*** EX RELS 03389 Release *** Total number of signatures: 6005 Description ================================================================== In this signature, we addressed the exploits/vulnerabilities and applications as below: Added 13 rule(s): --------------- 1064958 WEB Google access via TCP -1 1068356 WEB Google access via SSL -1 1134780 EXPLOIT GE MDS PulseNET Remote Invocation Insecure Deserialization (CVE-2018-10611) 1134879 EXPLOIT Cisco IOS and IOS XE Software Denial of Service Vulnerability (CVE-2018-0156) 1134880 WEB-CLIENT Microsoft Internet Explorer Scripting Engine Remote Memory Corruption Vulnerability (CVE-2018-0866) 1134882 WEB CMS Made Simple Authenticated RCE via File Upload/Copy (CVE-2018-1000094) 1134887 WEB Belkin N750 F9K1103 Twonky Blind Command Injection (CVE-2018-1143) 1134888 WEB Belkin N750 F9K1103 Proxy.cgi Command Injection (CVE-2018-1144) 1160909 WEB Google access via UDP -1 1161111 MEDIA Vudu access via SSL -5 1161123 WEB Google Analytics access via UDP -1 1161124 WEB Google Analytics access via SSL -1 1161126 SOCIAL Twitter access via SSL -5 Modified 4 rule(s): --------------- 1052009 WEB Google access via SSL -2 1067696 CA Google APIs Authentication via SSL -1 1068116 CA Microsoft Authentication via SSL -8 4026531847 IP Flood Deleted 51 rule(s): --------------- 1057180 WEB-CLIENT Apple Safari 4.0.4 and Google Chrome 4.0.249 CSS style Stack Overflow (old rule) 1057248 WEB CuteFlow pre-authenticated Admin Account Creation -1 (old rule) 1057258 WEB E-Mail Security Virtual Appliance release-msg.cgi Arbitrary Command Execution (old rule) 1057263 FILE Oracle Outside In XPM Image Processing Stack Buffer Overflow -1 (old rule) 1057300 POP3 cURL and libcurl MD5 Digest Buffer Overflow -1 (CVE-2013-0249) (old rule) 1057301 POP3 cURL and libcurl MD5 Digest Buffer Overflow -2 (CVE-2013-0249) (old rule) 1057302 EXPLOIT ActFax RAW Server Buffer Overflow -1 (BID-57789) (old rule) 1057306 EXPLOIT Oracle Outside In CorelDRAW File Parser Heap Buffer Overflow (CVE-2013-0418) (old rule) 1057311 SCADA Schneider Electric Interactive Graphical SCADA System Buffer Overflow (CVE-2013-0657) (old rule) 1057312 EXPLOIT EMC AlphaStor Device Manager Command Injection -1 (CVE-2013-0928) (old rule) 1057313 EXPLOIT EMC AlphaStor Device Manager Format String Vulnerability (CVE-2013-0929) (old rule) 1057314 EXPLOIT EMC AlphaStor Device Manager Buffer Overflow (CVE-2013-0930) (old rule) 1057316 WEB v0pCr3w Web Shell Remote Code Execution (old rule) 1057336 DOS MIT Kerberos 5 KDC pkinit_check_kdc_pkid NULL Pointer Dereference (CVE-2013-1415) (old rule) 1057338 DB Oracle MySQL Server Geometry Query Denial Of Service -1 (CVE-2013-1861) (old rule) 1057339 DB Oracle MySQL Server Geometry Query Denial Of Service -2 (CVE-2013-1861) (old rule) 1057342 DB Oracle MySQL Server Geometry Query Integer Overflow -1 (CVE-2013-1861) (old rule) 1057343 DB Oracle MySQL Server Geometry Query Integer Overflow -2 (CVE-2013-1861) (old rule) 1057361 EXPLOIT Squid httpMakeVaryMark Header Value Denial of Service -1 (OSVDB-90909) (old rule) 1057362 EXPLOIT Squid httpMakeVaryMark Header Value Denial of Service -2 (OSVDB-90909) (old rule) 1057365 WEB-CLIENT UMPlayer wintab32.dll Insecure Library Loading (BID-56354) (old rule) 1057407 EXPLOIT EMC AlphaStor Device Manager Command Injection -3 (CVE-2013-0928) (old rule) 1057414 WEB-ACTIVEX Siemens SIMATIC WinCC RegReader ActiveX Control Buffer Overflow -1 (CVE-2013-0674) (old rule) 1057419 EXPLOIT Novell Messenger Client Filename Parameter Stack Buffer Overflow (CVE-2013-1085) (old rule) 1057422 SIP Digium Asterisk SIP SDP Header Parsing Stack Buffer Overflow -1 (CVE-2013-2685) (old rule) 1057423 EXPLOIT ActFax RAW Server Buffer Overflow -2 (BID-57789) (old rule) 1057424 EXPLOIT ActFax RAW Server Buffer Overflow -3 (BID-57789) (old rule) 1057448 EXPLOIT Windows 7 / Server 2008R2 Remote Kernel Crash (old rule) 1057463 SCADA ScadaTEC ScadaPhone Stack Buffer Overflow -2 (CVE-2011-4535) (old rule) 1057474 SCADA Scadatec Procyon HMI SCADA Coreservice.exe Stack Buffer Overflow -2 (CVE-2011-3322) (old rule) 1057486 EXPLOIT Portable SDK for UPnP Devices libupnp Device Service Name Stack Buffer -2 (CVE-2012-5958) (old rule) 1057487 EXPLOIT Portable SDK for UPnP Devices libupnp Device Service Name Stack Buffer -3 (CVE-2012-5958) (old rule) 1057502 WEB Netgear DGN2200B pppoe.cgi Remote Command Execution (BID-57998) (old rule) 1057532 WEB Symantec WinFax Pro DCCFAXVW.DLL Heap Buffer Overflow (BID-34766) (old rule) 1057534 WEB SAP ConfigServlet Remote Code Execution (OSVDB-92704) (old rule) 1057560 WEB-CLIENT Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability -1 (CVE-2013-1347) (old rule) 1057569 FILE AudioCoder .M3U Buffer Overflow -1 (OSVDB-92939) (old rule) 1057614 WEB-ACTIVEX Novell GroupWise Client ActiveX gwmim1.ocx Untrusted Pointer Dereference -1 (CVE-2013-0804) (old rule) 1057615 WEB-ACTIVEX Novell GroupWise Client ActiveX gwmim1.ocx Untrusted Pointer Dereference -2 (CVE-2013-0804) (old rule) 1057616 WEB-ACTIVEX Novell GroupWise Client ActiveX gwabdlg.dll Untrusted Pointer Dereference -1 (CVE-2013-0804) (old rule) 1057618 WEB Novell ZENworks Configuration Management Remote Execution -2 (CVE-2013-1080) (old rule) 1057620 LDAP Microsoft Windows Active Directory LDAP Denial of Service (CVE-2013-1282) (old rule) 1057649 WEB-CLIENT Apple Safari (webkit) Remote Denial of Service Exploit (EDB-5268) (old rule) 1057656 EXPLOIT Microsoft Visio XML External Entities Resolution Vulnerability (CVE-2013-1301) (old rule) 1057658 EXPLOIT Microsoft XML Digital Signature Spoofing Vulnerability (CVE-2013-1336) (old rule) 1057659 WEB-CLIENT Microsoft Internet Explorer Use After Free (CVE-2013-1309) (old rule) 1057663 WEB-CLIENT Microsoft Internet Explorer Use After Free Vulnerability (CVE-2013-1308) (old rule) 1057665 WEB SAP Management Console OSExecute Payload Execution -1 (old rule) 1057666 WEB SAP Management Console OSExecute Payload Execution -2 (old rule) 1057667 EXPLOIT Nagios Remote Plugin Executor Arbitrary Command Execution -2 (CVE-2013-1362) (old rule) 1057668 EXPLOIT MIT Kerberos 5 KDC prep_reprocess_req NULL Pointer Dereference (CVE-2013-1416) (old rule)