*** NK8 RELS 3323 Release *** Total number of signatures: 3187 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Added 20 rule(s): --------------- 1054713 NETBIOS Microsoft Windows SMB Negotiate Request Remote code execution (CVE-2009-3103) 1057303 RPC Microsoft Windows Print Spooler Service Arbitrary File Upload -2 (CVE-2010-2729) 1133590 WEB-CLIENT Microsoft Internet Explorer and Edge Blocksite.htm Spoofing -1.1 (CVE-2017-0033) 1133592 FILE Microsoft Graphics Device Interface CVE-2017-0038 Information Disclosure -1 (CVE-2017-0038) 1133616 WEB-CLIENT Microsoft Edge CVE-2017-0065 Information Disclosure (CVE-2017-0065) 1133617 WEB Trend Micro SafeSync for Enterprise deviceTool.pm get_device_info SQL Injection -1 (ZDI-17-128) 1133624 WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.1 (ZDI-17-116) 1133626 WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.2 (ZDI-17-116) 1133628 WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.3 (ZDI-17-116) 1133631 WEB Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution (CVE-2016-7547) 1133632 EXPLOIT Possible ECLIPSEDWING (MS08-067) 1133633 EXPLOIT Microsoft Windows Kerberos KDC Privilege Escalation -1 (CVE-2014-6324) 1133634 EXPLOIT Microsoft Windows Kerberos KDC Privilege Escalation -2 (CVE-2014-6324) 1133635 SMB Microsoft MS17-010 SMB Remote Code Excution -1 1133636 SMB Microsoft MS17-010 SMB Remote Code Excution -2 1133637 SMB Microsoft MS17-010 SMB Remote Code Excution -3 1133638 SMB Microsoft MS17-010 SMB Remote Code Excution -4 1133639 WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.4 (ZDI-17-116) 1133641 WEB Shell Spawning Attempt via telnetd -1.u 1133642 WEB GoAhead system.ini Information Disclosure Vulnerability -2 (CVE-2017-5674) Modified 13 rule(s): --------------- 1054841 WEB SQL injection attempt -7 1065983 WEB-IM QQ login via SSL -1 1131155 WEB-CLIENT WScript.Shell Remote Code Execution -3 1131578 WEB ManageEngine EventLog Analyzer Remote Code Execution -1.a (CVE-2015-7387) 1132387 WEB-CLIENT Suspicious HTML Div Tag -1 1132388 WEB-CLIENT Suspicious HTML Div Tag -2 (Ransomware Attack Vector) 1133042 WEB WordPress Admin API Directory Traversal -1 (CVE-2016-6896) 1133389 WEB Netgear WNR2000v5 Remote Code Execution Vulnerability 1133449 SMB Microsoft SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability (CVE-2017-0016) 1133506 WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0141) 1133516 WEB Dell SonicWALL GMS-Analyzer license.jsp Information Disclosure 1133578 WEB GoAhead system.ini Information Disclosure Vulnerability -1 (CVE-2017-5674) 1133594 FILE Microsoft Office/WordPad Remote Code Execution Vulnerability (CVE-2017-0199) Deleted 10 rule(s): --------------- 1057735 WEB D-Link DIR615h OS Command Injection (BID-57882) (old rule) 1057737 WEB Linksys WRT160nv2 apply.cgi Remote Command Injection (BID-57887) (old rule) 1057832 WEB PHP Arbitrary Code Injection -7 (old rule) 1057896 FILE Oracle Outside In XPM Image Processing Stack Buffer Overflow -2 (old rule) 1057897 WEB Directory Traversal (boot.ini) -5 (old rule) 1057918 WEB PineApp Mail-SeCure livelog.html Arbitrary Command Execution -1 (OSVDB-95779) (old rule) 1057938 WEB D-Link Devices Authenticated Remote Command Execution (BID-59405) (old rule) 1057948 WEB Directory Traversal -19 (old rule) 1057962 WEB Novell NetIQ Privileged User Manager modifyAccounts Policy Bypass (OSVDB-87335) (old rule) 1057967 WEB PineApp Mail-SeCure test_li_connection.php Command Injection -1 (OSVDB-95782) (old rule)