*** NetKeeper 8.544 Release ***
Total number of signatures: 3058
Signature update 8.544 is for NetKeeper series devices.
  NK6000 (NK6105, NK6210C/F/G)
  NK3500 (NK3520, NK3550)
  NK5500 NK5900
  NK7210


Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities 
and applications as below:

Different from the version 8.542 ***
Modify 22 Rules:
--------------------------------------------------------------------
1110895	WEB-CLIENT WScript.Shell Remote Code Execution -1 (Ransomware Attack Vector)
1132388	WEB-CLIENT Suspicious HTML Div Tag -2 (Ransomware Attack Vector)
1133572	WEB Shell Spawning Attempt via telnetd -1.b
1133449	SMB Microsoft SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability (CVE-2017-0016)
1133506	WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0141)
1133594	FILE Microsoft Office/WordPad Remote Code Execution Vulnerability (CVE-2017-0199)
1133582	WEB-CLIENT Adobe Digital Editions Epub XXE Information Disclosure -2 (CVE-2016-7889)
1133583	WEB-CLIENT Adobe Digital Editions Epub XXE Information Disclosure -3 (CVE-2016-7889)
1133584	WEB-CLIENT Adobe Digital Editions Epub XXE Information Disclosure -4 (CVE-2016-7889)
1133516	WEB Dell SonicWALL GMS-Analyzer license.jsp Information Disclosure
1133389	WEB Netgear WNR2000v5 Remote Code Execution Vulnerability
1133409	EXPLOIT Memcached process_bin_sasl_auth Integer Underflow -1 (CVE-2016-8706)
1054841	WEB SQL injection attempt -7
1131155	WEB-CLIENT WScript.Shell Remote Code Execution -3
1059958	WEB Directory Traversal -27
1131578	WEB ManageEngine EventLog Analyzer Remote Code Execution -1.a (CVE-2015-7387)
1132929	WEB ManageEngine EventLog Analyzer Remote Code Execution -2.a (CVE-2015-7387)
1068664	MEDIA YouTube access via UDP -2
1066103	MEDIA Youku.com login via SSL -1
1065542	MEDIA Youku.com media via TCP -3
1068405	MEDIA Youku.com media via TCP -6
1065983	WEB-IM QQ login via SSL -1

Add 73 Rules:
--------------------------------------------------------------------
1054713	NETBIOS Microsoft Windows SMB Negotiate Request Remote code execution (CVE-2009-3103)
1057303	RPC Microsoft Windows Print Spooler Service Arbitrary File Upload -2 (CVE-2010-2729)
1133641	WEB Shell Spawning Attempt via telnetd -1.u
1133607	MALWARE Suspicious IoT Worm TELNET Activity -4
1133635	SMB Microsoft MS17-010 SMB Remote Code Execution -1
1133636	SMB Microsoft MS17-010 SMB Remote Code Execution -2
1133637	SMB Microsoft MS17-010 SMB Remote Code Execution -3
1133638	SMB Microsoft MS17-010 SMB Remote Code Execution -4
1133643	WEB WePresent WiPG-1000 Command Injection
1133644	WEB Disk Sorter Enterprise GET Buffer Overflow
1133601	WEB b374k WEB Shell Activity -1
1133603	WEB b374k WEB Shell Activity -2
1133631	WEB Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution (CVE-2016-7547)
1133613	WEB ManageEngine EventLog Analyzer Remote Code Execution -1.x (CVE-2015-7387)
1133614	WEB ManageEngine EventLog Analyzer Remote Code Execution -2.x (CVE-2015-7387)
1133590	WEB-CLIENT Microsoft Internet Explorer and Edge Blocksite.htm Spoofing -1.1 (CVE-2017-0033)
1133591	WEB-CLIENT Microsoft Internet Explorer and Edge Blocksite.htm Spoofing -1.2 (CVE-2017-0033)
1133592	FILE Microsoft Graphics Device Interface CVE-2017-0038 Information Disclosure -1 (CVE-2017-0038)
1133597	WEB-ACTIVEX Microsoft Windows DirectShow Information Disclosure -1 (CVE-2017-0042)
1133602	FILE Microsoft Graphics Device Interface CVE-2017-0038 Information Disclosure -2 (CVE-2017-0038)
1133604	WEB-ACTIVEX Microsoft Windows DirectShow Information Disclosure -1 (CVE-2017-0042)
1133615	SMB Microsoft Windows SMB Server SMBv1 CVE-2017-0145 Buffer Overflow (CVE-2017-0145)
1133616	WEB-CLIENT Microsoft Edge CVE-2017-0065 Information Disclosure (CVE-2017-0065)
1133619	WEB-CLIENT Microsoft Edge ProfiledLdElem Type Confusion -1 (CVE-2017-0071)
1133620	WEB-CLIENT Microsoft Edge ProfiledLdElem Type Confusion -2 (CVE-2017-0071)
1133623	WEB-CLIENT Microsoft Edge Chakra SetPropertyTrap Method PropertyString Object Type Confusion -1 (CVE-2017-0094)
1133630	WEB-CLIENT Microsoft Edge Chakra SetPropertyTrap Method PropertyString Object Type Confusion -2 (CVE-2017-0094)
1133640	FILE Adobe Reader and Acrobat XSLT function-available Buffer Overflow (CVE-2017-2949)
1133646	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -2.3 (CVE-2015-2446)
1133647	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -4.1 (CVE-2015-2446)
1133648	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -4.2 (CVE-2015-2446)
1133652	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -2 (CVE-2015-0036)
1133653	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -3 (CVE-2015-0036)
1133633	EXPLOIT Microsoft Windows Kerberos KDC Privilege Escalation -1 (CVE-2014-6324)
1133634	EXPLOIT Microsoft Windows Kerberos KDC Privilege Escalation -2 (CVE-2014-6324)
1133578	WEB GoAhead system.ini Information Disclosure Vulnerability -1 (CVE-2017-5674)
1133605	WEB Moxa MXview Private Key Disclosure Vulnerability (CVE-2017-7455)
1133609	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 89 (Ransomware Attack Vector)
1133610	WEB Trend Micro SafeSync for Enterprise restartService Command Injection -1 (ZDI-17-130)
1133611	WEB Trend Micro SafeSync for Enterprise restartService Command Injection -2 (ZDI-17-130)
1133612	WEB Trend Micro Control Manager lang Parameter Arbitrary File Inclusion (ZDI-17-069)
1133617	WEB Trend Micro SafeSync for Enterprise deviceTool.pm get_device_info SQL Injection -1 (ZDI-17-128)
1133618	WEB Trend Micro SafeSync for Enterprise deviceTool.pm get_device_info SQL Injection -2 (ZDI-17-128)
1133624	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.1 (ZDI-17-116)
1133625	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -2 (ZDI-17-116)
1133626	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.2 (ZDI-17-116)
1133627	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -3 (ZDI-17-116)
1133628	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.3 (ZDI-17-116)
1133629	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -4 (ZDI-17-116)
1133639	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.4 (ZDI-17-116)
1133642	WEB GoAhead system.ini Information Disclosure Vulnerability -2 (CVE-2017-5674)
1133645	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 90 (Ransomware Attack Vector)
1133649	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 91 (Ransomware Attack Vector)
1133651	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -1 (ZDI-17-122)
1133654	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -2 (ZDI-17-122)
1133655	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -3 (ZDI-17-122)
1133656	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -4 (ZDI-17-122)
1133657	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -5 (ZDI-17-122)
1133658	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -6 (ZDI-17-122)
1133659	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -7 (ZDI-17-122)
1133660	WEB Western Digital My Cloud Authentication Bypass
1133661	SSL OpenSSL DHE and ECDHE Parameters NULL Pointer Dereference -1 (CVE-2017-3730)
1133662	SSL OpenSSL DHE and ECDHE Parameters NULL Pointer Dereference -2 (CVE-2017-3730)
1133588	EXPLOIT Memcached process_bin_update body_len Integer Overflow -7 (CVE-2016-8705)
1133589	EXPLOIT Memcached process_bin_update body_len Integer Overflow -8 (CVE-2016-8705)
1133606	EXPLOIT Memcached process_bin_sasl_auth Integer Underflow -2 (CVE-2016-8706)
1133608	WEB Trend Micro InterScan Web Security ManagePatches filename Remote Code Execution (ZDI-16-348)
1133650	WEB Multiple CCTV-DVR Vendors Remote Code Execution
1133622	EXPLOIT Fortinet Single Sign On Hello Message Stack Buffer Overflow -5 (CVE-2015-2281)
1133632	EXPLOIT Possible ECLIPSEDWING (MS08-067)
1160201	MEDIA YouTube access via UDP -4
1160202	MEDIA Youku.com access via SSL -1
1160203	MEDIA Youku.com access via SSL -2

Delete 70 Rules:
--------------------------------------------------------------------
1133512	WEB-CLIENT JavaScript Heap Exploitation -13
1133256	WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability -2 (CVE-2016-7202)
1133257	WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability -3 (CVE-2016-7202)
1133258	WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability -4 (CVE-2016-7202)
1133259	FILE Microsoft Windows Graphics Component Remote Code Execution (CVE-2016-3393)
1133261	FILE Adobe Acrobat Reader JPEG2000 Information Disclosure (CVE-2016-1078)
1133263	FILE Adobe Acrobat Reader JPEG2000 CVE-2016-6941 Information Disclosur (CVE-2016-6941)
1133195	FILE Adobe Flash DomainMemory Integer Overflow -1 (CVE-2015-8651)
1133197	FILE Adobe Flash DomainMemory Integer Overflow -2 (CVE-2015-8651)
1133198	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -4 (CVE-2015-0099)
1133200	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -5 (CVE-2015-0099)
1133228	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -2 (CVE-2015-1747)
1133247	FILE Adobe Flash Player Pre-Validated Bytecode Memory Corruption Vulnerability -2 (CVE-2015-0303)
1133201	SSL OpenSSL tls_get_message_body Function init_msg Structure Use After Free -1 (CVE-2016-6309)
1133231	ICMP BlackNurse Attack
1133233	EXPLOIT IBM WebSphere WASPostParam cookie Untrusted Java Deserialization (CVE-2016-5983)
1133234	WEB Symantec Web Gateway OS Command Injection -1 (CVE-2016-5313)
1133235	WEB Symantec Web Gateway OS Command Injection -2 (CVE-2016-5313)
1133236	SSL OpenSSL TLSEXT_TYPE_status_request Memory Leak Denial of Service (CVE-2016-6304)
1133237	SSL OpenSSL SSL_peek Infinite Loop Denial of Service (CVE-2016-6305)
1133250	SCADA Advantech WebAccess Dashboard uploadImageCommon Arbitrary File Upload (CVE-2016-0854)
1133262	DNS ISC BIND DNS options Assertion Failure Denial of Service (CVE-2016-2848)
1133266	WEB ManageEngine Multiple Products customerName SQL Injection Remote Code Execution -2.2 (ZDI-15-232)
1133248	WEB-ACTIVEX Samsung iPOLiS Device Manager WriteConfigValue Stack Buffer Overflow -3 (CVE-2015-0555)
1133249	WEB Apple CUPS cupsd Privilege Escalation -4 (CVE-2015-1158)
1133264	WEB WordPress Job Manager Plugin Cross Site Scripting -1 (CVE-2015-2321)
1133265	WEB WordPress Job Manager Plugin Cross Site Scripting -2 (CVE-2015-2321)
1133458	WEB-CLIENT JavaScript Heap Exploitation -3
1133509	WEB-CLIENT JavaScript Heap Exploitation -4.1
1133510	WEB-CLIENT JavaScript Heap Exploitation -5.1
1133511	WEB-CLIENT JavaScript Heap Exploitation -6.1
1133239	SSL SSLv3 FREAK with CBC Cipher TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
1133240	SSL TLS FREAK with CBC Cipher TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 -1.1021
1133241	SSL TLSv1.1 FREAK with CBC Cipher TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 -1.2
1133242	SSL TLSv1.0 FREAK with CBC Cipher TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 -1.3
1133243	SSL SSLv3 FREAK with CBC Cipher TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
1133244	SSL TLS FREAK with CBC Cipher TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA -1.1021
1133245	SSL TLSv1.1 FREAK with CBC Cipher TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA -1.2
1133246	SSL TLSv1.0 FREAK with CBC Cipher TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA -1.3
1133251	SSL TLS FREAK with CBC Cipher TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 -1.1022
1133252	SSL TLS FREAK with CBC Cipher TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA -1.1022
1132387	WEB-CLIENT Suspicious HTML Div Tag -1
1058816	WEB Apache Commons FileUpload and Apache Tomcat DoS -1 (CVE-2014-0050)
1058817	SCADA GE Proficy CIMPLICITY gefebt.exe Remote Code Execution (CVE-2014-0750)
1058825	EXPLOIT SolidWorks Workgroup PDM 2014 SP2 - Arbitrary File Write Vulnerability (OSVDB-10367)
1058834	WEB Apache Commons FileUpload and Apache Tomcat DoS -2 (CVE-2014-0050)
1058938	WEB-CLIENT Safari User-Assisted Download and Run Attack
1058947	SCADA Yokogawa CENTUM CS 3000 BKBCopyD.exe Buffer Overflow (CVE-2014-0784)
1058951	SCADA Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow (CVE-2014-0783)
1058961	SCADA Yokogawa CENTUM CS 3000 BKCLogSvr.exe Heap Buffer Overflow (CVE-2014-0781)
1059076	EXPLOIT Wireshark wiretap mpeg.c Stack Buffer Overflow
1059143	WEB LifeSize UVC Authenticated RCE via Ping (EDB-32437)
1059405	WEB Fritz Box Webcam Unauthenticated Command Injection (BID-65520)
1059414	WEB Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution (ZDI-14-069)
1059415	WEB eScan Web Management Console Command Injection
1059523	SCADA Yokogawa CS3000 BKESimmgr.exe Buffer Overflow (CVE-2014-0782)
1059566	WEB Symantec Workspace Streaming Arbitrary File Upload -1 (CVE-2014-1649)
1059583	SCADA Advantech WebAccess SCADA webvact.ocx AccessCode Buffer Overflow -1 (CVE-2014-0768)
1059584	SCADA Advantech WebAccess SCADA webvact.ocx AccessCode Buffer Overflow -2 (CVE-2014-0768)
1059594	WEB ElasticSearch Dynamic Script Arbitrary Java Execution (CVE-2014-3120)
1059617	WEB Easy File Management Web Server Stack Buffer Overflow (BID-67542)
1059670	WEB D-Link HNAP Request Stack Buffer Overflow -1 (CVE-2014-3936)
1059701	WEB Rocket Servergraph Admin Center fileRequestor run and runClear Command Executions -2 (CVE-2014-3914)
1059703	WEB AlienVault OSSIM av-centerd SOAP Requests Multiple Command Execution -1 (CVE-2014-3804)
1059704	WEB Cogent DataHub Web Server GetPermissions.asp Command Injection -2 (CVE-2014-3789)
1059727	SCADA Yokogawa CS3000 BKFSim_vhfd.exe Buffer Overflow (CVE-2014-3888)
1059728	WEB Gitlist Unauthenticated Remote Command Execution (CVE-2014-4511)
1059729	WEB Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload
1059806	EXPLOIT HP Data Protector Opcode 28 and 11 Command Execution -3 (CVE-2014-2623)
1059808	WEB Directory Traversal -11