*** NetKeeper 8.558 Release ***
Total number of signatures: 3059
Signature update 8.558 is for NetKeeper series devices.
  NK6000 (NK6105, NK6210C/F/G)
  NK3500 (NK3520, NK3550)
  NK5500 NK5900
  NK7210


Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities 
and applications as below:

Different from the version 8.556 ***
Modify 13 Rules:
--------------------------------------------------------------------
1133774	FILE Microsoft LNK Remote Code Execution Vulnerability -1 (CVE-2017-8464)
1133905	SMB Microsoft Windows Search Type Confusion -1 (CVE-2017-8620)
1133906	SMB Microsoft Windows Search Type Confusion -2.1 (CVE-2017-8620)
1133907	SMB Microsoft Windows Search Type Confusion -2.2 (CVE-2017-8620)
1133775	WEB-CLIENT Microsoft Edge CAttrArray Object PrivateFindInl Method Type Confusion (CVE-2017-8496)
1133807	FILE Vim modelines Remote Command Execution -3 (CVE-2016-1248)
1055396	WEB Cross-site Scripting -9
1049802	WEB Directory Traversal -4
1056078	WEB Hashtable Collisions
1132591	TELNET Brute Force Login -1.1021
1068939	IM IRC login via TCP -3
1068827	IM IPMSG access via UDP -1
1069353	IM WhatsApp login via TCP -3

Add 90 Rules:
--------------------------------------------------------------------
1133964	WEB Apache Struts 2 REST plugin Remote Code Execution (CVE-2017-9805)
1133958	WEB Apache Struts Dynamic Method Invocation Remote Code Execution -4.1
1133959	WEB Apache Struts Dynamic Method Invocation Remote Code Execution -4.2
1134010	TELNET Brute Force Login -1.1027
1133949	FILE Microsoft LNK Remote Code Execution Vulnerability -2.1 (CVE-2017-8464)
1133951	FILE Microsoft LNK Remote Code Execution Vulnerability -2.2 (CVE-2017-8464)
1134005	WEB Multiple Vivotek IP Camera Products testserver.cgi HTTP Request Remote Code Execution (CVE-2017-9828)
1133953	SMTP Microsoft Windows OLE CVE-2017-8487 Global Buffer Overflow -1 (CVE-2017-8487)
1133954	SMTP Microsoft Windows OLE CVE-2017-8487 Global Buffer Overflow -2 (CVE-2017-8487)
1133974	FILE Adobe Flash Player Memory Corruption (CVE-2017-11282)
1133975	FILE Adobe Flash Player Memory Corruption (CVE-2017-11281)
1133980	WEB-CLIENT Microsoft Edge AsmJsInterpreter Use After Free (CVE-2017-8603)
1133981	FILE Microsoft Office Composite Moniker CVE-2017-8570 Code Execution (CVE-2017-8570)
1133982	WEB-CLIENT Microsoft Edge Chakra Eval Integer Overflow -1 (CVE-2017-8636)
1133987	WEB-CLIENT Microsoft Edge Chakra Eval Integer Overflow -2 (CVE-2017-8636)
1134002	WEB-CLIENT Microsoft .NET Framework Remote Code Execution Vulnerability (CVE-2017-8759)
1134008	FILE Microsoft Windows Graphics Component META_SETDIBTODEV Information Disclosure (CVE-2017-0190)
1134012	WEB-CLIENT Microsoft Internet Explorer Array Out Of Bounds Memory Corruption (CVE-2017-0040)
1134014	WEB-CLIENT Microsoft Internet Explorer and Edge CVE-2017-0009 Information Disclosure Vulnerability (CVE-2017-0009)
1134015	WEB-CLIENT Microsoft Edge Array Out of Bounds Memory Corruption (CVE-2017-0046)
1134016	WEB-CLIENT Microsoft Edge Malformed UTF-8 Decode Arbitrary (CVE-2017-0131)
1134018	WEB-CLIENT Microsoft Edge Chakra Eval Integer Overflow -1 (CVE-2017-8641)
1134023	WEB-CLIENT Microsoft Edge Chakra Eval Integer Overflow -2 (CVE-2017-8641)
1133936	WEB-CLIENT Microsoft Edge TypedArray.sort Use After Free -2 (CVE-2016-7288)
1133941	WEB-CLIENT Microsoft Internet Explorer Internet Messaging API Information Disclosure -4 (CVE-2016-3298)
1133942	WEB-CLIENT Microsoft Internet Explorer Internet Messaging API Information Disclosure -5 (CVE-2016-3298)
1133943	WEB-CLIENT Microsoft Internet Explorer Internet Messaging API Information Disclosure -6 (CVE-2016-3298)
1132763	WEB-CLIENT Suspicious HTML Iframe Tag -21 (Ransomware Attack Vector)
1133945	DNS Systemd resolved dns_packet_new Heap Buffer Overflow (CVE-2017-9445)
1133950	FILE JasPer jp2_decode Out of Bounds Read (CVE-2017-9782)
1133952	WEB PHP gdImageCreateFromGifCtx Out of Bounds Read (CVE-2017-7890)
1133955	EXPLOIT strongSwan x509 Plugin Denial of Service (CVE-2017-9023)
1133956	WEB Kaspersky Anti-Virus for Linux File Server getReportStatus Directory Traversal (CVE-2017-9812)
1133973	FILE Windows NTFS File System MFT Malformed Path Denial of Service
1133978	WEB D-Link DIR-850L inet_ipv4 Command Injection Vulnerability
1133983	WEB D-Link Multiple Product getcfg Information Disclosure
1133985	DB PostgreSQL Database Core Server non-libpq Client Policy Bypass (CVE-2017-7546)
1133988	WEB D-Link Multiple Product hnap Remote Code Execution
1133997	RPC Oracle Solaris RPC CVE-2017-3623 Heap Buffer Overflow -1 (CVE-2017-3623)
1133998	RPC Oracle Solaris RPC CVE-2017-3623 Heap Buffer Overflow -2 (CVE-2017-3623)
1133999	RPC Oracle Solaris RPC CVE-2017-3623 Heap Buffer Overflow -3 (CVE-2017-3623)
1134000	RPC Oracle Solaris RPC CVE-2017-3623 Heap Buffer Overflow -4 (CVE-2017-3623)
1134001	WEB Shadow Brokers Easybee Attack
1134006	WEB-CLIENT Git ssh URL Processing Command Execution -1 (CVE-2017-1000117)
1134007	SSL OpenSSL X.509 IPAddressFamily Extension Parsing Out-of-Bounds Read -1 (CVE-2017-3735)
1134009	SSL OpenSSL X.509 IPAddressFamily Extension Parsing Out-of-Bounds Read -2 (CVE-2017-3735)
1134011	WEB-CLIENT Git ssh URL Processing Command Execution -2 (CVE-2017-1000117)
1134013	WEB-CLIENT Git ssh URL Processing Command Execution -3 (CVE-2017-1000117)
1134017	WEB Apache Tomcat 7.0.0 to 7.0.79 jsp File Upload Vulnerability (CVE-2017-12615)
1134020	WEB Apache HTTP OPTIONS Memory Leak (CVE-2017-9798)
1134021	WEB HPE Intelligent Management Center ictExpertDownload Expression Language Injection -1.x (CVE-2017-12500)
1134022	WEB HPE Intelligent Management Center ictExpertDownload Expression Language Injection -1.a (CVE-2017-12500)
1134024	WEB Disk Pulse Enterprise GET Buffer Overflow (EDB-42560)
1134025	WEB HPE Intelligent Management Center wmiConfigContent Expression Language Injection (CVE-2017-12526)
1134026	WEB Trend Micro OfficeScan Proxy.php Command Injection (CVE-2017-11394)
1134027	EXPLOIT Trend Micro Control Manager cmdHandlerLicenseManager SQL Injection (CVE-2017-11384)
1134028	EXPLOIT Trend Micro Control Manager cmdHandlerStatusMonitor SQL Injection (CVE-2017-11385)
1133937	WEB Disk Pulse Enterprise Server HttpParser Buffer Overflow -1 (EDB-40452)
1133938	WEB Disk Pulse Enterprise Server HttpParser Buffer Overflow -2 (EDB-40452)
1133957	FILE LibTIFF tiffcrop Integer Overflow (CVE-2016-9537)
1133960	DNS ISC BIND Query Response Missing RRSIG Denial of Service -1 (CVE-2016-9444)
1133961	DNS ISC BIND Query Response Missing RRSIG Denial of Service -2 (CVE-2016-9444)
1133962	WEB ManageEngine Applications Manager MenuHandlerServlet SQL Injection -1.u (CVE-2016-9488)
1133963	WEB ManageEngine Applications Manager MenuHandlerServlet SQL Injection -1.b (CVE-2016-9488)
1133965	EXPLOIT ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization -1.1 (CVE-2016-9498)
1133966	EXPLOIT ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization -1.2 (CVE-2016-9498)
1133967	EXPLOIT ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization -1.3 (CVE-2016-9498)
1133968	EXPLOIT ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization -1.4 (CVE-2016-9498)
1133969	EXPLOIT ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization -1.5 (CVE-2016-9498)
1133970	EXPLOIT ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization -1.6 (CVE-2016-9498)
1133971	EXPLOIT ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization -1.7 (CVE-2016-9498)
1133972	EXPLOIT ManageEngine Applications Manager Apache Commons Collections Insecure Deserialization -1.8 (CVE-2016-9498)
1133977	EXPLOIT Aerospike Database Server RW Fabric Message Code Execution -1 (CVE-2016-9053)
1133979	EXPLOIT Aerospike Database Server RW Fabric Message Code Execution -2 (CVE-2016-9053)
1133984	IMAP Dovecot SASL Authentication Component Denial of Service -1 (CVE-2016-8652)
1133986	IMAP Dovecot SASL Authentication Component Denial of Service -2 (CVE-2016-8652)
1133989	IMAP Dovecot SASL Authentication Component Denial of Service -3 (CVE-2016-8652)
1133991	POP3 Dovecot SASL Authentication Component Denial of Service (CVE-2016-8652)
1133992	SMTP Dovecot SASL Authentication Component Denial of Service (CVE-2016-8652)
1133993	WEB Brocade Network Advisor DashboardFileReceiveServlet filename Directory Traversal (CVE-2016-8205)
1133994	WEB Brocade Network Advisor SoftwareImageUpload name filename Directory Traversal (CVE-2016-8206)
1133995	FILE Foxit PDF Reader JBIG2 Symbol Dictionary Out of Bounds Read (CVE-2016-8334)
1133996	WEB Apache HTTP Server mod_http2 Module Denial of Service -1 (CVE-2016-8740)
1134003	WEB Apache HTTP Server mod_http2 Module Denial of Service -2 (CVE-2016-8740)
1134004	WEB Netgear WNR2000v5 Information Disclosure (CVE-2016-10176)
1134019	WEB Muieblackcat Scanner
1133944	WEB Trend Micro IWSVA testConfiguration Command Injection -1.u
1133946	WEB Trend Micro IWSVA testConfiguration Command Injection -1.b
1133947	WEB Trend Micro IWSVA DeploymentWizardAction GetClusterInfo Command Injection -1.u
1133948	WEB Trend Micro IWSVA DeploymentWizardAction GetClusterInfo Command Injection -1.b

Delete 90 Rules:
--------------------------------------------------------------------
1133613	WEB ManageEngine EventLog Analyzer Remote Code Execution -1.x (CVE-2015-7387)
1133614	WEB ManageEngine EventLog Analyzer Remote Code Execution -2.x (CVE-2015-7387)
1133590	WEB-CLIENT Microsoft Internet Explorer and Edge Blocksite.htm Spoofing -1.1 (CVE-2017-0033)
1133591	WEB-CLIENT Microsoft Internet Explorer and Edge Blocksite.htm Spoofing -1.2 (CVE-2017-0033)
1133592	FILE Microsoft Graphics Device Interface CVE-2017-0038 Information Disclosure -1 (CVE-2017-0038)
1133594	FILE Microsoft Office OLE2Link Remote Code Execution (CVE-2017-0199)
1133595	FILE Microsoft Outlook Remote Code Execution Vulnerability (CVE-2017-0106)
1133596	WEB-CLIENT Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0200)
1133597	WEB-ACTIVEX Microsoft Windows DirectShow Information Disclosure -1 (CVE-2017-0042)
1133599	WEB-CLIENT Microsoft Hta File Remote Code Execution Vulnerability -1
1133600	WEB-CLIENT Microsoft Hta File Remote Code Execution Vulnerability -2
1133602	FILE Microsoft Graphics Device Interface CVE-2017-0038 Information Disclosure -2 (CVE-2017-0038)
1133604	WEB-ACTIVEX Microsoft Windows DirectShow Information Disclosure -1 (CVE-2017-0042)
1133615	SMB Microsoft Windows SMB Server SMBv1 CVE-2017-0145 Buffer Overflow (CVE-2017-0145)
1133616	WEB-CLIENT Microsoft Edge CVE-2017-0065 Information Disclosure (CVE-2017-0065)
1133619	WEB-CLIENT Microsoft Edge ProfiledLdElem Type Confusion -1 (CVE-2017-0071)
1133620	WEB-CLIENT Microsoft Edge ProfiledLdElem Type Confusion -2 (CVE-2017-0071)
1133623	WEB-CLIENT Microsoft Edge Chakra SetPropertyTrap Method PropertyString Object Type Confusion -1 (CVE-2017-0094)
1133630	WEB-CLIENT Microsoft Edge Chakra SetPropertyTrap Method PropertyString Object Type Confusion -2 (CVE-2017-0094)
1133640	FILE Adobe Reader and Acrobat XSLT function-available Buffer Overflow (CVE-2017-2949)
1133646	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -2.3 (CVE-2015-2446)
1133647	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -4.1 (CVE-2015-2446)
1133648	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -4.2 (CVE-2015-2446)
1133652	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -2 (CVE-2015-0036)
1133653	WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -3 (CVE-2015-0036)
1133633	EXPLOIT Microsoft Windows Kerberos KDC Privilege Escalation -1 (CVE-2014-6324)
1133634	EXPLOIT Microsoft Windows Kerberos KDC Privilege Escalation -2 (CVE-2014-6324)
1133593	TELNET Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability (CVE-2017-3881)
1133605	WEB Moxa MXview Private Key Disclosure Vulnerability (CVE-2017-7455)
1133609	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 89 (Ransomware Attack Vector)
1133610	WEB Trend Micro SafeSync for Enterprise restartService Command Injection -1 (ZDI-17-130)
1133611	WEB Trend Micro SafeSync for Enterprise restartService Command Injection -2 (ZDI-17-130)
1133612	WEB Trend Micro Control Manager lang Parameter Arbitrary File Inclusion (ZDI-17-069)
1133617	WEB Trend Micro SafeSync for Enterprise deviceTool.pm get_device_info SQL Injection -1 (ZDI-17-128)
1133618	WEB Trend Micro SafeSync for Enterprise deviceTool.pm get_device_info SQL Injection -2 (ZDI-17-128)
1133624	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.1 (ZDI-17-116)
1133625	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -2 (ZDI-17-116)
1133626	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.2 (ZDI-17-116)
1133627	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -3 (ZDI-17-116)
1133628	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.3 (ZDI-17-116)
1133629	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -4 (ZDI-17-116)
1133639	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.4 (ZDI-17-116)
1133642	WEB GoAhead system.ini Information Disclosure Vulnerability (CVE-2017-8225)
1133645	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 90 (Ransomware Attack Vector)
1133649	WEB-CLIENT Javascript Obfuscation in Exploit Kits - 91 (Ransomware Attack Vector)
1133651	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -1 (ZDI-17-122)
1133654	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -2 (ZDI-17-122)
1133655	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -3 (ZDI-17-122)
1133656	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -4 (ZDI-17-122)
1133657	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -5 (ZDI-17-122)
1133658	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -6 (ZDI-17-122)
1133659	WEB Trend Micro SafeSync for Enterprise storage.pm device_id role Command Injection -7 (ZDI-17-122)
1133672	WEB Local File Inclusion win.ini -1.b
1133674	WEB Trend Micro Control Manager ProductTree_RightWindow XML External Entity Processing (ZDI-17-077)
1133588	EXPLOIT Memcached process_bin_update body_len Integer Overflow -7 (CVE-2016-8705)
1133589	EXPLOIT Memcached process_bin_update body_len Integer Overflow -8 (CVE-2016-8705)
1133606	EXPLOIT Memcached process_bin_sasl_auth Integer Underflow -2 (CVE-2016-8706)
1133608	WEB Trend Micro InterScan Web Security ManagePatches filename Remote Code Execution (ZDI-16-348)
1133650	WEB Multiple CCTV-DVR Vendors Remote Code Execution
1133622	EXPLOIT Fortinet Single Sign On Hello Message Stack Buffer Overflow -5 (CVE-2015-2281)
1133601	WEB b374k WEB Shell Activity -1
1133603	WEB b374k WEB Shell Activity -2
1133632	EXPLOIT Possible ECLIPSEDWING (MS08-067)
1131194	FTP ProFTPD mod_copy Unauthenticated Remote File Copying -1 (CVE-2015-3306)
1131196	Novell ZENworks Configuration Management FileViewer/DirectoryViewer Information Disclosure
1131230	EXPLOIT Western Digital Arkeia Remote Code Execution
1131231	WEB Accellion FTA statecode Cookie Arbitrary File Read (CVE-2015-2856)
1131342	WEB D-Link Cookie Command Execution
1131400	WEB Cross-site Scripting -28
1131401	WEB Cross-site Scripting -29
1131464	WEB Werkzeug Debug Shell Command Execution
1131530	WEB-CLIENT Firefox PDF.js Privileged Javascript Injection (CVE-2015-0816)
1131563	WEB ManageEngine OpManager SubmitQuery IntegrationUser SQL Code Execution -2 (CVE-2015-7766)
1131577	WEB Watchguard XCS Remote Command Execution
1131578	WEB ManageEngine EventLog Analyzer Remote Code Execution -1.a (CVE-2015-7387)
1131604	WEB ManageEngine ServiceDesk Plus Arbitrary File Upload (ZDI-15-396)
1131646	EXPLOIT X11 Keyboard Command Injection
1131867	WEB Oracle Endeca IDI ETL Server UploadFileConent Directory Traversal
1132062	WEB F5 iControl iCall Script Root Command Execution -1 (CVE-2015-3628)
1132162	EXPLOIT Jenkins CLI RMI Java Deserialization Vulnerability (CVE-2015-8103)
1132197	WEB IBM WebSphere Application Server Commons-Collections Library Remote Code Execution -1 (CVE-2015-7450)
1132248	WEB D-Link DCS-931L Network Camera File Upload (CVE-2015-2049)
1132318	WEB D-Link DCS-930L Authenticated Remote Command Execution
1132482	FTP PCMAN FTP Server Buffer Overflow - PUT Command (EDB-37731)
1132608	WEB TP-Link SC2020n Authenticated Telnet Injection
1132929	WEB ManageEngine EventLog Analyzer Remote Code Execution -2.a (CVE-2015-7387)
1133268	WEB SQL injection attempt -84
1057612	WEB-ACTIVEX Honeywell Multiple Products HscRemoteDeploy.dll ActiveX Control Code Execution -2 (CVE-2013-0108)
1056108	WEB Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
1056120	EXPLOIT NetWeaver Dispatcher Stack Buffer Overflow (CVE-2012-2611)