1132971	WEB Multiple Products HTTP_PROXY Traffic Redirection (CVE-2016-5386)
1132972	FILE WECON LeviStudio CurScrIDAddr Stack Buffer Overflow (ZDI-16-379)
1132973	WEB Trihedral VTScada WAP Directory Traversal (CVE-2016-4532)
1132974	WEB GD Library libgd _gd2GetHeader Integer Overflow -1 (CVE-2016-5766)
1132975	WEB GD Library libgd _gd2GetHeader Integer Overflow -2 (CVE-2016-5766)
1132977	EXPLOIT MIT Kerberos 5 KDC Null Pointer Dereference (CVE-2016-3120)
1132978	WEB PHP exif_process_user_comment Null Pointer Dereference (CVE-2016-6292)
1132980	WEB-CLIENT Suspicious HTML Iframe Tag -17 (Ransomware Attack Vector)
1132981	WEB Apache OpenMeetings ZIP File Path Traversal (CVE-2016-0784)
1132985	EXPLOIT Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability -1 (CVE-2016-6366)
1132986	EXPLOIT Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability -2 (CVE-2016-6366)
1132988	WEB Symantec Endpoint Protection Manager Cross Site Request Forgery -3 (CVE-2016-3653)
1132994	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 80 (Ransomware Attack Vector)
1132995	SIP IBM WebSphere Application Server SIP Processing Denial of Service (CVE-2016-2960)
1132982	SSL Squid SSL-Bump Denial of Service -1.1022
1132983	SSL Squid SSL-Bump Denial of Service -2.1022
1132984	WEB Reprise License Manager edit_lf_get_data Directory Traversal -2 (ZDI-15-417)
1132989	SMTP IBM Domino GIF Processing Heap Buffer Overflow (CVE-2015-0135)
1132991	WEB Websense Content Gateway HTTP cmd_param Buffer Overflow -2 (CVE-2015-5718)
1133002	DNS GNU C Library glibc getaddrinfo Buffer Overflow -2 (CVE-2015-7547)
1132992	SHELLCODE x86 Decoder ShikataGaNai -2
1132993	SHELLCODE x86 Decoder Veil -1
1130705	WEB D-Link/TRENDnet NCC Service Command Injection -4 (CVE-2015-1187)
1130858	WEB SixApart MovableType Storable Perl Code Execution (CVE-2015-1592)
1130859	EXPLOIT Apache Qpid Session.gap Denial of Service -2 (CVE-2015-0203)
1130860	EXPLOIT Apache Qpid Session.gap Denial of Service -3 (CVE-2015-0203)
1131194	FTP ProFTPD mod_copy Unauthenticated Remote File Copying -1 (CVE-2015-3306)
1053721	IM BaiduHi login via TCP -1
1053722	IM Teltel login via SSL -1
1053728	IM IMI login via TCP -1
1067947	IM ECP login via TCP -1
1063222	P2P Soulseek transfer-download via TCP -1
1053091	P2P Soulseek connect via TCP -1
1053098	P2P KCeasy connect via TCP -1
1052289	TUNNEL LogMeIn login via UDP -1
1052904	TUNNEL LogMeIn login via SSL -1
1067962	TUNNEL LogMeIn access via SSL -1
1065942	TUNNEL LogMeIn access via TCP -1
1065943	TUNNEL LogMeIn access via TCP -2
1065937	TUNNEL FreeSafeIP connect via SSL -1
1068832	TUNNEL Hola connect via TCP -1
1068833	TUNNEL Hola connect via SSL -1
1053085	MEDIA Freecast login via TCP -1
1066142	MEDIA 6.cn login via TCP -1
1066145	MEDIA 6.cn transfer-download via TCP -1
1065428	MEDIA 6.cn media via TCP -1
1066143	MEDIA 6.cn media via TCP -2
1063510	MEDIA 6.cn access via TCP -1
1066144	MEDIA 6.cn access via TCP -2