*** NetKeeper 8.552 Release ***
Total number of signatures: 3051
Signature update 8.552 is for NetKeeper series devices.
  NK6000 (NK6105, NK6210C/F/G)
  NK3500 (NK3520, NK3550)
  NK5500 NK5900
  NK7210


Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities 
and applications as below:

Different from the version 8.550 ***
Modify 11 Rules:
--------------------------------------------------------------------
1133680	WEB Intel Active Management Technology Remote Privilege Escalation -2 (CVE-2017-5689)
1133698	WEB Intel Active Management Technology Remote Privilege Escalation -1 (CVE-2017-5689)
1054841	WEB SQL injection attempt -7
1132896	WEB Remote Shell Command Execution -1
1057544	IMAP LSUB Command Buffer Overflow (CVE-2008-1497)
1112133	WEB Cross-site Scripting -24
1069037	IM WhatsApp access via SSL -1
1069626	VOIP LINE access via SSL -7
1060210	WEB Evernote access via SSL -1
1063903	WEB Evernote access via TCP -1
1063519	CA MicrosoftOnline Authentication via SSL -1

Add 45 Rules:
--------------------------------------------------------------------
1133825	WEB Apache Struts Dynamic Method Invocation Remote Code Execution -2
1133835	WEB Local File Inclusion win.ini -3
1133838	IBM Domino IMAP Mailbox Name Stack Buffer Overflow -1.1 (CVE-2017-1274)
1133841	IBM Domino IMAP Mailbox Name Stack Buffer Overflow -2.1 (CVE-2017-1274)
1133846	IBM Domino IMAP Mailbox Name Stack Buffer Overflow -1.2 (CVE-2017-1274)
1133847	IBM Domino IMAP Mailbox Name Stack Buffer Overflow -1.3 (CVE-2017-1274)
1133848	IBM Domino IMAP Mailbox Name Stack Buffer Overflow -1.4 (CVE-2017-1274)
1133849	IBM Domino IMAP Mailbox Name Stack Buffer Overflow -2.2 (CVE-2017-1274)
1133832	WEB NULL-Byte Injection -8
1133836	WEB HPE Network Automation RedirectServlet SQL Injection (CVE-2017-5810)
1133842	WEB Easy Chat Server User Registeration Buffer Overflow (EDB-42155)
1133840	WEB Apache ActiveMQ Fileserver Web Shell Upload (CVE-2016-3088)
1133816	EXPLOIT Zabbix Server Active Proxy Trapper Command Injection (CVE-2017-2824)
1133815	FILE Microsoft Office EPS CVE-2017-0262 Type Confusion (CVE-2017-0262)
1133818	SMB Microsoft Windows SMB Server SMBv1 Out of Bounds Read (CVE-2017-0267)
1133821	SMB Microsoft Windows SMB Server SMBv1 Information Disclosure (CVE-2017-0271)
1133823	FILE Adobe Acrobat and Reader JPEG2000 Parsing Heap-based Buffer Overflow (CVE-2017-3055)
1133824	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2017-8594)
1133826	WEB-CLIENT Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-8619)
1133827	WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2017-8601)
1133828	WEB-CLIENT Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2017-8618)
1133829	WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2017-8605)
1133830	WEB-CLIENT Microsoft Edge Remote Code Execution Vulnerability (CVE-2017-8617)
1133844	WEB-CLIENT Microsoft Internet Explorer CWigglyShape Information Disclosure -2 (CVE-2016-7283)
1133817	WEB Red Hat JBoss BPM Suite BRMS Tasks List Cross-Site Scripting (CVE-2017-2674)
1133819	WEB Mantis Bug Tracker verify.php confirm_hash Remote Password Reset -1 (CVE-2017-7615)
1133820	WEB Mantis Bug Tracker verify.php confirm_hash Remote Password Reset -2 (CVE-2017-7615)
1133822	WEB IBM Informix Dynamic Server index.php testconn Heap Buffer Overflow (CVE-2017-1092)
1133831	WEB-CLIENT Mozilla Firefox WebGL Integer Overflow -1 (CVE-2017-5459)
1133833	WEB-CLIENT Mozilla Firefox WebGL Integer Overflow -2 (CVE-2017-5459)
1133834	WEB-CLIENT Mozilla Firefox WebGL Integer Overflow -3 (CVE-2017-5459)
1133837	WEB HPE Network Automation PermissionFilter Authentication Bypass -1 (CVE-2017-5812)
1133839	WEB HPE Network Automation PermissionFilter Authentication Bypass -2 (CVE-2017-5812)
1133843	EXPLOIT HPE Intelligent Management Center dbman FileTrans Arbitrary File Write (CVE-2017-5822)
1133845	EXPLOIT OpenVPN P_CONTROL Denial of Service (CVE-2017-7478)
1133813	WEB Trend Micro IWSVA PacFileManagement delete_pac_files Command Injection -1.u
1133814	WEB Trend Micro IWSVA PacFileManagement delete_pac_files Command Injection -1.b
1055184	FILE Microsoft Office Groove Insecure library loading -2 (CVE-2010-3146)
1056520	IMAP Service Multiple Commands Buffer Overflow - 2 (CVE-2008-1276)
1056522	IMAP Service Multiple Commands Buffer Overflow - 4 (CVE-2008-1276)
1160517	VOIP LINE access via SSL -9
1160523	FILE Dropbox access via SSL -2
1160485	MEDIA Youku.com media via TCP -7
1160484	MEDIA Youku.com access via TCP -3
1160512	WEB Evernote access via SSL -2

Delete 60 Rules:
--------------------------------------------------------------------
1133451	WEB Cross-site Scripting -36
1133449	SMB Microsoft SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability (CVE-2017-0016)
1133466	WEB-CLIENT Microsoft Browser Memory Corruption Vulnerability (CVE-2017-0037)
1133436	FILE Microsoft Office CVE-2016-7264 Out of Bounds Read (CVE-2016-7264)
1133447	FILE Microsoft Windows Uniscribe Integer Overflow (CVE-2016-7274)
1133450	FILE Microsoft Excel CVE-2016-7262 Security Feature Bypass (CVE-2016-7262)
1133452	FILE Microsoft Windows Image File Handling Information Disclosure (CVE-2016-7212)
1133460	WEB-CLIENT Microsoft Internet Explorer Internet Messaging API Information Disclosure -3 (CVE-2016-3298)
1133488	WEB-CLIENT Microsoft Internet Explorer Internet Messaging API Information Disclosure -2 (CVE-2016-3298)
1133448	WEB Multiple NETGEAR Products Information Disclosure Vulnerability (CVE-2017-5521)
1133467	WEB Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection -1.u
1133489	FTP Java and Python FTP Injection -1
1133490	FTP Java and Python FTP Injection -2
1133453	SSH D-Link DWR-932B Backdoor Access -1 (CVE-2016-10177)
1133454	SSH D-Link DWR-932B Backdoor Access -2 (CVE-2016-10177)
1133455	WEB Axis Communications MPQT/PACS 5.20.x SSI Daemon Remote Format String
1133459	WEB PHP exception toString Denial of Service (CVE-2016-7478)
1133471	WEB-CLIENT Google Chrome Blink ImageBitmap Integer Overflow -1 (CVE-2016-5182)
1133472	WEB-CLIENT Google Chrome Blink ImageBitmap Integer Overflow -1 (CVE-2016-5182)
1133473	EXPLOIT FFmpeg mov_read_keys Integer Overflow (CVE-2016-5199)
1133475	WEB VegaDNS axfr_get.php Command Injection -1.u
1133476	WEB VegaDNS axfr_get.php Command Injection -1.b
1133477	WEB VegaDNS axfr_get.php Command Injection -2
1133478	DNS ISC BIND RRSIG Record Response Assertion Failure Denial of Service (CVE-2016-9147)
1133479	FILE Autodesk Design Review BMP biClrUsed Buffer Overflow
1133481	EXPLOIT LibVNCServer LibVNCClient FramebufferUpdate Rectangle Heap Buffer Overflow -1 (CVE-2016-9941)
1133482	EXPLOIT LibVNCServer LibVNCClient FramebufferUpdate Rectangle Heap Buffer Overflow -2 (CVE-2016-9941)
1133483	DNS ISC BIND ANY Query Response Assertion Failure Denial of Service (CVE-2016-9131)
1133484	EXPLOIT Aerospike Database Server as_sindex__simatch_list_by_set_binid Stack Buffer Overflow (CVE-2016-9054)
1133485	EXPLOIT Aerospike Database Server as_sindex__simatch_by_iname Stack Buffer Overflow (CVE-2016-9052)
1133486	FILE Fatek Automation PLC WinProladder Stack Buffer Overflow (CVE-2016-8377)
1133487	LDAP Samba NDR Parsing ndr_pull_dnsp_name Integer Overflow (CVE-2016-2123)
1133469	WEB Novell ZENworks Configuration Management Session ID Information Disclosure -1.x (CVE-2015-0784)
1133470	WEB ManageEngine Desktop Central Unauthorized Administrative Password Reset -1.x (CVE-2015-2560)
1133474	WEB ManageEngine Multiple Products multipartRequest Directory Traversal -1.x (CVE-2014-6036)
1133464	WEB Netgear WNDR1000v4 Router Remote Authentication Bypass
1133468	WEB SQL injection attempt -81.x
1058947	SCADA Yokogawa CENTUM CS 3000 BKBCopyD.exe Buffer Overflow (CVE-2014-0784)
1058951	SCADA Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow (CVE-2014-0783)
1058961	SCADA Yokogawa CENTUM CS 3000 BKCLogSvr.exe Heap Buffer Overflow (CVE-2014-0781)
1063299	TUNNEL Tor access via SSL -1
1064414	TUNNEL Tor access via SSL -2
1068078	TUNNEL Tor access via SSL -3
1069837	TUNNEL Tor meek access via SSL -1 (f3)
1069838	TUNNEL Tor meek access via SSL -2 (f3)
1069839	TUNNEL Tor meek access via SSL -3 (f3)
1069840	TUNNEL Tor meek access via SSL -4 (f3)
1069842	TUNNEL Tor meek access via SSL -6 (f3)
1069843	TUNNEL Tor meek access via SSL -7 (f2)
1069844	TUNNEL Tor meek access via SSL -8 (f2)
1069845	TUNNEL Tor meek access via SSL -9 (f2)
1069846	TUNNEL Tor meek access via SSL -10 (f2)
1069847	TUNNEL Tor meek access via SSL -11 (f2)
1069917	TUNNEL Tor meek access via SSL -16 (f2)
1069848	TUNNEL Tor meek access via SSL -12 (f1)
1069849	TUNNEL Tor meek access via SSL -13 (f1)
1069850	TUNNEL Tor meek access via SSL -14 (f1)
1069916	TUNNEL Tor meek access via SSL -15 (f1)
1069851	TUNNEL Tor fte access via TCP -1
1080006	SG - TUNNEL Tor connect via TCP