*** NetKeeper 8.556 Release ***
Total number of signatures: 3059
Signature update 8.556 is for NetKeeper series devices.
  NK6000 (NK6105, NK6210C/F/G)
  NK3500 (NK3520, NK3550)
  NK5500 NK5900
  NK7210


Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities 
and applications as below:

Different from the version 8.554 ***
Modify 24 Rules:
--------------------------------------------------------------------
1110895	WEB-CLIENT WScript.Shell Remote Code Execution -1 (Ransomware Attack Vector)
1133774	FILE Microsoft LNK Remote Code Execution Vulnerability (CVE-2017-8464)
1133630	WEB-CLIENT Microsoft Edge Chakra SetPropertyTrap Method PropertyString Object Type Confusion -2 (CVE-2017-0094)
1133844	WEB-CLIENT Microsoft Internet Explorer CWigglyShape Information Disclosure -2 (CVE-2016-7283)
1133678	SSL OpenSSL ChaCha20-Poly1305 and RC4-MD5 Integer Underflow -1 (CVE-2017-3731)
1133679	SSL OpenSSL ChaCha20-Poly1305 and RC4-MD5 Integer Underflow -2 (CVE-2017-3731)
1133855	WEB GoAhead IPCam Remote Code Execution -2
1133887	WEB IPFire ids.cgi OINKCODE Parameter Command Injection -2 (CVE-2017-9757)
1057832	WEB PHP Arbitrary Code Injection -7
1110433	IMAP IMAP SUBSCRIBE Command buffer overflow
1058608	FILE Invalid XML Version -1
1132092	FILE Invalid XML Version -2
1058468	WEB SQL injection attempt -25.a
1055184	SMB Microsoft Office Groove Insecure library loading -2 (CVE-2010-3146)
1067953	IM AIM/ICQ/iIM access via SSL -1
1160101	IM AIM/ICQ/iIM access via SSL -4
1063224	P2P Thunder Series Version Check via TCP -1
1053869	AP State - TUNNEL Freegate http request fragment evasion 0-1
1061806	AP State Flow- TUNNEL Freegate http request fragment evasion 1-F/Flow
1053109	MEDIA PPTV access via TCP -2
1054160	MEDIA PPTV access via TCP -3
1065447	MEDIA iQIYI/PPS media via UDP -5
1063530	NETWORK ONC-RPC v1 portmap access via TCP -1
1063531	NETWORK ONC-RPC v2 portmap access via TCP -1

Add 47 Rules:
--------------------------------------------------------------------
1133893	WEB Apache Struts Dynamic Method Invocation Remote Code Execution -3
1133900	FILE Nitro Pro PDF Reader Javascript API Remote Code Execution (CVE-2017-7442)
1133902	WEB VICIdial user_authorization Unauthenticated Command Execution
1133908	EXPLOIT QNAP Transcode Server Command Execution
1133916	EXPLOIT HPE Intelligent Management Center dbman BackupZipFile Command Injection 1.1 (CVE-2017-5821)
1133917	EXPLOIT HPE Intelligent Management Center dbman BackupZipFile Command Injection 1.2 (CVE-2017-5821)
1133892	WEB-CLIENT Microsoft Windows Performance Monitor XXE Injection Information Disclosure (CVE-2017-0170)
1133894	RDP Microsoft Windows XP and Server 2003 RDP CVE-2017-0176 Heap Buffer Overflow -1 (CVE-2017-0176)
1133895	RDP Microsoft Windows XP and Server 2003 RDP CVE-2017-0176 Heap Buffer Overflow -2 (CVE-2017-0176)
1133905	SMB Microsoft Windows Search Type Confusion -1 (CVE-2017-8260)
1133906	SMB Microsoft Windows Search Type Confusion -2.1 (CVE-2017-8260)
1133907	SMB Microsoft Windows Search Type Confusion -2.2 (CVE-2017-8260)
1133912	WEB-CLIENT Microsoft Internet Explorer CWigglyShape Information Disclosure -3 (CVE-2016-7283)
1133896	SMB Samba Writeable Share Insecure Library Loading -4 (CVE-2017-7494)
1133897	WEB Apache Http2 Null Pointer Dereference (CVE-2017-7659)
1133898	RPC Oracle Solaris RPC Remote Code Exectution (CVE-2017-3623)
1133901	DNS ISC BIND RPZ Query Processing Denial of Service (CVE-2017-3140)
1133903	EXPLOIT HPE Intelligent Management Center imcwlandm UserName Stack Buffer Overflow (CVE-2017-5805)
1133904	EXPLOIT HPE Intelligent Management Center imcwlandm SSID Stack Buffer Overflow (CVE-2017-5806)
1133909	WEB Neo Coolcam IP Camera and Gateway Remote Code Execution -1
1133910	WEB Neo Coolcam IP Camera and Gateway Remote Code Execution -2
1133911	RTSP Neo Coolcam IP Camera and Gateway Remote Code Execution
1133913	WEB AlienVault USM and OSSIM fqdn get_fqdn Command Injection
1133915	WEB Trend Micro SafeSync for Enterprise restartService Command Injection -2 (ZDI-17-130)
1133918	DOS WireX DDoS Botnet Distributed Denial Of Service -1
1133919	WEB Nginx ngx_http_range_filter_module Integer Overflow (CVE-2017-7529)
1133920	DOS WireX DDoS Botnet Distributed Denial Of Service -2
1133921	DOS WireX DDoS Botnet Distributed Denial Of Service -3
1133922	DOS WireX DDoS Botnet Distributed Denial Of Service -4
1133923	DOS WireX DDoS Botnet Distributed Denial Of Service -5
1133924	DOS WireX DDoS Botnet Distributed Denial Of Service -6
1133925	DOS WireX DDoS Botnet Distributed Denial Of Service -7
1133926	SSL GnuTLS status_request Extension Null Pointer Dereference (CVE-2017-7507)
1133927	WEB Trend Micro SafeSync for Enterprise check_nfs_server_status Command Injection
1133928	WEB Trend Micro SafeSync for Enterprise check_nfs_server_status Command Injection
1133929	WEB Trend Micro SafeSync for Enterprise check_nfs_server_status Command Injection
1133931	SCADA Schneider Electric U.motion Builder track_import_export.php SQL Injection - 1.1 (CVE-2017-7973)
1133932	SCADA Schneider Electric U.motion Builder track_import_export.php SQL Injection - 1.2 (CVE-2017-7973)
1133933	SCADA Schneider Electric U.motion Builder track_import_export.php SQL Injection - 1.3 (CVE-2017-7973)
1133934	SCADA Schneider Electric U.motion Builder localize.php SQL Injection (CVE-2017-7973)
1133935	WEB Apache httpd ap_find_token Out of Bounds Read (CVE-2017-7668)
1133914	WEB McAfee ePolicy Orchestrator DataChannel GUID SQL Injection (CVE-2016-8027)
1133899	IMAP IBM Lotus Domino IMAP Server Buffer Overflow -2 (CVE-2007-3510)
1058077	WEB SQL injection attempt -1.b
1058981	WEB Directory Traversal -21
1160603	MEDIA PPTV access via UDP -1
1160597	SOCIAL Twitter access via SSL -4

Delete 45 Rules:
--------------------------------------------------------------------
1133527	WEB SQL injection attempt -17.x
1133547	FILE Adobe Acrobat and Reader JPEG2000 Out of Bounds Read (CVE-2017-2946)
1133548	WEB Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow -1 (CVE-2017-7269)
1133552	FILE Adobe Acrobat ImageConversion JPEG Out-of-Bounds Read (CVE-2017-2960)
1133553	WEB-CLIENT Microsoft Internet Explorer CVE-2017-0008 Information Disclosure (CVE-2017-0008)
1133567	FILE Microsoft Graphics Component CVE-2017-0014 Memory Corruption (CVE-2017-0014)
1133569	WEB-CLIENT Microsoft MSXML CVE-2017-0022 Information Disclosure -1 (CVE-2017-0022)
1133581	WEB-CLIENT Microsoft MSXML CVE-2017-0022 Information Disclosure -2 (CVE-2017-0022)
1133544	FILE Microsoft Office CVE-2016-7289 Memory Corruption (CVE-2016-7289)
1133568	FILE Adobe Digital Editions Epub XXE Information Disclosure -1 (CVE-2016-7889)
1133576	WEB-CLIENT Microsoft Scripting Engine Memory Corruption Vulnerability -3 (CVE-2016-7242)
1133582	WEB-CLIENT Adobe Digital Editions Epub XXE Information Disclosure -2 (CVE-2016-7889)
1133583	WEB-CLIENT Adobe Digital Editions Epub XXE Information Disclosure -3 (CVE-2016-7889)
1133584	WEB-CLIENT Adobe Digital Editions Epub XXE Information Disclosure -4 (CVE-2016-7889)
1133585	FILE Microsoft Windows PDF Library CVE-2017-0023 Information Disclosure (CVE-2017-0023)
1133545	WEB PHP zend_hash_destroy Uninitialized Pointer Code Execution -1 (CVE-2017-5340)
1133546	WEB PHP zend_hash_destroy Uninitialized Pointer Code Execution -2 (CVE-2017-5340)
1133554	EXPLOIT Oracle WebLogic Server UnicastRef Insecure Deserialization (CVE-2017-3248)
1133578	WEB GoAhead system.ini Information Disclosure Vulnerability (CVE-2017-5674)
1133579	WEB ASUS Multiple Routers WAN Settings Remote Command Injection
1133580	WEB-CLIENT MacOSX HelpViewer 10.12.1 XSS Arbitrary File Execution (CVE-2017-2361)
1133586	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 87 (Ransomware Attack Vector)
1133587	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 88 (Ransomware Attack Vector)
1133524	WEB-CLIENT Multiple Browser WebKit Exploit Remote Code Execution -1 (CVE-2016-4657)
1133525	WEB-CLIENT Multiple Browser WebKit Exploit Remote Code Execution -2 (CVE-2016-4657)
1133537	WEB Micro Focus GroupWise Post Office Agent Integer Overflow -2 (CVE-2016-5762)
1133538	SSL OpenSSL tls_get_message_body Function init_msg Structure Use After Free -2 (CVE-2016-6309)
1133540	SCADA Moxa SoftCMS 1.5 AspWebServer Denial of Service Vulnerability -1.1 (CVE-2016-9332)
1133541	SCADA Moxa SoftCMS 1.5 AspWebServer Denial of Service Vulnerability -1.2 (CVE-2016-9332)
1133542	SCADA Moxa SoftCMS 1.5 AspWebServer Denial of Service Vulnerability -1.3 (CVE-2016-9332)
1133543	SCADA Moxa SoftCMS 1.5 AspWebServer Denial of Service Vulnerability -1.4 (CVE-2016-9332)
1133575	WEB Apache Tomcat Security Bypass Vulnerability (CVE-2016-6816)
1133577	NTP Network Time Protocol Daemon read_mru_list Denial of Service -4 (CVE-2016-7434)
1133536	WEB PineApp Mail-SeCure livelog.html Arbitrary Command Execution -3.x (OSVDB-95779)
1133574	WEB DzSoft PHP Editor Directory Traversals
1130403	WEB McAfee ePolicy Orchestrator XML Entity Injection -1 (CVE-2015-0921)
1130404	WEB McAfee ePolicy Orchestrator XML Entity Injection -2 (CVE-2015-0921)
1132987	WEB McAfee ePolicy Orchestrator XML Entity Injection -3 (CVE-2015-0921)
1051181	SIP Digium Asterisk Management Interface HTTP Digest Authentication Stack Buffer Overflow (CVE-2012-1184)
1057030	EXPLOIT Novell eDirectory NCP Stack Buffer Overflow (CVE-2012-0432)
1057127	EXPLOIT BigAnt Server SCH Request Stack Buffer Overflow (CVE-2012-6275)
1057218	WEB URI Handler Buffer Overflow - GET -2
1059700	WEB Rocket Servergraph Admin Center fileRequestor run and runClear Command Executions -1 (CVE-2014-3914)
1059976	WEB SolarWinds Storage Manager Authentication Bypass (ZDI-14-299)
1059998	WEB JIRA Issues Collector Directory Traversal -2.a (CVE-2014-2314)