*** NetKeeper 8.538 Release ***
Total number of signatures: 3048
Signature update 8.538 is for NetKeeper series devices.
  NK6000 (NK6105, NK6210C/F/G)
  NK3500 (NK3520, NK3550)
  NK5500 NK5900
  NK7210


Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities 
and applications as below:

Different from the version 8.536 ***
Modify 15 Rules:
--------------------------------------------------------------------
1058966	NTP Network Time Protocol Amplification Distributed Denial of Service (CVE-2013-5211)
1130172	DNS DNS Amplification Attacks -1
1130173	DNS DNS Amplification Attacks -2
1133407	WEB Brute Force Login -1
1133408	WEB Brute Force Login -2
1133449	SMB Microsoft SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability (CVE-2017-0016)
1133085	WEB-CLIENT Microsoft Internet Explorer Internet Messaging API Information Disclosure -1 (CVE-2016-3298)
1133189	EXPLOIT Bitcoin/LiteCoin/Dogecoin Mining Activity -2
1057832	WEB PHP Arbitrary Code Injection -7
1057137	DB Microsoft SQL SA Password Brute Force
1059418	SSH Brute Force Login
1059803	RDP Brute Force Login
1130588	POP3 Brute Force Login
1131643	SMTP Brute Force Login
1132591	TELNET Brute Force Login

Add 49 Rules:
--------------------------------------------------------------------
1133462	SNMP Simple Network Management Protocol GETBULK Reflection Denial of Service Vulnerability
1133463	SSDP Simple Service Discovery Protocol Reflection Denial of Service Vulnerability
1133480	EXPLOIT Remote Command Execution via Shell Script -2
1133465	WEB OpenBSD http server Denial of Service Vulnerability (CVE-2017-5850)
1133456	FTP Brute Force Login -1
1133457	FTP Brute Force Login -2
1133458	WEB HTTP Invalid Content Type
1133433	FILE Microsoft Windows OpenType Font Memory Corruption (CVE-2016-7256)
1133460	WEB-CLIENT Microsoft Internet Explorer Internet Messaging API Information Disclosure -3 (CVE-2016-3298)
1133488	WEB-CLIENT Microsoft Internet Explorer Internet Messaging API Information Disclosure -2 (CVE-2016-3298)
1133467	WEB Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection
1133489	FTP Java and Python FTP Injection -1
1133490	FTP Java and Python FTP Injection -2
1133455	WEB Axis Communications MPQT/PACS 5.20.x SSI Daemon Remote Format String
1133459	WEB PHP exception toString Denial of Service (CVE-2016-7478)
1133471	WEB-CLIENT Google Chrome Blink ImageBitmap Integer Overflow -1 (CVE-2016-5182)
1133472	WEB-CLIENT Google Chrome Blink ImageBitmap Integer Overflow -1 (CVE-2016-5182)
1133473	EXPLOIT FFmpeg mov_read_keys Integer Overflow (CVE-2016-5199)
1133475	WEB VegaDNS axfr_get.php Command Injection -1.u
1133476	WEB VegaDNS axfr_get.php Command Injection -1.b
1133477	WEB VegaDNS axfr_get.php Command Injection -2
1133478	DNS ISC BIND RRSIG Record Response Assertion Failure Denial of Service (CVE-2016-9147)
1133479	FILE Autodesk Design Review BMP biClrUsed Buffer Overflow
1133481	EXPLOIT LibVNCServer LibVNCClient FramebufferUpdate Rectangle Heap Buffer Overflow -1 (CVE-2016-9941)
1133482	EXPLOIT LibVNCServer LibVNCClient FramebufferUpdate Rectangle Heap Buffer Overflow -2 (CVE-2016-9941)
1133483	DNS ISC BIND ANY Query Response Assertion Failure Denial of Service (CVE-2016-9131)
1133484	EXPLOIT Aerospike Database Server as_sindex__simatch_list_by_set_binid Stack Buffer Overflow (CVE-2016-9054)
1133485	EXPLOIT Aerospike Database Server as_sindex__simatch_by_iname Stack Buffer Overflow (CVE-2016-9052)
1133486	FILE Fatek Automation PLC WinProladder Stack Buffer Overflow (CVE-2016-8377)
1133487	LDAP Samba NDR Parsing ndr_pull_dnsp_name Integer Overflow (CVE-2016-2123)
1133469	WEB Novell ZENworks Configuration Management Session ID Information Disclosure -1.x (CVE-2015-0784)
1133470	WEB ManageEngine Desktop Central Unauthorized Administrative Password Reset -1.x (CVE-2015-2560)
1133474	WEB ManageEngine Multiple Products multipartRequest Directory Traversal -1.x (CVE-2014-6036)
1133464	WEB Netgear WNDR1000v4 Router Remote Authentication Bypass
1133468	WEB SQL injection attempt -81.x
1130705	WEB D-Link/TRENDnet NCC Service Command Injection -4 (CVE-2015-1187)
1130858	WEB SixApart MovableType Storable Perl Code Execution (CVE-2015-1592)
1130859	EXPLOIT Apache Qpid Session.gap Denial of Service -2 (CVE-2015-0203)
1130860	EXPLOIT Apache Qpid Session.gap Denial of Service -3 (CVE-2015-0203)
1131194	FTP ProFTPD mod_copy Unauthenticated Remote File Copying -1 (CVE-2015-3306)
1131196	Novell ZENworks Configuration Management FileViewer/DirectoryViewer Information Disclosure
1131230	EXPLOIT Western Digital Arkeia Remote Code Execution
1131231	WEB Accellion FTA statecode Cookie Arbitrary File Read (CVE-2015-2856)
1131342	WEB D-Link Cookie Command Execution
1131400	WEB Cross-site Scripting -28
1131401	WEB Cross-site Scripting -29
1131464	WEB Werkzeug Debug Shell Command Execution
1131530	WEB-CLIENT Firefox PDF.js Privileged Javascript Injection (CVE-2015-0816)
1131563	WEB ManageEngine OpManager SubmitQuery IntegrationUser SQL Code Execution -2 (CVE-2015-7766)

Delete 49 Rules:
--------------------------------------------------------------------
1055584	ANDROID Malware GEINIMI Download -8
1133010	WEB-CLIENT Microsoft Internet Explorer and Edge CVE-2016-3295 Memory Corruption (CVE-2016-3295)
1133011	WEB-CLIENT Microsoft Edge CVE-2016-3294 Memory Corruption (CVE-2016-3294)
1133012	FILE Microsoft Office Memory Corruption Vulnerability (CVE-2016-3381)
1133013	WEB-CLIENT Microsoft Internet Explorer and Edge CVE-2016-3297 Memory Corruption (CVE-2016-3297)
1133014	FILE Microsoft Office Memory Corruption Vulnerability (CVE-2016-3365)
1133015	FILE Microsoft Office Memory Corruption Vulnerability (CVE-2016-3364)
1133016	WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2016-3377)
1133017	FILE Microsoft Office Memory Corruption Vulnerability (CVE-2016-3363)
1133018	WEB-CLIENT Microsoft MSXML OLEAUT32 BstrLenA UAF Information Disclosure (CVE-2016-3376)
1133019	FILE Microsoft Office Memory Corruption Vulnerability (CVE-2016-3362)
1133020	WEB-CLIENT Microsoft Browser Memory Corruption Vulnerability (CVE-2016-3295)
1133021	FILE Microsoft Office Memory Corruption Vulnerability (CVE-2016-3360)
1133022	FILE Microsoft Office Memory Corruption Vulnerability (CVE-2016-3359)
1133023	FILE Microsoft Office Memory Corruption Vulnerability (CVE-2016-3358)
1133024	FILE Microsoft Windows PDF Library CVE-2016-3370 Information Disclosure (CVE-2016-3370)
1133025	FILE Microsoft Office Memory Corruption Vulnerability (CVE-2016-3357)
1133026	WEB-CLIENT Microsoft Internet Explorer and Edge CVE-2016-3325 Information Disclosure (CVE-2016-3325)
1133027	WEB-CLIENT Microsoft Internet Explorer and Edge CVE-2016-3247 Memory Corruption (CVE-2016-3247)
1133028	WEB-CLIENT Microsoft Internet Explorer and Edge CVE-2016-3351 Information Disclosure (CVE-2016-3351)
1133029	WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2016-3375)
1133030	WEB-Client Microsoft Edge Information Disclosure Vulnerability (CVE-2016-3352)
1133045	FILE Microsoft Windows Graphics Component CVE-2016-3304 Code Execution -1 (CVE-2016-3304)
1133046	FILE Microsoft Windows Graphics Component CVE-2016-3304 Code Execution -2 (CVE-2016-3304)
1133047	FILE Microsoft Windows PDF Library CVE-2016-3319 Memory Corruption (CVE-2016-3319)
1133040	FILE Adobe Flash MovieClip Drawing Use After Free (CVE-2015-3137)
1133041	FILE Adobe Flash Player SharedObject Type Confusion Vulnerability -1 (CVE-2015-3131)
1133044	FILE Adobe Flash Player Color SetRGB Use After Free Vulnerability -1 (CVE-2015-3128)
1133054	WEB-CLIENT Microsoft Internet Explorer and Edge CVE-2015-6140 Memory Corruption -5 (CVE-2015-6140)
1133056	WEB-CLIENT Microsoft Internet Explorer and Edge CVE-2015-6140 Memory Corruption -2 (CVE-2015-6140)
1133057	WEB-CLIENT Microsoft Internet Explorer and Edge CVE-2015-6140 Memory Corruption -3 (CVE-2015-6140)
1133058	WEB-CLIENT Microsoft Internet Explorer and Edge CVE-2015-6140 Memory Corruption -4 (CVE-2015-6140)
1133059	WEB-CLIENT Microsoft Internet Explorer and Edge CVE-2015-6140 Memory Corruption -6 (CVE-2015-6140)
1132898	WEB-CLIENT Suspicious HTML Iframe Tag -15 (Ransomware Attack Vector)
1133031	WEB Micro Focus GroupWise Post Office Agent Integer Overflow -1 (CVE-2016-5762)
1133033	WEB Micro Focus GroupWise Post Office Agent Integer Overflow -3 (CVE-2016-5762)
1133034	WEB Micro Focus GroupWise Post Office Agent Integer Overflow -4 (CVE-2016-5762)
1133035	WEB Moxa SoftCMS CGI Program SQL Injection (CVE-2016-5792)
1133037	DB Oracle MySQL Remote Root Code Execution Vulnerability -1 (CVE-2016-6662)
1133038	DB Oracle MySQL Remote Root Code Execution Vulnerability -2 (CVE-2016-6662)
1133043	WEB WordPress Admin API Directory Traversal -2  (CVE-2016-6896)
1133049	FILE WECON LeviStudio Address Name Heap Buffer Overflow
1133050	WEB Trend Micro Control Manager task_controller Information Disclosure -1
1133051	WEB Trend Micro Control Manager task_controller Information Disclosure -2
1133052	WEB Trend Micro Control Manager TreeUserControl_process_tree_event Information Disclosure -1
1133053	WEB Trend Micro Control Manager TreeUserControl_process_tree_event Information Disclosure -2
1133060	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 82 (Ransomware Attack Vector)
1133036	WEB Arcserve Unified Data Protection reportFileServlet Directory Traversal -4.a (CVE-2015-4068)
1133039	WEB F5 iControl iCall Script Root Command Execution -2 (CVE-2015-3628)