*** NK8 RELS 3323 Release ***
Total number of signatures: 3187

Description
==================================================================
In this signature, we addressed the exploits/vulnerabilities
and applications as below:

Added 20 rule(s):
---------------
1054713	NETBIOS Microsoft Windows SMB Negotiate Request Remote code execution (CVE-2009-3103)
1057303	RPC Microsoft Windows Print Spooler Service Arbitrary File Upload -2 (CVE-2010-2729)
1133590	WEB-CLIENT Microsoft Internet Explorer and Edge Blocksite.htm Spoofing -1.1 (CVE-2017-0033)
1133592	FILE Microsoft Graphics Device Interface CVE-2017-0038 Information Disclosure -1 (CVE-2017-0038)
1133616	WEB-CLIENT Microsoft Edge CVE-2017-0065 Information Disclosure (CVE-2017-0065)
1133617	WEB Trend Micro SafeSync for Enterprise deviceTool.pm get_device_info SQL Injection -1 (ZDI-17-128)
1133624	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.1 (ZDI-17-116)
1133626	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.2 (ZDI-17-116)
1133628	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.3 (ZDI-17-116)
1133631	WEB Trend Micro Threat Discovery Appliance admin_sys_time.cgi Remote Command Execution (CVE-2016-7547)
1133632	EXPLOIT Possible ECLIPSEDWING (MS08-067)
1133633	EXPLOIT Microsoft Windows Kerberos KDC Privilege Escalation -1 (CVE-2014-6324)
1133634	EXPLOIT Microsoft Windows Kerberos KDC Privilege Escalation -2 (CVE-2014-6324)
1133635	SMB Microsoft MS17-010 SMB Remote Code Excution -1
1133636	SMB Microsoft MS17-010 SMB Remote Code Excution -2
1133637	SMB Microsoft MS17-010 SMB Remote Code Excution -3
1133638	SMB Microsoft MS17-010 SMB Remote Code Excution -4
1133639	WEB Trend Micro SafeSync for Enterprise storage.pm discovery_iscsi_device Command Injection -1.4 (ZDI-17-116)
1133641	WEB Shell Spawning Attempt via telnetd -1.u
1133642	WEB GoAhead system.ini Information Disclosure Vulnerability -2 (CVE-2017-5674)

Modified 13 rule(s):
---------------
1054841	WEB SQL injection attempt -7
1065983	WEB-IM QQ login via SSL -1
1131155	WEB-CLIENT WScript.Shell Remote Code Execution -3
1131578	WEB ManageEngine EventLog Analyzer Remote Code Execution -1.a (CVE-2015-7387)
1132387	WEB-CLIENT Suspicious HTML Div Tag -1
1132388	WEB-CLIENT Suspicious HTML Div Tag -2 (Ransomware Attack Vector)
1133042	WEB WordPress Admin API Directory Traversal -1 (CVE-2016-6896)
1133389	WEB Netgear WNR2000v5 Remote Code Execution Vulnerability
1133449	SMB Microsoft SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability (CVE-2017-0016)
1133506	WEB-CLIENT Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2017-0141)
1133516	WEB Dell SonicWALL GMS-Analyzer license.jsp Information Disclosure
1133578	WEB GoAhead system.ini Information Disclosure Vulnerability -1 (CVE-2017-5674)
1133594	FILE Microsoft Office/WordPad Remote Code Execution Vulnerability (CVE-2017-0199)

Deleted 10 rule(s):
---------------
1057735	WEB D-Link DIR615h OS Command Injection (BID-57882) (old rule)
1057737	WEB Linksys WRT160nv2 apply.cgi Remote Command Injection (BID-57887) (old rule)
1057832	WEB PHP Arbitrary Code Injection -7 (old rule)
1057896	FILE Oracle Outside In XPM Image Processing Stack Buffer Overflow -2 (old rule)
1057897	WEB Directory Traversal (boot.ini) -5 (old rule)
1057918	WEB PineApp Mail-SeCure livelog.html Arbitrary Command Execution -1 (OSVDB-95779) (old rule)
1057938	WEB D-Link Devices Authenticated Remote Command Execution (BID-59405) (old rule)
1057948	WEB Directory Traversal -19 (old rule)
1057962	WEB Novell NetIQ Privileged User Manager modifyAccounts Policy Bypass (OSVDB-87335) (old rule)
1057967	WEB PineApp Mail-SeCure test_li_connection.php Command Injection -1 (OSVDB-95782) (old rule)