*** NetKeeper 8.562 Release *** Total number of signatures: 3063 Signature update 8.562 is for NetKeeper series devices. NK6000 (NK6105, NK6210C/F/G) NK3500 (NK3520, NK3550) NK5500 NK5900 NK7210 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Different from the version 8.560 *** Modify 19 Rules: -------------------------------------------------------------------- 1110895 WEB-CLIENT WScript.Shell Remote Code Execution -1 (Ransomware Attack Vector) 1133964 WEB Apache Struts 2 REST plugin Remote Code Execution (CVE-2017-9805) 1133905 SMB Microsoft Windows Search Type Confusion -1 (CVE-2017-8620) 1133906 SMB Microsoft Windows Search Type Confusion -2.1 (CVE-2017-8620) 1133907 SMB Microsoft Windows Search Type Confusion -2.2 (CVE-2017-8620) 1133858 SIP Digium Asterisk SIP CSeq Heap Buffer Overflow (CVE-2017-9372) 1133973 FILE Windows NTFS File System MFT Malformed Path Denial of Service -1 1133978 WEB D-Link DIR-850L inet_ipv4 Command Injection Vulnerability 1134033 WEB Supervisor XML-RPC Authenticated Remote Code Execution -1 (CVE-2017-11610) 1134043 WEB Mongoose Web Server 6.5 Remote Code Execution (CVE-2017-11567) 1134057 WEB Netgear ReadyNAS Surveillance Unauthenticated Remote Command Execution 1134068 DHCP Dnsmasq Heap-Based Overflow -1.1 (CVE-2017-14493) 1134073 DNS NSmasq answer_auth and answer_request Integer Underflow -1 (CVE-2017-13704) 1134092 WEB Apache HTTP PUT jsp File Upload Vulnerability (CVE-2017-12617) 1134041 WEB HPE Intelligent Management Center Apache Commons Collections (ACC) library Insecure Deserialization (CVE-2016-4372) 1134085 SCADA Schneider Electric ProClima F1BookView CopyAll Memory Corruption -3 (CVE-2015-8561) 1055241 SMB Microsoft Office Insecure Library Loading -1 1063437 MEDIA Sohu TV access via TCP -2.1 1066100 MEDIA Sohu TV access via TCP -2.2 Add 93 Rules: -------------------------------------------------------------------- 1134099 EXPLOIT Arbitrary Code Injection -1.x 1134149 WEB Apache Struts 2 REST Plugin XStream Denial of Service (CVE-2017-9793) 1133761 IMAP Alt-N MDaemon IMAP Server FETCH Command Buffer Overflow (CVE-2008-1358) 1134102 FILE Adobe Flash Player APSB17-04 Multiple Unspecified Memory Corruption (CVE-2017-2996) 1134104 FILE Adobe Flash Player BufferControlParameters Memory Corruption (CVE-2017-11292) 1134117 SMB Microsoft Windows Search Information Disclosure -1 (CVE-2017-8544) 1134118 SMB Microsoft Windows Search Information Disclosure -2 (CVE-2017-8544) 1134119 FILE Microsoft Windows Graphics Component CVE-2017-8676 Information Disclosure -1 (CVE-2017-8676) 1134120 FILE Microsoft Windows Graphics Component CVE-2017-8676 Information Disclosure -2 (CVE-2017-8676) 1134121 FILE Microsoft Windows Graphics Component CVE-2017-8676 Information Disclosure -3 (CVE-2017-8676) 1134122 WEB-CLIENT Microsoft Windows Shell Memory Corruption Vulnerability (CVE-2017-8727) 1134129 FILE Microsoft Office Memory Corruption Vulnerability (CVE-2017-0020) 1134130 FILE Microsoft Windows Graphics Component CVE-2017-8676 Information Disclosure -4 (CVE-2017-8676) 1134132 FILE Microsoft Windows Graphics Component CVE-2017-8676 Information Disclosure -5 (CVE-2017-8676) 1134133 FILE Microsoft Windows Graphics Component CVE-2017-8676 Information Disclosure -6 (CVE-2017-8676) 1134137 FILE Microsoft Office WordPerfect Document Converter Heap-based Buffer Overflow (CVE-2017-8744) 1134160 FILE Adobe Flash Player APSB17-07 Multiple Memory Corruption Vulnerabilities (CVE-2017-2999) 1134161 FILE Microsoft Windows Kernel Win32k.sys Local Privilege Escalation Vulnerability (CVE-2017-8578) 1134164 FILE Microsoft Office Memory Corruption Vulnerability (CVE-2017-0052) 1134165 FILE Adobe Acrobat ImageConversion EMF Parsing Out-Of-Bounds Read (CVE-2017-11249) 1134167 FILE Microsoft Windows Graphics Component Local Information Disclosure Vulnerability (CVE-2017-0060) 1134168 FILE Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0072) 1134169 FILE Adobe Acrobat ImageConversion EMF Parsing Integer Overflow (CVE-2017-11227) 1134171 FILE Adobe Acrobat and Reader AcroForm Encoding Code Execution (CVE-2017-11263) 1134172 FILE Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0083) 1134174 FILE Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0086) 1134176 FILE Adobe Acrobat XPS Out-of-Bounds Read (CVE-2017-11209) 1134177 FILE Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0087) 1134179 FILE Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0088) 1134184 FILE Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0089) 1134185 FILE Microsoft Windows Uniscribe Remote Code Execution Vulnerability (CVE-2017-0090) 1134186 FILE Microsoft Windows Kernel Local Privilege Escalation Vulnerability (CVE-2017-0103) 1134188 FILE Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CVE-2017-0108) 1134189 FILE Microsoft Windows t2embed Name Record Integer Overflow (CVE-2017-11763) 1134124 FILE Microsoft Office VBA Module Stream Use after Free 1134134 RPC Rpcbind XDR Parsing Memory Exhaustion Denial of Service -1 (CVE-2017-8779) 1134135 RPC Rpcbind XDR Parsing Memory Exhaustion Denial of Service -2 (CVE-2017-8779) 1134136 RPC Rpcbind XDR Parsing Memory Exhaustion Denial of Service -3 (CVE-2017-8779) 1134181 WEB Microsoft Outlook Web Access Login URL Redirection (CVE-2005-0420) 1134106 FILE dobe Flash Player APSB17-07 Multiple Use After Free Remote Code Execution (CVE-2017-3002) 1134107 FILE dobe Flash Player APSB17-07 Multiple Use After Free Remote Code Execution (CVE-2017-3001) 1134111 WEB Supervisor XML-RPC Authenticated Remote Code Execution -2 (CVE-2017-11610) 1134112 FILE Windows LNK Shortcut File Code Execution (CVE-2017-8464) 1134114 FILE Windows NTFS File System MFT Malformed Path Denial of Service -2 1134115 WEB-CLIENT Google Chrome V8 Crankshaft Type Confusion -1 (CVE-2017-5070) 1134116 WEB-CLIENT Google Chrome V8 Crankshaft Type Confusion -2 (CVE-2017-5070) 1134123 EXPLOIT Linux Kernel NFSv4 nfsd PNFS denial of Service -1 (CVE-2017-8797) 1134125 EXPLOIT Linux Kernel NFSv4 nfsd PNFS denial of Service -2 (CVE-2017-8797) 1134126 EXPLOIT Linux Kernel NFSv4 nfsd PNFS denial of Service -3 (CVE-2017-8797) 1134127 EXPLOIT Linux Kernel NFSv4 nfsd PNFS denial of Service -4 (CVE-2017-8797) 1134131 WEB Apache Tomcat HTTP PUT Windows Remote Code Execution (CVE-2017-12615) 1134138 EXPLOIT SAP GUI regsvr32.exe Rule Security Policy Bypass -1 (CVE-2017-6950) 1134139 WEB HPE Intelligent Management Center getSelInsBean Expression Language Injection (CVE-2017-12490) 1134140 EXPLOIT SAP GUI regsvr32.exe Rule Security Policy Bypass -2 (CVE-2017-6950) 1134142 WEB HPE Intelligent Management Center saveSelectedDevices Expression Language Injection (CVE-2017-12491) 1134143 EXPLOIT HPE Intelligent Management Center dbman Stack Buffer Overflow (CVE-2017-8956) 1134144 WEB HPE Intelligent Management Center userSelectPagingContent Expression Language Injection -1.1 (CVE-2017-12521) 1134145 WEB HPE Intelligent Management Center userSelectPagingContent Expression Language Injection -1.2 (CVE-2017-12521) 1134146 WEB HPE Operations Orchestration central-remoting Insecure Deserialization (CVE-2017-8994) 1134148 WEB Atlassian FishEye and Crucible mostActiveCommitters Information Disclosure (CVE-2017-9512) 1134151 SVN Apache Subversion svn-ssh URL Command Execution -1 (CVE-2017-9800) 1134152 SVN Apache Subversion svn-ssh URL Command Execution -2 (CVE-2017-9800) 1134153 SVN Apache Subversion svn-ssh URL Command Execution -3 (CVE-2017-9800) 1134154 WEB Dell Storage Manager EmWebsiteServlet Directory Traversal (CVE-2017-10949) 1134155 FTP Ayukov NFTP FTP Client Buffer Overflow (CVE-2017-15222) 1134156 FILE Foxit Reader and PhantonPDF XFA gotoURL Command Injection (CVE-2017-10953) 1134157 WEB Apache Tomcat HTTP PUT Remote Code Execution -1.2 (CVE-2017-12617) 1134158 RADIUS FreeRADIUS rad_coalesce Out of Bounds Read (CVE-2017-10979) 1134159 DHCP FreeRADIUS fr_dhcp_attr2vp Integer Underflow Out of Bounds Read (CVE-2017-10986) 1134162 EXPLOIT strongSwan gmp Plugin Denial of Service (CVE-2017-11185) 1134163 EXPLOIT Trend Micro Control Manager cmdHandlerStatusMonitor SQL Injection (CVE-2017-11385) 1134170 DHCP Dnsmasq Heap-Based Overflow -1.2 (CVE-2017-14493) 1134173 WEB Trend Micro Mobile Security Enterprise eas_agent_sync_client_info slink_id SQL Injection -1 (CVE-2017-14078) 1134175 SCADA Advantech WebAccess rmTemplate.aspx SQL Injection (CVE-2017-12710) 1134178 DNS NSmasq answer_auth and answer_request Integer Underflow -2 (CVE-2017-13704) 1134182 WEB-CLIENT CoinHive Mining Attempt 1134183 WEB Trend Micro Mobile Security Enterprise eas_agent_sync_client_info slink_id SQL Injection -2 (CVE-2017-14078) 1134187 SIP Digium Asterisk non-SIP URIs Denial-of-Service (CVE-2017-14098) 1134191 SIP Digium Asterisk app_minivm Caller-ID Command Execution (CVE-2017-14100) 1134109 WEB PHPMoAdmin Unauthorized Remote Code Execution -2 (CVE-2015-2208) 1134113 WEB Borland AccuRev Savecontent Fname Directory Traversal (ZDI-15-411) 1134128 ICMP Linux Kernel IPv6 Router Advertisement Packets Processing Denial of Service Revision (CVE-2014-2309) 1134100 WEB Symantec Messaging Gateway Directory Traversal -1 (CVE-2012-4347) 1134101 WEB Symantec Messaging Gateway Directory Traversal -2 (CVE-2012-4347) 1134110 EXPLOIT Sophos Anti-Virus PDF Handling Stack Buffer Overflow -2 1134180 WEB phpMyAdmin setup.php PHP Code Injection (CVE-2009-1151) 1134192 WEB Oracle Identity Manager authentication bypass (CVE-2017-10151) 1134150 EXPLOIT VideoLAN VLC Media Player TY processing buffer overflow -2 (CVE-2008-4654) 1134098 WEB Trend Micro OfficeScan Remote Code Execution 1134105 DB OrientDB 2.2.x Remote Code Execution 1134141 MALWARE BADRABBIT SMB Activity -1 1134147 MALWARE BADRABBIT SMB Activity -2 1160701 IM Paltalk access via TCP -1 Delete 92 Rules: -------------------------------------------------------------------- 1133726 WEB Dup Scout Enterprise GET Buffer Overflow 1133727 WEB URI Handler Buffer Overflow - GET -6 1133728 WEB Directory Traversal in Cookies 1133764 WEB Kaltura Remote PHP Code Execution 1133769 WEB ManageEngine Desktop Central / Password Manager LinkViewFetchServlet.dat SQL Injection (CVE-2014-3996) 1133730 WEB-CLIENT Microsoft Edge Frame Elements Same Origin Policy Bypass (CVE-2017-0066) 1133731 WEB-CLIENT Microsoft Edge CVE-2017-0070 Getter Use After Free -1 (CVE-2017-0070) 1133732 WEB-CLIENT Microsoft Edge CVE-2017-0070 Getter Use After Free -2 (CVE-2017-0070) 1133744 WEB-CLIENT Microsoft NTFS Device Access Denial of Service 1133748 FILE Adobe Acrobat and Reader JPEG2000 Parsing Out of Bounds Read (CVE-2017-3045) 1133758 WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -1 (CVE-2017-0059) 1133759 WEB-CLIENT Microsoft Internet Explorer Memory Corruption Vulnerability -2 (CVE-2017-0059) 1133768 EXPLOIT HPE LoadRunner and Performance Center libxdrutil.dll mxdr_string Heap Buffer Overflow (CVE-2017-5789) 1133723 WEB-CLIENT Mozilla Firefox Table Use After Free -1 (CVE-2017-5404) 1133724 WEB-CLIENT Javascript Obfuscation in Exploit Kits - 93 (Ransomware Attack Vector) 1133725 WEB-CLIENT Javascript Obfuscation in Exploit Kits - 94 (Ransomware Attack Vector) 1133735 SMB Samba Writeable Share Insecure Library Loading -1 (CVE-2017-7494) 1133737 WEB Splunk Enterprise alerts alerts_id Server-Side Request Forgery 1133740 EXPLOIT HPE Intelligent Management Center RMI Registry Insecure Deserialization -1 (CVE-2017-5792) 1133741 EXPLOIT HPE Intelligent Management Center RMI Registry Insecure Deserialization -2 (CVE-2017-5792) 1133742 EXPLOIT HPE Intelligent Management Center RMI Registry Insecure Deserialization -3 (CVE-2017-5792) 1133743 EXPLOIT HPE Intelligent Management Center RMI Registry Insecure Deserialization -4 (CVE-2017-5792) 1133746 DB Oracle MySQL sql_authentication Integer Overflow -1 (CVE-2017-3599) 1133750 WEB Exponent CMS eaasController.php api Function SQL Injection Vulnerabilities -1.a (CVE-2017-7991) 1133751 WEB Exponent CMS eaasController.php api Function SQL Injection Vulnerabilities -1.x (CVE-2017-7991) 1133752 WEB Oracle Fusion Middleware MapViewer FileUploaderServlet fileName Directory Traversal (CVE-2017-3230) 1133755 SIP Digium Asterisk CDR ast_cdr_setuserfield Buffer Overflow (CVE-2017-7617) 1133767 WEB HPE Intelligent Management Center accessMgrServlet Insecure Deserialization -1 (CVE-2017-5790) 1133753 WEB PHP phar_parse_pharfile Function filename_len Property Integer Overflow (CVE-2016-10159) 1133760 WEB Oracle WebLogic Server Apache-Commons-FileUpload Library Insecure Deserialization (CVE-2013-2186) 1133766 WEB NetDecision 4.5.1 HTTP Server Buffer Overflow (CVE-2012-6096) 1133733 WEB Trend Micro SafeSync for Enterprise deviceTool.pm devid Command Injection -1 1133734 WEB Trend Micro SafeSync for Enterprise deviceTool.pm devid Command Injection -2 1133756 WEB Trend Micro SafeSync for Enterprise rollback Command Injection -1 1133757 WEB Trend Micro SafeSync for Enterprise rollback Command Injection -2 1059981 SSL OpenSSL dtls1_process_out_of_seq_message Denial of Service -1 (CVE-2014-3507) 1130225 SSL OpenSSL dtls1_process_out_of_seq_message Denial of Service -2 (CVE-2014-3507) 1133719 WEB Serviio Media Server checkStreamUrl Command Execution 1058423 FILE IBM Forms Viewer Unicode Buffer Overflow (CVE-2013-5447) 1059160 WEB SQL injection attempt -33 1059269 WEB Directory Traversal -22 1132470 WEB Oracle Application Testing Suite UploadFileAction fileType Directory Traversal (CVE-2016-0491) 1132485 WEB NETGEAR ProSafe NMS300 Authenticated File Download (CVE-2016-1524) 1132592 WEB Ruby on Rails Development Web Console v2 Code Execution 1132602 FILE ImageMagick Delegate Command Injection -7 (CVE-2016-3714) 1132636 FILE Apple QuickTime FPX File Parsing CVE-2016-1767 Memory Corruption -1 (CVE-2016-1767) 1132767 WEB Ruby on Rails ActionPack Inline ERB Code Execution (CVE-2016-2098) 1132783 WEB Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution 1132791 WEB Apache Jetspeed Arbitrary File Upload (CVE-2016-0709) 1132793 WEB SQL injection select from attempt -5.a 1056699 WEB HTTP Content-type Header Buffer Overflow 1057333 WEB Avaya IP Office Customer Call Reporter ImageUpload.ashx Unrestricted File Upload -1 (CVE-2012-3811) 1054922 WEB SQL injection select from attempt -2 1130479 EXPLOIT HP Client Automation Command Injection -2 (CVE-2015-1497) 1130585 EXPLOIT Apache Qpid Session.gap Denial of Service -1 (CVE-2015-0203) 1132289 EXPLOIT Android ADB Debug Server Remote Payload Execution 1132603 FILE ImageMagick Delegate Command Injection -8 (CVE-2016-3714) 1132604 FILE ImageMagick Delegate Command Injection -9 (CVE-2016-3714) 1132637 FILE Apple QuickTime FPX File Parsing CVE-2016-1767 Memory Corruption -2 (CVE-2016-1767) 1132768 FILE JSON Swagger CodeGen Parameter Injector -1 (CVE-2016-5641) 1132769 FILE JSON Swagger CodeGen Parameter Injector -2 (CVE-2016-5641) 1132801 WEB Meinberg NTP Time Server ELX800/GPS M4x V5.30p Remote Command Execution (CVE-2016-3962) 1132899 WEB-CLIENT Samsung Security Manager 1.5 ActiveMQ Broker Service PUT Method Remote Code Execution 1132900 WEB VMware Host Guest Client Redirector vmhgfs.dll Insecure Library Loading (CVE-2016-5330) 1132902 WEB NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance Authenticated Remote Code Execution (CVE-2016-5675) 1132906 WEB Drupal CODER Module Remote Command Execution 1133144 WEB Ruby on Rails Dynamic Render File Upload Remote Code Execution (CVE-2016-0752) 1133202 WEB SQL injection select from attempt -5.x 1133232 FTP WinaXe 7.7 FTP Client Remote Buffer Overflow 1133260 WEB D-Link DIR Routers Unauthenticated HNAP Login Stack Buffer Overflow (CVE-2016-6563) 1133374 WEB Zyxel P660HN-T v1 Router Unauthenticated Remote Command Execution 1133375 WEB Zyxel P660HN-T v2 Router Unauthenticated Remote Command Execution 1133376 WEB Billion 5200W-T Router Unauthenticated Remote Command Execution 1133377 WEB Billion 5200W-T Router Authenticated Remote Command Execution 1133402 WEB Cisco Firepower Management Console 6.0 Post Authentication UserAdd Vulnerability (CVE-2016-6433) 1133631 WEB Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution (CVE-2016-7547) 1133671 WEB WordPress PHPMailer Host Header Command Injection (CVE-2016-10033) 1058519 EXPLOIT HP Data Protector Opcode 42 Directory Traversal -1 (CVE-2013-6194) 1058862 EXPLOIT Apple Mac OS X Kernel IGMP Packet Handling Local DoS -2 (CVE-2013-1899) 1130859 EXPLOIT Apache Qpid Session.gap Denial of Service -2 (CVE-2015-0203) 1130860 EXPLOIT Apache Qpid Session.gap Denial of Service -3 (CVE-2015-0203) 1131194 FTP ProFTPD mod_copy Unauthenticated Remote File Copying -1 (CVE-2015-3306) 1131398 WEB Cross-site Scripting -27 1131563 WEB ManageEngine OpManager SubmitQuery IntegrationUser SQL Code Execution -2 (CVE-2015-7766) 1131577 WEB Watchguard XCS Remote Command Execution 1131578 WEB ManageEngine EventLog Analyzer Remote Code Execution -1.a (CVE-2015-7387) 1131646 EXPLOIT X11 Keyboard Command Injection 1131867 WEB Oracle Endeca IDI ETL Server UploadFileConent Directory Traversal 1132062 WEB F5 iControl iCall Script Root Command Execution -1 (CVE-2015-3628) 1132162 EXPLOIT Jenkins CLI RMI Java Deserialization Vulnerability (CVE-2015-8103) 1132197 WEB IBM WebSphere Application Server Commons-Collections Library Remote Code Execution -1 (CVE-2015-7450) 1132248 WEB D-Link DCS-931L Network Camera File Upload (CVE-2015-2049)