*** NetKeeper 8.546 Release ***
Total number of signatures: 3061
Signature update 8.546 is for NetKeeper series devices.
  NK6000 (NK6105, NK6210C/F/G)
  NK3500 (NK3520, NK3550)
  NK5500 NK5900
  NK7210


Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities 
and applications as below:

Different from the version 8.544 ***
Modify 35 Rules:
--------------------------------------------------------------------
1058626	WEB Generic XXE Information Disclosure -1
1059406	SSL OpenSSL TLS DTLS Heartbeat Information Disclosure -1 (CVE-2014-0160, Heartbleed)
1059407	SSL OpenSSL TLS DTLS Heartbeat Information Disclosure -2 (CVE-2014-0160, Heartbleed)
1059408	SSL OpenSSL TLS DTLS Heartbeat Information Disclosure -3 (CVE-2014-0160, Heartbleed)
1059409	SSL OpenSSL TLS DTLS Heartbeat Information Disclosure -4 (CVE-2014-0160, Heartbleed)
1059410	SSL OpenSSL TLS DTLS Heartbeat Information Disclosure -5 (CVE-2014-0160, Heartbleed)
1130021	WEB GNU Bash Remote Code Execution -1 (CVE-2014-6271, Shellshock)
1130022	WEB GNU Bash Remote Code Execution -2 (CVE-2014-6271, Shellshock)
1130026	SMTP GNU Bash Remote Code Execution (CVE-2014-6271, Shellshock)
1130027	WEB GNU Bash Remote Code Execution -4 (CVE-2014-6271, Shellshock)
1130028	WEB GNU Bash Remote Code Execution -5 (CVE-2014-6271, Shellshock)
1130029	WEB GNU Bash Remote Code Execution -6 (CVE-2014-6271, Shellshock)
1130030	EXPLOIT GNU Bash Remote Code Execution via udp -1 (CVE-2014-6271, Shellshock)
1130031	EXPLOIT GNU Bash Remote Code Execution via udp -2 (CVE-2014-6271, Shellshock)
1130053	WEB GNU Bash Remote Code Execution -3 (CVE-2014-6271, Shellshock)
1130072	SIP GNU Bash Remote Code Execution (CVE-2014-6271, Shellshock)
1130073	WEB GNU Bash Remote Code Execution -7 (CVE-2014-6271, Shellshock)
1130078	WEB GNU Bash Remote Code Execution -8 (CVE-2014-6271, Shellshock)
1133637	SMB Microsoft MS17-010 SMB Remote Code Execution -3
1133638	SMB Microsoft MS17-010 SMB Remote Code Execution -4
1133438	WEB-CLIENT Cisco WebEx Chrome Extension Remote Code Execution -1 (CVE-2017-3823)
1133399	FILE Adobe Acrobat ImageConversion TIFF Heap-based Buffer Overflow (CVE-2017-2966)
1133449	SMB Microsoft SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability (CVE-2017-0016)
1133548	WEB Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow -1 (CVE-2017-7269)
1133594	FILE Microsoft Office OLE2Link Remote Code Execution (CVE-2017-0199)
1133578	WEB GoAhead system.ini Information Disclosure Vulnerability (CVE-2017-5674)
1133609	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 89 (Ransomware Attack Vector)
1133642	WEB GoAhead system.ini Information Disclosure Vulnerability (CVE-2017-8225)
1049802	WEB Directory Traversal -4
1056085	EXPLOIT Remote Command Execution via Perl -2
1055091	WEB HTTP Directory Traversal -9
1054838	WEB Local File Inclusion win.ini -1.u
1130539	SSL OpenSSL TLS DTLS Heartbeat Information Disclosure -6 (CVE-2014-0160, Heartbleed)
1130540	SSL OpenSSL TLS DTLS Heartbeat Information Disclosure -7 (CVE-2014-0160, Heartbleed)
1130586	SSL OpenSSL TLS DTLS Heartbeat Information Disclosure -8 (CVE-2014-0160, Heartbleed)

Add 81 Rules:
--------------------------------------------------------------------
1133713	SMB MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption (CVE-2017-0146)
1133716	SMB Microsoft MS17-010 SMB Remote Code Execution -5
1133717	MISC BitMonero Mining Activity
1133718	SMB Microsoft Windows SMB NT Rename and Trans Secondary Buffer Overflow (CVE-2017-0146)
1133665	FILE Ghostscript Type Confusion Arbitrary Command Execution (CVE-2017-8291)
1133680	WEB Intel Active Management Technology Remote Code Execution -1 (CVE-2017-5689)
1133698	WEB Intel Active Management Technology Remote Code Execution -2 (CVE-2017-5689)
1133707	WEB SQL injection attempt -85.a
1133719	WEB Serviio Media Server checkStreamUrl Command Execution
1133671	WEB WordPress PHPMailer Host Header Command Injection (CVE-2016-10033)
1133682	WEB-CLIENT Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0227)
1133683	WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2017-0228)
1133684	WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2017-0238)
1133685	WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2017-0236)
1133686	WEB-CLIENT Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0240)
1133687	FILE Adobe Flash Player DisplayObject Memory Corruption (CVE-2017-3068)
1133688	FILE Adobe Flash Player Memory Corruption Vulnerability (CVE-2017-3069)
1133689	FILE Adobe Flash Player DisplayObject Memory Corruption (CVE-2017-3074)
1133690	FILE Adobe Flash Player Memory Corruption Vulnerability (CVE-2017-3070)
1133692	FILE Adobe Flash Player DisplayObject Memory Corruption (CVE-2017-3072)
1133693	FILE Adobe Flash Player Masking Display Object Use-After-Free (CVE-2017-3071)
1133696	WEB Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow -2 (CVE-2017-7269)
1133701	WEB-CLIENT Microsoft Edge repeat Sign Extension Information Disclosure -1 (CVE-2017-0240)
1133702	WEB-CLIENT Microsoft Edge repeat Sign Extension Information Disclosure -2 (CVE-2017-0240)
1133710	SMB Microsoft Windows SMB Server SMBv1 CVE-2017-0147 Information Disclosure (CVE-2017-0147)
1133712	WEB-CLIENT Microsoft Edge asm.js Type Confusion (CVE-2017-0093)
1133721	SMB Microsoft Windows SMB DataDisplacement Buffer Overflow (CVE-2017-0145)
1133720	SMB Microsoft Windows LSASS Authenticate Message Denial of Service -3 (CVE-2016-7237)
1133666	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 92 (Ransomware Attack Vector)
1133669	SCADA VIPA Controls WinPLC7 recv Stack-based Buffer Overflow (CVE-2017-5177)
1133670	DNS ISC BIND DNS64 and RPZ Query Processing Denial of Service (CVE-2017-3135)
1133672	WEB Local File Inclusion win.ini -1.b
1133673	WEB Trend Micro Control Manager download.php Information Disclosure
1133674	WEB Trend Micro Control Manager ProductTree_RightWindow XML External Entity Processing (ZDI-17-077)
1133675	WEB Trend Micro Control Manager importFile.php Directory Traversal (ZDI-17-060)
1133676	WEB Trend Micro Control Manager Widget importFile.php Directory Traversal (ZDI-17-063)
1133677	WEB Trend Micro Control Manager dlp_policy.php Directory Traversal
1133678	SSL OpenSSL ChaCha20-Poly1305 and RC4-MD5 Integer Underflow -1.1 (CVE-2017-3731)
1133679	SSL OpenSSL ChaCha20-Poly1305 and RC4-MD5 Integer Underflow -1.2 (CVE-2017-3731)
1133694	SSL GnuTLS Proxy Certificate Information Extension Memory Corruption (CVE-2017-5334)
1133695	SSL OpenSSL DHE and ECDHE Parameters NULL Pointer Dereference -3 (CVE-2017-3730)
1133697	WEB-CLIENT Cisco WebEx Chrome Extension Remote Code Execution -2 (CVE-2017-3823)
1133703	WEB HPE Intelligent Management Center accessMgrServlet Insecure Deserialization -1 (CVE-2017-5790)
1133704	WEB HPE Intelligent Management Center accessMgrServlet Insecure Deserialization -2 (CVE-2017-5790)
1133705	WEB Dahua IPCam Credentials Leak -1 (CVE-2017-6341)
1133706	WEB Dahua IPCam Credentials Leak -2 (CVE-2017-6341)
1133708	WEB GoAhead IPCam Remote Code Execution
1133709	TELNET Cisco IOS and IOS XE Software Cluster Management Protocol Denial Of Service Vulnerability (CVE-2017-3881)
1133667	WEB Wordpress Mobile Detector Plugin Remote File Upload -1
1133668	WEB Wordpress Mobile Detector Plugin Remote File Upload -2
1133700	WEB Bluecoat ASG Report Email Remote Command Execution (CVE-2016-9091)
1133711	FILE Nagios Core Local Privilege Escalation (CVE-2016-9566)
1133663	WEB ElasticSearch Unauthenticated Remote Code Execution -2.x (CVE-2015-1427)
1133664	WEB ElasticSearch Unauthenticated Remote Code Execution -3.x (CVE-2015-1427)
1133681	EXPLOIT Multiple Vendors Rpcbind Libtirpc Denail Of Service (CVE-2013-1950)
1133691	WEB Magento Vimeo Invalid Image Cross Site Request Forgery
1133714	WEB Trend Micro Smart Protection Server wcs_bwlists_handler.php Command Injection -1.u
1133715	WEB Trend Micro Smart Protection Server wcs_bwlists_handler.php Command Injection -2
1133722	WEB Trend Micro Smart Protection Server wcs_bwlists_handler.php Command Injection -1.b
1058816	WEB Apache Commons FileUpload and Apache Tomcat DoS -1 (CVE-2014-0050)
1058817	SCADA GE Proficy CIMPLICITY gefebt.exe Remote Code Execution (CVE-2014-0750)
1058825	EXPLOIT SolidWorks Workgroup PDM 2014 SP2 - Arbitrary File Write Vulnerability (OSVDB-10367)
1058834	WEB Apache Commons FileUpload and Apache Tomcat DoS -2 (CVE-2014-0050)
1058938	WEB-CLIENT Safari User-Assisted Download and Run Attack
1058947	SCADA Yokogawa CENTUM CS 3000 BKBCopyD.exe Buffer Overflow (CVE-2014-0784)
1058951	SCADA Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow (CVE-2014-0783)
1058961	SCADA Yokogawa CENTUM CS 3000 BKCLogSvr.exe Heap Buffer Overflow (CVE-2014-0781)
1059076	EXPLOIT Wireshark wiretap mpeg.c Stack Buffer Overflow
1059143	WEB LifeSize UVC Authenticated RCE via Ping (EDB-32437)
1059405	WEB Fritz Box Webcam Unauthenticated Command Injection (BID-65520)
1059414	WEB Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution (ZDI-14-069)
1059415	WEB eScan Web Management Console Command Injection
1059523	SCADA Yokogawa CS3000 BKESimmgr.exe Buffer Overflow (CVE-2014-0782)
1059566	WEB Symantec Workspace Streaming Arbitrary File Upload -1 (CVE-2014-1649)
1059583	SCADA Advantech WebAccess SCADA webvact.ocx AccessCode Buffer Overflow -1 (CVE-2014-0768)
1059584	SCADA Advantech WebAccess SCADA webvact.ocx AccessCode Buffer Overflow -2 (CVE-2014-0768)
1059594	WEB ElasticSearch Dynamic Script Arbitrary Java Execution (CVE-2014-3120)
1059617	WEB Easy File Management Web Server Stack Buffer Overflow (BID-67542)
1065481	IM QQ/TM access via TCP -1
1160235	IM QQ/TM access via TCP -2
1160242	IM QQ/TM access via TCP -3

Delete 78 Rules:
--------------------------------------------------------------------
1133351	EXPLOIT Netop Remote Control dws File Stack Buffer Overflow -3
1133269	SMB Microsoft Windows LSASS Authenticate Message Denial of Service -1 (CVE-2016-7237)
1133270	SMB Microsoft Windows LSASS Authenticate Message Denial of Service -2 (CVE-2016-7237)
1133271	WEB-CLIENT Microsoft Edge Scripting Engine CVE-2016-7240 Memory Corruption -2 (CVE-2016-7240)
1133291	WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7297)
1133292	WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-7296)
1133293	FILE Microsoft Windows Graphics Component CVE-2016-7272 Remote Code Execution (CVE-2016-7272)
1133295	WEB-CLIENT Microsoft Internet Explorer CWigglyShape Information Disclosure (CVE-2016-7283)
1133296	WEB-CLIENT Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7288)
1133297	WEB-CLIENT Microsoft Browser Information Disclosure Vulnerability (CVE-2016-7227)
1133298	WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability -1 (CVE-2016-7287)
1133299	WEB-CLIENT Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7286)
1133300	WEB-CLIENT Microsoft Edge CVE-2016-7286 Memory Corruption (CVE-2016-7286)
1133301	WEB-CLIENT Microsoft Edge Memory Corruption Vulnerability (CVE-2016-7279)
1133302	FILE Microsoft Office Memory Corruption Vulnerability (CVE-2016-7277)
1133303	FILE Microsoft Office Information Disclosure Vulnerability (CVE-2016-7276)
1133332	WEB Microsoft SQL RDBMS Engine UNC Path Injection Privilege Escalation -2 (CVE-2016-7250)
1133273	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -2 (CVE-2015-2443)
1133277	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -1.2 (CVE-2015-2446)
1133278	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -1.3 (CVE-2015-2446)
1133279	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -2.1 (CVE-2015-2446)
1133280	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -2.2 (CVE-2015-2446)
1133281	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -3.1 (CVE-2015-2446)
1133282	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -3.2 (CVE-2015-2446)
1133283	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -3.3 (CVE-2015-2446)
1133285	FILE Microsoft Windows Media Center MCL Code Execution -7 (CVE-2015-2509)
1133286	WEB-CLIENT Microsoft Tablet Input Band Use After Free Vulnerability -4 (CVE-2015-2548)
1133287	FILE Adobe Flash Player Functionapply Integer Overflow Vulnerability -2 (CVE-2015-3087)
1133288	FILE Adobe Flash Player Functionapply Integer Overflow Vulnerability -3 (CVE-2015-3087)
1133312	FILE Adobe Flash Player Color SetRGB Use After Free Vulnerability -2 (CVE-2015-3128)
1133313	FILE Adobe Flash Player SharedObject Type Confusion Vulnerability -2 (CVE-2015-3131)
1133314	FILE Adobe Flash TabIndex Setter Use After Free -1 (CVE-2015-3136)
1133315	FILE Adobe Flash TabIndex Setter Use After Free -2 (CVE-2015-3136)
1133344	FILE Adobe Flash Movieclip Setmask Use After Free -1 (CVE-2015-4428)
1133345	FILE Adobe Flash Movieclip Setmask Use After Free -2 (CVE-2015-4428)
1133346	FILE Adobe Flash Vector Memory Corruption -2 (CVE-2015-5125)
1133347	FILE Adobe Photoshop Asset Elements Buffer Overflow -7 (CVE-2012-2052)
1133267	WEB-CLIENT Torbrowser Javascript Exploit
1133272	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 84 (Ransomware Attack Vector)
1133274	WEB-CLIENT Suspicious HTML Iframe Tag -19 (Ransomware Attack Vector)
1133275	WEB Nagios Network Analyzer Report Generator Command Injection -1
1133276	WEB Nagios Network Analyzer Report Generator Command Injection -2
1133294	FILE Windows Graphics Remote Code Execution Vulnerability -2 (CVE-2016-7272)
1133310	WEB Netgear R7000 Command Injection -1.1 (CVE-2016-6277)
1133311	WEB Teampass upload.files.php Arbitrary File Upload
1133319	WEB SugarCRM rest_data PHP Object Deserialization
1133322	WEB op5 Monitor command_test.php Command Injection -1
1133323	WEB op5 Monitor command_test.php Command Injection -2
1133324	WEB op5 Monitor command_test.php Command Injection -3
1133325	SSL OpenSSL SSL3_AL_WARNING Denial of Service (CVE-2016-8610)
1133327	WEB Joomla! CMS Policy Bypass and Privilege Escalation Vulnerabilities -2 (CVE-2016-8869)
1133329	WEB Alienvault Unified Security Management and OSSIM gauge.php SQL Injection -1 (CVE-2016-8582)
1133330	WEB Alienvault Unified Security Management and OSSIM gauge.php SQL Injection -2 (CVE-2016-8582)
1133331	WEB Alienvault Unified Security Management and OSSIM gauge.php SQL Injection -3 (CVE-2016-8582)
1133333	WEB Trend Micro Virtual Mobile Infrastructure apns_worker.py Command Injection -1 (CVE-2016-6270)
1133334	WEB Trend Micro Virtual Mobile Infrastructure apns_worker.py Command Injection -2 (CVE-2016-6270)
1133335	WEB Trend Micro Virtual Mobile Infrastructure apns_worker.py Command Injection -3 (CVE-2016-6270)
1133336	WEB Trend Micro Virtual Mobile Infrastructure apns_worker.py Command Injection -4 (CVE-2016-6270)
1133337	WEB Trend Micro Smart Protection Server admin_notification.php Command Injection -1 (CVE-2016-6267)
1133338	WEB Trend Micro Smart Protection Server admin_notification.php Command Injection -2 (CVE-2016-6267)
1133339	WEB Trend Micro Smart Protection Server admin_notification.php Command Injection -3 (CVE-2016-6267)
1133340	WEB Trend Micro Control Manager DeploymentPlan_Event_Handler Information Disclosure (CVE-2016-6220)
1133341	WEB Micro Focus GroupWise Admin Console index.jsp PoaCmd Cross Site Scripting -1 (CVE-2016-5760)
1133342	WEB Micro Focus GroupWise Admin Console index.jsp PoaCmd Cross Site Scripting -2 (CVE-2016-5760)
1133318	WEB SQL injection attempt -75.x
1133326	WEB ManageEngine OpManager AgentDetailsUtil agentKey SQL Injection Remote Code Execution -1.x
1133343	WEB Wavelink Emulation License Server HTTP Header Processing Buffer Overflow -3 (CVE-2015-4059)
1133348	EXPLOIT Oracle Java AtomicReferenceArray Sandbox Breach -2 (CVE-2012-0507)
1133349	WEB Apache HTTPD Error Code 400 httpOnly Cookie Handling Information Disclosure -3 (CVE-2012-0053)
1133350	WEB Apache HTTPD Error Code 400 httpOnly Cookie Handling Information Disclosure -4 (CVE-2012-0053)
1133352	FILE Apple QuickTime PICT File Processing Memory Corruption -2 (CVE-2012-0671)
1133354	WEB-ACTIVEX ASUS Net4Switch ipswcom.dll ActiveX Control Stack Buffer Overflow -3 (CVE-2012-4924)
1133355	WEB-ACTIVEX ASUS Net4Switch ipswcom.dll ActiveX Control Stack Buffer Overflow -4 (CVE-2012-4924)
1133356	WEB-ACTIVEX KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability -1 (CVE-2012-2516)
1133306	WEB SQL injection select from attempt -1.x
1133307	WEB SQL injection update attempt -1.x
1133308	WEB SQL injection attempt -12.x
1133309	WEB SQL injection exec attempt -1.x