*** NetKeeper 8.542 Release *** Total number of signatures: 3055 Signature update 8.542 is for NetKeeper series devices. NK6000 (NK6105, NK6210C/F/G) NK3500 (NK3520, NK3550) NK5500 NK5900 NK7210 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Different from the version 8.540 *** Modify 746 Rules: -------------------------------------------------------------------- 1058626 WEB Generic XXE Information Disclosure -1 1058627 WEB Generic XXE Information Disclosure -2 1132543 WEB Apache Struts Dynamic Method Invocation Remote Code Execution -1.a 1133463 SSDP Simple Service Discovery Protocol Reflection Denial of Service Vulnerability 1133517 WEB-ACTIVEX Remote Code Execution via ActiveX -11 1133215 WEB-ACTIVEX Remote Code Execution via ActiveX -10 1133381 WEB PHPMailer Remote Code Execution -1.1 (CVE-2016-10033) 1133512 WEB-CLIENT JavaScript Heap Exploitation -13 1133503 WEB-CLIENT Microsoft Edge CVE-2017-0010 Memory Corruption (CVE-2017-0010) 1133520 SMB Microsoft Windows LSASS Authentication Denial of Service -1.1 (CVE-2017-0004) 1133521 SMB Microsoft Windows LSASS Authentication Denial of Service -1.2 (CVE-2017-0004) 1133522 SMB Microsoft Windows LSASS Authentication Denial of Service -1.3 (CVE-2017-0004) 1133427 WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability -2 (CVE-2016-7242) 1133508 WEB-CLIENT Internet Explorer Elevation of Privilege Vulnerability (CVE-2017-0154) 1133201 SSL OpenSSL tls_get_message_body Function init_msg Structure Use After Free -1 (CVE-2016-6309) 1133310 WEB Netgear R7000 Command Injection -1.1 (CVE-2016-6277) 1133419 WEB Netgear R7000 Command Injection -1.2 (CVE-2016-6277) 1133430 NTP Network Time Protocol Daemon read_mru_list Denial of Service -2 (CVE-2016-7434) 1133524 WEB-CLIENT Multiple Browser WebKit Exploit Remote Code Execution -1 (CVE-2016-4657) 1133525 WEB-CLIENT Multiple Browser WebKit Exploit Remote Code Execution -2 (CVE-2016-4657) 1133458 WEB-CLIENT JavaScript Heap Exploitation -3 1133509 WEB-CLIENT JavaScript Heap Exploitation -4.1 1133510 WEB-CLIENT JavaScript Heap Exploitation -5.1 1133511 WEB-CLIENT JavaScript Heap Exploitation -6.1 1054840 WEB SQL injection attempt -6 1056085 EXPLOIT Remote Command Execution via Perl -2 1054406 WEB-ACTIVEX Remote Code Execution via ActiveX -1 1057797 WEB-ACTIVEX Remote Code Execution via ActiveX -4 1059426 WEB-ACTIVEX Remote Code Execution via ActiveX -6 1057549 WEB-ACTIVEX Remote Code Execution via ActiveX -3 1133148 MALWARE Suspicious IoT Worm TELNET Activity -1 1131059 WEB-ACTIVEX Remote Code Execution via ActiveX -8 1131060 WEB-ACTIVEX Remote Code Execution via ActiveX -9 1056755 WEB-ACTIVEX Remote Code Execution via ActiveX -2 1059423 WEB-ACTIVEX Remote Code Execution via ActiveX -5 1059431 WEB-ACTIVEX Remote Code Execution via ActiveX -7 1133407 WEB Brute Force Login -1 1058039 WEB SQL injection attempt -2.b 1056153 WEB SQL injection select from attempt -3.u 1058077 WEB SQL injection attempt -1.b 1063542 IM Yahoo login via UDP -1 1052022 IM Yahoo login via TCP -1 1052029 IM Yahoo login via TCP -2 1052084 IM Yahoo login via TCP -3 1069153 IM Yahoo communicate via SSL -1 1051211 IM Yahoo communicate via TCP -1 1067708 IM Yahoo communicate via TCP -2 1052052 IM Yahoo communicate via TCP -3 1052053 IM Yahoo communicate via TCP- 4 1052083 IM Yahoo communicate via TCP -5 1052085 IM Yahoo communicate via TCP- 6 1052086 IM Yahoo communicate via TCP -7 1067879 IM Yahoo communicate via TCP -8 1051086 IM Yahoo transfer via TCP -1 1051817 IM Yahoo transfer via TCP -3 1051959 IM Yahoo transfer via TCP -6 1052017 IM Yahoo transfer via TCP- 7 1064849 IM Yahoo transfer via TCP- 8 1051923 IM Yahoo media-video via UDP -1 1051813 IM Yahoo media-video via TCP -1 1052016 IM Yahoo media-audio via TCP -2 1054125 IM Yahoo media-video via TCP -3 1067538 IM Yahoo media via UDP -1 1067539 IM Yahoo media via TCP -1 1063323 IM Yahoo media via TCP -4 1051084 IM Yahoo access via TCP -1 1051085 IM Yahoo access via TCP -2 1051780 IM Yahoo access via TCP -3 1063238 IM AIM/ICQ/iIM login via SSL -1 1062461 IM AIM/ICQ/iIM login via SSL -2 1051120 IM AIM/ICQ/iIM login via TCP -1 1051221 IM AIM/ICQ/iIM login via TCP -2 1051699 IM AIM/ICQ/iIM login via TCP -3 1051922 IM AIM/ICQ/iIM login via TCP -6 1053115 IM AIM/ICQ/iIM login via TCP -8 1053116 IM AIM/ICQ/iIM login via TCP -7 1061814 IM AIM/ICQ/iIM login via TCP -4 1061815 IM AIM/ICQ/iIM login via TCP -5 1063574 IM AIM/ICQ/iIM login via TCP -10 1063548 IM AIM/ICQ/iIM login via TCP -9 1050359 IM AIM/ICQ/iIM communicate via TCP -1 1051121 IM AIM/ICQ/iIM communicate via TCP -2 1051219 IM AIM/ICQ/iIM communicate via TCP -3 1051898 IM AIM/ICQ/iIM communicate via TCP -4 1052071 IM AIM/ICQ/iIM communicate via TCP -5 1052072 IM AIM/ICQ/iIM communicate via TCP -6 1052073 IM AIM/ICQ/iIM communicate via TCP -7 1065498 IM AIM/ICQ/iIM communicate via TCP -9 1051702 IM AIM/ICQ/iIM transfer via TCP -1 1051909 IM AIM/ICQ/iIM transfer via TCP -2 1052055 IM AIM/ICQ/iIM transfer via TCP -3 1052077 IM AIM/ICQ/iIM transfer via TCP -4 1065499 IM AIM/ICQ/iIM transfer via TCP -6 1067709 IM AIM/ICQ/iIM transfer via TCP -7 1067710 IM AIM/ICQ/iIM transfer via TCP -8 1067955 IM AIM/ICQ/iIM transfer via TCP -9 1052011 IM AIM/ICQ/iIM media-audio via TCP -1 1052013 IM AIM/ICQ/iIM media-audio via TCP -2 1052074 IM AIM/ICQ/iIM media-audio via TCP -3 1052075 IM AIM/ICQ/iIM media-audio via TCP -4 1053020 IM AIM/ICQ/iIM media-audio via TCP -5 1051809 IM AIM/ICQ/iIM media-video via UDP -1 1051808 IM AIM/ICQ/iIM media-video via TCP -1 1052012 IM AIM/ICQ/iIM media-video via TCP -3 1052076 IM AIM/ICQ/iIM media-video via TCP -4 1052099 IM AIM/ICQ/iIM media-video via TCP -5 1065500 IM AIM/ICQ/iIM media-video via TCP -7 1067541 IM AIM/ICQ/iIM media via TCP -1 1067954 IM AIM/ICQ/iIM media via TCP -2 1067953 IM AIM/ICQ/iIM access via SSL -1 1068568 IM AIM/ICQ/iIM access via SSL -2 1068569 IM AIM/ICQ/iIM access via SSL -3 1160101 IM AIM/ICQ/iIM access via SSL -4 1051744 IM IRC login via TCP -1 1064010 IM IRC login via TCP -2 1068939 IM IRC login via TCP -3 1051954 IM IRC transfer via TCP -1 1052726 IM POPO login via TCP -1 1052728 IM POPO login via TCP -2 1053342 IM POPO login via TCP -3 1063592 IM POPO login via TCP -4 1053592 IM POPO transfer via UDP -1 1052732 IM POPO transfer via TCP -1 1064376 IM POPO transfer via TCP -2 1064016 IM Tlen login via SSL-1 1053193 IM RenRen login via TCP -1 1068827 IM IPMSG connect via UDP -1 1068828 IM IPMSG connect via UDP -2 1069534 IM IPMSG connect via TCP -1 1053190 IM AliWW login via TCP -1 1053191 IM AliWW login via TCP -2 1053466 IM AliWW login via TCP -3 1160053 IM AliWW login via TCP -4 1064417 IM AliWW transfer via UDP -1 1065905 IM AliWW transfer via TCP -1 1064083 IM AliWW transfer via TCP -2 1065906 IM AliWW transfer via TCP -3 1160054 IM AliWW transfer via TCP -4 1160055 IM AliWW transfer via TCP -5 1063429 IM AliWW media via TCP -1 1053664 IM AliWW communicate via TCP -1 1053203 IM Kubao login via TCP -1 1053316 IM Kubao login via TCP -2 1053197 IM Lava-Lava login via TCP -1 1053200 IM ISPQ login via TCP -1 1064375 IM Weibo login via SSL -1 1064919 IM Weibo login via SSL -2 1064920 IM Weibo login via SSL -3 1063527 IM Weibo login via TCP -1 1064804 IM Weibo login via TCP -3 1064015 IM WhatsApp login via SSL -1 1068766 IM WhatsApp login via SSL -2 1064123 IM WhatsApp login via TCP -1 1066423 IM WhatsApp login via TCP -2 1069353 IM WhatsApp login via TCP -3 1069037 IM WhatsApp access via SSL -1 1069733 IM WhatsApp access via TCP -1 1069734 IM WhatsApp access via TCP -2 1068621 P2P BT-BitTorrent announce access via IP -1 1063637 P2P BT-BitTorrent announce access via IP -2 1051724 P2P BT-BitTorrent announce access via UDP -1 1050417 P2P BT-BitTorrent announce access via TCP -1 1053015 P2P BT-BitTorrent announce access via TCP -2 1051725 P2P BT-BitTorrent Handshake access via UDP -1 1050418 P2P BT-BitTorrent Handshake access via TCP -1 1053870 P2P BT-BitTorrent transfer via UDP -3 1052972 P2P BT-BitTorrent transfer via UDP -4 1066936 P2P BT-BitTorrent transfer via UDP -6 1160140 P2P BT-BitTorrent transfer via UDP -7 1052023 P2P BT-BitTorrent transfer via TCP -3 1053018 P2P BT-BitTorrent transfer via TCP -6 1053180 P2P BT-BitTorrent transfer via TCP -7 1053226 P2P BT-BitTorrent transfer via TCP -8 1052027 P2P BT-BitTorrent access via UDP- 1 1052819 P2P BT-BitTorrent access via UDP- 2 1068804 P2P BT-BitTorrent access via SSL -1 1068802 P2P BT-BitTorrent access via TCP -1 1068803 P2P BT-BitTorrent access via TCP -2 1063209 P2P eDonkey-eMule access via TCP -2 1068170 P2P eDonkey-eMule access via TCP -3 1053861 P2P Gnutella-iMesh/Lphant login via TCP -1 1067652 P2P Gnutella-iMesh/Lphant login via TCP -2 1052638 P2P Gnutella-iMesh/Lphant connect via TCP -1 1061244 P2P Gnutella-iMesh/Lphant access via TCP -1 1067653 P2P Gnutella-iMesh/Lphant access via TCP -2 1065511 P2P ClubBox login via TCP-1 1065512 P2P ClubBox login via TCP-2 1065513 P2P ClubBox transfer-download via TCP-1 1052717 P2P ClubBox access via TCP-1 1061810 P2P ClubBox access via TCP-2 1065514 P2P myMusic login via SSL -1 1064405 P2P myMusic login via TCP -2 1065515 P2P myMusic transfer-download via TCP -1 1065516 P2P myMusic media via TCP -2 1065518 P2P myMusic media via TCP -3 1065517 P2P myMusic media via TCP -4 1067493 P2P myMusic access via TCP -2 1067494 P2P myMusic access via TCP -3 1061807 P2P GoGoBox communicate via TCP-1 1063494 VOIP Skype login via SSL -1 1063501 VOIP Skype login via SSL -2 1064091 VOIP Skype login via SSL -3 1068895 VOIP Skype login via SSL -4 1051697 VOIP Skype login via TCP -1 1065593 VOIP Skype login via TCP -2 1051890 VOIP Skype login via TCP -3 1065936 VOIP Skype media via SSL -1 1069398 VOIP Skype media via SSL -2 1068896 VOIP Skype access via SSL -1 1068897 VOIP Skype access via SSL -2 1068898 VOIP Skype access via SSL -3 1068899 VOIP Skype access via SSL -4 1068974 VOIP Skype access via SSL -5 1068975 VOIP Skype access via SSL -6 1067746 VOIP LINE login via TCP -1 1067749 VOIP LINE login via TCP -2 1068987 VOIP LINE communicate via UDP -1 1068988 VOIP LINE communicate via UDP -2 1067743 VOIP LINE media via TCP -1 1063999 VOIP LINE access via SSL -1 1068316 VOIP LINE access via SSL -2 1068433 VOIP LINE access via SSL -3 1068934 VOIP LINE access via SSL -4 1069122 VOIP LINE access via SSL -5 1069123 VOIP LINE access via SSL -6 1069626 VOIP LINE access via SSL -7 1069637 VOIP LINE access via SSL -8 1063611 VOIP LINE access via TCP -1 1064195 VOIP LINE access via TCP -2 1067650 VOIP LINE access via TCP -3 1067748 VOIP LINE access via TCP -4 1067751 VOIP LINE access via TCP -5 1069124 VOIP LINE access via TCP -6 1067963 TUNNEL Hamachi connect via TCP -1 1052586 TUNNEL SoftEther/PacketiX connect via SSL -1 1054074 TUNNEL SoftEther/PacketiX connect via SSL -2 1067966 TUNNEL SoftEther/PacketiX connect via SSL -3 1068555 TUNNEL SoftEther/PacketiX connect via TCP -1 1053027 TUNNEL HTTP-Tunnel login via TCP -1 1052604 TUNNEL HTTP-Tunnel connect via TCP -1 1063299 TUNNEL Tor access via SSL -1 1064414 TUNNEL Tor access via SSL -2 1068078 TUNNEL Tor access via SSL -3 1069837 TUNNEL Tor meek access via SSL -1 (f3) 1069838 TUNNEL Tor meek access via SSL -2 (f3) 1069839 TUNNEL Tor meek access via SSL -3 (f3) 1069840 TUNNEL Tor meek access via SSL -4 (f3) 1069842 TUNNEL Tor meek access via SSL -6 (f3) 1069843 TUNNEL Tor meek access via SSL -7 (f2) 1069844 TUNNEL Tor meek access via SSL -8 (f2) 1069845 TUNNEL Tor meek access via SSL -9 (f2) 1069846 TUNNEL Tor meek access via SSL -10 (f2) 1069847 TUNNEL Tor meek access via SSL -11 (f2) 1069917 TUNNEL Tor meek access via SSL -16 (f2) 1069848 TUNNEL Tor meek access via SSL -12 (f1) 1069849 TUNNEL Tor meek access via SSL -13 (f1) 1069850 TUNNEL Tor meek access via SSL -14 (f1) 1069916 TUNNEL Tor meek access via SSL -15 (f1) 1069851 TUNNEL Tor fte access via TCP -1 1053864 TUNNEL Wujie/UltraSurf login via UDP -1 1065696 TUNNEL Wujie/UltraSurf login via UDP -2 1065988 TUNNEL Wujie/UltraSurf login state 0 via SSL -1-1 1066804 TUNNEL Wujie/UltraSurf login state 0 via SSL -1-2 1067261 TUNNEL Wujie/UltraSurf login state 0 via SSL -1-3 1067262 TUNNEL Wujie/UltraSurf login state 0 via SSL -1-4 1065989 TUNNEL Wujie/UltraSurf login via SSL -1 1063500 TUNNEL Wujie/UltraSurf login via SSL -2 1063352 TUNNEL Wujie/UltraSurf login state 0 via SSL -3 1067733 TUNNEL Wujie/UltraSurf login via SSL -3 1067264 TUNNEL Wujie/UltraSurf login via SSL -4 1067321 TUNNEL Wujie/UltraSurf login via SSL -5 1068221 TUNNEL Wujie/UltraSurf login via SSL -6 1068891 TUNNEL Wujie/UltraSurf login via SSL -7 1069099 TUNNEL Wujie/UltraSurf login via SSL -8 1069100 TUNNEL Wujie/UltraSurf login via SSL -9 1069101 TUNNEL Wujie/UltraSurf login via SSL -10 1069102 TUNNEL Wujie/UltraSurf login via SSL -11 1069195 TUNNEL Wujie/UltraSurf login via SSL -12 1069196 TUNNEL Wujie/UltraSurf login via SSL -13 1069197 TUNNEL Wujie/UltraSurf login via SSL -14 1053863 TUNNEL Wujie/UltraSurf login via TCP -1 1063484 TUNNEL Wujie/UltraSurf login via TCP -2 1068670 TUNNEL Wujie/UltraSurf login via TCP -3 1063545 TUNNEL Wujie/UltraSurf login via TCP -4 1061567 TUNNEL Wujie/UltraSurf access via TCP -1 1066805 TUNNEL Wujie/UltraSurf access via TCP -2 1053075 TUNNEL CCProxy connect via TCP -1 1053076 TUNNEL CCProxy connect via TCP -2 1053077 TUNNEL CCProxy connect via TCP -3 1053078 TUNNEL CCProxy connect via TCP -4 1067176 FILE GetRight transfer via TCP -1 1063301 FILE Dropbox login via SSL -1 1067691 FILE Dropbox login via SSL -2 1069419 FILE Dropbox login via SSL -3 1069920 FILE Dropbox media via SSL -1 1067722 FILE Dropbox access via SSL -1 1063302 FILE Dropbox access via TCP -1 1067175 FILE Dropbox access via TCP -2 1065319 FILE Copy.com access via SSL -1 1066170 MEDIA PPTV login via SSL -1 1066171 MEDIA PPTV login via TCP -1 1066172 MEDIA PPTV transfer-download via UDP -1 1066173 MEDIA PPTV transfer-download via TCP -1 1068012 MEDIA PPTV transfer-download via TCP -3 1052852 MEDIA PPTV media via UDP -1 1053365 MEDIA PPTV media via UDP -2 1053366 MEDIA PPTV media via UDP -3 1053472 MEDIA PPTV media via UDP -4 1053851 MEDIA PPTV media via UDP -5 1053852 MEDIA PPTV media via UDP -6 1061725 MEDIA PPTV media via UDP -7 1061746 MEDIA PPTV media via UDP -8 1061748 MEDIA PPTV media via UDP -9 1061749 MEDIA PPTV media via UDP -10 1061750 MEDIA PPTV media via UDP -11 1061756 MEDIA PPTV media via UDP -12 1061757 MEDIA PPTV media via UDP -13 1061758 MEDIA PPTV media via UDP -14 1061759 MEDIA PPTV media via UDP -15 1061760 MEDIA PPTV media via UDP -16 1061761 MEDIA PPTV media via UDP -17 1061781 MEDIA PPTV media via UDP -18 1062349 MEDIA PPTV media via UDP -20 1062353 MEDIA PPTV media via UDP -21 1068246 MEDIA PPTV media via UDP -22 1063514 MEDIA PPTV media via UDP -23 1064003 MEDIA PPTV media via UDP -24 1064025 MEDIA PPTV media via UDP -25 1067771 MEDIA PPTV media via UDP -27 1068256 MEDIA PPTV media via UDP -28 1052287 MEDIA PPTV media via TCP -1 1052623 MEDIA PPTV media via TCP -2 1052858 MEDIA PPTV media via TCP -3 1052859 MEDIA PPTV media via TCP -4 1052902 MEDIA PPTV media via TCP -5 1052903 MEDIA PPTV media via TCP -6 1053006 MEDIA PPTV media via TCP -7 1053470 MEDIA PPTV media via TCP -8 1053752 MEDIA PPTV media via TCP -14 1053850 MEDIA PPTV media via TCP -9 1053855 MEDIA PPTV media via TCP -15 1054159 MEDIA PPTV media via TCP -10 1061724 MEDIA PPTV media via TCP -11 1061730 MEDIA PPTV media via TCP -12 1064002 MEDIA PPTV media via TCP -16 1064058 MEDIA PPTV media via TCP -17 1067332 MEDIA PPTV media via TCP -18 1068011 MEDIA PPTV media via TCP -19 1053364 MEDIA PPTV media via TCP -13 1068247 MEDIA PPTV media via TCP -20 1068248 MEDIA PPTV media via TCP -21 1068250 MEDIA PPTV media via TCP -22 1069038 MEDIA PPTV media via TCP -23 1069039 MEDIA PPTV media via TCP -24 1053108 MEDIA PPTV access via TCP -1 1053109 MEDIA PPTV access via TCP -2 1054160 MEDIA PPTV access via TCP -3 1052285 MEDIA QQLive login via TCP -1 1066563 MEDIA iTunes login via SSL -1 1067888 MEDIA iTunes transfer-download via TCP -3 1067889 MEDIA iTunes transfer-download via TCP -4 1067890 MEDIA iTunes transfer-download via TCP -5 1066582 MEDIA iTunes transfer-download via TCP -1 1066583 MEDIA iTunes transfer-download via TCP -2 1066535 MEDIA iTunes media via TCP -1 1066216 MEDIA iTunes media via TCP -2 1066217 MEDIA iTunes media via TCP -3 1066855 MEDIA iTunes media via TCP -4 1066219 MEDIA iTunes media via TCP -5 1066220 MEDIA iTunes media via TCP -6 1066221 MEDIA iTunes media via TCP -7 1067333 MEDIA iTunes media via TCP -10 1069598 MEDIA iTunes media via TCP -13 1066210 MEDIA iTunes access via SSL -1 1069737 MEDIA iTunes access via SSL -2 1066211 MEDIA iTunes access via TCP -1 1067860 MEDIA iTunes access via TCP -2 1069151 MEDIA iTunes access via TCP -3 1065963 MEDIA iQIYI/PPS login via SSL -1 1065961 MEDIA iQIYI/PPS login via TCP -1 1066146 MEDIA iQIYI/PPS login via TCP -2 1067492 MEDIA iQIYI/PPS login via TCP -3 1064863 MEDIA iQIYI/PPS login via TCP -4 1064864 MEDIA iQIYI/PPS login via TCP -5 1068010 MEDIA iQIYI/PPS login via TCP -7 1066703 MEDIA iQIYI/PPS transfer-upload via UDP -1 1066147 MEDIA iQIYI/PPS transfer-upload via TCP -1 1066148 MEDIA iQIYI/PPS transfer-upload via TCP -2 1068054 MEDIA iQIYI/PPS transfer-upload via TCP -3 1068055 MEDIA iQIYI/PPS transfer-upload via TCP -4 1053223 MEDIA iQIYI/PPS media via UDP -1 1053395 MEDIA iQIYI/PPS media via UDP -2 1064519 MEDIA iQIYI/PPS media via UDP -3 1064520 MEDIA iQIYI/PPS media via UDP -4 1065447 MEDIA iQIYI/PPS media via UDP -5 1064867 MEDIA iQIYI/PPS media via UDP -6 1052832 MEDIA iQIYI/PPS media via TCP -1 1061762 MEDIA iQIYI/PPS media via TCP -2 1065489 MEDIA iQIYI/PPS media via TCP -3 1065898 MEDIA iQIYI/PPS media via TCP -4 1065959 MEDIA iQIYI/PPS media via TCP -5 1066704 MEDIA iQIYI/PPS media via TCP -6 1067897 MEDIA iQIYI/PPS media via TCP -7 1064866 MEDIA iQIYI/PPS media via TCP -8 1066073 MEDIA iQIYI/PPS media via TCP -9 1066697 MEDIA iQIYI/PPS media via TCP -10 1066136 MEDIA iQIYI/PPS media via TCP -11 1067046 MEDIA iQIYI/PPS media via TCP -12 1067200 MEDIA iQIYI/PPS media via TCP -13 1068432 MEDIA iQIYI/PPS media via TCP -14 1068557 MEDIA iQIYI/PPS media via TCP -15 1068602 MEDIA iQIYI/PPS media via TCP -16 1068885 MEDIA iQIYI/PPS media via TCP -17 1068994 MEDIA iQIYI/PPS media via TCP -18 1160063 MEDIA iQIYI/PPS media via TCP -19 1068638 MEDIA iQIYI/PPS access via UDP -1 1061763 MEDIA iQIYI/PPS access via TCP -1 1061764 MEDIA iQIYI/PPS access via TCP -2 1064865 MEDIA iQIYI/PPS access via TCP -3 1066074 MEDIA iQIYI/PPS access via TCP -4 1066075 MEDIA iQIYI/PPS access via TCP -5 1068558 MEDIA iQIYI/PPS access via TCP -6 1068886 MEDIA iQIYI/PPS access via TCP -7 1065829 MEDIA KKBox login via SSL -1 1067442 MEDIA KKBox login via SSL -2 1053475 MEDIA KKBox login via TCP -1 1065709 MEDIA KKBox login via TCP -2 1066186 MEDIA KKBox media via TCP -1 1066187 MEDIA KKBox media via TCP -2 1066233 MEDIA KKBox media via TCP -3 1066315 MEDIA KKBox access via SSL -1 1066188 MEDIA KKBox access via TCP -1 1066189 MEDIA KKBox access via TCP -2 1053384 MEDIA UUSee media via UDP -1 1064418 MEDIA SopCast login via TCP -2 1053214 MEDIA SopCast media via UDP -1 1064419 MEDIA SopCast media via UDP -2 1053678 MEDIA SopCast media via TCP -1 1053270 MEDIA SopCast media via TCP -2 1068324 MEDIA SopCast access via TCP -1 1068325 MEDIA SopCast access via TCP -2 1066084 MEDIA Sina Video login via TCP -1 1066085 MEDIA Sina Video transfer-upload via TCP -1 1053415 MEDIA Sina Video media via UDP -1 1053859 MEDIA Sina Video media via UDP -2 1065095 MEDIA Sina Video media via UDP -3 1065470 MEDIA Sina Video media via TCP -1 1068605 MEDIA Sina Video media via TCP -3 1061744 MEDIA Sina Video access via TCP -1 1061745 MEDIA Sina Video access via TCP -2 1066086 MEDIA Sina Video access via TCP -3 1068606 MEDIA Sina Video access via TCP -5 1062444 MEDIA Ooyala login via SSL -1 1065957 MEDIA Letv login via TCP -1 1066627 MEDIA Letv login via TCP -2 1065493 MEDIA Letv media via TCP -1 1066630 MEDIA Letv media via TCP -2 1066628 MEDIA Letv media via TCP -3 1066891 MEDIA Letv media via TCP -4 1068601 MEDIA Letv access via TCP -4 1064064 MEDIA Letv access via TCP -1 1066890 MEDIA Letv access via TCP -2 1068431 MEDIA Letv access via TCP -3 1066154 MEDIA Funshion login via TCP -1 1066885 MEDIA Funshion transfer-download via TCP -1 1063490 MEDIA Funshion media via UDP -1 1065223 MEDIA Funshion media via TCP -1 1063491 MEDIA Funshion media via TCP -2 1065546 MEDIA Funshion media via TCP -3 1068368 MEDIA Funshion media via TCP -4 1068369 MEDIA Funshion media via TCP -5 1068657 MEDIA Funshion media via TCP -6 1068658 MEDIA Funshion media via TCP -7 1068660 MEDIA Funshion accessvia UDP -1 1064740 MEDIA Funshion access via TCP -1 1066153 MEDIA Funshion access via TCP -2 1068370 MEDIA Funshion access via TCP -3 1068371 MEDIA Funshion access via TCP -4 1065468 MEDIA Sohu TV media via TCP -1 1065469 MEDIA Sohu TV media via TCP -2 1066037 MEDIA Sohu TV media via TCP -3 1066097 MEDIA Sohu TV media via TCP -4 1064997 MEDIA Sohu TV media via TCP -5 1065666 MEDIA Sohu TV media via TCP -6 1066229 MEDIA Sohu TV media via TCP -7 1066228 MEDIA Sohu TV media via TCP -8 1068985 MEDIA Sohu TV media via TCP -9 1069044 MEDIA Sohu TV media via TCP -10 1069045 MEDIA Sohu TV media via TCP -11 1066098 MEDIA Sohu TV transfer-upload via TCP -1 1066231 MEDIA Sohu TV transfer-upload via TCP -2 1068640 MEDIA Sohu TV access via UDP -1 1061733 MEDIA Sohu TV access via TCP -1 1063437 MEDIA Sohu TV access via TCP -2 1066095 MEDIA Sohu TV access via TCP -3 1066096 MEDIA Sohu TV access via TCP -4 1066100 MEDIA Sohu TV access via TCP -5 1066101 MEDIA Sohu TV access via TCP -6 1065011 MEDIA Sohu TV access via TCP -7 1066900 MEDIA Sohu TV access via TCP -8 1066121 MEDIA Tudou login via TCP -1 1066135 MEDIA Tudou login via TCP -2 1065539 MEDIA Tudou login via TCP -3 1063457 MEDIA Tudou media via UDP -1 1063458 MEDIA Tudou media via TCP -1 1065380 MEDIA Tudou media via TCP -2 1065381 MEDIA Tudou media via TCP -3 1065382 MEDIA Tudou media via TCP -4 1068616 MEDIA Tudou media via TCP -5 1061767 MEDIA Tudou access via TCP -1 1064215 MEDIA Tudou access via TCP -2 1066905 MEDIA Tudou access via TCP -3 1064627 MEDIA BaiduMusic media via UDP -1 1064625 MEDIA BaiduMusic media via TCP -1 1064592 MEDIA BaiduMusic access via UDP -1 1064591 MEDIA BaiduMusic access via TCP -1 1064623 MEDIA BaiduMusic access via TCP -2 1066499 MEDIA BaiduMusic access via TCP -3 1066500 MEDIA BaiduMusic access via TCP -4 1067346 MEDIA Qvod login via TCP -1 1063446 MEDIA Qvod media via UDP -1 1063447 MEDIA Qvod media via TCP -1 1063448 MEDIA Qvod media via TCP -2 1064085 MEDIA Qvod access via UDP -1 1064086 MEDIA Qvod access via UDP -2 1066180 MEDIA Qvod access via TCP -1 1066181 MEDIA Qvod access via TCP -2 1065471 MEDIA YouTube media via TCP -1 1065838 MEDIA YouTube media via TCP -2 1066102 MEDIA YouTube media via TCP -3 1067257 MEDIA YouTube media via TCP -4 1067259 MEDIA YouTube media via TCP -5 1067260 MEDIA YouTube media via TCP -6 1067713 MEDIA YouTube media via TCP -8 1067714 MEDIA YouTube media via TCP -9 1067806 MEDIA YouTube media via TCP -10 1063460 MEDIA YouTube access via UDP -1 1068664 MEDIA YouTube access via UDP -2 1068665 MEDIA YouTube access via UDP -3 1068667 MEDIA YouTube access via SSL -1 1069127 MEDIA YouTube access via SSL -2 1160086 MEDIA YouTube access via SSL -3 1160087 MEDIA YouTube access via SSL -4 1052709 MEDIA YouTube access via TCP -1 1065839 MEDIA YouTube access via TCP -2 1066529 MEDIA YouTube access via TCP -3 1063509 MEDIA YouTube access via TCP -4 1067258 MEDIA YouTube access via TCP -5 1067695 MEDIA YouTube access via TCP -6 1067706 MEDIA YouTube access via TCP -7 1066082 MEDIA 56.com login via TCP -1 1066083 MEDIA 56.com transfer-upload via TCP -1 1065424 MEDIA 56.com media via TCP -1 1068642 MEDIA 56.com access via UDP -1 1061732 MEDIA 56.com access via TCP -1 1066103 MEDIA Youku.com login via SSL -1 1066104 MEDIA Youku.com login via TCP -1 1061778 MEDIA Youku.com media via UDP -1 1061779 MEDIA Youku.com media via TCP -1 1065484 MEDIA Youku.com media via TCP -2 1065542 MEDIA Youku.com media via TCP -3 1066107 MEDIA Youku.com media via TCP -4 1066910 MEDIA Youku.com media via TCP -5 1068405 MEDIA Youku.com media via TCP -6 1066105 MEDIA Youku.com transfer-upload via TCP -1 1066108 MEDIA Youku.com transfer-upload via TCP -2 1066112 MEDIA Youku.com transfer-upload via TCP -3 1066132 MEDIA Youku.com transfer-upload via TCP -4 1053277 MEDIA Youku.com access via TCP -1 1066106 MEDIA Youku.com access via TCP -2 1063502 MEDIA Grooveshark login via SSL -1 1063503 MEDIA Grooveshark access via TCP -1 1068318 MEDIA Grooveshark access via TCP -2 1063504 MEDIA Microsoft Silverlight media via TCP -1 1063505 MEDIA Microsoft Silverlight media via TCP -2 1066526 MEDIA RealPlayer login via SSL -1 1051850 MEDIA RealPlayer media via TCP -1 1052068 MEDIA RealPlayer media via TCP -2 1052069 MEDIA RealPlayer media via TCP -3 1066527 MEDIA RealPlayer access via TCP -1 1053798 MAIL NETEASE login via TCP -1 1053799 MAIL NETEASE login via SSL -1 1063919 MAIL NETEASE login via SSL -2 1063920 MAIL NETEASE login via SSL -3 1052736 MAIL Yahoo transfer via TCP -1 1063478 MAIL Yahoo transfer via TCP -2 1052579 MAIL Yahoo access via TCP -1 1052580 MAIL Yahoo access via TCP -2 1063739 MAIL Yahoo access via TCP -3 1054132 MAIL Yahoo access via TCP -5 1061811 MAIL Sina login via TCP -1 1062460 MAIL Sina login via TCP -2 1064805 MAIL Sina transfer via TCP -1 1063149 MAIL Sina access via TCP -1 1063526 MAIL Gmail login via SSL -1 1061518 MAIL Gmail login via SSL -2 1068873 GAME QQ/QQFO login via UDP -1 1052615 GAME QQ/QQFO login via TCP -1 1052855 GAME QQ/QQFO login via TCP -2 1052856 GAME QQ/QQFO login via TCP -3 1052616 GAME QQ/QQFO login via TCP -4 1063389 GAME QQ/QQFO login via TCP -6 1063407 GAME QQ/QQFO login via TCP -7 1064093 GAME QQ/QQFO login via TCP -8 1064114 GAME QQ/QQFO login via TCP -10 1065222 GAME QQ/QQFO login via TCP -11 1061819 GAME QQ/QQFO access via TCP -1 1064097 GAME QQ/QQFO access via TCP -2 1068874 GAME QQ/QQFO access via TCP -3 1068875 GAME QQ/QQFO access via TCP -4 1053327 GAME PopKart login via TCP -1 1053672 GAME PopKart login via TCP -2 1160025 GAME PopKart transfer via TCP -1 1053265 GAME Diablo login via TCP -1 1068935 GAME Diablo access via TCP -1 1068889 GAME WOW transfer via TCP -1 1060043 GAME Pokemon Go access via SSL -1 1051742 TERMINAL VNC communicate via TCP -1 1053057 TERMINAL TeamViewer communicate via TCP -6 1053058 TERMINAL TeamViewer communicate via TCP -2 1064125 TERMINAL TeamViewer communicate via TCP -3 1066386 TERMINAL TeamViewer communicate via TCP -4 1066387 TERMINAL TeamViewer communicate via TCP -5 1066382 TERMINAL TeamViewer access via SSL -1 1066384 TERMINAL TeamViewer access via UDP -1 1066383 TERMINAL TeamViewer access via TCP -1 1066385 TERMINAL TeamViewer access via TCP -2 1067739 TERMINAL Chrome Remote Desktop access via UDP -1 1068089 TERMINAL ISL Online login via TCP -1 1068090 TERMINAL ISL Online access via SSL -1 1068091 TERMINAL ISL Online access via TCP -1 1053303 TERMINAL GoToMyPC login via SSL -1 1160094 TERMINAL GoToMyPC login via SSL -2 1064028 TERMINAL GoToMyPC login via TCP -1 1160095 TERMINAL GoToMyPC access via SSL -1 1064171 TERMINAL GoToMyPC access via TCP -1 1065932 TERMINAL GoToMyPC access via TCP -2 1066214 TERMINAL GoToMeeting login via SSL -1 1066215 TERMINAL GoToMeeting access via TCP -1 1068074 TERMINAL ShowMyPC connect via TCP -1 1068075 TERMINAL ShowMyPC access via UDP -1 1068076 TERMINAL ShowMyPC access via SSL -1 1068077 TERMINAL ShowMyPC access via TCP -1 1068816 TERMINAL AnyDesk access via SSL -1 1053283 STOCK DZH login via TCP -1 1053284 STOCK DZH login via TCP -2 1053610 STOCK DZH login via TCP -3 1053707 STOCK DZH login via TCP -4 1061808 STOCK DZH login via TCP -6 1061809 STOCK DZH login via TCP -7 1063351 STOCK DZH login via TCP -8 1066837 STOCK DZH login via TCP -9 1067232 STOCK DZH login via TCP -10 1066836 STOCK DZH access via TCP -1 1063373 STOCK DZH access via TCP -2 1053282 STOCK 10JQKA login via TCP -1 1063375 STOCK 10JQKA access via TCP -1 1053286 STOCK Qianlong login via TCP -1 1053285 STOCK Compass.cn login via TCP -1 1064078 STOCK Compass.cn login via TCP -2 1053623 STOCK StockStar login via TCP -1 1053666 STOCK Hexun login via TCP -1 1064153 STOCK Hexun login via TCP -2 1064152 STOCK Hexun access via TCP -1 1052688 WEB-IM eBuddy login via TCP -5 1053121 WEB-IM eBuddy login via TCP -6 1053122 WEB-IM eBuddy login via TCP -7 1053380 WEB-IM eBuddy login via TCP -8 1053608 WEB-IM eBuddy login via TCP -9 1062405 WEB-IM eBuddy login via TCP -10 1052641 WEB-IM iLoveIM access via TCP -1 1052642 WEB-IM iLoveIM login via TCP -1 1063588 WEB-IM Karoo Lark login via TCP -1 1054114 WEB-IM imo.im login via SSL -1 1051951 WEB-IM AOL login via TCP -1 1053341 WEB-IM AOL login via TCP -3 1067433 WEB-IM AOL login via TCP -4 1067095 WEB-IM ICQ login via SSL -1 1052010 WEB-IM ICQ login via TCP -1 1053325 WEB-IM ICQ login via TCP -2 1053326 WEB-IM ICQ login via TCP -3 1052014 WEB-IM ICQ communicate via TCP -1 1052015 WEB-IM ICQ communicate via TCP -2 1060009 WEB-IM AirAim login via TCP -1 1060028 WEB-IM Instan-t login via TCP -1 1061729 PRIPROTOCOL QQ series transfer via UDP -1 1053595 PRIPROTOCOL QQ series transfer via UDP -5 1064213 PRIPROTOCOL QQ series transfer via UDP -6 1061728 PRIPROTOCOL QQ series transfer via TCP -1 1063196 PRIPROTOCOL QQ series transfer via TCP -2 1063214 PRIPROTOCOL QQ series transfer via TCP -3 1063219 PRIPROTOCOL QQ series transfer via TCP -4 1064065 PRIPROTOCOL QQ series transfer via TCP -6 1052834 PRIPROTOCOL QQ series transfer via TCP -7 1060288 SOCIAL Twitter login via SSL -1 1069027 SOCIAL Twitter media via SSL -1 1069131 SOCIAL Twitter media via SSL -2 1069132 SOCIAL Twitter media via TCP -1 1069373 SOCIAL Twitter media via TCP -2 1066289 SOCIAL Twitter access via SSL -1 1069033 SOCIAL Twitter access via SSL -2 1069978 SOCIAL Twitter access via SSL -3 1061627 SOCIAL Twitter access via TCP -1 1067789 SOCIAL Twitter access via TCP -2 1067787 SOCIAL Twitter access via TCP -3 1063943 SOCIAL Plurk login via TCP -1 1061626 SOCIAL Plurk login via SSL -1 1061625 SOCIAL Plurk access via TCP -1 1060210 WEB2.0 Evernote login via SSL -1 1063903 WEB2.0 Evernote access via TCP -1 1054162 WEB2.0 beanfun communicate via TCP -1 1067696 CA Google APIs Authentication via SSL -1 1065944 CA Google App Engine Authentication via SSL -1 1053577 CA Microsoft Authentication via SSL -1 1052905 CA Microsoft Authentication via SSL -4 1068113 CA Microsoft Authentication via SSL -5 1068114 CA Microsoft Authentication via SSL -6 1068115 CA Microsoft Authentication via SSL -7 1068116 CA Microsoft Authentication via SSL -8 1062420 CA Yahoo Authentication via SSL -1 1063538 CA Yahoo Authentication via SSL -3 1063740 CA Yahoo Authentication via SSL -4 1068378 CA Yahoo Authentication via SSL -5 1069324 CA Yahoo Authentication via SSL -6 1069325 CA Yahoo Authentication via SSL -7 1069942 CA Yahoo Authentication via SSL -8 1053019 CA AOL Authentication via SSL -1 1062441 CA AOL Authentication via SSL -2 1066525 CA AOL Authentication via SSL -3 1063316 CA Sina Authentication via SSL -1 1060010 MEDIA MP4 file media via TCP -1 1060015 MEDIA MP4 file media via TCP -2 1060016 MEDIA MP4 file media via TCP -3 1060019 MEDIA MP4 file media via TCP -4 1066327 MEDIA MP4 file media via TCP -5 1052705 MEDIA RMVB file media via TCP -1 1052584 MEDIA RM file media via TCP -1 1053737 MEDIA SWF file media via TCP -1 1052583 MEDIA AVI file media via TCP -1 1053302 MEDIA WMA file media via TCP -1 1052585 MEDIA MOV file media via TCP -1 1052707 MEDIA WMV file media via TCP -1 1052706 MEDIA ASF file media via TCP -1 1052830 EXT_SKYPE_LOGIN 1080006 SG - TUNNEL Tor connect via TCP 1080017 SG - TUNNEL Wujie/UltraSurf login via TCP/UDP Add 75 Rules: -------------------------------------------------------------------- 1133572 WEB Shell Spawning Attempt via telnetd -1 1133533 WEB Apache Struts Dynamic Method Invocation Remote Code Execution -1.x 1133528 WEB Apache Struts 2 Remote Code Execution -1.1 (CVE-2017-5638) 1133529 WEB Apache Struts 2 Remote Code Execution -1.2 (CVE-2017-5638) 1133530 WEB Apache Struts 2 Remote Code Execution -2.1 (CVE-2017-5638) 1133531 WEB Apache Struts 2 Remote Code Execution -2.2 (CVE-2017-5638) 1133532 WEB Apache Struts 2 Remote Code Execution -2.3 (CVE-2017-5638) 1133534 MALWARE Suspicious IoT Worm TELNET Activity -2 1133570 WEB PHPMailer Remote Code Execution -1.2 (CVE-2016-10033) 1133571 WEB PHPMailer Remote Code Execution -2 (CVE-2016-10033) 1133598 MALWARE Suspicious IoT Worm TELNET Activity -3 1133539 WEB SQL injection attempt -2.u 1133526 WEB SQL injection select from attempt -3.x 1133535 SMTP SysGauge SMTP Validation Buffer Overflow 1133573 WEB Github Enterprise Default Session Secret And Deserialization Vulnerability 1133527 WEB SQL injection attempt -17.x 1133547 FILE Adobe Acrobat and Reader JPEG2000 Out of Bounds Read (CVE-2017-2946) 1133548 WEB Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow (CVE-2017-7269) 1133552 FILE Adobe Acrobat ImageConversion JPEG Out-of-Bounds Read (CVE-2017-2960) 1133553 WEB-CLIENT Microsoft Internet Explorer CVE-2017-0008 Information Disclosure (CVE-2017-0008) 1133567 FILE Microsoft Graphics Component CVE-2017-0014 Memory Corruption (CVE-2017-0014) 1133569 WEB-CLIENT Microsoft MSXML CVE-2017-0022 Information Disclosure -1 (CVE-2017-0022) 1133581 WEB-CLIENT Microsoft MSXML CVE-2017-0022 Information Disclosure -2 (CVE-2017-0022) 1133594 FILE Microsoft Office/WordPad Remote Code Execution Vulnerability (CVE-2017-0199) 1133595 FILE Microsoft Outlook Remote Code Execution Vulnerability (CVE-2017-0106) 1133596 WEB-CLIENT Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0200) 1133599 WEB-CLIENT Microsoft Hta File Remote Code Execution Vulnerability -1 1133600 WEB-CLIENT Microsoft Hta File Remote Code Execution Vulnerability -2 1133544 FILE Microsoft Office CVE-2016-7289 Memory Corruption (CVE-2016-7289) 1133568 FILE Adobe Digital Editions Epub XXE Information Disclosure -1 (CVE-2016-7889) 1133576 WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability -3 (CVE-2016-7242) 1133582 WEB-CLIENT Adobe Digital Editions Epub XXE Information Disclosure -2 (CVE-2016-7889) 1133583 WEB-CLIENT Adobe Digital Editions Epub XXE Information Disclosure -3 (CVE-2016-7889) 1133584 WEB-CLIENT Adobe Digital Editions Epub XXE Information Disclosure -4 (CVE-2016-7889) 1133585 FILE Microsoft Windows PDF Library CVE-2017-0023 Information Disclosure (CVE-2017-0023) 1133545 WEB PHP zend_hash_destroy Uninitialized Pointer Code Execution -1 (CVE-2017-5340) 1133546 WEB PHP zend_hash_destroy Uninitialized Pointer Code Execution -2 (CVE-2017-5340) 1133554 EXPLOIT Oracle WebLogic Server UnicastRef Insecure Deserialization (CVE-2017-3248) 1133579 WEB ASUS Multiple Routers WAN Settings Remote Command Injection 1133580 WEB-CLIENT MacOSX HelpViewer 10.12.1 XSS Arbitrary File Execution (CVE-2017-2361) 1133586 WEB-CLIENT Javascript Obfuscation in Exploit Kits - 87 (Ransomware Attack Vector) 1133587 WEB-CLIENT Javascript Obfuscation in Exploit Kits - 88 (Ransomware Attack Vector) 1133593 TELNET Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability (CVE-2017-3881) 1133537 WEB Micro Focus GroupWise Post Office Agent Integer Overflow -2 (CVE-2016-5762) 1133538 SSL OpenSSL tls_get_message_body Function init_msg Structure Use After Free -2 (CVE-2016-6309) 1133540 SCADA Moxa SoftCMS 1.5 AspWebServer Denial of Service Vulnerability -1.1 (CVE-2016-9332) 1133541 SCADA Moxa SoftCMS 1.5 AspWebServer Denial of Service Vulnerability -1.2 (CVE-2016-9332) 1133542 SCADA Moxa SoftCMS 1.5 AspWebServer Denial of Service Vulnerability -1.3 (CVE-2016-9332) 1133543 SCADA Moxa SoftCMS 1.5 AspWebServer Denial of Service Vulnerability -1.4 (CVE-2016-9332) 1133575 WEB Apache Tomcat Security Bypass Vulnerability (CVE-2016-6816) 1133577 NTP Network Time Protocol Daemon read_mru_list Denial of Service -4 (CVE-2016-7434) 1133536 WEB PineApp Mail-SeCure livelog.html Arbitrary Command Execution -3.x (OSVDB-95779) 1133574 WEB DzSoft PHP Editor Directory Traversals 1059415 WEB eScan Web Management Console Command Injection 1059523 SCADA Yokogawa CS3000 BKESimmgr.exe Buffer Overflow (CVE-2014-0782) 1059566 WEB Symantec Workspace Streaming Arbitrary File Upload -1 (CVE-2014-1649) 1059583 SCADA Advantech WebAccess SCADA webvact.ocx AccessCode Buffer Overflow -1 (CVE-2014-0768) 1059584 SCADA Advantech WebAccess SCADA webvact.ocx AccessCode Buffer Overflow -2 (CVE-2014-0768) 1059594 WEB ElasticSearch Dynamic Script Arbitrary Java Execution (CVE-2014-3120) 1059617 WEB Easy File Management Web Server Stack Buffer Overflow (BID-67542) 1059670 WEB D-Link HNAP Request Stack Buffer Overflow -1 (CVE-2014-3936) 1059701 WEB Rocket Servergraph Admin Center fileRequestor run and runClear Command Executions -2 (CVE-2014-3914) 1059703 WEB AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution -1 (CVE-2014-3804) 1059704 WEB Cogent DataHub Web Server GetPermissions.asp Command Injection -2 (CVE-2014-3789) 1059727 SCADA Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow (CVE-2014-3888) 1059728 WEB Gitlist Unauthenticated Remote Command Execution (CVE-2014-4511) 1059729 WEB Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload 1059806 EXPLOIT HP Data Protector Opcode 28 and 11 Command Execution -3 (CVE-2014-2623) 1059808 WEB Directory Traversal -11 1160175 VOIP LINE communicate via UDP -3 1160176 VOIP LINE communicate via UDP -4 1160068 MEDIA Periscope access via SSL -1 1160069 MEDIA Periscope access via SSL -2 1160177 MEDIA Periscope access via SSL -3 1160186 GAME WOW transfer via TCP -2 Delete 69 Rules: -------------------------------------------------------------------- 1133190 WEB Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution (CVE-2014-7205) 1133226 WEB JIRA Issues Collector Directory Traversal -1.x (CVE-2014-2314) 1133227 WEB JIRA Issues Collector Directory Traversal -2.x (CVE-2014-2314) 1133154 FILE Microsoft Graphics Device Interface CVE-2016-3263 Information Disclosure -1 (CVE-2016-3263) 1133155 FILE Microsoft Graphics Device Interface CVE-2016-3263 Information Disclosure -2 (CVE-2016-3263) 1133156 FILE Adobe Flash loadPCMFromByteArray Use After Free -3 (CVE-2016-0984) 1133157 FILE Adobe Flash loadPCMFromByteArray Use After Free -4 (CVE-2016-0984) 1133158 FILE Adobe Flash loadPCMFromByteArray Use After Free -5 (CVE-2016-0984) 1133159 LDAP Microsoft Windows Domain User Code Execution (CVE-2016-3368) 1133161 FILE Adobe Flash Player Use After Free (CVE-2016-7855) 1133174 WEB-CLIENT Microsoft Internet Explorer and Edge Scripting Engine CVE-2016-3382 Type Confusion -1 (CVE-2016-3382) 1133175 FILE Adobe Flash Player FileReference Type Confusion -3 (CVE-2016-1105) 1133176 FILE Adobe Flash Player FileReference Type Confusion -4 (CVE-2016-1105) 1133177 FILE Adobe Flash SetNative Use After Free Vulnerability -1 (CVE-2016-1106) 1133178 FILE Adobe Flash SetNative Use After Free Vulnerability -2 (CVE-2016-1106) 1133179 FILE Adobe Flash SetNative Use After Free Vulnerability -3 (CVE-2016-1106) 1133182 WEB-CLIENT Microsoft Edge Security Feature Bypass -2 (CVE-2016-3244) 1133187 FILE Adobe Flash AddProperty Use After Free Vulnerability -1 (CVE-2016-4108) 1133188 FILE Adobe Flash AddProperty Use After Free Vulnerability -2 (CVE-2016-4108) 1133209 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7200) 1133210 WEB-CLIENT Microsoft Browser Memory Corruption Vulnerability (CVE-2016-7196) 1133211 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7201) 1133212 WEB-CLIENT Microsoft Browser Memory Corruption Vulnerability (CVE-2016-7198) 1133213 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability -1 (CVE-2016-7202) 1133214 WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability -1 (CVE-2016-7242) 1133216 WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2016-7203) 1133217 WEB-CLIENT Microsoft Microsoft Edge Information Disclosure Vulnerability (CVE-2016-7204) 1133218 WEB-CLIENT Microsoft Internet Explorer Windows Animation Manager Memory Corruption Vulnerability (CVE-2016-7203) 1133219 FILE Microsoft Open Type Font Information Disclosure Vulnerability (CVE-2016-7210) 1133220 WEB-CLIENT Microsoft Browser Information Disclosure Vulnerability (CVE-2016-7227) 1133221 WEB-CLIENT Microsoft Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7217) 1133222 WEB Microsoft SQL RDBMS Engine UNC Path Injection Privilege Escalation -1 (CVE-2016-7250) 1133223 FILE Microsoft Office Memory Corruption Vulnerability (CVE-2016-7231) 1133224 WEB-CLIENT Microsoft Microsoft Edge Remote Code Execution Vulnerability -1 (CVE-2016-7241) 1133225 WEB-CLIENT Microsoft Edge Scripting Engine CVE-2016-7240 Memory Corruption -1 (CVE-2016-7240) 1133055 WEB-CLIENT Javascript Obfuscation in Exploit Kits - 81 (Ransomware Attack Vector) 1133153 EXPLOIT HPE Network Automation RMI Registry Insecure Deserialization -1 (CVE-2016-4385) 1133160 FILE Oracle Java SE Remote Code Execution Vulnerability (CVE-2016-0636) 1133162 WEB Joomla! CMS Policy Bypass and Privilege Escalation Vulnerabilities -1 (CVE-2016-8869) 1133163 EXPLOIT HPE Network Automation RMI Registry Insecure Deserialization -2 (CVE-2016-4385) 1133164 EXPLOIT HPE Network Automation RMI Registry Insecure Deserialization -3 (CVE-2016-4385) 1133165 EXPLOIT HPE Network Automation RMI Registry Insecure Deserialization -4 (CVE-2016-4385) 1133166 EXPLOIT HPE Network Automation RMI Registry Insecure Deserialization -5 (CVE-2016-4385) 1133167 EXPLOIT HPE Network Automation RMI Registry Insecure Deserialization -6 (CVE-2016-4385) 1133168 EXPLOIT HPE Network Automation RMI Registry Insecure Deserialization -7 (CVE-2016-4385) 1133169 EXPLOIT HPE Network Automation RMI Registry Insecure Deserialization -8 (CVE-2016-4385) 1133170 EXPLOIT HPE Network Automation RMI Registry Insecure Deserialization -9 (CVE-2016-4385) 1133171 FILE Symantec Antivirus Engine PE Header Heap Buffer Overflow -1 (CVE-2016-2208) 1133172 FILE Symantec Antivirus Engine PE Header Heap Buffer Overflow -2 (CVE-2016-2208) 1133173 DNS ISC BIND buffer.c Assertion Failure Denial of Service (CVE-2016-2776) 1133180 FILE Windows Kernel ATMFD.DLL NamedEscape Memory Corruption -1 (CVE-2016-3220) 1133181 FILE Windows Kernel ATMFD.DLL NamedEscape Memory Corruption -2 (CVE-2016-3220) 1133183 WEB Joomla! Remote Account Creation Vulnerability -1 (CVE-2016-8870) 1133184 WEB Joomla! Remote Account Creation Vulnerability -2 (CVE-2016-8870) 1133185 FILE ImageMagick Ephemeral Protocol Arbitrary File Deletion -2 (CVE-2016-3716) 1133186 WEB Drupal Core system.temporary Information Disclosure (CVE-2016-7572) 1133191 WEB Drupal RESTful Web Services Module Default Page Callback Function Remote php Command Execution (EDB-40130) 1133192 TELNET Cisco Adaptive Security Appliance Telnet CLI Privilege Escalation (CVE-2016-6367) 1133204 WEB SQL injection attempt -80.x 1133207 WEB SQL injection attempt -79.x 1133229 FILE ImageMagick SyncExifProfile Out Of Bounds Array Indexing - 1 (CVE-2016-7799) 1133230 FILE ImageMagick SyncExifProfile Out Of Bounds Array Indexing - 2 (CVE-2016-7799) 1133193 WEB Arcserve Unified Data Protection reportFileServlet Directory Traversal -1.x (CVE-2015-4068) 1133194 WEB Arcserve Unified Data Protection reportFileServlet Directory Traversal -4.x (CVE-2015-4068) 1133206 WEB SQL injection attempt -83.a 1133208 WEB SQL injection attempt -83.x 1133203 WEB SQL injection attempt -78.x 1133205 WEB SQL injection attempt -82 1133189 MISC Bitcoin/LiteCoin/Dogecoin Mining Activity -2