summaryrefslogtreecommitdiffstats
path: root/tests/sid-msg-v2.map
blob: 96b30fa0fa8e359bb25ccbf2efdffeaa5876144b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
3576
3577
3578
3579
3580
3581
3582
3583
3584
3585
3586
3587
3588
3589
3590
3591
3592
3593
3594
3595
3596
3597
3598
3599
3600
3601
3602
3603
3604
3605
3606
3607
3608
3609
3610
3611
3612
3613
3614
3615
3616
3617
3618
3619
3620
3621
3622
3623
3624
3625
3626
3627
3628
3629
3630
3631
3632
3633
3634
3635
3636
3637
3638
3639
3640
3641
3642
3643
3644
3645
3646
3647
3648
3649
3650
3651
3652
3653
3654
3655
3656
3657
3658
3659
3660
3661
3662
3663
3664
3665
3666
3667
3668
3669
3670
3671
3672
3673
3674
3675
3676
3677
3678
3679
3680
3681
3682
3683
3684
3685
3686
3687
3688
3689
3690
3691
3692
3693
3694
3695
3696
3697
3698
3699
3700
3701
3702
3703
3704
3705
3706
3707
3708
3709
3710
3711
3712
3713
3714
3715
3716
3717
3718
3719
3720
3721
3722
3723
3724
3725
3726
3727
3728
3729
3730
3731
3732
3733
3734
3735
3736
3737
3738
3739
3740
3741
3742
3743
3744
3745
3746
3747
3748
3749
3750
3751
3752
3753
3754
3755
3756
3757
3758
3759
3760
3761
3762
3763
3764
3765
3766
3767
3768
3769
3770
3771
3772
3773
3774
3775
3776
3777
3778
3779
3780
3781
3782
3783
3784
3785
3786
3787
3788
3789
3790
3791
3792
3793
3794
3795
3796
3797
3798
3799
3800
3801
3802
3803
3804
3805
3806
3807
3808
3809
3810
3811
3812
3813
3814
3815
3816
3817
3818
3819
3820
3821
3822
3823
3824
3825
3826
3827
3828
3829
3830
3831
3832
3833
3834
3835
3836
3837
3838
3839
3840
3841
3842
3843
3844
3845
3846
3847
3848
3849
3850
3851
3852
3853
3854
3855
3856
3857
3858
3859
3860
3861
3862
3863
3864
3865
3866
3867
3868
3869
3870
3871
3872
3873
3874
3875
3876
3877
3878
3879
3880
3881
3882
3883
3884
3885
3886
3887
3888
3889
3890
3891
3892
3893
3894
3895
3896
3897
3898
3899
3900
3901
3902
3903
3904
3905
3906
3907
3908
3909
3910
3911
3912
3913
3914
3915
3916
3917
3918
3919
3920
3921
3922
3923
3924
3925
3926
3927
3928
3929
3930
3931
3932
3933
3934
3935
3936
3937
3938
3939
3940
3941
3942
3943
3944
3945
3946
3947
3948
3949
3950
3951
3952
3953
3954
3955
3956
3957
3958
3959
3960
3961
3962
3963
3964
3965
3966
3967
3968
3969
3970
3971
3972
3973
3974
3975
3976
3977
3978
3979
3980
3981
3982
3983
3984
3985
3986
3987
3988
3989
3990
3991
3992
3993
3994
3995
3996
3997
3998
3999
4000
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4011
4012
4013
4014
4015
4016
4017
4018
4019
4020
4021
4022
4023
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
4058
4059
4060
4061
4062
4063
4064
4065
4066
4067
4068
4069
4070
4071
4072
4073
4074
4075
4076
4077
4078
4079
4080
4081
4082
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
4117
4118
4119
4120
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
4177
4178
4179
4180
4181
4182
4183
4184
4185
4186
4187
4188
4189
4190
4191
4192
4193
4194
4195
4196
4197
4198
4199
4200
4201
4202
4203
4204
4205
4206
4207
4208
4209
4210
4211
4212
4213
4214
4215
4216
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
4342
4343
4344
4345
4346
4347
4348
4349
4350
4351
4352
4353
4354
4355
4356
4357
4358
4359
4360
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
4458
4459
4460
4461
4462
4463
4464
4465
4466
4467
4468
4469
4470
4471
4472
4473
4474
4475
4476
4477
4478
4479
4480
4481
4482
4483
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
4559
4560
4561
4562
4563
4564
4565
4566
4567
4568
4569
4570
4571
4572
4573
4574
4575
4576
4577
4578
4579
4580
4581
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
4640
4641
4642
4643
4644
4645
4646
4647
4648
4649
4650
4651
4652
4653
4654
4655
4656
4657
4658
4659
4660
4661
4662
4663
4664
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
4736
4737
4738
4739
4740
4741
4742
4743
4744
4745
4746
4747
4748
4749
4750
4751
4752
4753
4754
4755
4756
4757
4758
4759
4760
4761
4762
4763
4764
4765
4766
4767
4768
4769
4770
4771
4772
4773
4774
4775
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
4813
4814
4815
4816
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
4847
4848
4849
4850
4851
4852
4853
4854
4855
4856
4857
4858
4859
4860
4861
4862
4863
4864
4865
4866
4867
4868
4869
4870
4871
4872
4873
4874
4875
4876
4877
4878
4879
4880
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
4912
4913
4914
4915
4916
4917
4918
4919
4920
4921
4922
4923
4924
4925
4926
4927
4928
4929
4930
4931
4932
4933
4934
4935
4936
4937
4938
4939
4940
4941
4942
4943
4944
4945
4946
4947
4948
4949
4950
4951
4952
4953
4954
4955
4956
4957
4958
4959
4960
4961
4962
4963
4964
4965
4966
4967
4968
4969
4970
4971
4972
4973
4974
4975
4976
4977
4978
4979
4980
4981
4982
4983
4984
4985
4986
4987
4988
4989
4990
4991
4992
4993
4994
4995
4996
4997
4998
4999
5000
5001
5002
5003
5004
5005
5006
5007
5008
5009
5010
5011
5012
5013
5014
5015
5016
5017
5018
5019
5020
5021
5022
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
5055
5056
5057
5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078
5079
5080
5081
5082
5083
5084
5085
5086
5087
5088
5089
5090
5091
5092
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
5107
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
5157
5158
5159
5160
5161
5162
5163
5164
5165
5166
5167
5168
5169
5170
5171
5172
5173
5174
5175
5176
5177
5178
5179
5180
5181
5182
5183
5184
5185
5186
5187
5188
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200
5201
5202
5203
5204
5205
5206
5207
5208
5209
5210
5211
5212
5213
5214
5215
5216
5217
5218
5219
5220
5221
5222
5223
5224
5225
5226
5227
5228
5229
5230
5231
5232
5233
5234
5235
5236
5237
5238
5239
5240
5241
5242
5243
5244
5245
5246
5247
5248
5249
5250
5251
5252
5253
5254
5255
5256
5257
5258
5259
5260
5261
5262
5263
5264
5265
5266
5267
5268
5269
5270
5271
5272
5273
5274
5275
5276
5277
5278
5279
5280
5281
5282
5283
5284
5285
5286
5287
5288
5289
5290
5291
5292
5293
5294
5295
5296
5297
5298
5299
5300
5301
5302
5303
5304
5305
5306
5307
5308
5309
5310
5311
5312
5313
5314
5315
5316
5317
5318
5319
5320
5321
5322
5323
5324
5325
5326
5327
5328
5329
5330
5331
5332
5333
5334
5335
5336
5337
5338
5339
5340
5341
5342
5343
5344
5345
5346
5347
5348
5349
5350
5351
5352
5353
5354
5355
5356
5357
5358
5359
5360
5361
5362
5363
5364
5365
5366
5367
5368
5369
5370
5371
5372
5373
5374
5375
5376
5377
5378
5379
5380
5381
5382
5383
5384
5385
5386
5387
5388
5389
5390
5391
5392
5393
5394
5395
5396
5397
5398
5399
5400
5401
5402
5403
5404
5405
5406
5407
5408
5409
5410
5411
5412
5413
5414
5415
5416
5417
5418
5419
5420
5421
5422
5423
5424
5425
5426
5427
5428
5429
5430
5431
5432
5433
5434
5435
5436
5437
5438
5439
5440
5441
5442
5443
5444
5445
5446
5447
5448
5449
5450
5451
5452
5453
5454
5455
5456
5457
5458
5459
5460
5461
5462
5463
5464
5465
5466
5467
5468
5469
5470
5471
5472
5473
5474
5475
5476
5477
5478
5479
5480
5481
5482
5483
5484
5485
5486
5487
5488
5489
5490
5491
5492
5493
5494
5495
5496
5497
5498
5499
5500
5501
5502
5503
5504
5505
5506
5507
5508
5509
5510
5511
5512
5513
5514
5515
5516
5517
5518
5519
5520
5521
5522
5523
5524
5525
5526
5527
5528
5529
5530
5531
5532
5533
5534
5535
5536
5537
5538
5539
5540
5541
5542
5543
5544
5545
5546
5547
5548
5549
5550
5551
5552
5553
5554
5555
5556
5557
5558
5559
5560
5561
5562
5563
5564
5565
5566
5567
5568
5569
5570
5571
5572
5573
5574
5575
5576
5577
5578
5579
5580
5581
5582
5583
5584
5585
5586
5587
5588
5589
5590
5591
5592
5593
5594
5595
5596
5597
5598
5599
5600
5601
5602
5603
5604
5605
5606
5607
5608
5609
5610
5611
5612
5613
5614
5615
5616
5617
5618
5619
5620
5621
5622
5623
5624
5625
5626
5627
5628
5629
5630
5631
5632
5633
5634
5635
5636
5637
5638
5639
5640
5641
5642
5643
5644
5645
5646
5647
5648
5649
5650
5651
5652
5653
5654
5655
5656
5657
5658
5659
5660
5661
5662
5663
5664
5665
5666
5667
5668
5669
5670
5671
5672
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685
5686
5687
5688
5689
5690
5691
5692
5693
5694
5695
5696
5697
5698
5699
5700
5701
5702
5703
5704
5705
5706
5707
5708
5709
5710
5711
5712
5713
5714
5715
5716
5717
5718
5719
5720
5721
5722
5723
5724
5725
5726
5727
5728
5729
5730
5731
5732
5733
5734
5735
5736
5737
5738
5739
5740
5741
5742
5743
5744
5745
5746
5747
5748
5749
5750
5751
5752
5753
5754
5755
5756
5757
5758
5759
5760
5761
5762
5763
5764
5765
5766
5767
5768
5769
5770
5771
5772
5773
5774
5775
5776
5777
5778
5779
5780
5781
5782
5783
5784
5785
5786
5787
5788
5789
5790
5791
5792
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
5811
5812
5813
5814
5815
5816
5817
5818
5819
5820
5821
5822
5823
5824
5825
5826
5827
5828
5829
5830
5831
5832
5833
5834
5835
5836
5837
5838
5839
5840
5841
5842
5843
5844
5845
5846
5847
5848
5849
5850
5851
5852
5853
5854
5855
5856
5857
5858
5859
5860
5861
5862
5863
5864
5865
5866
5867
5868
5869
5870
5871
5872
5873
5874
5875
5876
5877
5878
5879
5880
5881
5882
5883
5884
5885
5886
5887
5888
5889
5890
5891
5892
5893
5894
5895
5896
5897
5898
5899
5900
5901
5902
5903
5904
5905
5906
5907
5908
5909
5910
5911
5912
5913
5914
5915
5916
5917
5918
5919
5920
5921
5922
5923
5924
5925
5926
5927
5928
5929
5930
5931
5932
5933
5934
5935
5936
5937
5938
5939
5940
5941
5942
5943
5944
5945
5946
5947
5948
5949
5950
5951
5952
5953
5954
5955
5956
5957
5958
5959
5960
5961
5962
5963
5964
5965
5966
5967
5968
5969
5970
5971
5972
5973
5974
5975
5976
5977
5978
5979
5980
5981
5982
5983
5984
5985
5986
5987
5988
5989
5990
5991
5992
5993
5994
5995
5996
5997
5998
5999
6000
6001
6002
6003
6004
6005
6006
6007
6008
6009
6010
6011
6012
6013
6014
6015
6016
6017
6018
6019
6020
6021
6022
6023
6024
6025
6026
6027
6028
6029
6030
6031
6032
6033
6034
6035
6036
6037
6038
6039
6040
6041
6042
6043
6044
6045
6046
6047
6048
6049
6050
6051
6052
6053
6054
6055
6056
6057
6058
6059
6060
6061
6062
6063
6064
6065
6066
6067
6068
6069
6070
6071
6072
6073
6074
6075
6076
6077
6078
6079
6080
6081
6082
6083
6084
6085
6086
6087
6088
6089
6090
6091
6092
6093
6094
6095
6096
6097
6098
6099
6100
6101
6102
6103
6104
6105
6106
6107
6108
6109
6110
6111
6112
6113
6114
6115
6116
6117
6118
6119
6120
6121
6122
6123
6124
6125
6126
6127
6128
6129
6130
6131
6132
6133
6134
6135
6136
6137
6138
6139
6140
6141
6142
6143
6144
6145
6146
6147
6148
6149
6150
6151
6152
6153
6154
6155
6156
6157
6158
6159
6160
6161
6162
6163
6164
6165
6166
6167
6168
6169
6170
6171
6172
6173
6174
6175
6176
6177
6178
6179
6180
6181
6182
6183
6184
6185
6186
6187
6188
6189
6190
6191
6192
6193
6194
6195
6196
6197
6198
6199
6200
6201
6202
6203
6204
6205
6206
6207
6208
6209
6210
6211
6212
6213
6214
6215
6216
6217
6218
6219
6220
6221
6222
6223
6224
6225
6226
6227
6228
6229
6230
6231
6232
6233
6234
6235
6236
6237
6238
6239
6240
6241
6242
6243
6244
6245
6246
6247
6248
6249
6250
6251
6252
6253
6254
6255
6256
6257
6258
6259
6260
6261
6262
6263
6264
6265
6266
6267
6268
6269
6270
6271
6272
6273
6274
6275
6276
6277
6278
6279
6280
6281
6282
6283
6284
6285
6286
6287
6288
6289
6290
6291
6292
6293
6294
6295
6296
6297
6298
6299
6300
6301
6302
6303
6304
6305
6306
6307
6308
6309
6310
6311
6312
6313
6314
6315
6316
6317
6318
6319
6320
6321
6322
6323
6324
6325
6326
6327
6328
6329
6330
6331
6332
6333
6334
6335
6336
6337
6338
6339
6340
6341
6342
6343
6344
6345
6346
6347
6348
6349
6350
6351
6352
6353
6354
6355
6356
6357
6358
6359
6360
6361
6362
6363
6364
6365
6366
6367
6368
6369
6370
6371
6372
6373
6374
6375
6376
6377
6378
6379
6380
6381
6382
6383
6384
6385
6386
6387
6388
6389
6390
6391
6392
6393
6394
6395
6396
6397
6398
6399
6400
6401
6402
6403
6404
6405
6406
6407
6408
6409
6410
6411
6412
6413
6414
6415
6416
6417
6418
6419
6420
6421
6422
6423
6424
6425
6426
6427
6428
6429
6430
6431
6432
6433
6434
6435
6436
6437
6438
6439
6440
6441
6442
6443
6444
6445
6446
6447
6448
6449
6450
6451
6452
6453
6454
6455
6456
6457
6458
6459
6460
6461
6462
6463
6464
6465
6466
6467
6468
6469
6470
6471
6472
6473
6474
6475
6476
6477
6478
6479
6480
6481
6482
6483
6484
6485
6486
6487
6488
6489
6490
6491
6492
6493
6494
6495
6496
6497
6498
6499
6500
6501
6502
6503
6504
6505
6506
6507
6508
6509
6510
6511
6512
6513
6514
6515
6516
6517
6518
6519
6520
6521
6522
6523
6524
6525
6526
6527
6528
6529
6530
6531
6532
6533
6534
6535
6536
6537
6538
6539
6540
6541
6542
6543
6544
6545
6546
6547
6548
6549
6550
6551
6552
6553
6554
6555
6556
6557
6558
6559
6560
6561
6562
6563
6564
6565
6566
6567
6568
6569
6570
6571
6572
6573
6574
6575
6576
6577
6578
6579
6580
6581
6582
6583
6584
6585
6586
6587
6588
6589
6590
6591
6592
6593
6594
6595
6596
6597
6598
6599
6600
6601
6602
6603
6604
6605
6606
6607
6608
6609
6610
6611
6612
6613
6614
6615
6616
6617
6618
6619
6620
6621
6622
6623
6624
6625
6626
6627
6628
6629
6630
6631
6632
6633
6634
6635
6636
6637
6638
6639
6640
6641
6642
6643
6644
6645
6646
6647
6648
6649
6650
6651
6652
6653
6654
6655
6656
6657
6658
6659
6660
6661
6662
6663
6664
6665
6666
6667
6668
6669
6670
6671
6672
6673
6674
6675
6676
6677
6678
6679
6680
6681
6682
6683
6684
6685
6686
6687
6688
6689
6690
6691
6692
6693
6694
6695
6696
6697
6698
6699
6700
6701
6702
6703
6704
6705
6706
6707
6708
6709
6710
6711
6712
6713
6714
6715
6716
6717
6718
6719
6720
6721
6722
6723
6724
6725
6726
6727
6728
6729
6730
6731
6732
6733
6734
6735
6736
6737
6738
6739
6740
6741
6742
6743
6744
6745
6746
6747
6748
6749
6750
6751
6752
6753
6754
6755
6756
6757
6758
6759
6760
6761
6762
6763
6764
6765
6766
6767
6768
6769
6770
6771
6772
6773
6774
6775
6776
6777
6778
6779
6780
6781
6782
6783
6784
6785
6786
6787
6788
6789
6790
6791
6792
6793
6794
6795
6796
6797
6798
6799
6800
6801
6802
6803
6804
6805
6806
6807
6808
6809
6810
6811
6812
6813
6814
6815
6816
6817
6818
6819
6820
6821
6822
6823
6824
6825
6826
6827
6828
6829
6830
6831
6832
6833
6834
6835
6836
6837
6838
6839
6840
6841
6842
6843
6844
6845
6846
6847
6848
6849
6850
6851
6852
6853
6854
6855
6856
6857
6858
6859
6860
6861
6862
6863
6864
6865
6866
6867
6868
6869
6870
6871
6872
6873
6874
6875
6876
6877
6878
6879
6880
6881
6882
6883
6884
6885
6886
6887
6888
6889
6890
6891
6892
6893
6894
6895
6896
6897
6898
6899
6900
6901
6902
6903
6904
6905
6906
6907
6908
6909
6910
6911
6912
6913
6914
6915
6916
6917
6918
6919
6920
6921
6922
6923
6924
6925
6926
6927
6928
6929
6930
6931
6932
6933
6934
6935
6936
6937
6938
6939
6940
6941
6942
6943
6944
6945
6946
6947
6948
6949
6950
6951
6952
6953
6954
6955
6956
6957
6958
6959
6960
6961
6962
6963
6964
6965
6966
6967
6968
6969
6970
6971
6972
6973
6974
6975
6976
6977
6978
6979
6980
6981
6982
6983
6984
6985
6986
6987
6988
6989
6990
6991
6992
6993
6994
6995
6996
6997
6998
6999
7000
7001
7002
7003
7004
7005
7006
7007
7008
7009
7010
7011
7012
7013
7014
7015
7016
7017
7018
7019
7020
7021
7022
7023
7024
7025
7026
7027
7028
7029
7030
7031
7032
7033
7034
7035
7036
7037
7038
7039
7040
7041
7042
7043
7044
7045
7046
7047
7048
7049
7050
7051
7052
7053
7054
7055
7056
7057
7058
7059
7060
7061
7062
7063
7064
7065
7066
7067
7068
7069
7070
7071
7072
7073
7074
7075
7076
7077
7078
7079
7080
7081
7082
7083
7084
7085
7086
7087
7088
7089
7090
7091
7092
7093
7094
7095
7096
7097
7098
7099
7100
7101
7102
7103
7104
7105
7106
7107
7108
7109
7110
7111
7112
7113
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123
7124
7125
7126
7127
7128
7129
7130
7131
7132
7133
7134
7135
7136
7137
7138
7139
7140
7141
7142
7143
7144
7145
7146
7147
7148
7149
7150
7151
7152
7153
7154
7155
7156
7157
7158
7159
7160
7161
7162
7163
7164
7165
7166
7167
7168
7169
7170
7171
7172
7173
7174
7175
7176
7177
7178
7179
7180
7181
7182
7183
7184
7185
7186
7187
7188
7189
7190
7191
7192
7193
7194
7195
7196
7197
7198
7199
7200
7201
7202
7203
7204
7205
7206
7207
7208
7209
7210
7211
7212
7213
7214
7215
7216
7217
7218
7219
7220
7221
7222
7223
7224
7225
7226
7227
7228
7229
7230
7231
7232
7233
7234
7235
7236
7237
7238
7239
7240
7241
7242
7243
7244
7245
7246
7247
7248
7249
7250
7251
7252
7253
7254
7255
7256
7257
7258
7259
7260
7261
7262
7263
7264
7265
7266
7267
7268
7269
7270
7271
7272
7273
7274
7275
7276
7277
7278
7279
7280
7281
7282
7283
7284
7285
7286
7287
7288
7289
7290
7291
7292
7293
7294
7295
7296
7297
7298
7299
7300
7301
7302
7303
7304
7305
7306
7307
7308
7309
7310
7311
7312
7313
7314
7315
7316
7317
7318
7319
7320
7321
7322
7323
7324
7325
7326
7327
7328
7329
7330
7331
7332
7333
7334
7335
7336
7337
7338
7339
7340
7341
7342
7343
7344
7345
7346
7347
7348
7349
7350
7351
7352
7353
7354
7355
7356
7357
7358
7359
7360
7361
7362
7363
7364
7365
7366
7367
7368
7369
7370
7371
7372
7373
7374
7375
7376
7377
7378
7379
7380
7381
7382
7383
7384
7385
7386
7387
7388
7389
7390
7391
7392
7393
7394
7395
7396
7397
7398
7399
7400
7401
7402
7403
7404
7405
7406
7407
7408
7409
7410
7411
7412
7413
7414
7415
7416
7417
7418
7419
7420
7421
7422
7423
7424
7425
7426
7427
7428
7429
7430
7431
7432
7433
7434
7435
7436
7437
7438
7439
7440
7441
7442
7443
7444
7445
7446
7447
7448
7449
7450
7451
7452
7453
7454
7455
7456
7457
7458
7459
7460
7461
7462
7463
7464
7465
7466
7467
7468
7469
7470
7471
7472
7473
7474
7475
7476
7477
7478
7479
7480
7481
7482
7483
7484
7485
7486
7487
7488
7489
7490
7491
7492
7493
7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
7504
7505
7506
7507
7508
7509
7510
7511
7512
7513
7514
7515
7516
7517
7518
7519
7520
7521
7522
7523
7524
7525
7526
7527
7528
7529
7530
7531
7532
7533
7534
7535
7536
7537
7538
7539
7540
7541
7542
7543
7544
7545
7546
7547
7548
7549
7550
7551
7552
7553
7554
7555
7556
7557
7558
7559
7560
7561
7562
7563
7564
7565
7566
7567
7568
7569
7570
7571
7572
7573
7574
7575
7576
7577
7578
7579
7580
7581
7582
7583
7584
7585
7586
7587
7588
7589
7590
7591
7592
7593
7594
7595
7596
7597
7598
7599
7600
7601
7602
7603
7604
7605
7606
7607
7608
7609
7610
7611
7612
7613
7614
7615
7616
7617
7618
7619
7620
7621
7622
7623
7624
7625
7626
7627
7628
7629
7630
7631
7632
7633
7634
7635
7636
7637
7638
7639
7640
7641
7642
7643
7644
7645
7646
7647
7648
7649
7650
7651
7652
7653
7654
7655
7656
7657
7658
7659
7660
7661
7662
7663
7664
7665
7666
7667
7668
7669
7670
7671
7672
7673
7674
7675
7676
7677
7678
7679
7680
7681
7682
7683
7684
7685
7686
7687
7688
7689
7690
7691
7692
7693
7694
7695
7696
7697
7698
7699
7700
7701
7702
7703
7704
7705
7706
7707
7708
7709
7710
7711
7712
7713
7714
7715
7716
7717
7718
7719
7720
7721
7722
7723
7724
7725
7726
7727
7728
7729
7730
7731
7732
7733
7734
7735
7736
7737
7738
7739
7740
7741
7742
7743
7744
7745
7746
7747
7748
7749
7750
7751
7752
7753
7754
7755
7756
7757
7758
7759
7760
7761
7762
7763
7764
7765
7766
7767
7768
7769
7770
7771
7772
7773
7774
7775
7776
7777
7778
7779
7780
7781
7782
7783
7784
7785
7786
7787
7788
7789
7790
7791
7792
7793
7794
7795
7796
7797
7798
7799
7800
7801
7802
7803
7804
7805
7806
7807
7808
7809
7810
7811
7812
7813
7814
7815
7816
7817
7818
7819
7820
7821
7822
7823
7824
7825
7826
7827
7828
7829
7830
7831
7832
7833
7834
7835
7836
7837
7838
7839
7840
7841
7842
7843
7844
7845
7846
7847
7848
7849
7850
7851
7852
7853
7854
7855
7856
7857
7858
7859
7860
7861
7862
7863
7864
7865
7866
7867
7868
7869
7870
7871
7872
7873
7874
7875
7876
7877
7878
7879
7880
7881
7882
7883
7884
7885
7886
7887
7888
7889
7890
7891
7892
7893
7894
7895
7896
7897
7898
7899
7900
7901
7902
7903
7904
7905
7906
7907
7908
7909
7910
7911
7912
7913
7914
7915
7916
7917
7918
7919
7920
7921
7922
7923
7924
7925
7926
7927
7928
7929
7930
7931
7932
7933
7934
7935
7936
7937
7938
7939
7940
7941
7942
7943
7944
7945
7946
7947
7948
7949
7950
7951
7952
7953
7954
7955
7956
7957
7958
7959
7960
7961
7962
7963
7964
7965
7966
7967
7968
7969
7970
7971
7972
7973
7974
7975
7976
7977
7978
7979
7980
7981
7982
7983
7984
7985
7986
7987
7988
7989
7990
7991
7992
7993
7994
7995
7996
7997
7998
7999
8000
8001
8002
8003
8004
8005
8006
8007
8008
8009
8010
8011
8012
8013
8014
8015
8016
8017
8018
8019
8020
8021
8022
8023
8024
8025
8026
8027
8028
8029
8030
8031
8032
8033
8034
8035
8036
8037
8038
8039
8040
8041
8042
8043
8044
8045
8046
8047
8048
8049
8050
8051
8052
8053
8054
8055
8056
8057
8058
8059
8060
8061
8062
8063
8064
8065
8066
8067
8068
8069
8070
8071
8072
8073
8074
8075
8076
8077
8078
8079
8080
8081
8082
8083
8084
8085
8086
8087
8088
8089
8090
8091
8092
8093
8094
8095
8096
8097
8098
8099
8100
8101
8102
8103
8104
8105
8106
8107
8108
8109
8110
8111
8112
8113
8114
8115
8116
8117
8118
8119
8120
8121
8122
8123
8124
8125
8126
8127
8128
8129
8130
8131
8132
8133
8134
8135
8136
8137
8138
8139
8140
8141
8142
8143
8144
8145
8146
8147
8148
8149
8150
8151
8152
8153
8154
8155
8156
8157
8158
8159
8160
8161
8162
8163
8164
8165
8166
8167
8168
8169
8170
8171
8172
8173
8174
8175
8176
8177
8178
8179
8180
8181
8182
8183
8184
8185
8186
8187
8188
8189
8190
8191
8192
8193
8194
8195
8196
8197
8198
8199
8200
8201
8202
8203
8204
8205
8206
8207
8208
8209
8210
8211
8212
8213
8214
8215
8216
8217
8218
8219
8220
8221
8222
8223
8224
8225
8226
8227
8228
8229
8230
8231
8232
8233
8234
8235
8236
8237
8238
8239
8240
8241
8242
8243
8244
8245
8246
8247
8248
8249
8250
8251
8252
8253
8254
8255
8256
8257
8258
8259
8260
8261
8262
8263
8264
8265
8266
8267
8268
8269
8270
8271
8272
8273
8274
8275
8276
8277
8278
8279
8280
8281
8282
8283
8284
8285
8286
8287
8288
8289
8290
8291
8292
8293
8294
8295
8296
8297
8298
8299
8300
8301
8302
8303
8304
8305
8306
8307
8308
8309
8310
8311
8312
8313
8314
8315
8316
8317
8318
8319
8320
8321
8322
8323
8324
8325
8326
8327
8328
8329
8330
8331
8332
8333
8334
8335
8336
8337
8338
8339
8340
8341
8342
8343
8344
8345
8346
8347
8348
8349
8350
8351
8352
8353
8354
8355
8356
8357
8358
8359
8360
8361
8362
8363
8364
8365
8366
8367
8368
8369
8370
8371
8372
8373
8374
8375
8376
8377
8378
8379
8380
8381
8382
8383
8384
8385
8386
8387
8388
8389
8390
8391
8392
8393
8394
8395
8396
8397
8398
8399
8400
8401
8402
8403
8404
8405
8406
8407
8408
8409
8410
8411
8412
8413
8414
8415
8416
8417
8418
8419
8420
8421
8422
8423
8424
8425
8426
8427
8428
8429
8430
8431
8432
8433
8434
8435
8436
8437
8438
8439
8440
8441
8442
8443
8444
8445
8446
8447
8448
8449
8450
8451
8452
8453
8454
8455
8456
8457
8458
8459
8460
8461
8462
8463
8464
8465
8466
8467
8468
8469
8470
8471
8472
8473
8474
8475
8476
8477
8478
8479
8480
8481
8482
8483
8484
8485
8486
8487
8488
8489
8490
8491
8492
8493
8494
8495
8496
8497
8498
8499
8500
8501
8502
8503
8504
8505
8506
8507
8508
8509
8510
8511
8512
8513
8514
8515
8516
8517
8518
8519
8520
8521
8522
8523
8524
8525
8526
8527
8528
8529
8530
8531
8532
8533
8534
8535
8536
8537
8538
8539
8540
8541
8542
8543
8544
8545
8546
8547
8548
8549
8550
8551
8552
8553
8554
8555
8556
8557
8558
8559
8560
8561
8562
8563
8564
8565
8566
8567
8568
8569
8570
8571
8572
8573
8574
8575
8576
8577
8578
8579
8580
8581
8582
8583
8584
8585
8586
8587
8588
8589
8590
8591
8592
8593
8594
8595
8596
8597
8598
8599
8600
8601
8602
8603
8604
8605
8606
8607
8608
8609
8610
8611
8612
8613
8614
8615
8616
8617
8618
8619
8620
8621
8622
8623
8624
8625
8626
8627
8628
8629
8630
8631
8632
8633
8634
8635
8636
8637
8638
8639
8640
8641
8642
8643
8644
8645
8646
8647
8648
8649
8650
8651
8652
8653
8654
8655
8656
8657
8658
8659
8660
8661
8662
8663
8664
8665
8666
8667
8668
8669
8670
8671
8672
8673
8674
8675
8676
8677
8678
8679
8680
8681
8682
8683
8684
8685
8686
8687
8688
8689
8690
8691
8692
8693
8694
8695
8696
8697
8698
8699
8700
8701
8702
8703
8704
8705
8706
8707
8708
8709
8710
8711
8712
8713
8714
8715
8716
8717
8718
8719
8720
8721
8722
8723
8724
8725
8726
8727
8728
8729
8730
8731
8732
8733
8734
8735
8736
8737
8738
8739
8740
8741
8742
8743
8744
8745
8746
8747
8748
8749
8750
8751
8752
8753
8754
8755
8756
8757
8758
8759
8760
8761
8762
8763
8764
8765
8766
8767
8768
8769
8770
8771
8772
8773
8774
8775
8776
8777
8778
8779
8780
8781
8782
8783
8784
8785
8786
8787
8788
8789
8790
8791
8792
8793
8794
8795
8796
8797
8798
8799
8800
8801
8802
8803
8804
8805
8806
8807
8808
8809
8810
8811
8812
8813
8814
8815
8816
8817
8818
8819
8820
8821
8822
8823
8824
8825
8826
8827
8828
8829
8830
8831
8832
8833
8834
8835
8836
8837
8838
8839
8840
8841
8842
8843
8844
8845
8846
8847
8848
8849
8850
8851
8852
8853
8854
8855
8856
8857
8858
8859
8860
8861
8862
8863
8864
8865
8866
8867
8868
8869
8870
8871
8872
8873
8874
8875
8876
8877
8878
8879
8880
8881
8882
8883
8884
8885
8886
8887
8888
8889
8890
8891
8892
8893
8894
8895
8896
8897
8898
8899
8900
8901
8902
8903
8904
8905
8906
8907
8908
8909
8910
8911
8912
8913
8914
8915
8916
8917
8918
8919
8920
8921
8922
8923
8924
8925
8926
8927
8928
8929
8930
8931
8932
8933
8934
8935
8936
8937
8938
8939
8940
8941
8942
8943
8944
8945
8946
8947
8948
8949
8950
8951
8952
8953
8954
8955
8956
8957
8958
8959
8960
8961
8962
8963
8964
8965
8966
8967
8968
8969
8970
8971
8972
8973
8974
8975
8976
8977
8978
8979
8980
8981
8982
8983
8984
8985
8986
8987
8988
8989
8990
8991
8992
8993
8994
8995
8996
8997
8998
8999
9000
9001
9002
9003
9004
9005
9006
9007
9008
9009
9010
9011
9012
9013
9014
9015
9016
9017
9018
9019
9020
9021
9022
9023
9024
9025
9026
9027
9028
9029
9030
9031
9032
9033
9034
9035
9036
9037
9038
9039
9040
9041
9042
9043
9044
9045
9046
9047
9048
9049
9050
9051
9052
9053
9054
9055
9056
9057
9058
9059
9060
9061
9062
9063
9064
9065
9066
9067
9068
9069
9070
9071
9072
9073
9074
9075
9076
9077
9078
9079
9080
9081
9082
9083
9084
9085
9086
9087
9088
9089
9090
9091
9092
9093
9094
9095
9096
9097
9098
9099
9100
9101
9102
9103
9104
9105
9106
9107
9108
9109
9110
9111
9112
9113
9114
9115
9116
9117
9118
9119
9120
9121
9122
9123
9124
9125
9126
9127
9128
9129
9130
9131
9132
9133
9134
9135
9136
9137
9138
9139
9140
9141
9142
9143
9144
9145
9146
9147
9148
9149
9150
9151
9152
9153
9154
9155
9156
9157
9158
9159
9160
9161
9162
9163
9164
9165
9166
9167
9168
9169
9170
9171
9172
9173
9174
9175
9176
9177
9178
9179
9180
9181
9182
9183
9184
9185
9186
9187
9188
9189
9190
9191
9192
9193
9194
9195
9196
9197
9198
9199
9200
9201
9202
9203
9204
9205
9206
9207
9208
9209
9210
9211
9212
9213
9214
9215
9216
9217
9218
9219
9220
9221
9222
9223
9224
9225
9226
9227
9228
9229
9230
9231
9232
9233
9234
9235
9236
9237
9238
9239
9240
9241
9242
9243
9244
9245
9246
9247
9248
9249
9250
9251
9252
9253
9254
9255
9256
9257
9258
9259
9260
9261
9262
9263
9264
9265
9266
9267
9268
9269
9270
9271
9272
9273
9274
9275
9276
9277
9278
9279
9280
9281
9282
9283
9284
9285
9286
9287
9288
9289
9290
9291
9292
9293
9294
9295
9296
9297
9298
9299
9300
9301
9302
9303
9304
9305
9306
9307
9308
9309
9310
9311
9312
9313
9314
9315
9316
9317
9318
9319
9320
9321
9322
9323
9324
9325
9326
9327
9328
9329
9330
9331
9332
9333
9334
9335
9336
9337
9338
9339
9340
9341
9342
9343
9344
9345
9346
9347
9348
9349
9350
9351
9352
9353
9354
9355
9356
9357
9358
9359
9360
9361
9362
9363
9364
9365
9366
9367
9368
9369
9370
9371
9372
9373
9374
9375
9376
9377
9378
9379
9380
9381
9382
9383
9384
9385
9386
9387
9388
9389
9390
9391
9392
9393
9394
9395
9396
9397
9398
9399
9400
9401
9402
9403
9404
9405
9406
9407
9408
9409
9410
9411
9412
9413
9414
9415
9416
9417
9418
9419
9420
9421
9422
9423
9424
9425
9426
9427
9428
9429
9430
9431
9432
9433
9434
9435
9436
9437
9438
9439
9440
9441
9442
9443
9444
9445
9446
9447
9448
9449
9450
9451
9452
9453
9454
9455
9456
9457
9458
9459
9460
9461
9462
9463
9464
9465
9466
9467
9468
9469
9470
9471
9472
9473
9474
9475
9476
9477
9478
9479
9480
9481
9482
9483
9484
9485
9486
9487
9488
9489
9490
9491
9492
9493
9494
9495
9496
9497
9498
9499
9500
9501
9502
9503
9504
9505
9506
9507
9508
9509
9510
9511
9512
9513
9514
9515
9516
9517
9518
9519
9520
9521
9522
9523
9524
9525
9526
9527
9528
9529
9530
9531
9532
9533
9534
9535
9536
9537
9538
9539
9540
9541
9542
9543
9544
9545
9546
9547
9548
9549
9550
9551
9552
9553
9554
9555
9556
9557
9558
9559
9560
9561
9562
9563
9564
9565
9566
9567
9568
9569
9570
9571
9572
9573
9574
9575
9576
9577
9578
9579
9580
9581
9582
9583
9584
9585
9586
9587
9588
9589
9590
9591
9592
9593
9594
9595
9596
9597
9598
9599
9600
9601
9602
9603
9604
9605
9606
9607
9608
9609
9610
9611
9612
9613
9614
9615
9616
9617
9618
9619
9620
9621
9622
9623
9624
9625
9626
9627
9628
9629
9630
9631
9632
9633
9634
9635
9636
9637
9638
9639
9640
9641
9642
9643
9644
9645
9646
9647
9648
9649
9650
9651
9652
9653
9654
9655
9656
9657
9658
9659
9660
9661
9662
9663
9664
9665
9666
9667
9668
9669
9670
9671
9672
9673
9674
9675
9676
9677
9678
9679
9680
9681
9682
9683
9684
9685
9686
9687
9688
9689
9690
9691
9692
9693
9694
9695
9696
9697
9698
9699
9700
9701
9702
9703
9704
9705
9706
9707
9708
9709
9710
9711
9712
9713
9714
9715
9716
9717
9718
9719
9720
9721
9722
9723
9724
9725
9726
9727
9728
9729
9730
9731
9732
9733
9734
9735
9736
9737
9738
9739
9740
9741
9742
9743
9744
9745
9746
9747
9748
9749
9750
9751
9752
9753
9754
9755
9756
9757
9758
9759
9760
9761
9762
9763
9764
9765
9766
9767
9768
9769
9770
9771
9772
9773
9774
9775
9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
9787
9788
9789
9790
9791
9792
9793
9794
9795
9796
9797
9798
9799
9800
9801
9802
9803
9804
9805
9806
9807
9808
9809
9810
9811
9812
9813
9814
9815
9816
9817
9818
9819
9820
9821
9822
9823
9824
9825
9826
9827
9828
9829
9830
9831
9832
9833
9834
9835
9836
9837
9838
9839
9840
9841
9842
9843
9844
9845
9846
9847
9848
9849
9850
9851
9852
9853
9854
9855
9856
9857
9858
9859
9860
9861
9862
9863
9864
9865
9866
9867
9868
9869
9870
9871
9872
9873
9874
9875
9876
9877
9878
9879
9880
9881
9882
9883
9884
9885
9886
9887
9888
9889
9890
9891
9892
9893
9894
9895
9896
9897
9898
9899
9900
9901
9902
9903
9904
9905
9906
9907
9908
9909
9910
9911
9912
9913
9914
9915
9916
9917
9918
9919
9920
9921
9922
9923
9924
9925
9926
9927
9928
9929
9930
9931
9932
9933
9934
9935
9936
9937
9938
9939
9940
9941
9942
9943
9944
9945
9946
9947
9948
9949
9950
9951
9952
9953
9954
9955
9956
9957
9958
9959
9960
9961
9962
9963
9964
9965
9966
9967
9968
9969
9970
9971
9972
9973
9974
9975
9976
9977
9978
9979
9980
9981
9982
9983
9984
9985
9986
9987
9988
9989
9990
9991
9992
9993
9994
9995
9996
9997
9998
9999
10000
10001
10002
10003
10004
10005
10006
10007
10008
10009
10010
10011
10012
10013
10014
10015
10016
10017
10018
10019
10020
10021
10022
10023
10024
10025
10026
10027
10028
10029
10030
10031
10032
10033
10034
10035
10036
10037
10038
10039
10040
10041
10042
10043
10044
10045
10046
10047
10048
10049
10050
10051
10052
10053
10054
10055
10056
10057
10058
10059
10060
10061
10062
10063
10064
10065
10066
10067
10068
10069
10070
10071
10072
10073
10074
10075
10076
10077
10078
10079
10080
10081
10082
10083
10084
10085
10086
10087
10088
10089
10090
10091
10092
10093
10094
10095
10096
10097
10098
10099
10100
10101
10102
10103
10104
10105
10106
10107
10108
10109
10110
10111
10112
10113
10114
10115
10116
10117
10118
10119
10120
10121
10122
10123
10124
10125
10126
10127
10128
10129
10130
10131
10132
10133
10134
10135
10136
10137
10138
10139
10140
10141
10142
10143
10144
10145
10146
10147
10148
10149
10150
10151
10152
10153
10154
10155
10156
10157
10158
10159
10160
10161
10162
10163
10164
10165
10166
10167
10168
10169
10170
10171
10172
10173
10174
10175
10176
10177
10178
10179
10180
10181
10182
10183
10184
10185
10186
10187
10188
10189
10190
10191
10192
10193
10194
10195
10196
10197
10198
10199
10200
10201
10202
10203
10204
10205
10206
10207
10208
10209
10210
10211
10212
10213
10214
10215
10216
10217
10218
10219
10220
10221
10222
10223
10224
10225
10226
10227
10228
10229
10230
10231
10232
10233
10234
10235
10236
10237
10238
10239
10240
10241
10242
10243
10244
10245
10246
10247
10248
10249
10250
10251
10252
10253
10254
10255
10256
10257
10258
10259
10260
10261
10262
10263
10264
10265
10266
10267
10268
10269
10270
10271
10272
10273
10274
10275
10276
10277
10278
10279
10280
10281
10282
10283
10284
10285
10286
10287
10288
10289
10290
10291
10292
10293
10294
10295
10296
10297
10298
10299
10300
10301
10302
10303
10304
10305
10306
10307
10308
10309
10310
10311
10312
10313
10314
10315
10316
10317
10318
10319
10320
10321
10322
10323
10324
10325
10326
10327
10328
10329
10330
10331
10332
10333
10334
10335
10336
10337
10338
10339
10340
10341
10342
10343
10344
10345
10346
10347
10348
10349
10350
10351
10352
10353
10354
10355
10356
10357
10358
10359
10360
10361
10362
10363
10364
10365
10366
10367
10368
10369
10370
10371
10372
10373
10374
10375
10376
10377
10378
10379
10380
10381
10382
10383
10384
10385
10386
10387
10388
10389
10390
10391
10392
10393
10394
10395
10396
10397
10398
10399
10400
10401
10402
10403
10404
10405
10406
10407
10408
10409
10410
10411
10412
10413
10414
10415
10416
10417
10418
10419
10420
10421
10422
10423
10424
10425
10426
10427
10428
10429
10430
10431
10432
10433
10434
10435
10436
10437
10438
10439
10440
10441
10442
10443
10444
10445
10446
10447
10448
10449
10450
10451
10452
10453
10454
10455
10456
10457
10458
10459
10460
10461
10462
10463
10464
10465
10466
10467
10468
10469
10470
10471
10472
10473
10474
10475
10476
10477
10478
10479
10480
10481
10482
10483
10484
10485
10486
10487
10488
10489
10490
10491
10492
10493
10494
10495
10496
10497
10498
10499
10500
10501
10502
10503
10504
10505
10506
10507
10508
10509
10510
10511
10512
10513
10514
10515
10516
10517
10518
10519
10520
10521
10522
10523
10524
10525
10526
10527
10528
10529
10530
10531
10532
10533
10534
10535
10536
10537
10538
10539
10540
10541
10542
10543
10544
10545
10546
10547
10548
10549
10550
10551
10552
10553
10554
10555
10556
10557
10558
10559
10560
10561
10562
10563
10564
10565
10566
10567
10568
10569
10570
10571
10572
10573
10574
10575
10576
10577
10578
10579
10580
10581
10582
10583
10584
10585
10586
10587
10588
10589
10590
10591
10592
10593
10594
10595
10596
10597
10598
10599
10600
10601
10602
10603
10604
10605
10606
10607
10608
10609
10610
10611
10612
10613
10614
10615
10616
10617
10618
10619
10620
10621
10622
10623
10624
10625
10626
10627
10628
10629
10630
10631
10632
10633
10634
10635
10636
10637
10638
10639
10640
10641
10642
10643
10644
10645
10646
10647
10648
10649
10650
10651
10652
10653
10654
10655
10656
10657
10658
10659
10660
10661
10662
10663
10664
10665
10666
10667
10668
10669
10670
10671
10672
10673
10674
10675
10676
10677
10678
10679
10680
10681
10682
10683
10684
10685
10686
10687
10688
10689
10690
10691
10692
10693
10694
10695
10696
10697
10698
10699
10700
10701
10702
10703
10704
10705
10706
10707
10708
10709
10710
10711
10712
10713
10714
10715
10716
10717
10718
10719
10720
10721
10722
10723
10724
10725
10726
10727
10728
10729
10730
10731
10732
10733
10734
10735
10736
10737
10738
10739
10740
10741
10742
10743
10744
10745
10746
10747
10748
10749
10750
10751
10752
10753
10754
10755
10756
10757
10758
10759
10760
10761
10762
10763
10764
10765
10766
10767
10768
10769
10770
10771
10772
10773
10774
10775
10776
10777
10778
10779
10780
10781
10782
10783
10784
10785
10786
10787
10788
10789
10790
10791
10792
10793
10794
10795
10796
10797
10798
10799
10800
10801
10802
10803
10804
10805
10806
10807
10808
10809
10810
10811
10812
10813
10814
10815
10816
10817
10818
10819
10820
10821
10822
10823
10824
10825
10826
10827
10828
10829
10830
10831
10832
10833
10834
10835
10836
10837
10838
10839
10840
10841
10842
10843
10844
10845
10846
10847
10848
10849
10850
10851
10852
10853
10854
10855
10856
10857
10858
10859
10860
10861
10862
10863
10864
10865
10866
10867
10868
10869
10870
10871
10872
10873
10874
10875
10876
10877
10878
10879
10880
10881
10882
10883
10884
10885
10886
10887
10888
10889
10890
10891
10892
10893
10894
10895
10896
10897
10898
10899
10900
10901
10902
10903
10904
10905
10906
10907
10908
10909
10910
10911
10912
10913
10914
10915
10916
10917
10918
10919
10920
10921
10922
10923
10924
10925
10926
10927
10928
10929
10930
10931
10932
10933
10934
10935
10936
10937
10938
10939
10940
10941
10942
10943
10944
10945
10946
10947
10948
10949
10950
10951
10952
10953
10954
10955
10956
10957
10958
10959
10960
10961
10962
10963
10964
10965
10966
10967
10968
10969
10970
10971
10972
10973
10974
10975
10976
10977
10978
10979
10980
10981
10982
10983
10984
10985
10986
10987
10988
10989
10990
10991
10992
10993
10994
10995
10996
10997
10998
10999
11000
11001
11002
11003
11004
11005
11006
11007
11008
11009
11010
11011
11012
11013
11014
11015
11016
11017
11018
11019
11020
11021
11022
11023
11024
11025
11026
11027
11028
11029
11030
11031
11032
11033
11034
11035
11036
11037
11038
11039
11040
11041
11042
11043
11044
11045
11046
11047
11048
11049
11050
11051
11052
11053
11054
11055
11056
11057
11058
11059
11060
11061
11062
11063
11064
11065
11066
11067
11068
11069
11070
11071
11072
11073
11074
11075
11076
11077
11078
11079
11080
11081
11082
11083
11084
11085
11086
11087
11088
11089
11090
11091
11092
11093
11094
11095
11096
11097
11098
11099
11100
11101
11102
11103
11104
11105
11106
11107
11108
11109
11110
11111
11112
11113
11114
11115
11116
11117
11118
11119
11120
11121
11122
11123
11124
11125
11126
11127
11128
11129
11130
11131
11132
11133
11134
11135
11136
11137
11138
11139
11140
11141
11142
11143
11144
11145
11146
11147
11148
11149
11150
11151
11152
11153
11154
11155
11156
11157
11158
11159
11160
11161
11162
11163
11164
11165
11166
11167
11168
11169
11170
11171
11172
11173
11174
11175
11176
11177
11178
11179
11180
11181
11182
11183
11184
11185
11186
11187
11188
11189
11190
11191
11192
11193
11194
11195
11196
11197
11198
11199
11200
11201
11202
11203
11204
11205
11206
11207
11208
11209
11210
11211
11212
11213
11214
11215
11216
11217
11218
11219
11220
11221
11222
11223
11224
11225
11226
11227
11228
11229
11230
11231
11232
11233
11234
11235
11236
11237
11238
11239
11240
11241
11242
11243
11244
11245
11246
11247
11248
11249
11250
11251
11252
11253
11254
11255
11256
11257
11258
11259
11260
11261
11262
11263
11264
11265
11266
11267
11268
11269
11270
11271
11272
11273
11274
11275
11276
11277
11278
11279
11280
11281
11282
11283
11284
11285
11286
11287
11288
11289
11290
11291
11292
11293
11294
11295
11296
11297
11298
11299
11300
11301
11302
11303
11304
11305
11306
11307
11308
11309
11310
11311
11312
11313
11314
11315
11316
11317
11318
11319
11320
11321
11322
11323
11324
11325
11326
11327
11328
11329
11330
11331
11332
11333
11334
11335
11336
11337
11338
11339
11340
11341
11342
11343
11344
11345
11346
11347
11348
11349
11350
11351
11352
11353
11354
11355
11356
11357
11358
11359
11360
11361
11362
11363
11364
11365
11366
11367
11368
11369
11370
11371
11372
11373
11374
11375
11376
11377
11378
11379
11380
11381
11382
11383
11384
11385
11386
11387
11388
11389
11390
11391
11392
11393
11394
11395
11396
11397
11398
11399
11400
11401
11402
11403
11404
11405
11406
11407
11408
11409
11410
11411
11412
11413
11414
11415
11416
11417
11418
11419
11420
11421
11422
11423
11424
11425
11426
11427
11428
11429
11430
11431
11432
11433
11434
11435
11436
11437
11438
11439
11440
11441
11442
11443
11444
11445
11446
11447
11448
11449
11450
11451
11452
11453
11454
11455
11456
11457
11458
11459
11460
11461
11462
11463
11464
11465
11466
11467
11468
11469
11470
11471
11472
11473
11474
11475
11476
11477
11478
11479
11480
11481
11482
11483
11484
11485
11486
11487
11488
11489
11490
11491
11492
11493
11494
11495
11496
11497
11498
11499
11500
11501
11502
11503
11504
11505
11506
11507
11508
11509
11510
11511
11512
11513
11514
11515
11516
11517
11518
11519
11520
11521
11522
11523
11524
11525
11526
11527
11528
11529
11530
11531
11532
11533
11534
11535
11536
11537
11538
11539
11540
11541
11542
11543
11544
11545
11546
11547
11548
11549
11550
11551
11552
11553
11554
11555
11556
11557
11558
11559
11560
11561
11562
11563
11564
11565
11566
11567
11568
11569
11570
11571
11572
11573
11574
11575
11576
11577
11578
11579
11580
11581
11582
11583
11584
11585
11586
11587
11588
11589
11590
11591
11592
11593
11594
11595
11596
11597
11598
11599
11600
11601
11602
11603
11604
11605
11606
11607
11608
11609
11610
11611
11612
11613
11614
11615
11616
11617
11618
11619
11620
11621
11622
11623
11624
11625
11626
11627
11628
11629
11630
11631
11632
11633
11634
11635
11636
11637
11638
11639
11640
11641
11642
11643
11644
11645
11646
11647
11648
11649
11650
11651
11652
11653
11654
11655
11656
11657
11658
11659
11660
11661
11662
11663
11664
11665
11666
11667
11668
11669
11670
11671
11672
11673
11674
11675
11676
11677
11678
11679
11680
11681
11682
11683
11684
11685
11686
11687
11688
11689
11690
11691
11692
11693
11694
11695
11696
11697
11698
11699
11700
11701
11702
11703
11704
11705
11706
11707
11708
11709
11710
11711
11712
11713
11714
11715
11716
11717
11718
11719
11720
11721
11722
11723
11724
11725
11726
11727
11728
11729
11730
11731
11732
11733
11734
11735
11736
11737
11738
11739
11740
11741
11742
11743
11744
11745
11746
11747
11748
11749
11750
11751
11752
11753
11754
11755
11756
11757
11758
11759
11760
11761
11762
11763
11764
11765
11766
11767
11768
11769
11770
11771
11772
11773
11774
11775
11776
11777
11778
11779
11780
11781
11782
11783
11784
11785
11786
11787
11788
11789
11790
11791
11792
11793
11794
11795
11796
11797
11798
11799
11800
11801
11802
11803
11804
11805
11806
11807
11808
11809
11810
11811
11812
11813
11814
11815
11816
11817
11818
11819
11820
11821
11822
11823
11824
11825
11826
11827
11828
11829
11830
11831
11832
11833
11834
11835
11836
11837
11838
11839
11840
11841
11842
11843
11844
11845
11846
11847
11848
11849
11850
11851
11852
11853
11854
11855
11856
11857
11858
11859
11860
11861
11862
11863
11864
11865
11866
11867
11868
11869
11870
11871
11872
11873
11874
11875
11876
11877
11878
11879
11880
11881
11882
11883
11884
11885
11886
11887
11888
11889
11890
11891
11892
11893
11894
11895
11896
11897
11898
11899
11900
11901
11902
11903
11904
11905
11906
11907
11908
11909
11910
11911
11912
11913
11914
11915
11916
11917
11918
11919
11920
11921
11922
11923
11924
11925
11926
11927
11928
11929
11930
11931
11932
11933
11934
11935
11936
11937
11938
11939
11940
11941
11942
11943
11944
11945
11946
11947
11948
11949
11950
11951
11952
11953
11954
11955
11956
11957
11958
11959
11960
11961
11962
11963
11964
11965
11966
11967
11968
11969
11970
11971
11972
11973
11974
11975
11976
11977
11978
11979
11980
11981
11982
11983
11984
11985
11986
11987
11988
11989
11990
11991
11992
11993
11994
11995
11996
11997
11998
11999
12000
12001
12002
12003
12004
12005
12006
12007
12008
12009
12010
12011
12012
12013
12014
12015
12016
12017
12018
12019
12020
12021
12022
12023
12024
12025
12026
12027
12028
12029
12030
12031
12032
12033
12034
12035
12036
12037
12038
12039
12040
12041
12042
12043
12044
12045
12046
12047
12048
12049
12050
12051
12052
12053
12054
12055
12056
12057
12058
12059
12060
12061
12062
12063
12064
12065
12066
12067
12068
12069
12070
12071
12072
12073
12074
12075
12076
12077
12078
12079
12080
12081
12082
12083
12084
12085
12086
12087
12088
12089
12090
12091
12092
12093
12094
12095
12096
12097
12098
12099
12100
12101
12102
12103
12104
12105
12106
12107
12108
12109
12110
12111
12112
12113
12114
12115
12116
12117
12118
12119
12120
12121
12122
12123
12124
12125
12126
12127
12128
12129
12130
12131
12132
12133
12134
12135
12136
12137
12138
12139
12140
12141
12142
12143
12144
12145
12146
12147
12148
12149
12150
12151
12152
12153
12154
12155
12156
12157
12158
12159
12160
12161
12162
12163
12164
12165
12166
12167
12168
12169
12170
12171
12172
12173
12174
12175
12176
12177
12178
12179
12180
12181
12182
12183
12184
12185
12186
12187
12188
12189
12190
12191
12192
12193
12194
12195
12196
12197
12198
12199
12200
12201
12202
12203
12204
12205
12206
12207
12208
12209
12210
12211
12212
12213
12214
12215
12216
12217
12218
12219
12220
12221
12222
12223
12224
12225
12226
12227
12228
12229
12230
12231
12232
12233
12234
12235
12236
12237
12238
12239
12240
12241
12242
12243
12244
12245
12246
12247
12248
12249
12250
12251
12252
12253
12254
12255
12256
12257
12258
12259
12260
12261
12262
12263
12264
12265
12266
12267
12268
12269
12270
12271
12272
12273
12274
12275
12276
12277
12278
12279
12280
12281
12282
12283
12284
12285
12286
12287
12288
12289
12290
12291
12292
12293
12294
12295
12296
12297
12298
12299
12300
12301
12302
12303
12304
12305
12306
12307
12308
12309
12310
12311
12312
12313
12314
12315
12316
12317
12318
12319
12320
12321
12322
12323
12324
12325
12326
12327
12328
12329
12330
12331
12332
12333
12334
12335
12336
12337
12338
12339
12340
12341
12342
12343
12344
12345
12346
12347
12348
12349
12350
12351
12352
12353
12354
12355
12356
12357
12358
12359
12360
12361
12362
12363
12364
12365
12366
12367
12368
12369
12370
12371
12372
12373
12374
12375
12376
12377
12378
12379
12380
12381
12382
12383
12384
12385
12386
12387
12388
12389
12390
12391
12392
12393
12394
12395
12396
12397
12398
12399
12400
12401
12402
12403
12404
12405
12406
12407
12408
12409
12410
12411
12412
12413
12414
12415
12416
12417
12418
12419
12420
12421
12422
12423
12424
12425
12426
12427
12428
12429
12430
12431
12432
12433
12434
12435
12436
12437
12438
12439
12440
12441
12442
12443
12444
12445
12446
12447
12448
12449
12450
12451
12452
12453
12454
12455
12456
12457
12458
12459
12460
12461
12462
12463
12464
12465
12466
12467
12468
12469
12470
12471
12472
12473
12474
12475
12476
12477
12478
12479
12480
12481
12482
12483
12484
12485
12486
12487
12488
12489
12490
12491
12492
12493
12494
12495
12496
12497
12498
12499
12500
12501
12502
12503
12504
12505
12506
12507
12508
12509
12510
12511
12512
12513
12514
12515
12516
12517
12518
12519
12520
12521
12522
12523
12524
12525
12526
12527
12528
12529
12530
12531
12532
12533
12534
12535
12536
12537
12538
12539
12540
12541
12542
12543
12544
12545
12546
12547
12548
12549
12550
12551
12552
12553
12554
12555
12556
12557
12558
12559
12560
12561
12562
12563
12564
12565
12566
12567
12568
12569
12570
12571
12572
12573
12574
12575
12576
12577
12578
12579
12580
12581
12582
12583
12584
12585
12586
12587
12588
12589
12590
12591
12592
12593
12594
12595
12596
12597
12598
12599
12600
12601
12602
12603
12604
12605
12606
12607
12608
12609
12610
12611
12612
12613
12614
12615
12616
12617
12618
12619
12620
12621
12622
12623
12624
12625
12626
12627
12628
12629
12630
12631
12632
12633
12634
12635
12636
12637
12638
12639
12640
12641
12642
12643
12644
12645
12646
12647
12648
12649
12650
12651
12652
12653
12654
12655
12656
12657
12658
12659
12660
12661
12662
12663
12664
12665
12666
12667
12668
12669
12670
12671
12672
12673
12674
12675
12676
12677
12678
12679
12680
12681
12682
12683
12684
12685
12686
12687
12688
12689
12690
12691
12692
12693
12694
12695
12696
12697
12698
12699
12700
12701
12702
12703
12704
12705
12706
12707
12708
12709
12710
12711
12712
12713
12714
12715
12716
12717
12718
12719
12720
12721
12722
12723
12724
12725
12726
12727
12728
12729
12730
12731
12732
12733
12734
12735
12736
12737
12738
12739
12740
12741
12742
12743
12744
12745
12746
12747
12748
12749
12750
12751
12752
12753
12754
12755
12756
12757
12758
12759
12760
12761
12762
12763
12764
12765
12766
12767
12768
12769
12770
12771
12772
12773
12774
12775
12776
12777
12778
12779
12780
12781
12782
12783
12784
12785
12786
12787
12788
12789
12790
12791
12792
12793
12794
12795
12796
12797
12798
12799
12800
12801
12802
12803
12804
12805
12806
12807
12808
12809
12810
12811
12812
12813
12814
12815
12816
12817
12818
12819
12820
12821
12822
12823
12824
12825
12826
12827
12828
12829
12830
12831
12832
12833
12834
12835
12836
12837
12838
12839
12840
12841
12842
12843
12844
12845
12846
12847
12848
12849
12850
12851
12852
12853
12854
12855
12856
12857
12858
12859
12860
12861
12862
12863
12864
12865
12866
12867
12868
12869
12870
12871
12872
12873
12874
12875
12876
12877
12878
12879
12880
12881
12882
12883
12884
12885
12886
12887
12888
12889
12890
12891
12892
12893
12894
12895
12896
12897
12898
12899
12900
12901
12902
12903
12904
12905
12906
12907
12908
12909
12910
12911
12912
12913
12914
12915
12916
12917
12918
12919
12920
12921
12922
12923
12924
12925
12926
12927
12928
12929
12930
12931
12932
12933
12934
12935
12936
12937
12938
12939
12940
12941
12942
12943
12944
12945
12946
12947
12948
12949
12950
12951
12952
12953
12954
12955
12956
12957
12958
12959
12960
12961
12962
12963
12964
12965
12966
12967
12968
12969
12970
12971
12972
12973
12974
12975
12976
12977
12978
12979
12980
12981
12982
12983
12984
12985
12986
12987
12988
12989
12990
12991
12992
12993
12994
12995
12996
12997
12998
12999
13000
13001
13002
13003
13004
13005
13006
13007
13008
13009
13010
13011
13012
13013
13014
13015
13016
13017
13018
13019
13020
13021
13022
13023
13024
13025
13026
13027
13028
13029
13030
13031
13032
13033
13034
13035
13036
13037
13038
13039
13040
13041
13042
13043
13044
13045
13046
13047
13048
13049
13050
13051
13052
13053
13054
13055
13056
13057
13058
13059
13060
13061
13062
13063
13064
13065
13066
13067
13068
13069
13070
13071
13072
13073
13074
13075
13076
13077
13078
13079
13080
13081
13082
13083
13084
13085
13086
13087
13088
13089
13090
13091
13092
13093
13094
13095
13096
13097
13098
13099
13100
13101
13102
13103
13104
13105
13106
13107
13108
13109
13110
13111
13112
13113
13114
13115
13116
13117
13118
13119
13120
13121
13122
13123
13124
13125
13126
13127
13128
13129
13130
13131
13132
13133
13134
13135
13136
13137
13138
13139
13140
13141
13142
13143
13144
13145
13146
13147
13148
13149
13150
13151
13152
13153
13154
13155
13156
13157
13158
13159
13160
13161
13162
13163
13164
13165
13166
13167
13168
13169
13170
13171
13172
13173
13174
13175
13176
13177
13178
13179
13180
13181
13182
13183
13184
13185
13186
13187
13188
13189
13190
13191
13192
13193
13194
13195
13196
13197
13198
13199
13200
13201
13202
13203
13204
13205
13206
13207
13208
13209
13210
13211
13212
13213
13214
13215
13216
13217
13218
13219
13220
13221
13222
13223
13224
13225
13226
13227
13228
13229
13230
13231
13232
13233
13234
13235
13236
13237
13238
13239
13240
13241
13242
13243
13244
13245
13246
13247
13248
13249
13250
13251
13252
13253
13254
13255
13256
13257
13258
13259
13260
13261
13262
13263
13264
13265
13266
13267
13268
13269
13270
13271
13272
13273
13274
13275
13276
13277
13278
13279
13280
13281
13282
13283
13284
13285
13286
13287
13288
13289
13290
13291
13292
13293
13294
13295
13296
13297
13298
13299
13300
13301
13302
13303
13304
13305
13306
13307
13308
13309
13310
13311
13312
13313
13314
13315
13316
13317
13318
13319
13320
13321
13322
13323
13324
13325
13326
13327
13328
13329
13330
13331
13332
13333
13334
13335
13336
13337
13338
13339
13340
13341
13342
13343
13344
13345
13346
13347
13348
13349
13350
13351
13352
13353
13354
13355
13356
13357
13358
13359
13360
13361
13362
13363
13364
13365
13366
13367
13368
13369
13370
13371
13372
13373
13374
13375
13376
13377
13378
13379
13380
13381
13382
13383
13384
13385
13386
13387
13388
13389
13390
13391
13392
13393
13394
13395
13396
13397
13398
13399
13400
13401
13402
13403
13404
13405
13406
13407
13408
13409
13410
13411
13412
13413
13414
13415
13416
13417
13418
13419
13420
13421
13422
13423
13424
13425
13426
13427
13428
13429
13430
13431
13432
13433
13434
13435
13436
13437
13438
13439
13440
13441
13442
13443
13444
13445
13446
13447
13448
13449
13450
13451
13452
13453
13454
13455
13456
13457
13458
13459
13460
13461
13462
13463
13464
13465
13466
13467
13468
13469
13470
13471
13472
13473
13474
13475
13476
13477
13478
13479
13480
13481
13482
13483
13484
13485
13486
13487
13488
13489
13490
13491
13492
13493
13494
13495
13496
13497
13498
13499
13500
13501
13502
13503
13504
13505
13506
13507
13508
13509
13510
13511
13512
13513
13514
13515
13516
13517
13518
13519
13520
13521
13522
13523
13524
13525
13526
13527
13528
13529
13530
13531
13532
13533
13534
13535
13536
13537
13538
13539
13540
13541
13542
13543
13544
13545
13546
13547
13548
13549
13550
13551
13552
13553
13554
13555
13556
13557
13558
13559
13560
13561
13562
13563
13564
13565
13566
13567
13568
13569
13570
13571
13572
13573
13574
13575
13576
13577
13578
13579
13580
13581
13582
13583
13584
13585
13586
13587
13588
13589
13590
13591
13592
13593
13594
13595
13596
13597
13598
13599
13600
13601
13602
13603
13604
13605
13606
13607
13608
13609
13610
13611
13612
13613
13614
13615
13616
13617
13618
13619
13620
13621
13622
13623
13624
13625
13626
13627
13628
13629
13630
13631
13632
13633
13634
13635
13636
13637
13638
13639
13640
13641
13642
13643
13644
13645
13646
13647
13648
13649
13650
13651
13652
13653
13654
13655
13656
13657
13658
13659
13660
13661
13662
13663
13664
13665
13666
13667
13668
13669
13670
13671
13672
13673
13674
13675
13676
13677
13678
13679
13680
13681
13682
13683
13684
13685
13686
13687
13688
13689
13690
13691
13692
13693
13694
13695
13696
13697
13698
13699
13700
13701
13702
13703
13704
13705
13706
13707
13708
13709
13710
13711
13712
13713
13714
13715
13716
13717
13718
13719
13720
13721
13722
13723
13724
13725
13726
13727
13728
13729
13730
13731
13732
13733
13734
13735
13736
13737
13738
13739
13740
13741
13742
13743
13744
13745
13746
13747
13748
13749
13750
13751
13752
13753
13754
13755
13756
13757
13758
13759
13760
13761
13762
13763
13764
13765
13766
13767
13768
13769
13770
13771
13772
13773
13774
13775
13776
13777
13778
13779
13780
13781
13782
13783
13784
13785
13786
13787
13788
13789
13790
13791
13792
13793
13794
13795
13796
13797
13798
13799
13800
13801
13802
13803
13804
13805
13806
13807
13808
13809
13810
13811
13812
13813
13814
13815
13816
13817
13818
13819
13820
13821
13822
13823
13824
13825
13826
13827
13828
13829
13830
13831
13832
13833
13834
13835
13836
13837
13838
13839
13840
13841
13842
13843
13844
13845
13846
13847
13848
13849
13850
13851
13852
13853
13854
13855
13856
13857
13858
13859
13860
13861
13862
13863
13864
13865
13866
13867
13868
13869
13870
13871
13872
13873
13874
13875
13876
13877
13878
13879
13880
13881
13882
13883
13884
13885
13886
13887
13888
13889
13890
13891
13892
13893
13894
13895
13896
13897
13898
13899
13900
13901
13902
13903
13904
13905
13906
13907
13908
13909
13910
13911
13912
13913
13914
13915
13916
13917
13918
13919
13920
13921
13922
13923
13924
13925
13926
13927
13928
13929
13930
13931
13932
13933
13934
13935
13936
13937
13938
13939
13940
13941
13942
13943
13944
13945
13946
13947
13948
13949
13950
13951
13952
13953
13954
13955
13956
13957
13958
13959
13960
13961
13962
13963
13964
13965
13966
13967
13968
13969
13970
13971
13972
13973
13974
13975
13976
13977
13978
13979
13980
13981
13982
13983
13984
13985
13986
13987
13988
13989
13990
13991
13992
13993
13994
13995
13996
13997
13998
13999
14000
14001
14002
14003
14004
14005
14006
14007
14008
14009
14010
14011
14012
14013
14014
14015
14016
14017
14018
14019
14020
14021
14022
14023
14024
14025
14026
14027
14028
14029
14030
14031
14032
14033
14034
14035
14036
14037
14038
14039
14040
14041
14042
14043
14044
14045
14046
14047
14048
14049
14050
14051
14052
14053
14054
14055
14056
14057
14058
14059
14060
14061
14062
14063
14064
14065
14066
14067
14068
14069
14070
14071
14072
14073
14074
14075
14076
14077
14078
14079
14080
14081
14082
14083
14084
14085
14086
14087
14088
14089
14090
14091
14092
14093
14094
14095
14096
14097
14098
14099
14100
14101
14102
14103
14104
14105
14106
14107
14108
14109
14110
14111
14112
14113
14114
14115
14116
14117
14118
14119
14120
14121
14122
14123
14124
14125
14126
14127
14128
14129
14130
14131
14132
14133
14134
14135
14136
14137
14138
14139
14140
14141
14142
14143
14144
14145
14146
14147
14148
14149
14150
14151
14152
14153
14154
14155
14156
14157
14158
14159
14160
14161
14162
14163
14164
14165
14166
14167
14168
14169
14170
14171
14172
14173
14174
14175
14176
14177
14178
14179
14180
14181
14182
14183
14184
14185
14186
14187
14188
14189
14190
14191
14192
14193
14194
14195
14196
14197
14198
14199
14200
14201
14202
14203
14204
14205
14206
14207
14208
14209
14210
14211
14212
14213
14214
14215
14216
14217
14218
14219
14220
14221
14222
14223
14224
14225
14226
14227
14228
14229
14230
14231
14232
14233
14234
14235
14236
14237
14238
14239
14240
14241
14242
14243
14244
14245
14246
14247
14248
14249
14250
14251
14252
14253
14254
14255
14256
14257
14258
14259
14260
14261
14262
14263
14264
14265
14266
14267
14268
14269
14270
14271
14272
14273
14274
14275
14276
14277
14278
14279
14280
14281
14282
14283
14284
14285
14286
14287
14288
14289
14290
14291
14292
14293
14294
14295
14296
14297
14298
14299
14300
14301
14302
14303
14304
14305
14306
14307
14308
14309
14310
14311
14312
14313
14314
14315
14316
14317
14318
14319
14320
14321
14322
14323
14324
14325
14326
14327
14328
14329
14330
14331
14332
14333
14334
14335
14336
14337
14338
14339
14340
14341
14342
14343
14344
14345
14346
14347
14348
14349
14350
14351
14352
14353
14354
14355
14356
14357
14358
14359
14360
14361
14362
14363
14364
14365
14366
14367
14368
14369
14370
14371
14372
14373
14374
14375
14376
14377
14378
14379
14380
14381
14382
14383
14384
14385
14386
14387
14388
14389
14390
14391
14392
14393
14394
14395
14396
14397
14398
14399
14400
14401
14402
14403
14404
14405
14406
14407
14408
14409
14410
14411
14412
14413
14414
14415
14416
14417
14418
14419
14420
14421
14422
14423
14424
14425
14426
14427
14428
14429
14430
14431
14432
14433
14434
14435
14436
14437
14438
14439
14440
14441
14442
14443
14444
14445
14446
14447
14448
14449
14450
14451
14452
14453
14454
14455
14456
14457
14458
14459
14460
14461
14462
14463
14464
14465
14466
14467
14468
14469
14470
14471
14472
14473
14474
14475
14476
14477
14478
14479
14480
14481
14482
14483
14484
14485
14486
14487
14488
14489
14490
14491
14492
14493
14494
14495
14496
14497
14498
14499
14500
14501
14502
14503
14504
14505
14506
14507
14508
14509
14510
14511
14512
14513
14514
14515
14516
14517
14518
14519
14520
14521
14522
14523
14524
14525
14526
14527
14528
14529
14530
14531
14532
14533
14534
14535
14536
14537
14538
14539
14540
14541
14542
14543
14544
14545
14546
14547
14548
14549
14550
14551
14552
14553
14554
14555
14556
14557
14558
14559
14560
14561
14562
14563
14564
14565
14566
14567
14568
14569
14570
14571
14572
14573
14574
14575
14576
14577
14578
14579
14580
14581
14582
14583
14584
14585
14586
14587
14588
14589
14590
14591
14592
14593
14594
14595
14596
14597
14598
14599
14600
14601
14602
14603
14604
14605
14606
14607
14608
14609
14610
14611
14612
14613
14614
14615
14616
14617
14618
14619
14620
14621
14622
14623
14624
14625
14626
14627
14628
14629
14630
14631
14632
14633
14634
14635
14636
14637
14638
14639
14640
14641
14642
14643
14644
14645
14646
14647
14648
14649
14650
14651
14652
14653
14654
14655
14656
14657
14658
14659
14660
14661
14662
14663
14664
14665
14666
14667
14668
14669
14670
14671
14672
14673
14674
14675
14676
14677
14678
14679
14680
14681
14682
14683
14684
14685
14686
14687
14688
14689
14690
14691
14692
14693
14694
14695
14696
14697
14698
14699
14700
14701
14702
14703
14704
14705
14706
14707
14708
14709
14710
14711
14712
14713
14714
14715
14716
14717
14718
14719
14720
14721
14722
14723
14724
14725
14726
14727
14728
14729
14730
14731
14732
14733
14734
14735
14736
14737
14738
14739
14740
14741
14742
14743
14744
14745
14746
14747
14748
14749
14750
14751
14752
14753
14754
14755
14756
14757
14758
14759
14760
14761
14762
14763
14764
14765
14766
14767
14768
14769
14770
14771
14772
14773
14774
14775
14776
14777
14778
14779
14780
14781
14782
14783
14784
14785
14786
14787
14788
14789
14790
14791
14792
14793
14794
14795
14796
14797
14798
14799
14800
14801
14802
14803
14804
14805
14806
14807
14808
14809
14810
14811
14812
14813
14814
14815
14816
14817
14818
14819
14820
14821
14822
14823
14824
14825
14826
14827
14828
14829
14830
14831
14832
14833
14834
14835
14836
14837
14838
14839
14840
14841
14842
14843
14844
14845
14846
14847
14848
14849
14850
14851
14852
14853
14854
14855
14856
14857
14858
14859
14860
14861
14862
14863
14864
14865
14866
14867
14868
14869
14870
14871
14872
14873
14874
14875
14876
14877
14878
14879
14880
14881
14882
14883
14884
14885
14886
14887
14888
14889
14890
14891
14892
14893
14894
14895
14896
14897
14898
14899
14900
14901
14902
14903
14904
14905
14906
14907
14908
14909
14910
14911
14912
14913
14914
14915
14916
14917
14918
14919
14920
14921
14922
14923
14924
14925
14926
14927
14928
14929
14930
14931
14932
14933
14934
14935
14936
14937
14938
14939
14940
14941
14942
14943
14944
14945
14946
14947
14948
14949
14950
14951
14952
14953
14954
14955
14956
14957
14958
14959
14960
14961
14962
14963
14964
14965
14966
14967
14968
14969
14970
14971
14972
14973
14974
14975
14976
14977
14978
14979
14980
14981
14982
14983
14984
14985
14986
14987
14988
14989
14990
14991
14992
14993
14994
14995
14996
14997
14998
14999
15000
15001
15002
15003
15004
15005
15006
15007
15008
15009
15010
15011
15012
15013
15014
15015
15016
15017
15018
15019
15020
15021
15022
15023
15024
15025
15026
15027
15028
15029
15030
15031
15032
15033
15034
15035
15036
15037
15038
15039
15040
15041
15042
15043
15044
15045
15046
15047
15048
15049
15050
15051
15052
15053
15054
15055
15056
15057
15058
15059
15060
15061
15062
15063
15064
15065
15066
15067
15068
15069
15070
15071
15072
15073
15074
15075
15076
15077
15078
15079
15080
15081
15082
15083
15084
15085
15086
15087
15088
15089
15090
15091
15092
15093
15094
15095
15096
15097
15098
15099
15100
15101
15102
15103
15104
15105
15106
15107
15108
15109
15110
15111
15112
15113
15114
15115
15116
15117
15118
15119
15120
15121
15122
15123
15124
15125
15126
15127
15128
15129
15130
15131
15132
15133
15134
15135
15136
15137
15138
15139
15140
15141
15142
15143
15144
15145
15146
15147
15148
15149
15150
15151
15152
15153
15154
15155
15156
15157
15158
15159
15160
15161
15162
15163
15164
15165
15166
15167
15168
15169
15170
15171
15172
15173
15174
15175
15176
15177
15178
15179
15180
15181
15182
15183
15184
15185
15186
15187
15188
15189
15190
15191
15192
15193
15194
15195
15196
15197
15198
15199
15200
15201
15202
15203
15204
15205
15206
15207
15208
15209
15210
15211
15212
15213
15214
15215
15216
15217
15218
15219
15220
15221
15222
15223
15224
15225
15226
15227
15228
15229
15230
15231
15232
15233
15234
15235
15236
15237
15238
15239
15240
15241
15242
15243
15244
15245
15246
15247
15248
15249
15250
15251
15252
15253
15254
15255
15256
15257
15258
15259
15260
15261
15262
15263
15264
15265
15266
15267
15268
15269
15270
15271
15272
15273
15274
15275
15276
15277
15278
15279
15280
15281
15282
15283
15284
15285
15286
15287
15288
15289
15290
15291
15292
15293
15294
15295
15296
15297
15298
15299
15300
15301
15302
15303
15304
15305
15306
15307
15308
15309
15310
15311
15312
15313
15314
15315
15316
15317
15318
15319
15320
15321
15322
15323
15324
15325
15326
15327
15328
15329
15330
15331
15332
15333
15334
15335
15336
15337
15338
15339
15340
15341
15342
15343
15344
15345
15346
15347
15348
15349
15350
15351
15352
15353
15354
15355
15356
15357
15358
15359
15360
15361
15362
15363
15364
15365
15366
15367
15368
15369
15370
15371
15372
15373
15374
15375
15376
15377
15378
15379
15380
15381
15382
15383
15384
15385
15386
15387
15388
15389
15390
15391
15392
15393
15394
15395
15396
15397
15398
15399
15400
15401
15402
15403
15404
15405
15406
15407
15408
15409
15410
15411
15412
15413
15414
15415
15416
15417
15418
15419
15420
15421
15422
15423
15424
15425
15426
15427
15428
15429
15430
15431
15432
15433
15434
15435
15436
15437
15438
15439
15440
15441
15442
15443
15444
15445
15446
15447
15448
15449
15450
15451
15452
15453
15454
15455
15456
15457
15458
15459
15460
15461
15462
15463
15464
15465
15466
15467
15468
15469
15470
15471
15472
15473
15474
15475
15476
15477
15478
15479
15480
15481
15482
15483
15484
15485
15486
15487
15488
15489
15490
15491
15492
15493
15494
15495
15496
15497
15498
15499
15500
15501
15502
15503
15504
15505
15506
15507
15508
15509
15510
15511
15512
15513
15514
15515
15516
15517
15518
15519
15520
15521
15522
15523
15524
15525
15526
15527
15528
15529
15530
15531
15532
15533
15534
15535
15536
15537
15538
15539
15540
15541
15542
15543
15544
15545
15546
15547
15548
15549
15550
15551
15552
15553
15554
15555
15556
15557
15558
15559
15560
15561
15562
15563
15564
15565
15566
15567
15568
15569
15570
15571
15572
15573
15574
15575
15576
15577
15578
15579
15580
15581
15582
15583
15584
15585
15586
15587
15588
15589
15590
15591
15592
15593
15594
15595
15596
15597
15598
15599
15600
15601
15602
15603
15604
15605
15606
15607
15608
15609
15610
15611
15612
15613
15614
15615
15616
15617
15618
15619
15620
15621
15622
15623
15624
15625
15626
15627
15628
15629
15630
15631
15632
15633
15634
15635
15636
15637
15638
15639
15640
15641
15642
15643
15644
15645
15646
15647
15648
15649
15650
15651
15652
15653
15654
15655
15656
15657
15658
15659
15660
15661
15662
15663
15664
15665
15666
15667
15668
15669
15670
15671
15672
15673
15674
15675
15676
15677
15678
15679
15680
15681
15682
15683
15684
15685
15686
15687
15688
15689
15690
15691
15692
15693
15694
15695
15696
15697
15698
15699
15700
15701
15702
15703
15704
15705
15706
15707
15708
15709
15710
15711
15712
15713
15714
15715
15716
15717
15718
15719
15720
15721
15722
15723
15724
15725
15726
15727
15728
15729
15730
15731
15732
15733
15734
15735
15736
15737
15738
15739
15740
15741
15742
15743
15744
15745
15746
15747
15748
15749
15750
15751
15752
15753
15754
15755
15756
15757
15758
15759
15760
15761
15762
15763
15764
15765
15766
15767
15768
15769
15770
15771
15772
15773
15774
15775
15776
15777
15778
15779
15780
15781
15782
15783
15784
15785
15786
15787
15788
15789
15790
15791
15792
15793
15794
15795
15796
15797
15798
15799
15800
15801
15802
15803
15804
15805
15806
15807
15808
15809
15810
15811
15812
15813
15814
15815
15816
15817
15818
15819
15820
15821
15822
15823
15824
15825
15826
15827
15828
15829
15830
15831
15832
15833
15834
15835
15836
15837
15838
15839
15840
15841
15842
15843
15844
15845
15846
15847
15848
15849
15850
15851
15852
15853
15854
15855
15856
15857
15858
15859
15860
15861
15862
15863
15864
15865
15866
15867
15868
15869
15870
15871
15872
15873
15874
15875
15876
15877
15878
15879
15880
15881
15882
15883
15884
15885
15886
15887
15888
15889
15890
15891
15892
15893
15894
15895
15896
15897
15898
15899
15900
15901
15902
15903
15904
15905
15906
15907
15908
15909
15910
15911
15912
15913
15914
15915
15916
15917
15918
15919
15920
15921
15922
15923
15924
15925
15926
15927
15928
15929
15930
15931
15932
15933
15934
15935
15936
15937
15938
15939
15940
15941
15942
15943
15944
15945
15946
15947
15948
15949
15950
15951
15952
15953
15954
15955
15956
15957
15958
15959
15960
15961
15962
15963
15964
15965
15966
15967
15968
15969
15970
15971
15972
15973
15974
15975
15976
15977
15978
15979
15980
15981
15982
15983
15984
15985
15986
15987
15988
15989
15990
15991
15992
15993
15994
15995
15996
15997
15998
15999
16000
16001
16002
16003
16004
16005
16006
16007
16008
16009
16010
16011
16012
16013
16014
16015
16016
16017
16018
16019
16020
16021
16022
16023
16024
16025
16026
16027
16028
16029
16030
16031
16032
16033
16034
16035
16036
16037
16038
16039
16040
16041
16042
16043
16044
16045
16046
16047
16048
16049
16050
16051
16052
16053
16054
16055
16056
16057
16058
16059
16060
16061
16062
16063
16064
16065
16066
16067
16068
16069
16070
16071
16072
16073
16074
16075
16076
16077
16078
16079
16080
16081
16082
16083
16084
16085
16086
16087
16088
16089
16090
16091
16092
16093
16094
16095
16096
16097
16098
16099
16100
16101
16102
16103
16104
16105
16106
16107
16108
16109
16110
16111
16112
16113
16114
16115
16116
16117
16118
16119
16120
16121
16122
16123
16124
16125
16126
16127
16128
16129
16130
16131
16132
16133
16134
16135
16136
16137
16138
16139
16140
16141
16142
16143
16144
16145
16146
16147
16148
16149
16150
16151
16152
16153
16154
16155
16156
16157
16158
16159
16160
16161
16162
16163
16164
16165
16166
16167
16168
16169
16170
16171
16172
16173
16174
16175
16176
16177
16178
16179
16180
16181
16182
16183
16184
16185
16186
16187
16188
16189
16190
16191
16192
16193
16194
16195
16196
16197
16198
16199
16200
16201
16202
16203
16204
16205
16206
16207
16208
16209
16210
16211
16212
16213
16214
16215
16216
16217
16218
16219
16220
16221
16222
16223
16224
16225
16226
16227
16228
16229
16230
16231
16232
16233
16234
16235
16236
16237
16238
16239
16240
16241
16242
16243
16244
16245
16246
16247
16248
16249
16250
16251
16252
16253
16254
16255
16256
16257
16258
16259
16260
16261
16262
16263
16264
16265
16266
16267
16268
16269
16270
16271
16272
16273
16274
16275
16276
16277
16278
16279
16280
16281
16282
16283
16284
16285
16286
16287
16288
16289
16290
16291
16292
16293
16294
16295
16296
16297
16298
16299
16300
16301
16302
16303
16304
16305
16306
16307
16308
16309
16310
16311
16312
16313
16314
16315
16316
16317
16318
16319
16320
16321
16322
16323
16324
16325
16326
16327
16328
16329
16330
16331
16332
16333
16334
16335
16336
16337
16338
16339
16340
16341
16342
16343
16344
16345
16346
16347
16348
16349
16350
16351
16352
16353
16354
16355
16356
16357
16358
16359
16360
16361
16362
16363
16364
16365
16366
16367
16368
16369
16370
16371
16372
16373
16374
16375
16376
16377
16378
16379
16380
16381
16382
16383
16384
16385
16386
16387
16388
16389
16390
16391
16392
16393
16394
16395
16396
16397
16398
16399
16400
16401
16402
16403
16404
16405
16406
16407
16408
16409
16410
16411
16412
16413
16414
16415
16416
16417
16418
16419
16420
16421
16422
16423
16424
16425
16426
16427
16428
16429
16430
16431
16432
16433
16434
16435
16436
16437
16438
16439
16440
16441
16442
16443
16444
16445
16446
16447
16448
16449
16450
16451
16452
16453
16454
16455
16456
16457
16458
16459
16460
16461
16462
16463
16464
16465
16466
16467
16468
16469
16470
16471
16472
16473
16474
16475
16476
16477
16478
16479
16480
16481
16482
16483
16484
16485
16486
16487
16488
16489
16490
16491
16492
16493
16494
16495
16496
16497
16498
16499
16500
16501
16502
16503
16504
16505
16506
16507
16508
16509
16510
16511
16512
16513
16514
16515
16516
16517
16518
16519
16520
16521
16522
16523
16524
16525
16526
16527
16528
16529
16530
16531
16532
16533
16534
16535
16536
16537
16538
16539
16540
16541
16542
16543
16544
16545
16546
16547
16548
16549
16550
16551
16552
16553
16554
16555
16556
16557
16558
16559
16560
16561
16562
16563
16564
16565
16566
16567
16568
16569
16570
16571
16572
16573
16574
16575
16576
16577
16578
16579
16580
16581
16582
16583
16584
16585
16586
16587
16588
16589
16590
16591
16592
16593
16594
16595
16596
16597
16598
16599
16600
16601
16602
16603
16604
16605
16606
16607
16608
16609
16610
16611
16612
16613
16614
16615
16616
16617
16618
16619
16620
16621
16622
16623
16624
16625
16626
16627
16628
16629
16630
16631
16632
16633
16634
16635
16636
16637
16638
16639
16640
16641
16642
16643
16644
16645
16646
16647
16648
16649
16650
16651
16652
16653
16654
16655
16656
16657
16658
16659
16660
16661
16662
16663
16664
16665
16666
16667
16668
16669
16670
16671
16672
16673
16674
16675
16676
16677
16678
16679
16680
16681
16682
16683
16684
16685
16686
16687
16688
16689
16690
16691
16692
16693
16694
16695
16696
16697
16698
16699
16700
16701
16702
16703
16704
16705
16706
16707
16708
16709
16710
16711
16712
16713
16714
16715
16716
16717
16718
16719
16720
16721
16722
16723
16724
16725
16726
16727
16728
16729
16730
16731
16732
16733
16734
16735
16736
16737
16738
16739
16740
16741
16742
16743
16744
16745
16746
16747
16748
16749
16750
16751
16752
16753
16754
16755
16756
16757
16758
16759
16760
16761
16762
16763
16764
16765
16766
16767
16768
16769
16770
16771
16772
16773
16774
16775
16776
16777
16778
16779
16780
16781
16782
16783
16784
16785
16786
16787
16788
16789
16790
16791
16792
16793
16794
16795
16796
16797
16798
16799
16800
16801
16802
16803
16804
16805
16806
16807
16808
16809
16810
16811
16812
16813
16814
16815
16816
16817
16818
16819
16820
16821
16822
16823
16824
16825
16826
16827
16828
16829
16830
16831
16832
16833
16834
16835
16836
16837
16838
16839
16840
16841
16842
16843
16844
16845
16846
16847
16848
16849
16850
16851
16852
16853
16854
16855
16856
16857
16858
16859
16860
16861
16862
16863
16864
16865
16866
16867
16868
16869
16870
16871
16872
16873
16874
16875
16876
16877
16878
16879
16880
16881
16882
16883
16884
16885
16886
16887
16888
16889
16890
16891
16892
16893
16894
16895
16896
16897
16898
16899
16900
16901
16902
16903
16904
16905
16906
16907
16908
16909
16910
16911
16912
16913
16914
16915
16916
16917
16918
16919
16920
16921
16922
16923
16924
16925
16926
16927
16928
16929
16930
16931
16932
16933
16934
16935
16936
16937
16938
16939
16940
16941
16942
16943
16944
16945
16946
16947
16948
16949
16950
16951
16952
16953
16954
16955
16956
16957
16958
16959
16960
16961
16962
16963
16964
16965
16966
16967
16968
16969
16970
16971
16972
16973
16974
16975
16976
16977
16978
16979
16980
16981
16982
16983
16984
16985
16986
16987
16988
16989
16990
16991
16992
16993
16994
16995
16996
16997
16998
16999
17000
17001
17002
17003
17004
17005
17006
17007
17008
17009
17010
17011
17012
17013
17014
17015
17016
17017
17018
17019
17020
17021
17022
17023
17024
17025
17026
17027
17028
17029
17030
17031
17032
17033
17034
17035
17036
17037
17038
17039
17040
17041
17042
17043
17044
17045
17046
17047
17048
17049
17050
17051
17052
17053
17054
17055
17056
17057
17058
17059
17060
17061
17062
17063
17064
17065
17066
17067
17068
17069
17070
17071
17072
17073
17074
17075
17076
17077
17078
17079
17080
17081
17082
17083
17084
17085
17086
17087
17088
17089
17090
17091
17092
17093
17094
17095
17096
17097
17098
17099
17100
17101
17102
17103
17104
17105
17106
17107
17108
17109
17110
17111
17112
17113
17114
17115
17116
17117
17118
17119
17120
17121
17122
17123
17124
17125
17126
17127
17128
17129
17130
17131
17132
17133
17134
17135
17136
17137
17138
17139
17140
17141
17142
17143
17144
17145
17146
17147
17148
17149
17150
17151
17152
17153
17154
17155
17156
17157
17158
17159
17160
17161
17162
17163
17164
17165
17166
17167
17168
17169
17170
17171
17172
17173
17174
17175
17176
17177
17178
17179
17180
17181
17182
17183
17184
17185
17186
17187
17188
17189
17190
17191
17192
17193
17194
17195
17196
17197
17198
17199
17200
17201
17202
17203
17204
17205
17206
17207
17208
17209
17210
17211
17212
17213
17214
17215
17216
17217
17218
17219
17220
17221
17222
17223
17224
17225
17226
17227
17228
17229
17230
17231
17232
17233
17234
17235
17236
17237
17238
17239
17240
17241
17242
17243
17244
17245
17246
17247
17248
17249
17250
17251
17252
17253
17254
17255
17256
17257
17258
17259
17260
17261
17262
17263
17264
17265
17266
17267
17268
17269
17270
17271
17272
17273
17274
17275
17276
17277
17278
17279
17280
17281
17282
17283
17284
17285
17286
17287
17288
17289
17290
17291
17292
17293
17294
17295
17296
17297
17298
17299
17300
17301
17302
17303
17304
17305
17306
17307
17308
17309
17310
17311
17312
17313
17314
17315
17316
17317
17318
17319
17320
17321
17322
17323
17324
17325
17326
17327
17328
17329
17330
17331
17332
17333
17334
17335
17336
17337
17338
17339
17340
17341
17342
17343
17344
17345
17346
17347
17348
17349
17350
17351
17352
17353
17354
17355
17356
17357
17358
17359
17360
17361
17362
17363
17364
17365
17366
17367
17368
17369
17370
17371
17372
17373
17374
17375
17376
17377
17378
17379
17380
17381
17382
17383
17384
17385
17386
17387
17388
17389
17390
17391
17392
17393
17394
17395
17396
17397
17398
17399
17400
17401
17402
17403
17404
17405
17406
17407
17408
17409
17410
17411
17412
17413
17414
17415
17416
17417
17418
17419
17420
17421
17422
17423
17424
17425
17426
17427
17428
17429
17430
17431
17432
17433
17434
17435
17436
17437
17438
17439
17440
17441
17442
17443
17444
17445
17446
17447
17448
17449
17450
17451
17452
17453
17454
17455
17456
17457
17458
17459
17460
17461
17462
17463
17464
17465
17466
17467
17468
17469
17470
17471
17472
17473
17474
17475
17476
17477
17478
17479
17480
17481
17482
17483
17484
17485
17486
17487
17488
17489
17490
17491
17492
17493
17494
17495
17496
17497
17498
17499
17500
17501
17502
17503
17504
17505
17506
17507
17508
17509
17510
17511
17512
17513
17514
17515
17516
17517
17518
17519
17520
17521
17522
17523
17524
17525
17526
17527
17528
17529
17530
17531
17532
17533
17534
17535
17536
17537
17538
17539
17540
17541
17542
17543
17544
17545
17546
17547
17548
17549
17550
17551
17552
17553
17554
17555
17556
17557
17558
17559
17560
17561
17562
17563
17564
17565
17566
17567
17568
17569
17570
17571
17572
17573
17574
17575
17576
17577
17578
17579
17580
17581
17582
17583
17584
17585
17586
17587
17588
17589
17590
17591
17592
17593
17594
17595
17596
17597
17598
17599
17600
17601
17602
17603
17604
17605
17606
17607
17608
17609
17610
17611
17612
17613
17614
17615
17616
17617
17618
17619
17620
17621
17622
17623
17624
17625
17626
17627
17628
17629
17630
17631
17632
17633
17634
17635
17636
17637
17638
17639
17640
17641
17642
17643
17644
17645
17646
17647
17648
17649
17650
17651
17652
17653
17654
17655
17656
17657
17658
17659
17660
17661
17662
17663
17664
17665
17666
17667
17668
17669
17670
17671
17672
17673
17674
17675
17676
17677
17678
17679
17680
17681
17682
17683
17684
17685
17686
17687
17688
17689
17690
17691
17692
17693
17694
17695
17696
17697
17698
17699
17700
17701
17702
17703
17704
17705
17706
17707
17708
17709
17710
17711
17712
17713
17714
17715
17716
17717
17718
17719
17720
17721
17722
17723
17724
17725
17726
17727
17728
17729
17730
17731
17732
17733
17734
17735
17736
17737
17738
17739
17740
17741
17742
17743
17744
17745
17746
17747
17748
17749
17750
17751
17752
17753
17754
17755
17756
17757
17758
17759
17760
17761
17762
17763
17764
17765
17766
17767
17768
17769
17770
17771
17772
17773
17774
17775
17776
17777
17778
17779
17780
17781
17782
17783
17784
17785
17786
17787
17788
17789
17790
17791
17792
17793
17794
17795
17796
17797
17798
17799
17800
17801
17802
17803
17804
17805
17806
17807
17808
17809
17810
17811
17812
17813
17814
17815
17816
17817
17818
17819
17820
17821
17822
17823
17824
17825
17826
17827
17828
17829
17830
17831
17832
17833
17834
17835
17836
17837
17838
17839
17840
17841
17842
17843
17844
17845
17846
17847
17848
17849
17850
17851
17852
17853
17854
17855
17856
17857
17858
17859
17860
17861
17862
17863
17864
17865
17866
17867
17868
17869
17870
17871
17872
17873
17874
17875
17876
17877
17878
17879
17880
17881
17882
17883
17884
17885
17886
17887
17888
17889
17890
17891
17892
17893
17894
17895
17896
17897
17898
17899
17900
17901
17902
17903
17904
17905
17906
17907
17908
17909
17910
17911
17912
17913
17914
17915
17916
17917
17918
17919
17920
17921
17922
17923
17924
17925
17926
17927
17928
17929
17930
17931
17932
17933
17934
17935
17936
17937
17938
17939
17940
17941
17942
17943
17944
17945
17946
17947
17948
17949
17950
17951
17952
17953
17954
17955
17956
17957
17958
17959
17960
17961
17962
17963
17964
17965
17966
17967
17968
17969
17970
17971
17972
17973
17974
17975
17976
17977
17978
17979
17980
17981
17982
17983
17984
17985
17986
17987
17988
17989
17990
17991
17992
17993
17994
17995
17996
17997
17998
17999
18000
18001
18002
18003
18004
18005
18006
18007
18008
18009
18010
18011
18012
18013
18014
18015
18016
18017
18018
18019
18020
18021
18022
18023
18024
18025
18026
18027
18028
18029
18030
18031
18032
18033
18034
18035
18036
18037
18038
18039
18040
18041
18042
18043
18044
18045
18046
18047
18048
18049
18050
18051
18052
18053
18054
18055
18056
18057
18058
18059
18060
18061
18062
18063
18064
18065
18066
18067
18068
18069
18070
18071
18072
18073
18074
18075
18076
18077
18078
18079
18080
18081
18082
18083
18084
18085
18086
18087
18088
18089
18090
18091
18092
18093
18094
18095
18096
18097
18098
18099
18100
18101
18102
18103
18104
18105
18106
18107
18108
18109
18110
18111
18112
18113
18114
18115
18116
18117
18118
18119
18120
18121
18122
18123
18124
18125
18126
18127
18128
18129
18130
18131
18132
18133
18134
18135
18136
18137
18138
18139
18140
18141
18142
18143
18144
18145
18146
18147
18148
18149
18150
18151
18152
18153
18154
18155
18156
18157
18158
18159
18160
18161
18162
18163
18164
18165
18166
18167
18168
18169
18170
18171
18172
18173
18174
18175
18176
18177
18178
18179
18180
18181
18182
18183
18184
18185
18186
18187
18188
18189
18190
18191
18192
18193
18194
18195
18196
18197
18198
18199
18200
18201
18202
18203
18204
18205
18206
18207
18208
18209
18210
18211
18212
18213
18214
18215
18216
18217
18218
18219
18220
18221
18222
18223
18224
18225
18226
18227
18228
18229
18230
18231
18232
18233
18234
18235
18236
18237
18238
18239
18240
18241
18242
18243
18244
18245
18246
18247
18248
18249
18250
18251
18252
18253
18254
18255
18256
18257
18258
18259
18260
18261
18262
18263
18264
18265
18266
18267
18268
18269
18270
18271
18272
18273
18274
18275
18276
18277
18278
18279
18280
18281
18282
18283
18284
18285
18286
18287
18288
18289
18290
18291
18292
18293
18294
18295
18296
18297
18298
18299
18300
18301
18302
18303
18304
18305
18306
18307
18308
18309
18310
18311
18312
18313
18314
18315
18316
18317
18318
18319
18320
18321
18322
18323
18324
18325
18326
18327
18328
18329
18330
18331
18332
18333
18334
18335
18336
18337
18338
18339
18340
18341
18342
18343
18344
18345
18346
18347
18348
18349
18350
18351
18352
18353
18354
18355
18356
1 || 1 || 1 || NOCLASS || 0 || FILEEXT JPG file claimed
1 || 3 || 1 || NOCLASS || 0 || FILEEXT BMP file claimed
1 || 6 || 1 || NOCLASS || 0 || FILESTORE jpg
1 || 8 || 1 || NOCLASS || 0 || FILESTORE pdf
1 || 9 || 1 || NOCLASS || 0 || FILEMAGIC pdf
1 || 10 || 1 || NOCLASS || 0 || FILEMAGIC jpg(1)
1 || 11 || 1 || NOCLASS || 0 || FILEMAGIC jpg(2)
1 || 12 || 1 || NOCLASS || 0 || FILEMAGIC short
1 || 15 || 1 || NOCLASS || 0 || FILE store all
1 || 16 || 1 || NOCLASS || 0 || FILE magic
1 || 17 || 1 || NOCLASS || 0 || FILE magic
1 || 18 || 1 || NOCLASS || 0 || FILE magic -- windows
1 || 19 || 1 || NOCLASS || 0 || FILE tracking PNG (1x1 pixel) (1)
1 || 20 || 1 || NOCLASS || 0 || FILE tracking PNG (1x1 pixel) (2)
1 || 21 || 1 || NOCLASS || 0 || FILE tracking GIF (1x1 pixel)
1 || 22 || 1 || NOCLASS || 0 || FILE pdf claimed, but not pdf
1 || 23 || 2 || NOCLASS || 0 || FILE magic
1 || 648 || 7 || shellcode-detect || 0 || GPL SHELLCODE x86 NOOP || arachnids,181
1 || 653 || 9 || shellcode-detect || 0 || GPL SHELLCODE x86 0x90 unicode NOOP
1 || 1266 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap mountd request TCP || arachnids,13
1 || 1429 || 3 || misc-activity || 0 || GPL DELETED poll.gotomypc.com access || url,www.gotomypc.com/help2.tmpl
1 || 1877 || 9 || web-application-activity || 0 || GPL WEB_SERVER printenv access || bugtraq,1658 || cve,2000-0868 || nessus,10188 || nessus,10503
1 || 2351 || 11 || attempted-admin || 0 || GPL NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2352 || 10 || attempted-admin || 0 || GPL NETBIOS DCERPC ISystemActivator path overflow attempt big endian unicode || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2492 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB DCERPC ISystemActivator bind attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2493 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB DCERPC ISystemActivator unicode bind attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2494 || 8 || misc-attack || 0 || GPL NETBIOS DCEPRC ORPCThis request flood attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2495 || 8 || misc-attack || 0 || GPL NETBIOS SMB DCEPRC ORPCThis request flood attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2873 || 2 || attempted-user || 0 || GPL DELETED sys.dbms_repcat_conf.alter_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2952 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB IPC$ andx share access
1 || 2953 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB IPC$ unicode andx share access
1 || 2972 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB D$ andx share access
1 || 2973 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB D$ unicode andx share access
1 || 2976 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB C$ andx share access
1 || 2977 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB C$ unicode andx share access
1 || 2980 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB ADMIN$ andx share access
1 || 2981 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB ADMIN$ unicode andx share access
1 || 2000005 || 7 || attempted-dos || 0 || ET EXPLOIT Cisco Telnet Buffer Overflow || url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml || url,doc.emergingthreats.net/bin/view/Main/2000005
1 || 2000006 || 13 || attempted-dos || 0 || ET DOS Cisco Router HTTP DoS || url,www.cisco.com/warp/public/707/cisco-sn-20040326-exploits.shtml
1 || 2000007 || 7 || attempted-dos || 0 || ET EXPLOIT Catalyst SSH protocol mismatch || url,www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml || url,doc.emergingthreats.net/bin/view/Main/2000007
1 || 2000009 || 12 || attempted-dos || 0 || ET DELETED Cisco IOS HTTP DoS || url,www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml || url,doc.emergingthreats.net/bin/view/Main/2000009
1 || 2000010 || 11 || attempted-dos || 0 || ET DOS Cisco 514 UDP flood DoS || url,www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml || url,doc.emergingthreats.net/bin/view/Main/2000010
1 || 2000011 || 8 || attempted-dos || 0 || ET DOS Catalyst memory leak attack || url,www.cisco.com/en/US/products/products_security_advisory09186a00800b138e.shtml || url,doc.emergingthreats.net/bin/view/Main/2000011
1 || 2000012 || 11 || attempted-dos || 0 || ET DELETED Cisco %u IDS evasion || url,doc.emergingthreats.net/bin/view/Main/2000012
1 || 2000013 || 12 || attempted-dos || 0 || ET DELETED Cisco IOS HTTP server DoS || url,doc.emergingthreats.net/bin/view/Main/2000013
1 || 2000015 || 6 || trojan-activity || 0 || ET P2P Phatbot Control Connection || url,www.lurhq.com/phatbot.html || url,doc.emergingthreats.net/bin/view/Main/2000015
1 || 2000016 || 7 || attempted-dos || 0 || ET DOS SSL Bomb DoS Attempt || cve,CAN-2004-0120 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || url,doc.emergingthreats.net/bin/view/Main/2000016
1 || 2000017 || 6 || bad-unknown || 0 || ET NETBIOS NII Microsoft ASN.1 Library Buffer Overflow Exploit || url,www.microsoft.com/technet/security/bulletin/ms04-007.asp || url,doc.emergingthreats.net/bin/view/Main/2000017
1 || 2000024 || 9 || trojan-activity || 0 || ET DELETED rcprograms || url,sarc.com/avcenter/venc/data/adware.rcprograms.html || url,doc.emergingthreats.net/bin/view/Main/2000024
1 || 2000025 || 11 || policy-violation || 0 || ET MALWARE Gator Cookie || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999 || url,doc.emergingthreats.net/bin/view/Main/2000025
1 || 2000026 || 37 || policy-violation || 0 || ET USER_AGENTS Gator Agent Traffic || url,doc.emergingthreats.net/2000026
1 || 2000031 || 5 || attempted-admin || 0 || ET EXPLOIT CVS server heap overflow attempt (target BSD) || url,doc.emergingthreats.net/bin/view/Main/2000031
1 || 2000032 || 9 || misc-activity || 0 || ET NETBIOS LSA exploit || url,www.eeye.com/html/research/advisories/AD20040501.html || url,www.upenn.edu/computing/virus/04/w32.sasser.worm.html || url,doc.emergingthreats.net/bin/view/Main/2000032
1 || 2000033 || 9 || misc-activity || 0 || ET NETBIOS MS04011 Lsasrv.dll RPC exploit (WinXP) || url,doc.emergingthreats.net/bin/view/Main/2000033 || cve,2003-0533
1 || 2000035 || 13 || policy-violation || 0 || ET POLICY Hotmail Inbox Access || url,doc.emergingthreats.net/2000035
1 || 2000036 || 15 || policy-violation || 0 || ET POLICY Hotmail Message Access || url,doc.emergingthreats.net/2000036
1 || 2000037 || 14 || policy-violation || 0 || ET POLICY Hotmail Compose Message Access || url,doc.emergingthreats.net/2000037
1 || 2000038 || 14 || policy-violation || 0 || ET POLICY Hotmail Compose Message Submit || url,doc.emergingthreats.net/2000038
1 || 2000039 || 11 || policy-violation || 0 || ET POLICY Hotmail Compose Message Submit Data || url,doc.emergingthreats.net/2000039
1 || 2000040 || 5 || misc-activity || 0 || ET WORM Sasser FTP Traffic || url,vil.mcafeesecurity.com/vil/content/Print125009.htm || url,doc.emergingthreats.net/2000040
1 || 2000041 || 14 || policy-violation || 0 || ET POLICY Yahoo Mail Inbox View || url,doc.emergingthreats.net/2000041
1 || 2000042 || 14 || policy-violation || 0 || ET POLICY Yahoo Mail Message View || url,doc.emergingthreats.net/2000042
1 || 2000043 || 12 || policy-violation || 0 || ET POLICY Yahoo Mail Message Compose Open || url,doc.emergingthreats.net/2000043
1 || 2000044 || 11 || policy-violation || 0 || ET POLICY Yahoo Mail Message Send || url,doc.emergingthreats.net/2000044
1 || 2000045 || 12 || policy-violation || 0 || ET DELETED Yahoo Mail Message Send Info Capture || url,doc.emergingthreats.net/2000045
1 || 2000046 || 9 || misc-activity || 0 || ET NETBIOS MS04011 Lsasrv.dll RPC exploit (Win2k) || url,doc.emergingthreats.net/bin/view/Main/2000046 || cve,2003-0533
1 || 2000047 || 5 || misc-activity || 0 || ET WORM Sasser Transfer _up.exe || url,vil.mcafeesecurity.com/vil/content/Print125009.htm || url,doc.emergingthreats.net/2000047
1 || 2000048 || 5 || attempted-admin || 0 || ET EXPLOIT CVS server heap overflow attempt (target Linux) || url,doc.emergingthreats.net/bin/view/Main/2000048
1 || 2000049 || 5 || attempted-admin || 0 || ET EXPLOIT CVS server heap overflow attempt (target Solaris) || url,doc.emergingthreats.net/bin/view/Main/2000049
1 || 2000105 || 5 || attempted-user || 0 || ET WEB_SERVER SQL sp_password attempt || url,doc.emergingthreats.net/2000105
1 || 2000106 || 5 || attempted-user || 0 || ET WEB_SERVER SQL sp_delete_alert attempt || url,doc.emergingthreats.net/2000106
1 || 2000306 || 29 || trojan-activity || 0 || ET DELETED Virtumonde Spyware siae3123.exe GET || url,sarc.com/avcenter/venc/data/adware.virtumonde.html || url,doc.emergingthreats.net/bin/view/Main/2000306
1 || 2000307 || 26 || trojan-activity || 0 || ET DELETED Virtumonde Spyware siae3123.exe GET (8081) || url,sarc.com/avcenter/venc/data/adware.virtumonde.html || url,doc.emergingthreats.net/bin/view/Main/2000307
1 || 2000308 || 24 || trojan-activity || 0 || ET DELETED Virtumonde Spyware Information Post || url,sarc.com/avcenter/venc/data/adware.virtumonde.html || url,doc.emergingthreats.net/bin/view/Main/2000308
1 || 2000309 || 8 || policy-violation || 0 || ET DELETED GotoMyPC Polling Client || url,doc.emergingthreats.net/2000309
1 || 2000327 || 10 || trojan-activity || 0 || ET DELETED Spyware 2020 || url,securityresponse.symantec.com/avcenter/venc/data/spyware.2020search.html || url,doc.emergingthreats.net/bin/view/Main/2000327
1 || 2000328 || 12 || misc-activity || 0 || ET POLICY Outbound Multiple Non-SMTP Server Emails || url,doc.emergingthreats.net/2000328
1 || 2000330 || 13 || policy-violation || 0 || ET P2P ed2k connection to server || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf || url,doc.emergingthreats.net/bin/view/Main/2000330
1 || 2000332 || 11 || policy-violation || 0 || ET P2P ed2k request part || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf || url,doc.emergingthreats.net/bin/view/Main/2000332
1 || 2000333 || 11 || policy-violation || 0 || ET P2P ed2k file request answer || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf || url,doc.emergingthreats.net/bin/view/Main/2000333
1 || 2000334 || 12 || policy-violation || 0 || ET P2P BitTorrent peer sync || url,bitconjurer.org/BitTorrent/protocol.html || url,doc.emergingthreats.net/bin/view/Main/2000334
1 || 2000335 || 9 || policy-violation || 0 || ET P2P Overnet (Edonkey) Server Announce || url,www.overnet.com || url,doc.emergingthreats.net/bin/view/Main/2000335
1 || 2000336 || 12 || trojan-activity || 0 || ET DELETED Yesadvertising Banking Spyware RETRIEVE || url,isc.sans.org/presentations/banking_malware.pdf || url,doc.emergingthreats.net/bin/view/Main/2000336
1 || 2000337 || 12 || trojan-activity || 0 || ET DELETED Yesadvertising Banking Spyware INFORMATION SUBMIT || url,isc.sans.org/presentations/banking_malware.pdf || url,doc.emergingthreats.net/bin/view/Main/2000337
1 || 2000338 || 5 || trojan-activity || 0 || ET P2P iroffer IRC Bot help message || url,iroffer.org || url,doc.emergingthreats.net/bin/view/Main/2000338
1 || 2000339 || 5 || trojan-activity || 0 || ET P2P iroffer IRC Bot offered files advertisement || url,iroffer.org || url,doc.emergingthreats.net/bin/view/Main/2000339
1 || 2000340 || 10 || policy-violation || 0 || ET P2P Kaaza Media desktop p2pnetworking.exe Activity || url,www.giac.org/practical/GCIH/Ian_Gosling_GCIH.pdf || url,doc.emergingthreats.net/bin/view/Main/2000340
1 || 2000341 || 10 || policy-violation || 0 || ET POLICY Yahoo Mail General Page View || url,doc.emergingthreats.net/2000341
1 || 2000342 || 6 || misc-attack || 0 || ET EXPLOIT Squid NTLM Auth Overflow Exploit || url,www.idefense.com/application/poi/display?id=107 || cve,CAN-2004-0541 || url,doc.emergingthreats.net/bin/view/Main/2000342
1 || 2000345 || 15 || trojan-activity || 0 || ET TROJAN IRC Nick change on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000345
1 || 2000346 || 12 || trojan-activity || 0 || ET DELETED IRC Name response on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000346
1 || 2000347 || 13 || trojan-activity || 0 || ET TROJAN IRC Private message on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000347
1 || 2000348 || 12 || trojan-activity || 0 || ET TROJAN IRC Channel JOIN on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000348
1 || 2000349 || 11 || policy-violation || 0 || ET TROJAN IRC DCC file transfer request on non-std port || url,doc.emergingthreats.net/bin/view/Main/2000349
1 || 2000350 || 11 || policy-violation || 0 || ET TROJAN IRC DCC chat request on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000350
1 || 2000351 || 11 || policy-violation || 0 || ET TROJAN IRC Channel join on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000351
1 || 2000352 || 10 || policy-violation || 0 || ET TROJAN IRC DNS request on non-standard port || url,doc.emergingthreats.net/bin/view/Main/2000352
1 || 2000355 || 5 || misc-activity || 0 || ET CHAT IRC authorization message || url,doc.emergingthreats.net/2000355
1 || 2000356 || 5 || misc-activity || 0 || ET POLICY IRC connection || url,doc.emergingthreats.net/2000356
1 || 2000357 || 8 || policy-violation || 0 || ET P2P BitTorrent Traffic || url,bitconjurer.org/BitTorrent/protocol.html || url,doc.emergingthreats.net/bin/view/Main/2000357
1 || 2000366 || 14 || trojan-activity || 0 || ET MALWARE Binet (download complete) || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html || url,doc.emergingthreats.net/bin/view/Main/2000366
1 || 2000367 || 11 || trojan-activity || 0 || ET MALWARE Binet (set_pix) || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html || url,doc.emergingthreats.net/bin/view/Main/2000367
1 || 2000369 || 6 || policy-violation || 0 || ET P2P BitTorrent Announce || url,bitconjurer.org/BitTorrent/protocol.html || url,doc.emergingthreats.net/bin/view/Main/2000369
1 || 2000371 || 12 || trojan-activity || 0 || ET MALWARE Binet (randreco.exe) || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html || url,doc.emergingthreats.net/bin/view/Main/2000371
1 || 2000372 || 8 || attempted-user || 0 || ET EXPLOIT MS-SQL SQL Injection running SQL statements line comment || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,doc.emergingthreats.net/bin/view/Main/2000372
1 || 2000373 || 7 || attempted-user || 0 || ET EXPLOIT MS-SQL SQL Injection line comment || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,doc.emergingthreats.net/bin/view/Main/2000373
1 || 2000377 || 7 || attempted-admin || 0 || ET EXPLOIT MS-SQL heap overflow attempt || url,www.nextgenss.com/papers/tp-SQL2000.pdf || url,doc.emergingthreats.net/bin/view/Main/2000377
1 || 2000378 || 8 || attempted-dos || 0 || ET EXPLOIT MS-SQL DOS attempt (08) || url,www.nextgenss.com/papers/tp-SQL2000.pdf || url,doc.emergingthreats.net/bin/view/Main/2000378
1 || 2000379 || 7 || attempted-dos || 0 || ET EXPLOIT MS-SQL DOS attempt (08) 1 byte || url,www.nextgenss.com/papers/tp-SQL2000.pdf || url,doc.emergingthreats.net/bin/view/Main/2000379
1 || 2000380 || 9 || attempted-admin || 0 || ET EXPLOIT MS-SQL Spike buffer overflow || bugtraq,5411 || url,doc.emergingthreats.net/bin/view/Main/2000380
1 || 2000381 || 8 || attempted-dos || 0 || ET EXPLOIT MS-SQL DOS bouncing packets || url,www.nextgenss.com/papers/tp-SQL2000.pdf || url,doc.emergingthreats.net/bin/view/Main/2000381
1 || 2000418 || 11 || policy-violation || 0 || ET POLICY Executable and linking format (ELF) file download || url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm || url,doc.emergingthreats.net/bin/view/Main/2000418
1 || 2000419 || 22 || policy-violation || 0 || ET POLICY PE EXE or DLL Windows file download || url,doc.emergingthreats.net/bin/view/Main/2000419
1 || 2000420 || 11 || misc-activity || 0 || ET POLICY REG files version 4 download || url,www.ss64.com/nt/regedit.html || url,doc.emergingthreats.net/bin/view/Main/2000420
1 || 2000421 || 10 || misc-activity || 0 || ET POLICY REG files version 5 download || url,www.ss64.com/nt/regedit.html || url,doc.emergingthreats.net/bin/view/Main/2000421
1 || 2000422 || 10 || misc-activity || 0 || ET POLICY REG files version 5 Unicode download || url,www.ss64.com/nt/regedit.html || url,doc.emergingthreats.net/bin/view/Main/2000422
1 || 2000423 || 10 || misc-activity || 0 || ET DELETED NE EXE OS2 file download || url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm || url,doc.emergingthreats.net/bin/view/Main/2000423
1 || 2000424 || 9 || misc-activity || 0 || ET DELETED LX EXE OS2 file download || url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm || url,doc.emergingthreats.net/bin/view/Main/2000424
1 || 2000425 || 9 || misc-activity || 0 || ET DELETED NE EXE Windows 3.x file download || url,www.itee.uq.edu.au/~cristina/students/david/honoursThesis96/bff.htm || url,doc.emergingthreats.net/bin/view/Main/2000425
1 || 2000426 || 9 || misc-activity || 0 || ET POLICY EXE compressed PKWARE Windows file download || url,www.program-transformation.org/Transform/PcExeFormat || url,doc.emergingthreats.net/bin/view/Main/2000426
1 || 2000427 || 14 || policy-violation || 0 || ET DELETED PE EXE Install Windows file download || url,www.program-transformation.org/Transform/PcExeFormat || url,doc.emergingthreats.net/bin/view/Main/2000427
1 || 2000428 || 10 || misc-activity || 0 || ET POLICY ZIP file download || url,zziplib.sourceforge.net/zzip-parse.print.html || url,doc.emergingthreats.net/bin/view/Main/2000428
1 || 2000429 || 9 || misc-activity || 0 || ET POLICY Download Windows Help File CHM 2 || url,www.speakeasy.org/~russotto/chm/chmformat.html || url,www.securiteam.com/windowsntfocus/6V00N000AU.html || url,doc.emergingthreats.net/bin/view/Main/2000429
1 || 2000466 || 7 || attempted-recon || 0 || ET MALWARE User-Agent (iexplore) || url,doc.emergingthreats.net/2000466
1 || 2000488 || 7 || attempted-user || 0 || ET EXPLOIT MS-SQL SQL Injection closing string plus line comment || url,www.nextgenss.com/papers/more_advanced_sql_injection.pdf || url,www.securitymap.net/sdm/docs/windows/mssql-checklist.html || url,doc.emergingthreats.net/bin/view/Main/2000488
1 || 2000489 || 9 || misc-activity || 0 || ET POLICY Download Windows Help File CHM || url,www.speakeasy.org/~russotto/chm/chmformat.html || url,www.securiteam.com/windowsntfocus/6V00N000AU.html || url,doc.emergingthreats.net/bin/view/Main/2000489
1 || 2000499 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access COM1 || url,doc.emergingthreats.net/bin/view/Main/2000499
1 || 2000500 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access COM2 || url,doc.emergingthreats.net/bin/view/Main/2000500
1 || 2000501 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access COM3 || url,doc.emergingthreats.net/bin/view/Main/2000501
1 || 2000502 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access COM4 || url,doc.emergingthreats.net/bin/view/Main/2000502
1 || 2000503 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT1 || url,doc.emergingthreats.net/bin/view/Main/2000503
1 || 2000504 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT2 || url,doc.emergingthreats.net/bin/view/Main/2000504
1 || 2000505 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT3 || url,doc.emergingthreats.net/bin/view/Main/2000505
1 || 2000506 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access LPT4 || url,doc.emergingthreats.net/bin/view/Main/2000506
1 || 2000507 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access AUX || url,doc.emergingthreats.net/bin/view/Main/2000507
1 || 2000508 || 8 || string-detect || 0 || ET ATTACK_RESPONSE FTP inaccessible directory access NULL || url,doc.emergingthreats.net/bin/view/Main/2000508
1 || 2000514 || 8 || misc-attack || 0 || ET MALWARE IE homepage hijacking || url,www.geek.com/news/geeknews/2004Jun/gee20040610025522.htm || url,doc.emergingthreats.net/bin/view/Main/2000514
1 || 2000519 || 11 || misc-attack || 0 || ET MALWARE shell browser vulnerability W9x/XP || url,www.packetfocus.com/shell_exploit.htm || url,doc.emergingthreats.net/bin/view/Main/2000519
1 || 2000520 || 11 || misc-attack || 0 || ET MALWARE shell browser vulnerability NT/2K || url,www.packetfocus.com/shell_exploit.htm || url,doc.emergingthreats.net/bin/view/Main/2000520
1 || 2000536 || 7 || attempted-recon || 0 || ET SCAN NMAP -sO || url,doc.emergingthreats.net/2000536
1 || 2000537 || 8 || attempted-recon || 0 || ET SCAN NMAP -sS window 2048 || url,doc.emergingthreats.net/2000537
1 || 2000538 || 8 || attempted-recon || 0 || ET SCAN NMAP -sA (1) || url,doc.emergingthreats.net/2000538
1 || 2000540 || 8 || attempted-recon || 0 || ET SCAN NMAP -sA (2) || url,doc.emergingthreats.net/2000540
1 || 2000543 || 7 || attempted-recon || 0 || ET SCAN NMAP -f -sF || url,doc.emergingthreats.net/2000543
1 || 2000544 || 7 || attempted-recon || 0 || ET SCAN NMAP -f -sN || url,doc.emergingthreats.net/2000544
1 || 2000545 || 7 || attempted-recon || 0 || ET SCAN NMAP -f -sS || url,doc.emergingthreats.net/2000545
1 || 2000546 || 7 || attempted-recon || 0 || ET SCAN NMAP -f -sX || url,doc.emergingthreats.net/2000546
1 || 2000559 || 14 || web-application-attack || 0 || ET WEB_SERVER THCIISLame IIS SSL Exploit Attempt || url,www.thc.org/exploits/THCIISSLame.c || url,isc.sans.org/diary.php?date=2004-07-17 || url,doc.emergingthreats.net/2000559
1 || 2000560 || 10 || misc-activity || 0 || ET POLICY HTTP CONNECT Tunnel Attempt Inbound || url,doc.emergingthreats.net/2000560
1 || 2000562 || 12 || suspicious-filename-detect || 0 || ET TROJAN OUTBOUND Suspicious Email Attachment || url,doc.emergingthreats.net/2000562
1 || 2000563 || 11 || misc-attack || 0 || ET EXPLOIT Pwdump3e Password Hash Retrieval port 445 || url,doc.emergingthreats.net/bin/view/Main/2000563
1 || 2000564 || 9 || misc-attack || 0 || ET EXPLOIT Pwdump3e pwservice.exe Access port 445 || url,doc.emergingthreats.net/bin/view/Main/2000564
1 || 2000565 || 8 || suspicious-login || 0 || ET EXPLOIT Pwdump3e Session Established Reg-Entry port 139 || url,doc.emergingthreats.net/bin/view/Main/2000565
1 || 2000566 || 8 || suspicious-login || 0 || ET EXPLOIT Pwdump3e Session Established Reg-Entry port 445 || url,doc.emergingthreats.net/bin/view/Main/2000566
1 || 2000567 || 8 || misc-attack || 0 || ET EXPLOIT Pwdump3e pwservice.exe Access port 139 || url,doc.emergingthreats.net/bin/view/Main/2000567
1 || 2000568 || 10 || misc-attack || 0 || ET EXPLOIT Pwdump3e Password Hash Retrieval port 139 || url,doc.emergingthreats.net/bin/view/Main/2000568
1 || 2000569 || 6 || policy-violation || 0 || ET DELETED KitCo Kcast Ticker (agtray) || url,doc.emergingthreats.net/2000569
1 || 2000570 || 6 || policy-violation || 0 || ET DELETED KitCo Kcast Ticker (autray) || url,doc.emergingthreats.net/2000570
1 || 2000571 || 8 || policy-violation || 0 || ET POLICY AOL Webmail Message Send || url,doc.emergingthreats.net/bin/view/Main/2000571
1 || 2000572 || 7 || policy-violation || 0 || ET POLICY AOL Webmail Login || url,doc.emergingthreats.net/bin/view/Main/2000572
1 || 2000574 || 11 || trojan-activity || 0 || ET MALWARE Bargain Buddy || url,www.doxdesk.com/parasite/BargainBuddy.html || url,doc.emergingthreats.net/bin/view/Main/2000574
1 || 2000575 || 7 || misc-activity || 0 || ET SCAN ICMP PING IPTools || url,www.ks-soft.net/ip-tools.eng || url,www.ks-soft.net/ip-tools.eng/index.htm || url,doc.emergingthreats.net/2000575
1 || 2000577 || 10 || policy-violation || 0 || ET DELETED Popuptraffic.com Bot Reporting || url,popuptraffic.com || url,doc.emergingthreats.net/bin/view/Main/2000577
1 || 2000580 || 9 || policy-violation || 0 || ET MALWARE Shop At Home Select.com Install Attempt || url,www.spywareguide.com/product_show.php?id=700 || url,www.shopathomeselect.com || url,doc.emergingthreats.net/bin/view/Main/2000580
1 || 2000581 || 10 || policy-violation || 0 || ET MALWARE Shop At Home Select.com Install Download || url,www.spywareguide.com/product_show.php?id=700 || url,www.shopathomeselect.com || url,doc.emergingthreats.net/bin/view/Main/2000581
1 || 2000582 || 9 || trojan-activity || 0 || ET MALWARE F1Organizer Reporting || url,doc.emergingthreats.net/bin/view/Main/2000582
1 || 2000583 || 9 || trojan-activity || 0 || ET MALWARE Mindset Interactive Install (1) || url,www.mindsetinteractive.com || url,doc.emergingthreats.net/bin/view/Main/2000583
1 || 2000584 || 9 || trojan-activity || 0 || ET MALWARE Mindset Interactive Install (2) || url,www.mindsetinteractive.com || url,doc.emergingthreats.net/bin/view/Main/2000584
1 || 2000585 || 9 || trojan-activity || 0 || ET MALWARE F1Organizer Install Attempt || url,doc.emergingthreats.net/bin/view/Main/2000585
1 || 2000586 || 32 || trojan-activity || 0 || ET MALWARE Ezula Related User-Agent (mez) || url,www.ezula.com || url,www.spyany.com/program/article_spw_rm_eZuLa.html || url,doc.emergingthreats.net/2000586
1 || 2000587 || 12 || trojan-activity || 0 || ET MALWARE SpywareLabs VirtualBouncer Seeking Instructions || url,securityresponse.symantec.com/avcenter/venc/data/adware.virtualbouncer.html || url,doc.emergingthreats.net/bin/view/Main/2000587
1 || 2000588 || 11 || trojan-activity || 0 || ET MALWARE TopMoxie Reporting Data to External Host || url,www.topmoxie.com || url,doc.emergingthreats.net/bin/view/Main/2000588
1 || 2000589 || 9 || trojan-activity || 0 || ET MALWARE TopMoxie Retrieving Data (downloads) || url,www.topmoxie.com || url,doc.emergingthreats.net/bin/view/Main/2000589
1 || 2000590 || 9 || trojan-activity || 0 || ET MALWARE TopMoxie Retrieving Data (common) || url,www.topmoxie.com || url,doc.emergingthreats.net/bin/view/Main/2000590
1 || 2000593 || 9 || trojan-activity || 0 || ET MALWARE Binet Ad Retrieval || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html || url,doc.emergingthreats.net/bin/view/Main/2000593
1 || 2000594 || 7 || trojan-activity || 0 || ET MALWARE Mindset Interactive Ad Retrieval || url,www.mindsetinteractive.com || url,doc.emergingthreats.net/bin/view/Main/2000594
1 || 2000595 || 11 || policy-violation || 0 || ET DELETED Gator Checkin || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999 || url,doc.emergingthreats.net/bin/view/Main/2000595
1 || 2000596 || 14 || policy-violation || 0 || ET MALWARE Gator/Claria Data Submission || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999 || url,doc.emergingthreats.net/bin/view/Main/2000596
1 || 2000597 || 9 || policy-violation || 0 || ET MALWARE Gator New Code Download || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999 || url,doc.emergingthreats.net/bin/view/Main/2000597
1 || 2000598 || 9 || policy-violation || 0 || ET DELETED Altnet PeerPoints Manager Data Submission || url,securityresponse.symantec.com/avcenter/venc/data/adware.topsearch.html || url,doc.emergingthreats.net/bin/view/Main/2000598
1 || 2000599 || 8 || policy-violation || 0 || ET MALWARE Fun Web Products Install || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2000599
1 || 2000600 || 13 || trojan-activity || 0 || ET MALWARE MyWebSearch Toolbar Receiving Configuration || url,doc.emergingthreats.net/bin/view/Main/2000600
1 || 2000601 || 7 || trojan-activity || 0 || ET MALWARE Salongas Infection || url,doc.emergingthreats.net/bin/view/Main/2000601
1 || 2000900 || 8 || trojan-activity || 0 || ET MALWARE JoltID Agent Probing or Announcing UDP || url,www.joltid.com || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,doc.emergingthreats.net/bin/view/Main/2000900
1 || 2000901 || 9 || trojan-activity || 0 || ET MALWARE JoltID Agent Communicating TCP || url,www.joltid.com || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,doc.emergingthreats.net/bin/view/Main/2000901
1 || 2000902 || 9 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Configuration Access || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2000902
1 || 2000903 || 8 || trojan-activity || 0 || ET MALWARE Avres Agent Receiving Instructions || url,www.avres.net || url,ar.avres.net/ie/updatenew/ || url,doc.emergingthreats.net/bin/view/Main/2000903
1 || 2000905 || 9 || trojan-activity || 0 || ET MALWARE FlashPoint Agent Retrieving New Code || url,www.flashpoint.bm || url,doc.emergingthreats.net/bin/view/Main/2000905
1 || 2000906 || 9 || policy-violation || 0 || ET DELETED Altnet PeerPoints Manager Start || url,securityresponse.symantec.com/avcenter/venc/data/adware.topsearch.html || url,doc.emergingthreats.net/bin/view/Main/2000906
1 || 2000907 || 10 || policy-violation || 0 || ET DELETED Altnet PeerPoints Manager Settings Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.topsearch.html || url,doc.emergingthreats.net/bin/view/Main/2000907
1 || 2000908 || 12 || policy-violation || 0 || ET MALWARE WhenUClick.com App and Search Bar Install (1) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000908
1 || 2000909 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com App and Search Bar Install (2) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000909
1 || 2000910 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com Clock Sync App Checkin || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000910
1 || 2000911 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com Weather App Checkin || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000911
1 || 2000912 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com Clock Sync App Checkin (1) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000912
1 || 2000913 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com Clock Sync App Checkin (2) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000913
1 || 2000914 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com Weather App Checkin (1) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000914
1 || 2000915 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com Weather App Checkin (2) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000915
1 || 2000916 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com WhenUSave App Checkin || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000916
1 || 2000917 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com WhenUSave Data Retrieval (offersdata) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000917
1 || 2000918 || 10 || policy-violation || 0 || ET MALWARE WhenUClick.com Desktop Bar Install || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000918
1 || 2000919 || 11 || policy-violation || 0 || ET MALWARE WhenUClick.com WhenUSave Data Retrieval (Searchdb) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2000919
1 || 2000920 || 11 || trojan-activity || 0 || ET MALWARE Hotbar Install (1) || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000920
1 || 2000921 || 10 || trojan-activity || 0 || ET MALWARE Hotbar Install (2) || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000921
1 || 2000922 || 10 || trojan-activity || 0 || ET MALWARE Hotbar Install (3) || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000922
1 || 2000923 || 11 || trojan-activity || 0 || ET MALWARE Hotbar Agent Reporting Information || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000923
1 || 2000924 || 10 || trojan-activity || 0 || ET MALWARE Hotbar Agent Upgrading || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000924
1 || 2000925 || 9 || trojan-activity || 0 || ET MALWARE Hotbar Agent Partner Checkin || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000925
1 || 2000927 || 9 || trojan-activity || 0 || ET MALWARE ISearchTech.com XXXPornToolbar Reporting || url,www.isearchtech.com || url,doc.emergingthreats.net/bin/view/Main/2000927
1 || 2000928 || 10 || trojan-activity || 0 || ET MALWARE ISearchTech.com XXXPornToolbar Activity (1) || url,www.isearchtech.com || url,doc.emergingthreats.net/bin/view/Main/2000928
1 || 2000929 || 10 || trojan-activity || 0 || ET MALWARE Hotbar Agent Activity || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2000929
1 || 2000930 || 10 || trojan-activity || 0 || ET DELETED 180solutions Update Engine || url,www.safer-networking.org/index.php?page=threats&detail=212 || url,doc.emergingthreats.net/bin/view/Main/2000930
1 || 2000931 || 10 || policy-violation || 0 || ET MALWARE Comet Systems Spyware Traffic || url,doc.emergingthreats.net/bin/view/Main/2000931
1 || 2000932 || 8 || trojan-activity || 0 || ET MALWARE Keenvalue Update Engine || url,www.safer-networking.org/index.php?page=updatehistory&detail=2003-11-24 || url,doc.emergingthreats.net/bin/view/Main/2000932
1 || 2000934 || 10 || trojan-activity || 0 || ET DELETED 2020search Update Engine || url,www.safer-networking.org/index.php?page=updatehistory&detail=2004-03-04 || url,doc.emergingthreats.net/bin/view/Main/2000934
1 || 2000936 || 9 || trojan-activity || 0 || ET MALWARE FlashTrack Agent Retrieving New App Code || url,www.flashpoint.bm || url,doc.emergingthreats.net/bin/view/Main/2000936
1 || 2001013 || 9 || policy-violation || 0 || ET MALWARE Fun Web Products SmileyCentral || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2001013
1 || 2001015 || 9 || trojan-activity || 0 || ET MALWARE JoltID Agent Keep-Alive || url,www.joltid.com || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,doc.emergingthreats.net/bin/view/Main/2001015
1 || 2001016 || 10 || policy-violation || 0 || ET MALWARE SideStep Bar Install || url,www.sidestep.com || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,doc.emergingthreats.net/bin/view/Main/2001016
1 || 2001017 || 10 || policy-violation || 0 || ET MALWARE SideStep Bar Reporting Data || url,www.sidestep.com || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,doc.emergingthreats.net/bin/view/Main/2001017
1 || 2001022 || 5 || bad-unknown || 0 || ET EXPLOIT Invalid non-fragmented packet with fragment offset>0 || url,doc.emergingthreats.net/bin/view/Main/2001022
1 || 2001023 || 5 || bad-unknown || 0 || ET EXPLOIT Invalid fragment - ACK reset || url,doc.emergingthreats.net/bin/view/Main/2001023
1 || 2001024 || 5 || bad-unknown || 0 || ET EXPLOIT Invalid fragment - illegal flags || url,doc.emergingthreats.net/bin/view/Main/2001024
1 || 2001031 || 9 || trojan-activity || 0 || ET MALWARE Casino on Net Reporting Data || url,www.888casino.net || url,doc.emergingthreats.net/bin/view/Main/2001031
1 || 2001032 || 9 || trojan-activity || 0 || ET MALWARE Casino on Net Ping Hit || url,www.888casino.net || url,doc.emergingthreats.net/bin/view/Main/2001032
1 || 2001033 || 9 || trojan-activity || 0 || ET MALWARE Casino on Net Data Download || url,www.888casino.net || url,doc.emergingthreats.net/bin/view/Main/2001033
1 || 2001034 || 23 || policy-violation || 0 || ET DELETED Fun Web Products Adware Agent Traffic || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2001034
1 || 2001035 || 8 || policy-violation || 0 || ET P2P Morpheus Install || url,www.morpheus.com || url,doc.emergingthreats.net/bin/view/Main/2001035
1 || 2001036 || 8 || policy-violation || 0 || ET P2P Morpheus Install ini Download || url,www.morpheus.com || url,doc.emergingthreats.net/bin/view/Main/2001036
1 || 2001037 || 8 || policy-violation || 0 || ET P2P Morpheus Update Request || url,www.morpheus.com || url,doc.emergingthreats.net/bin/view/Main/2001037
1 || 2001038 || 9 || policy-violation || 0 || ET MALWARE Ebates Install || url,www.pestpatrol.com/PestInfo/e/ebates_moneymaker.asp || url,doc.emergingthreats.net/bin/view/Main/2001038
1 || 2001040 || 10 || trojan-activity || 0 || ET MALWARE My Search Bar Install || url,www.2-spyware.com/parasite-my-search-bar.html || url,doc.emergingthreats.net/bin/view/Main/2001040
1 || 2001041 || 9 || trojan-activity || 0 || ET MALWARE Casino on Net Install || url,www.888casino.net || url,doc.emergingthreats.net/bin/view/Main/2001041
1 || 2001043 || 12 || policy-violation || 0 || ET DELETED Fun Web Products MyWay Agent Traffic || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2001043
1 || 2001044 || 8 || policy-violation || 0 || ET POLICY Yahoo Briefcase Upload || url,doc.emergingthreats.net/2001044
1 || 2001046 || 13 || misc-activity || 0 || ET TROJAN UPX compressed file download possible malware || url,doc.emergingthreats.net/2001046
1 || 2001047 || 13 || misc-activity || 0 || ET MALWARE UPX encrypted file download possible malware || url,doc.emergingthreats.net/2001047
1 || 2001048 || 9 || misc-activity || 0 || ET WEB_CLIENT IE process injection iexplore.exe executable download || url,doc.emergingthreats.net/bin/view/Main/2001048
1 || 2001050 || 9 || policy-violation || 0 || ET MALWARE CometSystems Spyware || url,doc.emergingthreats.net/bin/view/Main/2001050
1 || 2001052 || 8 || misc-activity || 0 || ET EXPLOIT NTDump Session Established Reg-Entry port 139 || url,doc.emergingthreats.net/bin/view/Main/2001052
1 || 2001053 || 7 || misc-activity || 0 || ET EXPLOIT NTDump.exe Service Started port 139 || url,doc.emergingthreats.net/bin/view/Main/2001053
1 || 2001055 || 6 || attempted-admin || 0 || ET MISC HP Web JetAdmin ExecuteFile admin access || bugtraq,10224 || url,doc.emergingthreats.net/2001055
1 || 2001056 || 7 || misc-activity || 0 || ET WORM W32/Sasser.worm.b || url,securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html || url,doc.emergingthreats.net/2001056
1 || 2001057 || 7 || misc-activity || 0 || ET WORM W32/Sasser.worm.a || url,securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html || url,doc.emergingthreats.net/2001057
1 || 2001058 || 8 || attempted-admin || 0 || ET EXPLOIT libpng tRNS overflow attempt || cve,CAN-2004-0597 || url,doc.emergingthreats.net/bin/view/Main/2001058
1 || 2001059 || 9 || policy-violation || 0 || ET P2P Ares traffic || url,www.aresgalaxy.org || url,doc.emergingthreats.net/bin/view/Main/2001059
1 || 2001066 || 8 || misc-activity || 0 || ET TROJAN IE Ilookup Trojan || url,62.131.86.111/analysis.htm || url,doc.emergingthreats.net/2001066
1 || 2001099 || 10 || misc-attack || 0 || ET WEB_CLIENT Attempt to execute VBScript code || url,doc.emergingthreats.net/bin/view/Main/2001099
1 || 2001101 || 13 || misc-attack || 0 || ET WEB_CLIENT Stealth attempt to execute Javascript code || url,doc.emergingthreats.net/bin/view/Main/2001101
1 || 2001102 || 13 || misc-attack || 0 || ET WEB_CLIENT Stealth attempt to execute VBScript code || url,doc.emergingthreats.net/bin/view/Main/2001102
1 || 2001103 || 13 || misc-attack || 0 || ET WEB_CLIENT Stealth attempt to access SHELL#=#= || url,doc.emergingthreats.net/bin/view/Main/2001103
1 || 2001105 || 11 || misc-activity || 0 || ET WEB_CLIENT Javascript execution with expression eval || url,www.securiteam.com/exploits/3D5Q4RFPPK.html || url,doc.emergingthreats.net/bin/view/Main/2001105
1 || 2001106 || 10 || misc-activity || 0 || ET WEB_CLIENT Javascript execution with expression eval hex || url,www.securiteam.com/exploits/3D5Q4RFPPK.html || url,doc.emergingthreats.net/bin/view/Main/2001106
1 || 2001114 || 9 || bad-unknown || 0 || ET POLICY Mozilla XPI install files download || url,doc.emergingthreats.net/2001114
1 || 2001115 || 7 || bad-unknown || 0 || ET POLICY MSI (microsoft installer file) download || url,doc.emergingthreats.net/bin/view/Main/2001115
1 || 2001116 || 6 || not-suspicious || 0 || ET DNS Standard query response, Format error || url,doc.emergingthreats.net/2001116
1 || 2001117 || 6 || not-suspicious || 0 || ET DNS Standard query response, Name Error || url,doc.emergingthreats.net/2001117
1 || 2001118 || 6 || not-suspicious || 0 || ET DNS Standard query response, Not Implemented || url,doc.emergingthreats.net/2001118
1 || 2001119 || 6 || not-suspicious || 0 || ET DNS Standard query response, Refused || url,doc.emergingthreats.net/2001119
1 || 2001181 || 12 || misc-attack || 0 || ET ACTIVEX Internet Explorer Plugin.ocx Heap Overflow || url,www.hnc3k.com/ievulnerabil.htm || url,doc.emergingthreats.net/bin/view/Main/2001181
1 || 2001182 || 11 || misc-attack || 0 || ET WEB_CLIENT IE trojan Ants3set 1.exe - process injection || url,doc.emergingthreats.net/bin/view/Main/2001182
1 || 2001185 || 8 || policy-violation || 0 || ET P2P Soulseek traffic (1) || url,www.slsknet.org || url,doc.emergingthreats.net/bin/view/Main/2001185
1 || 2001186 || 8 || policy-violation || 0 || ET P2P Soulseek traffic (2) || url,www.slsknet.org || url,doc.emergingthreats.net/bin/view/Main/2001186
1 || 2001187 || 6 || policy-violation || 0 || ET P2P Soulseek Filesearch Results || url,www.slsknet.org || url,doc.emergingthreats.net/bin/view/Main/2001187
1 || 2001188 || 8 || policy-violation || 0 || ET P2P Soulseek || url,www.slsknet.org || url,doc.emergingthreats.net/bin/view/Main/2001188
1 || 2001190 || 11 || misc-activity || 0 || ET DELETED libPNG - Possible NULL-pointer crash in png_handle_iCCP || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html || url,doc.emergingthreats.net/bin/view/Main/2001190
1 || 2001191 || 11 || misc-activity || 0 || ET EXPLOIT libPNG - Width exceeds limit || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html || url,doc.emergingthreats.net/bin/view/Main/2001191
1 || 2001192 || 11 || misc-activity || 0 || ET DELETED libPNG - Height exceeds limit || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html || url,doc.emergingthreats.net/bin/view/Main/2001192
1 || 2001195 || 9 || misc-activity || 0 || ET EXPLOIT libPNG - Possible integer overflow in allocation in png_handle_sPLT || url,www.securiteam.com/unixfocus/5ZP0C0KDPG.html || url,doc.emergingthreats.net/bin/view/Main/2001195
1 || 2001197 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPNuke SQL injection attempt || url,www.waraxe.us/index.php?modname=sa&id=35 || url,doc.emergingthreats.net/2001197
1 || 2001198 || 8 || trojan-activity || 0 || ET MALWARE Twaintec Download Attempt || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp || url,doc.emergingthreats.net/bin/view/Main/2001198
1 || 2001199 || 8 || trojan-activity || 0 || ET MALWARE Twaintec Ad Retrieval || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp || url,doc.emergingthreats.net/bin/view/Main/2001199
1 || 2001202 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPNuke general SQL injection attempt || url,www.waraxe.us/?modname=sa&id=030 || url,www.waraxe.us/?modname=sa&id=036 || url,doc.emergingthreats.net/2001202
1 || 2001216 || 8 || trojan-activity || 0 || ET MALWARE Twaintec Reporting Data || url,www.pestpatrol.com/PestInfo/t/twain-tech.asp || url,doc.emergingthreats.net/bin/view/Main/2001216
1 || 2001217 || 11 || attempted-admin || 0 || ET EXPLOIT Adobe Acrobat Reader Malicious URL Null Byte || url,idefense.com/application/poi/display?id=126&type=vulnerabilities || url,www.securiteam.com/windowsntfocus/5BP0D20DPW.html || cve,2004-0629 || url,doc.emergingthreats.net/bin/view/Main/2001217
1 || 2001218 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPNuke general XSS attempt || url,www.waraxe.us/?modname=sa&id=030 || url,doc.emergingthreats.net/2001218
1 || 2001219 || 18 || attempted-recon || 0 || ET SCAN Potential SSH Scan || url,en.wikipedia.org/wiki/Brute_force_attack || url,doc.emergingthreats.net/2001219
1 || 2001221 || 8 || trojan-activity || 0 || ET MALWARE F1Organizer Config Download || url,doc.emergingthreats.net/bin/view/Main/2001221
1 || 2001222 || 9 || trojan-activity || 0 || ET DELETED Default-homepage-network.com Access || url,default-homepage-network.com/start.cgi?new-hkcu || url,doc.emergingthreats.net/bin/view/Main/2001222
1 || 2001223 || 9 || trojan-activity || 0 || ET MALWARE Regnow.com Access || url,www.regnow.com || url,doc.emergingthreats.net/bin/view/Main/2001223
1 || 2001224 || 9 || trojan-activity || 0 || ET MALWARE Regnow.com Gamehouse.com Access || url,www.gamehouse.com || url,doc.emergingthreats.net/bin/view/Main/2001224
1 || 2001225 || 11 || policy-violation || 0 || ET DELETED Statblaster Receiving New configuration (update) || url,securityresponse.symantec.com/avcenter/venc/data/adware.statblaster.html || url,doc.emergingthreats.net/bin/view/Main/2001225
1 || 2001228 || 10 || policy-violation || 0 || ET MALWARE Advertising.com Data Post (villains) || url,securityresponse.symantec.com/avcenter/venc/data/adware.fastseek.html || url,doc.emergingthreats.net/bin/view/Main/2001228
1 || 2001230 || 10 || policy-violation || 0 || ET MALWARE Advertising.com Data Post (cakedeal) || url,securityresponse.symantec.com/avcenter/venc/data/adware.fastseek.html || url,doc.emergingthreats.net/bin/view/Main/2001230
1 || 2001233 || 8 || trojan-activity || 0 || ET WORM Possible CIA Trojan download/upload attempt || url,doc.emergingthreats.net/2001233
1 || 2001235 || 13 || misc-activity || 0 || ET DELETED Weatherbug || url,doc.emergingthreats.net/bin/view/Main/2001235
1 || 2001238 || 9 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Possible Xedus Webserver Directory Traversal Attempt || url,www.gulftech.org/?node=research&article_id=00047-08302004 || url,doc.emergingthreats.net/2001238
1 || 2001239 || 9 || not-suspicious || 0 || ET POLICY Cisco Device in Config Mode || url,doc.emergingthreats.net/bin/view/Main/2001239
1 || 2001240 || 9 || not-suspicious || 0 || ET POLICY Cisco Device New Config Built || url,doc.emergingthreats.net/bin/view/Main/2001240
1 || 2001241 || 5 || policy-violation || 0 || ET CHAT MSN file transfer request || url,doc.emergingthreats.net/2001241
1 || 2001242 || 5 || policy-violation || 0 || ET CHAT MSN file transfer accept || url,doc.emergingthreats.net/2001242
1 || 2001243 || 5 || policy-violation || 0 || ET CHAT MSN file transfer reject || url,doc.emergingthreats.net/2001243
1 || 2001253 || 7 || policy-violation || 0 || ET DELETED Yahoo IM successful logon || url,doc.emergingthreats.net/2001253
1 || 2001254 || 5 || policy-violation || 0 || ET CHAT Yahoo IM voicechat || url,doc.emergingthreats.net/2001254
1 || 2001255 || 6 || policy-violation || 0 || ET CHAT Yahoo IM ping || url,doc.emergingthreats.net/2001255
1 || 2001256 || 5 || policy-violation || 0 || ET CHAT Yahoo IM conference invitation || url,doc.emergingthreats.net/2001256
1 || 2001257 || 5 || policy-violation || 0 || ET CHAT Yahoo IM conference logon success || url,doc.emergingthreats.net/2001257
1 || 2001258 || 5 || policy-violation || 0 || ET CHAT Yahoo IM conference message || url,doc.emergingthreats.net/2001258
1 || 2001259 || 6 || policy-violation || 0 || ET CHAT Yahoo IM file transfer request || url,doc.emergingthreats.net/2001259
1 || 2001260 || 6 || policy-violation || 0 || ET CHAT Yahoo IM message || url,doc.emergingthreats.net/2001260
1 || 2001261 || 6 || policy-violation || 0 || ET DELETED Yahoo IM successful chat join || url,doc.emergingthreats.net/2001261
1 || 2001262 || 5 || policy-violation || 0 || ET CHAT Yahoo IM conference offer invitation || url,doc.emergingthreats.net/2001262
1 || 2001263 || 5 || policy-violation || 0 || ET CHAT Yahoo IM conference request || url,doc.emergingthreats.net/2001263
1 || 2001264 || 5 || policy-violation || 0 || ET CHAT Yahoo IM conference watch || url,doc.emergingthreats.net/2001264
1 || 2001266 || 15 || trojan-activity || 0 || ET DELETED Browseraid.com Agent Reporting Data || url,www.browseraid.com || url,doc.emergingthreats.net/bin/view/Main/2001266
1 || 2001267 || 18 || misc-activity || 0 || ET POLICY Weatherbug Activity || url,doc.emergingthreats.net/bin/view/Main/2001267
1 || 2001269 || 16 || trojan-activity || 0 || ET WORM Beagle User Agent Detected || url,securityresponse.symantec.com/avcenter/venc/data/w32.beagle.i@mm.html || url,doc.emergingthreats.net/2001269
1 || 2001273 || 13 || trojan-activity || 0 || ET WORM Outbound W32.Novarg.A worm || url,securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.a@mm.html || url,doc.emergingthreats.net/2001273
1 || 2001293 || 13 || trojan-activity || 0 || ET DELETED Featured-Results.com Agent Reporting Data || url,www.featured-results.com || url,doc.emergingthreats.net/bin/view/Main/2001293
1 || 2001294 || 5 || successful-admin || 0 || ET POLICY Dameware Remote Control Service Install || url,doc.emergingthreats.net/2001294
1 || 2001295 || 24 || trojan-activity || 0 || ET DELETED Browseraid.com User-Agent (Browser Adv) || url,www.browseraid.com || url,doc.emergingthreats.net/2001295
1 || 2001296 || 9 || policy-violation || 0 || ET P2P eDonkey File Status || url,www.edonkey.com || url,doc.emergingthreats.net/bin/view/Main/2001296
1 || 2001297 || 10 || policy-violation || 0 || ET P2P eDonkey File Status Request || url,www.edonkey.com || url,doc.emergingthreats.net/bin/view/Main/2001297
1 || 2001298 || 9 || policy-violation || 0 || ET P2P eDonkey Server Status Request || url,www.edonkey.com || url,doc.emergingthreats.net/bin/view/Main/2001298
1 || 2001299 || 9 || policy-violation || 0 || ET P2P eDonkey Server Status || url,www.edonkey.com || url,doc.emergingthreats.net/bin/view/Main/2001299
1 || 2001304 || 10 || trojan-activity || 0 || ET DELETED Browseraid.com Agent Updating || url,www.browseraid.com || url,doc.emergingthreats.net/bin/view/Main/2001304
1 || 2001306 || 11 || policy-violation || 0 || ET MALWARE Gator/Clarian Agent || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999 || url,doc.emergingthreats.net/bin/view/Main/2001306
1 || 2001307 || 8 || trojan-activity || 0 || ET MALWARE Wild Tangent Agent Installation || url,www.spyany.com/program/article_spw_rm_WildTangent.html || url,www.wildtangent.com || url,doc.emergingthreats.net/bin/view/Main/2001307
1 || 2001308 || 11 || policy-violation || 0 || ET MALWARE Internet Optomizer Reporting Data || url,securityresponse.symantec.com/avcenter/venc/data/adware.netoptimizer.html || url,doc.emergingthreats.net/bin/view/Main/2001308
1 || 2001309 || 8 || trojan-activity || 0 || ET MALWARE Wild Tangent Agent Checking In || url,www.spyany.com/program/article_spw_rm_WildTangent.html || url,www.wildtangent.com || url,doc.emergingthreats.net/bin/view/Main/2001309
1 || 2001310 || 8 || trojan-activity || 0 || ET MALWARE Wild Tangent Agent Traffic || url,www.spyany.com/program/article_spw_rm_WildTangent.html || url,www.wildtangent.com || url,doc.emergingthreats.net/bin/view/Main/2001310
1 || 2001311 || 7 || trojan-activity || 0 || ET MALWARE Rdxrp.com Traffic || url,doc.emergingthreats.net/bin/view/Main/2001311
1 || 2001312 || 7 || trojan-activity || 0 || ET MALWARE Rdxrp.com Traffic (Generic) || url,doc.emergingthreats.net/bin/view/Main/2001312
1 || 2001313 || 8 || policy-violation || 0 || ET MALWARE Traffic Syndicate Add/Remove || url,doc.emergingthreats.net/bin/view/Main/2001313
1 || 2001314 || 8 || trojan-activity || 0 || ET MALWARE Wild Tangent Agent || url,www.spyany.com/program/article_spw_rm_WildTangent.html || url,www.wildtangent.com || url,doc.emergingthreats.net/bin/view/Main/2001314
1 || 2001315 || 10 || policy-violation || 0 || ET MALWARE Traffic Syndicate Agent Updating (1) || url,doc.emergingthreats.net/bin/view/Main/2001315
1 || 2001316 || 10 || policy-violation || 0 || ET MALWARE Traffic Syndicate Agent Updating (2) || url,doc.emergingthreats.net/bin/view/Main/2001316
1 || 2001317 || 10 || trojan-activity || 0 || ET MALWARE Webhancer Data Upload || url,securityresponse.symantec.com/avcenter/venc/data/spyware.webhancer.html || url,doc.emergingthreats.net/bin/view/Main/2001317
1 || 2001318 || 8 || policy-violation || 0 || ET DELETED Adwave Agent Access || url,www.intermute.com/spyware/HuntBar.html || url,doc.emergingthreats.net/bin/view/Main/2001318
1 || 2001320 || 7 || trojan-activity || 0 || ET DELETED Speedera Agent || url,doc.emergingthreats.net/bin/view/Main/2001320
1 || 2001321 || 7 || trojan-activity || 0 || ET MALWARE Speedera Agent (Specific) || url,doc.emergingthreats.net/bin/view/Main/2001321
1 || 2001322 || 8 || trojan-activity || 0 || ET MALWARE Wild Tangent New Install || url,www.spyany.com/program/article_spw_rm_WildTangent.html || url,www.wildtangent.com || url,doc.emergingthreats.net/bin/view/Main/2001322
1 || 2001325 || 10 || trojan-activity || 0 || ET MALWARE Websearch.com Spyware || mcafee,131461 || url,doc.emergingthreats.net/bin/view/Main/2001325
1 || 2001328 || 13 || policy-violation || 0 || ET POLICY SSN Detected in Clear Text (dashed) || url,doc.emergingthreats.net/2001328
1 || 2001329 || 8 || misc-activity || 0 || ET POLICY RDP connection request || url,doc.emergingthreats.net/2001329
1 || 2001330 || 8 || misc-activity || 0 || ET POLICY RDP connection confirm || url,doc.emergingthreats.net/2001330
1 || 2001331 || 8 || misc-activity || 0 || ET POLICY RDP disconnect request || url,doc.emergingthreats.net/2001331
1 || 2001334 || 8 || trojan-activity || 0 || ET MALWARE Ezula || url,www.ezula.com || url,www.spyany.com/program/article_spw_rm_eZuLa.html || url,doc.emergingthreats.net/bin/view/Main/2001334
1 || 2001335 || 9 || trojan-activity || 0 || ET MALWARE Ezula Installer Download || url,www.ezula.com || url,www.spyany.com/program/article_spw_rm_eZuLa.html || url,doc.emergingthreats.net/bin/view/Main/2001335
1 || 2001337 || 7 || trojan-activity || 0 || ET WORM Korgo.P offering executable || url,www.f-secure.com/v-descs/korgo_p.shtml || url,doc.emergingthreats.net/2001337
1 || 2001338 || 8 || trojan-activity || 0 || ET WORM Korgo.P binary upload || url,www.f-secure.com/v-descs/korgo_p.shtml || url,doc.emergingthreats.net/2001338
1 || 2001339 || 9 || trojan-activity || 0 || ET MALWARE BInet Information Upload || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html || url,doc.emergingthreats.net/bin/view/Main/2001339
1 || 2001340 || 11 || trojan-activity || 0 || ET MALWARE LocalNRD Spyware Checkin || url,www.localnrd.com || url,doc.emergingthreats.net/bin/view/Main/2001340
1 || 2001341 || 11 || policy-violation || 0 || ET MALWARE OfferOptimizer.com Spyware || url,www.offeroptimizer.com || url,doc.emergingthreats.net/bin/view/Main/2001341
1 || 2001342 || 25 || web-application-attack || 0 || ET WEB_SERVER IIS ASP.net Auth Bypass / Canonicalization || url,doc.emergingthreats.net/2001342 || cve,CVE-2004-0847
1 || 2001343 || 22 || web-application-attack || 0 || ET WEB_SERVER IIS ASP.net Auth Bypass / Canonicalization % 5 C || url,doc.emergingthreats.net/2001343
1 || 2001345 || 9 || trojan-activity || 0 || ET MALWARE Bonziportal Traffic || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=59256 || url,doc.emergingthreats.net/bin/view/Main/2001345
1 || 2001346 || 9 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn preteen || url,doc.emergingthreats.net/bin/view/Main/2001346
1 || 2001347 || 9 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn pre-teen || url,doc.emergingthreats.net/bin/view/Main/2001347
1 || 2001348 || 9 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn early teen || url,doc.emergingthreats.net/bin/view/Main/2001348
1 || 2001349 || 9 || policy-violation || 0 || ET INAPPROPRIATE free XXX || url,doc.emergingthreats.net/bin/view/Main/2001349
1 || 2001350 || 9 || policy-violation || 0 || ET INAPPROPRIATE hardcore anal || url,doc.emergingthreats.net/bin/view/Main/2001350
1 || 2001351 || 9 || policy-violation || 0 || ET INAPPROPRIATE masturbation || url,doc.emergingthreats.net/bin/view/Main/2001351
1 || 2001352 || 9 || policy-violation || 0 || ET INAPPROPRIATE ejaculation || url,doc.emergingthreats.net/bin/view/Main/2001352
1 || 2001353 || 9 || policy-violation || 0 || ET INAPPROPRIATE BDSM || url,doc.emergingthreats.net/bin/view/Main/2001353
1 || 2001359 || 9 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Access || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001359
1 || 2001363 || 7 || shellcode-detect || 0 || ET EXPLOIT Possible MS04-032 Windows Metafile (.emf) Heap Overflow Portbind Attempt || url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx || url,doc.emergingthreats.net/bin/view/Main/2001363
1 || 2001364 || 7 || shellcode-detect || 0 || ET EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Connectback Attempt || url,www.microsoft.com/technet/security/bulletin/ms04-032.mspx || url,doc.emergingthreats.net/bin/view/Main/2001364
1 || 2001365 || 12 || web-application-activity || 0 || ET WEB_SERVER Alternate Data Stream source view attempt || url,support.microsoft.com/kb/q188806/ || cve,1999-0278 || url,doc.emergingthreats.net/2001365
1 || 2001366 || 10 || attempted-dos || 0 || ET DOS Possible Microsoft SQL Server Remote Denial Of Service Attempt || bugtraq,11265 || url,doc.emergingthreats.net/bin/view/Main/2001366
1 || 2001369 || 7 || shellcode-detect || 0 || ET EXPLOIT MS04-032 Windows Metafile (.emf) Heap Overflow Exploit || url,www.k-otik.com/exploits/20041020.HOD-ms04032-emf-expl2.c.php || url,doc.emergingthreats.net/bin/view/Main/2001369
1 || 2001374 || 8 || misc-activity || 0 || ET EXPLOIT MS04-032 Bad EMF file || url,www.sygate.com/alerts/SSR20041013-0001.htm || url,doc.emergingthreats.net/bin/view/Main/2001374
1 || 2001375 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (16 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001375
1 || 2001376 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (16 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001376
1 || 2001377 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (16 digit) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001377
1 || 2001378 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (15 digit) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001378
1 || 2001379 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (15 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001379
1 || 2001380 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (15 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001380
1 || 2001381 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (14 digit) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001381
1 || 2001382 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (14 digit spaced) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001382
1 || 2001383 || 12 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (14 digit dashed) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2001383
1 || 2001384 || 13 || policy-violation || 0 || ET POLICY SSN Detected in Clear Text (spaced) || url,doc.emergingthreats.net/2001384
1 || 2001385 || 6 || shellcode-detect || 0 || ET EXPLOIT Possible ShixxNote buffer-overflow + remote shell attempt || url,aluigi.altervista.org/adv/shixxbof-adv.txt || url,doc.emergingthreats.net/bin/view/Main/2001385
1 || 2001386 || 7 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn pthc || url,doc.emergingthreats.net/bin/view/Main/2001386
1 || 2001387 || 7 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn zeps || url,doc.emergingthreats.net/bin/view/Main/2001387
1 || 2001388 || 7 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn r@ygold || url,doc.emergingthreats.net/bin/view/Main/2001388
1 || 2001389 || 7 || policy-violation || 0 || ET INAPPROPRIATE Kiddy Porn childlover || url,doc.emergingthreats.net/bin/view/Main/2001389
1 || 2001392 || 11 || policy-violation || 0 || ET INAPPROPRIATE Sextracker Tracking Code Detected (1) || url,doc.emergingthreats.net/bin/view/Main/2001392
1 || 2001393 || 11 || policy-violation || 0 || ET INAPPROPRIATE Sextracker Tracking Code Detected (2) || url,doc.emergingthreats.net/bin/view/Main/2001393
1 || 2001395 || 10 || trojan-activity || 0 || ET MALWARE ISearchTech.com XXXPornToolbar Activity (2) || url,www.isearchtech.com || url,doc.emergingthreats.net/bin/view/Main/2001395
1 || 2001396 || 8 || policy-violation || 0 || ET MALWARE Internet Optimizer Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.netoptimizer.html || url,doc.emergingthreats.net/bin/view/Main/2001396
1 || 2001397 || 12 || trojan-activity || 0 || ET DELETED 180solutions Spyware (tracked event reported) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2001397
1 || 2001398 || 9 || policy-violation || 0 || ET MALWARE Bfast.com Spyware || url,doc.emergingthreats.net/bin/view/Main/2001398
1 || 2001399 || 10 || trojan-activity || 0 || ET DELETED 180solutions Spyware (action url reported) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2001399
1 || 2001400 || 12 || trojan-activity || 0 || ET DELETED 180solutions Spyware Reporting || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2001400
1 || 2001402 || 5 || not-suspicious || 0 || ET POLICY ZIPPED DOC in transit || url,doc.emergingthreats.net/2001402
1 || 2001403 || 5 || not-suspicious || 0 || ET POLICY ZIPPED XLS in transit || url,doc.emergingthreats.net/2001403
1 || 2001404 || 5 || not-suspicious || 0 || ET POLICY ZIPPED EXE in transit || url,doc.emergingthreats.net/2001404
1 || 2001405 || 5 || not-suspicious || 0 || ET POLICY ZIPPED PPT in transit || url,doc.emergingthreats.net/2001405
1 || 2001406 || 10 || suspicious-filename-detect || 0 || ET POLICY Possible hidden zip extension .cpl || url,doc.emergingthreats.net/2001406
1 || 2001407 || 10 || suspicious-filename-detect || 0 || ET POLICY Possible hidden zip extension .pif || url,doc.emergingthreats.net/2001407
1 || 2001408 || 10 || suspicious-filename-detect || 0 || ET POLICY Possible hidden zip extension .scr || url,doc.emergingthreats.net/2001408
1 || 2001415 || 10 || trojan-activity || 0 || ET DELETED E2give Related Downloading IeBHOs.dll || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728 || url,doc.emergingthreats.net/bin/view/Main/2001415
1 || 2001416 || 9 || trojan-activity || 0 || ET MALWARE E2give Related Reporting Install || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728 || url,doc.emergingthreats.net/bin/view/Main/2001416
1 || 2001417 || 10 || trojan-activity || 0 || ET MALWARE E2give Related Receiving Config || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728 || url,doc.emergingthreats.net/bin/view/Main/2001417
1 || 2001418 || 9 || trojan-activity || 0 || ET MALWARE E2give Related Downloading Code || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728 || url,doc.emergingthreats.net/bin/view/Main/2001418
1 || 2001423 || 9 || trojan-activity || 0 || ET MALWARE E2give Related Reporting || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728 || url,doc.emergingthreats.net/bin/view/Main/2001423
1 || 2001424 || 7 || policy-violation || 0 || ET POLICY Gmail Inbox Access || url,doc.emergingthreats.net/2001424
1 || 2001425 || 16 || policy-violation || 0 || ET POLICY Gmail File Send || url,doc.emergingthreats.net/2001425
1 || 2001426 || 9 || policy-violation || 0 || ET POLICY Gmail Message Send || url,doc.emergingthreats.net/2001426
1 || 2001427 || 5 || policy-violation || 0 || ET CHAT Yahoo IM Unavailable Status || url,doc.emergingthreats.net/2001427
1 || 2001430 || 10 || trojan-activity || 0 || ET DELETED Bofra Victim Accessing Reactor Page || url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html || url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631 || url,doc.emergingthreats.net/2001430
1 || 2001440 || 7 || trojan-activity || 0 || ET MALWARE Abox Download || url,doc.emergingthreats.net/bin/view/Main/2001440
1 || 2001441 || 13 || trojan-activity || 0 || ET MALWARE Abox Install Report || url,securityresponse.symantec.com/avcenter/venc/data/adware.adultbox.html || url,doc.emergingthreats.net/bin/view/Main/2001441
1 || 2001442 || 11 || trojan-activity || 0 || ET MALWARE Statblaster.MemoryWatcher Download || url,www.memorywatcher.com/eula.aspx || url,doc.emergingthreats.net/bin/view/Main/2001442
1 || 2001443 || 10 || policy-violation || 0 || ET MALWARE WhenUClick.com Desktop Bar App Checkin || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2001443
1 || 2001444 || 13 || trojan-activity || 0 || ET MALWARE Overpro Spyware Bundle Install || url,www.wildarcade.com || url,doc.emergingthreats.net/bin/view/Main/2001444
1 || 2001445 || 12 || policy-violation || 0 || ET MALWARE PeopleOnPage Install || url,www.peopleonpage.com || url,www.safer-networking.org/en/threats/602.html || url,doc.emergingthreats.net/bin/view/Main/2001445
1 || 2001446 || 12 || policy-violation || 0 || ET DELETED PeopleOnPage Ping || url,www.peopleonpage.com || url,www.safer-networking.org/en/threats/602.html || url,doc.emergingthreats.net/bin/view/Main/2001446
1 || 2001447 || 8 || trojan-activity || 0 || ET MALWARE 2nd-thought (W32.Daqa.C) Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.secondthought.html || url,doc.emergingthreats.net/bin/view/Main/2001447
1 || 2001448 || 12 || trojan-activity || 0 || ET MALWARE MediaTickets Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.winad.html || url,doc.emergingthreats.net/bin/view/Main/2001448
1 || 2001449 || 8 || attempted-user || 0 || ET POLICY Proxy Connection detected || url,doc.emergingthreats.net/2001449
1 || 2001450 || 13 || trojan-activity || 0 || ET MALWARE Wintools Download/Configure || url,www.intermute.com/spyware/HuntBar.html || url,doc.emergingthreats.net/bin/view/Main/2001450
1 || 2001451 || 8 || policy-violation || 0 || ET MALWARE Bundleware Spyware Download || url,doc.emergingthreats.net/bin/view/Main/2001451
1 || 2001452 || 8 || trojan-activity || 0 || ET MALWARE Bundleware Spyware CHM Download || url,doc.emergingthreats.net/bin/view/Main/2001452
1 || 2001453 || 8 || policy-violation || 0 || ET MALWARE Couponage Download || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453090725 || url,doc.emergingthreats.net/bin/view/Main/2001453
1 || 2001454 || 8 || policy-violation || 0 || ET MALWARE Couponage Configure || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453090725 || url,doc.emergingthreats.net/bin/view/Main/2001454
1 || 2001455 || 7 || policy-violation || 0 || ET MALWARE Couponage Reporting || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453090725 || url,doc.emergingthreats.net/bin/view/Main/2001455
1 || 2001456 || 7 || policy-violation || 0 || ET MALWARE ContextPanel Reporting || url,doc.emergingthreats.net/bin/view/Main/2001456
1 || 2001458 || 7 || trojan-activity || 0 || ET MALWARE Bundleware Spyware cab Download || url,doc.emergingthreats.net/bin/view/Main/2001458
1 || 2001459 || 11 || trojan-activity || 0 || ET MALWARE Overpro Spyware Games || url,securityresponse.symantec.com/avcenter/venc/data/adware.overpro.html || url,doc.emergingthreats.net/bin/view/Main/2001459
1 || 2001460 || 10 || trojan-activity || 0 || ET MALWARE Sexmaniack Install Tracking || url,doc.emergingthreats.net/bin/view/Main/2001460
1 || 2001461 || 10 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (1) || url,doc.emergingthreats.net/bin/view/Main/2001461
1 || 2001462 || 9 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs Occuring || url,doc.emergingthreats.net/bin/view/Main/2001462
1 || 2001463 || 11 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (2) || url,doc.emergingthreats.net/bin/view/Main/2001463
1 || 2001464 || 10 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (3) || url,doc.emergingthreats.net/bin/view/Main/2001464
1 || 2001466 || 10 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (4) || url,doc.emergingthreats.net/bin/view/Main/2001466
1 || 2001467 || 10 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (5) || url,doc.emergingthreats.net/bin/view/Main/2001467
1 || 2001468 || 9 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs CHM Exploit || url,doc.emergingthreats.net/bin/view/Main/2001468
1 || 2001469 || 10 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (6) || url,doc.emergingthreats.net/bin/view/Main/2001469
1 || 2001470 || 10 || trojan-activity || 0 || ET MALWARE Xpire.info Multiple Spyware Installs (7) || url,doc.emergingthreats.net/bin/view/Main/2001470
1 || 2001471 || 9 || trojan-activity || 0 || ET MALWARE Xpire.info Spyware Exploit || url,doc.emergingthreats.net/bin/view/Main/2001471
1 || 2001472 || 9 || trojan-activity || 0 || ET MALWARE Xpire.info Spyware Install Reporting || url,doc.emergingthreats.net/bin/view/Main/2001472
1 || 2001473 || 9 || trojan-activity || 0 || ET DELETED Searchmeup Spyware Install (toolbar) || url,doc.emergingthreats.net/bin/view/Main/2001473
1 || 2001474 || 9 || trojan-activity || 0 || ET MALWARE Searchmeup Spyware Install (prog) || url,doc.emergingthreats.net/bin/view/Main/2001474
1 || 2001475 || 9 || trojan-activity || 0 || ET MALWARE Searchmeup Spyware Receiving Commands || url,doc.emergingthreats.net/bin/view/Main/2001475
1 || 2001479 || 9 || trojan-activity || 0 || ET MALWARE Coolsearch Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2001479
1 || 2001480 || 9 || trojan-activity || 0 || ET MALWARE Searchmeup Spyware Install (systime) || url,doc.emergingthreats.net/bin/view/Main/2001480
1 || 2001481 || 8 || trojan-activity || 0 || ET MALWARE MediaTickets Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.winad.html || url,doc.emergingthreats.net/bin/view/Main/2001481
1 || 2001482 || 8 || trojan-activity || 0 || ET MALWARE thebestsoft4u.com Spyware Install (1) || url,doc.emergingthreats.net/bin/view/Main/2001482
1 || 2001483 || 9 || trojan-activity || 0 || ET MALWARE Searchmeup Spyware Install (mstask) || url,doc.emergingthreats.net/bin/view/Main/2001483
1 || 2001484 || 9 || trojan-activity || 0 || ET MALWARE Searchmeup Spyware Install (d.exe) || url,doc.emergingthreats.net/bin/view/Main/2001484
1 || 2001485 || 8 || trojan-activity || 0 || ET MALWARE thebestsoft4u.com Spyware Install (2) || url,doc.emergingthreats.net/bin/view/Main/2001485
1 || 2001486 || 9 || trojan-activity || 0 || ET DELETED thebestsoft4u.com Spyware Install (3) || url,doc.emergingthreats.net/bin/view/Main/2001486
1 || 2001488 || 9 || trojan-activity || 0 || ET MALWARE Tibsystems Spyware Download || url,doc.emergingthreats.net/bin/view/Main/2001488
1 || 2001489 || 9 || trojan-activity || 0 || ET MALWARE Spygalaxy.ws Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2001489
1 || 2001490 || 10 || trojan-activity || 0 || ET MALWARE ICQ-Update.biz Reporting Install || url,doc.emergingthreats.net/bin/view/Main/2001490
1 || 2001491 || 11 || trojan-activity || 0 || ET MALWARE Xpire.info Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2001491
1 || 2001492 || 37 || trojan-activity || 0 || ET MALWARE ISearchTech.com XXXPornToolbar Activity (MyApp) || url,www.isearchtech.com || url,doc.emergingthreats.net/2001492
1 || 2001493 || 35 || trojan-activity || 0 || ET USER_AGENTS ISearchTech.com XXXPornToolbar Activity (IST) || url,www.isearchtech.com || url,doc.emergingthreats.net/2001493
1 || 2001494 || 8 || trojan-activity || 0 || ET MALWARE Clickspring.net Spyware Reporting Successful Install || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453082745 || url,doc.emergingthreats.net/bin/view/Main/2001494
1 || 2001495 || 10 || trojan-activity || 0 || ET MALWARE Outerinfo.com Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2001495
1 || 2001496 || 7 || trojan-activity || 0 || ET MALWARE Outerinfo.com Spyware Advertising Campaign Download || url,doc.emergingthreats.net/bin/view/Main/2001496
1 || 2001497 || 8 || trojan-activity || 0 || ET MALWARE Outerinfo.com Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2001497
1 || 2001498 || 30 || trojan-activity || 0 || ET MALWARE Internet Optimizer Activity User-Agent (IOKernel) || url,doc.emergingthreats.net/2001498
1 || 2001499 || 10 || trojan-activity || 0 || ET MALWARE Look2me Spyware Activity (1) || url,securityresponse.symantec.com/avcenter/venc/data/adware.look2me.html || url,doc.emergingthreats.net/bin/view/Main/2001499
1 || 2001500 || 8 || trojan-activity || 0 || ET MALWARE Clickspring.net Spyware Reporting || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453082745 || url,doc.emergingthreats.net/bin/view/Main/2001500
1 || 2001501 || 9 || trojan-activity || 0 || ET MALWARE Clickspring.net Spyware Reporting || url,sarc.com/avcenter/venc/data/adware.bargainbuddy.html || url,doc.emergingthreats.net/bin/view/Main/2001501
1 || 2001503 || 10 || trojan-activity || 0 || ET MALWARE Medialoads.com Spyware Config || url,doc.emergingthreats.net/bin/view/Main/2001503
1 || 2001505 || 10 || trojan-activity || 0 || ET MALWARE Smartpops.com Spyware Install rh.exe || url,securityresponse.symantec.com/avcenter/venc/data/adware.smartpops.html || url,doc.emergingthreats.net/bin/view/Main/2001505
1 || 2001507 || 12 || trojan-activity || 0 || ET MALWARE Medialoads.com Spyware Identifying Country of Origin || url,doc.emergingthreats.net/bin/view/Main/2001507
1 || 2001508 || 12 || trojan-activity || 0 || ET DELETED Medialoads.com Spyware Reporting (download.cgi) || url,doc.emergingthreats.net/bin/view/Main/2001508
1 || 2001509 || 11 || trojan-activity || 0 || ET MALWARE Medialoads.com Spyware Reporting (register.cgi) || url,doc.emergingthreats.net/bin/view/Main/2001509
1 || 2001510 || 9 || trojan-activity || 0 || ET MALWARE SurfAssistant.com Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.sa.html || url,doc.emergingthreats.net/bin/view/Main/2001510
1 || 2001513 || 9 || trojan-activity || 0 || ET MALWARE Smartpops.com Spyware Update || url,securityresponse.symantec.com/avcenter/venc/data/adware.smartpops.html || url,doc.emergingthreats.net/bin/view/Main/2001513
1 || 2001514 || 10 || trojan-activity || 0 || ET MALWARE SurfAssistant.com Spyware Reporting || url,securityresponse.symantec.com/avcenter/venc/data/adware.sa.html || url,doc.emergingthreats.net/bin/view/Main/2001514
1 || 2001516 || 9 || trojan-activity || 0 || ET MALWARE Smartpops.com Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.smartpops.html || url,doc.emergingthreats.net/bin/view/Main/2001516
1 || 2001517 || 9 || trojan-activity || 0 || ET MALWARE Websearch.com Outbound Dialer Retrieval || mcafee,131461 || url,doc.emergingthreats.net/bin/view/Main/2001517
1 || 2001520 || 10 || trojan-activity || 0 || ET MALWARE Spywaremover Activity || url,securityresponse.symantec.com/avcenter/venc/data/adware.topantispyware.html || url,doc.emergingthreats.net/bin/view/Main/2001520
1 || 2001521 || 12 || trojan-activity || 0 || ET MALWARE Spywaremover Activity || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453087903 || url,doc.emergingthreats.net/bin/view/Main/2001521
1 || 2001522 || 14 || trojan-activity || 0 || ET MALWARE SpywareLabs Application Install || url,doc.emergingthreats.net/bin/view/Main/2001522
1 || 2001523 || 9 || policy-violation || 0 || ET MALWARE Statblaster Receiving New configuration (allfiles) || url,securityresponse.symantec.com/avcenter/venc/data/adware.statblaster.html || url,doc.emergingthreats.net/bin/view/Main/2001523
1 || 2001524 || 8 || policy-violation || 0 || ET MALWARE Statblaster Code Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.statblaster.html || url,doc.emergingthreats.net/bin/view/Main/2001524
1 || 2001525 || 9 || trojan-activity || 0 || ET MALWARE Virtumonde Spyware Code Download mmdom.exe || url,sarc.com/avcenter/venc/data/adware.virtumonde.html || url,doc.emergingthreats.net/bin/view/Main/2001525
1 || 2001526 || 23 || trojan-activity || 0 || ET MALWARE Virtumonde Spyware Code Download bkinst.exe || url,www.lurhq.com/iframeads.html || url,doc.emergingthreats.net/bin/view/Main/2001526
1 || 2001529 || 12 || trojan-activity || 0 || ET MALWARE Casalemedia Access, Likely Spyware || url,doc.emergingthreats.net/bin/view/Main/2001529
1 || 2001530 || 10 || trojan-activity || 0 || ET MALWARE ak-networks.com Spyware Code Download || url,doc.emergingthreats.net/bin/view/Main/2001530
1 || 2001531 || 14 || trojan-activity || 0 || ET DELETED C4tdownload.com Access, Likely Spyware || url,sarc.com/avcenter/venc/data/adware.clickdloader.b.html || url,doc.emergingthreats.net/bin/view/Main/2001531
1 || 2001532 || 13 || trojan-activity || 0 || ET DELETED Searchmiracle.com Access, Likely Spyware || url,securityresponse.symantec.com/avcenter/venc/data/trojan.elitebar.html || url,doc.emergingthreats.net/bin/view/Main/2001532
1 || 2001533 || 11 || trojan-activity || 0 || ET MALWARE Searchmiracle.com Spyware Installer silent.exe Download || url,www.searchmiracle.com/silent.exe || url,doc.emergingthreats.net/bin/view/Main/2001533
1 || 2001534 || 13 || trojan-activity || 0 || ET MALWARE Searchmiracle.com Spyware Install (silent_install) || url,www.searchmiracle.com || url,doc.emergingthreats.net/bin/view/Main/2001534
1 || 2001535 || 13 || trojan-activity || 0 || ET MALWARE Searchmiracle.com Spyware Install (protector.exe) || url,www.searchmiracle.com || url,doc.emergingthreats.net/bin/view/Main/2001535
1 || 2001536 || 9 || trojan-activity || 0 || ET MALWARE Spyspotter.com Install || url,doc.emergingthreats.net/bin/view/Main/2001536
1 || 2001537 || 15 || trojan-activity || 0 || ET MALWARE Spyspotter.com Access || url,doc.emergingthreats.net/bin/view/Main/2001537
1 || 2001538 || 8 || trojan-activity || 0 || ET MALWARE Oenji.com Install || url,doc.emergingthreats.net/bin/view/Main/2001538
1 || 2001539 || 11 || trojan-activity || 0 || ET MALWARE Spyspotter.com Access, Likely Spyware || url,doc.emergingthreats.net/bin/view/Main/2001539
1 || 2001540 || 11 || trojan-activity || 0 || ET MALWARE Searchmiracle.com Spyware Install (v3cab) || url,www.searchmiracle.com || url,doc.emergingthreats.net/bin/view/Main/2001540
1 || 2001541 || 12 || trojan-activity || 0 || ET MALWARE Xpire.info Install Report || url,doc.emergingthreats.net/bin/view/Main/2001541
1 || 2001543 || 7 || misc-activity || 0 || ET EXPLOIT NTDump Session Established Reg-Entry port 445 || url,doc.emergingthreats.net/bin/view/Main/2001543
1 || 2001544 || 7 || misc-activity || 0 || ET EXPLOIT NTDump.exe Service Started port 445 || url,doc.emergingthreats.net/bin/view/Main/2001544
1 || 2001547 || 8 || trojan-activity || 0 || ET DELETED Sobig.E-F Trojan Site Download Request || url,securityresponse.symantec.com/avcenter/venc/data/w32.sobig.e@mm.html || url,doc.emergingthreats.net/2001547
1 || 2001548 || 6 || attempted-admin || 0 || ET WORM Sasser FTP exploit attempt || url,www.lurhq.com/dabber.html || url,doc.emergingthreats.net/2001548
1 || 2001553 || 7 || attempted-dos || 0 || ET SCAN Possible SSL Brute Force attack or Site Crawl || url,doc.emergingthreats.net/2001553
1 || 2001562 || 32 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware User Configuration and Setup Access User-Agent (OSSProxy) || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/2001562
1 || 2001563 || 7 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware SSL Access || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001563
1 || 2001564 || 10 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Proxied Traffic || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001564
1 || 2001569 || 13 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 445 traffic, Potential Scan or Infection || url,doc.emergingthreats.net/2001569
1 || 2001570 || 9 || trojan-activity || 0 || ET MALWARE Spyware Stormer Reporting Data || url,www.spywarestormer.com || url,doc.emergingthreats.net/bin/view/Main/2001570
1 || 2001571 || 9 || trojan-activity || 0 || ET MALWARE Spyware Stormer/Error Guard Activity || url,www.spywarestormer.com || url,doc.emergingthreats.net/bin/view/Main/2001571
1 || 2001576 || 8 || trojan-activity || 0 || ET MALWARE BInet Information Install Report || url,sarc.com/avcenter/venc/data/pf/adware.betterinternet.html || url,doc.emergingthreats.net/bin/view/Main/2001576
1 || 2001579 || 13 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 139 traffic, Potential Scan or Infection || url,doc.emergingthreats.net/2001579
1 || 2001580 || 13 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 137 traffic, Potential Scan or Infection || url,doc.emergingthreats.net/2001580
1 || 2001581 || 13 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 135 traffic, Potential Scan or Infection || url,doc.emergingthreats.net/2001581
1 || 2001582 || 13 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 1434 traffic, Potential Scan or Infection || url,doc.emergingthreats.net/2001582
1 || 2001583 || 14 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 1433 traffic, Potential Scan or Infection || url,doc.emergingthreats.net/2001583
1 || 2001586 || 9 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Proxied Traffic (mitmproxy agent) || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001586
1 || 2001587 || 7 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Upgrading || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001587
1 || 2001588 || 8 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Activity (1) || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001588
1 || 2001589 || 8 || policy-violation || 0 || ET MALWARE MarketScore.com Spyware Activity (2) || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2001589
1 || 2001595 || 10 || policy-violation || 0 || ET CHAT Skype VOIP Checking Version (Startup) || url,www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf || url,doc.emergingthreats.net/2001595
1 || 2001596 || 11 || policy-violation || 0 || ET DELETED Skype VOIP Reporting Install || url,www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf || url,doc.emergingthreats.net/2001596
1 || 2001597 || 5 || policy-violation || 0 || ET POLICY Netop Remote Control Usage || url,www.netop.com || url,doc.emergingthreats.net/2001597
1 || 2001608 || 9 || policy-violation || 0 || ET INAPPROPRIATE Likely Porn || url,doc.emergingthreats.net/bin/view/Main/2001608
1 || 2001609 || 12 || misc-activity || 0 || ET SCAN F5 BIG-IP 3DNS TCP Probe 1 || url,www.f5.com/f5products/v9intro/index.html || url,doc.emergingthreats.net/2001609
1 || 2001610 || 12 || misc-activity || 0 || ET SCAN F5 BIG-IP 3DNS TCP Probe 2 || url,www.f5.com/f5products/v9intro/index.html || url,doc.emergingthreats.net/2001610
1 || 2001611 || 12 || misc-activity || 0 || ET SCAN F5 BIG-IP 3DNS TCP Probe 3 || url,www.f5.com/f5products/v9intro/index.html || url,doc.emergingthreats.net/2001611
1 || 2001616 || 13 || trojan-activity || 0 || ET ATTACK_RESPONSE Zone-H.org defacement notification || url,doc.emergingthreats.net/bin/view/Main/2001616
1 || 2001620 || 10 || string-detect || 0 || ET DELETED Likely Botnet Activity || url,doc.emergingthreats.net/bin/view/Main/2001620
1 || 2001621 || 35 || web-application-attack || 0 || ET DELETED Exploit Suspected PHP Injection Attack (name=) || cve,2002-0953 || url,doc.emergingthreats.net/2001621
1 || 2001622 || 15 || web-application-attack || 0 || ET ACTIVEX winhlp32 ActiveX control attack, phase 1 || url,doc.emergingthreats.net/bin/view/Main/2001622
1 || 2001623 || 14 || web-application-attack || 0 || ET ACTIVEX winhlp32 ActiveX control attack, phase 2 || url,doc.emergingthreats.net/bin/view/Main/2001623
1 || 2001624 || 14 || web-application-attack || 0 || ET ACTIVEX winhlp32 ActiveX control attack, phase 3 || url,doc.emergingthreats.net/bin/view/Main/2001624
1 || 2001628 || 9 || web-application-activity || 0 || ET ATTACK_RESPONSE Outbound PHP Connection || url,doc.emergingthreats.net/bin/view/Main/2001628
1 || 2001639 || 30 || trojan-activity || 0 || ET DELETED Wild Tangent Agent User-Agent (WildTangent) || url,doc.emergingthreats.net/2001639
1 || 2001640 || 23 || policy-violation || 0 || ET DELETED Altnet PeerPoints Manager Traffic User-Agent (Peer Points) || url,doc.emergingthreats.net/2001640
1 || 2001641 || 8 || trojan-activity || 0 || ET MALWARE Microgaming.com Spyware Installation (dlhelper) || url,doc.emergingthreats.net/bin/view/Main/2001641
1 || 2001643 || 9 || trojan-activity || 0 || ET MALWARE Microgaming.com Spyware Installation (2) || url,doc.emergingthreats.net/bin/view/Main/2001643
1 || 2001644 || 8 || trojan-activity || 0 || ET MALWARE Microgaming.com Spyware Reporting Installation || url,doc.emergingthreats.net/bin/view/Main/2001644
1 || 2001645 || 7 || trojan-activity || 0 || ET MALWARE Microgaming.com Spyware Casino App Install || url,doc.emergingthreats.net/bin/view/Main/2001645
1 || 2001646 || 8 || trojan-activity || 0 || ET MALWARE Toprebates.com Install (1) || url,securityresponse.symantec.com/avcenter/venc/data/adware.webrebates.html || url,doc.emergingthreats.net/bin/view/Main/2001646
1 || 2001647 || 8 || trojan-activity || 0 || ET MALWARE Toprebates.com Install (2) || url,securityresponse.symantec.com/avcenter/venc/data/adware.webrebates.html || url,doc.emergingthreats.net/bin/view/Main/2001647
1 || 2001648 || 7 || trojan-activity || 0 || ET MALWARE Toprebates.com User Confirming Membership || url,securityresponse.symantec.com/avcenter/venc/data/adware.webrebates.html || url,doc.emergingthreats.net/bin/view/Main/2001648
1 || 2001650 || 9 || policy-violation || 0 || ET MALWARE Search Scout Related Spyware (content) || url,securityresponse.symantec.com/avcenter/venc/data/adware.searchscout.html || url,doc.emergingthreats.net/bin/view/Main/2001650
1 || 2001652 || 34 || trojan-activity || 0 || ET POLICY JoltID Agent New Code Download || url,www.joltid.com || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,doc.emergingthreats.net/2001652
1 || 2001653 || 9 || policy-violation || 0 || ET MALWARE Search Scout Related Spyware (results) || url,securityresponse.symantec.com/avcenter/venc/data/adware.searchscout.html || url,doc.emergingthreats.net/bin/view/Main/2001653
1 || 2001654 || 11 || trojan-activity || 0 || ET MALWARE JoltID Agent Requesting File || url,www.joltid.com || url,forum.treweeke.com/lofiversion/index.php/t597.html || url,doc.emergingthreats.net/bin/view/Main/2001654
1 || 2001655 || 8 || policy-violation || 0 || ET MALWARE Comet Systems Spyware Traffic (context.xml) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453083029 || url,doc.emergingthreats.net/bin/view/Main/2001655
1 || 2001656 || 7 || trojan-activity || 0 || ET MALWARE GlobalPhon.com Dialer || url,doc.emergingthreats.net/bin/view/Main/2001656
1 || 2001657 || 6 || trojan-activity || 0 || ET MALWARE GlobalPhon.com Dialer Download || url,doc.emergingthreats.net/bin/view/Main/2001657
1 || 2001658 || 8 || policy-violation || 0 || ET MALWARE Comet Systems Spyware Reporting || url,doc.emergingthreats.net/bin/view/Main/2001658
1 || 2001659 || 9 || trojan-activity || 0 || ET MALWARE GlobalPhon.com Dialer (no_pop) || url,doc.emergingthreats.net/bin/view/Main/2001659
1 || 2001660 || 8 || trojan-activity || 0 || ET MALWARE GlobalPhon.com Dialer (add_ocx) || url,doc.emergingthreats.net/bin/view/Main/2001660
1 || 2001664 || 7 || policy-violation || 0 || ET P2P Gnutella Connect || url,www.gnutella.com || url,doc.emergingthreats.net/bin/view/Main/2001664
1 || 2001666 || 7 || policy-violation || 0 || ET MALWARE Metarewards Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2001666
1 || 2001668 || 6 || misc-attack || 0 || ET EXPLOIT Exploit MS05-002 Malformed .ANI stack overflow attack || url,doc.emergingthreats.net/bin/view/Main/2001668
1 || 2001669 || 8 || bad-unknown || 0 || ET POLICY Proxy GET Request || url,doc.emergingthreats.net/2001669
1 || 2001670 || 9 || bad-unknown || 0 || ET POLICY Proxy HEAD Request || url,doc.emergingthreats.net/2001670
1 || 2001674 || 8 || bad-unknown || 0 || ET POLICY Proxy POST Request || url,doc.emergingthreats.net/2001674
1 || 2001675 || 9 || bad-unknown || 0 || ET POLICY Proxy CONNECT Request || url,doc.emergingthreats.net/2001675
1 || 2001677 || 13 || trojan-activity || 0 || ET MALWARE Webhancer Data Post || url,securityresponse.symantec.com/avcenter/venc/data/spyware.webhancer.html || url,doc.emergingthreats.net/bin/view/Main/2001677
1 || 2001678 || 13 || trojan-activity || 0 || ET MALWARE Webhancer Agent Activity || url,securityresponse.symantec.com/avcenter/venc/data/spyware.webhancer.html || url,doc.emergingthreats.net/bin/view/Main/2001678
1 || 2001679 || 13 || trojan-activity || 0 || ET MALWARE JoltID Agent P2P via Proxy Server || url,securityresponse.symantec.com/avcenter/venc/data/adware.p2pnetworking.html || url,doc.emergingthreats.net/bin/view/Main/2001679
1 || 2001682 || 10 || policy-violation || 0 || ET CHAT MSN IM Poll via HTTP || url,doc.emergingthreats.net/2001682
1 || 2001683 || 17 || trojan-activity || 0 || ET MALWARE Windows executable sent when remote host claims to send an image || url,doc.emergingthreats.net/bin/view/Main/2001683
1 || 2001684 || 14 || trojan-activity || 0 || ET DELETED Windows executable sent when remote host claims to send image, Win32 || url,doc.emergingthreats.net/bin/view/Main/2001684
1 || 2001685 || 9 || trojan-activity || 0 || ET DELETED Possible Windows executable sent when remote host claims to send an image || url,doc.emergingthreats.net/bin/view/Main/2001685
1 || 2001686 || 17 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Awstats Remote Code Execution Attempt || url,www.k-otik.com/exploits/20050124.awexpl.c.php || url,www.k-otik.com/exploits/20050302.awstats_shell.c.php || url,awstats.sourceforge.net || url,www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false || bugtraq,12298 || cve,CAN-2005-0116 || url,doc.emergingthreats.net/2001686
1 || 2001689 || 8 || trojan-activity || 0 || ET WORM Potential MySQL bot scanning for SQL server || url,isc.sans.org/diary.php?date=2005-01-27 || url,doc.emergingthreats.net/2001689
1 || 2001696 || 10 || trojan-activity || 0 || ET MALWARE Search Relevancy Spyware || url,securityresponse.symantec.com/avcenter/venc/data/spyware.relevancy.html || url,doc.emergingthreats.net/bin/view/Main/2001696
1 || 2001697 || 9 || trojan-activity || 0 || ET MALWARE ISearchTech Toolbar Data Submission || url,www.isearchtech.com || url,doc.emergingthreats.net/bin/view/Main/2001697
1 || 2001698 || 7 || trojan-activity || 0 || ET DELETED YourSiteBar Data Submision || url,www.ysbweb.com || url,doc.emergingthreats.net/bin/view/Main/2001698
1 || 2001699 || 261 || trojan-activity || 0 || ET MALWARE YourSiteBar User-Agent (istsvc) || url,www.ysbweb.com || url,doc.emergingthreats.net/2001699
1 || 2001700 || 9 || trojan-activity || 0 || ET MALWARE Windupdates.com Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2001700
1 || 2001701 || 9 || trojan-activity || 0 || ET MALWARE Windupdates.com Spyware Loggin Data || url,doc.emergingthreats.net/bin/view/Main/2001701
1 || 2001702 || 37 || policy-violation || 0 || ET MALWARE Shop at Home Select Spyware User-Agent (Bundle) || url,doc.emergingthreats.net/2001702
1 || 2001703 || 34 || trojan-activity || 0 || ET MALWARE Context Plus Spyware User-Agent (Apropos) || url,doc.emergingthreats.net/2001703
1 || 2001704 || 8 || trojan-activity || 0 || ET MALWARE Context Plus Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2001704
1 || 2001705 || 10 || trojan-activity || 0 || ET MALWARE Flingstone Spyware Install (sportsinteraction) || url,securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html || url,doc.emergingthreats.net/bin/view/Main/2001705
1 || 2001706 || 35 || trojan-activity || 0 || ET MALWARE Context Plus Spyware User-Agent (Envolo) || url,doc.emergingthreats.net/2001706
1 || 2001707 || 33 || policy-violation || 0 || ET MALWARE Shop at Home Select Spyware User-Agent (SAH) || url,doc.emergingthreats.net/2001707
1 || 2001708 || 10 || policy-violation || 0 || ET MALWARE Shop at Home Select Spyware Heartbeat || url,securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html || url,doc.emergingthreats.net/bin/view/Main/2001708
1 || 2001710 || 10 || trojan-activity || 0 || ET MALWARE Flingstone Spyware Install (cxtpls) || url,securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html || url,doc.emergingthreats.net/bin/view/Main/2001710
1 || 2001711 || 9 || trojan-activity || 0 || ET USER_AGENTS Likely Spambot Web-based Control Traffic || url,doc.emergingthreats.net/bin/view/Main/2001711
1 || 2001712 || 6 || policy-violation || 0 || ET POLICY MyWebEx Server Traffic || url,www.mywebexpc.com || url,doc.emergingthreats.net/2001712
1 || 2001713 || 6 || policy-violation || 0 || ET POLICY MyWebEx Installation || url,www.mywebexpc.com || url,doc.emergingthreats.net/2001713
1 || 2001714 || 6 || policy-violation || 0 || ET POLICY MyWebEx Incoming Connection || url,www.mywebexpc.com || url,doc.emergingthreats.net/2001714
1 || 2001726 || 10 || trojan-activity || 0 || ET DELETED Trojan-Spy.Win32.Bancos Download || url,securityresponse.symantec.com/avcenter/venc/data/pwsteal.bancos.b.html || url,doc.emergingthreats.net/2001726
1 || 2001729 || 7 || trojan-activity || 0 || ET MALWARE Tibsystems Spyware Install (1) || url,doc.emergingthreats.net/bin/view/Main/2001729
1 || 2001730 || 9 || trojan-activity || 0 || ET MALWARE A-d-w-a-r-e.com Activity (popup) || url,www.a-d-w-a-r-e.com || url,doc.emergingthreats.net/bin/view/Main/2001730
1 || 2001731 || 8 || trojan-activity || 0 || ET MALWARE SurfSidekick Activity || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfsidekick.html || url,doc.emergingthreats.net/bin/view/Main/2001731
1 || 2001733 || 8 || trojan-activity || 0 || ET DELETED CrazyWinnings.com Activity || url,doc.emergingthreats.net/bin/view/Main/2001733
1 || 2001734 || 7 || trojan-activity || 0 || ET MALWARE Tibsystems Spyware Install (2) || url,doc.emergingthreats.net/bin/view/Main/2001734
1 || 2001735 || 9 || trojan-activity || 0 || ET MALWARE A-d-w-a-r-e.com Activity (cmd) || url,www.a-d-w-a-r-e.com || url,doc.emergingthreats.net/bin/view/Main/2001735
1 || 2001736 || 271 || trojan-activity || 0 || ET MALWARE UCMore Spyware User-Agent (UCmore)  || url,doc.emergingthreats.net/2001736
1 || 2001737 || 8 || trojan-activity || 0 || ET MALWARE ak-networks.com Spyware Code Install || url,doc.emergingthreats.net/bin/view/Main/2001737
1 || 2001742 || 9 || attempted-admin || 0 || ET EXPLOIT Arkeia full remote access without password or authentication || url,metasploit.com/research/vulns/arkeia_agent || url,doc.emergingthreats.net/bin/view/Main/2001742
1 || 2001743 || 8 || trojan-activity || 0 || ET TROJAN HackerDefender Root Kit Remote Connection Attempt Detected || url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html || url,doc.emergingthreats.net/2001743
1 || 2001744 || 13 || trojan-activity || 0 || ET MALWARE Searchmiracle.com Spyware Install (install) || url,www.searchmiracle.com || url,doc.emergingthreats.net/bin/view/Main/2001744
1 || 2001746 || 35 || trojan-activity || 0 || ET MALWARE Enhance My Search Spyware User-Agent (HelperH) || url,doc.emergingthreats.net/2001746
1 || 2001747 || 9 || misc-activity || 0 || ET MALWARE My-Stats.com Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2001747
1 || 2001748 || 7 || trojan-activity || 0 || ET MALWARE Pynix.dll BHO Activity || url,www.pynix.com || url,doc.emergingthreats.net/bin/view/Main/2001748
1 || 2001753 || 4 || suspicious-login || 0 || ET EXPLOIT Pwdump4 Session Established GetHash port 139 || url,doc.emergingthreats.net/bin/view/Main/2001753
1 || 2001754 || 4 || suspicious-login || 0 || ET EXPLOIT Pwdump4 Session Established GetHash port 445 || url,doc.emergingthreats.net/bin/view/Main/2001754
1 || 2001761 || 7 || trojan-activity || 0 || ET MALWARE ABX Toolbar ActiveX Install || url,isc.sans.org/diary.php?date=2005-03-04 || url,doc.emergingthreats.net/bin/view/Main/2001761
1 || 2001762 || 10 || web-application-attack || 0 || ET DELETED phpbb Session Cookie || url,www.waraxe.us/ftopict-555.html || url,doc.emergingthreats.net/2001762
1 || 2001764 || 6 || misc-activity || 0 || ET TROJAN Bugbear@MM virus via SMTP || url,www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html || url,doc.emergingthreats.net/2001764
1 || 2001765 || 7 || misc-activity || 0 || ET DELETED BugBear@MM virus in Network share || url,www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html || url,doc.emergingthreats.net/2001765
1 || 2001766 || 6 || misc-activity || 0 || ET DELETED BugBear@MM Worm Copied to Startup Folder || url,www.symantec.com/avcenter/venc/data/w32.bugbear@mm.html || url,doc.emergingthreats.net/2001766
1 || 2001768 || 11 || web-application-activity || 0 || ET WEB_SERVER MSSQL Server OLEDB asp error || url,www.wiretrip.net/rfp/p/doc.asp/i2/d42.htm || url,doc.emergingthreats.net/2001768
1 || 2001780 || 6 || attempted-admin || 0 || ET EXPLOIT Solaris TTYPROMPT environment variable set || url,online.securityfocus.com/archive/1/293844 || url,doc.emergingthreats.net/bin/view/Main/2001780
1 || 2001783 || 7 || policy-violation || 0 || ET MALWARE Media Pass ActiveX Install || url,www.benedelman.org/news/010205-1.html || url,static.windupdates.com/Release/v19/Info.txt || url,doc.emergingthreats.net/bin/view/Main/2001783
1 || 2001793 || 8 || trojan-activity || 0 || ET MALWARE Incredisearch.com Spyware Ping || url,doc.emergingthreats.net/bin/view/Main/2001793
1 || 2001794 || 9 || trojan-activity || 0 || ET MALWARE Incredisearch.com Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2001794
1 || 2001795 || 9 || denial-of-service || 0 || ET DOS Excessive SMTP MAIL-FROM DDoS || url,doc.emergingthreats.net/bin/view/Main/2001795
1 || 2001796 || 5 || policy-violation || 0 || ET P2P Kazaa over UDP || url,www.kazaa.com/us/index.htm || url,doc.emergingthreats.net/bin/view/Main/2001796
1 || 2001801 || 5 || policy-violation || 0 || ET CHAT ICQ Status Invisible || url,doc.emergingthreats.net/2001801
1 || 2001802 || 6 || policy-violation || 0 || ET CHAT ICQ Status Change (1) || url,doc.emergingthreats.net/2001802
1 || 2001803 || 6 || policy-violation || 0 || ET CHAT ICQ Status Change (2) || url,doc.emergingthreats.net/2001803
1 || 2001804 || 5 || policy-violation || 0 || ET CHAT ICQ Login || url,doc.emergingthreats.net/2001804
1 || 2001805 || 5 || policy-violation || 0 || ET CHAT ICQ Message || url,doc.emergingthreats.net/2001805
1 || 2001807 || 8 || attempted-admin || 0 || ET DELETED CAN-2005-0399 Gif Vuln via http || cve,2005-0399 || url,doc.emergingthreats.net/bin/view/Main/2001807
1 || 2001808 || 8 || policy-violation || 0 || ET P2P LimeWire P2P Traffic || url,www.limewire.com || url,doc.emergingthreats.net/bin/view/Main/2001808
1 || 2001809 || 8 || policy-violation || 0 || ET P2P Limewire P2P UDP Traffic || url,www.limewire.com || url,doc.emergingthreats.net/bin/view/Main/2001809
1 || 2001810 || 28 || attempted-admin || 0 || ET DELETED PHP remote file include exploit attempt || url,doc.emergingthreats.net/2001810
1 || 2001811 || 8 || misc-activity || 0 || ET WEB_CLIENT Encoded javascriptdocument.write - usually hostile || url,doc.emergingthreats.net/2001811
1 || 2001812 || 8 || policy-violation || 0 || ET DELETED KazaaClient P2P Traffic || url,www.kazaa.com/us/index.htm || url,doc.emergingthreats.net/bin/view/Main/2001812
1 || 2001815 || 8 || non-standard-protocol || 0 || ET MALWARE Spambot Suspicious 220 Banner on Local Port || url,doc.emergingthreats.net/bin/view/Main/2001815
1 || 2001841 || 8 || policy-violation || 0 || ET DELETED UDP traffic - Likely Limewire || url,www.limewire.com || url,doc.emergingthreats.net/bin/view/Main/2001841
1 || 2001848 || 7 || misc-activity || 0 || ET EXPLOIT MS05-021 Exchange Link State - Possible Attack (1) || cve,CAN-2005-0560 || url,isc.sans.org/diary.php?date=2005-04-12 || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,doc.emergingthreats.net/bin/view/Main/2001848
1 || 2001849 || 7 || misc-activity || 0 || ET EXPLOIT MS05-021 Exchange Link State - Possible Attack (2) || cve,CAN-2005-0560 || url,isc.sans.org/diary.php?date=2005-04-12 || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,doc.emergingthreats.net/bin/view/Main/2001849
1 || 2001850 || 11 || trojan-activity || 0 || ET MALWARE Likely Trojan/Spyware Installer Requested (1) || url,doc.emergingthreats.net/bin/view/Main/2001850
1 || 2001852 || 28 || trojan-activity || 0 || ET MALWARE 404Search Spyware User-Agent (404search) || url,doc.emergingthreats.net/2001852
1 || 2001853 || 26 || trojan-activity || 0 || ET MALWARE Easy Search Bar Spyware User-Agent (ESB) || url,doc.emergingthreats.net/2001853
1 || 2001854 || 24 || trojan-activity || 0 || ET MALWARE EZULA Spyware User Agent || url,doc.emergingthreats.net/2001854
1 || 2001855 || 28 || trojan-activity || 0 || ET MALWARE Fun Web Products Spyware User-Agent (FunWebProducts) || url,doc.emergingthreats.net/2001855
1 || 2001858 || 26 || trojan-activity || 0 || ET MALWARE Hotbar Spyware User-Agent (Hotbar) || url,doc.emergingthreats.net/2001858
1 || 2001864 || 8 || trojan-activity || 0 || ET MALWARE Fun Web Products Spyware User-Agent (MyWay) || url,doc.emergingthreats.net/2001864
1 || 2001865 || 25 || trojan-activity || 0 || ET MALWARE MyWebSearch Spyware User-Agent (MyWebSearch) || url,doc.emergingthreats.net/2001865
1 || 2001867 || 27 || trojan-activity || 0 || ET MALWARE Search Engine 2000 Spyware User-Agent (searchengine) || url,doc.emergingthreats.net/2001867
1 || 2001868 || 26 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (sureseeker) || url,doc.emergingthreats.net/2001868
1 || 2001869 || 26 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (Sidesearch) || url,doc.emergingthreats.net/2001869
1 || 2001870 || 25 || trojan-activity || 0 || ET MALWARE Surfplayer Spyware User-Agent (SurferPlugin) || url,doc.emergingthreats.net/2001870
1 || 2001871 || 23 || trojan-activity || 0 || ET MALWARE Target Saver Spyware User-Agent (TSA) || url,doc.emergingthreats.net/2001871
1 || 2001872 || 29 || trojan-activity || 0 || ET MALWARE Visicom Spyware User-Agent (Visicom) || url,doc.emergingthreats.net/2001872
1 || 2001873 || 9 || misc-activity || 0 || ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021) || cve,CAN-2005-0560 || url,isc.sans.org/diary.php?date=2005-04-12 || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,doc.emergingthreats.net/bin/view/Main/2001873
1 || 2001874 || 8 || misc-activity || 0 || ET EXPLOIT TCP Reset from MS Exchange after chunked data, probably crashed it (MS05-021) || cve,CAN-2005-0560 || url,isc.sans.org/diary.php?date=2005-04-12 || url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx || url,doc.emergingthreats.net/bin/view/Main/2001874
1 || 2001882 || 10 || denial-of-service || 0 || ET DOS ICMP Path MTU lowered below acceptable threshold || cve,CAN-2004-1060 || url,www.microsoft.com/technet/security/bulletin/MS05-019.mspx || url,isc.sans.org/diary.php?date=2005-04-12 || url,doc.emergingthreats.net/bin/view/Main/2001882
1 || 2001884 || 5 || trojan-activity || 0 || ET MALWARE DesktopTraffic Toolbar Spyware || url,research.spysweeper.com/threat_library/threat_details.php?threat=desktoptraffic.net_hijack || url,doc.emergingthreats.net/bin/view/Main/2001884
1 || 2001885 || 8 || policy-violation || 0 || ET MALWARE Begin2Search.com Spyware || url,sarc.com/avcenter/venc/data/adware.begin2search.html || url,doc.emergingthreats.net/bin/view/Main/2001885
1 || 2001890 || 9 || trojan-activity || 0 || ET MALWARE ToolbarPartner Spyware Agent Download (1) || url,toolbarpartner.com || url,doc.emergingthreats.net/bin/view/Main/2001890
1 || 2001891 || 16 || trojan-activity || 0 || ET USER_AGENTS Suspicious User Agent (agent) || url,doc.emergingthreats.net/bin/view/Main/2001891
1 || 2001895 || 8 || trojan-activity || 0 || ET MALWARE ToolbarPartner Spyware Spambot Retrieving Target Emails || url,toolbarpartner.com || url,doc.emergingthreats.net/bin/view/Main/2001895
1 || 2001898 || 6 || policy-violation || 0 || ET POLICY eBay Bid Placed || url,doc.emergingthreats.net/2001898
1 || 2001901 || 10 || trojan-activity || 0 || ET TROJAN Possible Bobax trojan infection || url,www.lurhq.com/bobax.html || url,doc.emergingthreats.net/2001901
1 || 2001904 || 6 || misc-activity || 0 || ET SCAN Behavioral Unusually fast inbound Telnet Connections, Potential Scan or Brute Force || url,www.rapid7.com/nexpose-faq-answer2.htm || url,doc.emergingthreats.net/2001904
1 || 2001906 || 6 || protocol-command-decode || 0 || ET SCAN MYSQL 4.0 brute force root login attempt || url,www.redferni.uklinux.net/mysql/MySQL-323.html || url,doc.emergingthreats.net/2001906
1 || 2001907 || 5 || policy-violation || 0 || ET POLICY eBay Placing Item for sale || url,doc.emergingthreats.net/2001907
1 || 2001908 || 7 || policy-violation || 0 || ET POLICY eBay View Item || url,doc.emergingthreats.net/2001908
1 || 2001909 || 7 || policy-violation || 0 || ET POLICY eBay Watch This Item || url,doc.emergingthreats.net/2001909
1 || 2001910 || 5 || trojan-activity || 0 || ET WORM AIM Bot Outbound Control Channel Open and Login || url,doc.emergingthreats.net/2001910
1 || 2001919 || 6 || trojan-activity || 0 || ET DELETED Greeting card gif.exe email incoming SMTP || url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard@mm.html || url,doc.emergingthreats.net/2001919
1 || 2001920 || 6 || trojan-activity || 0 || ET DELETED Greeting card gif.exe email incoming POP3/IMAP || url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard@mm.html || url,doc.emergingthreats.net/2001920
1 || 2001921 || 6 || trojan-activity || 0 || ET DELETED Greeting card gif.exe email incoming HTTP || url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard@mm.html || url,doc.emergingthreats.net/2001921
1 || 2001928 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XSS Possible Arbitrary Scripting Code Attack in phpBB (private message) || url,www.securitytracker.com/alerts/2005/May/1013918.html || url,doc.emergingthreats.net/2001928
1 || 2001929 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XSS Possible Arbitrary Scripting Code Attack in phpBB (signature) || url,www.securitytracker.com/alerts/2005/May/1013918.html || url,doc.emergingthreats.net/2001929
1 || 2001933 || 10 || trojan-activity || 0 || ET TROJAN PWS Banker Trojan Sending Report of Infection || url,securityresponse.symantec.com/avcenter/venc/data/pwsteal.banker.b.html || url,doc.emergingthreats.net/2001933
1 || 2001944 || 7 || attempted-admin || 0 || ET NETBIOS MS04-007 Kill-Bill ASN1 exploit attempt || url,www.phreedom.org/solar/exploits/msasn1-bitstring/ || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx || cve,CAN-2003-0818 || url,doc.emergingthreats.net/bin/view/Main/2001944
1 || 2001947 || 7 || policy-violation || 0 || ET MALWARE Zenotecnico Adware || url,www.zenotecnico.com || url,doc.emergingthreats.net/bin/view/Main/2001947
1 || 2001949 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Athena Web Registration Remote Command Execution Attempt || cve,CAN-2004-1782 || bugtraq,9349 || url,doc.emergingthreats.net/2001949
1 || 2001959 || 8 || trojan-activity || 0 || ET DELETED Hotword Trojan in Transit || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001959
1 || 2001960 || 7 || trojan-activity || 0 || ET DELETED Hotword Trojan inbound via http || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001960
1 || 2001961 || 10 || trojan-activity || 0 || ET DELETED Hotword Trojan - Possible File Upload CHJO || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001961
1 || 2001962 || 10 || trojan-activity || 0 || ET DELETED Hotword Trojan - Possible File Upload CFXP || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001962
1 || 2001963 || 10 || trojan-activity || 0 || ET DELETED Hotword Trojan - Possible FTP File Request pspv.exe || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001963
1 || 2001964 || 10 || trojan-activity || 0 || ET DELETED Hotword Trojan - Possible FTP File Request .tea || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001964
1 || 2001965 || 10 || trojan-activity || 0 || ET DELETED Hotword Trojan - Possible FTP File Status Upload ___ || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001965
1 || 2001966 || 10 || trojan-activity || 0 || ET DELETED Hotword Trojan - Possible FTP File Status Check ___ || url,securityresponse.symantec.com/avcenter/venc/data/trojan.hotword.html || url,doc.emergingthreats.net/2001966
1 || 2001972 || 17 || misc-activity || 0 || ET SCAN Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection (Inbound) || url,doc.emergingthreats.net/2001972
1 || 2001973 || 7 || misc-activity || 0 || ET POLICY SSH Server Banner Detected on Expected Port || url,doc.emergingthreats.net/2001973
1 || 2001974 || 7 || misc-activity || 0 || ET POLICY SSH Client Banner Detected on Expected Port || url,doc.emergingthreats.net/2001974
1 || 2001975 || 7 || misc-activity || 0 || ET POLICY SSHv2 Server KEX Detected on Expected Port || url,doc.emergingthreats.net/2001975
1 || 2001976 || 8 || misc-activity || 0 || ET POLICY SSHv2 Client KEX Detected on Expected Port || url,doc.emergingthreats.net/2001976
1 || 2001977 || 8 || misc-activity || 0 || ET POLICY SSHv2 Client New Keys detected on Expected Port || url,doc.emergingthreats.net/2001977
1 || 2001978 || 8 || misc-activity || 0 || ET POLICY SSH session in progress on Expected Port || url,doc.emergingthreats.net/2001978
1 || 2001979 || 7 || misc-activity || 0 || ET POLICY SSH Server Banner Detected on Unusual Port || url,doc.emergingthreats.net/2001979
1 || 2001980 || 9 || misc-activity || 0 || ET POLICY SSH Client Banner Detected on Unusual Port || url,doc.emergingthreats.net/2001980
1 || 2001981 || 7 || misc-activity || 0 || ET POLICY SSHv2 Server KEX Detected on Unusual Port || url,doc.emergingthreats.net/2001981
1 || 2001982 || 8 || misc-activity || 0 || ET POLICY SSHv2 Client KEX Detected on Unusual Port || url,doc.emergingthreats.net/2001982
1 || 2001983 || 8 || misc-activity || 0 || ET POLICY SSHv2 Client New Keys Detected on Unusual Port || url,doc.emergingthreats.net/2001983
1 || 2001984 || 9 || misc-activity || 0 || ET POLICY SSH session in progress on Unusual Port || url,doc.emergingthreats.net/2001984
1 || 2001985 || 8 || trojan-activity || 0 || ET DELETED HTTP RBOT Challenge/Response Authentication || url,isc.sans.org/diary.php?date=2005-06-03 || url,www.phreedom.org/solar/exploits/msasn1-bitstring || url,doc.emergingthreats.net/2001985
1 || 2001988 || 4 || attempted-admin || 0 || ET EXPLOIT MySQL MaxDB Buffer Overflow || url,doc.emergingthreats.net/bin/view/Main/2001988
1 || 2001989 || 5 || policy-violation || 0 || ET DELETED Prospero Chat Session in Progress || url,www.prospero.com/technology.htm || url,doc.emergingthreats.net/2001989
1 || 2001990 || 5 || web-application-attack || 0 || ET EXPLOIT JamMail Jammail.pl Remote Command Execution Attempt || bugtraq,13937 || url,doc.emergingthreats.net/bin/view/Main/2001990
1 || 2001992 || 7 || trojan-activity || 0 || ET MALWARE SurfSidekick Download || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfsidekick.html || url,doc.emergingthreats.net/bin/view/Main/2001992
1 || 2001994 || 8 || trojan-activity || 0 || ET MALWARE SurfSidekick Activity (ipixel) || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfsidekick.html || url,doc.emergingthreats.net/bin/view/Main/2001994
1 || 2001995 || 7 || trojan-activity || 0 || ET MALWARE UCMore Spyware Reporting || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=58660 || url,doc.emergingthreats.net/bin/view/Main/2001995
1 || 2001996 || 15 || trojan-activity || 0 || ET MALWARE UCMore Spyware User-Agent (EI) || url,doc.emergingthreats.net/2001996
1 || 2001997 || 8 || trojan-activity || 0 || ET MALWARE TargetNetworks.net Spyware Reporting (req) || url,www.targetnetworks.com || url,doc.emergingthreats.net/bin/view/Main/2001997
1 || 2001998 || 7 || trojan-activity || 0 || ET MALWARE UCMore Spyware Downloading Ads || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=58660 || url,doc.emergingthreats.net/bin/view/Main/2001998
1 || 2001999 || 9 || trojan-activity || 0 || ET MALWARE BTGrab.com Spyware Downloading Ads || url,www.btgrab.com || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453090726 || url,doc.emergingthreats.net/bin/view/Main/2001999
1 || 2002000 || 7 || trojan-activity || 0 || ET MALWARE Shopnav Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/spyware.shopnav.html || url,doc.emergingthreats.net/bin/view/Main/2002000
1 || 2002001 || 7 || trojan-activity || 0 || ET MALWARE 180solutions Spyware Keywords Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002001
1 || 2002002 || 30 || trojan-activity || 0 || ET MALWARE Better Internet Spyware User-Agent (thnall) || url,doc.emergingthreats.net/2002002
1 || 2002003 || 7 || trojan-activity || 0 || ET MALWARE 180solutions Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002003
1 || 2002004 || 8 || trojan-activity || 0 || ET MALWARE Topconverting Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002004
1 || 2002005 || 35 || trojan-activity || 0 || ET USER_AGENTS Better Internet Spyware User-Agent (poller) || url,doc.emergingthreats.net/2002005
1 || 2002008 || 10 || trojan-activity || 0 || ET MALWARE Wild Tangent Install || mcafee,122249 || url,doc.emergingthreats.net/bin/view/Main/2002008
1 || 2002009 || 8 || trojan-activity || 0 || ET MALWARE ESyndicate Spyware Install (esyndicateinst.exe) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453094058 || url,doc.emergingthreats.net/bin/view/Main/2002009
1 || 2002010 || 8 || trojan-activity || 0 || ET MALWARE ESyndicate Spyware Install (sepinst.exe) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453094058 || url,doc.emergingthreats.net/bin/view/Main/2002010
1 || 2002012 || 6 || trojan-activity || 0 || ET MALWARE GrandstreetInteractive.com Install || url,doc.emergingthreats.net/bin/view/Main/2002012
1 || 2002013 || 6 || trojan-activity || 0 || ET MALWARE GrandstreetInteractive.com Update || url,doc.emergingthreats.net/bin/view/Main/2002013
1 || 2002015 || 6 || trojan-activity || 0 || ET MALWARE Internet Fuel.com Install || url,doc.emergingthreats.net/bin/view/Main/2002015
1 || 2002016 || 10 || trojan-activity || 0 || ET MALWARE jmnad1.com Spyware Install (2) || url,doc.emergingthreats.net/bin/view/Main/2002016
1 || 2002017 || 9 || trojan-activity || 0 || ET MALWARE Overpro Spyware Install Report || url,securityresponse.symantec.com/avcenter/venc/data/adware.overpro.html || url,doc.emergingthreats.net/bin/view/Main/2002017
1 || 2002019 || 11 || trojan-activity || 0 || ET MALWARE jmnad1.com Spyware Install (1) || url,doc.emergingthreats.net/bin/view/Main/2002019
1 || 2002021 || 28 || trojan-activity || 0 || ET MALWARE Grandstreet Interactive Spyware User-Agent (IEP) || url,doc.emergingthreats.net/2002021
1 || 2002022 || 4 || policy-violation || 0 || ET DELETED GotoMyPC poll.gotomypc.com Server Response to Polling Client OK || url,doc.emergingthreats.net/2002022
1 || 2002023 || 16 || misc-activity || 0 || ET CHAT IRC USER command || url,doc.emergingthreats.net/2002023
1 || 2002024 || 19 || misc-activity || 0 || ET CHAT IRC NICK command || url,doc.emergingthreats.net/2002024
1 || 2002025 || 19 || misc-activity || 0 || ET CHAT IRC JOIN command || url,doc.emergingthreats.net/2002025
1 || 2002026 || 21 || misc-activity || 0 || ET CHAT IRC PRIVMSG command || url,doc.emergingthreats.net/2002026
1 || 2002027 || 16 || misc-activity || 0 || ET CHAT IRC PING command || url,doc.emergingthreats.net/2002027
1 || 2002028 || 19 || misc-activity || 0 || ET CHAT IRC PONG response || url,doc.emergingthreats.net/2002028
1 || 2002029 || 11 || trojan-activity || 0 || ET TROJAN IRC Channel topic scan/exploit command || url,doc.emergingthreats.net/2002029
1 || 2002030 || 16 || trojan-activity || 0 || ET TROJAN IRC Potential bot scan/exploit command || url,doc.emergingthreats.net/2002030
1 || 2002031 || 19 || trojan-activity || 0 || ET TROJAN IRC Potential bot update/download via http command || url,doc.emergingthreats.net/2002031
1 || 2002032 || 22 || trojan-activity || 0 || ET TROJAN IRC Potential DDoS command 1 || url,doc.emergingthreats.net/2002032
1 || 2002033 || 17 || trojan-activity || 0 || ET TROJAN IRC Potential bot command response || url,doc.emergingthreats.net/2002033
1 || 2002034 || 10 || misc-activity || 0 || ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (linux style) || url,doc.emergingthreats.net/bin/view/Main/2002034
1 || 2002036 || 7 || trojan-activity || 0 || ET MALWARE Weird on the Web /180 Solutions Checkin || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002036
1 || 2002037 || 7 || policy-violation || 0 || ET MALWARE Shop at Home Select Spyware Install || url,securityresponse.symantec.com/avcenter/venc/data/adware.sahagent.html || url,doc.emergingthreats.net/bin/view/Main/2002037
1 || 2002038 || 249 || trojan-activity || 0 || ET MALWARE Shopathomeselect.com Spyware User-Agent (WebDownloader) || url,doc.emergingthreats.net/2002038
1 || 2002040 || 7 || trojan-activity || 0 || ET MALWARE Topconverting Spyware Reporting || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002040
1 || 2002041 || 8 || trojan-activity || 0 || ET DELETED Weird on the Web /180 Solutions Update || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002041
1 || 2002044 || 6 || trojan-activity || 0 || ET MALWARE OutBlaze.com Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2002044
1 || 2002046 || 8 || trojan-activity || 0 || ET MALWARE TargetNetworks.net Spyware Reporting (tn) || url,www.targetnetworks.com || url,doc.emergingthreats.net/bin/view/Main/2002046
1 || 2002048 || 6 || trojan-activity || 0 || ET MALWARE 180solutions Spyware Defs Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002048
1 || 2002061 || 4 || attempted-admin || 0 || ET EXPLOIT Possible BackupExec Metasploit Exploit (inbound) || url,isc.sans.org/diary.php?date=2005-06-27 || url,www.metasploit.org/projects/Framework/modules/exploits/backupexec_agent.pm || url,doc.emergingthreats.net/bin/view/Main/2002061
1 || 2002062 || 4 || attempted-admin || 0 || ET EXPLOIT Possible BackupExec Metasploit Exploit (outbound) || url,isc.sans.org/diary.php?date=2005-06-27 || url,www.metasploit.org/projects/Framework/modules/exploits/backupexec_agent.pm || url,doc.emergingthreats.net/bin/view/Main/2002062
1 || 2002064 || 7 || attempted-admin || 0 || ET NETBIOS ms05-011 exploit || bugtraq,12484 || url,www.frsirt.com/exploits/20050623.mssmb_poc.c.php || url,doc.emergingthreats.net/bin/view/Main/2002064
1 || 2002065 || 7 || misc-attack || 0 || ET EXPLOIT Veritas backupexec_agent exploit || url,isc.sans.org/diary.php?date=2005-06-27 || url,doc.emergingthreats.net/bin/view/Main/2002065
1 || 2002066 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CSV-DB CSV_DB.CGI Remote Command Execution Attempt || bugtraq,14059 || url,doc.emergingthreats.net/2002066
1 || 2002067 || 8 || web-application-attack || 0 || ET DELETED Community Link Pro Login.CGI Remote Command Execution Attempt || bugtraq,14097 || url,doc.emergingthreats.net/2002067
1 || 2002068 || 8 || attempted-recon || 0 || ET EXPLOIT NDMP Notify Connect - Possible Backup Exec Remote Agent Recon || url,www.ndmp.org/download/sdk_v4/draft-skardal-ndmp4-04.txt || url,doc.emergingthreats.net/bin/view/Main/2002068
1 || 2002069 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blog Spam Insert Attempt || url,spamhuntress.com/2005/05/14/new-block-for-bulgarians/ || url,lists.geeklog.net/pipermail/geeklog-spam/2005-June/000020.html || url,www.webmasterworld.com/forum92/3683.htm || url,doc.emergingthreats.net/2002069
1 || 2002070 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB Remote Code Execution Attempt || url,secunia.com/advisories/15845/ || bugtraq,14086 || url,www.securiteam.com/unixfocus/6Z00R2ABPY.html || url,doc.emergingthreats.net/2002070
1 || 2002071 || 16 || trojan-activity || 0 || ET MALWARE XupiterToolbar Spyware User-Agent (XupiterToolbar) || url,castlecops.com/tk781-Xupitertoolbar_dll_t_dll.html || url,doc.emergingthreats.net/2002071
1 || 2002078 || 29 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (SideStep) || url,doc.emergingthreats.net/2002078
1 || 2002079 || 18 || trojan-activity || 0 || ET USER_AGENTS MyWaySearch Products Spyware User Agent || url,doc.emergingthreats.net/2002079 || url,www.funwebproducts.com
1 || 2002080 || 22 || trojan-activity || 0 || ET MALWARE MySearch Products Spyware User-Agent (MySearch) || url,doc.emergingthreats.net/2002080
1 || 2002083 || 6 || trojan-activity || 0 || ET MALWARE Pacimedia Spyware 1 || url,doc.emergingthreats.net/bin/view/Main/2002083
1 || 2002087 || 10 || misc-activity || 0 || ET POLICY Inbound Frequent Emails - Possible Spambot Inbound || url,doc.emergingthreats.net/2002087
1 || 2002088 || 7 || trojan-activity || 0 || ET MALWARE C4tdownload.com Spyware Activity || url,sarc.com/avcenter/venc/data/adware.clickdloader.b.html || url,doc.emergingthreats.net/bin/view/Main/2002088
1 || 2002089 || 9 || trojan-activity || 0 || ET MALWARE CWS qck.cc Spyware Installer (in.php) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035 || url,doc.emergingthreats.net/bin/view/Main/2002089
1 || 2002090 || 7 || trojan-activity || 0 || ET MALWARE IEHelp.net Spyware Installer || url,securityresponse.symantec.com/avcenter/venc/data/trojan.domcom.html || url,doc.emergingthreats.net/bin/view/Main/2002090
1 || 2002091 || 7 || trojan-activity || 0 || ET MALWARE Searchmiracle.com Spyware Install - silent.exe || url,www.searchmiracle.com || url,doc.emergingthreats.net/bin/view/Main/2002091
1 || 2002092 || 8 || trojan-activity || 0 || ET MALWARE yupsearch.com Spyware Install - protector.exe || url,www.yupsearch.com || url,doc.emergingthreats.net/bin/view/Main/2002092
1 || 2002093 || 8 || trojan-activity || 0 || ET MALWARE Likely Trojan/Spyware Installer Requested (2) || url,doc.emergingthreats.net/bin/view/Main/2002093
1 || 2002094 || 5 || trojan-activity || 0 || ET DELETED MSUpdater.net Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2002094
1 || 2002095 || 7 || trojan-activity || 0 || ET MALWARE CWS qck.cc Spyware Installer (web.php) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035 || url,doc.emergingthreats.net/bin/view/Main/2002095
1 || 2002096 || 8 || trojan-activity || 0 || ET MALWARE IEHelp.net Spyware checkin || url,securityresponse.symantec.com/avcenter/venc/data/trojan.domcom.html || url,doc.emergingthreats.net/bin/view/Main/2002096
1 || 2002098 || 8 || trojan-activity || 0 || ET MALWARE yupsearch.com Spyware Install - sideb.exe || url,www.yupsearch.com || url,doc.emergingthreats.net/bin/view/Main/2002098
1 || 2002099 || 5 || trojan-activity || 0 || ET MALWARE 180solutions Spyware config Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002099
1 || 2002100 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WPS wps_shop.cgi Remote Command Execution Attempt || bugtraq,14245 || url,doc.emergingthreats.net/2002100
1 || 2002101 || 6 || policy-violation || 0 || ET GAMES Battle.net Starcraft login || url,doc.emergingthreats.net/bin/view/Main/2002101
1 || 2002102 || 6 || policy-violation || 0 || ET GAMES Battle.net Brood War login || url,doc.emergingthreats.net/bin/view/Main/2002102
1 || 2002103 || 6 || policy-violation || 0 || ET GAMES Battle.net Diablo login || url,doc.emergingthreats.net/bin/view/Main/2002103
1 || 2002104 || 6 || policy-violation || 0 || ET GAMES Battle.net Diablo 2 login || url,doc.emergingthreats.net/bin/view/Main/2002104
1 || 2002105 || 6 || policy-violation || 0 || ET GAMES Battle.net Diablo 2 Lord of Destruction login || url,doc.emergingthreats.net/bin/view/Main/2002105
1 || 2002106 || 6 || policy-violation || 0 || ET GAMES Battle.net Warcraft 2 login || url,doc.emergingthreats.net/bin/view/Main/2002106
1 || 2002107 || 6 || policy-violation || 0 || ET GAMES Battle.net Warcraft 3 login || url,doc.emergingthreats.net/bin/view/Main/2002107
1 || 2002108 || 7 || policy-violation || 0 || ET GAMES Battle.net Warcraft 3 The Frozen throne login || url,doc.emergingthreats.net/bin/view/Main/2002108
1 || 2002109 || 6 || policy-violation || 0 || ET GAMES Battle.net old game version || url,doc.emergingthreats.net/bin/view/Main/2002109
1 || 2002110 || 5 || policy-violation || 0 || ET GAMES Battle.net invalid version || url,doc.emergingthreats.net/bin/view/Main/2002110
1 || 2002111 || 5 || policy-violation || 0 || ET GAMES Battle.net invalid cdkey || url,doc.emergingthreats.net/bin/view/Main/2002111
1 || 2002112 || 6 || policy-violation || 0 || ET GAMES Battle.net cdkey in use || url,doc.emergingthreats.net/bin/view/Main/2002112
1 || 2002113 || 5 || policy-violation || 0 || ET GAMES Battle.net banned key || url,doc.emergingthreats.net/bin/view/Main/2002113
1 || 2002114 || 5 || policy-violation || 0 || ET GAMES Battle.net wrong product || url,doc.emergingthreats.net/bin/view/Main/2002114
1 || 2002115 || 6 || policy-violation || 0 || ET GAMES Battle.net failed account login (OLS) wrong password || url,doc.emergingthreats.net/bin/view/Main/2002115
1 || 2002116 || 6 || policy-violation || 0 || ET GAMES Battle.net failed account login (NLS) wrong password || url,doc.emergingthreats.net/bin/view/Main/2002116
1 || 2002117 || 6 || policy-violation || 0 || ET GAMES Battle.net connection reset (possible IP-Ban) || url,doc.emergingthreats.net/bin/view/Main/2002117
1 || 2002118 || 6 || policy-violation || 0 || ET GAMES Battle.net user in channel || url,doc.emergingthreats.net/bin/view/Main/2002118
1 || 2002119 || 6 || policy-violation || 0 || ET GAMES Battle.net outgoing chat message || url,doc.emergingthreats.net/bin/view/Main/2002119
1 || 2002129 || 13 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Cacti Input Validation Attack || url,www.cacti.net || url,www.idefense.com/application/poi/display?id=265&type=vulnerabilities || url,www.idefense.com/application/poi/display?id=266&type=vulnerabilities || url,doc.emergingthreats.net/2002129
1 || 2002131 || 10 || web-application-activity || 0 || ET WEB_SERVER Oracle Reports XML Information Disclosure || url,www.oracle.com/technology/products/reports/index.html || url,www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html || url,doc.emergingthreats.net/2002131
1 || 2002132 || 10 || web-application-activity || 0 || ET WEB_SERVER Oracle Reports DESFORMAT Information Disclosure || url,www.oracle.com/technology/products/reports/index.html || url,www.red-database-security.com/advisory/oracle_reports_read_any_file.html || url,doc.emergingthreats.net/2002132
1 || 2002133 || 10 || web-application-activity || 0 || ET WEB_SERVER Oracle Reports OS Command Injection Attempt || url,www.oracle.com/technology/products/reports/index.html || url,www.red-database-security.com/advisory/oracle_reports_run_any_os_command.html || url,doc.emergingthreats.net/2002133
1 || 2002138 || 9 || policy-violation || 0 || ET GAMES World of Warcraft connection || url,doc.emergingthreats.net/bin/view/Main/2002138
1 || 2002139 || 5 || policy-violation || 0 || ET GAMES World of Warcraft failed logon || url,doc.emergingthreats.net/bin/view/Main/2002139
1 || 2002140 || 5 || policy-violation || 0 || ET GAMES Battle.net user joined channel || url,doc.emergingthreats.net/bin/view/Main/2002140
1 || 2002141 || 5 || policy-violation || 0 || ET GAMES Battle.net user left channel || url,doc.emergingthreats.net/bin/view/Main/2002141
1 || 2002142 || 5 || policy-violation || 0 || ET GAMES Battle.net received whisper message || url,doc.emergingthreats.net/bin/view/Main/2002142
1 || 2002143 || 5 || policy-violation || 0 || ET GAMES Battle.net received server broadcast || url,doc.emergingthreats.net/bin/view/Main/2002143
1 || 2002144 || 5 || policy-violation || 0 || ET GAMES Battle.net joined channel || url,doc.emergingthreats.net/bin/view/Main/2002144
1 || 2002145 || 5 || policy-violation || 0 || ET GAMES Battle.net user had a flags update || url,doc.emergingthreats.net/bin/view/Main/2002145
1 || 2002146 || 5 || policy-violation || 0 || ET GAMES Battle.net sent a whisper || url,doc.emergingthreats.net/bin/view/Main/2002146
1 || 2002147 || 5 || policy-violation || 0 || ET GAMES Battle.net channel full || url,doc.emergingthreats.net/bin/view/Main/2002147
1 || 2002148 || 5 || policy-violation || 0 || ET GAMES Battle.net channel doesn't exist || url,doc.emergingthreats.net/bin/view/Main/2002148
1 || 2002149 || 5 || policy-violation || 0 || ET GAMES Battle.net channel is restricted || url,doc.emergingthreats.net/bin/view/Main/2002149
1 || 2002150 || 5 || policy-violation || 0 || ET GAMES Battle.net informational message || url,doc.emergingthreats.net/bin/view/Main/2002150
1 || 2002151 || 5 || policy-violation || 0 || ET GAMES Battle.net error message || url,doc.emergingthreats.net/bin/view/Main/2002151
1 || 2002152 || 5 || policy-violation || 0 || ET GAMES Battle.net 'emote' message || url,doc.emergingthreats.net/bin/view/Main/2002152
1 || 2002154 || 5 || policy-violation || 0 || ET GAMES Guild Wars connection || url,doc.emergingthreats.net/bin/view/Main/2002154
1 || 2002155 || 4 || policy-violation || 0 || ET GAMES Steam connection || url,doc.emergingthreats.net/bin/view/Main/2002155
1 || 2002157 || 11 || policy-violation || 0 || ET CHAT Skype User-Agent detected || url,doc.emergingthreats.net/2002157
1 || 2002158 || 14 || web-application-attack || 0 || ET WEB_SERVER XML-RPC for PHP Remote Code Injection || url,www.securityfocus.com/bid/14088/exploit || cve,2005-1921 || url,doc.emergingthreats.net/bin/view/Main/2002158
1 || 2002160 || 17 || trojan-activity || 0 || ET MALWARE CoolWebSearch Spyware (Feat) || url,www.spywareguide.com/product_show.php?id=599 || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453075759 || url,www.doxdesk.com/parasite/CoolWebSearch.html || url,doc.emergingthreats.net/2002160
1 || 2002164 || 13 || trojan-activity || 0 || ET MALWARE Hotbar Spyware User-Agent (host) || url,www.doxdesk.com/parasite/Hotbar.html || url,www.pchell.com/support/hotbar.shtml || url,doc.emergingthreats.net/2002164
1 || 2002166 || 16 || trojan-activity || 0 || ET MALWARE Alexa Search Toolbar User-Agent (Alexa Toolbar) || url,www.spywareguide.com/product_show.php?id=418 || url,doc.emergingthreats.net/2002166
1 || 2002167 || 18 || trojan-activity || 0 || ET POLICY Software Install Reporting via HTTP - Wise User Agent (Wise) Sometimes Malware Related || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076771 || url,doc.emergingthreats.net/2002167
1 || 2002169 || 14 || trojan-activity || 0 || ET MALWARE iWon Spyware (iWonSearchAssistant) || url,www.spywareguide.com/product_show.php?id=461 || url,doc.emergingthreats.net/2002169
1 || 2002170 || 5 || policy-violation || 0 || ET GAMES Battle.net incoming chat message || url,doc.emergingthreats.net/bin/view/Main/2002170
1 || 2002171 || 11 || web-application-attack || 0 || ET DELETED COM Object Instantiation Memory Corruption Vulnerability (group 1) || cve,2005-1990 || url,www.microsoft.com/technet/security/Bulletin/MS05-038.mspx || url,doc.emergingthreats.net/2002171
1 || 2002172 || 10 || web-application-attack || 0 || ET DELETED COM Object Instantiation Memory Corruption Vulnerability (group 2) || cve,2005-1990 || url,www.microsoft.com/technet/security/Bulletin/MS05-038.mspx || url,doc.emergingthreats.net/2002172
1 || 2002173 || 13 || web-application-attack || 0 || ET DELETED COM Object Instantiation Memory Corruption Vulnerability (group 3) || cve,2005-1990 || url,www.microsoft.com/technet/security/Bulletin/MS05-038.mspx || url,doc.emergingthreats.net/2002173
1 || 2002175 || 5 || trojan-activity || 0 || ET TROJAN Srv.SSA-KeyLogger Checkin Traffic || url,doc.emergingthreats.net/2002175
1 || 2002181 || 5 || default-login-attempt || 0 || ET EXPLOIT Backup Exec Windows Agent Remote File Access - Attempt || url,www.frsirt.com/english/advisories/2005/1387 || url,www.frsirt.com/exploits/20050811.backupexec_dump.pm.php || url,doc.emergingthreats.net/bin/view/Main/2002181
1 || 2002182 || 5 || misc-attack || 0 || ET EXPLOIT Backup Exec Windows Agent Remote File Access - Vulnerable || url,www.frsirt.com/english/advisories/2005/1387 || url,www.frsirt.com/exploits/20050811.backupexec_dump.pm.php || url,doc.emergingthreats.net/bin/view/Main/2002182
1 || 2002186 || 4 || attempted-admin || 0 || ET NETBIOS SMB-DS Microsoft Windows 2000 Plug and Play Vulnerability || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || url,isc.sans.org/diary.php?date=2005-08-14 || url,doc.emergingthreats.net/bin/view/Main/2002186
1 || 2002187 || 6 || attempted-admin || 0 || ET DELETED NETBIOS SMB Microsoft Windows 2000 PNP Vuln || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || url,isc.sans.org/diary.php?date=2005-08-14 || url,doc.emergingthreats.net/bin/view/Main/2002187
1 || 2002188 || 6 || attempted-admin || 0 || ET DELETED NETBIOS SMB-DS Microsoft Windows 2000 PNP Vuln || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || url,isc.sans.org/diary.php?date=2005-08-14 || url,doc.emergingthreats.net/bin/view/Main/2002188
1 || 2002192 || 4 || policy-violation || 0 || ET CHAT MSN status change || url,doc.emergingthreats.net/2002192
1 || 2002194 || 7 || policy-violation || 0 || ET DELETED Pacimedia Spyware 2 || url,doc.emergingthreats.net/bin/view/Main/2002194
1 || 2002196 || 4 || trojan-activity || 0 || ET MALWARE Casalemedia Spyware Reporting URL Visited 2 || url,doc.emergingthreats.net/bin/view/Main/2002196
1 || 2002199 || 4 || protocol-command-decode || 0 || ET NETBIOS SMB-DS DCERPC PnP HOD bind attempt || url,doc.emergingthreats.net/bin/view/Main/2002199
1 || 2002200 || 4 || protocol-command-decode || 0 || ET NETBIOS SMB-DS DCERPC PnP bind attempt || url,doc.emergingthreats.net/bin/view/Main/2002200
1 || 2002201 || 4 || attempted-admin || 0 || ET NETBIOS SMB-DS DCERPC PnP QueryResConfList exploit attempt || cve,CAN-2005-1983 || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || url,doc.emergingthreats.net/bin/view/Main/2002201
1 || 2002202 || 4 || protocol-command-decode || 0 || ET NETBIOS SMB DCERPC PnP bind attempt || url,doc.emergingthreats.net/bin/view/Main/2002202
1 || 2002203 || 4 || attempted-admin || 0 || ET NETBIOS SMB DCERPC PnP QueryResConfList exploit attempt || cve,CAN-2005-1983 || url,www.microsoft.com/technet/security/Bulletin/MS05-039.mspx || url,doc.emergingthreats.net/bin/view/Main/2002203
1 || 2002296 || 8 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 1 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002296
1 || 2002297 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 2 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002297
1 || 2002298 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 3 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002298
1 || 2002299 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 4 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002299
1 || 2002300 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 5 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002300
1 || 2002301 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 6 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002301
1 || 2002302 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 7 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002302
1 || 2002303 || 6 || trojan-activity || 0 || ET MALWARE Searchfeed.com Spyware 8 || url,www.searchfeed.com || url,doc.emergingthreats.net/bin/view/Main/2002303
1 || 2002304 || 8 || policy-violation || 0 || ET DELETED Advertising.com Reporting Data || url,securityresponse.symantec.com/avcenter/venc/data/adware.fastseek.html || url,doc.emergingthreats.net/bin/view/Main/2002304
1 || 2002305 || 8 || policy-violation || 0 || ET MALWARE Fun Web Products Smileychooser Spyware || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2002305
1 || 2002306 || 6 || policy-violation || 0 || ET MALWARE Fun Web Products Cursorchooser Spyware || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2002306
1 || 2002307 || 8 || policy-violation || 0 || ET DELETED Fun Web Products Stampchooser Spyware || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2002307
1 || 2002308 || 49 || web-application-attack || 0 || ET DELETED Internet Explorer Vulnerable CLSID (Msdds.dll) || url,www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php || url,doc.emergingthreats.net/2002308
1 || 2002309 || 7 || policy-violation || 0 || ET DELETED Metarewards Disclaimer Access || url,doc.emergingthreats.net/bin/view/Main/2002309
1 || 2002310 || 8 || policy-violation || 0 || ET MALWARE Fun Web Products Smileychooser Spyware || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2002310
1 || 2002312 || 4 || policy-violation || 0 || ET DELETED MSN Game Loading || url,doc.emergingthreats.net/2002312
1 || 2002313 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti graph_image.php Remote Command Execution Attempt || cve,CAN-2005-1524 || bugtraq,14129 || bugtraq,14042 || url,doc.emergingthreats.net/2002313
1 || 2002314 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPOutsourcing Zorum prod.php Remote Command Execution Attempt || bugtraq,14601 || url,doc.emergingthreats.net/2002314
1 || 2002315 || 7 || misc-attack || 0 || ET EXPLOIT Incoming Electronic Mail for UNIX Expires Header Buffer Overflow Exploit || url,www.frsirt.com/exploits/20050822.elmexploit.c.php || url,www.instinct.org/elm/ || url,doc.emergingthreats.net/bin/view/Main/2002315
1 || 2002316 || 7 || misc-attack || 0 || ET EXPLOIT Outgoing Electronic Mail for UNIX Expires Header Buffer Overflow Exploit || url,www.frsirt.com/exploits/20050822.elmexploit.c.php || url,www.instinct.org/elm/ || url,doc.emergingthreats.net/bin/view/Main/2002316
1 || 2002317 || 5 || trojan-activity || 0 || ET MALWARE EZSearch Spyware Reporting Search Strings || url,doc.emergingthreats.net/bin/view/Main/2002317
1 || 2002318 || 5 || trojan-activity || 0 || ET MALWARE EZSearch Spyware Reporting Search Category || url,doc.emergingthreats.net/bin/view/Main/2002318
1 || 2002319 || 5 || trojan-activity || 0 || ET MALWARE EZSearch Spyware Reporting 2 || url,doc.emergingthreats.net/bin/view/Main/2002319
1 || 2002320 || 5 || trojan-activity || 0 || ET MALWARE Transponder Spyware Activity || url,www.doxdesk.com/parasite/Transponder.html || url,doc.emergingthreats.net/bin/view/Main/2002320
1 || 2002322 || 3 || misc-activity || 0 || ET WORM Possible MSN Worm Exploit php || url,doc.emergingthreats.net/2002322
1 || 2002323 || 3 || misc-activity || 0 || ET WORM Possible MSN Worm Exploit exe || url,doc.emergingthreats.net/2002323
1 || 2002324 || 3 || misc-activity || 0 || ET WORM Possible MSN Worm Exploit pif || url,doc.emergingthreats.net/2002324
1 || 2002325 || 3 || misc-activity || 0 || ET WORM W32.kelvir.HI || url,securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.hi.html || url,doc.emergingthreats.net/2002325
1 || 2002327 || 4 || policy-violation || 0 || ET CHAT Google Talk (Jabber) Client Login || url,talk.google.com || url,www.xmpp.org || url,doc.emergingthreats.net/2002327
1 || 2002330 || 4 || policy-violation || 0 || ET POLICY Google Talk TLS Client Traffic || url,talk.google.com || url,www.xmpp.org || url,doc.emergingthreats.net/2002330
1 || 2002331 || 5 || attempted-recon || 0 || ET WEB_SPECIFIC_APPS Piranha default passwd attempt || bugtraq,1148 || cve,2000-0248 || nessus,10381 || url,doc.emergingthreats.net/2002331
1 || 2002332 || 6 || policy-violation || 0 || ET POLICY Google IM traffic Windows client user sign-on || url,www.google.com/talk || url,doc.emergingthreats.net/2002332
1 || 2002333 || 6 || policy-violation || 0 || ET POLICY Google IM traffic friend invited || url,www.google.com/talk || url,doc.emergingthreats.net/2002333
1 || 2002334 || 5 || policy-violation || 0 || ET CHAT Google IM traffic Jabber client sign-on || url,www.google.com/talk || url,doc.emergingthreats.net/2002334
1 || 2002348 || 5 || trojan-activity || 0 || ET MALWARE VPP Technologies Spyware || url,doc.emergingthreats.net/bin/view/Main/2002348
1 || 2002349 || 7 || trojan-activity || 0 || ET MALWARE Alexa Spyware Reporting URL || url,doc.emergingthreats.net/bin/view/Main/2002349
1 || 2002350 || 5 || trojan-activity || 0 || ET MALWARE VPP Technologies Spyware Reporting URL || url,doc.emergingthreats.net/bin/view/Main/2002350
1 || 2002351 || 5 || policy-violation || 0 || ET MALWARE Comet Systems Spyware Update Download || url,doc.emergingthreats.net/bin/view/Main/2002351
1 || 2002352 || 5 || policy-violation || 0 || ET MALWARE Comet Systems Spyware Context Report || url,doc.emergingthreats.net/bin/view/Main/2002352
1 || 2002353 || 6 || trojan-activity || 0 || ET DELETED AdultfriendFinder.com Spyware Iframe Download || url,doc.emergingthreats.net/bin/view/Main/2002353
1 || 2002354 || 5 || trojan-activity || 0 || ET MALWARE 180solutions Spyware versionconfig POST || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2002354
1 || 2002362 || 6 || web-application-attack || 0 || ET WEB_SERVER Barracuda Spam Firewall img.pl Remote Command Execution Attempt || bugtraq,14712 || url,doc.emergingthreats.net/2002362
1 || 2002363 || 15 || trojan-activity || 0 || ET TROJAN IRC potential reptile commands || url,doc.emergingthreats.net/2002363
1 || 2002364 || 7 || misc-activity || 0 || ET DELETED Weatherbug Wxbug Capture || url,doc.emergingthreats.net/bin/view/Main/2002364
1 || 2002365 || 9 || web-application-attack || 0 || ET WEB_SERVER HP OpenView Network Node Manager Remote Command Execution Attempt || bugtraq,14662 || url,doc.emergingthreats.net/2002365
1 || 2002371 || 6 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Miva Merchant Cross Site Scripting Attack || bugtraq,14828 || url,smallbusiness.miva.com/products/mia/ || url,www.frsirt.com/english/advisories/2005/1758 || url,doc.emergingthreats.net/2002371
1 || 2002376 || 10 || web-application-attack || 0 || ET WEB_SERVER IBM Lotus Domino BaseTarget XSS attempt || bugtraq,14845 || url,doc.emergingthreats.net/2002376
1 || 2002377 || 9 || web-application-attack || 0 || ET WEB_SERVER IBM Lotus Domino Src XSS attempt || bugtraq,14846 || url,doc.emergingthreats.net/2002377
1 || 2002381 || 10 || web-application-attack || 0 || ET WEB_CLIENT RealPlayer/Helix Player Format String Exploit || url,milw0rm.com/id.php?id=1232 || bugtraq,14945 || cve,2005-2710 || url,doc.emergingthreats.net/bin/view/Main/2002381
1 || 2002383 || 11 || unsuccessful-user || 0 || ET SCAN Potential FTP Brute-Force attempt || url,doc.emergingthreats.net/2002383
1 || 2002384 || 17 || trojan-activity || 0 || ET TROJAN IRC potential bot commands || url,doc.emergingthreats.net/2002384
1 || 2002385 || 14 || trojan-activity || 0 || ET TROJAN IRC channel topic reptile commands || url,doc.emergingthreats.net/2002385
1 || 2002386 || 12 || trojan-activity || 0 || ET TROJAN IRC channel topic misc bot commands || url,doc.emergingthreats.net/2002386
1 || 2002387 || 10 || trojan-activity || 0 || ET DELETED Mitglieder Proxy Bot Checking In || url,isc.sans.org/diary.php?storyid=722 || url,doc.emergingthreats.net/2002387
1 || 2002389 || 4 || successful-recon-limited || 0 || ET EXPLOIT Vulnerable Mercury 4.01a IMAP Banner || url,www.pmail.com/whatsnew/m32401.htm || bugtraq,11775 || url,doc.emergingthreats.net/bin/view/Main/2002389
1 || 2002390 || 4 || misc-attack || 0 || ET EXPLOIT Mercury v4.01a IMAP RENAME Buffer Overflow || url,www.pmail.com/whatsnew/m32401.htm || url,metasploit.com/projects/Framework/exploits.html#mercury_imap || bugtraq,11775 || url,doc.emergingthreats.net/bin/view/Main/2002390
1 || 2002394 || 12 || trojan-activity || 0 || ET MALWARE Adwave/MarketScore User-Agent (WTA) || url,www.adwave.com/our_mission.aspx || url,www.marketscore.com || url,doc.emergingthreats.net/2002394
1 || 2002395 || 13 || trojan-activity || 0 || ET MALWARE Miva User-Agent (TPSystem) || url,www.miva.com || url,www.findwhat.com || url,doc.emergingthreats.net/2002395
1 || 2002396 || 12 || trojan-activity || 0 || ET MALWARE Miva Spyware User-Agent (Travel Update) || url,www.miva.com || url,doc.emergingthreats.net/2002396
1 || 2002400 || 29 || trojan-activity || 0 || ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) || url,doc.emergingthreats.net/bin/view/Main/2002400
1 || 2002402 || 17 || trojan-activity || 0 || ET MALWARE Spyware Related User-Agent (UtilMind HTTPGet) || url,www.websearch.com || url,doc.emergingthreats.net/bin/view/Main/2002402
1 || 2002403 || 12 || trojan-activity || 0 || ET MALWARE Context Plus User-Agent (PTS) || url,www.contextplus.net || url,doc.emergingthreats.net/2002403
1 || 2002404 || 11 || trojan-activity || 0 || ET MALWARE Movies-etc User-Agent (IOInstall) || url,www.movies-etc.com || url,doc.emergingthreats.net/2002404
1 || 2002405 || 11 || trojan-activity || 0 || ET MALWARE Internet Optimizer User-Agent (ROGUE) || url,www.internet-optimizer.com || url,doc.emergingthreats.net/2002405
1 || 2002406 || 4 || attempted-recon || 0 || ET EXPLOIT TAC Attack Directory Traversal || cve,2005-3040 || url,secunia.com/advisories/16854 || url,cirt.dk/advisories/cirt-37-advisory.pdf || url,doc.emergingthreats.net/bin/view/Main/2002406
1 || 2002407 || 8 || policy-violation || 0 || ET DELETED WebshotsNetClient || url,www.webshots.com || url,doc.emergingthreats.net/2002407
1 || 2002410 || 4 || policy-violation || 0 || ET DELETED SMTP Non-US Restricted Outbound || url,doc.emergingthreats.net/bin/view/Main/2002410
1 || 2002411 || 4 || policy-violation || 0 || ET DELETED SMTP Non-US Confidential Outbound || url,doc.emergingthreats.net/bin/view/Main/2002411
1 || 2002412 || 4 || policy-violation || 0 || ET DELETED SMTP Non-US Top Secret Outbound || url,doc.emergingthreats.net/bin/view/Main/2002412
1 || 2002413 || 4 || policy-violation || 0 || ET DELETED SMTP Non-US Secret || url,doc.emergingthreats.net/bin/view/Main/2002413
1 || 2002414 || 5 || policy-violation || 0 || ET DELETED SMTP NATO Restricted || url,doc.emergingthreats.net/bin/view/Main/2002414
1 || 2002415 || 4 || policy-violation || 0 || ET DELETED SMTP NATO Confidential Atomal || url,doc.emergingthreats.net/bin/view/Main/2002415
1 || 2002416 || 4 || policy-violation || 0 || ET DELETED SMTP NATO Confidential || url,doc.emergingthreats.net/bin/view/Main/2002416
1 || 2002417 || 4 || policy-violation || 0 || ET DELETED SMTP NATO COSMIC Top Secret Atomal || url,doc.emergingthreats.net/bin/view/Main/2002417
1 || 2002418 || 4 || policy-violation || 0 || ET DELETED SMTP NATO Secret Atomal || url,doc.emergingthreats.net/bin/view/Main/2002418
1 || 2002419 || 4 || policy-violation || 0 || ET DELETED SMTP NATO Secret || url,doc.emergingthreats.net/bin/view/Main/2002419
1 || 2002420 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002420
1 || 2002421 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002421
1 || 2002422 || 5 || policy-violation || 0 || ET DELETED SMTP US Secret, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002422
1 || 2002423 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential REL TO || url,doc.emergingthreats.net/bin/view/Main/2002423
1 || 2002424 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret REL TO || url,doc.emergingthreats.net/bin/view/Main/2002424
1 || 2002425 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret REL TO || url,doc.emergingthreats.net/bin/view/Main/2002425
1 || 2002426 || 3 || policy-violation || 0 || ET DELETED SMTP US Confidential COMINT || url,doc.emergingthreats.net/bin/view/Main/2002426
1 || 2002427 || 3 || policy-violation || 0 || ET DELETED SMTP US Top Secret COMINT || url,doc.emergingthreats.net/bin/view/Main/2002427
1 || 2002428 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret COMINT || url,doc.emergingthreats.net/bin/view/Main/2002428
1 || 2002429 || 4 || policy-violation || 0 || ET DELETED SMTP US Unclassified COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002429
1 || 2002430 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002430
1 || 2002431 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002431
1 || 2002432 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002432
1 || 2002433 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret IMCON || url,doc.emergingthreats.net/bin/view/Main/2002433
1 || 2002434 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret CNWDI || url,doc.emergingthreats.net/bin/view/Main/2002434
1 || 2002435 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret CNWDI || url,doc.emergingthreats.net/bin/view/Main/2002435
1 || 2002436 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret TK || url,doc.emergingthreats.net/bin/view/Main/2002436
1 || 2002437 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret TK || url,doc.emergingthreats.net/bin/view/Main/2002437
1 || 2002438 || 4 || policy-violation || 0 || ET DELETED SMTP US FGI || url,doc.emergingthreats.net/bin/view/Main/2002438
1 || 2002439 || 4 || policy-violation || 0 || ET DELETED SMTP US FOUO || url,doc.emergingthreats.net/bin/view/Main/2002439
1 || 2002440 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002440
1 || 2002441 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002441
1 || 2002442 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002442
1 || 2002443 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential ORCON || url,doc.emergingthreats.net/bin/view/Main/2002443
1 || 2002444 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret ORCON || url,doc.emergingthreats.net/bin/view/Main/2002444
1 || 2002445 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret ORCON || url,doc.emergingthreats.net/bin/view/Main/2002445
1 || 2002446 || 4 || policy-violation || 0 || ET DELETED SMTP US Unclassified PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002446
1 || 2002447 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002447
1 || 2002448 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002448
1 || 2002449 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002449
1 || 2002450 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential RD || url,doc.emergingthreats.net/bin/view/Main/2002450
1 || 2002451 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret RD || url,doc.emergingthreats.net/bin/view/Main/2002451
1 || 2002452 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret RD || url,doc.emergingthreats.net/bin/view/Main/2002452
1 || 2002453 || 4 || policy-violation || 0 || ET DELETED SMTP US SAMI || url,doc.emergingthreats.net/bin/view/Main/2002453
1 || 2002454 || 4 || policy-violation || 0 || ET DELETED SMTP US Confidential SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002454
1 || 2002455 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002455
1 || 2002456 || 3 || policy-violation || 0 || ET DELETED SMTP US Secret SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002456
1 || 2002457 || 4 || policy-violation || 0 || ET DELETED SMTP US Top Secret STOP || url,doc.emergingthreats.net/bin/view/Main/2002457
1 || 2002458 || 4 || policy-violation || 0 || ET DELETED SMTP Private || url,doc.emergingthreats.net/bin/view/Main/2002458
1 || 2002459 || 4 || policy-violation || 0 || ET DELETED SMTP Restricted || url,doc.emergingthreats.net/bin/view/Main/2002459
1 || 2002461 || 4 || policy-violation || 0 || ET DELETED SMTP Secret || url,doc.emergingthreats.net/bin/view/Main/2002461
1 || 2002462 || 4 || policy-violation || 0 || ET DELETED SMTP Top Secret || url,doc.emergingthreats.net/bin/view/Main/2002462
1 || 2002463 || 4 || policy-violation || 0 || ET DELETED SMTP Sealed || url,doc.emergingthreats.net/bin/view/Main/2002463
1 || 2002464 || 4 || policy-violation || 0 || ET DELETED SMTP Sensitive || url,doc.emergingthreats.net/bin/view/Main/2002464
1 || 2002465 || 5 || policy-violation || 0 || ET DELETED SMTP Proprietary || url,doc.emergingthreats.net/bin/view/Main/2002465
1 || 2002466 || 4 || policy-violation || 0 || ET DELETED SMTP Protected || url,doc.emergingthreats.net/bin/view/Main/2002466
1 || 2002467 || 4 || policy-violation || 0 || ET DELETED SMTP Law Enorcement Sensitive || url,doc.emergingthreats.net/bin/view/Main/2002467
1 || 2002468 || 5 || policy-violation || 0 || ET DELETED SMTP Internal Use Only || url,doc.emergingthreats.net/bin/view/Main/2002468
1 || 2002469 || 4 || policy-violation || 0 || ET DELETED SMTP Date of Birth || url,doc.emergingthreats.net/bin/view/Main/2002469
1 || 2002470 || 4 || policy-violation || 0 || ET DELETED SMTP HCPCS Code || url,doc.emergingthreats.net/bin/view/Main/2002470
1 || 2002471 || 4 || policy-violation || 0 || ET DELETED SMTP ICD-10 Code || url,doc.emergingthreats.net/bin/view/Main/2002471
1 || 2002472 || 4 || policy-violation || 0 || ET DELETED SMTP FDA NDC Code || url,doc.emergingthreats.net/bin/view/Main/2002472
1 || 2002473 || 4 || policy-violation || 0 || ET DELETED SMTP ADA Procedure Code || url,doc.emergingthreats.net/bin/view/Main/2002473
1 || 2002474 || 6 || policy-violation || 0 || ET DELETED SMTP DSM-IV Code || url,doc.emergingthreats.net/bin/view/Main/2002474
1 || 2002475 || 4 || policy-violation || 0 || ET DELETED SMTP AMA CPT Code || url,doc.emergingthreats.net/bin/view/Main/2002475
1 || 2002477 || 4 || policy-violation || 0 || ET DELETED SMTP Credit Card, JCB || url,doc.emergingthreats.net/bin/view/Main/2002477
1 || 2002483 || 4 || policy-violation || 0 || ET DELETED SMTP Password || url,doc.emergingthreats.net/bin/view/Main/2002483
1 || 2002484 || 4 || policy-violation || 0 || ET DELETED SMTP Appraisal || url,doc.emergingthreats.net/bin/view/Main/2002484
1 || 2002485 || 4 || policy-violation || 0 || ET DELETED SMTP Account Balance || url,doc.emergingthreats.net/bin/view/Main/2002485
1 || 2002486 || 5 || policy-violation || 0 || ET DELETED SMTP Payment History || url,doc.emergingthreats.net/bin/view/Main/2002486
1 || 2002487 || 5 || policy-violation || 0 || ET DELETED SMTP Annual Income || url,doc.emergingthreats.net/bin/view/Main/2002487
1 || 2002488 || 4 || policy-violation || 0 || ET DELETED SMTP Credit History || url,doc.emergingthreats.net/bin/view/Main/2002488
1 || 2002489 || 4 || policy-violation || 0 || ET DELETED SMTP Transaction History || url,doc.emergingthreats.net/bin/view/Main/2002489
1 || 2002490 || 4 || policy-violation || 0 || ET DELETED SMTP Customer List || url,doc.emergingthreats.net/bin/view/Main/2002490
1 || 2002491 || 12 || web-application-attack || 0 || ET DELETED COM Object MS05-052 (group 1) || cve,2005-2127 || url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx || url,doc.emergingthreats.net/2002491
1 || 2002492 || 13 || web-application-attack || 0 || ET DELETED COM Object MS05-052 (group 2) || cve,2005-2127 || url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx || url,doc.emergingthreats.net/2002492
1 || 2002493 || 81 || web-application-attack || 0 || ET DELETED COM Object MS05-052 (group 3) || cve,2005-2127 || url,www.microsoft.com/technet/security/Bulletin/MS05-052.mspx || url,doc.emergingthreats.net/2002493
1 || 2002494 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Versatile Bulletin Board SQL Injection Attack || bugtraq,15068 || url,doc.emergingthreats.net/2002494
1 || 2002495 || 5 || policy-violation || 0 || ET DELETED HTTP Non-US Restricted || url,doc.emergingthreats.net/bin/view/Main/2002495
1 || 2002496 || 5 || policy-violation || 0 || ET DELETED HTTP - Non-US Confidential || url,doc.emergingthreats.net/bin/view/Main/2002496
1 || 2002497 || 5 || policy-violation || 0 || ET DELETED HTTP - Non-US Top Secret || url,doc.emergingthreats.net/bin/view/Main/2002497
1 || 2002498 || 5 || policy-violation || 0 || ET DELETED HTTP - Non-US Secret || url,doc.emergingthreats.net/bin/view/Main/2002498
1 || 2002499 || 6 || policy-violation || 0 || ET DELETED HTTP - NATO Restricted || url,doc.emergingthreats.net/bin/view/Main/2002499
1 || 2002500 || 5 || policy-violation || 0 || ET DELETED HTTP - NATO Confidential Atomal || url,doc.emergingthreats.net/bin/view/Main/2002500
1 || 2002501 || 5 || policy-violation || 0 || ET DELETED HTTP - NATO Confidential || url,doc.emergingthreats.net/bin/view/Main/2002501
1 || 2002502 || 5 || policy-violation || 0 || ET DELETED HTTP - NATO COSMIC Top Secret Atomal || url,doc.emergingthreats.net/bin/view/Main/2002502
1 || 2002503 || 5 || policy-violation || 0 || ET DELETED HTTP - NATO Secret Atomal || url,doc.emergingthreats.net/bin/view/Main/2002503
1 || 2002504 || 5 || policy-violation || 0 || ET DELETED HTTP - NATO Secret || url,doc.emergingthreats.net/bin/view/Main/2002504
1 || 2002505 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002505
1 || 2002506 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002506
1 || 2002507 || 5 || policy-violation || 0 || ET DELETED HTTP - US Secret, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002507
1 || 2002508 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential REL TO || url,doc.emergingthreats.net/bin/view/Main/2002508
1 || 2002509 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret REL TO || url,doc.emergingthreats.net/bin/view/Main/2002509
1 || 2002510 || 4 || policy-violation || 0 || ET DELETED HTTP - US Secret REL TO || url,doc.emergingthreats.net/bin/view/Main/2002510
1 || 2002511 || 4 || policy-violation || 0 || ET DELETED HTTP - US Confidential COMINT || url,doc.emergingthreats.net/bin/view/Main/2002511
1 || 2002512 || 4 || policy-violation || 0 || ET DELETED HTTP - US Top Secret COMINT || url,doc.emergingthreats.net/bin/view/Main/2002512
1 || 2002513 || 4 || policy-violation || 0 || ET DELETED HTTP - US Secret COMINT || url,doc.emergingthreats.net/bin/view/Main/2002513
1 || 2002514 || 5 || policy-violation || 0 || ET DELETED HTTP - US Unclassified COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002514
1 || 2002515 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002515
1 || 2002516 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002516
1 || 2002517 || 4 || policy-violation || 0 || ET DELETED HTTP - US Secret COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002517
1 || 2002519 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret CNWDI || url,doc.emergingthreats.net/bin/view/Main/2002519
1 || 2002521 || 6 || policy-violation || 0 || ET DELETED HTTP - US Top Secret TK || url,doc.emergingthreats.net/bin/view/Main/2002521
1 || 2002523 || 5 || policy-violation || 0 || ET DELETED HTTP - US FGI || url,doc.emergingthreats.net/bin/view/Main/2002523
1 || 2002524 || 7 || policy-violation || 0 || ET DELETED HTTP - US FOUO || url,doc.emergingthreats.net/bin/view/Main/2002524
1 || 2002525 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002525
1 || 2002526 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002526
1 || 2002528 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret ORCON || url,doc.emergingthreats.net/bin/view/Main/2002528
1 || 2002530 || 5 || policy-violation || 0 || ET DELETED HTTP - US Unclassified PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002530
1 || 2002531 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002531
1 || 2002532 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002532
1 || 2002534 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential RD || url,doc.emergingthreats.net/bin/view/Main/2002534
1 || 2002535 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret RD || url,doc.emergingthreats.net/bin/view/Main/2002535
1 || 2002537 || 5 || policy-violation || 0 || ET DELETED HTTP - US SAMI || url,doc.emergingthreats.net/bin/view/Main/2002537
1 || 2002538 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002538
1 || 2002539 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002539
1 || 2002541 || 5 || policy-violation || 0 || ET DELETED HTTP - US Top Secret STOP || url,doc.emergingthreats.net/bin/view/Main/2002541
1 || 2002542 || 5 || policy-violation || 0 || ET DELETED HTTP - Private || url,doc.emergingthreats.net/bin/view/Main/2002542
1 || 2002543 || 5 || policy-violation || 0 || ET DELETED HTTP - Restricted || url,doc.emergingthreats.net/bin/view/Main/2002543
1 || 2002544 || 5 || policy-violation || 0 || ET DELETED HTTP - Confidential || url,doc.emergingthreats.net/bin/view/Main/2002544
1 || 2002546 || 5 || policy-violation || 0 || ET DELETED HTTP - Top Secret || url,doc.emergingthreats.net/bin/view/Main/2002546
1 || 2002547 || 5 || policy-violation || 0 || ET DELETED HTTP - Sealed || url,doc.emergingthreats.net/bin/view/Main/2002547
1 || 2002548 || 5 || policy-violation || 0 || ET DELETED HTTP - Sensitive || url,doc.emergingthreats.net/bin/view/Main/2002548
1 || 2002549 || 5 || policy-violation || 0 || ET DELETED HTTP - Proprietary || url,doc.emergingthreats.net/bin/view/Main/2002549
1 || 2002550 || 5 || policy-violation || 0 || ET DELETED HTTP - Protected || url,doc.emergingthreats.net/bin/view/Main/2002550
1 || 2002551 || 5 || policy-violation || 0 || ET DELETED HTTP - Law Enorcement Sensitive || url,doc.emergingthreats.net/bin/view/Main/2002551
1 || 2002552 || 5 || policy-violation || 0 || ET DELETED HTTP - Internal Use Only || url,doc.emergingthreats.net/bin/view/Main/2002552
1 || 2002553 || 5 || policy-violation || 0 || ET DELETED HTTP - Date of Birth || url,doc.emergingthreats.net/bin/view/Main/2002553
1 || 2002554 || 5 || policy-violation || 0 || ET DELETED HTTP - HCPCS Code || url,doc.emergingthreats.net/bin/view/Main/2002554
1 || 2002555 || 5 || policy-violation || 0 || ET DELETED HTTP - ICD-10 Code || url,doc.emergingthreats.net/bin/view/Main/2002555
1 || 2002556 || 5 || policy-violation || 0 || ET DELETED HTTP - FDA NDC Code || url,doc.emergingthreats.net/bin/view/Main/2002556
1 || 2002557 || 5 || policy-violation || 0 || ET DELETED HTTP - ADA Procedure Code || url,doc.emergingthreats.net/bin/view/Main/2002557
1 || 2002558 || 7 || policy-violation || 0 || ET DELETED HTTP - DSM-IV Code || url,doc.emergingthreats.net/bin/view/Main/2002558
1 || 2002559 || 5 || policy-violation || 0 || ET DELETED HTTP - AMA CPT Code || url,doc.emergingthreats.net/bin/view/Main/2002559
1 || 2002561 || 5 || policy-violation || 0 || ET DELETED HTTP - Credit Card, JCB || url,doc.emergingthreats.net/bin/view/Main/2002561
1 || 2002567 || 5 || policy-violation || 0 || ET DELETED HTTP - Password || url,doc.emergingthreats.net/bin/view/Main/2002567
1 || 2002568 || 5 || policy-violation || 0 || ET DELETED HTTP - Appraisal || url,doc.emergingthreats.net/bin/view/Main/2002568
1 || 2002569 || 5 || policy-violation || 0 || ET DELETED HTTP - Account Balance || url,doc.emergingthreats.net/bin/view/Main/2002569
1 || 2002570 || 5 || policy-violation || 0 || ET DELETED HTTP - Payment History || url,doc.emergingthreats.net/bin/view/Main/2002570
1 || 2002571 || 5 || policy-violation || 0 || ET DELETED HTTP - Annual Income || url,doc.emergingthreats.net/bin/view/Main/2002571
1 || 2002572 || 5 || policy-violation || 0 || ET DELETED HTTP - Credit History || url,doc.emergingthreats.net/bin/view/Main/2002572
1 || 2002573 || 5 || policy-violation || 0 || ET DELETED HTTP - Transaction History || url,doc.emergingthreats.net/bin/view/Main/2002573
1 || 2002574 || 5 || policy-violation || 0 || ET DELETED HTTP - Customer List || url,doc.emergingthreats.net/bin/view/Main/2002574
1 || 2002575 || 5 || policy-violation || 0 || ET DELETED High Ports - Non-US Restricted || url,doc.emergingthreats.net/bin/view/Main/2002575
1 || 2002576 || 5 || policy-violation || 0 || ET DELETED High Ports - Non-US Confidential || url,doc.emergingthreats.net/bin/view/Main/2002576
1 || 2002577 || 5 || policy-violation || 0 || ET DELETED High Ports - Non-US Top Secret || url,doc.emergingthreats.net/bin/view/Main/2002577
1 || 2002578 || 5 || policy-violation || 0 || ET DELETED High Ports - Non-US Secret || url,doc.emergingthreats.net/bin/view/Main/2002578
1 || 2002579 || 5 || policy-violation || 0 || ET DELETED High Ports - NATO Restricted || url,doc.emergingthreats.net/bin/view/Main/2002579
1 || 2002580 || 5 || policy-violation || 0 || ET DELETED High Ports - NATO Confidential Atomal || url,doc.emergingthreats.net/bin/view/Main/2002580
1 || 2002581 || 5 || policy-violation || 0 || ET DELETED High Ports - NATO Confidential || url,doc.emergingthreats.net/bin/view/Main/2002581
1 || 2002582 || 5 || policy-violation || 0 || ET DELETED High Ports - NATO COSMIC Top Secret Atomal || url,doc.emergingthreats.net/bin/view/Main/2002582
1 || 2002583 || 5 || policy-violation || 0 || ET DELETED High Ports - NATO Secret Atomal || url,doc.emergingthreats.net/bin/view/Main/2002583
1 || 2002584 || 5 || policy-violation || 0 || ET DELETED High Ports - NATO Secret || url,doc.emergingthreats.net/bin/view/Main/2002584
1 || 2002585 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002585
1 || 2002586 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002586
1 || 2002587 || 5 || policy-violation || 0 || ET DELETED High Ports - US Secret, Electronic || url,doc.emergingthreats.net/bin/view/Main/2002587
1 || 2002588 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential REL TO || url,doc.emergingthreats.net/bin/view/Main/2002588
1 || 2002589 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret REL TO || url,doc.emergingthreats.net/bin/view/Main/2002589
1 || 2002591 || 4 || policy-violation || 0 || ET DELETED High Ports - US Confidential COMINT || url,doc.emergingthreats.net/bin/view/Main/2002591
1 || 2002592 || 4 || policy-violation || 0 || ET DELETED High Ports - US Top Secret COMINT || url,doc.emergingthreats.net/bin/view/Main/2002592
1 || 2002593 || 4 || policy-violation || 0 || ET DELETED High Ports - US Secret COMINT || url,doc.emergingthreats.net/bin/view/Main/2002593
1 || 2002594 || 5 || policy-violation || 0 || ET DELETED High Ports - US Unclassified COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002594
1 || 2002595 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002595
1 || 2002596 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret COMSEC || url,doc.emergingthreats.net/bin/view/Main/2002596
1 || 2002599 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret CNWDI || url,doc.emergingthreats.net/bin/view/Main/2002599
1 || 2002601 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret TK || url,doc.emergingthreats.net/bin/view/Main/2002601
1 || 2002602 || 4 || policy-violation || 0 || ET DELETED High Ports - US Secret TK || url,doc.emergingthreats.net/bin/view/Main/2002602
1 || 2002603 || 5 || policy-violation || 0 || ET DELETED High Ports - US FGI || url,doc.emergingthreats.net/bin/view/Main/2002603
1 || 2002604 || 5 || policy-violation || 0 || ET DELETED High Ports - US FOUO || url,doc.emergingthreats.net/bin/view/Main/2002604
1 || 2002605 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002605
1 || 2002606 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002606
1 || 2002607 || 4 || policy-violation || 0 || ET DELETED High Ports - US Secret NOFORN || url,doc.emergingthreats.net/bin/view/Main/2002607
1 || 2002608 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential ORCON || url,doc.emergingthreats.net/bin/view/Main/2002608
1 || 2002609 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret ORCON || url,doc.emergingthreats.net/bin/view/Main/2002609
1 || 2002610 || 4 || policy-violation || 0 || ET DELETED High Ports - US Secret ORCON || url,doc.emergingthreats.net/bin/view/Main/2002610
1 || 2002611 || 5 || policy-violation || 0 || ET DELETED High Ports - US Unclassified PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002611
1 || 2002612 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002612
1 || 2002613 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret PROPIN || url,doc.emergingthreats.net/bin/view/Main/2002613
1 || 2002615 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential RD || url,doc.emergingthreats.net/bin/view/Main/2002615
1 || 2002616 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret RD || url,doc.emergingthreats.net/bin/view/Main/2002616
1 || 2002618 || 5 || policy-violation || 0 || ET DELETED High Ports - US SAMI || url,doc.emergingthreats.net/bin/view/Main/2002618
1 || 2002619 || 5 || policy-violation || 0 || ET DELETED High Ports - US Confidential SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002619
1 || 2002620 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002620
1 || 2002621 || 4 || policy-violation || 0 || ET DELETED High Ports - US Secret SPECAT || url,doc.emergingthreats.net/bin/view/Main/2002621
1 || 2002622 || 5 || policy-violation || 0 || ET DELETED High Ports - US Top Secret STOP || url,doc.emergingthreats.net/2002622
1 || 2002623 || 5 || policy-violation || 0 || ET DELETED High Ports - Private || url,doc.emergingthreats.net/2002623
1 || 2002624 || 5 || policy-violation || 0 || ET DELETED High Ports - Restricted || url,doc.emergingthreats.net/2002624
1 || 2002625 || 5 || policy-violation || 0 || ET DELETED High Ports - Confidential || url,doc.emergingthreats.net/2002625
1 || 2002626 || 4 || policy-violation || 0 || ET DELETED High Ports - Secret || url,doc.emergingthreats.net/2002626
1 || 2002627 || 5 || policy-violation || 0 || ET DELETED High Ports - Top Secret || url,doc.emergingthreats.net/2002627
1 || 2002628 || 5 || policy-violation || 0 || ET DELETED High Ports - Sealed || url,doc.emergingthreats.net/2002628
1 || 2002629 || 5 || policy-violation || 0 || ET DELETED High Ports - Sensitive || url,doc.emergingthreats.net/2002629
1 || 2002630 || 6 || policy-violation || 0 || ET DELETED High Ports - Proprietary || url,doc.emergingthreats.net/2002630
1 || 2002631 || 6 || policy-violation || 0 || ET DELETED High Ports - Protected || url,doc.emergingthreats.net/2002631
1 || 2002632 || 6 || policy-violation || 0 || ET DELETED High Ports - Law Enorcement Sensitive || url,doc.emergingthreats.net/2002632
1 || 2002633 || 6 || policy-violation || 0 || ET DELETED High Ports - Internal Use Only || url,doc.emergingthreats.net/2002633
1 || 2002634 || 6 || policy-violation || 0 || ET DELETED High Ports - Date of Birth || url,doc.emergingthreats.net/2002634
1 || 2002635 || 6 || policy-violation || 0 || ET DELETED High Ports - HCPCS Code || url,doc.emergingthreats.net/2002635
1 || 2002636 || 6 || policy-violation || 0 || ET DELETED High Ports - ICD-10 Code || url,doc.emergingthreats.net/2002636
1 || 2002637 || 6 || policy-violation || 0 || ET DELETED High Ports - FDA NDC Code || url,doc.emergingthreats.net/2002637
1 || 2002638 || 6 || policy-violation || 0 || ET DELETED High Ports - ADA Procedure Code || url,doc.emergingthreats.net/2002638
1 || 2002639 || 8 || policy-violation || 0 || ET DELETED High Ports - DSM-IV Code || url,doc.emergingthreats.net/2002639
1 || 2002640 || 6 || policy-violation || 0 || ET DELETED High Ports - AMA CPT Code || url,doc.emergingthreats.net/2002640
1 || 2002642 || 6 || policy-violation || 0 || ET DELETED High Ports - Credit Card, JCB || url,doc.emergingthreats.net/2002642
1 || 2002648 || 6 || policy-violation || 0 || ET DELETED High Ports - Password || url,doc.emergingthreats.net/2002648
1 || 2002649 || 6 || policy-violation || 0 || ET DELETED High Ports - Appraisal || url,doc.emergingthreats.net/2002649
1 || 2002650 || 6 || policy-violation || 0 || ET DELETED High Ports - Account Balance || url,doc.emergingthreats.net/2002650
1 || 2002651 || 6 || policy-violation || 0 || ET DELETED High Ports - Payment History || url,doc.emergingthreats.net/2002651
1 || 2002652 || 7 || policy-violation || 0 || ET DELETED High Ports - Annual Income || url,doc.emergingthreats.net/2002652
1 || 2002653 || 6 || policy-violation || 0 || ET DELETED High Ports - Credit History || url,doc.emergingthreats.net/2002653
1 || 2002654 || 6 || policy-violation || 0 || ET DELETED High Ports - Transaction History || url,doc.emergingthreats.net/2002654
1 || 2002655 || 6 || policy-violation || 0 || ET DELETED High Ports - Customer List || url,doc.emergingthreats.net/2002655
1 || 2002656 || 4 || attempted-dos || 0 || ET EXPLOIT malformed Sack - Snort DoS-by-$um$id || url,doc.emergingthreats.net/bin/view/Main/2002656
1 || 2002658 || 4 || policy-violation || 0 || ET POLICY EIN in the clear (US-IRS Employer ID Number) || url,policy.ssa.gov/poms.nsf/lnx/0101001004 || url,policy.ssa.gov/poms.nsf/lnx/0101001001?opendocument || url,doc.emergingthreats.net/2002658
1 || 2002659 || 5 || policy-violation || 0 || ET CHAT Yahoo IM Client Install || url,doc.emergingthreats.net/2002659
1 || 2002660 || 10 || web-application-activity || 0 || ET DELETED RSA Web Auth Exploit Attempt - Long URL || url,secunia.com/advisories/17281 || url,www.metasploit.com/projects/Framework/modules/exploits/rsa_iiswebagent_redirect.pm || url,doc.emergingthreats.net/2002660 || url,doc.emergingthreats.net/2002660
1 || 2002662 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TWiki INCLUDE remote command execution attempt || bugtraq,14960 || url,doc.emergingthreats.net/2002662
1 || 2002663 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 resetcore.php SQL Injection attempt || bugtraq,15125 || url,doc.emergingthreats.net/2002663
1 || 2002664 || 10 || attempted-recon || 0 || ET SCAN Nessus User Agent || url,www.nessus.org || url,doc.emergingthreats.net/2002664
1 || 2002667 || 38 || attempted-recon || 0 || ET WEB_SERVER sumthin scan || url,www.webmasterworld.com/forum11/2100.htm || url,doc.emergingthreats.net/2002667
1 || 2002668 || 10 || misc-activity || 0 || ET WEB_SPECIFIC_APPS CutePHP CuteNews directory traversal vulnerability - show_news || bugtraq,15295 || url,doc.emergingthreats.net/2002668
1 || 2002671 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Galerie ShowGallery.php SQL Injection attempt || bugtraq,15313 || url,doc.emergingthreats.net/2002671
1 || 2002673 || 9 || policy-violation || 0 || ET P2P MS Foldershare Login Detected || url,www.foldershare.com || url,doc.emergingthreats.net/bin/view/Main/2002673
1 || 2002676 || 3 || bad-unknown || 0 || ET POLICY nstx DNS Tunnel Outbound || url,savannah.nongnu.org/projects/nstx/ || url,nstx.dereference.de/nstx || url,doc.emergingthreats.net/2002676
1 || 2002677 || 12 || web-application-attack || 0 || ET SCAN Nikto Web App Scan in Progress || url,www.cirt.net/code/nikto.shtml || url,doc.emergingthreats.net/2002677
1 || 2002678 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cyphor show.php SQL injection attempt || bugtraq,15418 || url,doc.emergingthreats.net/2002678
1 || 2002681 || 12 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Exploit || url,seclists.org/lists/fulldisclosure/2005/Nov/0528.html || url,isc.sans.org/diary.php?storyid=869 || url,www.us-cert.gov/cas/bulletins/SB07-106.html || url,doc.emergingthreats.net/2002681
1 || 2002683 || 6 || trojan-activity || 0 || ET WORM shell bot perl code download || url,doc.emergingthreats.net/2002683
1 || 2002684 || 5 || trojan-activity || 0 || ET WORM Shell Bot Code Download || url,doc.emergingthreats.net/2002684
1 || 2002685 || 6 || web-application-attack || 0 || ET WEB_SERVER Barracuda Spam Firewall img.pl Remote Directory Traversal Attempt || bugtraq,14710 || url,doc.emergingthreats.net/2002685
1 || 2002695 || 9 || trojan-activity || 0 || ET DELETED Generic Downloader Outbound HTTP connection - Downloading Code || url,doc.emergingthreats.net/2002695
1 || 2002697 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CVSTrac filediff Arbitrary Remote Code Execution || bugtraq,10878 || cve,2004-1456 || url,doc.emergingthreats.net/bin/view/Main/2002697
1 || 2002702 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSTicket Remote Code Execution Attempt || url,secunia.com/advisories/15216 || url,www.gulftech.org/?node=research&article_id=00071-05022005 || cve,CAN-2005-1438 || cve,CAN-2005-1439 || url,doc.emergingthreats.net/bin/view/Main/2002702
1 || 2002703 || 4 || web-application-attack || 0 || ET EXPLOIT GuppY error.php Arbitrary Remote Code Execution || bugtraq,15609 || url,doc.emergingthreats.net/bin/view/Main/2002703
1 || 2002704 || 5 || policy-violation || 0 || ET DELETED HTTP - US Confidential ORCON || url,doc.emergingthreats.net/bin/view/Main/2002704
1 || 2002707 || 9 || trojan-activity || 0 || ET DELETED iframebiz - adv***.php || url,iframecash.biz || url,isc.sans.org/diary.php?storyid=868 || url,doc.emergingthreats.net/bin/view/Main/2002707
1 || 2002708 || 8 || trojan-activity || 0 || ET MALWARE iframebiz - sploit.anr || url,iframecash.biz || url,isc.sans.org/diary.php?storyid=868 || url,doc.emergingthreats.net/bin/view/Main/2002708
1 || 2002709 || 8 || trojan-activity || 0 || ET MALWARE iframebiz - loaderadv***.jar || url,iframecash.biz || url,isc.sans.org/diary.php?storyid=868 || url,doc.emergingthreats.net/bin/view/Main/2002709
1 || 2002710 || 8 || trojan-activity || 0 || ET MALWARE iframebiz - loadadv***.exe || url,iframecash.biz || url,isc.sans.org/diary.php?storyid=868 || url,doc.emergingthreats.net/bin/view/Main/2002710
1 || 2002721 || 6 || web-application-attack || 0 || ET WEB_SERVER Cisco IOS HTTP set enable password attack || cve,2005-3921 || bugtraq,15602 || url,www.infohacking.com/INFOHACKING_RESEARCH/Our_Advisories/cisco/index.html || url,doc.emergingthreats.net/2002721
1 || 2002722 || 4 || policy-violation || 0 || ET POLICY MP3 File Transfer Outbound || url,filext.com/detaillist.php?extdetail=mp3&Search=Search || url,doc.emergingthreats.net/2002722
1 || 2002723 || 4 || policy-violation || 0 || ET POLICY MP3 File Transfer Inbound || url,filext.com/detaillist.php?extdetail=mp3&Search=Search || url,doc.emergingthreats.net/2002723
1 || 2002724 || 11 || web-application-attack || 0 || ET ACTIVEX MciWndx ActiveX Control || url,www.microsoft.com/technet/security/bulletin/ms05-054.mspx || url,doc.emergingthreats.net/2002724
1 || 2002725 || 13 || web-application-attack || 0 || ET ACTIVEX COM Object Instantiation Memory Corruption Vulnerability MS05-054 || cve,2005-2831 || url,www.microsoft.com/technet/security/bulletin/ms05-054.mspx || url,doc.emergingthreats.net/2002725
1 || 2002728 || 6 || trojan-activity || 0 || ET DELETED Ranky or variant backdoor communication ping || url,www.sophos.com/virusinfo/analyses/trojranckcx.html || url,www.iss.net/threats/W32.Trojan.Ranky.FV.html
1 || 2002729 || 4 || policy-violation || 0 || ET POLICY Outbound Hamachi VPN Connection Attempt || url,www.hamachi.cc || url,doc.emergingthreats.net/2002729
1 || 2002731 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Generic phpbb arbitrary command attempt || url,cve.mitre.org/cgi-bin/cvekey.cgi?keyword=phpbb_root_path || url,doc.emergingthreats.net/2002731
1 || 2002734 || 5 || attempted-user || 0 || ET EXPLOIT WMF Exploit || url,www.frsirt.com/exploits/20051228.ie_xp_pfv_metafile.pm.php || url,doc.emergingthreats.net/bin/view/Main/2002734
1 || 2002735 || 6 || policy-violation || 0 || ET MALWARE Zenotecnico Adware 2 || url,www.zenotecnico.com || url,doc.emergingthreats.net/bin/view/Main/2002735
1 || 2002736 || 5 || policy-violation || 0 || ET MALWARE Trafficsector.com Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2002736
1 || 2002737 || 6 || policy-violation || 0 || ET MALWARE Zenotecnico Spyware Install Report || url,www.zenotecnico.com || url,doc.emergingthreats.net/bin/view/Main/2002737
1 || 2002738 || 5 || trojan-activity || 0 || ET MALWARE SurfSidekick Activity (rinfo) || url,securityresponse.symantec.com/avcenter/venc/data/adware.surfsidekick.html || url,doc.emergingthreats.net/bin/view/Main/2002738
1 || 2002739 || 12 || trojan-activity || 0 || ET MALWARE iDownloadAgent Spyware User-Agent (iDownloadAgent) || url,doc.emergingthreats.net/2002739
1 || 2002740 || 5 || policy-violation || 0 || ET MALWARE adservs.com Spyware || url,doc.emergingthreats.net/bin/view/Main/2002740
1 || 2002741 || 11 || unknown || 0 || ET EXPLOIT WMF Escape Record Exploit - Web Only - version 3 || url,www.frsirt.com/english/advisories/2005/3086 || url,doc.emergingthreats.net/bin/view/Main/2002741
1 || 2002742 || 9 || attempted-user || 0 || ET EXPLOIT WMF Escape Record Exploit - Version 3 || url,www.frsirt.com/english/advisories/2005/3086 || url,doc.emergingthreats.net/bin/view/Main/2002742
1 || 2002743 || 8 || unknown || 0 || ET EXPLOIT WMF Escape Record Exploit - Web Only - all versions || url,www.frsirt.com/english/advisories/2005/3086 || url,doc.emergingthreats.net/bin/view/Main/2002743
1 || 2002749 || 14 || bad-unknown || 0 || ET POLICY Unallocated IP Space Traffic - Bogon Nets || url,www.cymru.com/Documents/bogon-list.html || url,doc.emergingthreats.net/bin/view/Main/2002749
1 || 2002750 || 27 || bad-unknown || 0 || ET DELETED Reserved IP Space Traffic - Bogon Nets 2 || url,www.cymru.com/Documents/bogon-list.html || url,doc.emergingthreats.net/bin/view/Main/2002750
1 || 2002751 || 8 || bad-unknown || 0 || ET DELETED Reserved IP Space Traffic - Bogon Nets 3 || url,www.cymru.com/Documents/bogon-list.html || url,doc.emergingthreats.net/bin/view/Main/2002751
1 || 2002752 || 4 || bad-unknown || 0 || ET POLICY Reserved Internal IP Traffic || url,www.cymru.com/Documents/bogon-list.html || url,doc.emergingthreats.net/bin/view/Main/2002752
1 || 2002757 || 5 || unknown || 0 || ET EXPLOIT WMF Escape Record Exploit - Web Only - version 1 || url,www.frsirt.com/english/advisories/2005/3086 || url,doc.emergingthreats.net/bin/view/Main/2002757
1 || 2002758 || 6 || attempted-user || 0 || ET EXPLOIT WMF Escape Record Exploit - Version 1 || url,www.frsirt.com/english/advisories/2005/3086 || url,doc.emergingthreats.net/bin/view/Main/2002758
1 || 2002760 || 3 || policy-violation || 0 || ET P2P GnucDNA UDP Ultrapeer Traffic || url,doc.emergingthreats.net/bin/view/Main/2002760
1 || 2002761 || 6 || policy-violation || 0 || ET P2P Gnutella TCP Ultrapeer Traffic || url,doc.emergingthreats.net/bin/view/Main/2002761
1 || 2002762 || 6 || trojan-activity || 0 || ET TROJAN Torpig Reporting User Activity (x25) || url,www.sophos.com/virusinfo/analyses/trojtorpigr.html || url,doc.emergingthreats.net/2002762
1 || 2002763 || 7 || trojan-activity || 0 || ET TROJAN Dumador Reporting User Activity || url,www.norman.com/Virus/Virus_descriptions/24279/ || url,doc.emergingthreats.net/2002763
1 || 2002765 || 7 || trojan-activity || 0 || ET DELETED Corpsespyware.net BlackListed Malicious Domain - google.vc || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002765
1 || 2002766 || 7 || trojan-activity || 0 || ET MALWARE Corpsespyware.net BlackList - pcpeek || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002766
1 || 2002767 || 8 || trojan-activity || 0 || ET MALWARE Corpsespyware.net Distribution - bos.biz || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002767
1 || 2002768 || 7 || trojan-activity || 0 || ET MALWARE Corpsespyware.net Distribution - fesexy || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002768
1 || 2002769 || 8 || trojan-activity || 0 || ET MALWARE Corpsespyware.net Distribution - studiolacase || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002769
1 || 2002770 || 5 || trojan-activity || 0 || ET MALWARE Corpsespyware.net - msits.exe access || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002770
1 || 2002771 || 5 || trojan-activity || 0 || ET MALWARE Corpsespyware.net - msys.exe access || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002771
1 || 2002773 || 8 || trojan-activity || 0 || ET TROJAN FSG Packed Binary via HTTP Inbound || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/2002773
1 || 2002774 || 6 || trojan-activity || 0 || ET DELETED Corpsespyware.net Blind Data Upload || url,www.securityfocus.com/infocus/1745 || url,doc.emergingthreats.net/bin/view/Main/2002774
1 || 2002775 || 8 || trojan-activity || 0 || ET TROJAN Goldun Reporting User Activity || url,www.avira.com/en/threats/TR_Spy_Goldun_de_1_details.html || url,doc.emergingthreats.net/2002775
1 || 2002776 || 7 || trojan-activity || 0 || ET TROJAN SickleBot Reporting User Activity || url,doc.emergingthreats.net/2002776
1 || 2002777 || 7 || web-application-attack || 0 || ET WEB_SERVER Light Weight Calendar 'date' Arbitrary Remote Code Execution || url,doc.emergingthreats.net/2002777
1 || 2002780 || 7 || trojan-activity || 0 || ET TROJAN Goldun Reporting User Activity 2 || url,www.avira.com/en/threats/TR_Spy_Goldun_de_1_details.html || url,doc.emergingthreats.net/2002780
1 || 2002781 || 6 || trojan-activity || 0 || ET TROJAN w32agent.dsi Posting Info || url,doc.emergingthreats.net/2002781
1 || 2002782 || 6 || trojan-activity || 0 || ET TROJAN w32agent.dsi Domain Update || url,doc.emergingthreats.net/2002782
1 || 2002783 || 4 || trojan-activity || 0 || ET EXPLOIT Java runtime.exec() call || url,www.mullingsecurity.com || url,doc.emergingthreats.net/bin/view/Main/2002783
1 || 2002784 || 4 || trojan-activity || 0 || ET EXPLOIT Java private function call sun.misc.unsafe || url,www.mullingsecurity.com || url,doc.emergingthreats.net/bin/view/Main/2002784
1 || 2002785 || 4 || trojan-activity || 0 || ET EXPLOIT Java field reflector call java.lang.reflect.field || url,www.mullingsecurity.com || url,doc.emergingthreats.net/bin/view/Main/2002785
1 || 2002786 || 4 || trojan-activity || 0 || ET EXPLOIT Javascript unsafe applet call || url,www.mullingsecurity.com || url,doc.emergingthreats.net/bin/view/Main/2002786
1 || 2002787 || 4 || trojan-activity || 0 || ET EXPLOIT Javascript Securitymanager class applet call || url,www.mullingsecurity.com || url,doc.emergingthreats.net/bin/view/Main/2002787
1 || 2002790 || 9 || trojan-activity || 0 || ET TROJAN Haxdoor Reporting User Activity || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BKDR_HAXDOOR.DI || url,doc.emergingthreats.net/2002790 || url,www.symantec.com/security_response/writeup.jsp?docid=2003-113016-1420-99&tabid=2 || url,www.threatexpert.com/report.aspx?md5=e787c4437ff67061983cd08458f71c94 || url,www.threatexpert.com/report.aspx?md5=d86b9eaf9682d60cb8b928dc6ac40954 || url,www.threatexpert.com/report.aspx?md5=1777f0ffa890ebfcc7587957f2d08dca
1 || 2002791 || 5 || web-application-attack || 0 || ET DELETED MISC Computer Associates Negative Content-Length Buffer Overflow || bugtraq,16354 || cve,2005-3653 || url,doc.emergingthreats.net/bin/view/Main/2002791
1 || 2002796 || 4 || policy-violation || 0 || ET POLICY X-Box Live Connecting || url,www.microsoft.com/xbox/ || url,doc.emergingthreats.net/2002796
1 || 2002800 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP PHPNuke Remote File Inclusion Attempt || url,www.zone-h.org/en/advisories/read/id=8694/ || url,doc.emergingthreats.net/2002800
1 || 2002801 || 14 || policy-violation || 0 || ET POLICY Google Desktop User-Agent Detected || url,news.com.com/2100-1032_3-6038197.html || url,doc.emergingthreats.net/2002801
1 || 2002802 || 8 || attempted-user || 0 || ET EXPLOIT Windows Media Player parsing BMP file with 0 size offset to start of image || url,www.milw0rm.com/id.php?id=1500 || url,www.microsoft.com/technet/security/Bulletin/MS06-005.mspx || cve,2006-0006 || bugtraq,16633 || url,doc.emergingthreats.net/bin/view/Main/2002802
1 || 2002803 || 10 || attempted-user || 0 || ET EXPLOIT BMP with invalid bfOffBits || url,www.microsoft.com/technet/security/Bulletin/ms06-005.mspx || cve,2006-0006 || bugtraq,16633 || url,doc.emergingthreats.net/bin/view/Main/2002803
1 || 2002804 || 6 || trojan-activity || 0 || ET MALWARE Spyaxe Spyware DB Update || url,doc.emergingthreats.net/bin/view/Main/2002804
1 || 2002805 || 6 || trojan-activity || 0 || ET MALWARE Spyaxe Spyware DB Version Check || url,doc.emergingthreats.net/bin/view/Main/2002805
1 || 2002806 || 6 || trojan-activity || 0 || ET MALWARE Spyaxe Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2002806
1 || 2002807 || 11 || trojan-activity || 0 || ET DELETED Spyaxe Spyware User-Agent (spyaxe) || url,doc.emergingthreats.net/2002807
1 || 2002808 || 12 || trojan-activity || 0 || ET MALWARE Spyaxe Spyware User-Agent (spywareaxe) || url,doc.emergingthreats.net/2002808
1 || 2002809 || 5 || trojan-activity || 0 || ET ATTACK_RESPONSE Hostile FTP Server Banner (StnyFtpd) || url,doc.emergingthreats.net/bin/view/Main/2002809
1 || 2002810 || 4 || trojan-activity || 0 || ET ATTACK_RESPONSE Hostile FTP Server Banner (Reptile) || url,doc.emergingthreats.net/bin/view/Main/2002810
1 || 2002811 || 5 || trojan-activity || 0 || ET ATTACK_RESPONSE Hostile FTP Server Banner (Bot Server) || url,doc.emergingthreats.net/bin/view/Main/2002811
1 || 2002812 || 6 || trojan-activity || 0 || ET DELETED PWS-LDPinch Reporting User Activity || url,doc.emergingthreats.net/2002812
1 || 2002814 || 5 || policy-violation || 0 || ET P2P Direct Connect Traffic (client-server) || url,en.wikipedia.org/wiki/Direct_connect_file-sharing_application || url,doc.emergingthreats.net/bin/view/Main/2002814
1 || 2002815 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Plume CMS prepend.php Remote File Inclusion attempt || cve,CVE-2006-0725 || bugtraq,16662 || nessus,20972 || url,doc.emergingthreats.net/2002815
1 || 2002816 || 5 || trojan-activity || 0 || ET MALWARE DelFin Project Spyware (payload) || url,doc.emergingthreats.net/bin/view/Main/2002816
1 || 2002817 || 5 || trojan-activity || 0 || ET MALWARE DelFin Project Spyware (setup) || url,doc.emergingthreats.net/bin/view/Main/2002817
1 || 2002820 || 5 || trojan-activity || 0 || ET MALWARE Hotbar Agent Subscription POST || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2002820
1 || 2002821 || 7 || policy-violation || 0 || ET MALWARE SideStep Bar Reporting Data (sbstart) || url,www.sidestep.com || url,www.spyany.com/program/article_spw_rm_SideStep.html || url,doc.emergingthreats.net/bin/view/Main/2002821
1 || 2002822 || 9 || attempted-recon || 0 || ET POLICY Wget User Agent || url,www.gnu.org/software/wget || url,doc.emergingthreats.net/2002822
1 || 2002823 || 11 || attempted-recon || 0 || ET POLICY POSSIBLE Web Crawl using Wget || url,www.gnu.org/software/wget/ || url,doc.emergingthreats.net/2002823
1 || 2002824 || 10 || attempted-recon || 0 || ET POLICY CURL User Agent || url,curl.haxx.se || url,doc.emergingthreats.net/2002824
1 || 2002825 || 8 || attempted-recon || 0 || ET POLICY POSSIBLE Web Crawl using Curl || url,curl.haxx.se || url,doc.emergingthreats.net/2002825
1 || 2002826 || 10 || attempted-recon || 0 || ET POLICY fetch User Agent || url,gobsd.com/code/freebsd/lib/libfetch || url,doc.emergingthreats.net/2002826
1 || 2002827 || 11 || attempted-recon || 0 || ET POLICY POSSIBLE Crawl using Fetch || url,gobsd.com/code/freebsd/lib/libfetch || url,doc.emergingthreats.net/2002827
1 || 2002828 || 9 || not-suspicious || 0 || ET POLICY Googlebot User Agent || url,www.google.com/webmasters/bot.html || url,doc.emergingthreats.net/2002828
1 || 2002829 || 9 || attempted-recon || 0 || ET POLICY Googlebot Crawl || url,www.google.com/webmasters/bot.html || url,doc.emergingthreats.net/2002829
1 || 2002830 || 8 || not-suspicious || 0 || ET POLICY Msnbot User Agent || url,search.msn.com/msnbot.htm || url,doc.emergingthreats.net/2002830
1 || 2002831 || 9 || attempted-recon || 0 || ET POLICY Msnbot Crawl || url,search.msn.com/msnbot.htm || url,doc.emergingthreats.net/2002831
1 || 2002832 || 9 || not-suspicious || 0 || ET POLICY Yahoo Crawler User Agent || url,mms-mmcrawler-support@yahoo-inc.com || url,doc.emergingthreats.net/2002832
1 || 2002833 || 7 || attempted-recon || 0 || ET POLICY Yahoo Crawler Crawl || url,mms-mmcrawler-support@yahoo-inc.com || url,doc.emergingthreats.net/2002833
1 || 2002836 || 8 || trojan-activity || 0 || ET MALWARE MyWebSearch Toolbar Traffic (bar config download) || url,doc.emergingthreats.net/bin/view/Main/2002836
1 || 2002837 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PmWiki Globals Variables Overwrite Attempt || cve,CVE-2006-0479 || bugtraq,16421 || nessus,20891 || url,doc.emergingthreats.net/2002837
1 || 2002838 || 9 || web-application-activity || 0 || ET POLICY Google Search Appliance browsing the Internet || url,www.google.com/enterprise/gsa/index.html || url,doc.emergingthreats.net/2002838
1 || 2002839 || 6 || trojan-activity || 0 || ET MALWARE My Search Spyware Config Download || url,doc.emergingthreats.net/bin/view/Main/2002839
1 || 2002840 || 6 || policy-violation || 0 || ET MALWARE Freeze.com Spyware/Adware (Install) || url,doc.emergingthreats.net/bin/view/Main/2002840
1 || 2002841 || 7 || policy-violation || 0 || ET MALWARE Freeze.com Spyware/Adware (Install Registration) || url,doc.emergingthreats.net/bin/view/Main/2002841
1 || 2002842 || 4 || protocol-command-decode || 0 || ET SCAN MYSQL 4.1 brute force root login attempt || url,www.redferni.uklinux.net/mysql/MySQL-Protocol.html || url,doc.emergingthreats.net/2002842
1 || 2002843 || 4 || attempted-dos || 0 || ET DOS Microsoft Streaming Server Malformed Request || bugtraq,1282 || url,www.microsoft.com/technet/security/bulletin/ms00-038.mspx || url,doc.emergingthreats.net/bin/view/Main/2002843
1 || 2002844 || 7 || web-application-attack || 0 || ET WEB_SERVER WebDAV search overflow || cve,2003-0109 || url,doc.emergingthreats.net/2002844
1 || 2002845 || 5 || attempted-admin || 0 || ET EXPLOIT MSSQL Hello Overflow Attempt || cve,2002-1123 || bugtraq,5411 || url,doc.emergingthreats.net/bin/view/Main/2002845
1 || 2002848 || 7 || attempted-user || 0 || ET VOIP SIP UDP Softphone INVITE overflow || bugtraq,16213 || cve,2006-0189 || url,doc.emergingthreats.net/bin/view/Main/2002848
1 || 2002849 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Google Appliance External Proxy Stylesheet || bugtraq,15509 || cve,2005-3758 || url,doc.emergingthreats.net/2002849
1 || 2002850 || 5 || not-suspicious || 0 || ET FTP USER login flowbit || url,doc.emergingthreats.net/bin/view/Main/2002850
1 || 2002851 || 5 || attempted-recon || 0 || ET FTP HP-UX LIST command without login || cve,2005-3296 || bugtraq,15138 || url,doc.emergingthreats.net/bin/view/Main/2002851
1 || 2002852 || 5 || attempted-user || 0 || ET EXPLOIT HP-UX Printer LPD Command Insertion || cve,2005-3277 || bugtraq,15136 || url,doc.emergingthreats.net/bin/view/Main/2002852
1 || 2002853 || 5 || attempted-dos || 0 || ET DOS FreeBSD NFS RPC Kernel Panic || cve,2006-0900 || bugtraq,19017 || url,doc.emergingthreats.net/bin/view/Main/2002853
1 || 2002855 || 7 || policy-violation || 0 || ET GAMES Blizzard Downloader || url,www.worldofwarcraft.com/info/faq/blizzarddownloader.html || url,doc.emergingthreats.net/bin/view/Main/2002855
1 || 2002856 || 9 || unknown || 0 || ET DELETED Suspicious POST to ROBOTS.TXT || url,doc.emergingthreats.net/bin/view/Main/2002856
1 || 2002857 || 5 || trojan-activity || 0 || ET TROJAN Win32.VB.aie Reporting User Activity || url,doc.emergingthreats.net/2002857
1 || 2002858 || 5 || policy-violation || 0 || ET MALWARE Fun Web Products StationaryChooser Spyware || url,www.funwebproducts.com || url,doc.emergingthreats.net/bin/view/Main/2002858
1 || 2002859 || 7 || trojan-activity || 0 || ET TROJAN PassSickle Reporting User Activity || url,doc.emergingthreats.net/2002859
1 || 2002861 || 11 || web-application-attack || 0 || ET ACTIVEX Danim.dll and Dxtmsft.dll COM Objects || cve,2006-1186 || url,www.microsoft.com/technet/security/bulletin/ms06-013.mspx || url,doc.emergingthreats.net/2002861
1 || 2002863 || 8 || attempted-recon || 0 || ET DELETED osCommerce vulnerable web application extras update.php exists || url,retrogod.altervista.org/oscommerce_22_adv.html || url,doc.emergingthreats.net/2002863
1 || 2002864 || 6 || attempted-recon || 0 || ET WEB_SERVER osCommerce extras/update.php disclosure || url,retrogod.altervista.org/oscommerce_22_adv.html || url,doc.emergingthreats.net/2002864
1 || 2002865 || 6 || attempted-user || 0 || ET WEB_SERVER Novell GroupWise Messenger Accept Language Buffer Overflow || cve,2006-0992 || bugtraq,17503 || url,doc.emergingthreats.net/2002865
1 || 2002866 || 6 || policy-violation || 0 || ET POLICY Winpcap Installation in Progress || url,www.winpcap.org || url,doc.emergingthreats.net/2002866
1 || 2002867 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde 3.0.9-3.1.0 Help Viewer Remote PHP Exploit || url,www.milw0rm.com/exploits/1660 || cve,2006-1491 || bugtraq,17292 || url,doc.emergingthreats.net/2002867
1 || 2002868 || 10 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Horde Web Mail Help Access || cve,2006-1491 || bugtraq,17292 || url,doc.emergingthreats.net/2002868
1 || 2002869 || 8 || web-application-attack || 0 || ET WEB_SERVER WebAttacker kit (exploit1 ie0601) || url,doc.emergingthreats.net/2002869
1 || 2002870 || 8 || web-application-attack || 0 || ET WEB_SERVER WebAttacker kit (exploit ie0604) || url,doc.emergingthreats.net/2002870
1 || 2002871 || 7 || web-application-attack || 0 || ET WEB_SERVER WebAttacker kit (bug ie0604) || url,doc.emergingthreats.net/2002871
1 || 2002872 || 6 || policy-violation || 0 || ET POLICY Myspace Login Attempt || url,doc.emergingthreats.net/2002872
1 || 2002874 || 14 || trojan-activity || 0 || ET TROJAN Metafisher/Goldun User-Agent (z) || url,doc.emergingthreats.net/2002874
1 || 2002877 || 14 || trojan-activity || 0 || ET TROJAN TROJAN BankSnif/Nethelper User-Agent (nethelper) || url,doc.emergingthreats.net/2002877
1 || 2002878 || 8 || policy-violation || 0 || ET POLICY iTunes User Agent || url,hcsoftware.sourceforge.net/jason-rohrer/itms4all/ || url,doc.emergingthreats.net/2002878
1 || 2002879 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP phpMyAgenda rootagenda Remote File Include Attempt || cve,2006-2009 || bugtraq,17670 || url,doc.emergingthreats.net/2002879
1 || 2002880 || 8 || attempted-dos || 0 || ET SNMP Cisco Non-Trap PDU request on SNMPv1 trap port || cve,2004-0714 || bugtraq,10186 || url,doc.emergingthreats.net/bin/view/Main/2002880
1 || 2002881 || 8 || attempted-dos || 0 || ET SNMP Cisco Non-Trap PDU request on SNMPv2 trap port || cve,2004-0714 || bugtraq,10186 || url,doc.emergingthreats.net/bin/view/Main/2002881
1 || 2002882 || 7 || attempted-dos || 0 || ET SNMP Cisco Non-Trap PDU request on SNMPv3 trap port || cve,2004-0714 || bugtraq,10186 || url,doc.emergingthreats.net/bin/view/Main/2002882
1 || 2002886 || 3 || attempted-admin || 0 || ET EXPLOIT SYS get_domain_index_metadata Privilege Escalation Attempt || bugtraq,17699 || url,doc.emergingthreats.net/bin/view/Main/2002886
1 || 2002887 || 4 || attempted-admin || 0 || ET EXPLOIT SYS get_domain_index_tables Access || bugtraq,17699 || url,doc.emergingthreats.net/bin/view/Main/2002887
1 || 2002888 || 4 || attempted-admin || 0 || ET EXPLOIT SYS get_v2_domain_index_tables Privilege Escalation Attempt || bugtraq,17699 || url,doc.emergingthreats.net/bin/view/Main/2002888
1 || 2002889 || 8 || attempted-user || 0 || ET ACTIVEX JuniperSetup Control Buffer Overflow || url,www.eeye.com/html/research/advisories/AD20060424.html || url,doc.emergingthreats.net/2002889
1 || 2002892 || 4 || trojan-activity || 0 || ET DELETED Mytob.X clam SMTP Inbound || url,www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=42326 || url,doc.emergingthreats.net/2002892
1 || 2002893 || 4 || trojan-activity || 0 || ET DELETED Mytob.X clam SMTP Outbound || url,www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=42326 || url,doc.emergingthreats.net/2002893
1 || 2002894 || 4 || trojan-activity || 0 || ET DELETED W32.Nugache SMTP Inbound || url,www.symantec.com/avcenter/venc/data/w32.nugache.a@mm.html || url,doc.emergingthreats.net/2002894
1 || 2002895 || 4 || trojan-activity || 0 || ET DELETED W32.Nugache SMTP Outbound || url,www.symantec.com/avcenter/venc/data/w32.nugache.a@mm.html || url,doc.emergingthreats.net/2002895
1 || 2002896 || 6 || attempted-recon || 0 || ET EXPLOIT Symantec Scan Engine Request Password Hash || cve,2006-0230 || bugtraq,17637 || url,doc.emergingthreats.net/bin/view/Main/2002896
1 || 2002897 || 10 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Horde README access probe || cve,CVE-2006-1491 || url,csirt.terradon.com/postarchive.php?month=4&year=2006#article28 || url,doc.emergingthreats.net/2002897
1 || 2002898 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Web Calendar Remote File Inclusion Attempt || bugtraq,14651 || cve,2005-2717 || url,doc.emergingthreats.net/2002898
1 || 2002899 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP VWar Remote File Inclusion get_header.php || url,www.milw0rm.com/exploits/1632 || cve,2006-1636 || bugtraq,17358 || url,doc.emergingthreats.net/2002899
1 || 2002900 || 6 || web-application-attack || 0 || ET WEB_SERVER CGI AWstats Migrate Command Attempt || bugtraq,17844 || url,doc.emergingthreats.net/2002900
1 || 2002901 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Aardvark Topsites PHP CONFIG PATH Remote File Include Attempt || cve,CVE-2006-2149 || url,www.osvdb.org/25158 || url,doc.emergingthreats.net/2002901
1 || 2002902 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP VWar Remote File Inclusion functions_install.php || cve,2006-1503 || bugtraq,17290 || url,doc.emergingthreats.net/2002902
1 || 2002903 || 5 || shellcode-detect || 0 || ET SHELLCODE x86 PexFnstenvMov/Sub Encoder || url,doc.emergingthreats.net/bin/view/Main/2002903
1 || 2002904 || 5 || shellcode-detect || 0 || ET SHELLCODE x86 Alpha2 GetEIPs Encoder || url,doc.emergingthreats.net/bin/view/Main/2002904
1 || 2002905 || 5 || shellcode-detect || 0 || ET SHELLCODE x86 Countdown Encoder || url,doc.emergingthreats.net/bin/view/Main/2002905
1 || 2002906 || 5 || shellcode-detect || 0 || ET SHELLCODE x86 PexAlphaNum Encoder || url,doc.emergingthreats.net/bin/view/Main/2002906
1 || 2002907 || 5 || shellcode-detect || 0 || ET SHELLCODE x86 PexCall Encoder || url,doc.emergingthreats.net/bin/view/Main/2002907
1 || 2002908 || 5 || shellcode-detect || 0 || ET SHELLCODE x86 JmpCallAdditive Encoder || url,doc.emergingthreats.net/bin/view/Main/2002908
1 || 2002910 || 4 || attempted-recon || 0 || ET SCAN Potential VNC Scan 5800-5820 || url,doc.emergingthreats.net/2002910
1 || 2002911 || 4 || attempted-recon || 0 || ET SCAN Potential VNC Scan 5900-5920 || url,doc.emergingthreats.net/2002911
1 || 2002912 || 7 || misc-activity || 0 || ET EXPLOIT VNC Possible Vulnerable Server Response || url,www.realvnc.com/docs/rfbproto.pdf || cve,2006-2369 || url,doc.emergingthreats.net/bin/view/Main/2002912
1 || 2002913 || 7 || misc-activity || 0 || ET EXPLOIT VNC Client response || url,www.realvnc.com/docs/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002913
1 || 2002914 || 6 || misc-activity || 0 || ET EXPLOIT VNC Server VNC Auth Offer || url,www.realvnc.com/docs/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002914
1 || 2002915 || 6 || attempted-admin || 0 || ET EXPLOIT VNC Authentication Reply || url,www.realvnc.com/docs/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002915
1 || 2002916 || 6 || attempted-admin || 0 || ET EXPLOIT RealVNC Authentication Bypass Attempt || url,secunia.com/advisories/20107/ || url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html || cve,2006-2369 || url,doc.emergingthreats.net/bin/view/Main/2002916
1 || 2002917 || 6 || successful-admin || 0 || ET EXPLOIT RealVNC Server Authentication Bypass Successful || url,secunia.com/advisories/20107/ || url,archives.neohapsis.com/archives/fulldisclosure/2006-05/0356.html || cve,2006-2369 || url,doc.emergingthreats.net/bin/view/Main/2002917
1 || 2002918 || 6 || misc-activity || 0 || ET EXPLOIT VNC Server VNC Auth Offer - No Challenge string || url,www.realvnc.com/docs/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002918
1 || 2002919 || 7 || attempted-admin || 0 || ET EXPLOIT VNC Good Authentication Reply || url,www.realvnc.com/docs/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002919
1 || 2002920 || 5 || attempted-admin || 0 || ET POLICY VNC Authentication Failure || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002920
1 || 2002921 || 6 || attempted-admin || 0 || ET EXPLOIT VNC Multiple Authentication Failures || url,www.realvnc.com/docs/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002921
1 || 2002922 || 5 || not-suspicious || 0 || ET POLICY VNC Authentication Successful || url,www.cl.cam.ac.uk/Research/DTG/attarchive/vnc/rfbproto.pdf || url,doc.emergingthreats.net/bin/view/Main/2002922
1 || 2002923 || 6 || misc-activity || 0 || ET EXPLOIT VNC Server Not Requiring Authentication (case 2) || url,www.realvnc.com/docs/rfbproto.pdf || cve,2006-2369 || url,doc.emergingthreats.net/bin/view/Main/2002923
1 || 2002924 || 7 || misc-activity || 0 || ET EXPLOIT VNC Server Not Requiring Authentication || url,www.realvnc.com/docs/rfbproto.pdf || cve,2006-2369 || url,doc.emergingthreats.net/bin/view/Main/2002924
1 || 2002925 || 5 || policy-violation || 0 || ET INAPPROPRIATE Google Image Search, Safe Mode Off || url,doc.emergingthreats.net/bin/view/Main/2002925
1 || 2002926 || 7 || attempted-dos || 0 || ET SNMP Cisco Non-Trap PDU request on SNMPv1 random port || cve,2004-0714 || bugtraq,10186 || url,doc.emergingthreats.net/bin/view/Main/2002926
1 || 2002927 || 7 || attempted-dos || 0 || ET SNMP Cisco Non-Trap PDU request on SNMPv2 random port || cve,2004-0714 || bugtraq,10186 || url,doc.emergingthreats.net/bin/view/Main/2002927
1 || 2002928 || 7 || attempted-dos || 0 || ET SNMP Cisco Non-Trap PDU request on SNMPv3 random port || cve,2004-0714 || bugtraq,10186 || url,doc.emergingthreats.net/bin/view/Main/2002928
1 || 2002929 || 7 || trojan-activity || 0 || ET TROJAN Haxdoor Reporting User Activity 2 || url,doc.emergingthreats.net/2002929 || url,www.symantec.com/security_response/writeup.jsp?docid=2003-113016-1420-99&tabid=2 || url,www.threatexpert.com/report.aspx?md5=e787c4437ff67061983cd08458f71c94 || url,www.threatexpert.com/report.aspx?md5=d86b9eaf9682d60cb8b928dc6ac40954 || url,www.threatexpert.com/report.aspx?md5=1777f0ffa890ebfcc7587957f2d08dca || md5,0995ecb8bb78f510ae995a50be0c351a
1 || 2002931 || 5 || trojan-activity || 0 || ET MALWARE CWS Trafcool.biz Related Installer || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035 || url,doc.emergingthreats.net/bin/view/Main/2002931
1 || 2002932 || 5 || trojan-activity || 0 || ET MALWARE CWS Related Installer || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035 || url,doc.emergingthreats.net/bin/view/Main/2002932
1 || 2002933 || 5 || trojan-activity || 0 || ET MALWARE CWS Spy-Sheriff.com Infeced Buy Page Request || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453076035 || url,doc.emergingthreats.net/bin/view/Main/2002933
1 || 2002934 || 9 || attempted-recon || 0 || ET POLICY libwww-perl User Agent || url,www.linpro.no/lwp/ || url,doc.emergingthreats.net/2002934
1 || 2002935 || 9 || attempted-recon || 0 || ET POLICY Possible Web Crawl - libwww-perl User Agent || url,www.linpro.no/lwp/ || url,doc.emergingthreats.net/2002935
1 || 2002937 || 7 || web-application-attack || 0 || ET WEB_SERVER WebAttacker kit (ie0606) || url,doc.emergingthreats.net/2002937
1 || 2002938 || 5 || trojan-activity || 0 || ET TROJAN elitekeylogger v1.0 reporting - Inbound || url,doc.emergingthreats.net/2002938
1 || 2002940 || 4 || trojan-activity || 0 || ET TROJAN XP keylogger v2.1 mail report - Inbound || url,doc.emergingthreats.net/2002940
1 || 2002941 || 5 || trojan-activity || 0 || ET TROJAN elitekeylogger v1.0 reporting - Outbound || url,doc.emergingthreats.net/2002941
1 || 2002942 || 4 || trojan-activity || 0 || ET TROJAN XP keylogger v2.1 mail report - Outbound || url,doc.emergingthreats.net/2002942
1 || 2002943 || 9 || attempted-recon || 0 || ET POLICY python.urllib User Agent Web Crawl || url,docs.python.org/lib/module-urllib.html || url,doc.emergingthreats.net/2002943
1 || 2002944 || 8 || attempted-recon || 0 || ET POLICY python.urllib User Agent || url,docs.python.org/lib/module-urllib.html || url,doc.emergingthreats.net/2002944
1 || 2002945 || 12 || attempted-recon || 0 || ET POLICY Java Url Lib User Agent Web Crawl || url,www.mozilla.org/docs/netlib/seealso/netmods.html || url,doc.emergingthreats.net/2002945
1 || 2002946 || 9 || attempted-recon || 0 || ET POLICY Java Url Lib User Agent || url,www.mozilla.org/docs/netlib/seealso/netmods.html || url,doc.emergingthreats.net/2002946
1 || 2002947 || 7 || attempted-admin || 0 || ET GAMES PunkBuster Server webkey Buffer Overflow || url,aluigi.altervista.org/adv/pbwebbof-adv.txt || url,doc.emergingthreats.net/2002947
1 || 2002948 || 10 || policy-violation || 0 || ET POLICY External Windows Update in Progress || url,windowsupdate.microsoft.com || url,doc.emergingthreats.net/2002948
1 || 2002949 || 9 || policy-violation || 0 || ET POLICY Windows Update in Progress || url,windowsupdate.microsoft.com || url,doc.emergingthreats.net/2002949
1 || 2002950 || 6 || policy-violation || 0 || ET P2P TOR 1.0 Server Key Retrieval || url,tor.eff.org || url,doc.emergingthreats.net/2002950
1 || 2002951 || 5 || policy-violation || 0 || ET P2P TOR 1.0 Status Update || url,tor.eff.org || url,doc.emergingthreats.net/2002951
1 || 2002952 || 5 || policy-violation || 0 || ET P2P TOR 1.0 Inbound Circuit Traffic || url,tor.eff.org || url,doc.emergingthreats.net/2002952
1 || 2002953 || 5 || policy-violation || 0 || ET P2P TOR 1.0 Outbound Circuit Traffic || url,tor.eff.org || url,doc.emergingthreats.net/2002953
1 || 2002954 || 6 || trojan-activity || 0 || ET MALWARE Bravesentry.com Fake Antispyware Download || url,www.bravesentry.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=BraveSentry&threatid=44152 || url,doc.emergingthreats.net/bin/view/Main/2002954
1 || 2002955 || 7 || trojan-activity || 0 || ET MALWARE Win32/Tibs Checkin || md5,65448c8678f03253ef380c375d6670ce
1 || 2002956 || 5 || trojan-activity || 0 || ET MALWARE Bestcount.net Spyware Downloading vxgame || url,reports.internic.net/cgi/whois?whois_nic=bestcount.net&type=domain || url,doc.emergingthreats.net/bin/view/Main/2002956
1 || 2002957 || 5 || trojan-activity || 0 || ET MALWARE Bestcount.net Spyware Initial Infection Download || url,reports.internic.net/cgi/whois?whois_nic=bestcount.net&type=domain || url,doc.emergingthreats.net/bin/view/Main/2002957
1 || 2002959 || 6 || trojan-activity || 0 || ET TROJAN Tibs Checkin || url,doc.emergingthreats.net/2002959
1 || 2002960 || 7 || trojan-activity || 0 || ET DELETED Tibs Download || url,doc.emergingthreats.net/2002960
1 || 2002961 || 5 || trojan-activity || 0 || ET TROJAN Tibs Checkin 2 || url,doc.emergingthreats.net/2002961
1 || 2002962 || 7 || trojan-activity || 0 || ET DELETED Tibs Code Download || url,doc.emergingthreats.net/2002962
1 || 2002963 || 8 || trojan-activity || 0 || ET TROJAN Generic Spambot-Spyware Access || url,doc.emergingthreats.net/2002963
1 || 2002964 || 5 || trojan-activity || 0 || ET TROJAN Generic Spyware Update Download || url,doc.emergingthreats.net/2002964
1 || 2002965 || 7 || trojan-activity || 0 || ET DELETED Generic Spambot Spam Download || url,doc.emergingthreats.net/2002965
1 || 2002966 || 5 || trojan-activity || 0 || ET MALWARE Elitemediagroup.net Spyware Config Download || url,elitemediagroup.net || url,doc.emergingthreats.net/bin/view/Main/2002966
1 || 2002967 || 5 || trojan-activity || 0 || ET MALWARE Dollarrevenue.com Spyware Code Download || url,dollarrevenue.com || url,doc.emergingthreats.net/bin/view/Main/2002967
1 || 2002971 || 5 || attempted-user || 0 || ET ACTIVEX Wmm2fxa.dll COM Object Instantiation Memory Corruption CLSID 1 Access Attempt || cve,2006-1303 || bugtraq,18328 || url,www.microsoft.com/technet/security/bulletin/ms06-021.mspx || url,doc.emergingthreats.net/2002971
1 || 2002973 || 4 || misc-activity || 0 || ET SCAN Behavioral Unusual Port 3127 traffic, Potential Scan or Backdoor || url,doc.emergingthreats.net/2002973
1 || 2002974 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Hupigon Possible Control Connection Being Established || url,www.avira.com/en/threats/section/fulldetails/id_vir/1051/bds_hupigon.bo.html || url,doc.emergingthreats.net/2002974
1 || 2002975 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Hupigon INFECTION - Reporting Host Type || url,www.avira.com/en/threats/section/fulldetails/id_vir/1051/bds_hupigon.bo.html || url,doc.emergingthreats.net/2002975
1 || 2002976 || 8 || trojan-activity || 0 || ET TROJAN Banker.Delf Infection - Sending Initial Email to Owner || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2002976
1 || 2002977 || 4 || trojan-activity || 0 || ET TROJAN Banload Downloader Infection - Sending initial email to owner || url,www.viruslist.com/en/viruses/encyclopedia?virusid=95586 || url,doc.emergingthreats.net/2002977
1 || 2002978 || 6 || trojan-activity || 0 || ET TROJAN Banker.Delf Infection variant 2 - Sending Initial Email to Owner || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2002978
1 || 2002979 || 4 || trojan-activity || 0 || ET TROJAN SC-KeyLog Keylogger Installed - Sending Initial Email Report || url,www.soft-central.net/keylog.php || url,doc.emergingthreats.net/2002979
1 || 2002980 || 4 || trojan-activity || 0 || ET TROJAN Banker.Delf Infection variant 3 - Sending Initial Email to Owner || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2002980
1 || 2002981 || 4 || trojan-activity || 0 || ET TROJAN Banker.Delf Infection variant 4 - Sending Initial Email to Owner || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2002981
1 || 2002982 || 6 || trojan-activity || 0 || ET TROJAN GENERAL Possible Trojan Sending Initial Email to Owner - INFECTADO || url,doc.emergingthreats.net/2002982
1 || 2002983 || 3 || trojan-activity || 0 || ET TROJAN GENERAL Possible Trojan Sending Initial Email to Owner - SUCCESSO || url,doc.emergingthreats.net/2002983
1 || 2002984 || 6 || trojan-activity || 0 || ET MALWARE SpySherriff Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2002984
1 || 2002987 || 6 || trojan-activity || 0 || ET MALWARE Jupitersatellites.biz Spyware Download || url,doc.emergingthreats.net/bin/view/Main/2002987
1 || 2002988 || 9 || trojan-activity || 0 || ET MALWARE Possible Spambot Checking in to Spam || url,doc.emergingthreats.net/bin/view/Main/2002988
1 || 2002989 || 8 || trojan-activity || 0 || ET DELETED Possible Spambot getting new exe url || url,doc.emergingthreats.net/bin/view/Main/2002989
1 || 2002990 || 9 || trojan-activity || 0 || ET MALWARE Possible Spambot Pulling IP List to Spam || url,doc.emergingthreats.net/bin/view/Main/2002990
1 || 2002991 || 6 || trojan-activity || 0 || ET MALWARE Possible Spambot getting new exe || url,doc.emergingthreats.net/bin/view/Main/2002991
1 || 2002992 || 6 || misc-activity || 0 || ET SCAN Rapid POP3 Connections - Possible Brute Force Attack || url,doc.emergingthreats.net/2002992
1 || 2002993 || 6 || misc-activity || 0 || ET SCAN Rapid POP3S Connections - Possible Brute Force Attack || url,doc.emergingthreats.net/2002993
1 || 2002994 || 6 || misc-activity || 0 || ET SCAN Rapid IMAP Connections - Possible Brute Force Attack || url,doc.emergingthreats.net/2002994
1 || 2002995 || 9 || misc-activity || 0 || ET SCAN Rapid IMAPS Connections - Possible Brute Force Attack || url,doc.emergingthreats.net/2002995
1 || 2002996 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GeekLog Remote File Include Vulnerability || url,securitydot.net/xpl/exploits/vulnerabilities/articles/1122/exploit.html || url,doc.emergingthreats.net/2002996
1 || 2002997 || 11 || web-application-attack || 0 || ET WEB_SERVER PHP Remote File Inclusion (monster list http) || url,www.sans.org/top20/ || url,doc.emergingthreats.net/2002997
1 || 2002998 || 7 || attempted-dos || 0 || ET DELETED HELO Non-Displayable Characters MailEnable Denial of Service || cve,2006-3277 || bugtraq,18630 || url,doc.emergingthreats.net/bin/view/Main/2002998
1 || 2002999 || 5 || trojan-activity || 0 || ET MALWARE /jk/exp.wmf Exploit Code Load Attempt || url,doc.emergingthreats.net/bin/view/Main/2002999
1 || 2003000 || 6 || trojan-activity || 0 || ET MALWARE PopupSh.ocx Access Attempt || url,doc.emergingthreats.net/bin/view/Main/2003000
1 || 2003002 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Hello on Unusual Port TLS || url,doc.emergingthreats.net/2003002
1 || 2003003 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Hello on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003003
1 || 2003004 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Hello on Unusual Port Case 2 || url,doc.emergingthreats.net/2003004
1 || 2003005 || 9 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Hello on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003005
1 || 2003006 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Key Exchange on Unusual Port || url,doc.emergingthreats.net/2003006
1 || 2003007 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Key Exchange on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003007
1 || 2003008 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Cipher Set on Unusual Port || url,doc.emergingthreats.net/2003008
1 || 2003009 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Client Cipher Set on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003009
1 || 2003010 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Hello on Unusual Port || url,doc.emergingthreats.net/2003010
1 || 2003011 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Hello on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003011
1 || 2003012 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Certificate Exchange on Unusual Port || url,doc.emergingthreats.net/2003012
1 || 2003013 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Certificate Exchange on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003013
1 || 2003014 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Key Exchange on Unusual Port || url,doc.emergingthreats.net/2003014
1 || 2003015 || 6 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Key Exchange on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003015
1 || 2003016 || 7 || unusual-client-port-connection || 0 || ET DELETED TLS/SSL Server Hello Done on Unusual Port || url,doc.emergingthreats.net/2003016
1 || 2003017 || 6 || unusual-client-port-connection || 0 || ET DELETED TLS/SSL Server Hello Done on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003017
1 || 2003018 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Cipher Set on Unusual Port || url,doc.emergingthreats.net/2003018
1 || 2003019 || 7 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Server Cipher Set on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003019
1 || 2003020 || 9 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Encrypted Application Data on Unusual Port || url,doc.emergingthreats.net/2003020
1 || 2003021 || 8 || unusual-client-port-connection || 0 || ET POLICY TLS/SSL Encrypted Application Data on Unusual Port SSLv3 || url,doc.emergingthreats.net/2003021
1 || 2003022 || 4 || policy-violation || 0 || ET CHAT Skype Bootstrap Node (udp) || url,www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-039-04.pdf || url,doc.emergingthreats.net/2003022
1 || 2003023 || 9 || web-application-activity || 0 || ET WEB_CLIENT IE StructuredGraphicsControl SourceURL Bug MoBB#6 || url,browserfun.blogspot.com/2006/07/mobb-6-structuredgraphicscontrol.html || cve,2006-3427 || url,doc.emergingthreats.net/bin/view/Main/2003023
1 || 2003025 || 6 || trojan-activity || 0 || ET DELETED Unknown Web Bot Controller Accessed || url,doc.emergingthreats.net/bin/view/Main/2003025
1 || 2003026 || 5 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 443 being excluded from SSL Alerts || url,doc.emergingthreats.net/2003026
1 || 2003027 || 5 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8000 being excluded from SSL Alerts || url,doc.emergingthreats.net/2003027
1 || 2003028 || 5 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8080 being excluded from SSL Alerts || url,doc.emergingthreats.net/2003028
1 || 2003029 || 5 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8200 being excluded from SSL Alerts || url,doc.emergingthreats.net/2003029
1 || 2003030 || 5 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8443 being excluded from SSL Alerts || url,doc.emergingthreats.net/2003030
1 || 2003031 || 5 || not-suspicious || 0 || ET CHAT Known SSL traffic on port 5222 (Jabber) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003031
1 || 2003032 || 5 || not-suspicious || 0 || ET CHAT Known SSL traffic on port 5223 (Jabber) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003032
1 || 2003033 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 2967 (Symantec) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003033
1 || 2003034 || 4 || trojan-activity || 0 || ET DELETED Trojan.Downloader.Time2Pay.AQ || url,research.sunbelt-software.com || url,doc.emergingthreats.net/bin/view/Main/2003034
1 || 2003035 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 3128 (proxy) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003035
1 || 2003036 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8080 (proxy) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003036
1 || 2003037 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8292 (Bloomberg) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003037
1 || 2003038 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 8294 (Bloomberg) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003038
1 || 2003039 || 4 || attempted-user || 0 || ET EXPLOIT UPnP DLink M-Search Overflow Attempt || url,www.eeye.com/html/research/advisories/AD20060714.html || url,doc.emergingthreats.net/bin/view/Main/2003039
1 || 2003040 || 4 || policy-violation || 0 || ET DELETED PCMesh Anonymous Proxy client connect || url,doc.emergingthreats.net/2003040
1 || 2003041 || 7 || trojan-activity || 0 || ET DELETED Win32.SMTP-Mailer SMTP Outbound || url,research.sunbelt-software.com/threatdisplay.aspx?name=Win32.SMTP-Mailer&threatid=48095 || url,www.hauri.net/virus/virusinfo_read.php?code=TRW3000774&start=1 || url,doc.emergingthreats.net/2003041
1 || 2003045 || 4 || policy-violation || 0 || ET DELETED Real.com Game Arcade Install (User agent) || url,doc.emergingthreats.net/2003045
1 || 2003046 || 3 || policy-violation || 0 || ET DELETED Real.com Game Arcade Install || url,doc.emergingthreats.net/2003046
1 || 2003047 || 4 || policy-violation || 0 || ET POLICY Proxy Judge Discovery/Evasion (prxjdg.cgi) || url,doc.emergingthreats.net/2003047
1 || 2003048 || 4 || policy-violation || 0 || ET POLICY Proxy Judge Discovery/Evasion (proxyjudge.cgi) || url,doc.emergingthreats.net/2003048
1 || 2003055 || 12 || non-standard-protocol || 0 || ET MALWARE Suspicious FTP 220 Banner on Local Port (-) || url,doc.emergingthreats.net/bin/view/Main/2003055
1 || 2003056 || 5 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS EiQNetworks Security Analyzer Buffer Overflow || cve,2006-3838 || url,secunia.com/advisories/21211/ || url,doc.emergingthreats.net/2003056
1 || 2003057 || 5 || trojan-activity || 0 || ET MALWARE 180solutions Spyware Actionlibs Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003057
1 || 2003058 || 5 || trojan-activity || 0 || ET MALWARE 180solutions (Zango) Spyware Installer Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003058
1 || 2003059 || 5 || trojan-activity || 0 || ET MALWARE 180solutions (Zango) Spyware TB Installer Download || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003059
1 || 2003060 || 5 || trojan-activity || 0 || ET MALWARE 180solutions (Zango) Spyware Local Stats Post || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003060
1 || 2003061 || 4 || trojan-activity || 0 || ET MALWARE 180solutions (Zango) Spyware Event Activity Post || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003061
1 || 2003062 || 11 || trojan-activity || 0 || ET USER_AGENTS 180 Solutions (Zango Installer) User Agent || url,doc.emergingthreats.net/2003062
1 || 2003063 || 7 || web-application-attack || 0 || ET WEB_SERVER WebAttacker RootLauncher || url,doc.emergingthreats.net/2003063
1 || 2003064 || 7 || attempted-admin || 0 || ET DELETED Cisco-MARS/JBoss jmx-console POST || bugtraq,19071 || url,doc.emergingthreats.net/bin/view/Main/2003064
1 || 2003065 || 7 || attempted-admin || 0 || ET DELETED Cisco-MARS/JBoss Remote Command Execution || bugtraq,19071 || url,doc.emergingthreats.net/bin/view/Main/2003065
1 || 2003066 || 4 || trojan-activity || 0 || ET TROJAN Torpig Reporting User Activity (wur8) || url,www.sophos.com/virusinfo/analyses/trojtorpigr.html || url,doc.emergingthreats.net/2003066
1 || 2003067 || 5 || attempted-dos || 0 || ET EXPLOIT DOS Microsoft Windows SRV.SYS MAILSLOT  || url,www.milw0rm.com/exploits/2057 || url,www.microsoft.com/technet/security/bulletin/MS06-035.mspx || url,doc.emergingthreats.net/bin/view/Main/2003067
1 || 2003068 || 6 || attempted-recon || 0 || ET SCAN Potential SSH Scan OUTBOUND || url,en.wikipedia.org/wiki/Brute_force_attack || url,doc.emergingthreats.net/2003068
1 || 2003069 || 4 || policy-violation || 0 || ET DELETED Anonymous Proxy Traffic from Inside || url,doc.emergingthreats.net/2003069
1 || 2003070 || 6 || trojan-activity || 0 || ET WORM Korgo.U Reporting || url,www.f-secure.com/v-descs/korgo_u.shtml || url,doc.emergingthreats.net/2003070
1 || 2003071 || 7 || misc-activity || 0 || ET ATTACK_RESPONSE Possible /etc/passwd via HTTP (BSD style) || url,doc.emergingthreats.net/bin/view/Main/2003071
1 || 2003072 || 5 || attempted-admin || 0 || ET EXPLOIT Linksys WRT54g Authentication Bypass Attempt || url,secunia.com/advisories/21372/ || url,doc.emergingthreats.net/bin/view/Main/2003072
1 || 2003073 || 4 || trojan-activity || 0 || ET DELETED ICMP Banking Trojan sending encrypted stolen data || url,www.websensesecuritylabs.com/alerts/alert.php?AlertID=570 || url,doc.emergingthreats.net/2003073
1 || 2003074 || 5 || trojan-activity || 0 || ET MALWARE Content-loader.com Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2003074
1 || 2003075 || 5 || trojan-activity || 0 || ET MALWARE Content-loader.com Spyware Install 2 || url,doc.emergingthreats.net/bin/view/Main/2003075
1 || 2003076 || 5 || trojan-activity || 0 || ET MALWARE Content-loader.com (ownusa.info) Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2003076
1 || 2003081 || 5 || misc-attack || 0 || ET NETBIOS NETBIOS SMB DCERPC NetrpPathCanonicalize request (possible MS06-040) || url,www.microsoft.com/technet/security/bulletin/MS06-040.mspx || url,doc.emergingthreats.net/bin/view/Main/2003081
1 || 2003082 || 5 || misc-attack || 0 || ET NETBIOS NETBIOS SMB-DS DCERPC NetrpPathCanonicalize request (possible MS06-040) || url,www.microsoft.com/technet/security/bulletin/MS06-040.mspx || url,doc.emergingthreats.net/bin/view/Main/2003082
1 || 2003083 || 6 || trojan-activity || 0 || ET TROJAN Dialer || url,isc.sans.org/diary.php?storyid=1388 || url,doc.emergingthreats.net/2003083
1 || 2003084 || 5 || trojan-activity || 0 || ET MALWARE TROJAN_VB Microjoin || url,de.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?VName=TROJ_VB.AWW || url,doc.emergingthreats.net/bin/view/Main/2003084
1 || 2003085 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TWiki Configure Script TYPEOF Remote Command Execution Attempt || cve,CVE-2006-3819 || bugtraq,19188 || url,doc.emergingthreats.net/2003085
1 || 2003086 || 6 || web-application-attack || 0 || ET WEB_SERVER Barracuda Spam Firewall preview_email.cgi Remote Command Execution || bugtraq,19276 || url,doc.emergingthreats.net/2003086
1 || 2003087 || 7 || web-application-attack || 0 || ET WEB_SERVER Barracuda Spam Firewall preview_email.cgi Remote Directory Traversal Attempt || bugtraq,19276 || url,doc.emergingthreats.net/2003087
1 || 2003089 || 4 || policy-violation || 0 || ET GAMES STEAM Connection (v2) || url,doc.emergingthreats.net/bin/view/Main/2003089
1 || 2003092 || 3 || policy-violation || 0 || ET DELETED Gmail gtalk || url,doc.emergingthreats.net/2003092
1 || 2003094 || 3 || trojan-activity || 0 || ET TROJAN VMM Detecting Torpig/Anserin/Sinowal Trojan || url,doc.emergingthreats.net/2003094
1 || 2003095 || 3 || trojan-activity || 0 || ET TROJAN (UPX) VMM Detecting Torpig/Anserin/Sinowal Trojan || url,doc.emergingthreats.net/2003095
1 || 2003096 || 4 || misc-activity || 0 || ET DELETED Possible Image Spam Inbound (simple rule) || url,doc.emergingthreats.net/2003096
1 || 2003097 || 4 || misc-activity || 0 || ET DELETED Possible Image Spam Inbound (complex rule) || url,doc.emergingthreats.net/2003097
1 || 2003099 || 7 || web-application-activity || 0 || ET WEB_SERVER Poison Null Byte || cve,2006-4542 || cve,2006-4458 || cve,2006-3602 || url,www.security-assessment.com/Whitepapers/0x00_vs_ASP_File_Uploads.pdf || url,doc.emergingthreats.net/2003099
1 || 2003102 || 12 || attempted-user || 0 || ET ACTIVEX Microsoft Multimedia Controls - ActiveX control's spline function call CLSID || url,www.osvdb.org/displayvuln.php?osvdb_id=28841 || cve,2006-4446 || url,doc.emergingthreats.net/2003102
1 || 2003103 || 10 || attempted-user || 0 || ET ACTIVEX Microsoft Multimedia Controls - ActiveX control's spline function call Object || url, www.osvdb.org/displayvuln.php?osvdb_id=28841 || cve,2006-4446 || url,doc.emergingthreats.net/2003103
1 || 2003104 || 11 || attempted-user || 0 || ET DELETED Microsoft Multimedia Controls - ActiveX control's KeyFrame function call CSLID || url,www.osvdb.org/displayvuln.php?osvdb_id=28842 || cve,2006-4777 || url,doc.emergingthreats.net/2003104
1 || 2003105 || 10 || attempted-user || 0 || ET ACTIVEX Microsoft Multimedia Controls - ActiveX control's KeyFrame function call Object || url,www.osvdb.org/displayvuln.php?osvdb_id=28842 || cve,2006-4777 || url,doc.emergingthreats.net/2003105
1 || 2003110 || 7 || attempted-user || 0 || ET WEB_CLIENT MSIE WebViewFolderIcon setSlice invalid memory copy || url, riosec.com/msie-setslice-vuln || url,osvdb.org/27110 || cve,2006-3730 || url,doc.emergingthreats.net/bin/view/Main/2003110
1 || 2003115 || 7 || trojan-activity || 0 || ET TROJAN - Trojan.Proxy.PPAgent.t (updatea) || url,original.avira.com/en/threats/vdf_history.html?id_vdf=2738 || url,doc.emergingthreats.net/2003115
1 || 2003116 || 7 || trojan-activity || 0 || ET TROJAN - Trojan.Proxy.PPAgent.t (updateb) || url,original.avira.com/en/threats/vdf_history.html?id_vdf=2738 || url,doc.emergingthreats.net/2003116
1 || 2003117 || 4 || shellcode-detect || 0 || ET DELETED SHELLCODE CLET polymorphic payload || url,toorcon.org/2006/conference.html?id=29 || url,doc.emergingthreats.net/2003117
1 || 2003118 || 4 || shellcode-detect || 0 || ET DELETED SHELLCODE Shikata Ga Nai polymorphic payload || url,toorcon.org/2006/conference.html?id=29 || url,doc.emergingthreats.net/2003118
1 || 2003119 || 4 || shellcode-detect || 0 || ET DELETED SHELLCODE ADMutate polymorphic payload || url,toorcon.org/2006/conference.html?id=29 || url,doc.emergingthreats.net/2003119
1 || 2003120 || 4 || misc-activity || 0 || ET DELETED Possible Image Spam Inbound (3) || url,doc.emergingthreats.net/2003120
1 || 2003121 || 6 || policy-violation || 0 || ET POLICY docs.google.com Activity || url,docs.google.com || url,doc.emergingthreats.net/2003121
1 || 2003122 || 6 || policy-violation || 0 || ET DELETED Possible docs.google.com Activity || url,docs.google.com || url,doc.emergingthreats.net/2003122
1 || 2003132 || 7 || trojan-activity || 0 || ET TROJAN BOT - potential DDoS command (2) || url,doc.emergingthreats.net/2003132
1 || 2003138 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan peer exchange || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003138
1 || 2003139 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan SMTP test successful || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003139
1 || 2003140 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan update request || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003140
1 || 2003141 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan AV DLL request || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003141
1 || 2003142 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan spam template request || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003142
1 || 2003143 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan spam run report || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003143
1 || 2003144 || 3 || trojan-activity || 0 || ET TROJAN SpamThru trojan AV scan report || url,www.secureworks.com/analysis/spamthru/ || url,doc.emergingthreats.net/2003144
1 || 2003145 || 5 || web-application-attack || 0 || ET EXPLOIT Novell HttpStk Remote Code Execution Attempt /nds || url,doc.emergingthreats.net/bin/view/Main/2003145
1 || 2003146 || 5 || web-application-attack || 0 || ET EXPLOIT Novell HttpStk Remote Code Execution Attempt /dhost || url,doc.emergingthreats.net/bin/view/Main/2003146
1 || 2003147 || 5 || web-application-attack || 0 || ET EXPLOIT Novell HttpStk Remote Code Execution Attempt /dhost (linewrap) || url,doc.emergingthreats.net/bin/view/Main/2003147
1 || 2003148 || 5 || web-application-attack || 0 || ET EXPLOIT Novell HttpStk Remote Code Execution Attempt /nds (linewrap) || url,doc.emergingthreats.net/bin/view/Main/2003148
1 || 2003149 || 5 || misc-activity || 0 || ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (linux style) || url,doc.emergingthreats.net/bin/view/Main/2003149
1 || 2003150 || 5 || misc-activity || 0 || ET ATTACK_RESPONSE Possible /etc/passwd via SMTP (BSD style) || url,doc.emergingthreats.net/bin/view/Main/2003150
1 || 2003151 || 5 || trojan-activity || 0 || ET MALWARE Fun Web Products SmileyCentral IEsp2 Install || url,www.myfuncards.com || url,doc.emergingthreats.net/bin/view/Main/2003151
1 || 2003152 || 7 || misc-activity || 0 || ET WEB_SPECIFIC_APPS CutePHP CuteNews directory traversal vulnerability - show_archives || bugtraq,15295 || url,doc.emergingthreats.net/2003152
1 || 2003153 || 5 || trojan-activity || 0 || ET MALWARE Bestcount.net Spyware Exploit Download || url,reports.internic.net/cgi/whois?whois_nic=bestcount.net&type=domain || url,doc.emergingthreats.net/bin/view/Main/2003153
1 || 2003154 || 8 || trojan-activity || 0 || ET MALWARE Bestcount.net Spyware Data Upload || url,reports.internic.net/cgi/whois?whois_nic=bestcount.net&type=domain || url,doc.emergingthreats.net/bin/view/Main/2003154
1 || 2003155 || 4 || misc-activity || 0 || ET POLICY Microsoft TEREDO IPv6 tunneling || url,doc.emergingthreats.net/2003155
1 || 2003156 || 6 || attempted-recon || 0 || ET DELETED Crewbox Proxy Scan || url,doc.emergingthreats.net/2003156
1 || 2003157 || 10 || trojan-activity || 0 || ET TROJAN Agobot-SDBot Commands || url,doc.emergingthreats.net/2003157
1 || 2003158 || 11 || attempted-user || 0 || ET ACTIVEX Microsoft WMIScriptUtils.WMIObjectBroker object call CSLID || url,www.securityfocus.com/bid/20843 || url,secunia.com/advisories/22603 || cve,2006-4704 || url,www.microsoft.com/technet/security/bulletin/ms06-073.mspx || url,doc.emergingthreats.net/2003158
1 || 2003159 || 10 || attempted-user || 0 || ET ACTIVEX Microsoft VsmIDE.DTE object call CSLID || url,doc.emergingthreats.net/2003159
1 || 2003160 || 10 || attempted-user || 0 || ET ACTIVEX Microsoft DExplore.AppObj.8.0 object call CSLID || url,doc.emergingthreats.net/2003160
1 || 2003161 || 10 || attempted-user || 0 || ET ACTIVEX Microsoft VisualStudio.DTE.8.0 object call CSLID || url,doc.emergingthreats.net/2003161
1 || 2003162 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft Microsoft.DbgClr.DTE.8.0 object call CSLID || url,doc.emergingthreats.net/2003162
1 || 2003163 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft VsaIDE.DTE object call CSLID || url,doc.emergingthreats.net/2003163
1 || 2003164 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft Business Object Factory object call CSLID || url,doc.emergingthreats.net/2003164
1 || 2003165 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft Outlook Data Object object call CSLID || url,doc.emergingthreats.net/2003165
1 || 2003166 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft Outlook.Application object call CSLID || url,doc.emergingthreats.net/2003166
1 || 2003167 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS tikiwiki featured link XSS attempt || url,www.securityfocus.com/archive/1/450268/30/0 || url,doc.emergingthreats.net/2003167
1 || 2003168 || 7 || policy-violation || 0 || ET POLICY Winamp Streaming User Agent || url,doc.emergingthreats.net/2003168
1 || 2003170 || 4 || trojan-activity || 0 || ET DELETED Zango Spyware Activity || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003170
1 || 2003171 || 7 || attempted-recon || 0 || ET SCAN IBM NSA User Agent || url,ftp.inf.utfsm.cl/pub/Docs/IBM/Tivoli/pdfs/sg246021.pdf || url,doc.emergingthreats.net/2003171
1 || 2003173 || 7 || trojan-activity || 0 || ET SHELLCODE Possible UTF-8 encoded Shellcode Detected || url,doc.emergingthreats.net/bin/view/Main/2003173
1 || 2003174 || 8 || trojan-activity || 0 || ET SHELLCODE Possible UTF-16 encoded Shellcode Detected || url,doc.emergingthreats.net/bin/view/Main/2003174
1 || 2003175 || 5 || not-suspicious || 0 || ET TROJAN Warezov/Stration Challenge || url,www.sophos.com/security/analyses/w32strationbo.html || url,doc.emergingthreats.net/2003175
1 || 2003176 || 5 || trojan-activity || 0 || ET TROJAN Warezov/Stration Challenge Response || url,www.sophos.com/security/analyses/w32strationbo.html || url,doc.emergingthreats.net/2003176
1 || 2003179 || 10 || policy-violation || 0 || ET POLICY exe download without User Agent || url,doc.emergingthreats.net/2003179
1 || 2003180 || 11 || trojan-activity || 0 || ET TROJAN Possible Warezov/Stration Data Post to Controller || url,www.sophos.com/security/analyses/w32strationbo.html || url,doc.emergingthreats.net/2003180
1 || 2003182 || 11 || trojan-activity || 0 || ET DELETED Prg Trojan v0.1-v0.3 Data Upload || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2003182
1 || 2003183 || 5 || trojan-activity || 0 || ET TROJAN Prg Trojan Server Reply || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2003183
1 || 2003184 || 5 || trojan-activity || 0 || ET DELETED Prg Trojan v0.1 Binary In Transit || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2003184
1 || 2003185 || 5 || trojan-activity || 0 || ET DELETED Prg Trojan v0.2 Binary In Transit || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2003185
1 || 2003186 || 5 || trojan-activity || 0 || ET DELETED Prg Trojan v0.3 Binary In Transit || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2003186
1 || 2003187 || 5 || trojan-activity || 0 || ET TROJAN Win32.Lager Trojan Initial Checkin || url,www.viruslist.com/en/viruses/encyclopedia?virusid=87732 || url,doc.emergingthreats.net/2003187
1 || 2003188 || 5 || trojan-activity || 0 || ET TROJAN Win32.Lager Trojan Reporting || url,www.viruslist.com/en/viruses/encyclopedia?virusid=87732 || url,doc.emergingthreats.net/2003188
1 || 2003189 || 6 || trojan-activity || 0 || ET TROJAN Win32.Lager Trojan Reporting (gcu) || url,www.viruslist.com/en/viruses/encyclopedia?virusid=87732 || url,doc.emergingthreats.net/2003189
1 || 2003190 || 9 || trojan-activity || 0 || ET TROJAN Win32.Lager Trojan Reporting Spam || url,www.viruslist.com/en/viruses/encyclopedia?virusid=87732 || url,doc.emergingthreats.net/2003190
1 || 2003192 || 4 || attempted-dos || 0 || ET VOIP INVITE Message Flood TCP || url,doc.emergingthreats.net/2003192
1 || 2003193 || 5 || attempted-dos || 0 || ET VOIP REGISTER Message Flood TCP || url,doc.emergingthreats.net/2003193
1 || 2003194 || 6 || attempted-dos || 0 || ET VOIP Multiple Unauthorized SIP Responses TCP || url,doc.emergingthreats.net/2003194
1 || 2003195 || 5 || bad-unknown || 0 || ET POLICY Unusual number of DNS No Such Name Responses || url,doc.emergingthreats.net/2003195
1 || 2003196 || 7 || misc-attack || 0 || ET EXPLOIT FTP .message file write || url,www.milw0rm.com/exploits/2856 || url,doc.emergingthreats.net/bin/view/Main/2003196
1 || 2003197 || 6 || misc-attack || 0 || ET EXPLOIT ProFTPD .message file overflow attempt || url,www.milw0rm.com/exploits/2856 || url,doc.emergingthreats.net/bin/view/Main/2003197
1 || 2003198 || 4 || non-standard-protocol || 0 || ET EXPLOIT TFTP Invalid Mode in file Get || url,doc.emergingthreats.net/bin/view/Main/2003198
1 || 2003199 || 4 || non-standard-protocol || 0 || ET EXPLOIT TFTP Invalid Mode in file Put || url,doc.emergingthreats.net/bin/view/Main/2003199
1 || 2003200 || 10 || trojan-activity || 0 || ET DELETED User-Agent (MSIE XPSP2) || url,doc.emergingthreats.net/2003200
1 || 2003201 || 5 || trojan-activity || 0 || ET MALWARE Thespyguard.com Spyware Install || url,www.thespyguard.com || url,www.kliksoftware.com || url,doc.emergingthreats.net/bin/view/Main/2003201
1 || 2003202 || 7 || trojan-activity || 0 || ET MALWARE Thespyguard.com Spyware Update Check || url,www.kliksoftware.com || url,www.thespyguard.com || url,doc.emergingthreats.net/bin/view/Main/2003202
1 || 2003203 || 5 || trojan-activity || 0 || ET MALWARE Hitvirus Fake AV Install || url,www.kliksoftware.com || url,doc.emergingthreats.net/bin/view/Main/2003203
1 || 2003204 || 6 || trojan-activity || 0 || ET MALWARE Thespyguard.com Spyware Updating || url,www.kliksoftware.com || url,www.thespyguard.com || url,doc.emergingthreats.net/bin/view/Main/2003204
1 || 2003205 || 9 || trojan-activity || 0 || ET MALWARE User-Agent (Informer from RBC) || url,www.kliksoftware.com || url,doc.emergingthreats.net/bin/view/Main/2003205
1 || 2003208 || 13 || trojan-activity || 0 || ET TROJAN IRC pBot PHP Bot Commands || url,doc.emergingthreats.net/2003208
1 || 2003209 || 6 || trojan-activity || 0 || ET MALWARE Best-targeted-traffic.com Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2003209
1 || 2003210 || 6 || trojan-activity || 0 || ET MALWARE Best-targeted-traffic.com Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2003210
1 || 2003211 || 6 || trojan-activity || 0 || ET MALWARE Best-targeted-traffic.com Spyware Ping || url,doc.emergingthreats.net/bin/view/Main/2003211
1 || 2003214 || 5 || attempted-recon || 0 || ET POLICY Pingdom.com Monitoring detected || url,royal.pingdom.com/?p=46 || url,doc.emergingthreats.net/2003214
1 || 2003215 || 5 || attempted-recon || 0 || ET POLICY Pingdom.com Monitoring Node Active || url,royal.pingdom.com/?p=46 || url,doc.emergingthreats.net/2003215
1 || 2003217 || 8 || trojan-activity || 0 || ET MALWARE 180solutions (Zango) Spyware Installer Config 2 || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003217
1 || 2003218 || 6 || trojan-activity || 0 || ET MALWARE Conduit Connect Toolbar Message Download(Many report to be benign) || url,www.conduit.com || url,doc.emergingthreats.net/bin/view/Main/2003218
1 || 2003219 || 5 || trojan-activity || 0 || ET MALWARE Alexa Spyware Reporting || url,doc.emergingthreats.net/bin/view/Main/2003219
1 || 2003221 || 6 || trojan-activity || 0 || ET MALWARE MySearchNow.com Spyware || url,www.mysearchnow.com || url,doc.emergingthreats.net/bin/view/Main/2003221
1 || 2003222 || 7 || trojan-activity || 0 || ET MALWARE MyWebSearch Toolbar Receiving Config 2 || url,doc.emergingthreats.net/bin/view/Main/2003222
1 || 2003223 || 10 || trojan-activity || 0 || ET DELETED Zango-Hotbar User-Agent (zb-hb) || url,doc.emergingthreats.net/2003223
1 || 2003224 || 10 || trojan-activity || 0 || ET MALWARE Megaupload Spyware User-Agent (Megaupload) || url,www.budsinc.com || url,doc.emergingthreats.net/2003224
1 || 2003230 || 7 || attempted-user || 0 || ET WEB_CLIENT Microsoft IE FTP URL Arbitrary Command Injection || url,osvdb.org/12299 || cve,2004-1166 || url,doc.emergingthreats.net/bin/view/Main/2003230
1 || 2003231 || 10 || attempted-user || 0 || ET ACTIVEX ACTIVEX Possible Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution || url, osvdb.org/10705 || cve,2004-0216 || url,doc.emergingthreats.net/2003231
1 || 2003232 || 59 || attempted-user || 0 || ET ACTIVEX Possible Microsoft IE Install Engine Inseng.dll Arbitrary Code Execution (2) || url, osvdb.org/10705 || cve,2004-0216 || url,doc.emergingthreats.net/2003232
1 || 2003233 || 9 || attempted-user || 0 || ET ACTIVEX Possible Microsoft IE Shell.Application ActiveX Arbitrary Command Execution || url, osvdb.org/7913 || cve,2004-2291 || url,doc.emergingthreats.net/2003233
1 || 2003234 || 9 || attempted-user || 0 || ET ACTIVEX ACTIVEX Possible Microsoft IE Shell.Application ActiveX Arbitrary Command Execution (2) || url, osvdb.org/7913 || cve,2004-2291 || url,doc.emergingthreats.net/2003234
1 || 2003236 || 4 || attempted-dos || 0 || ET DOS NetrWkstaUserEnum Request with large Preferred Max Len || cve,2006-6723 || url,doc.emergingthreats.net/bin/view/Main/2003236
1 || 2003237 || 8 || attempted-user || 0 || ET VOIP MultiTech SIP UDP Overflow || cve,2005-4050 || url,doc.emergingthreats.net/2003237
1 || 2003238 || 8 || trojan-activity || 0 || ET TROJAN W32.Downloader Tibs.jy Reporting to C&C || url,doc.emergingthreats.net/2003238
1 || 2003239 || 5 || trojan-activity || 0 || ET TROJAN W32.Downloader Tibs.jy Reporting to C&C (2) || url,doc.emergingthreats.net/2003239
1 || 2003240 || 5 || trojan-activity || 0 || ET MALWARE New.net Spyware updating || url,www.new.net || url,doc.emergingthreats.net/bin/view/Main/2003240
1 || 2003241 || 6 || trojan-activity || 0 || ET MALWARE New.net Spyware Checkin || url,www.new.net || url,doc.emergingthreats.net/bin/view/Main/2003241
1 || 2003242 || 10 || trojan-activity || 0 || ET DELETED Websearch.com Cab Download || mcafee,131461 || url,doc.emergingthreats.net/bin/view/Main/2003242
1 || 2003243 || 12 || trojan-activity || 0 || ET MALWARE User-Agent (Download Agent) Possibly Related to TrinityAcquisitions.com || url,doc.emergingthreats.net/bin/view/Main/2003243
1 || 2003244 || 3 || trojan-activity || 0 || ET TROJAN HackerDefender.HE Root Kit Control Connection || url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html || url,doc.emergingthreats.net/2003244
1 || 2003245 || 3 || trojan-activity || 0 || ET TROJAN HackerDefender.HE Root Kit Control Connection Reply || url,securityresponse.symantec.com/avcenter/venc/data/backdoor.hackdefender.html || url,doc.emergingthreats.net/2003245
1 || 2003250 || 4 || attempted-admin || 0 || ET EXPLOIT Symantec Remote Management RTVScan Exploit || cve,2006-3455 || url,research.eeye.com/html/advisories/published/AD20060612.html || url,doc.emergingthreats.net/bin/view/Main/2003250
1 || 2003251 || 7 || trojan-activity || 0 || ET MALWARE SpySheriff Intial Phone Home || url,vil.nai.com/vil/content/v_135033.htm || url,doc.emergingthreats.net/bin/view/Main/2003251
1 || 2003253 || 5 || policy-violation || 0 || ET MALWARE MarketScore Spyware Uploading Data || url,www.marketscore.com || url,www.spysweeper.com/remove-marketscore.html || url,doc.emergingthreats.net/bin/view/Main/2003253
1 || 2003254 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 25 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003254
1 || 2003255 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 25 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003255
1 || 2003256 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 25 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003256
1 || 2003257 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 25 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003257
1 || 2003258 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 DNS Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003258
1 || 2003259 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 DNS Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003259
1 || 2003260 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 HTTP Proxy Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003260
1 || 2003261 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 HTTP Proxy Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003261
1 || 2003262 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 HTTP Proxy Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003262
1 || 2003263 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 HTTP Proxy Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003263
1 || 2003266 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 443 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003266
1 || 2003267 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 443 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003267
1 || 2003268 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 443 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003268
1 || 2003269 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 443 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003269
1 || 2003270 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 5190 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003270
1 || 2003271 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 5190 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003271
1 || 2003272 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 5190 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003272
1 || 2003273 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 5190 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003273
1 || 2003274 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 1863 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003274
1 || 2003275 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 1863 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003275
1 || 2003276 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 1863 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003276
1 || 2003277 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 1863 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003277
1 || 2003278 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 5050 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003278
1 || 2003279 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Port 5050 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003279
1 || 2003280 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 5050 Inbound Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003280
1 || 2003281 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Port 5050 Inbound Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003281
1 || 2003284 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 IPv6 Inbound Connect Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003284
1 || 2003285 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 IPv6 Inbound Connect Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003285
1 || 2003286 || 7 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 UDP Proxy Inbound Connect Request (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003286
1 || 2003287 || 6 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 UDP Proxy Inbound Connect Request (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003287
1 || 2003288 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Bind Inbound (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003288
1 || 2003289 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv4 Bind Inbound (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003289
1 || 2003290 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Bind Inbound (Linux Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003290
1 || 2003291 || 5 || protocol-command-decode || 0 || ET MALWARE SOCKSv5 Bind Inbound (Windows Source) || url,handlers.sans.org/wsalusky/rants/ || url,en.wikipedia.org/wiki/SOCKS || url,ss5.sourceforge.net/socks4.protocol.txt || url,ss5.sourceforge.net/socks4A.protocol.txt || url,www.ietf.org/rfc/rfc1928.txt || url,www.ietf.org/rfc/rfc1929.txt || url,www.ietf.org/rfc/rfc1961.txt || url,www.ietf.org/rfc/rfc3089.txt || url,doc.emergingthreats.net/bin/view/Main/2003291
1 || 2003292 || 7 || trojan-activity || 0 || ET WORM Allaple ICMP Sweep Ping Outbound || url,www.sophos.com/virusinfo/analyses/w32allapleb.html || url,isc.sans.org/diary.html?storyid=2451 || url,doc.emergingthreats.net/2003292
1 || 2003293 || 9 || trojan-activity || 0 || ET WORM Allaple ICMP Sweep Reply Inbound || url,www.sophos.com/virusinfo/analyses/w32allapleb.html || url,isc.sans.org/diary.html?storyid=2451 || url,doc.emergingthreats.net/2003293
1 || 2003294 || 6 || trojan-activity || 0 || ET WORM Allaple ICMP Sweep Ping Inbound || url,www.sophos.com/virusinfo/analyses/w32allapleb.html || url,isc.sans.org/diary.html?storyid=2451 || url,doc.emergingthreats.net/2003294
1 || 2003295 || 8 || trojan-activity || 0 || ET WORM Allaple ICMP Sweep Reply Outbound || url,www.sophos.com/virusinfo/analyses/w32allapleb.html || url,isc.sans.org/diary.html?storyid=2451 || url,doc.emergingthreats.net/2003295
1 || 2003296 || 6 || trojan-activity || 0 || ET TROJAN Possible Web-based DDoS-command being issued || url,doc.emergingthreats.net/2003296
1 || 2003297 || 5 || trojan-activity || 0 || ET MALWARE Travel Update Spyware || url,doc.emergingthreats.net/bin/view/Main/2003297
1 || 2003298 || 5 || trojan-activity || 0 || ET MALWARE KMIP.net Spyware || url,www.kmip.net || url,doc.emergingthreats.net/bin/view/Main/2003298
1 || 2003302 || 8 || misc-activity || 0 || ET TROJAN psyBNC IRC Server Connection || url,en.wikipedia.org/wiki/PsyBNC || url,doc.emergingthreats.net/2003302
1 || 2003303 || 3 || misc-activity || 0 || ET POLICY FTP Login Attempt (non-anonymous) || url,doc.emergingthreats.net/2003303
1 || 2003304 || 5 || trojan-activity || 0 || ET MALWARE Effectivebrands.com Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2003304
1 || 2003305 || 10 || trojan-activity || 0 || ET DELETED Zango-Hotbar User-Agent (zbu-hb-) || url,doc.emergingthreats.net/2003305
1 || 2003306 || 8 || trojan-activity || 0 || ET MALWARE 180solutions Spyware (tracked event 2 reporting) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003306
1 || 2003307 || 5 || policy-violation || 0 || ET MALWARE Comet Systems Spyware Cursor DL || url,doc.emergingthreats.net/bin/view/Main/2003307
1 || 2003308 || 4 || policy-violation || 0 || ET P2P Edonkey IP Request || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003308
1 || 2003309 || 4 || policy-violation || 0 || ET P2P Edonkey IP Reply || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003309
1 || 2003310 || 3 || policy-violation || 0 || ET P2P Edonkey Publicize File || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003310
1 || 2003311 || 3 || policy-violation || 0 || ET P2P Edonkey Publicize File ACK || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003311
1 || 2003312 || 3 || policy-violation || 0 || ET P2P Edonkey Connect Request || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003312
1 || 2003313 || 3 || policy-violation || 0 || ET P2P Edonkey Connect Reply and Server List || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003313
1 || 2003314 || 3 || policy-violation || 0 || ET P2P Edonkey Search Request (by file hash) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003314
1 || 2003315 || 3 || policy-violation || 0 || ET P2P Edonkey Search Reply || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003315
1 || 2003316 || 3 || policy-violation || 0 || ET P2P Edonkey IP Query End || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003316
1 || 2003317 || 3 || policy-violation || 0 || ET P2P Edonkey Search Request (any type file) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003317
1 || 2003318 || 3 || policy-violation || 0 || ET P2P Edonkey Get Sources Request (by hash) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003318
1 || 2003319 || 3 || policy-violation || 0 || ET P2P Edonkey Search Request (search by name) || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003319
1 || 2003320 || 3 || policy-violation || 0 || ET P2P Edonkey Search Results || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003320
1 || 2003321 || 5 || policy-violation || 0 || ET P2P Edonkey Server Message || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003321
1 || 2003322 || 4 || policy-violation || 0 || ET P2P Edonkey Server List || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003322
1 || 2003323 || 4 || policy-violation || 0 || ET P2P Edonkey Client to Server Hello || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003323
1 || 2003324 || 3 || policy-violation || 0 || ET P2P Edonkey Server Status || url,www.giac.org/certified_professionals/practicals/gcih/0446.php || url,doc.emergingthreats.net/bin/view/Main/2003324
1 || 2003325 || 4 || policy-violation || 0 || ET POLICY SMTP Executable attachment || url,doc.emergingthreats.net/2003325
1 || 2003326 || 7 || attempted-admin || 0 || ET WEB_CLIENT Apple Quicktime RTSP Overflow (1) || cve,2007-0015 || bugtraq,21829 || url,doc.emergingthreats.net/2003326
1 || 2003327 || 7 || attempted-admin || 0 || ET WEB_CLIENT Apple Quicktime RTSP Overflow (2) || cve,2007-0015 || bugtraq,21829 || url,doc.emergingthreats.net/2003327
1 || 2003328 || 9 || web-application-attack || 0 || ET ACTIVEX NCTAudioFile2 ActiveX SetFormatLikeSample() Buffer Overflow || cve,2007-0018 || url,secunia.com/advisories/23475/ || url,doc.emergingthreats.net/2003328
1 || 2003329 || 6 || attempted-user || 0 || ET VOIP Centrality IP Phone (PA-168 Chipset) Session Hijacking || url,www.milw0rm.com/exploits/3189 || url,doc.emergingthreats.net/bin/view/Main/2003329 || cve,2007-0528
1 || 2003330 || 6 || bad-unknown || 0 || ET POLICY Possible Spambot Host DNS MX Query High Count || url,doc.emergingthreats.net/2003330
1 || 2003331 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Generic membreManager.php remote file include || bugtraq,22287 || url,doc.emergingthreats.net/2003331
1 || 2003332 || 5 || web-application-attack || 0 || ET EXPLOIT GuppY error.php POST Arbitrary Remote Code Execution || bugtraq,15609 || url,doc.emergingthreats.net/bin/view/Main/2003332
1 || 2003333 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Gnopaster Common.php remote file include || bugtraq,18180 || url,doc.emergingthreats.net/2003333
1 || 2003334 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti cmd.php Remote Arbitrary SQL Command Execution Attempt || cve,CVE-2006-6799 || bugtraq,21799 || url,doc.emergingthreats.net/2003334
1 || 2003335 || 10 || trojan-activity || 0 || ET USER_AGENTS 2search.org User Agent (2search) || url,doc.emergingthreats.net/2003335
1 || 2003336 || 14 || trojan-activity || 0 || ET MALWARE AntiVermins.com Fake Antispyware Package User-Agent (AntiVerminser) || url,doc.emergingthreats.net/2003336
1 || 2003337 || 14 || trojan-activity || 0 || ET MALWARE Suspicious User Agent (Autoupdate) || url,doc.emergingthreats.net/bin/view/Main/2003337
1 || 2003340 || 5 || policy-violation || 0 || ET MALWARE Baidu.com Spyware Bar Reporting || url,www.pctools.com/mrc/infections/id/BaiDu/ || url,doc.emergingthreats.net/bin/view/Main/2003340
1 || 2003341 || 5 || policy-violation || 0 || ET MALWARE Baidu.com Spyware Bar Pulling Content || url,www.pctools.com/mrc/infections/id/BaiDu/ || url,doc.emergingthreats.net/bin/view/Main/2003341
1 || 2003344 || 5 || trojan-activity || 0 || ET MALWARE Trinityacquisitions.com and Maximumexperience.com Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2003344
1 || 2003345 || 10 || trojan-activity || 0 || ET MALWARE User-Agent (Download UBAgent) - lop.com and other spyware || url,www.spywareinfo.com/articles/lop/ || url,doc.emergingthreats.net/2003345
1 || 2003346 || 10 || trojan-activity || 0 || ET MALWARE Errorsafe.com Fake antispyware User-Agent (ErrorSafe Updater) || url,doc.emergingthreats.net/2003346
1 || 2003347 || 10 || trojan-activity || 0 || ET MALWARE Gamehouse.com User-Agent (GAMEHOUSE.NET.URL) || url,doc.emergingthreats.net/2003347
1 || 2003348 || 5 || trojan-activity || 0 || ET MALWARE Gamehouse.com Activity || url,www.gamehouse.com || url,doc.emergingthreats.net/bin/view/Main/2003348
1 || 2003351 || 6 || trojan-activity || 0 || ET MALWARE MyGlobalSearch Spyware bar update || url,doc.emergingthreats.net/bin/view/Main/2003351
1 || 2003352 || 6 || trojan-activity || 0 || ET MALWARE MyGlobalSearch Spyware bar update 2 || url,doc.emergingthreats.net/bin/view/Main/2003352
1 || 2003353 || 5 || trojan-activity || 0 || ET MALWARE Winferno Registry Fix Spyware Download || url,doc.emergingthreats.net/bin/view/Main/2003353
1 || 2003354 || 5 || trojan-activity || 0 || ET MALWARE Yourscreen.com Spyware Download || url,doc.emergingthreats.net/bin/view/Main/2003354
1 || 2003355 || 10 || trojan-activity || 0 || ET MALWARE Yourscreen.com Spyware User-Agent (FreezeInet) || url,doc.emergingthreats.net/2003355
1 || 2003356 || 5 || trojan-activity || 0 || ET MALWARE Freeze.com Spyware Download || url,doc.emergingthreats.net/bin/view/Main/2003356
1 || 2003358 || 5 || trojan-activity || 0 || ET MALWARE Catchonlife.com Spyware || url,doc.emergingthreats.net/bin/view/Main/2003358
1 || 2003360 || 5 || trojan-activity || 0 || ET MALWARE Effectivebrands.com Spyware Checkin 2 || url,doc.emergingthreats.net/bin/view/Main/2003360
1 || 2003362 || 5 || policy-violation || 0 || ET MALWARE Freeze.com Spyware/Adware (Pulling Ads) || url,doc.emergingthreats.net/bin/view/Main/2003362
1 || 2003363 || 10 || trojan-activity || 0 || ET DELETED Spamblockerutility.com-Hotbar User Agent (sbu-hb-) || url,doc.emergingthreats.net/2003363
1 || 2003364 || 5 || trojan-activity || 0 || ET MALWARE Hotbar Agent Adopt/Zango || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2003364
1 || 2003365 || 10 || trojan-activity || 0 || ET MALWARE Hotbar Zango Toolbar Spyware User Agent (ZangoToolbar ) || url,doc.emergingthreats.net/2003365
1 || 2003369 || 3 || attempted-admin || 0 || ET EXPLOIT CA BrightStor ARCserve Mobile Backup LGSERVER.EXE Heap Corruption || cve,2007-0449 || url,doc.emergingthreats.net/bin/view/Main/2003369
1 || 2003370 || 3 || attempted-dos || 0 || ET EXPLOIT Computer Associates Brightstor ARCServer Backup RPC Server (Catirpc.dll) DoS || url,www.milw0rm.com/exploits/3248 || url,doc.emergingthreats.net/bin/view/Main/2003370
1 || 2003371 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Portail Includes.php remote file include || bugtraq,22361 || url,doc.emergingthreats.net/2003371
1 || 2003372 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEventMan remote file include || bugtraq,22358 || url,doc.emergingthreats.net/2003372
1 || 2003375 || 5 || trojan-activity || 0 || ET MALWARE Spy-Not.com Spyware Pulling Fake Sigs || url,doc.emergingthreats.net/bin/view/Main/2003375
1 || 2003376 || 5 || trojan-activity || 0 || ET MALWARE Instafinder.com spyware || url,doc.emergingthreats.net/bin/view/Main/2003376
1 || 2003377 || 5 || trojan-activity || 0 || ET MALWARE Spy-Not.com Spyware Updating || url,doc.emergingthreats.net/bin/view/Main/2003377
1 || 2003378 || 3 || attempted-admin || 0 || ET EXPLOIT Computer Associates Mobile Backup Service LGSERVER.EXE Stack Overflow || url,www.milw0rm.com/exploits/3244 || url,doc.emergingthreats.net/bin/view/Main/2003378
1 || 2003379 || 3 || attempted-dos || 0 || ET EXPLOIT Computer Associates BrightStor ARCserve Backup for Laptops LGServer.exe DoS || url,www.securityfocus.com/archive/1/archive/1/458650/100/0/threaded || url,doc.emergingthreats.net/bin/view/Main/2003379
1 || 2003380 || 10 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (ver18/ver19, etc) || url,doc.emergingthreats.net/2003380
1 || 2003381 || 6 || not-suspicious || 0 || ET POLICY McAfee Update User Agent (McAfee AutoUpdate) || url,doc.emergingthreats.net/2003381
1 || 2003383 || 12 || trojan-activity || 0 || ET MALWARE Hotbar Tools Spyware User-Agent (hbtools) || url,doc.emergingthreats.net/2003383
1 || 2003384 || 10 || trojan-activity || 0 || ET MALWARE SpamBlockerUtility Fake Anti-Spyware User-Agent (SpamBlockerUtility x.x.x) || url,doc.emergingthreats.net/2003384
1 || 2003385 || 11 || trojan-activity || 0 || ET USER_AGENTS sgrunt Dialer User Agent (sgrunt) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453096347 || url,doc.emergingthreats.net/2003385
1 || 2003387 || 11 || trojan-activity || 0 || ET MALWARE dialno Dialer User-Agent (dialno) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453096347 || url,doc.emergingthreats.net/2003387
1 || 2003388 || 5 || trojan-activity || 0 || ET MALWARE Hotbar Keywords Download || url,www.hotbar.com || url,doc.emergingthreats.net/bin/view/Main/2003388
1 || 2003389 || 6 || policy-violation || 0 || ET MALWARE WhenUClick.com Application Version Check || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2003389
1 || 2003390 || 5 || trojan-activity || 0 || ET MALWARE SurfAccuracy.com Spyware Updating || url,www.symantec.com/security_response/writeup.jsp?docid=2005-062716-0109-99 || url,doc.emergingthreats.net/bin/view/Main/2003390
1 || 2003391 || 5 || trojan-activity || 0 || ET MALWARE SurfAccuracy.com Spyware Pulling Ads || url,www.symantec.com/security_response/writeup.jsp?docid=2005-062716-0109-99 || url,doc.emergingthreats.net/bin/view/Main/2003391
1 || 2003394 || 8 || trojan-activity || 0 || ET USER_AGENTS User Agent Containing http Suspicious - Likely Spyware/Trojan || url,doc.emergingthreats.net/bin/view/Main/2003394
1 || 2003396 || 12 || trojan-activity || 0 || ET MALWARE Mysearch.com/Morpheus Bar Spyware User-Agent (Morpheus) || url,doc.emergingthreats.net/2003396
1 || 2003397 || 12 || trojan-activity || 0 || ET MALWARE Zango Seekmo Bar Spyware User-Agent (Seekmo Toolbar)
1 || 2003398 || 11 || trojan-activity || 0 || ET MALWARE Morpheus Spyware Install User-Agent (SmartInstaller) || url,doc.emergingthreats.net/2003398
1 || 2003399 || 9 || trojan-activity || 0 || ET MALWARE Spyhealer Fake Anti-Spyware Install User-Agent (SpyHealer) || url,doc.emergingthreats.net/2003399
1 || 2003400 || 4 || web-application-attack || 0 || ET EXPLOIT US-ASCII Obfuscated script || url,www.internetdefence.net/2007/02/06/Javascript-payload || cve,2006-3227 || url,www.securityfocus.com/archive/1/437948/30/0/threaded || url,doc.emergingthreats.net/bin/view/Main/2003400
1 || 2003401 || 5 || web-application-attack || 0 || ET EXPLOIT US-ASCII Obfuscated VBScript download file || url,www.internetdefence.net/2007/02/06/Javascript-payload || cve,2006-3227 || url,www.securityfocus.com/archive/1/437948/30/0/threaded || url,doc.emergingthreats.net/bin/view/Main/2003401
1 || 2003402 || 5 || web-application-attack || 0 || ET EXPLOIT US-ASCII Obfuscated VBScript execute command || url,www.internetdefence.net/2007/02/06/Javascript-payload || cve,2006-3227 || url,www.securityfocus.com/archive/1/437948/30/0/threaded || url,doc.emergingthreats.net/bin/view/Main/2003402
1 || 2003403 || 4 || web-application-attack || 0 || ET EXPLOIT US-ASCII Obfuscated VBScript || url,www.internetdefence.net/2007/02/06/Javascript-payload || cve,2006-3227 || url,www.securityfocus.com/archive/1/437948/30/0/threaded || url,doc.emergingthreats.net/bin/view/Main/2003403
1 || 2003404 || 6 || policy-violation || 0 || ET MALWARE WhenUClick.com WhenUSave Data Retrieval (DataChunksGZ) || url,www.whenusearch.com || url,www.kephyr.com/spywarescanner/library/whenusearch/index.phtml || url,doc.emergingthreats.net/bin/view/Main/2003404
1 || 2003405 || 10 || trojan-activity || 0 || ET MALWARE Freeze.com Spyware User-Agent (YourScreen123) || url,doc.emergingthreats.net/2003405
1 || 2003406 || 10 || trojan-activity || 0 || ET MALWARE Mysearch.com Spyware User-Agent (iMeshBar) || url,doc.emergingthreats.net/2003406
1 || 2003407 || 9 || trojan-activity || 0 || ET MALWARE searchenginebar.com Spyware User-Agent (RX Bar) || url,doc.emergingthreats.net/2003407
1 || 2003408 || 7 || trojan-activity || 0 || ET DELETED Zhelatin Variant Checkin || url,doc.emergingthreats.net/2003408
1 || 2003409 || 5 || trojan-activity || 0 || ET DELETED Majestic-12 Spider Bot User-Agent (MJ12bot) || url,www.majestic12.co.uk/ || url,doc.emergingthreats.net/2003409
1 || 2003410 || 9 || misc-activity || 0 || ET POLICY FTP Login Successful || url,doc.emergingthreats.net/2003410
1 || 2003411 || 8 || attempted-user || 0 || ET EXPLOIT Solaris telnet USER environment vuln Attack inbound || url,riosec.com/solaris-telnet-0-day || url,isc.sans.org/diary.html?n&storyid=2220 || url,doc.emergingthreats.net/bin/view/Main/2003411 || cve,2007-0882
1 || 2003412 || 4 || attempted-user || 0 || ET EXPLOIT Solaris telnet USER environment vuln Attack outbound || url,riosec.com/solaris-telnet-0-day || url,isc.sans.org/diary.html?n&storyid=2220 || url,doc.emergingthreats.net/bin/view/Main/2003412 || cve,2007-0882
1 || 2003414 || 5 || trojan-activity || 0 || ET MALWARE Epilot.com Spyware Reporting || url,www.intermute.com/spysubtract/researchcenter/ClientMan.html || url,doc.emergingthreats.net/bin/view/Main/2003414
1 || 2003416 || 5 || trojan-activity || 0 || ET MALWARE Epilot.com Spyware Reporting Clicks || url,www.intermute.com/spysubtract/researchcenter/ClientMan.html || url,doc.emergingthreats.net/bin/view/Main/2003416
1 || 2003417 || 5 || trojan-activity || 0 || ET MALWARE CNSMIN (3721.com) Spyware Activity || url,www.spyany.com/program/article_spy_rm_CnsMin.html || url,doc.emergingthreats.net/bin/view/Main/2003417
1 || 2003418 || 5 || trojan-activity || 0 || ET MALWARE CNSMIN (3721.com) Spyware Activity 2 || url,www.spyany.com/program/article_spy_rm_CnsMin.html || url,doc.emergingthreats.net/bin/view/Main/2003418
1 || 2003419 || 5 || trojan-activity || 0 || ET MALWARE CNSMIN (3721.com) Spyware Activity 3 || url,www.spyany.com/program/article_spy_rm_CnsMin.html || url,doc.emergingthreats.net/bin/view/Main/2003419
1 || 2003420 || 5 || trojan-activity || 0 || ET POLICY Weatherbug Activity || url,doc.emergingthreats.net/bin/view/Main/2003420
1 || 2003421 || 5 || trojan-activity || 0 || ET DELETED Weatherbug Design60 Upload Activity || url,doc.emergingthreats.net/bin/view/Main/2003421
1 || 2003422 || 5 || trojan-activity || 0 || ET POLICY Weatherbug Command Activity || url,doc.emergingthreats.net/bin/view/Main/2003422
1 || 2003423 || 4 || trojan-activity || 0 || ET DELETED Weatherbug Design60 Upload Activity || url,doc.emergingthreats.net/bin/view/Main/2003423
1 || 2003424 || 5 || trojan-activity || 0 || ET DELETED Sality Trojan Web Update || url,www.sophos.com/security/analyses/w32salityu.html || url,doc.emergingthreats.net/2003424
1 || 2003425 || 11 || trojan-activity || 0 || ET MALWARE clickspring.com Spyware Install User-Agent (CS Fingerprint Module) || url,doc.emergingthreats.net/2003425
1 || 2003426 || 5 || trojan-activity || 0 || ET MALWARE Outerinfo.com Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2003426
1 || 2003428 || 11 || trojan-activity || 0 || ET MALWARE Surfaccuracy.com Spyware Install User-Agent (SF Installer) || url,doc.emergingthreats.net/2003428
1 || 2003429 || 12 || trojan-activity || 0 || ET MALWARE xxxtoolbar.com Spyware Install User-Agent || url,doc.emergingthreats.net/2003429
1 || 2003431 || 6 || trojan-activity || 0 || ET TROJAN Unnamed Generic.Malware http get || url,doc.emergingthreats.net/2003431
1 || 2003432 || 5 || trojan-activity || 0 || ET DELETED Nukebot related infection - Unique HTTP get request || url,www.websense.com/securitylabs/alerts/alert.php?AlertID=743 || url,doc.emergingthreats.net/2003432
1 || 2003433 || 5 || trojan-activity || 0 || ET DELETED Nukebot Checkin || url,www.websense.com/securitylabs/alerts/alert.php?AlertID=743 || url,doc.emergingthreats.net/2003433
1 || 2003434 || 3 || attempted-admin || 0 || ET EXPLOIT Trend Micro Web Interface Auth Bypass Vulnerable Cookie Attempt || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=477 || url,www.trendmicro.com/download/product.asp?productid=20 || url,doc.emergingthreats.net/bin/view/Main/2003434
1 || 2003435 || 4 || trojan-activity || 0 || ET TROJAN Stormy Variant HTTP Request || url,doc.emergingthreats.net/2003435
1 || 2003436 || 5 || trojan-activity || 0 || ET TROJAN Warezov/Stration Communicating with Controller 2 || url,www.sophos.com/security/analyses/w32strationbo.html || url,www.avira.com/en/threats/section/fulldetails/id_vir/3242/tr_dldr.warezov.df.html || url,doc.emergingthreats.net/2003436
1 || 2003437 || 7 || policy-violation || 0 || ET P2P Ares over UDP || url,doc.emergingthreats.net/bin/view/Main/2003437
1 || 2003438 || 5 || trojan-activity || 0 || ET MALWARE Abcsearch.com Spyware Reporting || url,doc.emergingthreats.net/bin/view/Main/2003438
1 || 2003439 || 10 || trojan-activity || 0 || ET MALWARE Dropspam.com Spyware Install User-Agent (DSInstall) || url,doc.emergingthreats.net/2003439
1 || 2003440 || 5 || trojan-activity || 0 || ET MALWARE Dropspam.com Spyware Reporting || url,doc.emergingthreats.net/bin/view/Main/2003440
1 || 2003441 || 10 || trojan-activity || 0 || ET MALWARE Webbuying.net Spyware Install User-Agent (wbi_v0.90) || url,doc.emergingthreats.net/2003441
1 || 2003442 || 5 || trojan-activity || 0 || ET MALWARE Webbuying.net Spyware Installing || url,doc.emergingthreats.net/bin/view/Main/2003442
1 || 2003444 || 5 || policy-violation || 0 || ET MALWARE Deskwizz.com Spyware Install Code Download || url,doc.emergingthreats.net/bin/view/Main/2003444
1 || 2003445 || 5 || policy-violation || 0 || ET MALWARE Deskwizz.com Spyware Install INI Download || url,doc.emergingthreats.net/bin/view/Main/2003445
1 || 2003446 || 8 || policy-violation || 0 || ET MALWARE Adware Command Client Checkin || url,www.nuker.com/container/details/adware_command.php || url,doc.emergingthreats.net/bin/view/Main/2003446
1 || 2003449 || 10 || trojan-activity || 0 || ET USER_AGENTS Webbuying.net Spyware Install User-Agent 2 (wb v1.6.4) || url,doc.emergingthreats.net/2003449
1 || 2003450 || 5 || policy-violation || 0 || ET MALWARE Specificclick.net Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2003450
1 || 2003451 || 5 || policy-violation || 0 || ET MALWARE K8l.info Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2003451
1 || 2003453 || 6 || policy-violation || 0 || ET DELETED Netvacy.com Anonymizing Proxy Access || url,doc.emergingthreats.net/2003453
1 || 2003454 || 5 || policy-violation || 0 || ET POLICY Yahoo 360 Social Site Access || url,doc.emergingthreats.net/2003454
1 || 2003455 || 4 || policy-violation || 0 || ET POLICY Hi5.com Social Site Access || url,doc.emergingthreats.net/2003455
1 || 2003457 || 5 || policy-violation || 0 || ET POLICY Metacafe.com Social Site Access || url,doc.emergingthreats.net/2003457
1 || 2003458 || 4 || policy-violation || 0 || ET POLICY Orkut.com Social Site Access || url,doc.emergingthreats.net/2003458
1 || 2003462 || 5 || trojan-activity || 0 || ET MALWARE CoolDeskAlert Spyware Activity || url,cooldeskalert.com || url,www.benedelman.org/spyware/images/bannerfarms-ad_w_a_r_e-globalstore-log-061006.html || url,doc.emergingthreats.net/bin/view/Main/2003462
1 || 2003463 || 17 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (Toolbar) Possibly Malware/Spyware || url,doc.emergingthreats.net/bin/view/Main/2003463
1 || 2003464 || 5 || trojan-activity || 0 || ET ATTACK_RESPONSE Unusual FTP Server Banner (warFTPd) || url,www.warftp.org || url,doc.emergingthreats.net/bin/view/Main/2003464
1 || 2003465 || 5 || trojan-activity || 0 || ET ATTACK_RESPONSE Unusual FTP Server Banner (freeFTPd) || url,www.freeftp.com || url,doc.emergingthreats.net/bin/view/Main/2003465
1 || 2003466 || 13 || web-application-attack || 0 || ET WEB_SERVER PHP Attack Tool Morfeus F Scanner || url,www.webmasterworld.com/search_engine_spiders/3227720.htm || url,doc.emergingthreats.net/2003466
1 || 2003468 || 11 || trojan-activity || 0 || ET MALWARE Oemji Spyware User-Agent (Oemji) || url,doc.emergingthreats.net/2003468
1 || 2003469 || 7 || policy-violation || 0 || ET POLICY AOL Toolbar User-Agent (AOLToolbar) || url,doc.emergingthreats.net/bin/view/Main/2003469
1 || 2003470 || 10 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (Updater) || url,doc.emergingthreats.net/2003470
1 || 2003471 || 7 || trojan-activity || 0 || ET DELETED Winsoftware.com Spyware Activity || url,doc.emergingthreats.net/bin/view/Main/2003471
1 || 2003472 || 5 || trojan-activity || 0 || ET MALWARE DelFin Project Spyware (setup-alt) || url,doc.emergingthreats.net/bin/view/Main/2003472
1 || 2003473 || 5 || trojan-activity || 0 || ET MALWARE DelFin Project Spyware (payload-alt) || url,doc.emergingthreats.net/bin/view/Main/2003473
1 || 2003474 || 6 || attempted-dos || 0 || ET VOIP Asterisk Register with no URI or Version DOS Attempt || url,labs.musecurity.com/advisories/MU-200703-01.txt || url,tools.ietf.org/html/rfc3261 || url,doc.emergingthreats.net/2003474
1 || 2003475 || 8 || trojan-activity || 0 || ET P2P ABC Torrent User-Agent (ABC/ABC-3.1.0) || url,pingpong-abc.sourceforge.net || url,doc.emergingthreats.net/bin/view/Main/2003475
1 || 2003476 || 9 || trojan-activity || 0 || ET MALWARE Virusblast.com Fake AV/Anti-Spyware User-Agent (ad-protect) || url,spywarewarrior.com/rogue_anti-spyware.htm || url,www.virusblast.com || url,doc.emergingthreats.net/2003476
1 || 2003477 || 9 || trojan-activity || 0 || ET MALWARE Terminexor.com Spyware User-Agent (DInstaller2) || url,www.terminexor.com || url,netrn.net/spywareblog/archives/2004/12/23/more-rip-off-ware-terminexor || url,doc.emergingthreats.net/2003477
1 || 2003478 || 9 || trojan-activity || 0 || ET MALWARE Errornuker.com Fake Anti-Spyware User-Agent (ERRORNUKER) || url,www.spywarewarrior.com/rogue_anti-spyware.htm || url,www.errornuker.com || url,doc.emergingthreats.net/2003478
1 || 2003479 || 4 || not-suspicious || 0 || ET POLICY Radmin Remote Control Session Setup Initiate || url,www.radmin.com || url,doc.emergingthreats.net/2003479
1 || 2003480 || 4 || not-suspicious || 0 || ET POLICY Radmin Remote Control Session Setup Response || url,www.radmin.com || url,doc.emergingthreats.net/2003480
1 || 2003481 || 4 || not-suspicious || 0 || ET POLICY Radmin Remote Control Session Authentication Initiate || url,www.radmin.com || url,doc.emergingthreats.net/2003481
1 || 2003482 || 4 || not-suspicious || 0 || ET POLICY Radmin Remote Control Session Authentication Response || url,www.radmin.com || url,doc.emergingthreats.net/2003482
1 || 2003484 || 9 || trojan-activity || 0 || ET WORM Allaple Unique HTTP Request - Possibly part of DDOS || url,doc.emergingthreats.net/2003484 || url,isc.sans.org/diary.html?storyid=2451
1 || 2003486 || 10 || trojan-activity || 0 || ET USER_AGENTS Drivecleaner.com Spyware User-Agent (DriveCleaner Updater) || url,www.drivecleaner.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=DriveCleaner&threatid=44533 || url,doc.emergingthreats.net/2003486
1 || 2003489 || 11 || trojan-activity || 0 || ET MALWARE malwarewipeupdate.com Spyware User-Agent (MalwareWipe) || url,www.malwarewipeupdate.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=MalwareWipe&threatid=43086 || url,doc.emergingthreats.net/2003489
1 || 2003490 || 8 || trojan-activity || 0 || ET MALWARE Mirar Spyware User-Agent (Mirar_KeywordContent) || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453078818 || url,doc.emergingthreats.net/2003490
1 || 2003492 || 14 || trojan-activity || 0 || ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) || url,doc.emergingthreats.net/2003492
1 || 2003493 || 10 || trojan-activity || 0 || ET MALWARE AskSearch Spyware User-Agent (AskSearchAssistant) || url,doc.emergingthreats.net/2003493
1 || 2003494 || 15 || policy-violation || 0 || ET DELETED AskSearch Toolbar Spyware User-Agent (AskTBar) || url,doc.emergingthreats.net/2003494
1 || 2003495 || 11 || trojan-activity || 0 || ET DELETED HSN.com Toolbar Spyware User-Agent (HSN) || url,doc.emergingthreats.net/2003495
1 || 2003496 || 12 || trojan-activity || 0 || ET MALWARE AskSearch Toolbar Spyware User-Agent (AskBar) || url,doc.emergingthreats.net/2003496
1 || 2003497 || 13 || trojan-activity || 0 || ET MALWARE User-Agent (ms) || url,doc.emergingthreats.net/bin/view/Main/2003497
1 || 2003498 || 9 || trojan-activity || 0 || ET MALWARE Gamehouse.com Related Spyware User-Agent (Sprout Game) || url,doc.emergingthreats.net/2003498
1 || 2003499 || 9 || trojan-activity || 0 || ET MALWARE SpyDawn.com Fake Anti-Spyware User-Agent (SpyDawn) || url,www.spywareguide.com/spydet_3366_spydawn.html || url,doc.emergingthreats.net/2003499
1 || 2003500 || 9 || trojan-activity || 0 || ET MALWARE Adwave.com Related Spyware User-Agent (STBHOGet) || url,doc.emergingthreats.net/2003500
1 || 2003501 || 10 || trojan-activity || 0 || ET MALWARE Bestoffersnetwork.com Related Spyware User-Agent (TBONAS) || url,research.sunbelt-software.com/threatdisplay.aspx?name=BestOffersNetworks&threatid=43670 || url,doc.emergingthreats.net/2003501
1 || 2003504 || 5 || trojan-activity || 0 || ET MALWARE E2give Spyware Reporting (check url) || url,research.sunbelt-software.com/threatdisplay.aspx?name=E2Give&threatid=4728 || url,doc.emergingthreats.net/bin/view/Main/2003504
1 || 2003505 || 10 || trojan-activity || 0 || ET MALWARE Toplist.cz Related Spyware Checkin
1 || 2003506 || 10 || trojan-activity || 0 || ET MALWARE Alawar Toolbar Spyware User-Agent (Alawar Toolbar) || url,www.bleepingcomputer.com/uninstall/68/Alawar-Toolbar.html || url,doc.emergingthreats.net/2003506
1 || 2003508 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress wp-login.php redirect_to credentials stealing attempt || url,www.inliniac.net/blog/?p=71 || url,doc.emergingthreats.net/2003508
1 || 2003513 || 11 || trojan-activity || 0 || ET DELETED Suspicious Mozilla User-Agent typo (MOzilla/4.0) || url,doc.emergingthreats.net/2003513
1 || 2003514 || 8 || attempted-user || 0 || ET ACTIVEX Possible Microsoft Internet Explorer ADODB.Redcordset Double Free Memory Exploit - MS07-009 || url,www.milw0rm.com/exploits/3577 || url,www.microsoft.com/technet/security/Bulletin/MS07-009.mspx || url,doc.emergingthreats.net/2003514
1 || 2003515 || 6 || trojan-activity || 0 || ET TROJAN Snatch Reporting User Activity || url,doc.emergingthreats.net/2003515
1 || 2003516 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops Articles modules print.php SQL injection attempt || bugtraq,23160 || url,doc.emergingthreats.net/2003516
1 || 2003517 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iPhotoAlbum header.php remote file include || bugtraq,23189 || url,doc.emergingthreats.net/2003517
1 || 2003518 || 5 || attempted-admin || 0 || ET EXPLOIT Computer Associates Brightstor ARCServe Backup Mediasvr.exe Remote Exploit || url,www.milw0rm.com/exploits/3604 || url,doc.emergingthreats.net/bin/view/Main/2003518
1 || 2003519 || 8 || attempted-admin || 0 || ET EXPLOIT MS ANI exploit || url,doc.emergingthreats.net/bin/view/Main/2003519
1 || 2003520 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webCalendar Remote File include || url,www.securityfocus.com/archive/1/462957 || url,doc.emergingthreats.net/2003520
1 || 2003525 || 5 || trojan-activity || 0 || ET MALWARE Supergames.aavalue.com Spyware || url,research.sunbelt-software.com/threatdisplay.aspx?name=EZ-Tracks%20Toolbar&threatid=41189 || url,doc.emergingthreats.net/bin/view/Main/2003525
1 || 2003526 || 5 || trojan-activity || 0 || ET MALWARE KMIP.net Spyware 2 || url,www.kmip.net || url,doc.emergingthreats.net/bin/view/Main/2003526
1 || 2003527 || 9 || trojan-activity || 0 || ET MALWARE WinSoftware.com Spyware User-Agent (WinSoftware) || url,research.sunbelt-software.com/threatdisplay.aspx?name=WinSoftware%20Corporation%2c%20Inc.%20(v)&threatid=90037 || url,doc.emergingthreats.net/2003527
1 || 2003528 || 8 || trojan-activity || 0 || ET MALWARE WinSoftware.com Spyware User-Agent (NetInstaller) || url,research.sunbelt-software.com/threatdisplay.aspx?name=WinSoftware%20Corporation,%20Inc.%20(v)&threatid=90037 || url,doc.emergingthreats.net/2003528
1 || 2003529 || 8 || trojan-activity || 0 || ET MALWARE Msgplus.net Spyware/Adware User-Agent (MsgPlus3) || url,research.sunbelt-software.com/threatdisplay.aspx?name=Messenger%20Plus!&threatid=14931 || url,doc.emergingthreats.net/2003529
1 || 2003530 || 13 || trojan-activity || 0 || ET MALWARE Suspicious Mozilla User-Agent Separator - likely Fake (Mozilla/4.0+(compatible +MSIE+) || url,doc.emergingthreats.net/2003530
1 || 2003531 || 8 || trojan-activity || 0 || ET MALWARE Antivermins.com Spyware/Adware User-Agent (AntiVermeans) || url,www.bleepingcomputer.com/forums/topic69886.htm || url,doc.emergingthreats.net/2003531
1 || 2003532 || 9 || trojan-activity || 0 || ET MALWARE CommonName.com Spyware/Adware User-Agent (CommonName Agent) || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453078618 || url,doc.emergingthreats.net/2003532
1 || 2003533 || 6 || trojan-activity || 0 || ET MALWARE Sytes.net Related Spyware Reporting || url,www.sophos.com/security/analyses/w32forbotdv.html || url,doc.emergingthreats.net/bin/view/Main/2003533
1 || 2003534 || 5 || trojan-activity || 0 || ET DELETED Weatherbug Vista Gadget Activity || url,doc.emergingthreats.net/bin/view/Main/2003534
1 || 2003535 || 7 || web-application-activity || 0 || ET ATTACK_RESPONSE r57 phpshell footer detected || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755 || url,doc.emergingthreats.net/bin/view/Main/2003535
1 || 2003536 || 9 || web-application-activity || 0 || ET ATTACK_RESPONSE r57 phpshell source being uploaded || url,www.pestpatrol.com/spywarecenter/pest.aspx?id=453096755 || url,doc.emergingthreats.net/bin/view/Main/2003536
1 || 2003537 || 6 || trojan-activity || 0 || ET TROJAN Trojan.Duntek establishing remote connection || url,www.symantec.com/security_response/writeup.jsp?docid=2006-102514-0554-99 || url,doc.emergingthreats.net/2003537
1 || 2003538 || 5 || trojan-activity || 0 || ET TROJAN Klom.A Connecting to Controller || url,www.bitdefender.com/VIRUS-1000126-en--Trojan.Klom.A.html || url,doc.emergingthreats.net/2003538
1 || 2003541 || 6 || trojan-activity || 0 || ET MALWARE Bravesentry.com Fake Antispyware Updating || url,www.bravesentry.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=BraveSentry&threatid=44152 || url,doc.emergingthreats.net/bin/view/Main/2003541
1 || 2003542 || 6 || trojan-activity || 0 || ET MALWARE Bravesentry.com/Protectwin.com Fake Antispyware Reporting || url,www.bravesentry.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=BraveSentry&threatid=44152 || url,doc.emergingthreats.net/bin/view/Main/2003542
1 || 2003543 || 6 || trojan-activity || 0 || ET MALWARE Winfixmaster.com Fake Anti-Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2003543
1 || 2003544 || 8 || trojan-activity || 0 || ET MALWARE Winfixmaster.com Fake Anti-Spyware User-Agent (WinFixMaster) || url,doc.emergingthreats.net/2003544
1 || 2003545 || 8 || trojan-activity || 0 || ET USER_AGENTS Winfixmaster.com Fake Anti-Spyware User-Agent 2 (WinFix Master) || url,doc.emergingthreats.net/2003545
1 || 2003546 || 11 || trojan-activity || 0 || ET DELETED Suspicious User-Agent (downloader) - Used by Winfixmaster.com Fake Anti-Spyware and Others || url,doc.emergingthreats.net/bin/view/Main/2003546
1 || 2003547 || 5 || trojan-activity || 0 || ET MALWARE Privacyprotector.com Fake Anti-Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2003547
1 || 2003548 || 5 || trojan-activity || 0 || ET MALWARE Privacyprotector.com Fake Anti-Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2003548
1 || 2003549 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.2 Initial Connection and Report || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003550 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.2 Get Processes || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003551 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.2 Kill Process Command || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003552 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.2 Reporting Socks Proxy Active || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003553 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.2 Reporting Socks Proxy Off || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003554 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.2 Client Ping Reply || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003555 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Initial Connection and Report || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003556 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Keepalive Send || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003557 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Keepalive Reply || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003558 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Create Registry Key Command Send || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003559 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Create Directory Command Send || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003560 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Window List Command Send || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003561 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Window List Reply || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003562 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Get Processes Command Send || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003563 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Start Socks5 Proxy Command Send || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003564 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Socks5 Proxy Start Command Reply || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003565 || 5 || trojan-activity || 0 || ET TROJAN Bandook v1.35 Get Processes Command Reply || url,www.nuclearwintercrew.com || url,research.sunbelt-software.com/threatdisplay.aspx?name=Bandook&threatid=40408 || url,doc.emergingthreats.net/bin/view/Main/TrojanBandook
1 || 2003566 || 12 || trojan-activity || 0 || ET MALWARE User-Agent (DIALER) || url,doc.emergingthreats.net/2003566
1 || 2003567 || 9 || trojan-activity || 0 || ET MALWARE Winsoftware.com Fake AV User-Agent (DNS Extractor) || url,doc.emergingthreats.net/2003567
1 || 2003568 || 4 || trojan-activity || 0 || ET DELETED Evidencenuker.com Fake AV Updating || url,www.evidencenuker.com || url,doc.emergingthreats.net/bin/view/Main/2003568
1 || 2003569 || 10 || trojan-activity || 0 || ET MALWARE Evidencenuker.com Fake AV/Anti-Spyware User-Agent (EVNUKER) || url,doc.emergingthreats.net/2003567
1 || 2003570 || 9 || trojan-activity || 0 || ET MALWARE CoolWebSearch Spyware User-Agent (iefeatsl) || url,www.applicationsignatures.com/backend/index.php || url,doc.emergingthreats.net/2003570
1 || 2003575 || 7 || trojan-activity || 0 || ET DELETED Gator/Clarian Spyware Posting Data || url,www3.ca.com/securityadvisor/pest/content.aspx?q=67999 || url,doc.emergingthreats.net/bin/view/Main/2003575
1 || 2003576 || 5 || trojan-activity || 0 || ET MALWARE Security-updater.com Spyware Posting Data || url,doc.emergingthreats.net/bin/view/Main/2003576
1 || 2003577 || 5 || trojan-activity || 0 || ET MALWARE Mirarsearch.com Spyware Posting Data || url,doc.emergingthreats.net/bin/view/Main/2003577
1 || 2003578 || 8 || trojan-activity || 0 || ET MALWARE Baidu.com Spyware Bar Pulling Data || url,www.pctools.com/mrc/infections/id/BaiDu/ || url,doc.emergingthreats.net/bin/view/Main/2003578
1 || 2003579 || 5 || trojan-activity || 0 || ET MALWARE Findwhat.com Spyware (clickthrough) || url,doc.emergingthreats.net/bin/view/Main/2003579
1 || 2003580 || 6 || trojan-activity || 0 || ET DELETED Findwhat.com Spyware (sendtracker) || url,doc.emergingthreats.net/bin/view/Main/2003580
1 || 2003581 || 5 || trojan-activity || 0 || ET MALWARE Findwhat.com Spyware (sendmedia) || url,doc.emergingthreats.net/bin/view/Main/2003581
1 || 2003582 || 9 || trojan-activity || 0 || ET MALWARE MalwareWiped.com Spyware User-Agent (MalwareWiped) || url,doc.emergingthreats.net/2003582
1 || 2003583 || 11 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (update) || url,doc.emergingthreats.net/2003583
1 || 2003584 || 9 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent (Updater) || url,doc.emergingthreats.net/2003584
1 || 2003585 || 12 || trojan-activity || 0 || ET MALWARE Trojan User-Agent (Windows Updates Manager) || url,doc.emergingthreats.net/2003585
1 || 2003586 || 12 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (WinXP Pro Service Pack 2) || url,doc.emergingthreats.net/2003586
1 || 2003588 || 10 || trojan-activity || 0 || ET MALWARE Worm.Pyks HTTP C&C Traffic User-Agent (skw00001) || url,doc.emergingthreats.net/2003588
1 || 2003590 || 8 || trojan-activity || 0 || ET TROJAN Downloader-5265/Torpig/Anserin/Sinowal Unique UA (MSID) || url,doc.emergingthreats.net/2003590
1 || 2003595 || 6 || policy-violation || 0 || ET POLICY exe download via HTTP - Informational || url,doc.emergingthreats.net/2003595
1 || 2003597 || 4 || policy-violation || 0 || ET POLICY Google Calendar in Use || url,www.computerworld.com.au/index.php?id=1687889918&eid=-255 || url,doc.emergingthreats.net/2003597
1 || 2003598 || 7 || trojan-activity || 0 || ET TROJAN Diazom Trojan User-Agent in Use (cv_v2.0.1) || url,ww.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-032316-0426-99&tabid=2 || url,doc.emergingthreats.net/2003598
1 || 2003603 || 5 || trojan-activity || 0 || ET TROJAN W32.Virut.A joining an IRC Channel || url,www.bitcrank.net || url,doc.emergingthreats.net/2003603
1 || 2003604 || 8 || trojan-activity || 0 || ET POLICY Baidu.com Agent User-Agent (Desktop Web System) || url,doc.emergingthreats.net/2003604
1 || 2003605 || 5 || trojan-activity || 0 || ET MALWARE Baidu.com Spyware Bar Activity || url,www.pctools.com/mrc/infections/id/BaiDu/ || url,doc.emergingthreats.net/bin/view/Main/2003605
1 || 2003606 || 5 || trojan-activity || 0 || ET MALWARE Alexa Spyware Reporting URL Visited || url,doc.emergingthreats.net/bin/view/Main/2003606
1 || 2003607 || 10 || trojan-activity || 0 || ET DELETED Cnzz.com/Baidu Related Spyware Stat Reporting || url,vil.nai.com/vil/content/v_140364.htm || url,doc.emergingthreats.net/bin/view/Main/2003607
1 || 2003608 || 12 || trojan-activity || 0 || ET POLICY Baidu.com Related Agent User-Agent (iexp) || url,doc.emergingthreats.net/2003608
1 || 2003610 || 4 || trojan-activity || 0 || ET MALWARE Zango Spyware (tbrequest data post) || url,securityresponse.symantec.com/avcenter/venc/data/pf/adware.180search.html || url,doc.emergingthreats.net/bin/view/Main/2003610
1 || 2003611 || 7 || trojan-activity || 0 || ET MALWARE Malwarealarm.com Fake AV/AntiSpyware Updating || url,sunbeltblog.blogspot.com/2007/04/another-fake-security-scam-site_9466.html || url,doc.emergingthreats.net/bin/view/Main/2003611
1 || 2003612 || 6 || trojan-activity || 0 || ET MALWARE Malwarealarm.com Fake AV/AntiSpyware Download || url,sunbeltblog.blogspot.com/2007/04/another-fake-security-scam-site_9466.html || url,doc.emergingthreats.net/bin/view/Main/2003612
1 || 2003613 || 10 || trojan-activity || 0 || ET MALWARE EELoader Malware Packages User-Agent (EELoader) || url,doc.emergingthreats.net/2003613
1 || 2003614 || 5 || bad-unknown || 0 || ET INFO WinUpack Modified PE Header Inbound || url,doc.emergingthreats.net/bin/view/Main/WinPEHeaders
1 || 2003615 || 6 || bad-unknown || 0 || ET INFO WinUpack Modified PE Header Outbound || url,doc.emergingthreats.net/bin/view/Main/WinPEHeaders
1 || 2003616 || 38 || web-application-activity || 0 || ET WEB_SERVER DataCha0s Web Scanner/Robot || url,www.internetofficer.com/web-robot/datacha0s.html || url,doc.emergingthreats.net/2003616
1 || 2003617 || 7 || trojan-activity || 0 || ET MALWARE MyWebSearch Toolbar Posting Activity Report || url,doc.emergingthreats.net/bin/view/Main/2003617
1 || 2003619 || 6 || trojan-activity || 0 || ET MALWARE Alexa Spyware Redirecting User || url,doc.emergingthreats.net/bin/view/Main/2003619
1 || 2003620 || 4 || trojan-activity || 0 || ET MALWARE 51yes.com Spyware Reporting User Activity || url,doc.emergingthreats.net/bin/view/Main/2003620
1 || 2003621 || 7 || trojan-activity || 0 || ET MALWARE MyWay Spyware Posting Activity Report - Dell Related || url,doc.emergingthreats.net/bin/view/Main/2003621
1 || 2003622 || 12 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent outbound (bot) || url,doc.emergingthreats.net/bin/view/Main/2003622
1 || 2003623 || 5 || policy-violation || 0 || ET POLICY Centralops.net Domain Dossier Utility Probe || url,centralops.net || url,doc.emergingthreats.net/bin/view/Main/2003623
1 || 2003625 || 9 || trojan-activity || 0 || ET MALWARE dns-look-up.com Spyware User-Agent (KRSystem) || url,doc.emergingthreats.net/2003625
1 || 2003626 || 10 || trojan-activity || 0 || ET MALWARE Double User-Agent (User-Agent User-Agent) || url,doc.emergingthreats.net/bin/view/Main/2003626
1 || 2003627 || 9 || trojan-activity || 0 || ET MALWARE Internet-optimizer.com Related Spyware User-Agent (SexTrackerWSI) || url,doc.emergingthreats.net/2003627
1 || 2003630 || 5 || trojan-activity || 0 || ET MALWARE Baidu.com Spyware Sobar Bar Activity || url,www.pctools.com/mrc/infections/id/BaiDu/ || url,doc.emergingthreats.net/bin/view/Main/2003630
1 || 2003631 || 6 || policy-violation || 0 || ET POLICY Centralops.net Probe || url,centralops.net || url,doc.emergingthreats.net/bin/view/Main/2003631
1 || 2003632 || 8 || trojan-activity || 0 || ET TROJAN Zlob User Agent - updating (internetsecurity) || url,secubox.aldria.com/topic-post1618.html#post1618 || url,doc.emergingthreats.net/2003632
1 || 2003634 || 8 || attempted-admin || 0 || ET SCAN Suspicious User-Agent - get-minimal - Possible Vuln Scan || url,doc.emergingthreats.net/2003634
1 || 2003635 || 6 || trojan-activity || 0 || ET TROJAN Generic Password Stealer User Agent Detected (RookIE) || url,doc.emergingthreats.net/2003635
1 || 2003636 || 9 || trojan-activity || 0 || ET MALWARE Sality Virus User Agent Detected (KUKU) || url,doc.emergingthreats.net/2003636
1 || 2003637 || 6 || trojan-activity || 0 || ET TROJAN Inject.BV Trojan User Agent Detected (faserx) || url,doc.emergingthreats.net/2003637
1 || 2003638 || 6 || trojan-activity || 0 || ET DELETED AV-Killer.Win32 User Agent Detected (p4r4z1t3v3.one14.J) || url,doc.emergingthreats.net/2003638
1 || 2003639 || 8 || trojan-activity || 0 || ET MALWARE Adload.Generic Spyware User-Agent (ProxyDown) || url,doc.emergingthreats.net/2003639
1 || 2003640 || 11 || trojan-activity || 0 || ET MALWARE Adload.Generic Spyware User-Agent (91castInstallKernel) || url,doc.emergingthreats.net/2003640
1 || 2003641 || 7 || trojan-activity || 0 || ET TROJAN Downloader.Small 5ser Agent Detected (NetScafe) || url,doc.emergingthreats.net/2003641
1 || 2003644 || 9 || trojan-activity || 0 || ET MALWARE Generic.Malware.dld User-Agent (Sickloader) || url,doc.emergingthreats.net/2003644
1 || 2003645 || 6 || trojan-activity || 0 || ET TROJAN Generic.Malware.SFL User-Agent (Rescue/9.11) || url,doc.emergingthreats.net/2003645
1 || 2003646 || 9 || trojan-activity || 0 || ET TROJAN Downloader.VB.TX/Backdoor.Win32.DSSdoor!IK Checkin || url,doc.emergingthreats.net/2003646
1 || 2003647 || 7 || trojan-activity || 0 || ET TROJAN Backdoor.Irc.MFV User Agent Detected (IRC-U) || url,doc.emergingthreats.net/2003647
1 || 2003648 || 8 || trojan-activity || 0 || ET TROJAN Clicker.BC User Agent Detected (linkrunner) || url,doc.emergingthreats.net/2003648
1 || 2003649 || 8 || trojan-activity || 0 || ET TROJAN Hupigon User Agent Detected (SykO) || url,doc.emergingthreats.net/2003649
1 || 2003650 || 6 || trojan-activity || 0 || ET TROJAN Dialer-715 Install Checkin || url,doc.emergingthreats.net/2003650
1 || 2003651 || 6 || trojan-activity || 0 || ET DELETED Sality Virus User Agent Detected (SPM_ID=) || url,doc.emergingthreats.net/2003651
1 || 2003652 || 9 || trojan-activity || 0 || ET MALWARE CoolStreaming Toolbar (Conduit related) User-Agent (Coolstreaming Tool-Bar) || url,doc.emergingthreats.net/2003652
1 || 2003653 || 7 || trojan-activity || 0 || ET POLICY Boitho.com Distributed Crawler in use - User-Agent (boitho.com-dc) || url,doc.emergingthreats.net/bin/view/Main/2003653
1 || 2003654 || 9 || trojan-activity || 0 || ET MALWARE Effectivebrands.com Spyware User-Agent (GTBank) || url,doc.emergingthreats.net/2003654
1 || 2003655 || 9 || trojan-activity || 0 || ET MALWARE Trafficadvance.net Spyware User-Agent (Internet 1.0) || url,doc.emergingthreats.net/2003655
1 || 2003656 || 10 || trojan-activity || 0 || ET MALWARE debelizombi.com (Rizo) related Spyware User-Agent (mc_v1.2.6) || url,www.f-secure.com/v-descs/rizo.shtml || url,doc.emergingthreats.net/2003656
1 || 2003657 || 15 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (MSIE) || url,doc.emergingthreats.net/bin/view/Main/2003657
1 || 2003658 || 8 || trojan-activity || 0 || ET MALWARE qq.com related Spyware User-Agent (QQGame) || url,doc.emergingthreats.net/2003658
1 || 2003660 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt - Headerfile.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003660
1 || 2003661 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- latest_files.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003661
1 || 2003662 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- latest_posts.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003662
1 || 2003663 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- groups_headerfile.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003663
1 || 2003664 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- filters_headerfile.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003664
1 || 2003665 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- links.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003665
1 || 2003666 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- menu_headerfile.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003666
1 || 2003667 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- latest_news.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003667
1 || 2003668 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- settings_headerfile.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003668
1 || 2003669 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TopTree Remote Inclusion Attempt -- tpl_message.php right_file || cve,CVE-2007-2544 || url,www.milw0rm.com/exploits/3854 || url,doc.emergingthreats.net/2003669
1 || 2003670 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Workbench Survival Guide Remote Inclusion Attempt -- headerfile.php path || cve,CVE-2007-2542 || url,www.milw0rm.com/exploits/3848 || url,doc.emergingthreats.net/2003670
1 || 2003671 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Versado CMS Remote Inclusion Attempt -- ajax_listado.php urlModulo || cve,CVE-2007-2541 || url,www.milw0rm.com/exploits/3847 || url,doc.emergingthreats.net/2003671
1 || 2003672 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt -- mod_image_index.php config pathMod || cve,CVE-2007-2540 || url,www.milw0rm.com/exploits/3852 || url,doc.emergingthreats.net/2003672
1 || 2003673 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt -- mod_liens_index.php config pathMod || cve,CVE-2007-2540 || url,www.milw0rm.com/exploits/3852 || url,doc.emergingthreats.net/2003673
1 || 2003674 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt -- mod_liste_index.php config pathMod || cve,CVE-2007-2540 || url,www.milw0rm.com/exploits/3852 || url,doc.emergingthreats.net/2003674
1 || 2003675 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt -- mod_special_index.php config pathMod || cve,CVE-2007-2540 || url,www.milw0rm.com/exploits/3852 || url,doc.emergingthreats.net/2003675
1 || 2003676 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMECMS Remote Inclusion Attempt -- mod_texte_index.php config pathMod || cve,CVE-2007-2540 || url,www.milw0rm.com/exploits/3852 || url,doc.emergingthreats.net/2003676
1 || 2003677 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Berylium2 Remote Inclusion Attempt -- berylium-classes.php beryliumroot || cve,CVE-2007-2531 || url,www.milw0rm.com/exploits/3869 || url,doc.emergingthreats.net/2003677
1 || 2003678 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tropicalm Remote Inclusion Attempt -- dosearch.php RESPATH || cve,CVE-2007-2530 || url,www.milw0rm.com/exploits/3865 || url,doc.emergingthreats.net/2003678
1 || 2003679 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DynamicPAD Remote Inclusion Attempt -- dp_logs.php HomeDir || cve,CVE-2007-2527 || url,milw0rm.com/exploits/3868 || url,doc.emergingthreats.net/2003679
1 || 2003680 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DynamicPAD Remote Inclusion Attempt -- index.php HomeDir || cve,CVE-2007-2527 || url,milw0rm.com/exploits/3868 || url,doc.emergingthreats.net/2003680
1 || 2003681 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Persism CMS Remote Inclusion Attempt -- users_headerfile.php System || cve,CVE-2007-2545 || url,www.milw0rm.com/exploits/3853 || url,doc.emergingthreats.net/2003681
1 || 2003682 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Gads Remote Inclusion Attempt -- common.php locale || cve,CVE-2007-2521 || url,www.milw0rm.com/exploits/3846 || url,doc.emergingthreats.net/2003682
1 || 2003683 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Turbulence Remote Inclusion Attempt -- turbulence.php GLOBALS tcore || cve,CVE-2007-2504 || url,www.securityfocus.com/bid/23580 || url,doc.emergingthreats.net/2003683
1 || 2003684 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MXBB Remote Inclusion Attempt -- faq.php module_root_path || cve,CVE-2007-2493 || url,www.milw0rm.com/exploits/3833 || url,doc.emergingthreats.net/2003684
1 || 2003685 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Remote Inclusion Attempt -- wptable-button.php wpPATH || cve,CVE-2007-2484 || url,www.milw0rm.com/exploits/3824 || url,doc.emergingthreats.net/2003685
1 || 2003686 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Remote Inclusion Attempt -- wordtube-button.php wpPATH || cve,CVE-2007-2481 || url,www.milw0rm.com/exploits/3825 || url,doc.emergingthreats.net/2003686
1 || 2003687 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TurnKeyWebTools Remote Inclusion Attempt -- payflow_pro.php abs_path || cve,CVE-2007-2474 || url,www.securityfocus.com/bid/23662 || url,doc.emergingthreats.net/2003687
1 || 2003688 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TurnKeyWebTools Remote Inclusion Attempt -- global.php abs_path || cve,CVE-2007-2474 || url,www.securityfocus.com/bid/23662 || url,doc.emergingthreats.net/2003688
1 || 2003689 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TurnKeyWebTools Remote Inclusion Attempt -- libsecure.php abs_path || cve,CVE-2007-2474 || url,www.securityfocus.com/bid/23662 || url,doc.emergingthreats.net/2003689
1 || 2003690 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Firefly Remote Inclusion Attempt -- config.php DOCUMENT_ROOT || cve,CVE-2007-2460 || url,www.frsirt.com/english/advisories/2007/1554 || url,doc.emergingthreats.net/2003690
1 || 2003691 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pixaria Gallery Remote Inclusion Attempt -- psg.smarty.lib.php cfg sys base_path || cve,CVE-2007-2458 || url,www.frsirt.com/english/advisories/2007/1390 || url,doc.emergingthreats.net/2003691
1 || 2003692 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VM Watermark Remote Inclusion Attempt -- watermark.php GALLERY_BASEDIR || cve,CVE-2007-2575 || url,www.milw0rm.com/exploits/3857 || url,doc.emergingthreats.net/2003692
1 || 2003693 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPtree Remote Inclusion Attempt -- cms2.php s_dir || cve,CVE-2007-2573 || url,www.milw0rm.com/exploits/3860 || url,doc.emergingthreats.net/2003693
1 || 2003694 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NoAH Remote Inclusion Attempt -- mfa_theme.php tpls || cve,CVE-2007-2572 || url,www.milw0rm.com/exploits/3861 || url,doc.emergingthreats.net/2003694
1 || 2003696 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wikivi5 Remote Inclusion Attempt -- show.php sous_rep || cve,CVE-2007-2570 || url,www.milw0rm.com/exploits/3863 || url,doc.emergingthreats.net/2003696
1 || 2003698 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfa CMS Remote Inclusion index.php abs_path || cve,CVE-2007-2559 || url,www.securityfocus.com/archive/1/archive/1/467840/100/0/threaded || url,doc.emergingthreats.net/2003698
1 || 2003699 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfa CMS Remote Inclusion checkout.php abs_path || cve,CVE-2007-2559 || url,www.securityfocus.com/archive/1/archive/1/467840/100/0/threaded || url,doc.emergingthreats.net/2003699
1 || 2003700 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfa CMS Remote Inclusion libsecure.php abs_path || cve,CVE-2007-2559 || url,www.securityfocus.com/archive/1/archive/1/467840/100/0/threaded || url,doc.emergingthreats.net/2003700
1 || 2003701 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfa CMS Remote Inclusion index.php repinc || cve,CVE-2007-2558 || url,www.securityfocus.com/archive/1/archive/1/467827/100/0/threaded || url,doc.emergingthreats.net/2003701
1 || 2003702 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pixaria Gallery Remote Inclusion class.Smarty.php cfg sys base_path || cve,CVE-2007-2457 || url,www.milw0rm.com/exploits/3733 || url,doc.emergingthreats.net/2003702
1 || 2003703 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMyPortal Remote Inclusion Attempt -- articles.inc.php GLOBALS CHEMINMODULES || cve,CVE-2007-2594 || url,www.milw0rm.com/exploits/3879 || url,doc.emergingthreats.net/2003703
1 || 2003704 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AForum Remote Inclusion func.php CommonAbsDir || cve,CVE-2007-2596 || url,www.milw0rm.com/exploits/3884 || url,doc.emergingthreats.net/2003704
1 || 2003705 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion site_conf.php ordnertiefe || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003705
1 || 2003706 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion class.csv.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003706
1 || 2003707 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion produkte_nach_serie.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003707
1 || 2003708 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion ref_kd_rubrik.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003708
1 || 2003709 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion hg_referenz_jobgalerie.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003709
1 || 2003710 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion surfer_anmeldung_NWL.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003710
1 || 2003711 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion produkte_nach_serie_alle.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003711
1 || 2003712 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion surfer_aendern.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003712
1 || 2003713 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion referenz.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003713
1 || 2003714 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion lay.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003714
1 || 2003715 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion ref_kd_rubrik.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003715
1 || 2003716 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LaVague Remote Inclusion Attempt -- printbar.php views_path || cve,CVE-2007-2607 || url,www.exploit-db.com/exploits/3870/ || url,doc.emergingthreats.net/2003716
1 || 2003717 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS miplex2 Remote Inclusion SmartyFU.class.php system || cve,CVE-2007-2608 || url,www.milw0rm.com/exploits/3878 || url,doc.emergingthreats.net/2003717
1 || 2003718 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- lom.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003718
1 || 2003719 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- lom_update.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003719
1 || 2003720 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- check-lom.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003720
1 || 2003721 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- weigh_keywords.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003721
1 || 2003722 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- logout.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003722
1 || 2003723 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- help.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003723
1 || 2003724 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- index.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003724
1 || 2003725 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- login.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003725
1 || 2003726 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CGX Remote Inclusion Attempt -- mtdialogo.php pathCGX || cve,CVE-2007-2611 || url,www.milw0rm.com/exploits/3874 || url,doc.emergingthreats.net/2003726
1 || 2003727 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CGX Remote Inclusion Attempt -- ltdialogo.php pathCGX || cve,CVE-2007-2611 || url,www.milw0rm.com/exploits/3874 || url,doc.emergingthreats.net/2003727
1 || 2003728 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CGX Remote Inclusion Attempt -- logingecon.php pathCGX || cve,CVE-2007-2611 || url,www.milw0rm.com/exploits/3874 || url,doc.emergingthreats.net/2003728
1 || 2003729 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CGX Remote Inclusion Attempt -- login.php pathCGX || cve,CVE-2007-2611 || url,www.milw0rm.com/exploits/3874 || url,doc.emergingthreats.net/2003729
1 || 2003730 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPHtmlLib Remote Inclusion Attempt -- widget8.php phphtmllib || cve,CVE-2007-2614 || url,www.securityfocus.com/archive/1/archive/1/467837/100/0/threaded || url,doc.emergingthreats.net/2003730
1 || 2003731 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPLojaFacil Remote Inclusion Attempt -- ftp.php path_local || cve,CVE-2007-2615 || url,www.milw0rm.com/exploits/3875 || url,doc.emergingthreats.net/2003731
1 || 2003732 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPLojaFacil Remote Inclusion Attempt -- db.php path_local || cve,CVE-2007-2615 || url,www.milw0rm.com/exploits/3875 || url,doc.emergingthreats.net/2003732
1 || 2003733 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPLojaFacil Remote Inclusion Attempt -- libs_ftp.php path_local || cve,CVE-2007-2615 || url,www.milw0rm.com/exploits/3875 || url,doc.emergingthreats.net/2003733
1 || 2003735 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPSecurityAdmin Remote Inclusion Attempt -- logout.php PSA_PATH || cve,CVE-2007-2628 || url,www.securityfocus.com/bid/23801 || url,doc.emergingthreats.net/2003735
1 || 2003736 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AForum Remote Inclusion Attempt -- errormsg.php header || cve,CVE-2007-2634 || url,secunia.com/advisories/25224 || url,doc.emergingthreats.net/2003736
1 || 2003737 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CJG Explorer Remote Inclusion Attempt -- pcltrace.lib.php g_pcltar_lib_dir || cve,CVE-2007-2660 || url,www.milw0rm.com/exploits/3915 || url,doc.emergingthreats.net/2003737
1 || 2003738 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Beacon Remote Inclusion Attempt -- splash.lang.php languagePath || cve,CVE-2007-2663 || url,www.milw0rm.com/exploits/3909 || url,doc.emergingthreats.net/2003738
1 || 2003739 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Yaap Remote Inclusion Attempt -- common.php root_path || cve,CVE-2007-2664 || url,www.milw0rm.com/exploits/3908 || url,doc.emergingthreats.net/2003739
1 || 2003740 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPFirstPost Remote Inclusion Attempt block.php Include || cve,CVE-2007-2665 || url,www.milw0rm.com/exploits/3906 || url,doc.emergingthreats.net/2003740
1 || 2003741 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Open Translation Engine Remote Inclusion Attempt -- header.php ote_home || cve,CVE-2007-2676 || url,www.milw0rm.com/exploits/3838 || url,doc.emergingthreats.net/2003741
1 || 2003742 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPChess Remote Inclusion Attempt -- language.php config || cve,CVE-2007-2677 || url,www.milw0rm.com/exploits/3837 || url,doc.emergingthreats.net/2003742
1 || 2003743 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPChess Remote Inclusion Attempt -- layout_admin_cfg.php Root_Path || cve,CVE-2007-2677 || url,www.milw0rm.com/exploits/3837 || url,doc.emergingthreats.net/2003743
1 || 2003744 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPChess Remote Inclusion Attempt -- layout_cfg.php Root_Path || cve,CVE-2007-2677 || url,www.milw0rm.com/exploits/3837 || url,doc.emergingthreats.net/2003744
1 || 2003745 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPChess Remote Inclusion Attempt -- layout_t_top.php Root_Path || cve,CVE-2007-2677 || url,www.milw0rm.com/exploits/3837 || url,doc.emergingthreats.net/2003745
1 || 2003746 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Script Gallery Remote Inclusion index.php gallery || cve,CVE-2007-2679 || url,www.securityfocus.com/bid/23534 || url,doc.emergingthreats.net/2003746
1 || 2003747 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gnuedu Remote Inclusion Attempt -- lom.php ETCDIR || cve,CVE-2007-2609 || url,www.milw0rm.com/exploits/3876 || url,doc.emergingthreats.net/2003747
1 || 2003749 || 8 || trojan-activity || 0 || ET USER_AGENTS QQHelper related Spyware User-Agent (H) || url,doc.emergingthreats.net/2003749
1 || 2003750 || 4 || attempted-dos || 0 || ET EXPLOIT CA Brightstor ARCServe caloggerd DoS || url,www.milw0rm.com/exploits/3939 || url,doc.emergingthreats.net/bin/view/Main/2003750
1 || 2003751 || 4 || attempted-dos || 0 || ET EXPLOIT CA Brightstor ARCServe Mediasvr DoS || url, www.milw0rm.com/exploits/3940 || url,doc.emergingthreats.net/bin/view/Main/2003751
1 || 2003752 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id SELECT || cve,CVE-2007-2342 || url,www.milw0rm.com/exploits/3767 || url,doc.emergingthreats.net/2003752
1 || 2003753 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id UNION SELECT || cve,CVE-2007-2342 || url,www.milw0rm.com/exploits/3767 || url,doc.emergingthreats.net/2003753
1 || 2003754 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id INSERT || cve,CVE-2007-2342 || url,www.milw0rm.com/exploits/3767 || url,doc.emergingthreats.net/2003754
1 || 2003755 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id DELETE || cve,CVE-2007-2342 || url,www.milw0rm.com/exploits/3767 || url,doc.emergingthreats.net/2003755
1 || 2003756 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id ASCII || cve,CVE-2007-2342 || url,www.milw0rm.com/exploits/3767 || url,doc.emergingthreats.net/2003756
1 || 2003757 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreaScripts CreaDirectory SQL Injection Attempt -- error.asp id UPDATE || cve,CVE-2007-2342 || url,www.milw0rm.com/exploits/3767 || url,doc.emergingthreats.net/2003757
1 || 2003758 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt -- index.php cid SELECT || cve,CVE-2007-2370 || url,www.milw0rm.com/exploits/3672 || url,doc.emergingthreats.net/2003758
1 || 2003759 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt -- index.php cid UNION SELECT || cve,CVE-2007-2370 || url,www.milw0rm.com/exploits/3672 || url,doc.emergingthreats.net/2003759
1 || 2003760 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt -- index.php cid INSERT || cve,CVE-2007-2370 || url,www.milw0rm.com/exploits/3672 || url,doc.emergingthreats.net/2003760
1 || 2003761 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt -- index.php cid DELETE || cve,CVE-2007-2370 || url,www.milw0rm.com/exploits/3672 || url,doc.emergingthreats.net/2003761
1 || 2003762 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt -- index.php cid ASCII || cve,CVE-2007-2370 || url,www.milw0rm.com/exploits/3672 || url,doc.emergingthreats.net/2003762
1 || 2003763 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS John Mordo Jobs SQL Injection Attempt -- index.php cid UPDATE || cve,CVE-2007-2370 || url,www.milw0rm.com/exploits/3672 || url,doc.emergingthreats.net/2003763
1 || 2003764 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid SELECT || cve,CVE-2007-2373 || url,www.milw0rm.com/exploits/3670 || url,doc.emergingthreats.net/2003764
1 || 2003765 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid UNION SELECT || cve,CVE-2007-2373 || url,www.milw0rm.com/exploits/3670 || url,doc.emergingthreats.net/2003765
1 || 2003766 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid INSERT || cve,CVE-2007-2373 || url,www.milw0rm.com/exploits/3670 || url,doc.emergingthreats.net/2003766
1 || 2003767 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid DELETE || cve,CVE-2007-2373 || url,www.milw0rm.com/exploits/3670 || url,doc.emergingthreats.net/2003767
1 || 2003768 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid ASCII || cve,CVE-2007-2373 || url,www.milw0rm.com/exploits/3670 || url,doc.emergingthreats.net/2003768
1 || 2003769 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WF-Links (wflinks) SQL Injection Attempt -- viewcat.php cid UPDATE || cve,CVE-2007-2373 || url,www.milw0rm.com/exploits/3670 || url,doc.emergingthreats.net/2003769
1 || 2003770 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt -- home.php a SELECT || cve,CVE-2007-2416 || url,www.securityfocus.com/bid/23727 || url,doc.emergingthreats.net/2003770
1 || 2003771 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt -- home.php a UNION SELECT || cve,CVE-2007-2416 || url,www.securityfocus.com/bid/23727 || url,doc.emergingthreats.net/2003771
1 || 2003772 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt -- home.php a INSERT || cve,CVE-2007-2416 || url,www.securityfocus.com/bid/23727 || url,doc.emergingthreats.net/2003772
1 || 2003773 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt -- home.php a DELETE || cve,CVE-2007-2416 || url,www.securityfocus.com/bid/23727 || url,doc.emergingthreats.net/2003773
1 || 2003774 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt -- home.php a ASCII || cve,CVE-2007-2416 || url,www.securityfocus.com/bid/23727 || url,doc.emergingthreats.net/2003774
1 || 2003775 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Annu SQL Injection Attempt -- home.php a UPDATE || cve,CVE-2007-2416 || url,www.securityfocus.com/bid/23727 || url,doc.emergingthreats.net/2003775
1 || 2003776 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id SELECT || cve,CVE-2007-2420 || url,www.securityfocus.com/bid/23678 || url,doc.emergingthreats.net/2003776
1 || 2003777 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id UNION SELECT || cve,CVE-2007-2420 || url,www.securityfocus.com/bid/23678 || url,doc.emergingthreats.net/2003777
1 || 2003778 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id INSERT || cve,CVE-2007-2420 || url,www.securityfocus.com/bid/23678 || url,doc.emergingthreats.net/2003778
1 || 2003779 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id DELETE || cve,CVE-2007-2420 || url,www.securityfocus.com/bid/23678 || url,doc.emergingthreats.net/2003779
1 || 2003780 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id ASCII || cve,CVE-2007-2420 || url,www.securityfocus.com/bid/23678 || url,doc.emergingthreats.net/2003780
1 || 2003781 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yilmaz Blog SQL Injection Attempt -- bry.asp id UPDATE || cve,CVE-2007-2420 || url,www.securityfocus.com/bid/23678 || url,doc.emergingthreats.net/2003781
1 || 2003782 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pnFlashGames SQL Injection Attempt -- index.php cid SELECT || cve,CVE-2007-2427 || url,www.milw0rm.com/exploits/3813 || url,doc.emergingthreats.net/2003782
1 || 2003783 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pnFlashGames SQL Injection Attempt -- index.php cid UNION SELECT || cve,CVE-2007-2427 || url,www.milw0rm.com/exploits/3813 || url,doc.emergingthreats.net/2003783
1 || 2003784 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pnFlashGames SQL Injection Attempt -- index.php cid INSERT || cve,CVE-2007-2427 || url,www.milw0rm.com/exploits/3813 || url,doc.emergingthreats.net/2003784
1 || 2003785 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pnFlashGames SQL Injection Attempt -- index.php cid DELETE || cve,CVE-2007-2427 || url,www.milw0rm.com/exploits/3813 || url,doc.emergingthreats.net/2003785
1 || 2003786 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pnFlashGames SQL Injection Attempt -- index.php cid ASCII || cve,CVE-2007-2427 || url,www.milw0rm.com/exploits/3813 || url,doc.emergingthreats.net/2003786
1 || 2003787 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pnFlashGames SQL Injection Attempt -- index.php cid UPDATE || cve,CVE-2007-2427 || url,www.milw0rm.com/exploits/3813 || url,doc.emergingthreats.net/2003787
1 || 2003788 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt -- index.php fid SELECT || cve,CVE-2007-2469 || url,www.securityfocus.com/bid/23752 || url,doc.emergingthreats.net/2003788
1 || 2003789 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt -- index.php fid UNION SELECT || cve,CVE-2007-2469 || url,www.securityfocus.com/bid/23752 || url,doc.emergingthreats.net/2003789
1 || 2003790 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt -- index.php fid INSERT || cve,CVE-2007-2469 || url,www.securityfocus.com/bid/23752 || url,doc.emergingthreats.net/2003790
1 || 2003791 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt -- index.php fid DELETE || cve,CVE-2007-2469 || url,www.securityfocus.com/bid/23752 || url,doc.emergingthreats.net/2003791
1 || 2003792 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt -- index.php fid ASCII || cve,CVE-2007-2469 || url,www.securityfocus.com/bid/23752 || url,doc.emergingthreats.net/2003792
1 || 2003793 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FileRun SQL Injection Attempt -- index.php fid UPDATE || cve,CVE-2007-2469 || url,www.securityfocus.com/bid/23752 || url,doc.emergingthreats.net/2003793
1 || 2003794 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid SELECT || cve,CVE-2007-2473 || url,www.securityfocus.com/bid/23753 || url,doc.emergingthreats.net/2003794
1 || 2003795 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid UNION SELECT || cve,CVE-2007-2473 || url,www.securityfocus.com/bid/23753 || url,doc.emergingthreats.net/2003795
1 || 2003796 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid INSERT || cve,CVE-2007-2473 || url,www.securityfocus.com/bid/23753 || url,doc.emergingthreats.net/2003796
1 || 2003797 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid ASCII || cve,CVE-2007-2473 || url,www.securityfocus.com/bid/23753 || url,doc.emergingthreats.net/2003797
1 || 2003798 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid UPDATE || cve,CVE-2007-2473 || url,www.securityfocus.com/bid/23753 || url,doc.emergingthreats.net/2003798
1 || 2003805 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER SELECT || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003805
1 || 2003806 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER UNION SELECT || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003806
1 || 2003807 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER INSERT || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003807
1 || 2003808 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER DELETE || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003808
1 || 2003809 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER ASCII || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003809
1 || 2003810 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_USER UPDATE || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003810
1 || 2003811 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS SELECT || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003811
1 || 2003812 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS UNION SELECT || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003812
1 || 2003813 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS INSERT || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003813
1 || 2003814 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS DELETE || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003814
1 || 2003815 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS ASCII || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003815
1 || 2003816 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpHoo3 SQL Injection Attempt -- admin.php ADMIN_PASS UPDATE || cve,CVE-2007-2534 || url,www.securityfocus.com/bid/23854 || url,doc.emergingthreats.net/2003816
1 || 2003817 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunCms SQL Injection Attempt -- debug_show.php executed_queries SELECT || cve,CVE-2007-2538 || url,www.milw0rm.com/exploits/3850 || url,doc.emergingthreats.net/2003817
1 || 2003818 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunCms SQL Injection Attempt -- debug_show.php executed_queries UNION SELECT || cve,CVE-2007-2538 || url,www.milw0rm.com/exploits/3850 || url,doc.emergingthreats.net/2003818
1 || 2003819 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunCms SQL Injection Attempt -- debug_show.php executed_queries INSERT || cve,CVE-2007-2538 || url,www.milw0rm.com/exploits/3850 || url,doc.emergingthreats.net/2003819
1 || 2003820 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunCms SQL Injection Attempt -- debug_show.php executed_queries DELETE || cve,CVE-2007-2538 || url,www.milw0rm.com/exploits/3850 || url,doc.emergingthreats.net/2003820
1 || 2003821 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunCms SQL Injection Attempt -- debug_show.php executed_queries ASCII || cve,CVE-2007-2538 || url,www.milw0rm.com/exploits/3850 || url,doc.emergingthreats.net/2003821
1 || 2003822 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunCms SQL Injection Attempt -- debug_show.php executed_queries UPDATE || cve,CVE-2007-2538 || url,www.milw0rm.com/exploits/3850 || url,doc.emergingthreats.net/2003822
1 || 2003823 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt -- game.php lid SELECT || cve,CVE-2007-2543 || url,www.milw0rm.com/exploits/3849 || url,doc.emergingthreats.net/2003823
1 || 2003824 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt -- game.php lid UNION SELECT || cve,CVE-2007-2543 || url,www.milw0rm.com/exploits/3849 || url,doc.emergingthreats.net/2003824
1 || 2003825 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt -- game.php lid INSERT || cve,CVE-2007-2543 || url,www.milw0rm.com/exploits/3849 || url,doc.emergingthreats.net/2003825
1 || 2003826 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt -- game.php lid DELETE || cve,CVE-2007-2543 || url,www.milw0rm.com/exploits/3849 || url,doc.emergingthreats.net/2003826
1 || 2003827 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt -- game.php lid ASCII || cve,CVE-2007-2543 || url,www.milw0rm.com/exploits/3849 || url,doc.emergingthreats.net/2003827
1 || 2003828 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flashgames SQL Injection Attempt -- game.php lid UPDATE || cve,CVE-2007-2543 || url,www.milw0rm.com/exploits/3849 || url,doc.emergingthreats.net/2003828
1 || 2003829 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ResManager SQL Injection Attempt -- edit_day.php id_reserv SELECT || cve,CVE-2007-2735 || url,www.milw0rm.com/exploits/3931 || url,doc.emergingthreats.net/2003829
1 || 2003830 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ResManager SQL Injection Attempt -- edit_day.php id_reserv UNION SELECT || cve,CVE-2007-2735 || url,www.milw0rm.com/exploits/3931 || url,doc.emergingthreats.net/2003830
1 || 2003831 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ResManager SQL Injection Attempt -- edit_day.php id_reserv INSERT || cve,CVE-2007-2735 || url,www.milw0rm.com/exploits/3931 || url,doc.emergingthreats.net/2003831
1 || 2003832 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ResManager SQL Injection Attempt -- edit_day.php id_reserv DELETE || cve,CVE-2007-2735 || url,www.milw0rm.com/exploits/3931 || url,doc.emergingthreats.net/2003832
1 || 2003833 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ResManager SQL Injection Attempt -- edit_day.php id_reserv ASCII || cve,CVE-2007-2735 || url,www.milw0rm.com/exploits/3931 || url,doc.emergingthreats.net/2003833
1 || 2003834 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ResManager SQL Injection Attempt -- edit_day.php id_reserv UPDATE || cve,CVE-2007-2735 || url,www.milw0rm.com/exploits/3931 || url,doc.emergingthreats.net/2003834
1 || 2003835 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt -- index.php cid SELECT || cve,CVE-2007-2737 || url,www.frsirt.com/english/advisories/2007/1830 || url,doc.emergingthreats.net/2003835
1 || 2003836 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt -- index.php cid UNION SELECT || cve,CVE-2007-2737 || url,www.frsirt.com/english/advisories/2007/1830 || url,doc.emergingthreats.net/2003836
1 || 2003837 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt -- index.php cid INSERT || cve,CVE-2007-2737 || url,www.frsirt.com/english/advisories/2007/1830 || url,doc.emergingthreats.net/2003837
1 || 2003838 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt -- index.php cid DELETE || cve,CVE-2007-2737 || url,www.frsirt.com/english/advisories/2007/1830 || url,doc.emergingthreats.net/2003838
1 || 2003839 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt -- index.php cid ASCII || cve,CVE-2007-2737 || url,www.frsirt.com/english/advisories/2007/1830 || url,doc.emergingthreats.net/2003839
1 || 2003840 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyConference SQL Injection Attempt -- index.php cid UPDATE || cve,CVE-2007-2737 || url,www.frsirt.com/english/advisories/2007/1830 || url,doc.emergingthreats.net/2003840
1 || 2003841 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt -- glossaire-p-f.php sid UNION SELECT || cve,CVE-2007-2738 || url,www.milw0rm.com/exploits/3932 || url,doc.emergingthreats.net/2003841
1 || 2003842 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt -- glossaire-p-f.php sid INSERT || cve,CVE-2007-2738 || url,www.milw0rm.com/exploits/3932 || url,doc.emergingthreats.net/2003842
1 || 2003843 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt -- glossaire-p-f.php sid DELETE || cve,CVE-2007-2738 || url,www.milw0rm.com/exploits/3932 || url,doc.emergingthreats.net/2003843
1 || 2003844 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt -- glossaire-p-f.php sid ASCII || cve,CVE-2007-2738 || url,www.milw0rm.com/exploits/3932 || url,doc.emergingthreats.net/2003844
1 || 2003845 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt -- glossaire-p-f.php sid UPDATE || cve,CVE-2007-2738 || url,www.milw0rm.com/exploits/3932 || url,doc.emergingthreats.net/2003845
1 || 2003846 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt -- question.php questionref SELECT || cve,CVE-2007-2749 || url,www.milw0rm.com/exploits/3943 || url,doc.emergingthreats.net/2003846
1 || 2003847 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt -- question.php questionref UNION SELECT || cve,CVE-2007-2749 || url,www.milw0rm.com/exploits/3943 || url,doc.emergingthreats.net/2003847
1 || 2003848 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt -- question.php questionref INSERT || cve,CVE-2007-2749 || url,www.milw0rm.com/exploits/3943 || url,doc.emergingthreats.net/2003848
1 || 2003849 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt -- question.php questionref DELETE || cve,CVE-2007-2749 || url,www.milw0rm.com/exploits/3943 || url,doc.emergingthreats.net/2003849
1 || 2003850 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt -- question.php questionref ASCII || cve,CVE-2007-2749 || url,www.milw0rm.com/exploits/3943 || url,doc.emergingthreats.net/2003850
1 || 2003851 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FAQEngine SQL Injection Attempt -- question.php questionref UPDATE || cve,CVE-2007-2749 || url,www.milw0rm.com/exploits/3943 || url,doc.emergingthreats.net/2003851
1 || 2003852 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpNews SQL Injection Attempt -- print.php newsnr SELECT || cve,CVE-2007-2750 || url,www.milw0rm.com/exploits/3942 || url,doc.emergingthreats.net/2003852
1 || 2003853 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpNews SQL Injection Attempt -- print.php newsnr UNION SELECT || cve,CVE-2007-2750 || url,www.milw0rm.com/exploits/3942 || url,doc.emergingthreats.net/2003853
1 || 2003854 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpNews SQL Injection Attempt -- print.php newsnr INSERT || cve,CVE-2007-2750 || url,www.milw0rm.com/exploits/3942 || url,doc.emergingthreats.net/2003854
1 || 2003855 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpNews SQL Injection Attempt -- print.php newsnr DELETE || cve,CVE-2007-2750 || url,www.milw0rm.com/exploits/3942 || url,doc.emergingthreats.net/2003855
1 || 2003856 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpNews SQL Injection Attempt -- print.php newsnr ASCII || cve,CVE-2007-2750 || url,www.milw0rm.com/exploits/3942 || url,doc.emergingthreats.net/2003856
1 || 2003857 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpNews SQL Injection Attempt -- print.php newsnr UPDATE || cve,CVE-2007-2750 || url,www.milw0rm.com/exploits/3942 || url,doc.emergingthreats.net/2003857
1 || 2003858 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id SELECT || cve,CVE-2007-2752 || url,www.milw0rm.com/exploits/3936 || url,doc.emergingthreats.net/2003858
1 || 2003859 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id UNION SELECT || cve,CVE-2007-2752 || url,www.milw0rm.com/exploits/3936 || url,doc.emergingthreats.net/2003859
1 || 2003860 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id INSERT || cve,CVE-2007-2752 || url,www.milw0rm.com/exploits/3936 || url,doc.emergingthreats.net/2003860
1 || 2003861 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id DELETE || cve,CVE-2007-2752 || url,www.milw0rm.com/exploits/3936 || url,doc.emergingthreats.net/2003861
1 || 2003862 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id ASCII || cve,CVE-2007-2752 || url,www.milw0rm.com/exploits/3936 || url,doc.emergingthreats.net/2003862
1 || 2003863 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RunawaySoft Haber portal 1.0 SQL Injection Attempt -- devami.asp id UPDATE || cve,CVE-2007-2752 || url,www.milw0rm.com/exploits/3936 || url,doc.emergingthreats.net/2003863
1 || 2003864 || 4 || misc-activity || 0 || ET POLICY Outbound SMTP on port 587 || url,doc.emergingthreats.net/2003864
1 || 2003865 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Made Simple SQL Injection Attempt -- stylesheet.php templateid DELETE || cve,CVE-2007-2473 || url,www.securityfocus.com/bid/23753 || url,doc.emergingthreats.net/2003865
1 || 2003866 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossaire SQL Injection Attempt -- glossaire-p-f.php sid SELECT || cve,CVE-2007-2738 || url,www.milw0rm.com/exploits/3932 || url,doc.emergingthreats.net/2003866
1 || 2003867 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TellTarget CMS Remote Inclusion 3_lay.php tt_docroot || cve,CVE-2007-2597 || url,www.milw0rm.com/exploits/3885 || url,doc.emergingthreats.net/2003867
1 || 2003869 || 7 || misc-attack || 0 || ET SCAN ProxyReconBot CONNECT method to Mail || url,doc.emergingthreats.net/2003869
1 || 2003870 || 7 || misc-attack || 0 || ET SCAN ProxyReconBot POST method to Mail || url,doc.emergingthreats.net/2003870
1 || 2003871 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ripe Website Manager XSS Attempt -- index.php ripeformpost || cve,CVE-2007-2206 || url,www.securityfocus.com/bid/23597 || url,doc.emergingthreats.net/2003871
1 || 2003872 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Redoable XSS Attempt -- searchloop.php s || cve,CVE-2007-2757 || url,www.securityfocus.com/archive/1/archive/1/468892/100/0/threaded || url,doc.emergingthreats.net/2003872
1 || 2003873 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Redoable XSS Attempt -- header.php s || cve,CVE-2007-2757 || url,www.securityfocus.com/archive/1/archive/1/468892/100/0/threaded || url,doc.emergingthreats.net/2003873
1 || 2003874 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vDesk Webmail XSS Attempt -- printcal.pl || cve,CVE-2007-2745 || url,www.securityfocus.com/bid/24022 || url,doc.emergingthreats.net/2003874
1 || 2003875 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fotolog XSS Attempt -- all_photos.html user || cve,CVE-2007-2724 || url,www.securityfocus.com/archive/1/archive/1/468316/100/0/threaded || url,doc.emergingthreats.net/2003875
1 || 2003876 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp XSS Attempt -- listmembers.php show || cve,CVE-2007-2716 || url,www.securityfocus.com/bid/23951 || url,doc.emergingthreats.net/2003876
1 || 2003877 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp XSS Attempt -- stats.php show || cve,CVE-2007-2716 || url,www.securityfocus.com/bid/23951 || url,doc.emergingthreats.net/2003877
1 || 2003878 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Open Translation Engine (OTE) XSS Attempt -- header.php ote_home || cve,CVE-2007-2676 || url,www.milw0rm.com/exploits/3838 || url,doc.emergingthreats.net/2003878
1 || 2003879 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPChain XSS Attempt -- settings.php catid || cve,CVE-2007-2670 || url,www.securityfocus.com/bid/23761 || url,doc.emergingthreats.net/2003879
1 || 2003880 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPChain XSS Attempt -- cat.php catid || cve,CVE-2007-2670 || url,www.securityfocus.com/bid/23761 || url,doc.emergingthreats.net/2003880
1 || 2003881 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SonicBB XSS Attempt -- search.php part || cve,CVE-2007-1903 || url,www.netvigilance.com/advisory0020 || url,doc.emergingthreats.net/2003881
1 || 2003882 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Multi User Randomizer (phpMUR) XSS Attempt -- configure_plugin.tpl.php edit_plugin || cve,CVE-2007-2632 || url,www.securityfocus.com/bid/23917 || url,doc.emergingthreats.net/2003882
1 || 2003883 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Multi User Randomizer (phpMUR) XSS Attempt -- phpinfo.php 1 || cve,CVE-2007-2632 || url,www.securityfocus.com/bid/23917 || url,doc.emergingthreats.net/2003883
1 || 2003884 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Multi User Randomizer (phpMUR) XSS Attempt -- phpinfo.php a || cve,CVE-2007-2632 || url,www.securityfocus.com/bid/23917 || url,doc.emergingthreats.net/2003884
1 || 2003885 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress XSS Attempt -- sidebar.php || cve,CVE-2007-2627 || url,www.securityfocus.com/archive/1/archive/1/467360/100/0/threaded || url,doc.emergingthreats.net/2003885
1 || 2003886 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) XSS Attempt -- cp_authorization.php || cve,CVE-2007-2625 || url,www.frsirt.com/english/advisories/2007/1637 || url,doc.emergingthreats.net/2003886
1 || 2003887 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) XSS Attempt -- cp_config.php || cve,CVE-2007-2624 || url,www.securityfocus.com/bid/23790 || url,doc.emergingthreats.net/2003887
1 || 2003888 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TutorialCMS (Photoshop Tutorials) XSS Attempt -- browseCat.php catFile || cve,CVE-2007-2600 || url,www.milw0rm.com/exploits/3887 || url,doc.emergingthreats.net/2003888
1 || 2003889 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TutorialCMS (Photoshop Tutorials) XSS Attempt -- browseSubCat.php catFile || cve,CVE-2007-2600 || url,www.milw0rm.com/exploits/3887 || url,doc.emergingthreats.net/2003889
1 || 2003890 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TutorialCMS (Photoshop Tutorials) XSS Attempt -- openTutorial.php id || cve,CVE-2007-2600 || url,www.milw0rm.com/exploits/3887 || url,doc.emergingthreats.net/2003890
1 || 2003891 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TutorialCMS (Photoshop Tutorials) XSS Attempt -- topFrame.php id || cve,CVE-2007-2600 || url,www.milw0rm.com/exploits/3887 || url,doc.emergingthreats.net/2003891
1 || 2003892 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TutorialCMS (Photoshop Tutorials) XSS Attempt -- editListing.php id || cve,CVE-2007-2600 || url,www.milw0rm.com/exploits/3887 || url,doc.emergingthreats.net/2003892
1 || 2003893 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TutorialCMS (Photoshop Tutorials) XSS Attempt -- search.php search || cve,CVE-2007-2600 || url,www.milw0rm.com/exploits/3887 || url,doc.emergingthreats.net/2003893
1 || 2003894 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nokia Intellisync Mobile Suite XSS Attempt -- dev_logon.asp username || cve,CVE-2007-2592 || url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || url,doc.emergingthreats.net/2003894
1 || 2003895 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nokia Intellisync Mobile Suite XSS Attempt -- registerAccount.asp || cve,CVE-2007-2592 || url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || url,doc.emergingthreats.net/2003895
1 || 2003896 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nokia Intellisync Mobile Suite XSS Attempt -- create_account.asp || cve,CVE-2007-2592 || url,www.securityfocus.com/archive/1/archive/1/468048/100/0/threaded || url,doc.emergingthreats.net/2003896
1 || 2003897 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt whstart.js || cve,CVE-2007-1280 || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || url,doc.emergingthreats.net/2003897
1 || 2003898 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt whcsh_home.htm || cve,CVE-2007-1280 || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || url,doc.emergingthreats.net/2003898
1 || 2003899 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt wf_startpage.js || cve,CVE-2007-1280 || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || url,doc.emergingthreats.net/2003899
1 || 2003900 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt wf_startqs.htm || cve,CVE-2007-1280 || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || url,doc.emergingthreats.net/2003900
1 || 2003901 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adobe RoboHelp XSS Attempt WindowManager.dll || cve,CVE-2007-1280 || url,www.securityfocus.com/archive/1/archive/1/468360/100/0/threaded || url,doc.emergingthreats.net/2003901
1 || 2003902 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Tomcat XSS Attempt -- implicit-objects.jsp || cve,CVE-2006-7195 || url,www.frsirt.com/english/advisories/2007/1729 || url,doc.emergingthreats.net/2003902
1 || 2003903 || 8 || web-application-attack || 0 || ET WEB_SERVER Microsoft SharePoint XSS Attempt default.aspx || cve,CVE-2007-2581 || url,www.securityfocus.com/bid/23832 || url,doc.emergingthreats.net/2003903
1 || 2003904 || 8 || web-application-attack || 0 || ET WEB_SERVER Microsoft SharePoint XSS Attempt index.php form mail || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003904
1 || 2003905 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form mods || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003905
1 || 2003906 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003906
1 || 2003907 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- download.php id || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003907
1 || 2003908 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form cat || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003908
1 || 2003909 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form cat || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003909
1 || 2003910 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form name || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003910
1 || 2003911 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form message || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003911
1 || 2003912 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACP3 XSS Attempt -- index.php form mail || cve,CVE-2007-2579 || url,www.securityfocus.com/bid/23834 || url,doc.emergingthreats.net/2003912
1 || 2003913 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kayako eSupport XSS Attempt -- index.php _m || cve,CVE-2007-2562 || url,www.securityfocus.com/archive/1/archive/1/467832/100/0/threaded || url,doc.emergingthreats.net/2003913
1 || 2003914 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Podium CMS XSS Attempt -- Default.aspx id || cve,CVE-2007-2555 || url,www.securityfocus.com/archive/1/archive/1/467823/100/0/threaded || url,doc.emergingthreats.net/2003914
1 || 2003915 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Advanced Guestbook XSS Attempt -- picture.php picture || cve,CVE-2007-0605 || url,www.securityfocus.com/bid/23873 || url,doc.emergingthreats.net/2003915
1 || 2003916 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WikkaWiki (Wikka Wiki) XSS Attempt -- usersettings.php name || cve,CVE-2007-2551 || url,www.securityfocus.com/bid/23894 || url,doc.emergingthreats.net/2003916
1 || 2003917 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TurnkeyWebTools SunShop Shopping Cart XSS Attempt -- index.php l || cve,CVE-2007-2547 || url,www.securityfocus.com/bid/23856 || url,doc.emergingthreats.net/2003917
1 || 2003918 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minh Nguyen Duong Obie Website Mini Web Shop XSS Attempt -- sendmail.php || cve,CVE-2007-2532 || url,www.securityfocus.com/bid/23847 || url,doc.emergingthreats.net/2003918
1 || 2003919 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minh Nguyen Duong Obie Website Mini Web Shop XSS Attempt -- order_form.php || cve,CVE-2007-2532 || url,www.securityfocus.com/bid/23847 || url,doc.emergingthreats.net/2003919
1 || 2003920 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVDdb XSS Attempt -- loan.php movieid || cve,CVE-2007-2499 || url,www.securityfocus.com/bid/23764 || url,doc.emergingthreats.net/2003920
1 || 2003921 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVDdb XSS Attempt -- listmovies.php s || cve,CVE-2007-2499 || url,www.securityfocus.com/bid/23764 || url,doc.emergingthreats.net/2003921
1 || 2003922 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sendcard XSS Attempt -- sendcard.php form || cve,CVE-2007-2472 || url,www.secunia.com/advisories/25085 || url,doc.emergingthreats.net/2003922
1 || 2003924 || 8 || trojan-activity || 0 || ET SCAN WebHack Control Center User-Agent Inbound (WHCC/) || url,www.governmentsecurity.org/forum/index.php?showtopic=5112&pid=28561&mode=threaded&start= || url,doc.emergingthreats.net/2003924
1 || 2003925 || 7 || trojan-activity || 0 || ET USER_AGENTS WebHack Control Center User-Agent Outbound (WHCC/) || url,www.governmentsecurity.org/forum/index.php?showtopic=5112&pid=28561&mode=threaded&start= || url,doc.emergingthreats.net/2003925
1 || 2003926 || 8 || trojan-activity || 0 || ET MALWARE Personalweb Spyware User-Agent (PWMI/1.0) || url,doc.emergingthreats.net/2003926
1 || 2003927 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (HTTPTEST) - Seen used by downloaders || url,doc.emergingthreats.net/bin/view/Main/2003927
1 || 2003928 || 9 || trojan-activity || 0 || ET MALWARE Mirar Bar Spyware User-Agent (Mbar) || url,doc.emergingthreats.net/2003928
1 || 2003929 || 8 || trojan-activity || 0 || ET MALWARE Mirar Bar Spyware User-Agent (Mirar_Toolbar) || url,doc.emergingthreats.net/2003929
1 || 2003930 || 11 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Snatch-System) || url,doc.emergingthreats.net/bin/view/Main/2003930
1 || 2003931 || 7 || trojan-activity || 0 || ET TROJAN Banker.Delf User-Agent (Varlok_11000) || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2003931
1 || 2003932 || 8 || trojan-activity || 0 || ET TROJAN Hupigon User Agent Detected (IE_7.0) || url,doc.emergingthreats.net/2003932
1 || 2003933 || 9 || trojan-activity || 0 || ET TROJAN Banker.Delf User-Agent (Ms) || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2003933
1 || 2003934 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 1521 (Oracle) being excluded from SSL Alerts || url,doc.emergingthreats.net/2003934
1 || 2003936 || 4 || trojan-activity || 0 || ET TROJAN Bandok phoning home (xor by 0xe9 to decode) || url,www.dshield.org/diary.html?date=2007-03-28 || url,www.secureworks.com/research/threats/bbbphish/?threat=bbbphish || url,doc.emergingthreats.net/2003936
1 || 2003937 || 11 || trojan-activity || 0 || ET TROJAN Bandook iwebho/BBB-phish trojan leaking user data || url,www.secureworks.com/research/threats/bbbphish || url,doc.emergingthreats.net/2003937
1 || 2003939 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- main_page.php SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003939
1 || 2003940 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- main_page.php UNION SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003940
1 || 2003941 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- main_page.php INSERT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003941
1 || 2003942 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- main_page.php DELETE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003942
1 || 2003943 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- main_page.php ASCII || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003943
1 || 2003944 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- main_page.php UPDATE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003944
1 || 2003945 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- open_tree.php SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003945
1 || 2003946 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- open_tree.php UNION SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003946
1 || 2003947 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- open_tree.php INSERT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003947
1 || 2003948 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- open_tree.php DELETE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003948
1 || 2003949 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- open_tree.php ASCII || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003949
1 || 2003950 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- open_tree.php UPDATE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003950
1 || 2003951 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- outputs.php SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003951
1 || 2003952 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- outputs.php UNION SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003952
1 || 2003953 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- outputs.php INSERT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003953
1 || 2003954 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- outputs.php DELETE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003954
1 || 2003955 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- outputs.php ASCII || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003955
1 || 2003956 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- outputs.php UPDATE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003956
1 || 2003957 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php view SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003957
1 || 2003958 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php view UNION SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003958
1 || 2003959 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php view INSERT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003959
1 || 2003960 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php view DELETE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003960
1 || 2003961 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php view ASCII || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003961
1 || 2003962 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php view UPDATE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003962
1 || 2003963 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- opentree.php id SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003963
1 || 2003964 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- opentree.php id UNION SELECT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003964
1 || 2003965 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- opentree.php id INSERT || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003965
1 || 2003966 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- opentree.php id DELETE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003966
1 || 2003967 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- opentree.php id ASCII || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003967
1 || 2003968 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- opentree.php id UPDATE || cve,CVE-2007-2684 || url,www.netvigilance.com/advisory0027 || url,doc.emergingthreats.net/2003968
1 || 2003969 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php login SELECT || cve,CVE-2007-2685 || url,www.netvigilance.com/advisory0028 || url,doc.emergingthreats.net/2003969
1 || 2003970 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php login UNION SELECT || cve,CVE-2007-2685 || url,www.netvigilance.com/advisory0028 || url,doc.emergingthreats.net/2003970
1 || 2003971 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php login INSERT || cve,CVE-2007-2685 || url,www.netvigilance.com/advisory0028 || url,doc.emergingthreats.net/2003971
1 || 2003972 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php login DELETE || cve,CVE-2007-2685 || url,www.netvigilance.com/advisory0028 || url,doc.emergingthreats.net/2003972
1 || 2003973 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php login ASCII || cve,CVE-2007-2685 || url,www.netvigilance.com/advisory0028 || url,doc.emergingthreats.net/2003973
1 || 2003974 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS SQL Injection Attempt -- index.php login UPDATE || cve,CVE-2007-2685 || url,www.netvigilance.com/advisory0028 || url,doc.emergingthreats.net/2003974
1 || 2003981 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zomplog SQL Injection Attempt -- mp3playlist.php speler SELECT || cve,CVE-2007-2773 || url,www.milw0rm.com/exploits/3955 || url,doc.emergingthreats.net/2003981
1 || 2003982 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zomplog SQL Injection Attempt -- mp3playlist.php speler UNION SELECT || cve,CVE-2007-2773 || url,www.milw0rm.com/exploits/3955 || url,doc.emergingthreats.net/2003982
1 || 2003983 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zomplog SQL Injection Attempt -- mp3playlist.php speler INSERT || cve,CVE-2007-2773 || url,www.milw0rm.com/exploits/3955 || url,doc.emergingthreats.net/2003983
1 || 2003984 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zomplog SQL Injection Attempt -- mp3playlist.php speler DELETE || cve,CVE-2007-2773 || url,www.milw0rm.com/exploits/3955 || url,doc.emergingthreats.net/2003984
1 || 2003985 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zomplog SQL Injection Attempt -- mp3playlist.php speler ASCII || cve,CVE-2007-2773 || url,www.milw0rm.com/exploits/3955 || url,doc.emergingthreats.net/2003985
1 || 2003986 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zomplog SQL Injection Attempt -- mp3playlist.php speler UPDATE || cve,CVE-2007-2773 || url,www.milw0rm.com/exploits/3955 || url,doc.emergingthreats.net/2003986
1 || 2003987 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- index.php listid SELECT || cve,CVE-2007-2792 || url,www.exploit-db.com/exploits/3944/ || url,doc.emergingthreats.net/2003987
1 || 2003988 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- index.php listid UNION SELECT || cve,CVE-2007-2792 || url,www.exploit-db.com/exploits/3944/ || url,doc.emergingthreats.net/2003988
1 || 2003989 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- index.php listid INSERT || cve,CVE-2007-2792 || url,www.exploit-db.com/exploits/3944/ || url,doc.emergingthreats.net/2003989
1 || 2003990 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- index.php listid DELETE || cve,CVE-2007-2792 || url,www.exploit-db.com/exploits/3944/ || url,doc.emergingthreats.net/2003990
1 || 2003991 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- index.php listid ASCII || cve,CVE-2007-2792 || url,www.exploit-db.com/exploits/3944/ || url,doc.emergingthreats.net/2003991
1 || 2003992 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- index.php listid UPDATE || cve,CVE-2007-2792 || url,www.exploit-db.com/exploits/3944/ || url,doc.emergingthreats.net/2003992
1 || 2003993 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id SELECT || cve,CVE-2007-2803 || url,www.secunia.com/advisories/25348 || url,doc.emergingthreats.net/2003993
1 || 2003994 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id UNION SELECT || cve,CVE-2007-2803 || url,www.secunia.com/advisories/25348 || url,doc.emergingthreats.net/2003994
1 || 2003995 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id INSERT || cve,CVE-2007-2803 || url,www.secunia.com/advisories/25348 || url,doc.emergingthreats.net/2003995
1 || 2003996 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id DELETE || cve,CVE-2007-2803 || url,www.secunia.com/advisories/25348 || url,doc.emergingthreats.net/2003996
1 || 2003997 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id ASCII || cve,CVE-2007-2803 || url,www.secunia.com/advisories/25348 || url,doc.emergingthreats.net/2003997
1 || 2003998 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Urun Tanitim Sitesi SQL Injection Attempt -- default.asp id UPDATE || cve,CVE-2007-2803 || url,www.secunia.com/advisories/25348 || url,doc.emergingthreats.net/2003998
1 || 2003999 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id SELECT || cve,CVE-2007-2810 || url,www.securityfocus.com/bid/23714 || url,doc.emergingthreats.net/2003999
1 || 2004000 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id UNION SELECT || cve,CVE-2007-2810 || url,www.securityfocus.com/bid/23714 || url,doc.emergingthreats.net/2004000
1 || 2004001 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id INSERT || cve,CVE-2007-2810 || url,www.securityfocus.com/bid/23714 || url,doc.emergingthreats.net/2004001
1 || 2004002 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id DELETE || cve,CVE-2007-2810 || url,www.securityfocus.com/bid/23714 || url,doc.emergingthreats.net/2004002
1 || 2004003 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id ASCII || cve,CVE-2007-2810 || url,www.securityfocus.com/bid/23714 || url,doc.emergingthreats.net/2004003
1 || 2004004 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gazi Download Portal SQL Injection Attempt -- down_indir.asp id UPDATE || cve,CVE-2007-2810 || url,www.securityfocus.com/bid/23714 || url,doc.emergingthreats.net/2004004
1 || 2004005 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id SELECT || cve,CVE-2007-2817 || url,www.milw0rm.com/exploits/3964 || url,doc.emergingthreats.net/2004005
1 || 2004006 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id UNION SELECT || cve,CVE-2007-2817 || url,www.milw0rm.com/exploits/3964 || url,doc.emergingthreats.net/2004006
1 || 2004007 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id INSERT || cve,CVE-2007-2817 || url,www.milw0rm.com/exploits/3964 || url,doc.emergingthreats.net/2004007
1 || 2004008 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id DELETE || cve,CVE-2007-2817 || url,www.milw0rm.com/exploits/3964 || url,doc.emergingthreats.net/2004008
1 || 2004009 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id ASCII || cve,CVE-2007-2817 || url,www.milw0rm.com/exploits/3964 || url,doc.emergingthreats.net/2004009
1 || 2004010 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ol bookmarks SQL Injection Attempt -- index.php id UPDATE || cve,CVE-2007-2817 || url,www.milw0rm.com/exploits/3964 || url,doc.emergingthreats.net/2004010
1 || 2004011 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie SELECT || cve,CVE-2007-2821 || url,www.securityfocus.com/bid/24076 || url,doc.emergingthreats.net/2004011
1 || 2004012 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie UNION SELECT || cve,CVE-2007-2821 || url,www.securityfocus.com/bid/24076 || url,doc.emergingthreats.net/2004012
1 || 2004013 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie INSERT || cve,CVE-2007-2821 || url,www.securityfocus.com/bid/24076 || url,doc.emergingthreats.net/2004013
1 || 2004014 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie DELETE || cve,CVE-2007-2821 || url,www.securityfocus.com/bid/24076 || url,doc.emergingthreats.net/2004014
1 || 2004015 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie ASCII || cve,CVE-2007-2821 || url,www.securityfocus.com/bid/24076 || url,doc.emergingthreats.net/2004015
1 || 2004016 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-ajax.php cookie UPDATE || cve,CVE-2007-2821 || url,www.securityfocus.com/bid/24076 || url,doc.emergingthreats.net/2004016
1 || 2004022 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AlstraSoft E-Friends SQL Injection Attempt -- index.php pack UPDATE || cve,CVE-2007-2824 || url,www.milw0rm.com/exploits/3956 || url,doc.emergingthreats.net/2004022
1 || 2004023 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style SELECT || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004023
1 || 2004024 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style UNION SELECT || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004024
1 || 2004025 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style INSERT || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004025
1 || 2004026 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style DELETE || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004026
1 || 2004027 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style ASCII || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004027
1 || 2004028 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php style UPDATE || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004028
1 || 2004029 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue SELECT || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004029
1 || 2004030 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue UNION SELECT || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004030
1 || 2004031 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue INSERT || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004031
1 || 2004032 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue DELETE || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004032
1 || 2004033 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue ASCII || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004033
1 || 2004034 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtiTracker SQL Injection Attempt -- account_change.php langue UPDATE || cve,CVE-2007-2854 || url,www.milw0rm.com/exploits/3970 || url,doc.emergingthreats.net/2004034
1 || 2004035 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php SELECT || cve,CVE-2007-2862 || url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded || url,doc.emergingthreats.net/2004035
1 || 2004036 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UNION SELECT || cve,CVE-2007-2862 || url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded || url,doc.emergingthreats.net/2004036
1 || 2004037 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php INSERT || cve,CVE-2007-2862 || url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded || url,doc.emergingthreats.net/2004037
1 || 2004038 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php DELETE || cve,CVE-2007-2862 || url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded || url,doc.emergingthreats.net/2004038
1 || 2004039 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php ASCII || cve,CVE-2007-2862 || url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded || url,doc.emergingthreats.net/2004039
1 || 2004040 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart SQL Injection Attempt -- cart.inc.php UPDATE || cve,CVE-2007-2862 || url,www.securityfocus.com/archive/1/archive/1/469301/100/0/threaded || url,doc.emergingthreats.net/2004040
1 || 2004041 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id SELECT || cve,CVE-2007-2866 || url,www.frsirt.com/english/advisories/2007/1937 || url,doc.emergingthreats.net/2004041
1 || 2004042 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id UNION SELECT || cve,CVE-2007-2866 || url,www.frsirt.com/english/advisories/2007/1937 || url,doc.emergingthreats.net/2004042
1 || 2004043 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id INSERT || cve,CVE-2007-2866 || url,www.frsirt.com/english/advisories/2007/1937 || url,doc.emergingthreats.net/2004043
1 || 2004044 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id DELETE || cve,CVE-2007-2866 || url,www.frsirt.com/english/advisories/2007/1937 || url,doc.emergingthreats.net/2004044
1 || 2004045 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id ASCII || cve,CVE-2007-2866 || url,www.frsirt.com/english/advisories/2007/1937 || url,doc.emergingthreats.net/2004045
1 || 2004046 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id UPDATE || cve,CVE-2007-2866 || url,www.frsirt.com/english/advisories/2007/1937 || url,doc.emergingthreats.net/2004046
1 || 2004047 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- courseLog.php scormcontopen SELECT || cve,CVE-2007-2889 || url,www.milw0rm.com/exploits/3980 || url,doc.emergingthreats.net/2004047
1 || 2004048 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- courseLog.php scormcontopen UNION SELECT || cve,CVE-2007-2889 || url,www.milw0rm.com/exploits/3980 || url,doc.emergingthreats.net/2004048
1 || 2004049 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- courseLog.php scormcontopen INSERT || cve,CVE-2007-2889 || url,www.milw0rm.com/exploits/3980 || url,doc.emergingthreats.net/2004049
1 || 2004050 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- courseLog.php scormcontopen DELETE || cve,CVE-2007-2889 || url,www.milw0rm.com/exploits/3980 || url,doc.emergingthreats.net/2004050
1 || 2004051 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- courseLog.php scormcontopen ASCII || cve,CVE-2007-2889 || url,www.milw0rm.com/exploits/3980 || url,doc.emergingthreats.net/2004051
1 || 2004052 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- courseLog.php scormcontopen UPDATE || cve,CVE-2007-2889 || url,www.milw0rm.com/exploits/3980 || url,doc.emergingthreats.net/2004052
1 || 2004053 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- category.php id_category SELECT || cve,CVE-2007-2890 || url,www.milw0rm.com/exploits/3981 || url,doc.emergingthreats.net/2004053
1 || 2004054 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- category.php id_category UNION SELECT || cve,CVE-2007-2890 || url,www.milw0rm.com/exploits/3981 || url,doc.emergingthreats.net/2004054
1 || 2004055 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- category.php id_category INSERT || cve,CVE-2007-2890 || url,www.milw0rm.com/exploits/3981 || url,doc.emergingthreats.net/2004055
1 || 2004056 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- category.php id_category DELETE || cve,CVE-2007-2890 || url,www.milw0rm.com/exploits/3981 || url,doc.emergingthreats.net/2004056
1 || 2004057 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- category.php id_category ASCII || cve,CVE-2007-2890 || url,www.milw0rm.com/exploits/3981 || url,doc.emergingthreats.net/2004057
1 || 2004058 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- category.php id_category UPDATE || cve,CVE-2007-2890 || url,www.milw0rm.com/exploits/3981 || url,doc.emergingthreats.net/2004058
1 || 2004059 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php rating SELECT || cve,CVE-2007-2898 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004059
1 || 2004060 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php rating UNION SELECT || cve,CVE-2007-2898 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004060
1 || 2004061 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php rating INSERT || cve,CVE-2007-2898 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004061
1 || 2004062 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php rating DELETE || cve,CVE-2007-2898 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004062
1 || 2004063 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php rating ASCII || cve,CVE-2007-2898 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004063
1 || 2004064 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php rating UPDATE || cve,CVE-2007-2898 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004064
1 || 2004065 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- my_progress.php course SELECT || cve,CVE-2007-2902 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004065
1 || 2004066 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- my_progress.php course UNION SELECT || cve,CVE-2007-2902 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004066
1 || 2004067 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- my_progress.php course INSERT || cve,CVE-2007-2902 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004067
1 || 2004068 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- my_progress.php course DELETE || cve,CVE-2007-2902 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004068
1 || 2004069 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- my_progress.php course ASCII || cve,CVE-2007-2902 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004069
1 || 2004070 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos SQL Injection Attempt -- my_progress.php course UPDATE || cve,CVE-2007-2902 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004070
1 || 2004071 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php post_id SELECT || cve,CVE-2007-2905 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004071
1 || 2004072 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php post_id UNION SELECT || cve,CVE-2007-2905 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004072
1 || 2004073 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php post_id INSERT || cve,CVE-2007-2905 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004073
1 || 2004074 || 12 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php post_id DELETE || cve,CVE-2007-2905 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004074
1 || 2004075 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php post_id ASCII || cve,CVE-2007-2905 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004075
1 || 2004076 || 11 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2z Project SQL Injection Attempt -- rating.php post_id UPDATE || cve,CVE-2007-2905 || url,www.securityfocus.com/archive/1/archive/1/469351/100/0/threaded || url,doc.emergingthreats.net/2004076
1 || 2004077 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php SELECT || cve,CVE-2007-2911 || url,www.vbulletin.com/forum/project.php?issueid=21615 || url,doc.emergingthreats.net/2004077
1 || 2004078 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UNION SELECT || cve,CVE-2007-2911 || url,www.vbulletin.com/forum/project.php?issueid=21615 || url,doc.emergingthreats.net/2004078
1 || 2004079 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php INSERT || cve,CVE-2007-2911 || url,www.vbulletin.com/forum/project.php?issueid=21615 || url,doc.emergingthreats.net/2004079
1 || 2004080 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php DELETE || cve,CVE-2007-2911 || url,www.vbulletin.com/forum/project.php?issueid=21615 || url,doc.emergingthreats.net/2004080
1 || 2004081 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php ASCII || cve,CVE-2007-2911 || url,www.vbulletin.com/forum/project.php?issueid=21615 || url,doc.emergingthreats.net/2004081
1 || 2004082 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UPDATE || cve,CVE-2007-2911 || url,www.vbulletin.com/forum/project.php?issueid=21615 || url,doc.emergingthreats.net/2004082
1 || 2004083 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php catid SELECT || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004083
1 || 2004084 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php catid UNION SELECT || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004084
1 || 2004085 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php catid INSERT || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004085
1 || 2004086 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php catid DELETE || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004086
1 || 2004087 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php catid ASCII || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004087
1 || 2004088 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php catid UPDATE || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004088
1 || 2004089 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id SELECT || cve,CVE-2007-2933 || url,www.milw0rm.com/exploits/4003 || url,doc.emergingthreats.net/2004089
1 || 2004090 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id UNION SELECT || cve,CVE-2007-2933 || url,www.milw0rm.com/exploits/4003 || url,doc.emergingthreats.net/2004090
1 || 2004091 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id INSERT || cve,CVE-2007-2933 || url,www.milw0rm.com/exploits/4003 || url,doc.emergingthreats.net/2004091
1 || 2004092 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id DELETE || cve,CVE-2007-2933 || url,www.milw0rm.com/exploits/4003 || url,doc.emergingthreats.net/2004092
1 || 2004093 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id ASCII || cve,CVE-2007-2933 || url,www.milw0rm.com/exploits/4003 || url,doc.emergingthreats.net/2004093
1 || 2004094 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phil-a-Form SQL Injection Attempt -- index.php form_id UPDATE || cve,CVE-2007-2933 || url,www.milw0rm.com/exploits/4003 || url,doc.emergingthreats.net/2004094
1 || 2004095 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Little Forum SQL Injection Attempt -- user.php id SELECT || cve,CVE-2007-2942 || url,www.exploit-db.com/exploits/3989/ || url,doc.emergingthreats.net/2004095
1 || 2004096 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Little Forum SQL Injection Attempt -- user.php id UNION SELECT || cve,CVE-2007-2942 || url,www.exploit-db.com/exploits/3989/ || url,doc.emergingthreats.net/2004096
1 || 2004097 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Little Forum SQL Injection Attempt -- user.php id INSERT || cve,CVE-2007-2942 || url,www.exploit-db.com/exploits/3989/ || url,doc.emergingthreats.net/2004097
1 || 2004098 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Little Forum SQL Injection Attempt -- user.php id DELETE || cve,CVE-2007-2942 || url,www.exploit-db.com/exploits/3989/ || url,doc.emergingthreats.net/2004098
1 || 2004099 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Little Forum SQL Injection Attempt -- user.php id ASCII || cve,CVE-2007-2942 || url,www.exploit-db.com/exploits/3989/ || url,doc.emergingthreats.net/2004099
1 || 2004100 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Little Forum SQL Injection Attempt -- user.php id UPDATE || cve,CVE-2007-2942 || url,www.exploit-db.com/exploits/3989/ || url,doc.emergingthreats.net/2004100
1 || 2004101 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer SELECT || cve,CVE-2007-2959 || url,www.securityfocus.com/bid/24223 || url,doc.emergingthreats.net/2004101
1 || 2004102 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer UNION SELECT || cve,CVE-2007-2959 || url,www.securityfocus.com/bid/24223 || url,doc.emergingthreats.net/2004102
1 || 2004103 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer INSERT || cve,CVE-2007-2959 || url,www.securityfocus.com/bid/24223 || url,doc.emergingthreats.net/2004103
1 || 2004104 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer DELETE || cve,CVE-2007-2959 || url,www.securityfocus.com/bid/24223 || url,doc.emergingthreats.net/2004104
1 || 2004105 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer ASCII || cve,CVE-2007-2959 || url,www.securityfocus.com/bid/24223 || url,doc.emergingthreats.net/2004105
1 || 2004106 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce SQL Injection Attempt -- manufacturer.php id_manufacturer UPDATE || cve,CVE-2007-2959 || url,www.securityfocus.com/bid/24223 || url,doc.emergingthreats.net/2004106
1 || 2004108 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid SELECT || cve,CVE-2007-2971 || url,www.milw0rm.com/exploits/3988 || url,doc.emergingthreats.net/2004108
1 || 2004109 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid UNION SELECT || cve,CVE-2007-2971 || url,www.milw0rm.com/exploits/3988 || url,doc.emergingthreats.net/2004109
1 || 2004110 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid INSERT || cve,CVE-2007-2971 || url,www.milw0rm.com/exploits/3988 || url,doc.emergingthreats.net/2004110
1 || 2004111 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid DELETE || cve,CVE-2007-2971 || url,www.milw0rm.com/exploits/3988 || url,doc.emergingthreats.net/2004111
1 || 2004112 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid ASCII || cve,CVE-2007-2971 || url,www.milw0rm.com/exploits/3988 || url,doc.emergingthreats.net/2004112
1 || 2004113 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gCards SQL Injection Attempt -- getnewsitem.php newsid UPDATE || cve,CVE-2007-2971 || url,www.milw0rm.com/exploits/3988 || url,doc.emergingthreats.net/2004113
1 || 2004114 || 7 || trojan-activity || 0 || ET USER_AGENTS Bancos User-Agent Detected vb wininet || url,doc.emergingthreats.net/2004114
1 || 2004116 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid SELECT || cve,CVE-2007-1615 || url,www.milw0rm.com/exploits/3509 || url,doc.emergingthreats.net/2004116
1 || 2004117 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid UNION SELECT || cve,CVE-2007-1615 || url,www.milw0rm.com/exploits/3509 || url,doc.emergingthreats.net/2004117
1 || 2004118 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid INSERT || cve,CVE-2007-1615 || url,www.milw0rm.com/exploits/3509 || url,doc.emergingthreats.net/2004118
1 || 2004119 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid DELETE || cve,CVE-2007-1615 || url,www.milw0rm.com/exploits/3509 || url,doc.emergingthreats.net/2004119
1 || 2004120 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid ASCII || cve,CVE-2007-1615 || url,www.milw0rm.com/exploits/3509 || url,doc.emergingthreats.net/2004120
1 || 2004121 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMagix Jokes SQL Injection Attempt -- index.php catid UPDATE || cve,CVE-2007-1615 || url,www.milw0rm.com/exploits/3509 || url,doc.emergingthreats.net/2004121
1 || 2004122 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna SELECT || cve,CVE-2007-1612 || url,www.exploit-db.com/exploits/3513/ || url,doc.emergingthreats.net/2004122
1 || 2004123 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna UNION SELECT || cve,CVE-2007-1612 || url,www.exploit-db.com/exploits/3513/ || url,doc.emergingthreats.net/2004123
1 || 2004124 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna INSERT || cve,CVE-2007-1612 || url,www.exploit-db.com/exploits/3513/ || url,doc.emergingthreats.net/2004124
1 || 2004125 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna DELETE || cve,CVE-2007-1612 || url,www.exploit-db.com/exploits/3513/ || url,doc.emergingthreats.net/2004125
1 || 2004126 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna ASCII || cve,CVE-2007-1612 || url,www.exploit-db.com/exploits/3513/ || url,doc.emergingthreats.net/2004126
1 || 2004127 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Katalog Plyt Audio SQL Injection Attempt -- index.php kolumna UPDATE || cve,CVE-2007-1612 || url,www.exploit-db.com/exploits/3513/ || url,doc.emergingthreats.net/2004127
1 || 2004128 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum SELECT || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004128
1 || 2004129 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum UNION SELECT || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004129
1 || 2004130 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum INSERT || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004130
1 || 2004131 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum DELETE || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004131
1 || 2004132 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum ASCII || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004132
1 || 2004133 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum UPDATE || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004133
1 || 2004134 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user SELECT || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004134
1 || 2004135 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UNION SELECT || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004135
1 || 2004136 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user INSERT || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004136
1 || 2004137 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user DELETE || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004137
1 || 2004138 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user ASCII || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004138
1 || 2004139 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UPDATE || cve,CVE-2007-1607 || url,www.securityfocus.com/bid/23057 || url,doc.emergingthreats.net/2004139
1 || 2004140 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order SELECT || cve,CVE-2007-1602 || url,www.securityfocus.com/archive/1/archive/1/462702/100/100/threaded || url,doc.emergingthreats.net/2004140
1 || 2004141 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order UNION SELECT || cve,CVE-2007-1602 || url,www.securityfocus.com/archive/1/archive/1/462702/100/100/threaded || url,doc.emergingthreats.net/2004141
1 || 2004142 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order INSERT || cve,CVE-2007-1602 || url,www.securityfocus.com/archive/1/archive/1/462702/100/100/threaded || url,doc.emergingthreats.net/2004142
1 || 2004143 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order DELETE || cve,CVE-2007-1602 || url,www.securityfocus.com/archive/1/archive/1/462702/100/100/threaded || url,doc.emergingthreats.net/2004143
1 || 2004144 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order ASCII || cve,CVE-2007-1602 || url,www.securityfocus.com/archive/1/archive/1/462702/100/100/threaded || url,doc.emergingthreats.net/2004144
1 || 2004145 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Weekly Drawing Contest SQL Injection Attempt -- check_vote.php order UPDATE || cve,CVE-2007-1602 || url,www.securityfocus.com/archive/1/archive/1/462702/100/100/threaded || url,doc.emergingthreats.net/2004145
1 || 2004146 || 8 || web-application-attack || 0 || ET DELETED Jelsoft vBulletin SQL Injection Attempt -- attachment.php SELECT || cve,CVE-2007-1573 || url,www.secunia.com/advisories/24503 || url,doc.emergingthreats.net/2004146
1 || 2004147 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UNION SELECT || cve,CVE-2007-1573 || url,www.secunia.com/advisories/24503 || url,doc.emergingthreats.net/2004147
1 || 2004148 || 8 || web-application-attack || 0 || ET DELETED Jelsoft vBulletin SQL Injection Attempt -- attachment.php INSERT || cve,CVE-2007-1573 || url,www.secunia.com/advisories/24503 || url,doc.emergingthreats.net/2004148
1 || 2004149 || 8 || web-application-attack || 0 || ET DELETED Jelsoft vBulletin SQL Injection Attempt -- attachment.php DELETE || cve,CVE-2007-1573 || url,www.secunia.com/advisories/24503 || url,doc.emergingthreats.net/2004149
1 || 2004150 || 8 || web-application-attack || 0 || ET DELETED Jelsoft vBulletin SQL Injection Attempt -- attachment.php ASCII || cve,CVE-2007-1573 || url,www.secunia.com/advisories/24503 || url,doc.emergingthreats.net/2004150
1 || 2004151 || 8 || web-application-attack || 0 || ET DELETED Jelsoft vBulletin SQL Injection Attempt -- attachment.php UPDATE || cve,CVE-2007-1573 || url,www.secunia.com/advisories/24503 || url,doc.emergingthreats.net/2004151
1 || 2004152 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp title SELECT || cve,CVE-2007-1572 || url,www.frsirt.com/english/advisories/2007/0940 || url,doc.emergingthreats.net/2004152
1 || 2004153 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp title UNION SELECT || cve,CVE-2007-1572 || url,www.frsirt.com/english/advisories/2007/0940 || url,doc.emergingthreats.net/2004153
1 || 2004154 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp title INSERT || cve,CVE-2007-1572 || url,www.frsirt.com/english/advisories/2007/0940 || url,doc.emergingthreats.net/2004154
1 || 2004155 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp title DELETE || cve,CVE-2007-1572 || url,www.frsirt.com/english/advisories/2007/0940 || url,doc.emergingthreats.net/2004155
1 || 2004156 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp title ASCII || cve,CVE-2007-1572 || url,www.frsirt.com/english/advisories/2007/0940 || url,doc.emergingthreats.net/2004156
1 || 2004157 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp title UPDATE || cve,CVE-2007-1572 || url,www.frsirt.com/english/advisories/2007/0940 || url,doc.emergingthreats.net/2004157
1 || 2004158 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetVIOS Portal SQL Injection Attempt -- page.asp NewsID SELECT || cve,CVE-2007-1566 || url,www.exploit-db.com/exploits/3520/ || url,doc.emergingthreats.net/2004158
1 || 2004159 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetVIOS Portal SQL Injection Attempt -- page.asp NewsID UNION SELECT || cve,CVE-2007-1566 || url,www.exploit-db.com/exploits/3520/ || url,doc.emergingthreats.net/2004159
1 || 2004160 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetVIOS Portal SQL Injection Attempt -- page.asp NewsID INSERT || cve,CVE-2007-1566 || url,www.exploit-db.com/exploits/3520/ || url,doc.emergingthreats.net/2004160
1 || 2004161 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetVIOS Portal SQL Injection Attempt -- page.asp NewsID DELETE || cve,CVE-2007-1566 || url,www.exploit-db.com/exploits/3520/ || url,doc.emergingthreats.net/2004161
1 || 2004162 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetVIOS Portal SQL Injection Attempt -- page.asp NewsID ASCII || cve,CVE-2007-1566 || url,www.exploit-db.com/exploits/3520/ || url,doc.emergingthreats.net/2004162
1 || 2004163 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetVIOS Portal SQL Injection Attempt -- page.asp NewsID UPDATE || cve,CVE-2007-1566 || url,www.exploit-db.com/exploits/3520/ || url,doc.emergingthreats.net/2004163
1 || 2004164 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c SELECT || cve,CVE-2007-1555 || url,www.milw0rm.com/exploits/3519 || url,doc.emergingthreats.net/2004164
1 || 2004165 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c UNION SELECT || cve,CVE-2007-1555 || url,www.milw0rm.com/exploits/3519 || url,doc.emergingthreats.net/2004165
1 || 2004166 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c INSERT || cve,CVE-2007-1555 || url,www.milw0rm.com/exploits/3519 || url,doc.emergingthreats.net/2004166
1 || 2004167 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c DELETE || cve,CVE-2007-1555 || url,www.milw0rm.com/exploits/3519 || url,doc.emergingthreats.net/2004167
1 || 2004168 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c ASCII || cve,CVE-2007-1555 || url,www.milw0rm.com/exploits/3519 || url,doc.emergingthreats.net/2004168
1 || 2004169 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c UPDATE || cve,CVE-2007-1555 || url,www.milw0rm.com/exploits/3519 || url,doc.emergingthreats.net/2004169
1 || 2004170 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php image_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004170
1 || 2004171 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php image_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004171
1 || 2004172 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php image_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004172
1 || 2004173 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php image_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004173
1 || 2004174 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php image_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004174
1 || 2004175 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php image_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004175
1 || 2004176 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php cat_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004176
1 || 2004177 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php cat_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004177
1 || 2004178 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php cat_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004178
1 || 2004179 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php cat_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004179
1 || 2004180 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php cat_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004180
1 || 2004181 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- gallery.php cat_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004181
1 || 2004182 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004182
1 || 2004183 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004183
1 || 2004184 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004184
1 || 2004185 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004185
1 || 2004186 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004186
1 || 2004187 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004187
1 || 2004188 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- print.php news_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004188
1 || 2004189 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- print.php news_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004189
1 || 2004190 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- print.php news_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004190
1 || 2004191 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- print.php news_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004191
1 || 2004192 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- print.php news_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004192
1 || 2004193 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- print.php news_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004193
1 || 2004194 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_cat_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004194
1 || 2004195 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_cat_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004195
1 || 2004196 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_cat_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004196
1 || 2004197 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_cat_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004197
1 || 2004198 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_cat_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004198
1 || 2004199 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- news.php news_cat_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004199
1 || 2004200 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php cat_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004200
1 || 2004201 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php cat_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004201
1 || 2004202 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php cat_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004202
1 || 2004203 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php cat_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004203
1 || 2004204 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php cat_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004204
1 || 2004205 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php cat_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004205
1 || 2004206 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php topic_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004206
1 || 2004207 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php topic_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004207
1 || 2004208 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php topic_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004208
1 || 2004209 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php topic_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004209
1 || 2004210 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php topic_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004210
1 || 2004211 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php topic_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004211
1 || 2004212 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php post_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004212
1 || 2004213 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php post_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004213
1 || 2004214 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php post_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004214
1 || 2004215 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php post_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004215
1 || 2004216 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php post_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004216
1 || 2004217 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- forums.php post_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004217
1 || 2004218 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- users.php user_id SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004218
1 || 2004219 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- users.php user_id UNION SELECT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004219
1 || 2004220 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- users.php user_id INSERT || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004220
1 || 2004221 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- users.php user_id DELETE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004221
1 || 2004222 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- users.php user_id ASCII || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004222
1 || 2004223 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpx SQL Injection Attempt -- users.php user_id UPDATE || cve,CVE-2007-1550 || url,www.securityfocus.com/bid/23033 || url,doc.emergingthreats.net/2004223
1 || 2004224 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- functions_filters.asp SELECT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004224
1 || 2004225 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- functions_filters.asp UNION SELECT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004225
1 || 2004226 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- functions_filters.asp INSERT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004226
1 || 2004227 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- functions_filters.asp DELETE || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004227
1 || 2004228 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- functions_filters.asp ASCII || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004228
1 || 2004229 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- functions_filters.asp UPDATE || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004229
1 || 2004230 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name SELECT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004230
1 || 2004231 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name UNION SELECT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004231
1 || 2004232 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name INSERT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004232
1 || 2004233 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name DELETE || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004233
1 || 2004234 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name UPDATE || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004234
1 || 2004235 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID SELECT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004235
1 || 2004236 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID UNION SELECT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004236
1 || 2004237 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID INSERT || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004237
1 || 2004238 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID DELETE || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004238
1 || 2004239 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID ASCII || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004239
1 || 2004240 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- page.asp NewsID UPDATE || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004240
1 || 2004241 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip SELECT || cve,CVE-2006-7172 || url,www.milw0rm.com/exploits/3497 || url,doc.emergingthreats.net/2004241
1 || 2004242 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip UNION SELECT || cve,CVE-2006-7172 || url,www.milw0rm.com/exploits/3497 || url,doc.emergingthreats.net/2004242
1 || 2004243 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip INSERT || cve,CVE-2006-7172 || url,www.milw0rm.com/exploits/3497 || url,doc.emergingthreats.net/2004243
1 || 2004244 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip DELETE || cve,CVE-2006-7172 || url,www.milw0rm.com/exploits/3497 || url,doc.emergingthreats.net/2004244
1 || 2004245 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip ASCII || cve,CVE-2006-7172 || url,www.milw0rm.com/exploits/3497 || url,doc.emergingthreats.net/2004245
1 || 2004246 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip UPDATE || cve,CVE-2006-7172 || url,www.milw0rm.com/exploits/3497 || url,doc.emergingthreats.net/2004246
1 || 2004247 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board SQL Injection Attempt -- usergroups.php SELECT || cve,CVE-2007-1518 || url,www.securityfocus.com/bid/22970 || url,doc.emergingthreats.net/2004247
1 || 2004248 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board SQL Injection Attempt -- usergroups.php UNION SELECT || cve,CVE-2007-1518 || url,www.securityfocus.com/bid/22970 || url,doc.emergingthreats.net/2004248
1 || 2004249 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board SQL Injection Attempt -- usergroups.php INSERT || cve,CVE-2007-1518 || url,www.securityfocus.com/bid/22970 || url,doc.emergingthreats.net/2004249
1 || 2004250 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board SQL Injection Attempt -- usergroups.php DELETE || cve,CVE-2007-1518 || url,www.securityfocus.com/bid/22970 || url,doc.emergingthreats.net/2004250
1 || 2004251 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board SQL Injection Attempt -- usergroups.php ASCII || cve,CVE-2007-1518 || url,www.securityfocus.com/bid/22970 || url,doc.emergingthreats.net/2004251
1 || 2004252 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board SQL Injection Attempt -- usergroups.php UPDATE || cve,CVE-2007-1518 || url,www.securityfocus.com/bid/22970 || url,doc.emergingthreats.net/2004252
1 || 2004253 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id SELECT || cve,CVE-2007-1517 || url,www.milw0rm.com/exploits/3477 || url,doc.emergingthreats.net/2004253
1 || 2004254 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UNION SELECT || cve,CVE-2007-1517 || url,www.milw0rm.com/exploits/3477 || url,doc.emergingthreats.net/2004254
1 || 2004255 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id INSERT || cve,CVE-2007-1517 || url,www.milw0rm.com/exploits/3477 || url,doc.emergingthreats.net/2004255
1 || 2004256 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id DELETE || cve,CVE-2007-1517 || url,www.milw0rm.com/exploits/3477 || url,doc.emergingthreats.net/2004256
1 || 2004257 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id ASCII || cve,CVE-2007-1517 || url,www.milw0rm.com/exploits/3477 || url,doc.emergingthreats.net/2004257
1 || 2004258 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UPDATE || cve,CVE-2007-1517 || url,www.milw0rm.com/exploits/3477 || url,doc.emergingthreats.net/2004258
1 || 2004259 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- post.php postid SELECT || cve,CVE-2007-1510 || url,www.milw0rm.com/exploits/3500 || url,doc.emergingthreats.net/2004259
1 || 2004260 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- post.php postid UNION SELECT || cve,CVE-2007-1510 || url,www.milw0rm.com/exploits/3500 || url,doc.emergingthreats.net/2004260
1 || 2004261 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- post.php postid INSERT || cve,CVE-2007-1510 || url,www.milw0rm.com/exploits/3500 || url,doc.emergingthreats.net/2004261
1 || 2004262 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- post.php postid DELETE || cve,CVE-2007-1510 || url,www.milw0rm.com/exploits/3500 || url,doc.emergingthreats.net/2004262
1 || 2004263 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- post.php postid ASCII || cve,CVE-2007-1510 || url,www.milw0rm.com/exploits/3500 || url,doc.emergingthreats.net/2004263
1 || 2004264 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- post.php postid UPDATE || cve,CVE-2007-1510 || url,www.milw0rm.com/exploits/3500 || url,doc.emergingthreats.net/2004264
1 || 2004265 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x SELECT || cve,CVE-2006-7171 || url,xforce.iss.net/xforce/xfdb/30215 || url,doc.emergingthreats.net/2004265
1 || 2004266 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x UNION SELECT || cve,CVE-2006-7171 || url,xforce.iss.net/xforce/xfdb/30215 || url,doc.emergingthreats.net/2004266
1 || 2004267 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x INSERT || cve,CVE-2006-7171 || url,xforce.iss.net/xforce/xfdb/30215 || url,doc.emergingthreats.net/2004267
1 || 2004268 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x DELETE || cve,CVE-2006-7171 || url,xforce.iss.net/xforce/xfdb/30215 || url,doc.emergingthreats.net/2004268
1 || 2004269 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x ASCII || cve,CVE-2006-7171 || url,xforce.iss.net/xforce/xfdb/30215 || url,doc.emergingthreats.net/2004269
1 || 2004270 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x UPDATE || cve,CVE-2006-7171 || url,xforce.iss.net/xforce/xfdb/30215 || url,doc.emergingthreats.net/2004270
1 || 2004271 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php t SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004271
1 || 2004272 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php t UNION SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004272
1 || 2004273 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php t INSERT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004273
1 || 2004274 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php t DELETE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004274
1 || 2004275 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php t ASCII || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004275
1 || 2004276 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php t UPDATE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004276
1 || 2004277 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004277
1 || 2004278 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId UNION SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004278
1 || 2004279 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId INSERT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004279
1 || 2004280 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId DELETE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004280
1 || 2004281 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId ASCII || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004281
1 || 2004282 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php productId UPDATE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004282
1 || 2004283 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004283
1 || 2004284 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk UNION SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004284
1 || 2004285 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk INSERT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004285
1 || 2004286 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk DELETE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004286
1 || 2004287 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk ASCII || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004287
1 || 2004288 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php sk UPDATE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004288
1 || 2004289 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004289
1 || 2004290 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x UNION SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004290
1 || 2004291 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x INSERT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004291
1 || 2004292 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x DELETE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004292
1 || 2004293 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x ASCII || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004293
1 || 2004294 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php x UPDATE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004294
1 || 2004295 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php so SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004295
1 || 2004296 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php so UNION SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004296
1 || 2004297 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php so INSERT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004297
1 || 2004298 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php so DELETE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004298
1 || 2004299 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php so ASCII || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004299
1 || 2004300 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- product_review.php so UPDATE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004300
1 || 2004301 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004301
1 || 2004302 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo UNION SELECT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004302
1 || 2004303 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo INSERT || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004303
1 || 2004304 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo DELETE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004304
1 || 2004305 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo ASCII || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004305
1 || 2004306 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Koan Software Mega Mall SQL Injection Attempt -- order-track.php orderNo UPDATE || cve,CVE-2006-7170 || url,www.securityfocus.com/bid/21072 || url,doc.emergingthreats.net/2004306
1 || 2004307 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php SELECT || cve,CVE-2007-1493 || url,www.securityfocus.com/archive/1/archive/1/462453/100/0/threaded || url,doc.emergingthreats.net/2004307
1 || 2004308 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php UNION SELECT || cve,CVE-2007-1493 || url,www.securityfocus.com/archive/1/archive/1/462453/100/0/threaded || url,doc.emergingthreats.net/2004308
1 || 2004309 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php INSERT || cve,CVE-2007-1493 || url,www.securityfocus.com/archive/1/archive/1/462453/100/0/threaded || url,doc.emergingthreats.net/2004309
1 || 2004310 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php DELETE || cve,CVE-2007-1493 || url,www.securityfocus.com/archive/1/archive/1/462453/100/0/threaded || url,doc.emergingthreats.net/2004310
1 || 2004311 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php ASCII || cve,CVE-2007-1493 || url,www.securityfocus.com/archive/1/archive/1/462453/100/0/threaded || url,doc.emergingthreats.net/2004311
1 || 2004312 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php UPDATE || cve,CVE-2007-1493 || url,www.securityfocus.com/archive/1/archive/1/462453/100/0/threaded || url,doc.emergingthreats.net/2004312
1 || 2004313 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt -- index.php e_id SELECT || cve,CVE-2007-1481 || url,www.milw0rm.com/exploits/3490 || url,doc.emergingthreats.net/2004313
1 || 2004314 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt -- index.php e_id UNION SELECT || cve,CVE-2007-1481 || url,www.milw0rm.com/exploits/3490 || url,doc.emergingthreats.net/2004314
1 || 2004315 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt -- index.php e_id INSERT || cve,CVE-2007-1481 || url,www.milw0rm.com/exploits/3490 || url,doc.emergingthreats.net/2004315
1 || 2004316 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt -- index.php e_id DELETE || cve,CVE-2007-1481 || url,www.milw0rm.com/exploits/3490 || url,doc.emergingthreats.net/2004316
1 || 2004317 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt -- index.php e_id UPDATE || cve,CVE-2007-1481 || url,www.milw0rm.com/exploits/3490 || url,doc.emergingthreats.net/2004317
1 || 2004318 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WBBlog SQL Injection Attempt -- index.php e_id ASCII || cve,CVE-2007-1481 || url,www.milw0rm.com/exploits/3490 || url,doc.emergingthreats.net/2004318
1 || 2004319 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid SELECT || cve,CVE-2007-1469 || url,www.securityfocus.com/bid/22988 || url,doc.emergingthreats.net/2004319
1 || 2004320 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid UNION SELECT || cve,CVE-2007-1469 || url,www.securityfocus.com/bid/22988 || url,doc.emergingthreats.net/2004320
1 || 2004321 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid INSERT || cve,CVE-2007-1469 || url,www.securityfocus.com/bid/22988 || url,doc.emergingthreats.net/2004321
1 || 2004322 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid DELETE || cve,CVE-2007-1469 || url,www.securityfocus.com/bid/22988 || url,doc.emergingthreats.net/2004322
1 || 2004323 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid ASCII || cve,CVE-2007-1469 || url,www.securityfocus.com/bid/22988 || url,doc.emergingthreats.net/2004323
1 || 2004324 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Absolute Image Gallery SQL Injection Attempt -- gallery.asp categoryid UPDATE || cve,CVE-2007-1469 || url,www.securityfocus.com/bid/22988 || url,doc.emergingthreats.net/2004324
1 || 2004325 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang SELECT || cve,CVE-2007-1450 || url,www.securityfocus.com/bid/22909 || url,doc.emergingthreats.net/2004325
1 || 2004326 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang UNION SELECT || cve,CVE-2007-1450 || url,www.securityfocus.com/bid/22909 || url,doc.emergingthreats.net/2004326
1 || 2004327 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang INSERT || cve,CVE-2007-1450 || url,www.securityfocus.com/bid/22909 || url,doc.emergingthreats.net/2004327
1 || 2004328 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang DELETE || cve,CVE-2007-1450 || url,www.securityfocus.com/bid/22909 || url,doc.emergingthreats.net/2004328
1 || 2004329 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang ASCII || cve,CVE-2007-1450 || url,www.securityfocus.com/bid/22909 || url,doc.emergingthreats.net/2004329
1 || 2004330 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang UPDATE || cve,CVE-2007-1450 || url,www.securityfocus.com/bid/22909 || url,doc.emergingthreats.net/2004330
1 || 2004331 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout SELECT || cve,CVE-2007-1445 || url,www.milw0rm.com/exploits/3466 || url,doc.emergingthreats.net/2004331
1 || 2004332 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout UNION SELECT || cve,CVE-2007-1445 || url,www.milw0rm.com/exploits/3466 || url,doc.emergingthreats.net/2004332
1 || 2004333 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout INSERT || cve,CVE-2007-1445 || url,www.milw0rm.com/exploits/3466 || url,doc.emergingthreats.net/2004333
1 || 2004334 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout DELETE || cve,CVE-2007-1445 || url,www.milw0rm.com/exploits/3466 || url,doc.emergingthreats.net/2004334
1 || 2004335 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout ASCII || cve,CVE-2007-1445 || url,www.milw0rm.com/exploits/3466 || url,doc.emergingthreats.net/2004335
1 || 2004336 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BP Blog SQL Injection Attempt -- default.asp layout UPDATE || cve,CVE-2007-1445 || url,www.milw0rm.com/exploits/3466 || url,doc.emergingthreats.net/2004336
1 || 2004337 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author SELECT || cve,CVE-2007-1440 || url,www.milw0rm.com/exploits/3470 || url,doc.emergingthreats.net/2004337
1 || 2004338 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author UNION SELECT || cve,CVE-2007-1440 || url,www.milw0rm.com/exploits/3470 || url,doc.emergingthreats.net/2004338
1 || 2004339 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author INSERT || cve,CVE-2007-1440 || url,www.milw0rm.com/exploits/3470 || url,doc.emergingthreats.net/2004339
1 || 2004340 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author DELETE || cve,CVE-2007-1440 || url,www.milw0rm.com/exploits/3470 || url,doc.emergingthreats.net/2004340
1 || 2004341 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author ASCII || cve,CVE-2007-1440 || url,www.milw0rm.com/exploits/3470 || url,doc.emergingthreats.net/2004341
1 || 2004342 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JGBBS SQL Injection Attempt -- search.asp author UPDATE || cve,CVE-2007-1440 || url,www.milw0rm.com/exploits/3470 || url,doc.emergingthreats.net/2004342
1 || 2004343 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id SELECT || cve,CVE-2007-1438 || url,www.milw0rm.com/exploits/3469 || url,doc.emergingthreats.net/2004343
1 || 2004344 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id UNION SELECT || cve,CVE-2007-1438 || url,www.milw0rm.com/exploits/3469 || url,doc.emergingthreats.net/2004344
1 || 2004345 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id INSERT || cve,CVE-2007-1438 || url,www.milw0rm.com/exploits/3469 || url,doc.emergingthreats.net/2004345
1 || 2004346 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id DELETE || cve,CVE-2007-1438 || url,www.milw0rm.com/exploits/3469 || url,doc.emergingthreats.net/2004346
1 || 2004347 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id ASCII || cve,CVE-2007-1438 || url,www.milw0rm.com/exploits/3469 || url,doc.emergingthreats.net/2004347
1 || 2004348 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-Ice News System SQL Injection Attempt -- devami.asp id UPDATE || cve,CVE-2007-1438 || url,www.milw0rm.com/exploits/3469 || url,doc.emergingthreats.net/2004348
1 || 2004349 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004349
1 || 2004350 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id UNION SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004350
1 || 2004351 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id INSERT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004351
1 || 2004352 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id DELETE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004352
1 || 2004353 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id ASCII || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004353
1 || 2004354 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- userdetail.php id UPDATE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004354
1 || 2004355 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004355
1 || 2004356 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id UNION SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004356
1 || 2004357 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id INSERT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004357
1 || 2004358 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id DELETE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004358
1 || 2004359 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id ASCII || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004359
1 || 2004360 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php id UPDATE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004360
1 || 2004361 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004361
1 || 2004362 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id UNION SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004362
1 || 2004363 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id INSERT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004363
1 || 2004364 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id DELETE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004364
1 || 2004365 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id ASCII || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004365
1 || 2004366 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- detail.php id UPDATE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004366
1 || 2004367 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004367
1 || 2004368 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url UNION SELECT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004368
1 || 2004369 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url INSERT || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004369
1 || 2004370 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url DELETE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004370
1 || 2004371 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url ASCII || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004371
1 || 2004372 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grayscale Blog SQL Injection Attempt -- jump.php url UPDATE || cve,CVE-2007-1434 || url,www.securityfocus.com/bid/22911 || url,doc.emergingthreats.net/2004372
1 || 2004373 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary SELECT || cve,CVE-2007-1428 || url,www.exploit-db.com/exploits/3455/ || url,doc.emergingthreats.net/2004373
1 || 2004374 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary UNION SELECT || cve,CVE-2007-1428 || url,www.exploit-db.com/exploits/3455/ || url,doc.emergingthreats.net/2004374
1 || 2004375 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary INSERT || cve,CVE-2007-1428 || url,www.exploit-db.com/exploits/3455/ || url,doc.emergingthreats.net/2004375
1 || 2004376 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary DELETE || cve,CVE-2007-1428 || url,www.exploit-db.com/exploits/3455/ || url,doc.emergingthreats.net/2004376
1 || 2004377 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary ASCII || cve,CVE-2007-1428 || url,www.exploit-db.com/exploits/3455/ || url,doc.emergingthreats.net/2004377
1 || 2004378 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Labs JobSitePro SQL Injection Attempt -- search.php salary UPDATE || cve,CVE-2007-1428 || url,www.exploit-db.com/exploits/3455/ || url,doc.emergingthreats.net/2004378
1 || 2004379 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Triexa SonicMailer Pro SQL Injection Attempt -- index.php list SELECT || cve,CVE-2007-1425 || url,www.milw0rm.com/exploits/3457 || url,doc.emergingthreats.net/2004379
1 || 2004380 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Triexa SonicMailer Pro SQL Injection Attempt -- index.php list UNION SELECT || cve,CVE-2007-1425 || url,www.milw0rm.com/exploits/3457 || url,doc.emergingthreats.net/2004380
1 || 2004381 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Triexa SonicMailer Pro SQL Injection Attempt -- index.php list INSERT || cve,CVE-2007-1425 || url,www.milw0rm.com/exploits/3457 || url,doc.emergingthreats.net/2004381
1 || 2004382 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Triexa SonicMailer Pro SQL Injection Attempt -- index.php list DELETE || cve,CVE-2007-1425 || url,www.milw0rm.com/exploits/3457 || url,doc.emergingthreats.net/2004382
1 || 2004383 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Triexa SonicMailer Pro SQL Injection Attempt -- index.php list ASCII || cve,CVE-2007-1425 || url,www.milw0rm.com/exploits/3457 || url,doc.emergingthreats.net/2004383
1 || 2004384 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Triexa SonicMailer Pro SQL Injection Attempt -- index.php list UPDATE || cve,CVE-2007-1425 || url,www.milw0rm.com/exploits/3457 || url,doc.emergingthreats.net/2004384
1 || 2004385 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id SELECT || cve,CVE-2007-1422 || url,www.securityfocus.com/bid/22910 || url,doc.emergingthreats.net/2004385
1 || 2004386 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id UNION SELECT || cve,CVE-2007-1422 || url,www.securityfocus.com/bid/22910 || url,doc.emergingthreats.net/2004386
1 || 2004387 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id INSERT || cve,CVE-2007-1422 || url,www.securityfocus.com/bid/22910 || url,doc.emergingthreats.net/2004387
1 || 2004388 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id DELETE || cve,CVE-2007-1422 || url,www.securityfocus.com/bid/22910 || url,doc.emergingthreats.net/2004388
1 || 2004389 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id ASCII || cve,CVE-2007-1422 || url,www.securityfocus.com/bid/22910 || url,doc.emergingthreats.net/2004389
1 || 2004390 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fystyq Duyuru Scripti SQL Injection Attempt -- goster.asp id UPDATE || cve,CVE-2007-1422 || url,www.securityfocus.com/bid/22910 || url,doc.emergingthreats.net/2004390
1 || 2004397 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori SELECT || cve,CVE-2007-1410 || url,www.milw0rm.com/exploits/3437 || url,doc.emergingthreats.net/2004397
1 || 2004398 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori UNION SELECT || cve,CVE-2007-1410 || url,www.milw0rm.com/exploits/3437 || url,doc.emergingthreats.net/2004398
1 || 2004399 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori INSERT || cve,CVE-2007-1410 || url,www.milw0rm.com/exploits/3437 || url,doc.emergingthreats.net/2004399
1 || 2004400 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori DELETE || cve,CVE-2007-1410 || url,www.milw0rm.com/exploits/3437 || url,doc.emergingthreats.net/2004400
1 || 2004401 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori ASCII || cve,CVE-2007-1410 || url,www.milw0rm.com/exploits/3437 || url,doc.emergingthreats.net/2004401
1 || 2004402 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaziYapBoz Game Portal SQL Injection Attempt -- kategori.asp kategori UPDATE || cve,CVE-2007-1410 || url,www.milw0rm.com/exploits/3437 || url,doc.emergingthreats.net/2004402
1 || 2004403 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php SELECT || cve,CVE-2007-1409 || url,www.secunia.com/advisories/24566 || url,doc.emergingthreats.net/2004403
1 || 2004404 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php UNION SELECT || cve,CVE-2007-1409 || url,www.secunia.com/advisories/24566 || url,doc.emergingthreats.net/2004404
1 || 2004405 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php INSERT || cve,CVE-2007-1409 || url,www.secunia.com/advisories/24566 || url,doc.emergingthreats.net/2004405
1 || 2004406 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php DELETE || cve,CVE-2007-1409 || url,www.secunia.com/advisories/24566 || url,doc.emergingthreats.net/2004406
1 || 2004407 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php ASCII || cve,CVE-2007-1409 || url,www.secunia.com/advisories/24566 || url,doc.emergingthreats.net/2004407
1 || 2004408 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- admin-functions.php UPDATE || cve,CVE-2007-1409 || url,www.secunia.com/advisories/24566 || url,doc.emergingthreats.net/2004408
1 || 2004409 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt SELECT || cve,CVE-2007-1339 || url,www.exploit-db.com/exploits/3416/ || url,doc.emergingthreats.net/2004409
1 || 2004410 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt UNION SELECT || cve,CVE-2007-1339 || url,www.exploit-db.com/exploits/3416/ || url,doc.emergingthreats.net/2004410
1 || 2004411 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt INSERT || cve,CVE-2007-1339 || url,www.exploit-db.com/exploits/3416/ || url,doc.emergingthreats.net/2004411
1 || 2004412 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt DELETE || cve,CVE-2007-1339 || url,www.exploit-db.com/exploits/3416/ || url,doc.emergingthreats.net/2004412
1 || 2004413 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt ASCII || cve,CVE-2007-1339 || url,www.exploit-db.com/exploits/3416/ || url,doc.emergingthreats.net/2004413
1 || 2004414 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Links Management Application SQL Injection Attempt -- index.php lcnt UPDATE || cve,CVE-2007-1339 || url,www.exploit-db.com/exploits/3416/ || url,doc.emergingthreats.net/2004414
1 || 2004415 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Serendipity SQL Injection Attempt -- index.php serendipity SELECT || cve,CVE-2007-1326 || url,www.securityfocus.com/archive/1/archive/1/461671/100/0/threaded || url,doc.emergingthreats.net/2004415
1 || 2004416 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Serendipity SQL Injection Attempt -- index.php serendipity UNION SELECT || cve,CVE-2007-1326 || url,www.securityfocus.com/archive/1/archive/1/461671/100/0/threaded || url,doc.emergingthreats.net/2004416
1 || 2004417 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Serendipity SQL Injection Attempt -- index.php serendipity INSERT || cve,CVE-2007-1326 || url,www.securityfocus.com/archive/1/archive/1/461671/100/0/threaded || url,doc.emergingthreats.net/2004417
1 || 2004418 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Serendipity SQL Injection Attempt -- index.php serendipity DELETE || cve,CVE-2007-1326 || url,www.securityfocus.com/archive/1/archive/1/461671/100/0/threaded || url,doc.emergingthreats.net/2004418
1 || 2004419 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Serendipity SQL Injection Attempt -- index.php serendipity ASCII || cve,CVE-2007-1326 || url,www.securityfocus.com/archive/1/archive/1/461671/100/0/threaded || url,doc.emergingthreats.net/2004419
1 || 2004420 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Serendipity SQL Injection Attempt -- index.php serendipity UPDATE || cve,CVE-2007-1326 || url,www.securityfocus.com/archive/1/archive/1/461671/100/0/threaded || url,doc.emergingthreats.net/2004420
1 || 2004421 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hazir Site SQL Injection Attempt -- giris_yap.asp sifre SELECT || cve,CVE-2006-7161 || url,www.securityfocus.com/bid/20375 || url,doc.emergingthreats.net/2004421
1 || 2004422 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hazir Site SQL Injection Attempt -- giris_yap.asp sifre UNION SELECT || cve,CVE-2006-7161 || url,www.securityfocus.com/bid/20375 || url,doc.emergingthreats.net/2004422
1 || 2004423 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hazir Site SQL Injection Attempt -- giris_yap.asp sifre INSERT || cve,CVE-2006-7161 || url,www.securityfocus.com/bid/20375 || url,doc.emergingthreats.net/2004423
1 || 2004424 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hazir Site SQL Injection Attempt -- giris_yap.asp sifre DELETE || cve,CVE-2006-7161 || url,www.securityfocus.com/bid/20375 || url,doc.emergingthreats.net/2004424
1 || 2004425 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hazir Site SQL Injection Attempt -- giris_yap.asp sifre ASCII || cve,CVE-2006-7161 || url,www.securityfocus.com/bid/20375 || url,doc.emergingthreats.net/2004425
1 || 2004426 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hazir Site SQL Injection Attempt -- giris_yap.asp sifre UPDATE || cve,CVE-2006-7161 || url,www.securityfocus.com/bid/20375 || url,doc.emergingthreats.net/2004426
1 || 2004427 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname SELECT || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004427
1 || 2004428 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname UNION SELECT || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004428
1 || 2004429 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname INSERT || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004429
1 || 2004430 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname DELETE || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004430
1 || 2004431 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname ASCII || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004431
1 || 2004432 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- moscomment.php mcname UPDATE || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004432
1 || 2004433 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- com_comment.php mcname SELECT || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004433
1 || 2004434 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- com_comment.php mcname UNION SELECT || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004434
1 || 2004435 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- com_comment.php mcname INSERT || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004435
1 || 2004436 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- com_comment.php mcname DELETE || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004436
1 || 2004437 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- com_comment.php mcname ASCII || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004437
1 || 2004438 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo SQL Injection Attempt -- com_comment.php mcname UPDATE || cve,CVE-2006-7150 || url,www.securityfocus.com/bid/20650 || url,doc.emergingthreats.net/2004438
1 || 2004439 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Wiz Forums SQL Injection Attempt -- pop_up_member_search.asp name ASCII || cve,CVE-2007-1548 || url,www.securityfocus.com/bid/23051 || url,doc.emergingthreats.net/2004439
1 || 2004440 || 7 || trojan-activity || 0 || ET TROJAN Banload User-Agent Detected (ExampleDL) || url,doc.emergingthreats.net/2004440
1 || 2004442 || 8 || trojan-activity || 0 || ET TROJAN Banker.Delf User-Agent (hhh) || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2004442
1 || 2004443 || 9 || trojan-activity || 0 || ET TROJAN KKtone Suspicious User-Agent (KKTone) || url,doc.emergingthreats.net/bin/view/Main/2004443
1 || 2004449 || 6 || denial-of-service || 0 || ET DELETED PacketShaper DoS attempt || url,doc.emergingthreats.net/2004449
1 || 2004450 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp SELECT || cve,CVE-2007-2992 || url,www.securityfocus.com/bid/24275 || url,doc.emergingthreats.net/2004450
1 || 2004451 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp UNION SELECT || cve,CVE-2007-2992 || url,www.securityfocus.com/bid/24275 || url,doc.emergingthreats.net/2004451
1 || 2004452 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp INSERT || cve,CVE-2007-2992 || url,www.securityfocus.com/bid/24275 || url,doc.emergingthreats.net/2004452
1 || 2004453 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp DELETE || cve,CVE-2007-2992 || url,www.securityfocus.com/bid/24275 || url,doc.emergingthreats.net/2004453
1 || 2004454 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp ASCII || cve,CVE-2007-2992 || url,www.securityfocus.com/bid/24275 || url,doc.emergingthreats.net/2004454
1 || 2004455 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp UPDATE || cve,CVE-2007-2992 || url,www.securityfocus.com/bid/24275 || url,doc.emergingthreats.net/2004455
1 || 2004456 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php newsid SELECT || cve,CVE-2007-2994 || url,www.securityfocus.com/bid/24212 || url,doc.emergingthreats.net/2004456
1 || 2004457 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php newsid UNION SELECT || cve,CVE-2007-2994 || url,www.securityfocus.com/bid/24212 || url,doc.emergingthreats.net/2004457
1 || 2004458 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php newsid INSERT || cve,CVE-2007-2994 || url,www.securityfocus.com/bid/24212 || url,doc.emergingthreats.net/2004458
1 || 2004459 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php newsid DELETE || cve,CVE-2007-2994 || url,www.securityfocus.com/bid/24212 || url,doc.emergingthreats.net/2004459
1 || 2004460 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php newsid ASCII || cve,CVE-2007-2994 || url,www.securityfocus.com/bid/24212 || url,doc.emergingthreats.net/2004460
1 || 2004461 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php newsid UPDATE || cve,CVE-2007-2994 || url,www.securityfocus.com/bid/24212 || url,doc.emergingthreats.net/2004461
1 || 2004463 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp SELECT || cve,CVE-2007-2997 || url,www.securityfocus.com/bid/24226 || url,doc.emergingthreats.net/2004463
1 || 2004464 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp UNION SELECT || cve,CVE-2007-2997 || url,www.securityfocus.com/bid/24226 || url,doc.emergingthreats.net/2004464
1 || 2004465 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp INSERT || cve,CVE-2007-2997 || url,www.securityfocus.com/bid/24226 || url,doc.emergingthreats.net/2004465
1 || 2004466 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp DELETE || cve,CVE-2007-2997 || url,www.securityfocus.com/bid/24226 || url,doc.emergingthreats.net/2004466
1 || 2004467 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp ASCII || cve,CVE-2007-2997 || url,www.securityfocus.com/bid/24226 || url,doc.emergingthreats.net/2004467
1 || 2004468 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SalesCart Shopping Cart SQL Injection Attempt -- reorder2.asp UPDATE || cve,CVE-2007-2997 || url,www.securityfocus.com/bid/24226 || url,doc.emergingthreats.net/2004468
1 || 2004469 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php cat_id UNION SELECT || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004469
1 || 2004470 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php cat_id INSERT || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004470
1 || 2004471 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php cat_id DELETE || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004471
1 || 2004472 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php cat_id ASCII || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004472
1 || 2004473 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php cat_id UPDATE || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004473
1 || 2004474 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php year SELECT || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004474
1 || 2004475 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php year UNION SELECT || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004475
1 || 2004476 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php year INSERT || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004476
1 || 2004477 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php year DELETE || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004477
1 || 2004478 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php year ASCII || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004478
1 || 2004479 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php year UPDATE || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004479
1 || 2004480 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq SELECT || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004480
1 || 2004481 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq UNION SELECT || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004481
1 || 2004482 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq INSERT || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004482
1 || 2004483 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq DELETE || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004483
1 || 2004484 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq ASCII || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004484
1 || 2004485 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq UPDATE || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004485
1 || 2004486 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID SELECT || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004486
1 || 2004487 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID UNION SELECT || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004487
1 || 2004488 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID INSERT || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004488
1 || 2004489 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID DELETE || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004489
1 || 2004490 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID ASCII || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004490
1 || 2004491 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- DisplayResults.php iSearchID UPDATE || cve,CVE-2007-3000 || url,www.securityfocus.com/bid/24253 || url,doc.emergingthreats.net/2004491
1 || 2004492 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie SQL Injection Attempt -- index.php cat_id SELECT || cve,CVE-2007-3003 || url,www.securityfocus.com/bid/24249 || url,doc.emergingthreats.net/2004492
1 || 2004493 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004493
1 || 2004494 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name UNION SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004494
1 || 2004495 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name INSERT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004495
1 || 2004496 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name DELETE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004496
1 || 2004497 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name ASCII || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004497
1 || 2004498 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php name UPDATE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004498
1 || 2004499 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php country SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004499
1 || 2004500 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php country UNION SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004500
1 || 2004501 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php country INSERT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004501
1 || 2004502 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php country DELETE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004502
1 || 2004503 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php country ASCII || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004503
1 || 2004504 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php country UPDATE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004504
1 || 2004505 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php email SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004505
1 || 2004506 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php email UNION SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004506
1 || 2004507 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php email INSERT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004507
1 || 2004508 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php email DELETE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004508
1 || 2004509 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php email ASCII || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004509
1 || 2004510 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php email UPDATE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004510
1 || 2004511 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004511
1 || 2004512 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website UNION SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004512
1 || 2004513 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website INSERT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004513
1 || 2004514 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website DELETE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004514
1 || 2004515 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website ASCII || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004515
1 || 2004516 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php website UPDATE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004516
1 || 2004517 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004517
1 || 2004518 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message UNION SELECT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004518
1 || 2004519 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message INSERT || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004519
1 || 2004520 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message DELETE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004520
1 || 2004521 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message ASCII || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004521
1 || 2004522 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Savas Guestbook SQL Injection Attempt -- add2.php message UPDATE || cve,CVE-2007-1304 || url,www.securityfocus.com/bid/22820 || url,doc.emergingthreats.net/2004522
1 || 2004523 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country SELECT || cve,CVE-2007-1302 || url,www.securityfocus.com/bid/22821 || url,doc.emergingthreats.net/2004523
1 || 2004524 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country UNION SELECT || cve,CVE-2007-1302 || url,www.securityfocus.com/bid/22821 || url,doc.emergingthreats.net/2004524
1 || 2004525 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country INSERT || cve,CVE-2007-1302 || url,www.securityfocus.com/bid/22821 || url,doc.emergingthreats.net/2004525
1 || 2004526 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country DELETE || cve,CVE-2007-1302 || url,www.securityfocus.com/bid/22821 || url,doc.emergingthreats.net/2004526
1 || 2004527 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country ASCII || cve,CVE-2007-1302 || url,www.securityfocus.com/bid/22821 || url,doc.emergingthreats.net/2004527
1 || 2004528 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LI-Guestbook SQL Injection Attempt -- guestbook.php country UPDATE || cve,CVE-2007-1302 || url,www.securityfocus.com/bid/22821 || url,doc.emergingthreats.net/2004528
1 || 2004529 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id SELECT || cve,CVE-2007-1298 || url,www.milw0rm.com/exploits/3408 || url,doc.emergingthreats.net/2004529
1 || 2004530 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id UNION SELECT || cve,CVE-2007-1298 || url,www.milw0rm.com/exploits/3408 || url,doc.emergingthreats.net/2004530
1 || 2004531 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id INSERT || cve,CVE-2007-1298 || url,www.milw0rm.com/exploits/3408 || url,doc.emergingthreats.net/2004531
1 || 2004532 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id DELETE || cve,CVE-2007-1298 || url,www.milw0rm.com/exploits/3408 || url,doc.emergingthreats.net/2004532
1 || 2004533 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id ASCII || cve,CVE-2007-1298 || url,www.milw0rm.com/exploits/3408 || url,doc.emergingthreats.net/2004533
1 || 2004534 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Auction SQL Injection Attempt -- subcat.php cate_id UPDATE || cve,CVE-2007-1298 || url,www.milw0rm.com/exploits/3408 || url,doc.emergingthreats.net/2004534
1 || 2004535 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id SELECT || cve,CVE-2007-1297 || url,www.milw0rm.com/exploits/3409 || url,doc.emergingthreats.net/2004535
1 || 2004536 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id UNION SELECT || cve,CVE-2007-1297 || url,www.milw0rm.com/exploits/3409 || url,doc.emergingthreats.net/2004536
1 || 2004537 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id INSERT || cve,CVE-2007-1297 || url,www.milw0rm.com/exploits/3409 || url,doc.emergingthreats.net/2004537
1 || 2004538 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id DELETE || cve,CVE-2007-1297 || url,www.milw0rm.com/exploits/3409 || url,doc.emergingthreats.net/2004538
1 || 2004539 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id ASCII || cve,CVE-2007-1297 || url,www.milw0rm.com/exploits/3409 || url,doc.emergingthreats.net/2004539
1 || 2004540 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJDating SQL Injection Attempt -- view_profile.php user_id UPDATE || cve,CVE-2007-1297 || url,www.milw0rm.com/exploits/3409 || url,doc.emergingthreats.net/2004540
1 || 2004541 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid SELECT || cve,CVE-2007-1296 || url,www.milw0rm.com/exploits/3410 || url,doc.emergingthreats.net/2004541
1 || 2004542 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UNION SELECT || cve,CVE-2007-1296 || url,www.milw0rm.com/exploits/3410 || url,doc.emergingthreats.net/2004542
1 || 2004543 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid INSERT || cve,CVE-2007-1296 || url,www.milw0rm.com/exploits/3410 || url,doc.emergingthreats.net/2004543
1 || 2004544 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid DELETE || cve,CVE-2007-1296 || url,www.milw0rm.com/exploits/3410 || url,doc.emergingthreats.net/2004544
1 || 2004545 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid ASCII || cve,CVE-2007-1296 || url,www.milw0rm.com/exploits/3410 || url,doc.emergingthreats.net/2004545
1 || 2004546 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Classifieds SQL Injection Attempt -- postingdetails.php postingid UPDATE || cve,CVE-2007-1296 || url,www.milw0rm.com/exploits/3410 || url,doc.emergingthreats.net/2004546
1 || 2004547 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id SELECT || cve,CVE-2007-1295 || url,www.milw0rm.com/exploits/3411 || url,doc.emergingthreats.net/2004547
1 || 2004548 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id INSERT || cve,CVE-2007-1295 || url,www.milw0rm.com/exploits/3411 || url,doc.emergingthreats.net/2004548
1 || 2004549 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id DELETE || cve,CVE-2007-1295 || url,www.milw0rm.com/exploits/3411 || url,doc.emergingthreats.net/2004549
1 || 2004550 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id ASCII || cve,CVE-2007-1295 || url,www.milw0rm.com/exploits/3411 || url,doc.emergingthreats.net/2004550
1 || 2004551 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id UPDATE || cve,CVE-2007-1295 || url,www.milw0rm.com/exploits/3411 || url,doc.emergingthreats.net/2004551
1 || 2004552 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpPgAdmin XSS Attempt -- sqledit.php server || cve,CVE-2007-2865 || url,www.securityfocus.com/bid/24115 || url,doc.emergingthreats.net/2004552
1 || 2004554 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HLstats XSS Attempt -- hlstats.php authusername || cve,CVE-2007-2847 || url,www.securityfocus.com/bid/24102 || url,doc.emergingthreats.net/2004554
1 || 2004555 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HLstats XSS Attempt -- hlstats.php authpassword || cve,CVE-2007-2847 || url,www.securityfocus.com/bid/24102 || url,doc.emergingthreats.net/2004555
1 || 2004556 || 8 || web-application-attack || 0 || ET WEB_SERVER Cisco CallManager XSS Attempt serverlist.asp pattern || cve,CVE-2007-2832 || url,www.secunia.com/advisories/25377 || url,doc.emergingthreats.net/2004556
1 || 2004557 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @Mail XSS Attempt -- ReadMsg.php || cve,CVE-2007-2825 || url,xforce.iss.net/xforce/xfdb/34376 || url,doc.emergingthreats.net/2004557
1 || 2004558 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Track+ XSS Attempt -- reportItem.do projId || cve,CVE-2007-2819 || url,www.securityfocus.com/bid/24060 || url,doc.emergingthreats.net/2004558
1 || 2004559 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CactuSoft Parodia XSS Attempt -- cand_login.asp strJobIDs || cve,CVE-2007-2818 || url,www.securityfocus.com/bid/24078 || url,doc.emergingthreats.net/2004559
1 || 2004560 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HLstats XSS Attempt -- hlstats.php || cve,CVE-2007-2812 || url,www.securityfocus.com/bid/24063 || url,doc.emergingthreats.net/2004560
1 || 2004561 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HLstats XSS Attempt -- hlstats.php action || cve,CVE-2007-2812 || url,www.securityfocus.com/bid/24063 || url,doc.emergingthreats.net/2004561
1 || 2004562 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gnatsweb and Gnats XSS Attempt -- gnatsweb.pl database || cve,CVE-2007-2808 || url,www.secunia.com/advisories/25333 || url,doc.emergingthreats.net/2004562
1 || 2004563 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaliX XSS Attempt -- index.php galix_cat_detail || cve,CVE-2007-2806 || url,www.securityfocus.com/bid/24066 || url,doc.emergingthreats.net/2004563
1 || 2004564 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaliX XSS Attempt -- index.php galix_gal_detail || cve,CVE-2007-2806 || url,www.securityfocus.com/bid/24066 || url,doc.emergingthreats.net/2004564
1 || 2004565 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GaliX XSS Attempt -- index.php galix_cat_detail_sort || cve,CVE-2007-2806 || url,www.securityfocus.com/bid/24066 || url,doc.emergingthreats.net/2004565
1 || 2004566 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClientExec (CE) XSS Attempt -- index.php ticketID || cve,CVE-2007-2805 || url,www.securityfocus.com/bid/24061 || url,doc.emergingthreats.net/2004566
1 || 2004567 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClientExec (CE) XSS Attempt -- index.php view || cve,CVE-2007-2805 || url,www.securityfocus.com/bid/24061 || url,doc.emergingthreats.net/2004567
1 || 2004568 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClientExec (CE) XSS Attempt -- index.php fuse || cve,CVE-2007-2805 || url,www.securityfocus.com/bid/24061 || url,doc.emergingthreats.net/2004568
1 || 2004569 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store XSS Attempt -- prodList.asp brand || cve,CVE-2007-2804 || url,www.secunia.com/advisories/25370 || url,doc.emergingthreats.net/2004569
1 || 2004570 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store XSS Attempt -- prodList.asp Msg || cve,CVE-2007-2804 || url,www.secunia.com/advisories/25370 || url,doc.emergingthreats.net/2004570
1 || 2004571 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RM EasyMail Plus XSS Attempt -- Login d || cve,CVE-2007-2802 || url,www.secunia.com/advisories/25326 || url,doc.emergingthreats.net/2004571
1 || 2004572 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetbox CMS XSS Attempt -- index.php login || cve,CVE-2007-2686 || url,www.osvdb.org/34791 || url,doc.emergingthreats.net/2004572
1 || 2004573 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart XSS Attempt -- shopcontent.asp type || cve,CVE-2007-2790 || url,www.securityfocus.com/archive/1/archive/1/468834/100/0/threaded || url,doc.emergingthreats.net/2004573
1 || 2004574 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WikyBlog XSS Attempt sessionRegister.php || cve,CVE-2007-2781 || url,www.secunia.com/advisories/25308 || url,doc.emergingthreats.net/2004574
1 || 2004575 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tomcat XSS Attempt -- hello.jsp test || cve,CVE-2007-1355 || url,www.securityfocus.com/bid/24058 || url,doc.emergingthreats.net/2004575
1 || 2004576 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt -- module_bbcodeloader.php || cve,CVE-2007-2963 || url,www.securityfocus.com/bid/24244 || url,doc.emergingthreats.net/2004576
1 || 2004577 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt -- module_div.php || cve,CVE-2007-2963 || url,www.securityfocus.com/bid/24244 || url,doc.emergingthreats.net/2004577
1 || 2004578 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt -- module_email.php || cve,CVE-2007-2963 || url,www.securityfocus.com/bid/24244 || url,doc.emergingthreats.net/2004578
1 || 2004579 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt -- module_image.php || cve,CVE-2007-2963 || url,www.securityfocus.com/bid/24244 || url,doc.emergingthreats.net/2004579
1 || 2004580 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt -- module_link.php || cve,CVE-2007-2963 || url,www.securityfocus.com/bid/24244 || url,doc.emergingthreats.net/2004580
1 || 2004581 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board XSS Attempt -- module_table.php editorid || cve,CVE-2007-2963 || url,www.securityfocus.com/bid/24244 || url,doc.emergingthreats.net/2004581
1 || 2004582 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Gallery XSS Attempt -- search.php order || cve,CVE-2007-2962 || url,www.securityfocus.com/archive/1/archive/1/469985/100/0/threaded || url,doc.emergingthreats.net/2004582
1 || 2004583 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BoastMachine XSS Attempt -- index.php blog || cve,CVE-2007-2932 || url,www.securityfocus.com/bid/24156 || url,doc.emergingthreats.net/2004583
1 || 2004584 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews XSS Attempt -- footer.php copyright || cve,CVE-2007-0694 || url,www.securityfocus.com/bid/24200 || url,doc.emergingthreats.net/2004584
1 || 2004585 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DGNews XSS Attempt -- news.php catid || cve,CVE-2007-0693 || url,www.securityfocus.com/bid/24201 || url,doc.emergingthreats.net/2004585
1 || 2004586 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GMTT Music Distro XSS Attempt -- showown.php st || cve,CVE-2007-2916 || url,www.securityfocus.com/archive/1/archive/1/469269/100/0/threaded || url,doc.emergingthreats.net/2004586
1 || 2004587 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PsychoStats XSS Attempt -- awards.php || cve,CVE-2007-2914 || url,www.securityfocus.com/archive/1/archive/1/469260/100/0/threaded || url,doc.emergingthreats.net/2004587
1 || 2004588 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PsychoStats XSS Attempt -- login.php || cve,CVE-2007-2914 || url,www.securityfocus.com/archive/1/archive/1/469260/100/0/threaded || url,doc.emergingthreats.net/2004588
1 || 2004589 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PsychoStats XSS Attempt -- register.php || cve,CVE-2007-2914 || url,www.securityfocus.com/archive/1/archive/1/469260/100/0/threaded || url,doc.emergingthreats.net/2004589
1 || 2004590 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PsychoStats XSS Attempt -- weapons.php || cve,CVE-2007-2914 || url,www.securityfocus.com/archive/1/archive/1/469260/100/0/threaded || url,doc.emergingthreats.net/2004590
1 || 2004591 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClonusWiki XSS Attempt -- index.php query || cve,CVE-2007-2913 || url,www.securityfocus.com/archive/1/archive/1/469230/100/0/threaded || url,doc.emergingthreats.net/2004591
1 || 2004592 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin XSS Attempt -- calendar.php || cve,CVE-2007-2909 || url,www.vbulletin.com/forum/showthread.php?postid=1355012 || url,doc.emergingthreats.net/2004592
1 || 2004593 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos XSS Attempt -- editor.php img || cve,CVE-2007-2901 || url,www.milw0rm.com/exploits/3974 || url,doc.emergingthreats.net/2004593
1 || 2004594 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP-Nuke XSS Attempt -- news.asp id || cve,CVE-2007-2892 || url,www.securityfocus.com/bid/24135 || url,doc.emergingthreats.net/2004594
1 || 2004595 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez XSS Attempt -- info_book.asp Room_name || cve,CVE-2007-2880 || url,www.securityfocus.com/archive/1/archive/1/469589/100/0/threaded || url,doc.emergingthreats.net/2004595
1 || 2004596 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez XSS Attempt -- week.asp curYear || cve,CVE-2007-2880 || url,www.securityfocus.com/archive/1/archive/1/469589/100/0/threaded || url,doc.emergingthreats.net/2004596
1 || 2004598 || 4 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 9001 (aol) being excluded from SSL Alerts || url,doc.emergingthreats.net/2004598
1 || 2004600 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php SELECT || cve,CVE-2007-3051 || url,www.milw0rm.com/exploits/4020 || url,doc.emergingthreats.net/2004600
1 || 2004601 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UNION SELECT || cve,CVE-2007-3051 || url,www.milw0rm.com/exploits/4020 || url,doc.emergingthreats.net/2004601
1 || 2004602 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php INSERT || cve,CVE-2007-3051 || url,www.milw0rm.com/exploits/4020 || url,doc.emergingthreats.net/2004602
1 || 2004603 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php DELETE || cve,CVE-2007-3051 || url,www.milw0rm.com/exploits/4020 || url,doc.emergingthreats.net/2004603
1 || 2004604 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php ASCII || cve,CVE-2007-3051 || url,www.milw0rm.com/exploits/4020 || url,doc.emergingthreats.net/2004604
1 || 2004605 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RevokeSoft RevokeBB SQL Injection Attempt -- class_users.php UPDATE || cve,CVE-2007-3051 || url,www.milw0rm.com/exploits/4020 || url,doc.emergingthreats.net/2004605
1 || 2004606 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c SELECT || cve,CVE-2007-3052 || url,www.milw0rm.com/exploits/4026 || url,doc.emergingthreats.net/2004606
1 || 2004607 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c UNION SELECT || cve,CVE-2007-3052 || url,www.milw0rm.com/exploits/4026 || url,doc.emergingthreats.net/2004607
1 || 2004608 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c INSERT || cve,CVE-2007-3052 || url,www.milw0rm.com/exploits/4026 || url,doc.emergingthreats.net/2004608
1 || 2004609 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c DELETE || cve,CVE-2007-3052 || url,www.milw0rm.com/exploits/4026 || url,doc.emergingthreats.net/2004609
1 || 2004610 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c ASCII || cve,CVE-2007-3052 || url,www.milw0rm.com/exploits/4026 || url,doc.emergingthreats.net/2004610
1 || 2004611 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 SQL Injection Attempt -- index.php c UPDATE || cve,CVE-2007-3052 || url,www.milw0rm.com/exploits/4026 || url,doc.emergingthreats.net/2004611
1 || 2004612 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete SELECT || cve,CVE-2007-3063 || url,www.securityfocus.com/archive/1/archive/1/470483/100/0/threaded || url,doc.emergingthreats.net/2004612
1 || 2004613 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete UNION SELECT || cve,CVE-2007-3063 || url,www.securityfocus.com/archive/1/archive/1/470483/100/0/threaded || url,doc.emergingthreats.net/2004613
1 || 2004614 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete INSERT || cve,CVE-2007-3063 || url,www.securityfocus.com/archive/1/archive/1/470483/100/0/threaded || url,doc.emergingthreats.net/2004614
1 || 2004615 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete DELETE || cve,CVE-2007-3063 || url,www.securityfocus.com/archive/1/archive/1/470483/100/0/threaded || url,doc.emergingthreats.net/2004615
1 || 2004616 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete ASCII || cve,CVE-2007-3063 || url,www.securityfocus.com/archive/1/archive/1/470483/100/0/threaded || url,doc.emergingthreats.net/2004616
1 || 2004617 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My Datebook SQL Injection Attempt -- diary.php delete UPDATE || cve,CVE-2007-3063 || url,www.securityfocus.com/archive/1/archive/1/470483/100/0/threaded || url,doc.emergingthreats.net/2004617
1 || 2004618 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment SELECT || cve,CVE-2007-3065 || url,www.milw0rm.com/exploits/4019 || url,doc.emergingthreats.net/2004618
1 || 2004619 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment UNION SELECT || cve,CVE-2007-3065 || url,www.milw0rm.com/exploits/4019 || url,doc.emergingthreats.net/2004619
1 || 2004620 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment INSERT || cve,CVE-2007-3065 || url,www.milw0rm.com/exploits/4019 || url,doc.emergingthreats.net/2004620
1 || 2004621 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment DELETE || cve,CVE-2007-3065 || url,www.milw0rm.com/exploits/4019 || url,doc.emergingthreats.net/2004621
1 || 2004622 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment ASCII || cve,CVE-2007-3065 || url,www.milw0rm.com/exploits/4019 || url,doc.emergingthreats.net/2004622
1 || 2004623 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Soft Particle Gallery SQL Injection Attempt -- viewimage.php editcomment UPDATE || cve,CVE-2007-3065 || url,www.milw0rm.com/exploits/4019 || url,doc.emergingthreats.net/2004623
1 || 2004624 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank SELECT || cve,CVE-2007-3077 || url,www.milw0rm.com/exploits/4030 || url,doc.emergingthreats.net/2004624
1 || 2004625 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank UNION SELECT || cve,CVE-2007-3077 || url,www.milw0rm.com/exploits/4030 || url,doc.emergingthreats.net/2004625
1 || 2004626 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank INSERT || cve,CVE-2007-3077 || url,www.milw0rm.com/exploits/4030 || url,doc.emergingthreats.net/2004626
1 || 2004627 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank DELETE || cve,CVE-2007-3077 || url,www.milw0rm.com/exploits/4030 || url,doc.emergingthreats.net/2004627
1 || 2004628 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank ASCII || cve,CVE-2007-3077 || url,www.milw0rm.com/exploits/4030 || url,doc.emergingthreats.net/2004628
1 || 2004629 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EQdkp SQL Injection Attempt -- listmembers.php rank UPDATE || cve,CVE-2007-3077 || url,www.milw0rm.com/exploits/4030 || url,doc.emergingthreats.net/2004629
1 || 2004630 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id UNION SELECT || cve,CVE-2007-3080 || url,www.securityfocus.com/bid/24288 || url,doc.emergingthreats.net/2004630
1 || 2004631 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id INSERT || cve,CVE-2007-3080 || url,www.securityfocus.com/bid/24288 || url,doc.emergingthreats.net/2004631
1 || 2004632 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id DELETE || cve,CVE-2007-3080 || url,www.securityfocus.com/bid/24288 || url,doc.emergingthreats.net/2004632
1 || 2004633 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id ASCII || cve,CVE-2007-3080 || url,www.securityfocus.com/bid/24288 || url,doc.emergingthreats.net/2004633
1 || 2004634 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id UPDATE || cve,CVE-2007-3080 || url,www.securityfocus.com/bid/24288 || url,doc.emergingthreats.net/2004634
1 || 2004635 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi SELECT || cve,CVE-2007-3088 || url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded || url,doc.emergingthreats.net/2004635
1 || 2004636 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi UNION SELECT || cve,CVE-2007-3088 || url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded || url,doc.emergingthreats.net/2004636
1 || 2004637 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi INSERT || cve,CVE-2007-3088 || url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded || url,doc.emergingthreats.net/2004637
1 || 2004638 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi DELETE || cve,CVE-2007-3088 || url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded || url,doc.emergingthreats.net/2004638
1 || 2004639 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi ASCII || cve,CVE-2007-3088 || url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded || url,doc.emergingthreats.net/2004639
1 || 2004640 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi UPDATE || cve,CVE-2007-3088 || url,www.securityfocus.com/archive/1/archive/1/470598/100/0/threaded || url,doc.emergingthreats.net/2004640
1 || 2004641 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id SELECT || cve,CVE-2007-3119 || url,www.exploit-db.com/exploits/4040/ || url,doc.emergingthreats.net/2004641
1 || 2004642 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id UNION SELECT || cve,CVE-2007-3119 || url,www.exploit-db.com/exploits/4040/ || url,doc.emergingthreats.net/2004642
1 || 2004643 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id INSERT || cve,CVE-2007-3119 || url,www.exploit-db.com/exploits/4040/ || url,doc.emergingthreats.net/2004643
1 || 2004644 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id DELETE || cve,CVE-2007-3119 || url,www.exploit-db.com/exploits/4040/ || url,doc.emergingthreats.net/2004644
1 || 2004645 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id ASCII || cve,CVE-2007-3119 || url,www.exploit-db.com/exploits/4040/ || url,doc.emergingthreats.net/2004645
1 || 2004646 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kartli Alisveris Sistemi SQL Injection Attempt -- news.asp news_id UPDATE || cve,CVE-2007-3119 || url,www.exploit-db.com/exploits/4040/ || url,doc.emergingthreats.net/2004646
1 || 2004647 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id SELECT || cve,CVE-2007-3133 || url,www.securityfocus.com/bid/24364 || url,doc.emergingthreats.net/2004647
1 || 2004648 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id UNION SELECT || cve,CVE-2007-3133 || url,www.securityfocus.com/bid/24364 || url,doc.emergingthreats.net/2004648
1 || 2004649 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id INSERT || cve,CVE-2007-3133 || url,www.securityfocus.com/bid/24364 || url,doc.emergingthreats.net/2004649
1 || 2004650 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id DELETE || cve,CVE-2007-3133 || url,www.securityfocus.com/bid/24364 || url,doc.emergingthreats.net/2004650
1 || 2004651 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id ASCII || cve,CVE-2007-3133 || url,www.securityfocus.com/bid/24364 || url,doc.emergingthreats.net/2004651
1 || 2004652 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id UPDATE || cve,CVE-2007-3133 || url,www.securityfocus.com/bid/24364 || url,doc.emergingthreats.net/2004652
1 || 2004654 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php SELECT || cve,CVE-2007-3140 || url,www.milw0rm.com/exploits/4039 || url,doc.emergingthreats.net/2004654
1 || 2004655 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php UNION SELECT || cve,CVE-2007-3140 || url,www.milw0rm.com/exploits/4039 || url,doc.emergingthreats.net/2004655
1 || 2004656 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php INSERT || cve,CVE-2007-3140 || url,www.milw0rm.com/exploits/4039 || url,doc.emergingthreats.net/2004656
1 || 2004657 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php DELETE || cve,CVE-2007-3140 || url,www.milw0rm.com/exploits/4039 || url,doc.emergingthreats.net/2004657
1 || 2004658 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php ASCII || cve,CVE-2007-3140 || url,www.milw0rm.com/exploits/4039 || url,doc.emergingthreats.net/2004658
1 || 2004659 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress 2.2 SQL Injection Attempt -- xmlrpc.php UPDATE || cve,CVE-2007-3140 || url,www.milw0rm.com/exploits/4039 || url,doc.emergingthreats.net/2004659
1 || 2004660 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria SELECT || cve,CVE-2007-1293 || url,www.milw0rm.com/exploits/3403 || url,doc.emergingthreats.net/2004660
1 || 2004661 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria UNION SELECT || cve,CVE-2007-1293 || url,www.milw0rm.com/exploits/3403 || url,doc.emergingthreats.net/2004661
1 || 2004662 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria INSERT || cve,CVE-2007-1293 || url,www.milw0rm.com/exploits/3403 || url,doc.emergingthreats.net/2004662
1 || 2004663 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria DELETE || cve,CVE-2007-1293 || url,www.milw0rm.com/exploits/3403 || url,doc.emergingthreats.net/2004663
1 || 2004664 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria ASCII || cve,CVE-2007-1293 || url,www.milw0rm.com/exploits/3403 || url,doc.emergingthreats.net/2004664
1 || 2004665 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rigter Portal System (RPS) SQL Injection Attempt -- index.php categoria UPDATE || cve,CVE-2007-1293 || url,www.milw0rm.com/exploits/3403 || url,doc.emergingthreats.net/2004665
1 || 2004666 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids SELECT || cve,CVE-2007-1292 || url,www.milw0rm.com/exploits/3387 || url,doc.emergingthreats.net/2004666
1 || 2004667 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids UNION SELECT || cve,CVE-2007-1292 || url,www.milw0rm.com/exploits/3387 || url,doc.emergingthreats.net/2004667
1 || 2004668 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids INSERT || cve,CVE-2007-1292 || url,www.milw0rm.com/exploits/3387 || url,doc.emergingthreats.net/2004668
1 || 2004669 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids DELETE || cve,CVE-2007-1292 || url,www.milw0rm.com/exploits/3387 || url,doc.emergingthreats.net/2004669
1 || 2004670 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids ASCII || cve,CVE-2007-1292 || url,www.milw0rm.com/exploits/3387 || url,doc.emergingthreats.net/2004670
1 || 2004671 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids UPDATE || cve,CVE-2007-1292 || url,www.milw0rm.com/exploits/3387 || url,doc.emergingthreats.net/2004671
1 || 2004672 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug SELECT || cve,CVE-2007-1290 || url,www.secunia.com/advisories/24385 || url,doc.emergingthreats.net/2004672
1 || 2004673 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug UNION SELECT || cve,CVE-2007-1290 || url,www.secunia.com/advisories/24385 || url,doc.emergingthreats.net/2004673
1 || 2004674 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug INSERT || cve,CVE-2007-1290 || url,www.secunia.com/advisories/24385 || url,doc.emergingthreats.net/2004674
1 || 2004675 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug DELETE || cve,CVE-2007-1290 || url,www.secunia.com/advisories/24385 || url,doc.emergingthreats.net/2004675
1 || 2004676 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug ASCII || cve,CVE-2007-1290 || url,www.secunia.com/advisories/24385 || url,doc.emergingthreats.net/2004676
1 || 2004677 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewReport.php bug UPDATE || cve,CVE-2007-1290 || url,www.secunia.com/advisories/24385 || url,doc.emergingthreats.net/2004677
1 || 2004678 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s SELECT || cve,CVE-2007-1289 || url,www.securityfocus.com/bid/22799 || url,doc.emergingthreats.net/2004678
1 || 2004679 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s INSERT || cve,CVE-2007-1289 || url,www.securityfocus.com/bid/22799 || url,doc.emergingthreats.net/2004679
1 || 2004680 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s DELETE || cve,CVE-2007-1289 || url,www.securityfocus.com/bid/22799 || url,doc.emergingthreats.net/2004680
1 || 2004681 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s ASCII || cve,CVE-2007-1289 || url,www.securityfocus.com/bid/22799 || url,doc.emergingthreats.net/2004681
1 || 2004682 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s UPDATE || cve,CVE-2007-1289 || url,www.securityfocus.com/bid/22799 || url,doc.emergingthreats.net/2004682
1 || 2004683 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid SELECT || cve,CVE-2006-7118 || url,www.securityfocus.com/bid/21064 || url,doc.emergingthreats.net/2004683
1 || 2004684 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid UNION SELECT || cve,CVE-2006-7118 || url,www.securityfocus.com/bid/21064 || url,doc.emergingthreats.net/2004684
1 || 2004685 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid INSERT || cve,CVE-2006-7118 || url,www.securityfocus.com/bid/21064 || url,doc.emergingthreats.net/2004685
1 || 2004686 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid DELETE || cve,CVE-2006-7118 || url,www.securityfocus.com/bid/21064 || url,doc.emergingthreats.net/2004686
1 || 2004687 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid ASCII || cve,CVE-2006-7118 || url,www.securityfocus.com/bid/21064 || url,doc.emergingthreats.net/2004687
1 || 2004688 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid UPDATE || cve,CVE-2006-7118 || url,www.securityfocus.com/bid/21064 || url,doc.emergingthreats.net/2004688
1 || 2004689 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id SELECT || cve,CVE-2006-7116 || url,www.exploit-db.com/exploits/2863/ || url,doc.emergingthreats.net/2004689
1 || 2004690 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id UNION SELECT || cve,CVE-2006-7116 || url,www.exploit-db.com/exploits/2863/ || url,doc.emergingthreats.net/2004690
1 || 2004691 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id INSERT || cve,CVE-2006-7116 || url,www.exploit-db.com/exploits/2863/ || url,doc.emergingthreats.net/2004691
1 || 2004692 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id DELETE || cve,CVE-2006-7116 || url,www.exploit-db.com/exploits/2863/ || url,doc.emergingthreats.net/2004692
1 || 2004693 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id ASCII || cve,CVE-2006-7116 || url,www.exploit-db.com/exploits/2863/ || url,doc.emergingthreats.net/2004693
1 || 2004694 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kubix SQL Injection Attempt -- index.php member_id UPDATE || cve,CVE-2006-7116 || url,www.exploit-db.com/exploits/2863/ || url,doc.emergingthreats.net/2004694
1 || 2004695 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid SELECT || cve,CVE-2006-7115 || url,www.securityfocus.com/bid/21002 || url,doc.emergingthreats.net/2004695
1 || 2004696 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid UNION SELECT || cve,CVE-2006-7115 || url,www.securityfocus.com/bid/21002 || url,doc.emergingthreats.net/2004696
1 || 2004697 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid INSERT || cve,CVE-2006-7115 || url,www.securityfocus.com/bid/21002 || url,doc.emergingthreats.net/2004697
1 || 2004698 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid DELETE || cve,CVE-2006-7115 || url,www.securityfocus.com/bid/21002 || url,doc.emergingthreats.net/2004698
1 || 2004699 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid ASCII || cve,CVE-2006-7115 || url,www.securityfocus.com/bid/21002 || url,doc.emergingthreats.net/2004699
1 || 2004700 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid UPDATE || cve,CVE-2006-7115 || url,www.securityfocus.com/bid/21002 || url,doc.emergingthreats.net/2004700
1 || 2004701 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php SELECT || cve,CVE-2006-7101 || url,www.milw0rm.com/exploits/2759 || url,doc.emergingthreats.net/2004701
1 || 2004702 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php UNION SELECT || cve,CVE-2006-7101 || url,www.milw0rm.com/exploits/2759 || url,doc.emergingthreats.net/2004702
1 || 2004703 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php DELETE || cve,CVE-2006-7101 || url,www.milw0rm.com/exploits/2759 || url,doc.emergingthreats.net/2004703
1 || 2004704 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php ASCII || cve,CVE-2006-7101 || url,www.milw0rm.com/exploits/2759 || url,doc.emergingthreats.net/2004704
1 || 2004705 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage SELECT || cve,CVE-2007-1255 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004705
1 || 2004706 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage UNION SELECT || cve,CVE-2007-1255 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004706
1 || 2004707 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage INSERT || cve,CVE-2007-1255 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004707
1 || 2004708 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage DELETE || cve,CVE-2007-1255 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004708
1 || 2004709 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage ASCII || cve,CVE-2007-1255 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004709
1 || 2004710 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- admin.php uploadimage UPDATE || cve,CVE-2007-1255 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004710
1 || 2004711 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin SELECT || cve,CVE-2007-1254 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004711
1 || 2004712 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin UNION SELECT || cve,CVE-2007-1254 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004712
1 || 2004713 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin INSERT || cve,CVE-2007-1254 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004713
1 || 2004714 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin DELETE || cve,CVE-2007-1254 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004714
1 || 2004715 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin ASCII || cve,CVE-2007-1254 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004715
1 || 2004716 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin UPDATE || cve,CVE-2007-1254 || url,www.milw0rm.com/exploits/3352 || url,doc.emergingthreats.net/2004716
1 || 2004717 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id SELECT || cve,CVE-2007-1250 || url,www.milw0rm.com/exploits/3390 || url,doc.emergingthreats.net/2004717
1 || 2004718 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id UNION SELECT || cve,CVE-2007-1250 || url,www.milw0rm.com/exploits/3390 || url,doc.emergingthreats.net/2004718
1 || 2004719 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id INSERT || cve,CVE-2007-1250 || url,www.milw0rm.com/exploits/3390 || url,doc.emergingthreats.net/2004719
1 || 2004720 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id DELETE || cve,CVE-2007-1250 || url,www.milw0rm.com/exploits/3390 || url,doc.emergingthreats.net/2004720
1 || 2004721 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id ASCII || cve,CVE-2007-1250 || url,www.milw0rm.com/exploits/3390 || url,doc.emergingthreats.net/2004721
1 || 2004723 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ANGEL Learning Management Suite (LMS) SQL Injection Attempt -- default.asp id UPDATE || cve,CVE-2007-1250 || url,www.milw0rm.com/exploits/3390 || url,doc.emergingthreats.net/2004723
1 || 2004724 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Audins Audiens SQL Injection Attempt -- index.php PHPSESSID SELECT || cve,CVE-2007-1242 || url,www.securityfocus.com/bid/22728 || url,doc.emergingthreats.net/2004724
1 || 2004725 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Audins Audiens SQL Injection Attempt -- index.php PHPSESSID UNION SELECT || cve,CVE-2007-1242 || url,www.securityfocus.com/bid/22728 || url,doc.emergingthreats.net/2004725
1 || 2004726 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Audins Audiens SQL Injection Attempt -- index.php PHPSESSID INSERT || cve,CVE-2007-1242 || url,www.securityfocus.com/bid/22728 || url,doc.emergingthreats.net/2004726
1 || 2004727 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Audins Audiens SQL Injection Attempt -- index.php PHPSESSID DELETE || cve,CVE-2007-1242 || url,www.securityfocus.com/bid/22728 || url,doc.emergingthreats.net/2004727
1 || 2004728 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Audins Audiens SQL Injection Attempt -- index.php PHPSESSID ASCII || cve,CVE-2007-1242 || url,www.securityfocus.com/bid/22728 || url,doc.emergingthreats.net/2004728
1 || 2004729 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Audins Audiens SQL Injection Attempt -- index.php PHPSESSID UPDATE || cve,CVE-2007-1242 || url,www.securityfocus.com/bid/22728 || url,doc.emergingthreats.net/2004729
1 || 2004730 || 6 || web-application-attack || 0 || ET DELETED NukeSentinel SQL Injection Attempt -- nukesentinel.php SELECT || cve,CVE-2007-1172 || url,www.milw0rm.com/exploits/3338 || url,doc.emergingthreats.net/2004730
1 || 2004731 || 6 || web-application-attack || 0 || ET DELETED NukeSentinel SQL Injection Attempt -- nukesentinel.php UNION SELECT || cve,CVE-2007-1172 || url,www.milw0rm.com/exploits/3338 || url,doc.emergingthreats.net/2004731
1 || 2004732 || 6 || web-application-attack || 0 || ET DELETED NukeSentinel SQL Injection Attempt -- nukesentinel.php INSERT || cve,CVE-2007-1172 || url,www.milw0rm.com/exploits/3338 || url,doc.emergingthreats.net/2004732
1 || 2004733 || 6 || web-application-attack || 0 || ET DELETED NukeSentinel SQL Injection Attempt -- nukesentinel.php DELETE || cve,CVE-2007-1172 || url,www.milw0rm.com/exploits/3338 || url,doc.emergingthreats.net/2004733
1 || 2004734 || 6 || web-application-attack || 0 || ET DELETED NukeSentinel SQL Injection Attempt -- nukesentinel.php ASCII || cve,CVE-2007-1172 || url,www.milw0rm.com/exploits/3338 || url,doc.emergingthreats.net/2004734
1 || 2004735 || 6 || web-application-attack || 0 || ET DELETED NukeSentinel SQL Injection Attempt -- nukesentinel.php UPDATE || cve,CVE-2007-1172 || url,www.milw0rm.com/exploits/3338 || url,doc.emergingthreats.net/2004735
1 || 2004736 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php SELECT || cve,CVE-2007-1171 || url,www.milw0rm.com/exploits/3337 || url,doc.emergingthreats.net/2004736
1 || 2004737 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php UNION SELECT || cve,CVE-2007-1171 || url,www.milw0rm.com/exploits/3337 || url,doc.emergingthreats.net/2004737
1 || 2004738 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php INSERT || cve,CVE-2007-1171 || url,www.milw0rm.com/exploits/3337 || url,doc.emergingthreats.net/2004738
1 || 2004739 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php DELETE || cve,CVE-2007-1171 || url,www.milw0rm.com/exploits/3337 || url,doc.emergingthreats.net/2004739
1 || 2004740 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php ASCII || cve,CVE-2007-1171 || url,www.milw0rm.com/exploits/3337 || url,doc.emergingthreats.net/2004740
1 || 2004741 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php UPDATE || cve,CVE-2007-1171 || url,www.milw0rm.com/exploits/3337 || url,doc.emergingthreats.net/2004741
1 || 2004742 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nabopoll SQL Injection Attempt -- result.php surv SELECT || cve,CVE-2007-1166 || url,www.exploit-db.com/exploits/3355/ || url,doc.emergingthreats.net/2004742
1 || 2004743 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nabopoll SQL Injection Attempt -- result.php surv UNION SELECT || cve,CVE-2007-1166 || url,www.exploit-db.com/exploits/3355/ || url,doc.emergingthreats.net/2004743
1 || 2004744 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nabopoll SQL Injection Attempt -- result.php surv INSERT || cve,CVE-2007-1166 || url,www.exploit-db.com/exploits/3355/ || url,doc.emergingthreats.net/2004744
1 || 2004745 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nabopoll SQL Injection Attempt -- result.php surv DELETE || cve,CVE-2007-1166 || url,www.exploit-db.com/exploits/3355/ || url,doc.emergingthreats.net/2004745
1 || 2004746 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nabopoll SQL Injection Attempt -- result.php surv ASCII || cve,CVE-2007-1166 || url,www.exploit-db.com/exploits/3355/ || url,doc.emergingthreats.net/2004746
1 || 2004747 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nabopoll SQL Injection Attempt -- result.php surv UPDATE || cve,CVE-2007-1166 || url,www.exploit-db.com/exploits/3355/ || url,doc.emergingthreats.net/2004747
1 || 2004748 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic SELECT || cve,CVE-2007-1163 || url,www.milw0rm.com/exploits/3351 || url,doc.emergingthreats.net/2004748
1 || 2004749 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic UNION SELECT || cve,CVE-2007-1163 || url,www.milw0rm.com/exploits/3351 || url,doc.emergingthreats.net/2004749
1 || 2004750 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic INSERT || cve,CVE-2007-1163 || url,www.milw0rm.com/exploits/3351 || url,doc.emergingthreats.net/2004750
1 || 2004751 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic DELETE || cve,CVE-2007-1163 || url,www.milw0rm.com/exploits/3351 || url,doc.emergingthreats.net/2004751
1 || 2004752 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic ASCII || cve,CVE-2007-1163 || url,www.milw0rm.com/exploits/3351 || url,doc.emergingthreats.net/2004752
1 || 2004753 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- printview.php topic UPDATE || cve,CVE-2007-1163 || url,www.milw0rm.com/exploits/3351 || url,doc.emergingthreats.net/2004753
1 || 2004754 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- index.php strid SELECT || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004754
1 || 2004755 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- index.php strid UNION SELECT || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004755
1 || 2004756 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- index.php strid INSERT || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004756
1 || 2004757 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- index.php strid DELETE || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004757
1 || 2004758 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- index.php strid ASCII || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004758
1 || 2004759 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- index.php strid UPDATE || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004759
1 || 2004760 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- filecheck.php id SELECT || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004760
1 || 2004761 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- filecheck.php id UNION SELECT || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004761
1 || 2004762 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- filecheck.php id INSERT || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004762
1 || 2004763 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- filecheck.php id DELETE || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004763
1 || 2004764 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- filecheck.php id ASCII || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004764
1 || 2004765 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMplayer SQL Injection Attempt -- filecheck.php id UPDATE || cve,CVE-2007-1135 || url,www.securityfocus.com/bid/22726 || url,doc.emergingthreats.net/2004765
1 || 2004766 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo LaiThai SQL Injection Attempt -- mambo.php SELECT || cve,CVE-2006-7092 || url,www.securityfocus.com/bid/20413 || url,doc.emergingthreats.net/2004766
1 || 2004767 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo LaiThai SQL Injection Attempt -- mambo.php UNION SELECT || cve,CVE-2006-7092 || url,www.securityfocus.com/bid/20413 || url,doc.emergingthreats.net/2004767
1 || 2004768 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo LaiThai SQL Injection Attempt -- mambo.php INSERT || cve,CVE-2006-7092 || url,www.securityfocus.com/bid/20413 || url,doc.emergingthreats.net/2004768
1 || 2004769 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo LaiThai SQL Injection Attempt -- mambo.php DELETE || cve,CVE-2006-7092 || url,www.securityfocus.com/bid/20413 || url,doc.emergingthreats.net/2004769
1 || 2004770 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo LaiThai SQL Injection Attempt -- mambo.php ASCII || cve,CVE-2006-7092 || url,www.securityfocus.com/bid/20413 || url,doc.emergingthreats.net/2004770
1 || 2004771 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo LaiThai SQL Injection Attempt -- mambo.php UPDATE || cve,CVE-2006-7092 || url,www.securityfocus.com/bid/20413 || url,doc.emergingthreats.net/2004771
1 || 2004772 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ban SQL Injection Attempt -- connexion.php id SELECT || cve,CVE-2006-7089 || url,marc.theaimsgroup.com/?l=bugtraq&m=116205673106780&w=2 || url,doc.emergingthreats.net/2004772
1 || 2004773 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ban SQL Injection Attempt -- connexion.php id UNION SELECT || cve,CVE-2006-7089 || url,marc.theaimsgroup.com/?l=bugtraq&m=116205673106780&w=2 || url,doc.emergingthreats.net/2004773
1 || 2004774 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ban SQL Injection Attempt -- connexion.php id INSERT || cve,CVE-2006-7089 || url,marc.theaimsgroup.com/?l=bugtraq&m=116205673106780&w=2 || url,doc.emergingthreats.net/2004774
1 || 2004775 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ban SQL Injection Attempt -- connexion.php id DELETE || cve,CVE-2006-7089 || url,marc.theaimsgroup.com/?l=bugtraq&m=116205673106780&w=2 || url,doc.emergingthreats.net/2004775
1 || 2004776 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ban SQL Injection Attempt -- connexion.php id ASCII || cve,CVE-2006-7089 || url,marc.theaimsgroup.com/?l=bugtraq&m=116205673106780&w=2 || url,doc.emergingthreats.net/2004776
1 || 2004778 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ban SQL Injection Attempt -- connexion.php id UPDATE || cve,CVE-2006-7089 || url,marc.theaimsgroup.com/?l=bugtraq&m=116205673106780&w=2 || url,doc.emergingthreats.net/2004778
1 || 2004779 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- logon_user.php username SELECT || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004779
1 || 2004780 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- logon_user.php username UNION SELECT || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004780
1 || 2004781 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- logon_user.php username INSERT || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004781
1 || 2004782 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- logon_user.php username DELETE || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004782
1 || 2004783 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- logon_user.php username ASCII || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004783
1 || 2004784 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- logon_user.php username UPDATE || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004784
1 || 2004785 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- update_profile.php username SELECT || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004785
1 || 2004786 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- update_profile.php username UNION SELECT || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004786
1 || 2004787 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- update_profile.php username INSERT || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004787
1 || 2004788 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- update_profile.php username DELETE || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004788
1 || 2004789 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- update_profile.php username ASCII || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004789
1 || 2004790 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple PHP Forum SQL Injection Attempt -- update_profile.php username UPDATE || cve,CVE-2006-7088 || url,xforce.iss.net/xforce/xfdb/30252 || url,doc.emergingthreats.net/2004790
1 || 2004797 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP SELECT || cve,CVE-2006-7071 || url,www.milw0rm.com/exploits/2010 || url,doc.emergingthreats.net/2004797
1 || 2004798 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP UNION SELECT || cve,CVE-2006-7071 || url,www.milw0rm.com/exploits/2010 || url,doc.emergingthreats.net/2004798
1 || 2004799 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP INSERT || cve,CVE-2006-7071 || url,www.milw0rm.com/exploits/2010 || url,doc.emergingthreats.net/2004799
1 || 2004800 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP DELETE || cve,CVE-2006-7071 || url,www.milw0rm.com/exploits/2010 || url,doc.emergingthreats.net/2004800
1 || 2004801 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP ASCII || cve,CVE-2006-7071 || url,www.milw0rm.com/exploits/2010 || url,doc.emergingthreats.net/2004801
1 || 2004802 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Power Board (IPB) SQL Injection Attempt -- class_session.php CLIENT_IP UPDATE || cve,CVE-2006-7071 || url,www.milw0rm.com/exploits/2010 || url,doc.emergingthreats.net/2004802
1 || 2004803 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id SELECT || cve,CVE-2007-1122 || url,www.securityfocus.com/bid/22685 || url,doc.emergingthreats.net/2004803
1 || 2004804 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id UNION SELECT || cve,CVE-2007-1122 || url,www.securityfocus.com/bid/22685 || url,doc.emergingthreats.net/2004804
1 || 2004805 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id INSERT || cve,CVE-2007-1122 || url,www.securityfocus.com/bid/22685 || url,doc.emergingthreats.net/2004805
1 || 2004806 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id DELETE || cve,CVE-2007-1122 || url,www.securityfocus.com/bid/22685 || url,doc.emergingthreats.net/2004806
1 || 2004807 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id ASCII || cve,CVE-2007-1122 || url,www.securityfocus.com/bid/22685 || url,doc.emergingthreats.net/2004807
1 || 2004808 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) SQL Injection Attempt -- functions.php id UPDATE || cve,CVE-2007-1122 || url,www.securityfocus.com/bid/22685 || url,doc.emergingthreats.net/2004808
1 || 2004809 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav SELECT || cve,CVE-2007-1107 || url,www.milw0rm.com/exploits/3371 || url,doc.emergingthreats.net/2004809
1 || 2004810 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav UNION SELECT || cve,CVE-2007-1107 || url,www.milw0rm.com/exploits/3371 || url,doc.emergingthreats.net/2004810
1 || 2004811 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav INSERT || cve,CVE-2007-1107 || url,www.milw0rm.com/exploits/3371 || url,doc.emergingthreats.net/2004811
1 || 2004812 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav DELETE || cve,CVE-2007-1107 || url,www.milw0rm.com/exploits/3371 || url,doc.emergingthreats.net/2004812
1 || 2004813 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav ASCII || cve,CVE-2007-1107 || url,www.milw0rm.com/exploits/3371 || url,doc.emergingthreats.net/2004813
1 || 2004815 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery (CPG) SQL Injection Attempt -- thumbnails.php cpg131_fav UPDATE || cve,CVE-2007-1107 || url,www.milw0rm.com/exploits/3371 || url,doc.emergingthreats.net/2004815
1 || 2004816 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category SELECT || cve,CVE-2006-7057 || url,www.secunia.com/advisories/20131 || url,doc.emergingthreats.net/2004816
1 || 2004817 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category UNION SELECT || cve,CVE-2006-7057 || url,www.secunia.com/advisories/20131 || url,doc.emergingthreats.net/2004817
1 || 2004818 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category INSERT || cve,CVE-2006-7057 || url,www.secunia.com/advisories/20131 || url,doc.emergingthreats.net/2004818
1 || 2004819 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category DELETE || cve,CVE-2006-7057 || url,www.secunia.com/advisories/20131 || url,doc.emergingthreats.net/2004819
1 || 2004820 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category ASCII || cve,CVE-2006-7057 || url,www.secunia.com/advisories/20131 || url,doc.emergingthreats.net/2004820
1 || 2004821 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sphider SQL Injection Attempt -- search.php category UPDATE || cve,CVE-2006-7057 || url,www.secunia.com/advisories/20131 || url,doc.emergingthreats.net/2004821
1 || 2004822 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat SELECT || cve,CVE-2006-7034 || url,www.securityfocus.com/archive/1/archive/1/435166/30/4680/threaded || url,doc.emergingthreats.net/2004822
1 || 2004823 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat UNION SELECT || cve,CVE-2006-7034 || url,www.securityfocus.com/archive/1/archive/1/435166/30/4680/threaded || url,doc.emergingthreats.net/2004823
1 || 2004824 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat INSERT || cve,CVE-2006-7034 || url,www.securityfocus.com/archive/1/archive/1/435166/30/4680/threaded || url,doc.emergingthreats.net/2004824
1 || 2004825 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat DELETE || cve,CVE-2006-7034 || url,www.securityfocus.com/archive/1/archive/1/435166/30/4680/threaded || url,doc.emergingthreats.net/2004825
1 || 2004826 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat ASCII || cve,CVE-2006-7034 || url,www.securityfocus.com/archive/1/archive/1/435166/30/4680/threaded || url,doc.emergingthreats.net/2004826
1 || 2004827 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Super Link Exchange Script SQL Injection Attempt -- directory.php cat UPDATE || cve,CVE-2006-7034 || url,www.securityfocus.com/archive/1/archive/1/435166/30/4680/threaded || url,doc.emergingthreats.net/2004827
1 || 2004828 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd SELECT || cve,CVE-2006-7025 || url,www.secunia.com/advisories/19758 || url,doc.emergingthreats.net/2004828
1 || 2004829 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd UNION SELECT || cve,CVE-2006-7025 || url,www.secunia.com/advisories/19758 || url,doc.emergingthreats.net/2004829
1 || 2004830 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd INSERT || cve,CVE-2006-7025 || url,www.secunia.com/advisories/19758 || url,doc.emergingthreats.net/2004830
1 || 2004831 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd DELETE || cve,CVE-2006-7025 || url,www.secunia.com/advisories/19758 || url,doc.emergingthreats.net/2004831
1 || 2004832 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd ASCII || cve,CVE-2006-7025 || url,www.secunia.com/advisories/19758 || url,doc.emergingthreats.net/2004832
1 || 2004833 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bookmark4U SQL Injection Attempt -- config.php sqlcmd UPDATE || cve,CVE-2006-7025 || url,www.secunia.com/advisories/19758 || url,doc.emergingthreats.net/2004833
1 || 2004834 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id SELECT || cve,CVE-2007-1077 || url,www.securityfocus.com/bid/22636 || url,doc.emergingthreats.net/2004834
1 || 2004835 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id UNION SELECT || cve,CVE-2007-1077 || url,www.securityfocus.com/bid/22636 || url,doc.emergingthreats.net/2004835
1 || 2004836 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id INSERT || cve,CVE-2007-1077 || url,www.securityfocus.com/bid/22636 || url,doc.emergingthreats.net/2004836
1 || 2004837 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id DELETE || cve,CVE-2007-1077 || url,www.securityfocus.com/bid/22636 || url,doc.emergingthreats.net/2004837
1 || 2004838 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id ASCII || cve,CVE-2007-1077 || url,www.securityfocus.com/bid/22636 || url,doc.emergingthreats.net/2004838
1 || 2004839 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Design4Online UserPages2 SQL Injection Attempt -- page.asp art_id UPDATE || cve,CVE-2007-1077 || url,www.securityfocus.com/bid/22636 || url,doc.emergingthreats.net/2004839
1 || 2004840 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor SELECT || cve,CVE-2007-1073 || url,www.securityfocus.com/archive/1/archive/1/459796/100/200/threaded || url,doc.emergingthreats.net/2004840
1 || 2004841 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor UNION SELECT || cve,CVE-2007-1073 || url,www.securityfocus.com/archive/1/archive/1/459796/100/200/threaded || url,doc.emergingthreats.net/2004841
1 || 2004842 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor INSERT || cve,CVE-2007-1073 || url,www.securityfocus.com/archive/1/archive/1/459796/100/200/threaded || url,doc.emergingthreats.net/2004842
1 || 2004843 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor DELETE || cve,CVE-2007-1073 || url,www.securityfocus.com/archive/1/archive/1/459796/100/200/threaded || url,doc.emergingthreats.net/2004843
1 || 2004844 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor ASCII || cve,CVE-2007-1073 || url,www.securityfocus.com/archive/1/archive/1/459796/100/200/threaded || url,doc.emergingthreats.net/2004844
1 || 2004845 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mcRefer SQL Injection Attempt -- install.php bgcolor UPDATE || cve,CVE-2007-1073 || url,www.securityfocus.com/archive/1/archive/1/459796/100/200/threaded || url,doc.emergingthreats.net/2004845
1 || 2004846 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id UNION SELECT || cve,CVE-2007-1058 || url,www.milw0rm.com/exploits/3339 || url,doc.emergingthreats.net/2004846
1 || 2004847 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id INSERT || cve,CVE-2007-1058 || url,www.milw0rm.com/exploits/3339 || url,doc.emergingthreats.net/2004847
1 || 2004848 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id DELETE || cve,CVE-2007-1058 || url,www.milw0rm.com/exploits/3339 || url,doc.emergingthreats.net/2004848
1 || 2004849 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id ASCII || cve,CVE-2007-1058 || url,www.milw0rm.com/exploits/3339 || url,doc.emergingthreats.net/2004849
1 || 2004850 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id UPDATE || cve,CVE-2007-1058 || url,www.milw0rm.com/exploits/3339 || url,doc.emergingthreats.net/2004850
1 || 2004851 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id SELECT || cve,CVE-2007-1034 || url,www.milw0rm.com/exploits/3334 || url,doc.emergingthreats.net/2004851
1 || 2004852 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UNION SELECT || cve,CVE-2007-1034 || url,www.milw0rm.com/exploits/3334 || url,doc.emergingthreats.net/2004852
1 || 2004853 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id INSERT || cve,CVE-2007-1034 || url,www.milw0rm.com/exploits/3334 || url,doc.emergingthreats.net/2004853
1 || 2004854 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id DELETE || cve,CVE-2007-1034 || url,www.milw0rm.com/exploits/3334 || url,doc.emergingthreats.net/2004854
1 || 2004855 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id ASCII || cve,CVE-2007-1034 || url,www.milw0rm.com/exploits/3334 || url,doc.emergingthreats.net/2004855
1 || 2004856 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UPDATE || cve,CVE-2007-1034 || url,www.milw0rm.com/exploits/3334 || url,doc.emergingthreats.net/2004856
1 || 2004857 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XLAtunes SQL Injection Attempt -- view.php album SELECT || cve,CVE-2007-1026 || url,www.milw0rm.com/exploits/3327 || url,doc.emergingthreats.net/2004857
1 || 2004858 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XLAtunes SQL Injection Attempt -- view.php album UNION SELECT || cve,CVE-2007-1026 || url,www.milw0rm.com/exploits/3327 || url,doc.emergingthreats.net/2004858
1 || 2004859 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XLAtunes SQL Injection Attempt -- view.php album INSERT || cve,CVE-2007-1026 || url,www.milw0rm.com/exploits/3327 || url,doc.emergingthreats.net/2004859
1 || 2004860 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XLAtunes SQL Injection Attempt -- view.php album DELETE || cve,CVE-2007-1026 || url,www.milw0rm.com/exploits/3327 || url,doc.emergingthreats.net/2004860
1 || 2004861 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XLAtunes SQL Injection Attempt -- view.php album ASCII || cve,CVE-2007-1026 || url,www.milw0rm.com/exploits/3327 || url,doc.emergingthreats.net/2004861
1 || 2004862 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XLAtunes SQL Injection Attempt -- view.php album UPDATE || cve,CVE-2007-1026 || url,www.milw0rm.com/exploits/3327 || url,doc.emergingthreats.net/2004862
1 || 2004863 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id SELECT || cve,CVE-2007-1023 || url,www.milw0rm.com/exploits/3321 || url,doc.emergingthreats.net/2004863
1 || 2004864 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UNION SELECT || cve,CVE-2007-1023 || url,www.milw0rm.com/exploits/3321 || url,doc.emergingthreats.net/2004864
1 || 2004865 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id INSERT || cve,CVE-2007-1023 || url,www.milw0rm.com/exploits/3321 || url,doc.emergingthreats.net/2004865
1 || 2004866 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id DELETE || cve,CVE-2007-1023 || url,www.milw0rm.com/exploits/3321 || url,doc.emergingthreats.net/2004866
1 || 2004867 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id ASCII || cve,CVE-2007-1023 || url,www.milw0rm.com/exploits/3321 || url,doc.emergingthreats.net/2004867
1 || 2004868 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snitz Forums 2000 SQL Injection Attempt -- pop_profile.asp id UPDATE || cve,CVE-2007-1023 || url,www.milw0rm.com/exploits/3321 || url,doc.emergingthreats.net/2004868
1 || 2004869 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turuncu Portal SQL Injection Attempt -- h_goster.asp id SELECT || cve,CVE-2007-1022 || url,www.securityfocus.com/bid/22591 || url,doc.emergingthreats.net/2004869
1 || 2004870 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turuncu Portal SQL Injection Attempt -- h_goster.asp id UNION SELECT || cve,CVE-2007-1022 || url,www.securityfocus.com/bid/22591 || url,doc.emergingthreats.net/2004870
1 || 2004871 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turuncu Portal SQL Injection Attempt -- h_goster.asp id INSERT || cve,CVE-2007-1022 || url,www.securityfocus.com/bid/22591 || url,doc.emergingthreats.net/2004871
1 || 2004872 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turuncu Portal SQL Injection Attempt -- h_goster.asp id DELETE || cve,CVE-2007-1022 || url,www.securityfocus.com/bid/22591 || url,doc.emergingthreats.net/2004872
1 || 2004873 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turuncu Portal SQL Injection Attempt -- h_goster.asp id ASCII || cve,CVE-2007-1022 || url,www.securityfocus.com/bid/22591 || url,doc.emergingthreats.net/2004873
1 || 2004874 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turuncu Portal SQL Injection Attempt -- h_goster.asp id UPDATE || cve,CVE-2007-1022 || url,www.securityfocus.com/bid/22591 || url,doc.emergingthreats.net/2004874
1 || 2004875 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID SELECT || cve,CVE-2007-1021 || url,www.milw0rm.com/exploits/3317 || url,doc.emergingthreats.net/2004875
1 || 2004876 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID UNION SELECT || cve,CVE-2007-1021 || url,www.milw0rm.com/exploits/3317 || url,doc.emergingthreats.net/2004876
1 || 2004877 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID INSERT || cve,CVE-2007-1021 || url,www.milw0rm.com/exploits/3317 || url,doc.emergingthreats.net/2004877
1 || 2004878 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID DELETE || cve,CVE-2007-1021 || url,www.milw0rm.com/exploits/3317 || url,doc.emergingthreats.net/2004878
1 || 2004879 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID ASCII || cve,CVE-2007-1021 || url,www.milw0rm.com/exploits/3317 || url,doc.emergingthreats.net/2004879
1 || 2004880 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CodeAvalanche News SQL Injection Attempt -- inc_listnews.asp CAT_ID UPDATE || cve,CVE-2007-1021 || url,www.milw0rm.com/exploits/3317 || url,doc.emergingthreats.net/2004880
1 || 2004881 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- index.php showonly SELECT || cve,CVE-2007-1019 || url,www.milw0rm.com/exploits/3325 || url,doc.emergingthreats.net/2004881
1 || 2004882 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- index.php showonly UNION SELECT || cve,CVE-2007-1019 || url,www.milw0rm.com/exploits/3325 || url,doc.emergingthreats.net/2004882
1 || 2004883 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- index.php showonly INSERT || cve,CVE-2007-1019 || url,www.milw0rm.com/exploits/3325 || url,doc.emergingthreats.net/2004883
1 || 2004884 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- index.php showonly DELETE || cve,CVE-2007-1019 || url,www.milw0rm.com/exploits/3325 || url,doc.emergingthreats.net/2004884
1 || 2004885 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- index.php showonly ASCII || cve,CVE-2007-1019 || url,www.milw0rm.com/exploits/3325 || url,doc.emergingthreats.net/2004885
1 || 2004886 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- index.php showonly UPDATE || cve,CVE-2007-1019 || url,www.milw0rm.com/exploits/3325 || url,doc.emergingthreats.net/2004886
1 || 2004887 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id SELECT || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004887
1 || 2004888 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id UNION SELECT || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004888
1 || 2004889 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id INSERT || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004889
1 || 2004890 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id DELETE || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004890
1 || 2004891 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id ASCII || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004891
1 || 2004892 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- HaberDetay.asp id UPDATE || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004892
1 || 2004893 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid SELECT || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004893
1 || 2004894 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid UNION SELECT || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004894
1 || 2004895 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid INSERT || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004895
1 || 2004896 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid DELETE || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004896
1 || 2004897 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid ASCII || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004897
1 || 2004898 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aktueldownload Haber script SQL Injection Attempt -- rss.asp kid UPDATE || cve,CVE-2007-1016 || url,www.frsirt.com/english/advisories/2007/0620 || url,doc.emergingthreats.net/2004898
1 || 2004899 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCC SQL Injection Attempt -- nickpage.php npid SELECT || cve,CVE-2007-0985 || url,www.milw0rm.com/exploits/3299 || url,doc.emergingthreats.net/2004899
1 || 2004900 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCC SQL Injection Attempt -- nickpage.php npid UNION SELECT || cve,CVE-2007-0985 || url,www.milw0rm.com/exploits/3299 || url,doc.emergingthreats.net/2004900
1 || 2004901 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCC SQL Injection Attempt -- nickpage.php npid INSERT || cve,CVE-2007-0985 || url,www.milw0rm.com/exploits/3299 || url,doc.emergingthreats.net/2004901
1 || 2004902 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCC SQL Injection Attempt -- nickpage.php npid DELETE || cve,CVE-2007-0985 || url,www.milw0rm.com/exploits/3299 || url,doc.emergingthreats.net/2004902
1 || 2004903 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCC SQL Injection Attempt -- nickpage.php npid ASCII || cve,CVE-2007-0985 || url,www.milw0rm.com/exploits/3299 || url,doc.emergingthreats.net/2004903
1 || 2004904 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCC SQL Injection Attempt -- nickpage.php npid UPDATE || cve,CVE-2007-0985 || url,www.milw0rm.com/exploits/3299 || url,doc.emergingthreats.net/2004904
1 || 2004905 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PollMentor SQL Injection Attempt -- pollmentorres.asp id SELECT || cve,CVE-2007-0984 || url,www.milw0rm.com/exploits/3301 || url,doc.emergingthreats.net/2004905
1 || 2004906 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PollMentor SQL Injection Attempt -- pollmentorres.asp id UNION SELECT || cve,CVE-2007-0984 || url,www.milw0rm.com/exploits/3301 || url,doc.emergingthreats.net/2004906
1 || 2004907 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PollMentor SQL Injection Attempt -- pollmentorres.asp id INSERT || cve,CVE-2007-0984 || url,www.milw0rm.com/exploits/3301 || url,doc.emergingthreats.net/2004907
1 || 2004908 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PollMentor SQL Injection Attempt -- pollmentorres.asp id DELETE || cve,CVE-2007-0984 || url,www.milw0rm.com/exploits/3301 || url,doc.emergingthreats.net/2004908
1 || 2004909 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PollMentor SQL Injection Attempt -- pollmentorres.asp id ASCII || cve,CVE-2007-0984 || url,www.milw0rm.com/exploits/3301 || url,doc.emergingthreats.net/2004909
1 || 2004910 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PollMentor SQL Injection Attempt -- pollmentorres.asp id UPDATE || cve,CVE-2007-0984 || url,www.milw0rm.com/exploits/3301 || url,doc.emergingthreats.net/2004910
1 || 2004911 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebTester SQL Injection Attempt -- directions.php testID SELECT || cve,CVE-2007-0970 || url,www.securityfocus.com/bid/22559 || url,doc.emergingthreats.net/2004911
1 || 2004912 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebTester SQL Injection Attempt -- directions.php testID UNION SELECT || cve,CVE-2007-0970 || url,www.securityfocus.com/bid/22559 || url,doc.emergingthreats.net/2004912
1 || 2004913 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebTester SQL Injection Attempt -- directions.php testID INSERT || cve,CVE-2007-0970 || url,www.securityfocus.com/bid/22559 || url,doc.emergingthreats.net/2004913
1 || 2004914 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebTester SQL Injection Attempt -- directions.php testID DELETE || cve,CVE-2007-0970 || url,www.securityfocus.com/bid/22559 || url,doc.emergingthreats.net/2004914
1 || 2004915 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebTester SQL Injection Attempt -- directions.php testID ASCII || cve,CVE-2007-0970 || url,www.securityfocus.com/bid/22559 || url,doc.emergingthreats.net/2004915
1 || 2004916 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebTester SQL Injection Attempt -- directions.php testID UPDATE || cve,CVE-2007-0970 || url,www.securityfocus.com/bid/22559 || url,doc.emergingthreats.net/2004916
1 || 2004917 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat SELECT || cve,CVE-2007-0951 || url,www.securityfocus.com/bid/22545 || url,doc.emergingthreats.net/2004917
1 || 2004918 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat UNION SELECT || cve,CVE-2007-0951 || url,www.securityfocus.com/bid/22545 || url,doc.emergingthreats.net/2004918
1 || 2004919 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat INSERT || cve,CVE-2007-0951 || url,www.securityfocus.com/bid/22545 || url,doc.emergingthreats.net/2004919
1 || 2004920 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat DELETE || cve,CVE-2007-0951 || url,www.securityfocus.com/bid/22545 || url,doc.emergingthreats.net/2004920
1 || 2004921 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat ASCII || cve,CVE-2007-0951 || url,www.securityfocus.com/bid/22545 || url,doc.emergingthreats.net/2004921
1 || 2004923 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite ASP Hosting Site SQL Injection Attempt -- listmain.asp cat UPDATE || cve,CVE-2007-0951 || url,www.securityfocus.com/bid/22545 || url,doc.emergingthreats.net/2004923
1 || 2004924 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Philboard SQL Injection Attempt -- philboard_forum.asp forumid SELECT || cve,CVE-2007-0920 || url,www.milw0rm.com/exploits/3295 || url,doc.emergingthreats.net/2004924
1 || 2004925 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Philboard SQL Injection Attempt -- philboard_forum.asp forumid UNION SELECT || cve,CVE-2007-0920 || url,www.milw0rm.com/exploits/3295 || url,doc.emergingthreats.net/2004925
1 || 2004926 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Philboard SQL Injection Attempt -- philboard_forum.asp forumid INSERT || cve,CVE-2007-0920 || url,www.milw0rm.com/exploits/3295 || url,doc.emergingthreats.net/2004926
1 || 2004927 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Philboard SQL Injection Attempt -- philboard_forum.asp forumid DELETE || cve,CVE-2007-0920 || url,www.milw0rm.com/exploits/3295 || url,doc.emergingthreats.net/2004927
1 || 2004928 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Philboard SQL Injection Attempt -- philboard_forum.asp forumid ASCII || cve,CVE-2007-0920 || url,www.milw0rm.com/exploits/3295 || url,doc.emergingthreats.net/2004928
1 || 2004929 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Philboard SQL Injection Attempt -- philboard_forum.asp forumid UPDATE || cve,CVE-2007-0920 || url,www.milw0rm.com/exploits/3295 || url,doc.emergingthreats.net/2004929
1 || 2004930 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PSY Auction SQL Injection Attempt -- item.php id SELECT || cve,CVE-2006-7005 || url,www.securityfocus.com/bid/17974 || url,doc.emergingthreats.net/2004930
1 || 2004931 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PSY Auction SQL Injection Attempt -- item.php id UNION SELECT || cve,CVE-2006-7005 || url,www.securityfocus.com/bid/17974 || url,doc.emergingthreats.net/2004931
1 || 2004932 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PSY Auction SQL Injection Attempt -- item.php id INSERT || cve,CVE-2006-7005 || url,www.securityfocus.com/bid/17974 || url,doc.emergingthreats.net/2004932
1 || 2004933 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PSY Auction SQL Injection Attempt -- item.php id DELETE || cve,CVE-2006-7005 || url,www.securityfocus.com/bid/17974 || url,doc.emergingthreats.net/2004933
1 || 2004934 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PSY Auction SQL Injection Attempt -- item.php id ASCII || cve,CVE-2006-7005 || url,www.securityfocus.com/bid/17974 || url,doc.emergingthreats.net/2004934
1 || 2004935 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PSY Auction SQL Injection Attempt -- item.php id UPDATE || cve,CVE-2006-7005 || url,www.securityfocus.com/bid/17974 || url,doc.emergingthreats.net/2004935
1 || 2004936 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentname SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004936
1 || 2004937 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentname UNION SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004937
1 || 2004938 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentname INSERT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004938
1 || 2004939 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentname DELETE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004939
1 || 2004940 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentname ASCII || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004940
1 || 2004941 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentname UPDATE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004941
1 || 2004942 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004942
1 || 2004943 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail UNION SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004943
1 || 2004945 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail INSERT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004945
1 || 2004946 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail DELETE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004946
1 || 2004947 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail ASCII || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004947
1 || 2004948 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentmail UPDATE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004948
1 || 2004949 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004949
1 || 2004950 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite UNION SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004950
1 || 2004951 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite INSERT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004951
1 || 2004952 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite DELETE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004952
1 || 2004953 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite ASCII || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004953
1 || 2004954 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php commentwebsite UPDATE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004954
1 || 2004955 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php comment SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004955
1 || 2004956 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php comment UNION SELECT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004956
1 || 2004957 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php comment INSERT || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004957
1 || 2004958 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php comment DELETE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004958
1 || 2004959 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php comment ASCII || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004959
1 || 2004960 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neuron Blog SQL Injection Attempt -- addcomment2.php comment UPDATE || cve,CVE-2006-6993 || url,www.secunia.com/advisories/19703 || url,doc.emergingthreats.net/2004960
1 || 2004961 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiNews SQL Injection Attempt -- comments.php id SELECT || cve,CVE-2007-0865 || url,www.exploit-db.com/exploits/3287/ || url,doc.emergingthreats.net/2004961
1 || 2004962 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiNews SQL Injection Attempt -- comments.php id UNION SELECT || cve,CVE-2007-0865 || url,www.exploit-db.com/exploits/3287/ || url,doc.emergingthreats.net/2004962
1 || 2004963 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiNews SQL Injection Attempt -- comments.php id INSERT || cve,CVE-2007-0865 || url,www.exploit-db.com/exploits/3287/ || url,doc.emergingthreats.net/2004963
1 || 2004964 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiNews SQL Injection Attempt -- comments.php id DELETE || cve,CVE-2007-0865 || url,www.exploit-db.com/exploits/3287/ || url,doc.emergingthreats.net/2004964
1 || 2004965 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiNews SQL Injection Attempt -- comments.php id ASCII || cve,CVE-2007-0865 || url,www.exploit-db.com/exploits/3287/ || url,doc.emergingthreats.net/2004965
1 || 2004966 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiNews SQL Injection Attempt -- comments.php id UPDATE || cve,CVE-2007-0865 || url,www.exploit-db.com/exploits/3287/ || url,doc.emergingthreats.net/2004966
1 || 2004967 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id SELECT || cve,CVE-2007-0864 || url,www.exploit-db.com/exploits/3288/ || url,doc.emergingthreats.net/2004967
1 || 2004968 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id UNION SELECT || cve,CVE-2007-0864 || url,www.exploit-db.com/exploits/3288/ || url,doc.emergingthreats.net/2004968
1 || 2004969 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id INSERT || cve,CVE-2007-0864 || url,www.exploit-db.com/exploits/3288/ || url,doc.emergingthreats.net/2004969
1 || 2004970 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id DELETE || cve,CVE-2007-0864 || url,www.exploit-db.com/exploits/3288/ || url,doc.emergingthreats.net/2004970
1 || 2004971 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id ASCII || cve,CVE-2007-0864 || url,www.exploit-db.com/exploits/3288/ || url,doc.emergingthreats.net/2004971
1 || 2004972 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LushiWarPlaner SQL Injection Attempt -- register.php id UPDATE || cve,CVE-2007-0864 || url,www.exploit-db.com/exploits/3288/ || url,doc.emergingthreats.net/2004972
1 || 2004979 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid SELECT || cve,CVE-2007-0826 || url,www.exploit-db.com/exploits/3278/ || url,doc.emergingthreats.net/2004979
1 || 2004980 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid UNION SELECT || cve,CVE-2007-0826 || url,www.exploit-db.com/exploits/3278/ || url,doc.emergingthreats.net/2004980
1 || 2004981 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid INSERT || cve,CVE-2007-0826 || url,www.exploit-db.com/exploits/3278/ || url,doc.emergingthreats.net/2004981
1 || 2004982 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid DELETE || cve,CVE-2007-0826 || url,www.exploit-db.com/exploits/3278/ || url,doc.emergingthreats.net/2004982
1 || 2004983 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid ASCII || cve,CVE-2007-0826 || url,www.exploit-db.com/exploits/3278/ || url,doc.emergingthreats.net/2004983
1 || 2004984 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kisisel Site 2007 SQL Injection Attempt -- forum.asp forumid UPDATE || cve,CVE-2007-0826 || url,www.exploit-db.com/exploits/3278/ || url,doc.emergingthreats.net/2004984
1 || 2004985 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by SELECT || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004985
1 || 2004986 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by UNION SELECT || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004986
1 || 2004987 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by INSERT || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004987
1 || 2004988 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by DELETE || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004988
1 || 2004989 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by ASCII || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004989
1 || 2004990 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php by UPDATE || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004990
1 || 2004991 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order SELECT || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004991
1 || 2004992 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order UNION SELECT || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004992
1 || 2004993 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order INSERT || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004993
1 || 2004994 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order DELETE || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004994
1 || 2004995 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order ASCII || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004995
1 || 2004996 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BtitTracker SQL Injection Attempt -- torrents.php order UPDATE || cve,CVE-2006-6972 || url,www.securityfocus.com/bid/18549 || url,doc.emergingthreats.net/2004996
1 || 2004997 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid SELECT || cve,CVE-2007-0812 || url,www.milw0rm.com/exploits/3262 || url,doc.emergingthreats.net/2004997
1 || 2004998 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UNION SELECT || cve,CVE-2007-0812 || url,www.milw0rm.com/exploits/3262 || url,doc.emergingthreats.net/2004998
1 || 2004999 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid INSERT || cve,CVE-2007-0812 || url,www.milw0rm.com/exploits/3262 || url,doc.emergingthreats.net/2004999
1 || 2005000 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid DELETE || cve,CVE-2007-0812 || url,www.milw0rm.com/exploits/3262 || url,doc.emergingthreats.net/2005000
1 || 2005001 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid ASCII || cve,CVE-2007-0812 || url,www.milw0rm.com/exploits/3262 || url,doc.emergingthreats.net/2005001
1 || 2005002 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) Lite SQL Injection Attempt -- pms.php pmid UPDATE || cve,CVE-2007-0812 || url,www.milw0rm.com/exploits/3262 || url,doc.emergingthreats.net/2005002
1 || 2005003 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp SELECT || cve,CVE-2007-0799 || url,www.securityfocus.com/bid/22382 || url,doc.emergingthreats.net/2005003
1 || 2005004 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp UNION SELECT || cve,CVE-2007-0799 || url,www.securityfocus.com/bid/22382 || url,doc.emergingthreats.net/2005004
1 || 2005005 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp INSERT || cve,CVE-2007-0799 || url,www.securityfocus.com/bid/22382 || url,doc.emergingthreats.net/2005005
1 || 2005006 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp DELETE || cve,CVE-2007-0799 || url,www.securityfocus.com/bid/22382 || url,doc.emergingthreats.net/2005006
1 || 2005007 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp ASCII || cve,CVE-2007-0799 || url,www.securityfocus.com/bid/22382 || url,doc.emergingthreats.net/2005007
1 || 2005008 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ublog Reload SQL Injection Attempt -- badword.asp UPDATE || cve,CVE-2007-0799 || url,www.securityfocus.com/bid/22382 || url,doc.emergingthreats.net/2005008
1 || 2005009 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user SELECT || cve,CVE-2007-0794 || url,www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded || url,doc.emergingthreats.net/2005009
1 || 2005010 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user UNION SELECT || cve,CVE-2007-0794 || url,www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded || url,doc.emergingthreats.net/2005010
1 || 2005011 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user INSERT || cve,CVE-2007-0794 || url,www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded || url,doc.emergingthreats.net/2005011
1 || 2005012 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user DELETE || cve,CVE-2007-0794 || url,www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded || url,doc.emergingthreats.net/2005012
1 || 2005013 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user ASCII || cve,CVE-2007-0794 || url,www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded || url,doc.emergingthreats.net/2005013
1 || 2005014 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GlobalMegaCorp dvddb SQL Injection Attempt -- common.php user UPDATE || cve,CVE-2007-0794 || url,www.securityfocus.com/archive/1/archive/1/459151/100/0/threaded || url,doc.emergingthreats.net/2005014
1 || 2005015 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id SELECT || cve,CVE-2007-0786 || url,www.milw0rm.com/exploits/3261 || url,doc.emergingthreats.net/2005015
1 || 2005016 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id UNION SELECT || cve,CVE-2007-0786 || url,www.milw0rm.com/exploits/3261 || url,doc.emergingthreats.net/2005016
1 || 2005017 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id INSERT || cve,CVE-2007-0786 || url,www.milw0rm.com/exploits/3261 || url,doc.emergingthreats.net/2005017
1 || 2005018 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id DELETE || cve,CVE-2007-0786 || url,www.milw0rm.com/exploits/3261 || url,doc.emergingthreats.net/2005018
1 || 2005019 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id ASCII || cve,CVE-2007-0786 || url,www.milw0rm.com/exploits/3261 || url,doc.emergingthreats.net/2005019
1 || 2005020 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id UPDATE || cve,CVE-2007-0786 || url,www.milw0rm.com/exploits/3261 || url,doc.emergingthreats.net/2005020
1 || 2005021 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user SELECT || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005021
1 || 2005022 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user UNION SELECT || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005022
1 || 2005023 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user INSERT || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005023
1 || 2005024 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user DELETE || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005024
1 || 2005025 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user ASCII || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005025
1 || 2005026 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp user UPDATE || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005026
1 || 2005027 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp password SELECT || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005027
1 || 2005028 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp password UNION SELECT || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005028
1 || 2005029 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp password INSERT || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005029
1 || 2005030 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp password DELETE || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005030
1 || 2005031 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp password ASCII || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005031
1 || 2005032 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- login.asp password UPDATE || cve,CVE-2007-0784 || url,www.securityfocus.com/archive/1/archive/1/458560/100/0/threaded || url,doc.emergingthreats.net/2005032
1 || 2005033 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dB Masters Curium CMS SQL Injection Attempt -- news.php c_id SELECT || cve,CVE-2007-0765 || url,www.milw0rm.com/exploits/3256 || url,doc.emergingthreats.net/2005033
1 || 2005034 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dB Masters Curium CMS SQL Injection Attempt -- news.php c_id UNION SELECT || cve,CVE-2007-0765 || url,www.milw0rm.com/exploits/3256 || url,doc.emergingthreats.net/2005034
1 || 2005035 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dB Masters Curium CMS SQL Injection Attempt -- news.php c_id INSERT || cve,CVE-2007-0765 || url,www.milw0rm.com/exploits/3256 || url,doc.emergingthreats.net/2005035
1 || 2005036 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dB Masters Curium CMS SQL Injection Attempt -- news.php c_id DELETE || cve,CVE-2007-0765 || url,www.milw0rm.com/exploits/3256 || url,doc.emergingthreats.net/2005036
1 || 2005037 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dB Masters Curium CMS SQL Injection Attempt -- news.php c_id ASCII || cve,CVE-2007-0765 || url,www.milw0rm.com/exploits/3256 || url,doc.emergingthreats.net/2005037
1 || 2005038 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dB Masters Curium CMS SQL Injection Attempt -- news.php c_id UPDATE || cve,CVE-2007-0765 || url,www.milw0rm.com/exploits/3256 || url,doc.emergingthreats.net/2005038
1 || 2005039 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i SELECT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005039
1 || 2005040 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i UNION SELECT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005040
1 || 2005041 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i INSERT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005041
1 || 2005042 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i DELETE || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005042
1 || 2005043 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i ASCII || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005043
1 || 2005044 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id SELECT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005044
1 || 2005045 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i UPDATE || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005045
1 || 2005046 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id UNION SELECT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005046
1 || 2005047 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id INSERT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005047
1 || 2005048 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id DELETE || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005048
1 || 2005049 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id ASCII || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005049
1 || 2005050 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id UPDATE || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005050
1 || 2005051 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i SELECT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005051
1 || 2005052 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i UNION SELECT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005052
1 || 2005053 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i INSERT || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005053
1 || 2005054 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i DELETE || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005054
1 || 2005055 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i ASCII || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005055
1 || 2005056 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i UPDATE || cve,CVE-2007-0759 || url,www.securityfocus.com/bid/22369 || url,doc.emergingthreats.net/2005056
1 || 2005057 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod SELECT || cve,CVE-2007-0698 || url,www.frsirt.com/english/advisories/2007/0388 || url,doc.emergingthreats.net/2005057
1 || 2005058 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod UNION SELECT || cve,CVE-2007-0698 || url,www.frsirt.com/english/advisories/2007/0388 || url,doc.emergingthreats.net/2005058
1 || 2005059 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod INSERT || cve,CVE-2007-0698 || url,www.frsirt.com/english/advisories/2007/0388 || url,doc.emergingthreats.net/2005059
1 || 2005060 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod DELETE || cve,CVE-2007-0698 || url,www.frsirt.com/english/advisories/2007/0388 || url,doc.emergingthreats.net/2005060
1 || 2005061 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod ASCII || cve,CVE-2007-0698 || url,www.frsirt.com/english/advisories/2007/0388 || url,doc.emergingthreats.net/2005061
1 || 2005062 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ACGVannu SQL Injection Attempt -- modif.html id_mod UPDATE || cve,CVE-2007-0698 || url,www.frsirt.com/english/advisories/2007/0388 || url,doc.emergingthreats.net/2005062
1 || 2005063 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id SELECT || cve,CVE-2007-0688 || url,www.milw0rm.com/exploits/3241 || url,doc.emergingthreats.net/2005063
1 || 2005064 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id UNION SELECT || cve,CVE-2007-0688 || url,www.milw0rm.com/exploits/3241 || url,doc.emergingthreats.net/2005064
1 || 2005065 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id INSERT || cve,CVE-2007-0688 || url,www.milw0rm.com/exploits/3241 || url,doc.emergingthreats.net/2005065
1 || 2005066 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id DELETE || cve,CVE-2007-0688 || url,www.milw0rm.com/exploits/3241 || url,doc.emergingthreats.net/2005066
1 || 2005067 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id ASCII || cve,CVE-2007-0688 || url,www.milw0rm.com/exploits/3241 || url,doc.emergingthreats.net/2005067
1 || 2005068 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Duyuru Scripti SQL Injection Attempt -- oku.asp id UPDATE || cve,CVE-2007-0688 || url,www.milw0rm.com/exploits/3241 || url,doc.emergingthreats.net/2005068
1 || 2005069 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid SELECT || cve,CVE-2007-0687 || url,www.exploit-db.com/exploits/3232/ || url,doc.emergingthreats.net/2005069
1 || 2005070 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid UNION SELECT || cve,CVE-2007-0687 || url,www.exploit-db.com/exploits/3232/ || url,doc.emergingthreats.net/2005070
1 || 2005071 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid INSERT || cve,CVE-2007-0687 || url,www.exploit-db.com/exploits/3232/ || url,doc.emergingthreats.net/2005071
1 || 2005072 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid DELETE || cve,CVE-2007-0687 || url,www.exploit-db.com/exploits/3232/ || url,doc.emergingthreats.net/2005072
1 || 2005073 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid ASCII || cve,CVE-2007-0687 || url,www.exploit-db.com/exploits/3232/ || url,doc.emergingthreats.net/2005073
1 || 2005074 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Michelles L2J Dropcalc SQL Injection Attempt -- i-search.php itemid UPDATE || cve,CVE-2007-0687 || url,www.exploit-db.com/exploits/3232/ || url,doc.emergingthreats.net/2005074
1 || 2005075 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id SELECT || cve,CVE-2007-0678 || url,www.milw0rm.com/exploits/3233 || url,doc.emergingthreats.net/2005075
1 || 2005076 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id UNION SELECT || cve,CVE-2007-0678 || url,www.milw0rm.com/exploits/3233 || url,doc.emergingthreats.net/2005076
1 || 2005077 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id INSERT || cve,CVE-2007-0678 || url,www.milw0rm.com/exploits/3233 || url,doc.emergingthreats.net/2005077
1 || 2005078 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id DELETE || cve,CVE-2007-0678 || url,www.milw0rm.com/exploits/3233 || url,doc.emergingthreats.net/2005078
1 || 2005079 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id ASCII || cve,CVE-2007-0678 || url,www.milw0rm.com/exploits/3233 || url,doc.emergingthreats.net/2005079
1 || 2005080 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite Asp Hosting Sitesi SQL Injection Attempt -- windows.asp kategori_id UPDATE || cve,CVE-2007-0678 || url,www.milw0rm.com/exploits/3233 || url,doc.emergingthreats.net/2005080
1 || 2005081 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExoPHPDesk SQL Injection Attempt -- faq.php id SELECT || cve,CVE-2007-0676 || url,www.milw0rm.com/exploits/3234 || url,doc.emergingthreats.net/2005081
1 || 2005082 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExoPHPDesk SQL Injection Attempt -- faq.php id UNION SELECT || cve,CVE-2007-0676 || url,www.milw0rm.com/exploits/3234 || url,doc.emergingthreats.net/2005082
1 || 2005083 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExoPHPDesk SQL Injection Attempt -- faq.php id INSERT || cve,CVE-2007-0676 || url,www.milw0rm.com/exploits/3234 || url,doc.emergingthreats.net/2005083
1 || 2005084 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExoPHPDesk SQL Injection Attempt -- faq.php id DELETE || cve,CVE-2007-0676 || url,www.milw0rm.com/exploits/3234 || url,doc.emergingthreats.net/2005084
1 || 2005085 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExoPHPDesk SQL Injection Attempt -- faq.php id ASCII || cve,CVE-2007-0676 || url,www.milw0rm.com/exploits/3234 || url,doc.emergingthreats.net/2005085
1 || 2005086 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExoPHPDesk SQL Injection Attempt -- faq.php id UPDATE || cve,CVE-2007-0676 || url,www.milw0rm.com/exploits/3234 || url,doc.emergingthreats.net/2005086
1 || 2005087 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid SELECT || cve,CVE-2007-0663 || url,www.frsirt.com/english/advisories/2007/0424 || url,doc.emergingthreats.net/2005087
1 || 2005088 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid UNION SELECT || cve,CVE-2007-0663 || url,www.frsirt.com/english/advisories/2007/0424 || url,doc.emergingthreats.net/2005088
1 || 2005089 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid INSERT || cve,CVE-2007-0663 || url,www.frsirt.com/english/advisories/2007/0424 || url,doc.emergingthreats.net/2005089
1 || 2005090 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid DELETE || cve,CVE-2007-0663 || url,www.frsirt.com/english/advisories/2007/0424 || url,doc.emergingthreats.net/2005090
1 || 2005091 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid ASCII || cve,CVE-2007-0663 || url,www.frsirt.com/english/advisories/2007/0424 || url,doc.emergingthreats.net/2005091
1 || 2005092 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php qid UPDATE || cve,CVE-2007-0663 || url,www.frsirt.com/english/advisories/2007/0424 || url,doc.emergingthreats.net/2005092
1 || 2005093 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id SELECT || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005093
1 || 2005094 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id UNION SELECT || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005094
1 || 2005095 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id INSERT || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005095
1 || 2005096 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id DELETE || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005096
1 || 2005097 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id ASCII || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005097
1 || 2005098 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp id UPDATE || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005098
1 || 2005099 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass SELECT || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005099
1 || 2005100 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass UNION SELECT || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005100
1 || 2005101 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass INSERT || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005101
1 || 2005102 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass DELETE || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005102
1 || 2005103 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass ASCII || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005103
1 || 2005104 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Raymond BERTHOU script SQL Injection Attempt -- user_confirm.asp pass UPDATE || cve,CVE-2007-0642 || url,www.securityfocus.com/bid/22350 || url,doc.emergingthreats.net/2005104
1 || 2005105 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- artreplydelete.asp username SELECT || cve,CVE-2007-0632 || url,www.frsirt.com/english/advisories/2007/0341 || url,doc.emergingthreats.net/2005105
1 || 2005106 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- artreplydelete.asp username UNION SELECT || cve,CVE-2007-0632 || url,www.frsirt.com/english/advisories/2007/0341 || url,doc.emergingthreats.net/2005106
1 || 2005107 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- artreplydelete.asp username INSERT || cve,CVE-2007-0632 || url,www.frsirt.com/english/advisories/2007/0341 || url,doc.emergingthreats.net/2005107
1 || 2005108 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- artreplydelete.asp username DELETE || cve,CVE-2007-0632 || url,www.frsirt.com/english/advisories/2007/0341 || url,doc.emergingthreats.net/2005108
1 || 2005109 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- artreplydelete.asp username ASCII || cve,CVE-2007-0632 || url,www.frsirt.com/english/advisories/2007/0341 || url,doc.emergingthreats.net/2005109
1 || 2005110 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- artreplydelete.asp username UPDATE || cve,CVE-2007-0632 || url,www.frsirt.com/english/advisories/2007/0341 || url,doc.emergingthreats.net/2005110
1 || 2005111 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid SELECT || cve,CVE-2007-0631 || url,www.milw0rm.com/exploits/3227 || url,doc.emergingthreats.net/2005111
1 || 2005112 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid UNION SELECT || cve,CVE-2007-0631 || url,www.milw0rm.com/exploits/3227 || url,doc.emergingthreats.net/2005112
1 || 2005113 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid INSERT || cve,CVE-2007-0631 || url,www.milw0rm.com/exploits/3227 || url,doc.emergingthreats.net/2005113
1 || 2005114 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid DELETE || cve,CVE-2007-0631 || url,www.milw0rm.com/exploits/3227 || url,doc.emergingthreats.net/2005114
1 || 2005115 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid ASCII || cve,CVE-2007-0631 || url,www.milw0rm.com/exploits/3227 || url,doc.emergingthreats.net/2005115
1 || 2005116 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclectic Designs CascadianFAQ SQL Injection Attempt -- index.php catid UPDATE || cve,CVE-2007-0631 || url,www.milw0rm.com/exploits/3227 || url,doc.emergingthreats.net/2005116
1 || 2005117 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id SELECT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005117
1 || 2005118 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id UNION SELECT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005118
1 || 2005119 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id INSERT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005119
1 || 2005120 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id DELETE || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005120
1 || 2005121 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id ASCII || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005121
1 || 2005122 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php id UPDATE || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005122
1 || 2005123 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from SELECT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005123
1 || 2005124 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from UNION SELECT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005124
1 || 2005125 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from INSERT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005125
1 || 2005126 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from DELETE || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005126
1 || 2005127 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from ASCII || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005127
1 || 2005128 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php from UPDATE || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005128
1 || 2005129 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q SELECT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005129
1 || 2005130 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q UNION SELECT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005130
1 || 2005131 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q INSERT || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005131
1 || 2005132 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q DELETE || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005132
1 || 2005133 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q ASCII || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005133
1 || 2005134 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-dev xNews SQL Injection Attempt -- class.news.php q UPDATE || cve,CVE-2007-0630 || url,www.frsirt.com/english/advisories/2007/0395 || url,doc.emergingthreats.net/2005134
1 || 2005135 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow SELECT || cve,CVE-2007-0623 || url,www.securityfocus.com/bid/22293 || url,doc.emergingthreats.net/2005135
1 || 2005136 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow UNION SELECT || cve,CVE-2007-0623 || url,www.securityfocus.com/bid/22293 || url,doc.emergingthreats.net/2005136
1 || 2005137 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow INSERT || cve,CVE-2007-0623 || url,www.securityfocus.com/bid/22293 || url,doc.emergingthreats.net/2005137
1 || 2005138 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow DELETE || cve,CVE-2007-0623 || url,www.securityfocus.com/bid/22293 || url,doc.emergingthreats.net/2005138
1 || 2005139 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow ASCII || cve,CVE-2007-0623 || url,www.securityfocus.com/bid/22293 || url,doc.emergingthreats.net/2005139
1 || 2005140 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXdev MDPro SQL Injection Attempt -- index.php startrow UPDATE || cve,CVE-2007-0623 || url,www.securityfocus.com/bid/22293 || url,doc.emergingthreats.net/2005140
1 || 2005141 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid SELECT || cve,CVE-2007-0600 || url,www.exploit-db.com/exploits/3194/ || url,doc.emergingthreats.net/2005141
1 || 2005142 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid UNION SELECT || cve,CVE-2007-0600 || url,www.exploit-db.com/exploits/3194/ || url,doc.emergingthreats.net/2005142
1 || 2005143 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid INSERT || cve,CVE-2007-0600 || url,www.exploit-db.com/exploits/3194/ || url,doc.emergingthreats.net/2005143
1 || 2005144 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid DELETE || cve,CVE-2007-0600 || url,www.exploit-db.com/exploits/3194/ || url,doc.emergingthreats.net/2005144
1 || 2005145 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid ASCII || cve,CVE-2007-0600 || url,www.exploit-db.com/exploits/3194/ || url,doc.emergingthreats.net/2005145
1 || 2005146 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Martyn Kilbryde Newsposter Script SQL Injection Attempt -- news_page.asp uid UPDATE || cve,CVE-2007-0600 || url,www.exploit-db.com/exploits/3194/ || url,doc.emergingthreats.net/2005146
1 || 2005147 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user UNION SELECT || cve,CVE-2007-0589 || url,www.milw0rm.com/exploits/3197 || url,doc.emergingthreats.net/2005147
1 || 2005148 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user INSERT || cve,CVE-2007-0589 || url,www.milw0rm.com/exploits/3197 || url,doc.emergingthreats.net/2005148
1 || 2005149 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user DELETE || cve,CVE-2007-0589 || url,www.milw0rm.com/exploits/3197 || url,doc.emergingthreats.net/2005149
1 || 2005150 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user ASCII || cve,CVE-2007-0589 || url,www.milw0rm.com/exploits/3197 || url,doc.emergingthreats.net/2005150
1 || 2005151 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user UPDATE || cve,CVE-2007-0589 || url,www.milw0rm.com/exploits/3197 || url,doc.emergingthreats.net/2005151
1 || 2005152 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines SELECT || cve,CVE-2007-0574 || url,www.securityfocus.com/bid/22282 || url,doc.emergingthreats.net/2005152
1 || 2005153 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines UNION SELECT || cve,CVE-2007-0574 || url,www.securityfocus.com/bid/22282 || url,doc.emergingthreats.net/2005153
1 || 2005154 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines DELETE || cve,CVE-2007-0574 || url,www.securityfocus.com/bid/22282 || url,doc.emergingthreats.net/2005154
1 || 2005155 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines INSERT || cve,CVE-2007-0574 || url,www.securityfocus.com/bid/22282 || url,doc.emergingthreats.net/2005155
1 || 2005156 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines ASCII || cve,CVE-2007-0574 || url,www.securityfocus.com/bid/22282 || url,doc.emergingthreats.net/2005156
1 || 2005157 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SpoonLabs Vivvo Article Management CMS (phpWordPress) SQL Injection Attempt -- show_webfeed.php wcHeadlines UPDATE || cve,CVE-2007-0574 || url,www.securityfocus.com/bid/22282 || url,doc.emergingthreats.net/2005157
1 || 2005158 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS xNews SQL Injection Attempt -- xNews.php id SELECT || cve,CVE-2007-0569 || url,www.milw0rm.com/exploits/3216 || url,doc.emergingthreats.net/2005158
1 || 2005159 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS xNews SQL Injection Attempt -- xNews.php id UNION SELECT || cve,CVE-2007-0569 || url,www.milw0rm.com/exploits/3216 || url,doc.emergingthreats.net/2005159
1 || 2005160 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS xNews SQL Injection Attempt -- xNews.php id INSERT || cve,CVE-2007-0569 || url,www.milw0rm.com/exploits/3216 || url,doc.emergingthreats.net/2005160
1 || 2005161 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS xNews SQL Injection Attempt -- xNews.php id DELETE || cve,CVE-2007-0569 || url,www.milw0rm.com/exploits/3216 || url,doc.emergingthreats.net/2005161
1 || 2005162 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS xNews SQL Injection Attempt -- xNews.php id ASCII || cve,CVE-2007-0569 || url,www.milw0rm.com/exploits/3216 || url,doc.emergingthreats.net/2005162
1 || 2005163 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS xNews SQL Injection Attempt -- xNews.php id UPDATE || cve,CVE-2007-0569 || url,www.milw0rm.com/exploits/3216 || url,doc.emergingthreats.net/2005163
1 || 2005164 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP NEWS SQL Injection Attempt -- news_detail.asp id SELECT || cve,CVE-2007-0566 || url,www.milw0rm.com/exploits/3187 || url,doc.emergingthreats.net/2005164
1 || 2005165 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP NEWS SQL Injection Attempt -- news_detail.asp id UNION SELECT || cve,CVE-2007-0566 || url,www.milw0rm.com/exploits/3187 || url,doc.emergingthreats.net/2005165
1 || 2005166 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP NEWS SQL Injection Attempt -- news_detail.asp id INSERT || cve,CVE-2007-0566 || url,www.milw0rm.com/exploits/3187 || url,doc.emergingthreats.net/2005166
1 || 2005167 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP NEWS SQL Injection Attempt -- news_detail.asp id DELETE || cve,CVE-2007-0566 || url,www.milw0rm.com/exploits/3187 || url,doc.emergingthreats.net/2005167
1 || 2005168 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP NEWS SQL Injection Attempt -- news_detail.asp id ASCII || cve,CVE-2007-0566 || url,www.milw0rm.com/exploits/3187 || url,doc.emergingthreats.net/2005168
1 || 2005169 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP NEWS SQL Injection Attempt -- news_detail.asp id UPDATE || cve,CVE-2007-0566 || url,www.milw0rm.com/exploits/3187 || url,doc.emergingthreats.net/2005169
1 || 2005170 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- user.asp user SELECT || cve,CVE-2007-0560 || url,www.milw0rm.com/exploits/3186 || url,doc.emergingthreats.net/2005170
1 || 2005171 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- user.asp user UNION SELECT || cve,CVE-2007-0560 || url,www.milw0rm.com/exploits/3186 || url,doc.emergingthreats.net/2005171
1 || 2005172 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- user.asp user INSERT || cve,CVE-2007-0560 || url,www.milw0rm.com/exploits/3186 || url,doc.emergingthreats.net/2005172
1 || 2005173 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- user.asp user DELETE || cve,CVE-2007-0560 || url,www.milw0rm.com/exploits/3186 || url,doc.emergingthreats.net/2005173
1 || 2005174 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- user.asp user ASCII || cve,CVE-2007-0560 || url,www.milw0rm.com/exploits/3186 || url,doc.emergingthreats.net/2005174
1 || 2005175 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP EDGE SQL Injection Attempt -- user.asp user UPDATE || cve,CVE-2007-0560 || url,www.milw0rm.com/exploits/3186 || url,doc.emergingthreats.net/2005175
1 || 2005176 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Forum Livre SQL Injection Attempt -- info_user.asp user SELECT || cve,CVE-2007-0589 || url,www.milw0rm.com/exploits/3197 || url,doc.emergingthreats.net/2005176
1 || 2005177 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id UNION SELECT || cve,CVE-2007-1295 || url,www.milw0rm.com/exploits/3411 || url,doc.emergingthreats.net/2005177
1 || 2005179 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hunkaray Okul Portaly SQL Injection Attempt -- haberoku.asp id SELECT || cve,CVE-2007-3080 || url,www.securityfocus.com/bid/24288 || url,doc.emergingthreats.net/2005179
1 || 2005180 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php INSERT || cve,CVE-2006-7101 || url,www.milw0rm.com/exploits/2759 || url,doc.emergingthreats.net/2005180
1 || 2005181 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php UPDATE || cve,CVE-2006-7101 || url,www.milw0rm.com/exploits/2759 || url,doc.emergingthreats.net/2005181
1 || 2005185 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tyger Bug Tracking System (TygerBT) SQL Injection Attempt -- ViewBugs.php s UNION SELECT || cve,CVE-2007-1289 || url,www.securityfocus.com/bid/22799 || url,doc.emergingthreats.net/2005185
1 || 2005186 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id SELECT || cve,CVE-2007-1058 || url,www.milw0rm.com/exploits/3339 || url,doc.emergingthreats.net/2005186
1 || 2005187 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay UNION SELECT || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005187
1 || 2005188 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay INSERT || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005188
1 || 2005189 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay DELETE || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005189
1 || 2005190 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay ASCII || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005190
1 || 2005191 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay UPDATE || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005191
1 || 2005192 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005192
1 || 2005193 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id UNION SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005193
1 || 2005194 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id INSERT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005194
1 || 2005195 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id DELETE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005195
1 || 2005196 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id ASCII || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005196
1 || 2005197 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp id UPDATE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005197
1 || 2005198 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005198
1 || 2005199 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass UNION SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005199
1 || 2005200 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass INSERT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005200
1 || 2005201 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass DELETE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005201
1 || 2005202 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass ASCII || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005202
1 || 2005203 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- mezungiris.asp pass UPDATE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005203
1 || 2005204 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005204
1 || 2005205 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass UNION SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005205
1 || 2005206 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass INSERT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005206
1 || 2005207 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass DELETE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005207
1 || 2005208 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass ASCII || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005208
1 || 2005209 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp pass UPDATE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005209
1 || 2005210 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005210
1 || 2005211 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id UNION SELECT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005211
1 || 2005212 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id INSERT || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005212
1 || 2005213 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id DELETE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005213
1 || 2005214 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id ASCII || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005214
1 || 2005215 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zindizayn Okul Web Sistemi SQL Injection Attempt -- ogretmenkontrol.asp id UPDATE || cve,CVE-2007-3178 || url,www.securityfocus.com/archive/1/archive/1/469710/100/0/threaded || url,doc.emergingthreats.net/2005215
1 || 2005216 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- archives.php month SELECT || cve,CVE-2007-3179 || url,www.securityfocus.com/archive/1/archive/1/469984/100/0/threaded || url,doc.emergingthreats.net/2005216
1 || 2005217 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- archives.php month UNION SELECT || cve,CVE-2007-3179 || url,www.securityfocus.com/archive/1/archive/1/469984/100/0/threaded || url,doc.emergingthreats.net/2005217
1 || 2005218 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- archives.php month INSERT || cve,CVE-2007-3179 || url,www.securityfocus.com/archive/1/archive/1/469984/100/0/threaded || url,doc.emergingthreats.net/2005218
1 || 2005219 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- archives.php month DELETE || cve,CVE-2007-3179 || url,www.securityfocus.com/archive/1/archive/1/469984/100/0/threaded || url,doc.emergingthreats.net/2005219
1 || 2005220 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- archives.php month ASCII || cve,CVE-2007-3179 || url,www.securityfocus.com/archive/1/archive/1/469984/100/0/threaded || url,doc.emergingthreats.net/2005220
1 || 2005221 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Particle Blogger SQL Injection Attempt -- archives.php month UPDATE || cve,CVE-2007-3179 || url,www.securityfocus.com/archive/1/archive/1/469984/100/0/threaded || url,doc.emergingthreats.net/2005221
1 || 2005222 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id SELECT || cve,CVE-2007-0554 || url,www.milw0rm.com/exploits/3195 || url,doc.emergingthreats.net/2005222
1 || 2005223 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id UNION SELECT || cve,CVE-2007-0554 || url,www.milw0rm.com/exploits/3195 || url,doc.emergingthreats.net/2005223
1 || 2005224 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id INSERT || cve,CVE-2007-0554 || url,www.milw0rm.com/exploits/3195 || url,doc.emergingthreats.net/2005224
1 || 2005225 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id DELETE || cve,CVE-2007-0554 || url,www.milw0rm.com/exploits/3195 || url,doc.emergingthreats.net/2005225
1 || 2005226 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id UPDATE || cve,CVE-2007-0554 || url,www.milw0rm.com/exploits/3195 || url,doc.emergingthreats.net/2005226
1 || 2005227 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID SELECT || cve,CVE-2007-0527 || url,downloads.securityfocus.com/vulnerabilities/exploits/22176.html || url,doc.emergingthreats.net/2005227
1 || 2005228 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID UNION SELECT || cve,CVE-2007-0527 || url,downloads.securityfocus.com/vulnerabilities/exploits/22176.html || url,doc.emergingthreats.net/2005228
1 || 2005229 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID INSERT || cve,CVE-2007-0527 || url,downloads.securityfocus.com/vulnerabilities/exploits/22176.html || url,doc.emergingthreats.net/2005229
1 || 2005230 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID DELETE || cve,CVE-2007-0527 || url,downloads.securityfocus.com/vulnerabilities/exploits/22176.html || url,doc.emergingthreats.net/2005230
1 || 2005231 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID ASCII || cve,CVE-2007-0527 || url,downloads.securityfocus.com/vulnerabilities/exploits/22176.html || url,doc.emergingthreats.net/2005231
1 || 2005232 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Baker SQL Injection Attempt -- eWebQuiz.asp QuizID UPDATE || cve,CVE-2007-0527 || url,downloads.securityfocus.com/vulnerabilities/exploits/22176.html || url,doc.emergingthreats.net/2005232
1 || 2005233 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unique Ads (UDS) SQL Injection Attempt -- banner.php bid SELECT || cve,CVE-2007-0520 || url,www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded || url,doc.emergingthreats.net/2005233
1 || 2005234 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unique Ads (UDS) SQL Injection Attempt -- banner.php bid UNION SELECT || cve,CVE-2007-0520 || url,www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded || url,doc.emergingthreats.net/2005234
1 || 2005235 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unique Ads (UDS) SQL Injection Attempt -- banner.php bid INSERT || cve,CVE-2007-0520 || url,www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded || url,doc.emergingthreats.net/2005235
1 || 2005236 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unique Ads (UDS) SQL Injection Attempt -- banner.php bid DELETE || cve,CVE-2007-0520 || url,www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded || url,doc.emergingthreats.net/2005236
1 || 2005237 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unique Ads (UDS) SQL Injection Attempt -- banner.php bid ASCII || cve,CVE-2007-0520 || url,www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded || url,doc.emergingthreats.net/2005237
1 || 2005238 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unique Ads (UDS) SQL Injection Attempt -- banner.php bid UPDATE || cve,CVE-2007-0520 || url,www.securityfocus.com/archive/1/archive/1/457667/100/0/threaded || url,doc.emergingthreats.net/2005238
1 || 2005239 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php picID SELECT || cve,CVE-2007-0520 || url,www.milw0rm.com/exploits/3172 || url,doc.emergingthreats.net/2005239
1 || 2005240 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php picID UNION SELECT || cve,CVE-2007-0520 || url,www.milw0rm.com/exploits/3172 || url,doc.emergingthreats.net/2005240
1 || 2005241 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php picID INSERT || cve,CVE-2007-0520 || url,www.milw0rm.com/exploits/3172 || url,doc.emergingthreats.net/2005241
1 || 2005242 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php picID DELETE || cve,CVE-2007-0520 || url,www.milw0rm.com/exploits/3172 || url,doc.emergingthreats.net/2005242
1 || 2005243 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php picID ASCII || cve,CVE-2007-0520 || url,www.milw0rm.com/exploits/3172 || url,doc.emergingthreats.net/2005243
1 || 2005244 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php picID UPDATE || cve,CVE-2007-0520 || url,www.milw0rm.com/exploits/3172 || url,doc.emergingthreats.net/2005244
1 || 2005245 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php id SELECT || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005245
1 || 2005246 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php id UNION SELECT || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005246
1 || 2005247 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php id INSERT || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005247
1 || 2005248 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php id DELETE || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005248
1 || 2005249 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php id ASCII || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005249
1 || 2005250 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php id UPDATE || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005250
1 || 2005251 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php galleryID SELECT || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005251
1 || 2005252 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php galleryID INSERT || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005252
1 || 2005253 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php galleryID DELETE || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005253
1 || 2005254 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php galleryID ASCII || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005254
1 || 2005255 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php galleryID UPDATE || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005255
1 || 2005256 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_owned.php cat SELECT || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005256
1 || 2005257 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_owned.php cat UNION SELECT || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005257
1 || 2005258 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_owned.php cat INSERT || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005258
1 || 2005259 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_owned.php cat DELETE || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005259
1 || 2005260 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_owned.php cat ASCII || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005260
1 || 2005261 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_owned.php cat UPDATE || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005261
1 || 2005262 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_joined.php cat SELECT || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005262
1 || 2005263 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_joined.php cat UNION SELECT || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005263
1 || 2005264 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_joined.php cat INSERT || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005264
1 || 2005265 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_joined.php cat DELETE || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005265
1 || 2005266 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_joined.php cat ASCII || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005266
1 || 2005267 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast SQL Injection Attempt -- show_joined.php cat UPDATE || cve,CVE-2007-0484 || url,www.securityfocus.com/bid/22180 || url,doc.emergingthreats.net/2005267
1 || 2005268 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword SELECT || cve,CVE-2007-0403 || url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded || url,doc.emergingthreats.net/2005268
1 || 2005269 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword UNION SELECT || cve,CVE-2007-0403 || url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded || url,doc.emergingthreats.net/2005269
1 || 2005270 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword INSERT || cve,CVE-2007-0403 || url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded || url,doc.emergingthreats.net/2005270
1 || 2005271 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword DELETE || cve,CVE-2007-0403 || url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded || url,doc.emergingthreats.net/2005271
1 || 2005272 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword ASCII || cve,CVE-2007-0403 || url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded || url,doc.emergingthreats.net/2005272
1 || 2005273 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Paypal Subscription Manager SQL Injection Attempt -- memberlist.php keyword UPDATE || cve,CVE-2007-0403 || url,www.securityfocus.com/archive/1/archive/1/457506/100/0/threaded || url,doc.emergingthreats.net/2005273
1 || 2005274 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row SELECT || cve,CVE-2007-0401 || url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded || url,doc.emergingthreats.net/2005274
1 || 2005275 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row UNION SELECT || cve,CVE-2007-0401 || url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded || url,doc.emergingthreats.net/2005275
1 || 2005276 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row INSERT || cve,CVE-2007-0401 || url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded || url,doc.emergingthreats.net/2005276
1 || 2005277 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row DELETE || cve,CVE-2007-0401 || url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded || url,doc.emergingthreats.net/2005277
1 || 2005278 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row ASCII || cve,CVE-2007-0401 || url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded || url,doc.emergingthreats.net/2005278
1 || 2005279 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easebay Resources Login Manager SQL Injection Attempt -- memberlist.php init_row UPDATE || cve,CVE-2007-0401 || url,www.securityfocus.com/archive/1/archive/1/457505/100/0/threaded || url,doc.emergingthreats.net/2005279
1 || 2005280 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids SELECT || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005280
1 || 2005281 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids UNION SELECT || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005281
1 || 2005282 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids INSERT || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005282
1 || 2005283 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids DELETE || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005283
1 || 2005284 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids ASCII || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005284
1 || 2005285 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php boardids UPDATE || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005285
1 || 2005286 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board SELECT || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005286
1 || 2005287 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board UNION SELECT || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005287
1 || 2005288 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board INSERT || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005288
1 || 2005289 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board DELETE || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005289
1 || 2005290 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board ASCII || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005290
1 || 2005291 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board (wBB) SQL Injection Attempt -- search.php board UPDATE || cve,CVE-2007-0388 || url,www.milw0rm.com/exploits/3144 || url,doc.emergingthreats.net/2005291
1 || 2005292 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid SELECT || cve,CVE-2007-0387 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005292
1 || 2005293 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid UNION SELECT || cve,CVE-2007-0387 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005293
1 || 2005294 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid INSERT || cve,CVE-2007-0387 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005294
1 || 2005295 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid DELETE || cve,CVE-2007-0387 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005295
1 || 2005296 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid ASCII || cve,CVE-2007-0387 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005296
1 || 2005297 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- category.php catid UPDATE || cve,CVE-2007-0387 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005297
1 || 2005298 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id SELECT || cve,CVE-2007-0382 || url,www.securityfocus.com/bid/22117 || url,doc.emergingthreats.net/2005298
1 || 2005299 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id UNION SELECT || cve,CVE-2007-0382 || url,www.securityfocus.com/bid/22117 || url,doc.emergingthreats.net/2005299
1 || 2005300 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id INSERT || cve,CVE-2007-0382 || url,www.securityfocus.com/bid/22117 || url,doc.emergingthreats.net/2005300
1 || 2005301 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id DELETE || cve,CVE-2007-0382 || url,www.securityfocus.com/bid/22117 || url,doc.emergingthreats.net/2005301
1 || 2005302 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id ASCII || cve,CVE-2007-0382 || url,www.securityfocus.com/bid/22117 || url,doc.emergingthreats.net/2005302
1 || 2005303 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- letterman.class.php id UPDATE || cve,CVE-2007-0382 || url,www.securityfocus.com/bid/22117 || url,doc.emergingthreats.net/2005303
1 || 2005304 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft SELECT || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005304
1 || 2005305 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft UNION SELECT || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005305
1 || 2005306 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft INSERT || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005306
1 || 2005307 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft DELETE || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005307
1 || 2005308 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft ASCII || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005308
1 || 2005309 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft UPDATE || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005309
1 || 2005310 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay SELECT || cve,CVE-2007-3175 || url,xforce.iss.net/xforce/xfdb/34593 || url,doc.emergingthreats.net/2005310
1 || 2005311 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guo Xu Guos Posting System (GPS) SQL Injection Attempt -- print.asp id ASCII || cve,CVE-2007-0554 || url,www.milw0rm.com/exploits/3195 || url,doc.emergingthreats.net/2005311
1 || 2005312 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webSPELL SQL Injection Attempt -- gallery.php galleryID UNION SELECT || cve,CVE-2007-0492 || url,www.frsirt.com/english/advisories/2007/0270 || url,doc.emergingthreats.net/2005312
1 || 2005318 || 8 || trojan-activity || 0 || ET MALWARE Statblaster.com Spyware User-Agent (fetcher) || url,doc.emergingthreats.net/2005318
1 || 2005319 || 5 || trojan-activity || 0 || ET MALWARE Bizconcept.info Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2005319
1 || 2005320 || 10 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (MyAgent) || url,doc.emergingthreats.net/bin/view/Main/2005320
1 || 2005321 || 8 || trojan-activity || 0 || ET MALWARE NavExcel Spyware User-Agent (NavHelper) || url,doc.emergingthreats.net/2005321
1 || 2005322 || 9 || trojan-activity || 0 || ET MALWARE Spylocked Fake Anti-Spyware User-Agent (SpyLocked)
1 || 2005324 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php SELECT || cve,CVE-2007-3244 || url,trac.bbpress.org/ticket/592 || url,doc.emergingthreats.net/2005324
1 || 2005325 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php UNION SELECT || cve,CVE-2007-3244 || url,trac.bbpress.org/ticket/592 || url,doc.emergingthreats.net/2005325
1 || 2005326 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php INSERT || cve,CVE-2007-3244 || url,trac.bbpress.org/ticket/592 || url,doc.emergingthreats.net/2005326
1 || 2005327 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php DELETE || cve,CVE-2007-3244 || url,trac.bbpress.org/ticket/592 || url,doc.emergingthreats.net/2005327
1 || 2005328 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php ASCII || cve,CVE-2007-3244 || url,trac.bbpress.org/ticket/592 || url,doc.emergingthreats.net/2005328
1 || 2005329 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bbPress SQL Injection Attempt -- formatting-functions.php UPDATE || cve,CVE-2007-3244 || url,trac.bbpress.org/ticket/592 || url,doc.emergingthreats.net/2005329
1 || 2005330 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic SELECT || cve,CVE-2007-3235 || url,www.milw0rm.com/exploits/4062 || url,doc.emergingthreats.net/2005330
1 || 2005331 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic UNION SELECT || cve,CVE-2007-3235 || url,www.milw0rm.com/exploits/4062 || url,doc.emergingthreats.net/2005331
1 || 2005332 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic INSERT || cve,CVE-2007-3235 || url,www.milw0rm.com/exploits/4062 || url,doc.emergingthreats.net/2005332
1 || 2005333 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic DELETE || cve,CVE-2007-3235 || url,www.milw0rm.com/exploits/4062 || url,doc.emergingthreats.net/2005333
1 || 2005334 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic ASCII || cve,CVE-2007-3235 || url,www.milw0rm.com/exploits/4062 || url,doc.emergingthreats.net/2005334
1 || 2005335 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fuzzylime Forum SQL Injection Attempt -- low.php topic UPDATE || cve,CVE-2007-3235 || url,www.milw0rm.com/exploits/4062 || url,doc.emergingthreats.net/2005335
1 || 2005336 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template SELECT || cve,CVE-2007-3214 || url,www.milw0rm.com/exploits/4054 || url,doc.emergingthreats.net/2005336
1 || 2005337 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template UNION SELECT || cve,CVE-2007-3214 || url,www.milw0rm.com/exploits/4054 || url,doc.emergingthreats.net/2005337
1 || 2005338 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template INSERT || cve,CVE-2007-3214 || url,www.milw0rm.com/exploits/4054 || url,doc.emergingthreats.net/2005338
1 || 2005339 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template DELETE || cve,CVE-2007-3214 || url,www.milw0rm.com/exploits/4054 || url,doc.emergingthreats.net/2005339
1 || 2005340 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template ASCII || cve,CVE-2007-3214 || url,www.milw0rm.com/exploits/4054 || url,doc.emergingthreats.net/2005340
1 || 2005341 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e-Vision CMS SQL Injection Attempt -- style.php template UPDATE || cve,CVE-2007-3214 || url,www.milw0rm.com/exploits/4054 || url,doc.emergingthreats.net/2005341
1 || 2005342 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass SELECT || cve,CVE-2007-3204 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005342
1 || 2005343 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass UNION SELECT || cve,CVE-2007-3204 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005343
1 || 2005344 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass INSERT || cve,CVE-2007-3204 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005344
1 || 2005345 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass DELETE || cve,CVE-2007-3204 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005345
1 || 2005346 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ASCII || cve,CVE-2007-3204 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005346
1 || 2005347 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass UPDATE || cve,CVE-2007-3204 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005347
1 || 2005348 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php SELECT || cve,CVE-2007-3197 || url,www.vbulletin.org/forum/showthread.php?t=94023&page=38 || url,doc.emergingthreats.net/2005348
1 || 2005349 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php UNION SELECT || cve,CVE-2007-3197 || url,www.vbulletin.org/forum/showthread.php?t=94023&page=38 || url,doc.emergingthreats.net/2005349
1 || 2005350 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php INSERT || cve,CVE-2007-3197 || url,www.vbulletin.org/forum/showthread.php?t=94023&page=38 || url,doc.emergingthreats.net/2005350
1 || 2005351 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php DELETE || cve,CVE-2007-3197 || url,www.vbulletin.org/forum/showthread.php?t=94023&page=38 || url,doc.emergingthreats.net/2005351
1 || 2005352 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php ASCII || cve,CVE-2007-3197 || url,www.vbulletin.org/forum/showthread.php?t=94023&page=38 || url,doc.emergingthreats.net/2005352
1 || 2005353 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBSupport SQL Injection Attempt -- vBSupport.php UPDATE || cve,CVE-2007-3197 || url,www.vbulletin.org/forum/showthread.php?t=94023&page=38 || url,doc.emergingthreats.net/2005353
1 || 2005354 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid SELECT || cve,CVE-2007-3196 || url,www.securityfocus.com/bid/24397 || url,doc.emergingthreats.net/2005354
1 || 2005355 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid UNION SELECT || cve,CVE-2007-3196 || url,www.securityfocus.com/bid/24397 || url,doc.emergingthreats.net/2005355
1 || 2005356 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid INSERT || cve,CVE-2007-3196 || url,www.securityfocus.com/bid/24397 || url,doc.emergingthreats.net/2005356
1 || 2005357 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid DELETE || cve,CVE-2007-3196 || url,www.securityfocus.com/bid/24397 || url,doc.emergingthreats.net/2005357
1 || 2005358 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid ASCII || cve,CVE-2007-3196 || url,www.securityfocus.com/bid/24397 || url,doc.emergingthreats.net/2005358
1 || 2005359 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSupport Integrated Ticket System SQL Injection Attempt -- vBSupport.php ticketid UPDATE || cve,CVE-2007-3196 || url,www.securityfocus.com/bid/24397 || url,doc.emergingthreats.net/2005359
1 || 2005360 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user SELECT || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005360
1 || 2005361 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user UNION SELECT || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005361
1 || 2005362 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user INSERT || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005362
1 || 2005363 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user DELETE || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005363
1 || 2005364 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user ASCII || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005364
1 || 2005365 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php user UPDATE || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005365
1 || 2005366 || 8 || web-application-attack || 0 || ET DELETED Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass SELECT || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005366
1 || 2005367 || 8 || web-application-attack || 0 || ET DELETED Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass UNION SELECT || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005367
1 || 2005368 || 8 || web-application-attack || 0 || ET DELETED Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass INSERT || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005368
1 || 2005369 || 8 || web-application-attack || 0 || ET DELETED Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass DELETE || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005369
1 || 2005370 || 8 || web-application-attack || 0 || ET DELETED Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass ASCII || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005370
1 || 2005371 || 8 || web-application-attack || 0 || ET DELETED Just For Fun Network Management System (JFFNMS) SQL Injection Attempt -- auth.php pass UPDATE || cve,CVE-2007-3190 || url,www.secunia.com/advisories/25587 || url,doc.emergingthreats.net/2005371
1 || 2005372 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id SELECT || cve,CVE-2007-3188 || url,www.milw0rm.com/exploits/4057 || url,doc.emergingthreats.net/2005372
1 || 2005373 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id UNION SELECT || cve,CVE-2007-3188 || url,www.milw0rm.com/exploits/4057 || url,doc.emergingthreats.net/2005373
1 || 2005374 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id INSERT || cve,CVE-2007-3188 || url,www.milw0rm.com/exploits/4057 || url,doc.emergingthreats.net/2005374
1 || 2005375 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id DELETE || cve,CVE-2007-3188 || url,www.milw0rm.com/exploits/4057 || url,doc.emergingthreats.net/2005375
1 || 2005376 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id ASCII || cve,CVE-2007-3188 || url,www.milw0rm.com/exploits/4057 || url,doc.emergingthreats.net/2005376
1 || 2005377 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fullaspsite GeometriX Download Portal SQL Injection Attempt -- down_indir.asp id UPDATE || cve,CVE-2007-3188 || url,www.milw0rm.com/exploits/4057 || url,doc.emergingthreats.net/2005377
1 || 2005378 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id SELECT || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005378
1 || 2005379 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id UNION SELECT || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005379
1 || 2005380 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id INSERT || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005380
1 || 2005381 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id DELETE || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005381
1 || 2005382 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id ASCII || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005382
1 || 2005383 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- group.php id UPDATE || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005383
1 || 2005384 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid SELECT || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005384
1 || 2005385 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid UNION SELECT || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005385
1 || 2005386 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid INSERT || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005386
1 || 2005387 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid DELETE || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005387
1 || 2005388 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid ASCII || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005388
1 || 2005389 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- table_broken.php lid UPDATE || cve,CVE-2007-0377 || url,www.securityfocus.com/bid/22399 || url,doc.emergingthreats.net/2005389
1 || 2005390 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005390
1 || 2005391 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php UNION SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005391
1 || 2005392 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php DELETE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005392
1 || 2005394 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php ASCII || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005394
1 || 2005395 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php UPDATE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005395
1 || 2005396 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005396
1 || 2005397 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php UNION SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005397
1 || 2005398 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php INSERT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005398
1 || 2005399 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php DELETE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005399
1 || 2005400 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php ASCII || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005400
1 || 2005401 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- gmail.php UPDATE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005401
1 || 2005402 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005402
1 || 2005403 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php UNION SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005403
1 || 2005404 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php INSERT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005404
1 || 2005405 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php DELETE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005405
1 || 2005406 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php ASCII || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005406
1 || 2005407 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php UPDATE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005407
1 || 2005408 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005408
1 || 2005409 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php UNION SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005409
1 || 2005410 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php INSERT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005410
1 || 2005411 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php DELETE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005411
1 || 2005412 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php ASCII || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005412
1 || 2005413 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- ldap.php UPDATE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005413
1 || 2005414 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005414
1 || 2005415 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php UNION SELECT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005415
1 || 2005416 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php INSERT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005416
1 || 2005417 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php DELETE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005417
1 || 2005418 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php ASCII || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005418
1 || 2005419 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- menu.php UPDATE || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005419
1 || 2005420 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005420
1 || 2005421 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where UNION SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005421
1 || 2005422 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where INSERT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005422
1 || 2005423 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where DELETE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005423
1 || 2005424 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where ASCII || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005424
1 || 2005425 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- content.php where UPDATE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005425
1 || 2005426 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005426
1 || 2005427 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where UNION SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005427
1 || 2005428 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where INSERT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005428
1 || 2005429 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where DELETE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005429
1 || 2005430 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where ASCII || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005430
1 || 2005431 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- weblinks.php where UPDATE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005431
1 || 2005432 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005432
1 || 2005433 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text UNION SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005433
1 || 2005434 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text INSERT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005434
1 || 2005435 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text DELETE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005435
1 || 2005436 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text ASCII || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005436
1 || 2005437 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- contacts.php text UPDATE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005437
1 || 2005438 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005438
1 || 2005439 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text UNION SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005439
1 || 2005440 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text INSERT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005440
1 || 2005441 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text DELETE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005441
1 || 2005442 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text ASCII || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005442
1 || 2005443 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- categories.php text UPDATE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005443
1 || 2005444 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005444
1 || 2005445 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text UNION SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005445
1 || 2005446 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text INSERT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005446
1 || 2005447 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text DELETE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005447
1 || 2005448 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text ASCII || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005448
1 || 2005449 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- sections.php text UPDATE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005449
1 || 2005450 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005450
1 || 2005451 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email UNION SELECT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005451
1 || 2005452 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email INSERT || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005452
1 || 2005453 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email DELETE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005453
1 || 2005454 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email ASCII || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005454
1 || 2005455 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- user.php email UPDATE || cve,CVE-2007-0373 || url,www.securityfocus.com/bid/22122 || url,doc.emergingthreats.net/2005455
1 || 2005456 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005456
1 || 2005457 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active UNION SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005457
1 || 2005458 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active INSERT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005458
1 || 2005459 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active DELETE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005459
1 || 2005460 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active ASCII || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005460
1 || 2005461 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active UPDATE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005461
1 || 2005462 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005462
1 || 2005463 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class UNION SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005463
1 || 2005464 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class INSERT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005464
1 || 2005465 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class DELETE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005465
1 || 2005466 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class ASCII || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005466
1 || 2005467 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class UPDATE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005467
1 || 2005468 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005468
1 || 2005469 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl UNION SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005469
1 || 2005470 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl INSERT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005470
1 || 2005471 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl DELETE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005471
1 || 2005472 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl ASCII || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005472
1 || 2005473 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl UPDATE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005473
1 || 2005474 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005474
1 || 2005475 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl UNION SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005475
1 || 2005476 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl INSERT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005476
1 || 2005477 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl DELETE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005477
1 || 2005478 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ASCII || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005478
1 || 2005479 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl UPDATE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005479
1 || 2005480 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005480
1 || 2005481 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code UNION SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005481
1 || 2005482 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code INSERT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005482
1 || 2005483 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code DELETE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005483
1 || 2005484 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code ASCII || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005484
1 || 2005485 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code UPDATE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005485
1 || 2005486 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005486
1 || 2005487 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position UNION SELECT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005487
1 || 2005489 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position INSERT || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005489
1 || 2005490 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position DELETE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005490
1 || 2005491 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position ASCII || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005491
1 || 2005492 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position UPDATE || cve,CVE-2007-0372 || url,www.securityfocus.com/bid/22116 || url,doc.emergingthreats.net/2005492
1 || 2005493 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid SELECT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005493
1 || 2005494 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid UNION SELECT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005494
1 || 2005495 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid INSERT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005495
1 || 2005496 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid DELETE || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005496
1 || 2005497 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid ASCII || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005497
1 || 2005498 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php Itemid UPDATE || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005498
1 || 2005499 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id SELECT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005499
1 || 2005500 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id UNION SELECT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005500
1 || 2005501 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id INSERT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005501
1 || 2005502 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id DELETE || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005502
1 || 2005503 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id ASCII || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005503
1 || 2005504 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php product_id UPDATE || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005504
1 || 2005505 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id SELECT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005505
1 || 2005506 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id UNION SELECT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005506
1 || 2005507 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id INSERT || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005507
1 || 2005508 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id DELETE || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005508
1 || 2005509 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id ASCII || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005509
1 || 2005510 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtuemart SQL Injection Attempt -- virtuemart_parser.php category_id UPDATE || cve,CVE-2006-6945 || url,www.securityfocus.com/bid/22123 || url,doc.emergingthreats.net/2005510
1 || 2005511 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGB OpenSource Guestbook SQL Injection Attempt -- email.php id SELECT || cve,CVE-2007-0354 || url,www.milw0rm.com/exploits/3141 || url,doc.emergingthreats.net/2005511
1 || 2005512 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGB OpenSource Guestbook SQL Injection Attempt -- email.php id UNION SELECT || cve,CVE-2007-0354 || url,www.milw0rm.com/exploits/3141 || url,doc.emergingthreats.net/2005512
1 || 2005514 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGB OpenSource Guestbook SQL Injection Attempt -- email.php id INSERT || cve,CVE-2007-0354 || url,www.milw0rm.com/exploits/3141 || url,doc.emergingthreats.net/2005514
1 || 2005515 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGB OpenSource Guestbook SQL Injection Attempt -- email.php id DELETE || cve,CVE-2007-0354 || url,www.milw0rm.com/exploits/3141 || url,doc.emergingthreats.net/2005515
1 || 2005516 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGB OpenSource Guestbook SQL Injection Attempt -- email.php id ASCII || cve,CVE-2007-0354 || url,www.milw0rm.com/exploits/3141 || url,doc.emergingthreats.net/2005516
1 || 2005517 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGB OpenSource Guestbook SQL Injection Attempt -- email.php id UPDATE || cve,CVE-2007-0354 || url,www.milw0rm.com/exploits/3141 || url,doc.emergingthreats.net/2005517
1 || 2005518 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005518
1 || 2005519 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005519
1 || 2005520 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005520
1 || 2005521 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005521
1 || 2005522 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005522
1 || 2005523 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php ps UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005523
1 || 2005524 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005524
1 || 2005525 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005525
1 || 2005526 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005526
1 || 2005527 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005527
1 || 2005528 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005528
1 || 2005529 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php us UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005529
1 || 2005530 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005530
1 || 2005531 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005531
1 || 2005532 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005532
1 || 2005533 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005533
1 || 2005534 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005534
1 || 2005535 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php f UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005535
1 || 2005536 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005536
1 || 2005537 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005537
1 || 2005538 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005538
1 || 2005539 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005539
1 || 2005540 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005540
1 || 2005541 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- index.php code UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005541
1 || 2005542 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php code SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005542
1 || 2005543 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php code UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005543
1 || 2005544 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php code INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005544
1 || 2005545 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php code DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005545
1 || 2005546 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php code ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005546
1 || 2005547 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php code UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005547
1 || 2005548 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php f SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005548
1 || 2005549 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php f UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005549
1 || 2005550 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php f INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005550
1 || 2005551 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php f DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005551
1 || 2005552 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php f ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005552
1 || 2005553 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php f UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005553
1 || 2005554 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php us SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005554
1 || 2005555 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php us UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005555
1 || 2005556 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php us INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005556
1 || 2005557 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php us DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005557
1 || 2005558 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php us ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005558
1 || 2005559 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php us UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005559
1 || 2005560 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php ps SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005560
1 || 2005561 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php ps UNION SELECT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005561
1 || 2005562 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php ps INSERT || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005562
1 || 2005563 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php ps DELETE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005563
1 || 2005564 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php ps ASCII || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005564
1 || 2005566 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SmE FileMailer SQL Injection Attempt -- dl.php ps UPDATE || cve,CVE-2007-0350 || url,www.frsirt.com/english/advisories/2007/0221 || url,doc.emergingthreats.net/2005566
1 || 2005567 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ThWboard SQL Injection Attempt -- index.php board SELECT || cve,CVE-2007-0340 || url,www.milw0rm.com/exploits/3124 || url,doc.emergingthreats.net/2005567
1 || 2005568 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ThWboard SQL Injection Attempt -- index.php board UNION SELECT || cve,CVE-2007-0340 || url,www.milw0rm.com/exploits/3124 || url,doc.emergingthreats.net/2005568
1 || 2005569 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ThWboard SQL Injection Attempt -- index.php board INSERT || cve,CVE-2007-0340 || url,www.milw0rm.com/exploits/3124 || url,doc.emergingthreats.net/2005569
1 || 2005570 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ThWboard SQL Injection Attempt -- index.php board DELETE || cve,CVE-2007-0340 || url,www.milw0rm.com/exploits/3124 || url,doc.emergingthreats.net/2005570
1 || 2005571 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ThWboard SQL Injection Attempt -- index.php board ASCII || cve,CVE-2007-0340 || url,www.milw0rm.com/exploits/3124 || url,doc.emergingthreats.net/2005571
1 || 2005572 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ThWboard SQL Injection Attempt -- index.php board UPDATE || cve,CVE-2007-0340 || url,www.milw0rm.com/exploits/3124 || url,doc.emergingthreats.net/2005572
1 || 2005573 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name SELECT || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005573
1 || 2005574 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UNION SELECT || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005574
1 || 2005575 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name INSERT || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005575
1 || 2005576 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name DELETE || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005576
1 || 2005577 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name ASCII || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005577
1 || 2005578 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_authorization.php xuser_name UPDATE || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005578
1 || 2005579 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did SELECT || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005579
1 || 2005580 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UNION SELECT || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005580
1 || 2005581 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did INSERT || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005581
1 || 2005582 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did DELETE || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005582
1 || 2005583 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did ASCII || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005583
1 || 2005584 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_downloads.php did UPDATE || cve,CVE-2007-0316 || url,www.securityfocus.com/bid/22032 || url,doc.emergingthreats.net/2005584
1 || 2005585 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat SELECT || cve,CVE-2007-0309 || url,www.securityfocus.com/bid/22037 || url,doc.emergingthreats.net/2005585
1 || 2005586 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat UNION SELECT || cve,CVE-2007-0309 || url,www.securityfocus.com/bid/22037 || url,doc.emergingthreats.net/2005586
1 || 2005587 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat INSERT || cve,CVE-2007-0309 || url,www.securityfocus.com/bid/22037 || url,doc.emergingthreats.net/2005587
1 || 2005588 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat DELETE || cve,CVE-2007-0309 || url,www.securityfocus.com/bid/22037 || url,doc.emergingthreats.net/2005588
1 || 2005589 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat ASCII || cve,CVE-2007-0309 || url,www.securityfocus.com/bid/22037 || url,doc.emergingthreats.net/2005589
1 || 2005590 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- block-Old_Articles.php cat UPDATE || cve,CVE-2007-0309 || url,www.securityfocus.com/bid/22037 || url,doc.emergingthreats.net/2005590
1 || 2005591 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id SELECT || cve,CVE-2007-0306 || url,www.milw0rm.com/exploits/3122 || url,doc.emergingthreats.net/2005591
1 || 2005592 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id UNION SELECT || cve,CVE-2007-0306 || url,www.milw0rm.com/exploits/3122 || url,doc.emergingthreats.net/2005592
1 || 2005593 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id INSERT || cve,CVE-2007-0306 || url,www.milw0rm.com/exploits/3122 || url,doc.emergingthreats.net/2005593
1 || 2005594 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id DELETE || cve,CVE-2007-0306 || url,www.milw0rm.com/exploits/3122 || url,doc.emergingthreats.net/2005594
1 || 2005595 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id ASCII || cve,CVE-2007-0306 || url,www.milw0rm.com/exploits/3122 || url,doc.emergingthreats.net/2005595
1 || 2005596 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digiappz DigiAffiliate SQL Injection Attempt -- visu_user.asp id UPDATE || cve,CVE-2007-0306 || url,www.milw0rm.com/exploits/3122 || url,doc.emergingthreats.net/2005596
1 || 2005597 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id SELECT || cve,CVE-2007-0305 || url,www.milw0rm.com/exploits/3135 || url,doc.emergingthreats.net/2005597
1 || 2005598 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id UNION SELECT || cve,CVE-2007-0305 || url,www.milw0rm.com/exploits/3135 || url,doc.emergingthreats.net/2005598
1 || 2005599 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id INSERT || cve,CVE-2007-0305 || url,www.milw0rm.com/exploits/3135 || url,doc.emergingthreats.net/2005599
1 || 2005600 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id DELETE || cve,CVE-2007-0305 || url,www.milw0rm.com/exploits/3135 || url,doc.emergingthreats.net/2005600
1 || 2005601 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id ASCII || cve,CVE-2007-0305 || url,www.milw0rm.com/exploits/3135 || url,doc.emergingthreats.net/2005601
1 || 2005602 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id UPDATE || cve,CVE-2007-0305 || url,www.milw0rm.com/exploits/3135 || url,doc.emergingthreats.net/2005602
1 || 2005603 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id SELECT || cve,CVE-2007-0304 || url,www.milw0rm.com/exploits/3120 || url,doc.emergingthreats.net/2005603
1 || 2005604 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id UNION SELECT || cve,CVE-2007-0304 || url,www.milw0rm.com/exploits/3120 || url,doc.emergingthreats.net/2005604
1 || 2005605 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id INSERT || cve,CVE-2007-0304 || url,www.milw0rm.com/exploits/3120 || url,doc.emergingthreats.net/2005605
1 || 2005606 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id DELETE || cve,CVE-2007-0304 || url,www.milw0rm.com/exploits/3120 || url,doc.emergingthreats.net/2005606
1 || 2005607 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id ASCII || cve,CVE-2007-0304 || url,www.milw0rm.com/exploits/3120 || url,doc.emergingthreats.net/2005607
1 || 2005608 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id UPDATE || cve,CVE-2007-0304 || url,www.milw0rm.com/exploits/3120 || url,doc.emergingthreats.net/2005608
1 || 2005609 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder SELECT || cve,CVE-2006-6937 || url,www.securityfocus.com/bid/21138 || url,doc.emergingthreats.net/2005609
1 || 2005610 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder UNION SELECT || cve,CVE-2006-6937 || url,www.securityfocus.com/bid/21138 || url,doc.emergingthreats.net/2005610
1 || 2005611 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder INSERT || cve,CVE-2006-6937 || url,www.securityfocus.com/bid/21138 || url,doc.emergingthreats.net/2005611
1 || 2005612 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder DELETE || cve,CVE-2006-6937 || url,www.securityfocus.com/bid/21138 || url,doc.emergingthreats.net/2005612
1 || 2005613 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder ASCII || cve,CVE-2006-6937 || url,www.securityfocus.com/bid/21138 || url,doc.emergingthreats.net/2005613
1 || 2005614 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xtreme ASP Photo Gallery SQL Injection Attempt -- displaypic.asp sortorder UPDATE || cve,CVE-2006-6937 || url,www.securityfocus.com/bid/21138 || url,doc.emergingthreats.net/2005614
1 || 2005615 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid SELECT || cve,CVE-2007-0266 || url,www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded || url,doc.emergingthreats.net/2005615
1 || 2005616 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid UNION SELECT || cve,CVE-2007-0266 || url,www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded || url,doc.emergingthreats.net/2005616
1 || 2005617 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid INSERT || cve,CVE-2007-0266 || url,www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded || url,doc.emergingthreats.net/2005617
1 || 2005618 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid DELETE || cve,CVE-2007-0266 || url,www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded || url,doc.emergingthreats.net/2005618
1 || 2005619 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid ASCII || cve,CVE-2007-0266 || url,www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded || url,doc.emergingthreats.net/2005619
1 || 2005620 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ezboxx Portal System Beta SQL Injection Attempt -- ShowAppendix.asp iid UPDATE || cve,CVE-2007-0266 || url,www.securityfocus.com/archive/1/archive/1/456699/100/0/threaded || url,doc.emergingthreats.net/2005620
1 || 2005621 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid SELECT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005621
1 || 2005622 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid UNION SELECT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005622
1 || 2005623 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid INSERT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005623
1 || 2005624 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid DELETE || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005624
1 || 2005625 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid ASCII || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005625
1 || 2005626 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php blogid UPDATE || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005626
1 || 2005627 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid SELECT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005627
1 || 2005628 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid UNION SELECT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005628
1 || 2005629 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid INSERT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005629
1 || 2005630 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid DELETE || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005630
1 || 2005631 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid ASCII || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005631
1 || 2005632 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- archive.php pid UPDATE || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005632
1 || 2005633 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid SELECT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005633
1 || 2005634 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid UNION SELECT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005634
1 || 2005635 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid INSERT || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005635
1 || 2005636 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid DELETE || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005636
1 || 2005637 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid ASCII || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005637
1 || 2005638 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portix-PHP SQL Injection Attempt -- index.php blogid UPDATE || cve,CVE-2006-6935 || url,www.securityfocus.com/bid/20974/exploit || url,doc.emergingthreats.net/2005638
1 || 2005639 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id SELECT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005639
1 || 2005640 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id UNION SELECT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005640
1 || 2005641 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id INSERT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005641
1 || 2005642 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id DELETE || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005642
1 || 2005643 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id ASCII || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005643
1 || 2005644 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- dispimage.asp id UPDATE || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005644
1 || 2005645 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp order SELECT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005645
1 || 2005646 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp order UNION SELECT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005646
1 || 2005647 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp order INSERT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005647
1 || 2005648 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp order DELETE || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005648
1 || 2005649 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp order ASCII || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005649
1 || 2005650 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp order UPDATE || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005650
1 || 2005651 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp page SELECT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005651
1 || 2005652 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp page UNION SELECT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005652
1 || 2005653 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp page INSERT || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005653
1 || 2005654 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp page DELETE || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005654
1 || 2005655 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp page ASCII || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005655
1 || 2005656 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp page UPDATE || cve,CVE-2006-6932 || url,www.securityfocus.com/bid/21131 || url,doc.emergingthreats.net/2005656
1 || 2005657 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php SELECT || cve,CVE-2007-0233 || url,www.milw0rm.com/exploits/3109 || url,doc.emergingthreats.net/2005657
1 || 2005658 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php UNION SELECT || cve,CVE-2007-0233 || url,www.milw0rm.com/exploits/3109 || url,doc.emergingthreats.net/2005658
1 || 2005659 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php INSERT || cve,CVE-2007-0233 || url,www.milw0rm.com/exploits/3109 || url,doc.emergingthreats.net/2005659
1 || 2005660 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php DELETE || cve,CVE-2007-0233 || url,www.milw0rm.com/exploits/3109 || url,doc.emergingthreats.net/2005660
1 || 2005661 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php ASCII || cve,CVE-2007-0233 || url,www.milw0rm.com/exploits/3109 || url,doc.emergingthreats.net/2005661
1 || 2005662 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SQL Injection Attempt -- wp-trackback.php UPDATE || cve,CVE-2007-0233 || url,www.milw0rm.com/exploits/3109 || url,doc.emergingthreats.net/2005662
1 || 2005663 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx SELECT || cve,CVE-2007-0226 || url,www.milw0rm.com/exploits/3106 || url,doc.emergingthreats.net/2005663
1 || 2005664 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx UNION SELECT || cve,CVE-2007-0226 || url,www.milw0rm.com/exploits/3106 || url,doc.emergingthreats.net/2005664
1 || 2005665 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx INSERT || cve,CVE-2007-0226 || url,www.milw0rm.com/exploits/3106 || url,doc.emergingthreats.net/2005665
1 || 2005666 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx DELETE || cve,CVE-2007-0226 || url,www.milw0rm.com/exploits/3106 || url,doc.emergingthreats.net/2005666
1 || 2005667 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx ASCII || cve,CVE-2007-0226 || url,www.milw0rm.com/exploits/3106 || url,doc.emergingthreats.net/2005667
1 || 2005668 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS uniForum SQL Injection Attempt -- wbsearch.aspx UPDATE || cve,CVE-2007-0226 || url,www.milw0rm.com/exploits/3106 || url,doc.emergingthreats.net/2005668
1 || 2005669 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname SELECT || cve,CVE-2007-0224 || url,www.milw0rm.com/exploits/3115 || url,doc.emergingthreats.net/2005669
1 || 2005670 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname UNION SELECT || cve,CVE-2007-0224 || url,www.milw0rm.com/exploits/3115 || url,doc.emergingthreats.net/2005670
1 || 2005671 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname INSERT || cve,CVE-2007-0224 || url,www.milw0rm.com/exploits/3115 || url,doc.emergingthreats.net/2005671
1 || 2005672 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname DELETE || cve,CVE-2007-0224 || url,www.milw0rm.com/exploits/3115 || url,doc.emergingthreats.net/2005672
1 || 2005673 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname ASCII || cve,CVE-2007-0224 || url,www.milw0rm.com/exploits/3115 || url,doc.emergingthreats.net/2005673
1 || 2005674 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VP-ASP Shopping Cart SQL Injection Attempt -- shopgiftregsearch.asp LoginLastname UPDATE || cve,CVE-2007-0224 || url,www.milw0rm.com/exploits/3115 || url,doc.emergingthreats.net/2005674
1 || 2005675 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category SELECT || cve,CVE-2007-0223 || url,www.secunia.com/advisories/23726 || url,doc.emergingthreats.net/2005675
1 || 2005676 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UNION SELECT || cve,CVE-2007-0223 || url,www.secunia.com/advisories/23726 || url,doc.emergingthreats.net/2005676
1 || 2005677 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category INSERT || cve,CVE-2007-0223 || url,www.secunia.com/advisories/23726 || url,doc.emergingthreats.net/2005677
1 || 2005678 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category DELETE || cve,CVE-2007-0223 || url,www.secunia.com/advisories/23726 || url,doc.emergingthreats.net/2005678
1 || 2005679 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category ASCII || cve,CVE-2007-0223 || url,www.secunia.com/advisories/23726 || url,doc.emergingthreats.net/2005679
1 || 2005680 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UPDATE || cve,CVE-2007-0223 || url,www.secunia.com/advisories/23726 || url,doc.emergingthreats.net/2005680
1 || 2005681 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rapid Classified SQL Injection Attempt -- viewad.asp id SELECT || cve,CVE-2006-6930 || url,www.securityfocus.com/bid/21197 || url,doc.emergingthreats.net/2005681
1 || 2005682 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rapid Classified SQL Injection Attempt -- viewad.asp id UNION SELECT || cve,CVE-2006-6930 || url,www.securityfocus.com/bid/21197 || url,doc.emergingthreats.net/2005682
1 || 2005683 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rapid Classified SQL Injection Attempt -- viewad.asp id INSERT || cve,CVE-2006-6930 || url,www.securityfocus.com/bid/21197 || url,doc.emergingthreats.net/2005683
1 || 2005684 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rapid Classified SQL Injection Attempt -- viewad.asp id DELETE || cve,CVE-2006-6930 || url,www.securityfocus.com/bid/21197 || url,doc.emergingthreats.net/2005684
1 || 2005685 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rapid Classified SQL Injection Attempt -- viewad.asp id ASCII || cve,CVE-2006-6930 || url,www.securityfocus.com/bid/21197 || url,doc.emergingthreats.net/2005685
1 || 2005686 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rapid Classified SQL Injection Attempt -- viewad.asp id UPDATE || cve,CVE-2006-6930 || url,www.securityfocus.com/bid/21197 || url,doc.emergingthreats.net/2005686
1 || 2005687 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005687
1 || 2005688 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005688
1 || 2005689 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005689
1 || 2005690 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005690
1 || 2005691 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005691
1 || 2005692 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listfull.asp ID UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005692
1 || 2005693 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005693
1 || 2005694 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005694
1 || 2005695 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005695
1 || 2005696 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005696
1 || 2005697 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005697
1 || 2005698 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- printmain.asp ID UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005698
1 || 2005699 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005699
1 || 2005700 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005700
1 || 2005701 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005701
1 || 2005702 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005702
1 || 2005703 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005703
1 || 2005704 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- listmain.asp cat UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005704
1 || 2005705 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005705
1 || 2005706 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005706
1 || 2005707 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005707
1 || 2005708 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005708
1 || 2005709 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005709
1 || 2005710 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cat UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005710
1 || 2005711 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005711
1 || 2005712 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005712
1 || 2005713 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005713
1 || 2005714 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005714
1 || 2005715 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005715
1 || 2005716 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp cat UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005716
1 || 2005717 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005717
1 || 2005718 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005718
1 || 2005719 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005719
1 || 2005720 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005720
1 || 2005721 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005721
1 || 2005722 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp Keyword UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005722
1 || 2005723 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005723
1 || 2005724 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005724
1 || 2005725 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005725
1 || 2005726 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005726
1 || 2005727 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005727
1 || 2005728 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchmain.asp area UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005728
1 || 2005729 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005729
1 || 2005730 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005730
1 || 2005731 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005731
1 || 2005732 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005732
1 || 2005733 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005733
1 || 2005734 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp area UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005734
1 || 2005735 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005735
1 || 2005736 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005736
1 || 2005738 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005738
1 || 2005739 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005739
1 || 2005740 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005740
1 || 2005741 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchkey.asp searchin UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005741
1 || 2005742 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost1 SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005742
1 || 2005743 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost1 UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005743
1 || 2005744 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost1 INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005744
1 || 2005745 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost1 DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005745
1 || 2005746 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost1 ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005746
1 || 2005747 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost1 UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005747
1 || 2005748 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005748
1 || 2005749 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005749
1 || 2005750 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005750
1 || 2005751 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005751
1 || 2005752 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005752
1 || 2005753 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp cost2 UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005753
1 || 2005754 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp acreage1 SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005754
1 || 2005755 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp acreage1 UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005755
1 || 2005756 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp acreage1 INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005756
1 || 2005757 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp acreage1 DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005757
1 || 2005758 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp acreage1 ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005758
1 || 2005759 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp acreage1 UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005759
1 || 2005760 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005760
1 || 2005761 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 UNION SELECT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005761
1 || 2005762 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 INSERT || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005762
1 || 2005763 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 DELETE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005763
1 || 2005764 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 ASCII || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005764
1 || 2005765 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rialto SQL Injection Attempt -- searchoption.asp squarefeet1 UPDATE || cve,CVE-2006-6927 || url,www.securityfocus.com/bid/21191 || url,doc.emergingthreats.net/2005765
1 || 2005766 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk SELECT || cve,CVE-2006-6923 || url,www.securityfocus.com/bid/20996 || url,doc.emergingthreats.net/2005766
1 || 2005767 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UNION SELECT || cve,CVE-2006-6923 || url,www.securityfocus.com/bid/20996 || url,doc.emergingthreats.net/2005767
1 || 2005768 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk INSERT || cve,CVE-2006-6923 || url,www.securityfocus.com/bid/20996 || url,doc.emergingthreats.net/2005768
1 || 2005769 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk DELETE || cve,CVE-2006-6923 || url,www.securityfocus.com/bid/20996 || url,doc.emergingthreats.net/2005769
1 || 2005770 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk ASCII || cve,CVE-2006-6923 || url,www.securityfocus.com/bid/20996 || url,doc.emergingthreats.net/2005770
1 || 2005771 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bitweaver SQL Injection Attempt -- edition.php tk UPDATE || cve,CVE-2006-6923 || url,www.securityfocus.com/bid/20996 || url,doc.emergingthreats.net/2005771
1 || 2005772 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang SELECT || cve,CVE-2007-0202 || url,www.milw0rm.com/exploits/3103 || url,doc.emergingthreats.net/2005772
1 || 2005773 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang UNION SELECT || cve,CVE-2007-0202 || url,www.milw0rm.com/exploits/3103 || url,doc.emergingthreats.net/2005773
1 || 2005774 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang INSERT || cve,CVE-2007-0202 || url,www.milw0rm.com/exploits/3103 || url,doc.emergingthreats.net/2005774
1 || 2005775 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang DELETE || cve,CVE-2007-0202 || url,www.milw0rm.com/exploits/3103 || url,doc.emergingthreats.net/2005775
1 || 2005776 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang ASCII || cve,CVE-2007-0202 || url,www.milw0rm.com/exploits/3103 || url,doc.emergingthreats.net/2005776
1 || 2005777 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS @lex Guestbook SQL Injection Attempt -- index.php lang UPDATE || cve,CVE-2007-0202 || url,www.milw0rm.com/exploits/3103 || url,doc.emergingthreats.net/2005777
1 || 2005778 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName SELECT || cve,CVE-2007-0196 || url,www.milw0rm.com/exploits/3105 || url,doc.emergingthreats.net/2005778
1 || 2005779 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName UNION SELECT || cve,CVE-2007-0196 || url,www.milw0rm.com/exploits/3105 || url,doc.emergingthreats.net/2005779
1 || 2005780 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName INSERT || cve,CVE-2007-0196 || url,www.milw0rm.com/exploits/3105 || url,doc.emergingthreats.net/2005780
1 || 2005781 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName DELETE || cve,CVE-2007-0196 || url,www.milw0rm.com/exploits/3105 || url,doc.emergingthreats.net/2005781
1 || 2005782 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName ASCII || cve,CVE-2007-0196 || url,www.milw0rm.com/exploits/3105 || url,doc.emergingthreats.net/2005782
1 || 2005783 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName UPDATE || cve,CVE-2007-0196 || url,www.milw0rm.com/exploits/3105 || url,doc.emergingthreats.net/2005783
1 || 2005784 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid SELECT || cve,CVE-2007-0179 || url,www.securityfocus.com/bid/21962 || url,doc.emergingthreats.net/2005784
1 || 2005785 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid UNION SELECT || cve,CVE-2007-0179 || url,www.securityfocus.com/bid/21962 || url,doc.emergingthreats.net/2005785
1 || 2005786 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid INSERT || cve,CVE-2007-0179 || url,www.securityfocus.com/bid/21962 || url,doc.emergingthreats.net/2005786
1 || 2005787 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid DELETE || cve,CVE-2007-0179 || url,www.securityfocus.com/bid/21962 || url,doc.emergingthreats.net/2005787
1 || 2005788 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid ASCII || cve,CVE-2007-0179 || url,www.securityfocus.com/bid/21962 || url,doc.emergingthreats.net/2005788
1 || 2005789 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid UPDATE || cve,CVE-2007-0179 || url,www.securityfocus.com/bid/21962 || url,doc.emergingthreats.net/2005789
1 || 2005790 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID SELECT || cve,CVE-2007-0142 || url,www.securityfocus.com/bid/21905 || url,doc.emergingthreats.net/2005790
1 || 2005791 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID UNION SELECT || cve,CVE-2007-0142 || url,www.securityfocus.com/bid/21905 || url,doc.emergingthreats.net/2005791
1 || 2005792 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID INSERT || cve,CVE-2007-0142 || url,www.securityfocus.com/bid/21905 || url,doc.emergingthreats.net/2005792
1 || 2005793 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID DELETE || cve,CVE-2007-0142 || url,www.securityfocus.com/bid/21905 || url,doc.emergingthreats.net/2005793
1 || 2005794 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID ASCII || cve,CVE-2007-0142 || url,www.securityfocus.com/bid/21905 || url,doc.emergingthreats.net/2005794
1 || 2005795 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopStoreNow E-commerce Shopping Cart SQL Injection Attempt -- orange.asp CatID UPDATE || cve,CVE-2007-0142 || url,www.securityfocus.com/bid/21905 || url,doc.emergingthreats.net/2005795
1 || 2005796 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id SELECT || cve,CVE-2007-0140 || url,www.securityfocus.com/bid/21889 || url,doc.emergingthreats.net/2005796
1 || 2005797 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id UNION SELECT || cve,CVE-2007-0140 || url,www.securityfocus.com/bid/21889 || url,doc.emergingthreats.net/2005797
1 || 2005798 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id INSERT || cve,CVE-2007-0140 || url,www.securityfocus.com/bid/21889 || url,doc.emergingthreats.net/2005798
1 || 2005799 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id DELETE || cve,CVE-2007-0140 || url,www.securityfocus.com/bid/21889 || url,doc.emergingthreats.net/2005799
1 || 2005800 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id ASCII || cve,CVE-2007-0140 || url,www.securityfocus.com/bid/21889 || url,doc.emergingthreats.net/2005800
1 || 2005801 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kolayindir Download (Yenionline) SQL Injection Attempt -- down.asp id UPDATE || cve,CVE-2007-0140 || url,www.securityfocus.com/bid/21889 || url,doc.emergingthreats.net/2005801
1 || 2005802 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SQL Injection Attempt -- example.php INSERT || cve,CVE-2007-0375 || url,www.securityfocus.com/archive/1/archive/1/459203/100/0/threaded || url,doc.emergingthreats.net/2005802
1 || 2005804 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php id INSERT || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005804
1 || 2005806 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php id DELETE || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005806
1 || 2005807 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php id SELECT || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005807
1 || 2005808 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php id UNION SELECT || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005808
1 || 2005809 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php id ASCII || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005809
1 || 2005810 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php id UPDATE || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005810
1 || 2005811 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie SELECT || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005811
1 || 2005812 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie UNION SELECT || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005812
1 || 2005813 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie INSERT || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005813
1 || 2005814 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie DELETE || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005814
1 || 2005815 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie ASCII || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005815
1 || 2005816 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- display_review.php user_login_cookie UPDATE || cve,CVE-2007-0133 || url,www.frsirt.com/english/advisories/2007/0056 || url,doc.emergingthreats.net/2005816
1 || 2005817 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- compare_product.php id SELECT || cve,CVE-2007-0132 || url,www.milw0rm.com/exploits/3083 || url,doc.emergingthreats.net/2005817
1 || 2005818 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- compare_product.php id UNION SELECT || cve,CVE-2007-0132 || url,www.milw0rm.com/exploits/3083 || url,doc.emergingthreats.net/2005818
1 || 2005819 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- compare_product.php id INSERT || cve,CVE-2007-0132 || url,www.milw0rm.com/exploits/3083 || url,doc.emergingthreats.net/2005819
1 || 2005820 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- compare_product.php id DELETE || cve,CVE-2007-0132 || url,www.milw0rm.com/exploits/3083 || url,doc.emergingthreats.net/2005820
1 || 2005821 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- compare_product.php id ASCII || cve,CVE-2007-0132 || url,www.milw0rm.com/exploits/3083 || url,doc.emergingthreats.net/2005821
1 || 2005822 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Shop SQL Injection Attempt -- compare_product.php id UPDATE || cve,CVE-2007-0132 || url,www.milw0rm.com/exploits/3083 || url,doc.emergingthreats.net/2005822
1 || 2005823 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Calendar SQL Injection Attempt -- user.php id SELECT || cve,CVE-2007-0130 || url,www.milw0rm.com/exploits/3082 || url,doc.emergingthreats.net/2005823
1 || 2005824 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Calendar SQL Injection Attempt -- user.php id UNION SELECT || cve,CVE-2007-0130 || url,www.milw0rm.com/exploits/3082 || url,doc.emergingthreats.net/2005824
1 || 2005825 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Calendar SQL Injection Attempt -- user.php id INSERT || cve,CVE-2007-0130 || url,www.milw0rm.com/exploits/3082 || url,doc.emergingthreats.net/2005825
1 || 2005826 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Calendar SQL Injection Attempt -- user.php id DELETE || cve,CVE-2007-0130 || url,www.milw0rm.com/exploits/3082 || url,doc.emergingthreats.net/2005826
1 || 2005827 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Calendar SQL Injection Attempt -- user.php id ASCII || cve,CVE-2007-0130 || url,www.milw0rm.com/exploits/3082 || url,doc.emergingthreats.net/2005827
1 || 2005828 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGeneric iG Calendar SQL Injection Attempt -- user.php id UPDATE || cve,CVE-2007-0130 || url,www.milw0rm.com/exploits/3082 || url,doc.emergingthreats.net/2005828
1 || 2005829 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LocazoList SQL Injection Attempt -- main.asp subcatID SELECT || cve,CVE-2007-0129 || url,www.exploit-db.com/exploits/3073/ || url,doc.emergingthreats.net/2005829
1 || 2005830 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LocazoList SQL Injection Attempt -- main.asp subcatID UNION SELECT || cve,CVE-2007-0129 || url,www.exploit-db.com/exploits/3073/ || url,doc.emergingthreats.net/2005830
1 || 2005831 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LocazoList SQL Injection Attempt -- main.asp subcatID INSERT || cve,CVE-2007-0129 || url,www.exploit-db.com/exploits/3073/ || url,doc.emergingthreats.net/2005831
1 || 2005832 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LocazoList SQL Injection Attempt -- main.asp subcatID DELETE || cve,CVE-2007-0129 || url,www.exploit-db.com/exploits/3073/ || url,doc.emergingthreats.net/2005832
1 || 2005833 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LocazoList SQL Injection Attempt -- main.asp subcatID ASCII || cve,CVE-2007-0129 || url,www.exploit-db.com/exploits/3073/ || url,doc.emergingthreats.net/2005833
1 || 2005834 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LocazoList SQL Injection Attempt -- main.asp subcatID UPDATE || cve,CVE-2007-0129 || url,www.exploit-db.com/exploits/3073/ || url,doc.emergingthreats.net/2005834
1 || 2005835 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id SELECT || cve,CVE-2007-0128 || url,www.milw0rm.com/exploits/3081 || url,doc.emergingthreats.net/2005835
1 || 2005836 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id UNION SELECT || cve,CVE-2007-0128 || url,www.milw0rm.com/exploits/3081 || url,doc.emergingthreats.net/2005836
1 || 2005837 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id INSERT || cve,CVE-2007-0128 || url,www.milw0rm.com/exploits/3081 || url,doc.emergingthreats.net/2005837
1 || 2005838 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id DELETE || cve,CVE-2007-0128 || url,www.milw0rm.com/exploits/3081 || url,doc.emergingthreats.net/2005838
1 || 2005839 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id ASCII || cve,CVE-2007-0128 || url,www.milw0rm.com/exploits/3081 || url,doc.emergingthreats.net/2005839
1 || 2005840 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digirez SQL Injection Attempt -- info_book.asp book_id UPDATE || cve,CVE-2007-0128 || url,www.milw0rm.com/exploits/3081 || url,doc.emergingthreats.net/2005840
1 || 2005841 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat SELECT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005841
1 || 2005842 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat UNION SELECT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005842
1 || 2005843 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat INSERT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005843
1 || 2005844 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat DELETE || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005844
1 || 2005845 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat ASCII || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005845
1 || 2005846 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat UPDATE || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005846
1 || 2005847 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid SELECT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005847
1 || 2005848 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid UNION SELECT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005848
1 || 2005849 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid INSERT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005849
1 || 2005850 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid DELETE || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005850
1 || 2005851 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid ASCII || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005851
1 || 2005852 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid UPDATE || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005852
1 || 2005853 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start SELECT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005853
1 || 2005854 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start UNION SELECT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005854
1 || 2005855 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start INSERT || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005855
1 || 2005856 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start DELETE || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005856
1 || 2005857 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start ASCII || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005857
1 || 2005858 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start UPDATE || cve,CVE-2007-0122 || url,www.securityfocus.com/bid/21894 || url,doc.emergingthreats.net/2005858
1 || 2005859 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreateAuction SQL Injection Attempt -- cats.asp catid SELECT || cve,CVE-2007-0112 || url,www.securityfocus.com/bid/21929 || url,doc.emergingthreats.net/2005859
1 || 2005860 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreateAuction SQL Injection Attempt -- cats.asp catid UNION SELECT || cve,CVE-2007-0112 || url,www.securityfocus.com/bid/21929 || url,doc.emergingthreats.net/2005860
1 || 2005861 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreateAuction SQL Injection Attempt -- cats.asp catid INSERT || cve,CVE-2007-0112 || url,www.securityfocus.com/bid/21929 || url,doc.emergingthreats.net/2005861
1 || 2005862 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreateAuction SQL Injection Attempt -- cats.asp catid DELETE || cve,CVE-2007-0112 || url,www.securityfocus.com/bid/21929 || url,doc.emergingthreats.net/2005862
1 || 2005863 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreateAuction SQL Injection Attempt -- cats.asp catid ASCII || cve,CVE-2007-0112 || url,www.securityfocus.com/bid/21929 || url,doc.emergingthreats.net/2005863
1 || 2005864 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CreateAuction SQL Injection Attempt -- cats.asp catid UPDATE || cve,CVE-2007-0112 || url,www.securityfocus.com/bid/21929 || url,doc.emergingthreats.net/2005864
1 || 2005865 || 6 || web-application-attack || 0 || ET DELETED WordPress SQL Injection Attempt -- wp-trackback.php SELECT || cve,CVE-2007-0107 || url,www.securityfocus.com/bid/21907 || url,doc.emergingthreats.net/2005865
1 || 2005866 || 6 || web-application-attack || 0 || ET DELETED WordPress SQL Injection Attempt -- wp-trackback.php UNION SELECT || cve,CVE-2007-0107 || url,www.securityfocus.com/bid/21907 || url,doc.emergingthreats.net/2005866
1 || 2005867 || 6 || web-application-attack || 0 || ET DELETED WordPress SQL Injection Attempt -- wp-trackback.php INSERT || cve,CVE-2007-0107 || url,www.securityfocus.com/bid/21907 || url,doc.emergingthreats.net/2005867
1 || 2005868 || 6 || web-application-attack || 0 || ET DELETED WordPress SQL Injection Attempt -- wp-trackback.php DELETE || cve,CVE-2007-0107 || url,www.securityfocus.com/bid/21907 || url,doc.emergingthreats.net/2005868
1 || 2005869 || 6 || web-application-attack || 0 || ET DELETED WordPress SQL Injection Attempt -- wp-trackback.php ASCII || cve,CVE-2007-0107 || url,www.securityfocus.com/bid/21907 || url,doc.emergingthreats.net/2005869
1 || 2005870 || 6 || web-application-attack || 0 || ET DELETED WordPress SQL Injection Attempt -- wp-trackback.php UPDATE || cve,CVE-2007-0107 || url,www.securityfocus.com/bid/21907 || url,doc.emergingthreats.net/2005870
1 || 2005871 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Web Content Management System SQL Injection Attempt -- page.php id SELECT || cve,CVE-2007-0093 || url,www.milw0rm.com/exploits/3076 || url,doc.emergingthreats.net/2005871
1 || 2005872 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Web Content Management System SQL Injection Attempt -- page.php id UNION SELECT || cve,CVE-2007-0093 || url,www.milw0rm.com/exploits/3076 || url,doc.emergingthreats.net/2005872
1 || 2005873 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Web Content Management System SQL Injection Attempt -- page.php id INSERT || cve,CVE-2007-0093 || url,www.milw0rm.com/exploits/3076 || url,doc.emergingthreats.net/2005873
1 || 2005874 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Web Content Management System SQL Injection Attempt -- page.php id DELETE || cve,CVE-2007-0093 || url,www.milw0rm.com/exploits/3076 || url,doc.emergingthreats.net/2005874
1 || 2005875 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Web Content Management System SQL Injection Attempt -- page.php id ASCII || cve,CVE-2007-0093 || url,www.milw0rm.com/exploits/3076 || url,doc.emergingthreats.net/2005875
1 || 2005876 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Web Content Management System SQL Injection Attempt -- page.php id UPDATE || cve,CVE-2007-0093 || url,www.milw0rm.com/exploits/3076 || url,doc.emergingthreats.net/2005876
1 || 2005877 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id SELECT || cve,CVE-2007-0092 || url,www.milw0rm.com/exploits/3074 || url,doc.emergingthreats.net/2005877
1 || 2005878 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id UNION SELECT || cve,CVE-2007-0092 || url,www.milw0rm.com/exploits/3074 || url,doc.emergingthreats.net/2005878
1 || 2005879 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id INSERT || cve,CVE-2007-0092 || url,www.milw0rm.com/exploits/3074 || url,doc.emergingthreats.net/2005879
1 || 2005880 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id DELETE || cve,CVE-2007-0092 || url,www.milw0rm.com/exploits/3074 || url,doc.emergingthreats.net/2005880
1 || 2005881 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id ASCII || cve,CVE-2007-0092 || url,www.milw0rm.com/exploits/3074 || url,doc.emergingthreats.net/2005881
1 || 2005882 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-SMARTCART SQL Injection Attempt -- productdetail.asp product_id UPDATE || cve,CVE-2007-0092 || url,www.milw0rm.com/exploits/3074 || url,doc.emergingthreats.net/2005882
1 || 2005883 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro SELECT || cve,CVE-2007-0053 || url,www.milw0rm.com/exploits/3062 || url,doc.emergingthreats.net/2005883
1 || 2005884 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro UNION SELECT || cve,CVE-2007-0053 || url,www.milw0rm.com/exploits/3062 || url,doc.emergingthreats.net/2005884
1 || 2005885 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro INSERT || cve,CVE-2007-0053 || url,www.milw0rm.com/exploits/3062 || url,doc.emergingthreats.net/2005885
1 || 2005886 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro DELETE || cve,CVE-2007-0053 || url,www.milw0rm.com/exploits/3062 || url,doc.emergingthreats.net/2005886
1 || 2005887 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro ASCII || cve,CVE-2007-0053 || url,www.milw0rm.com/exploits/3062 || url,doc.emergingthreats.net/2005887
1 || 2005888 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP SiteWare autoDealer SQL Injection Attempt -- detail.asp iPro UPDATE || cve,CVE-2007-0053 || url,www.milw0rm.com/exploits/3062 || url,doc.emergingthreats.net/2005888
1 || 2005889 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id SELECT || cve,CVE-2007-0052 || url,www.milw0rm.com/exploits/3061 || url,doc.emergingthreats.net/2005889
1 || 2005890 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id UNION SELECT || cve,CVE-2007-0052 || url,www.milw0rm.com/exploits/3061 || url,doc.emergingthreats.net/2005890
1 || 2005891 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id INSERT || cve,CVE-2007-0052 || url,www.milw0rm.com/exploits/3061 || url,doc.emergingthreats.net/2005891
1 || 2005892 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id DELETE || cve,CVE-2007-0052 || url,www.milw0rm.com/exploits/3061 || url,doc.emergingthreats.net/2005892
1 || 2005893 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id ASCII || cve,CVE-2007-0052 || url,www.milw0rm.com/exploits/3061 || url,doc.emergingthreats.net/2005893
1 || 2005894 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vizayn Haber SQL Injection Attempt -- haberdetay.asp id UPDATE || cve,CVE-2007-0052 || url,www.milw0rm.com/exploits/3061 || url,doc.emergingthreats.net/2005894
1 || 2005895 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum SELECT || cve,CVE-2006-6911 || url,www.milw0rm.com/exploits/3089 || url,doc.emergingthreats.net/2005895
1 || 2005896 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum UNION SELECT || cve,CVE-2006-6911 || url,www.milw0rm.com/exploits/3089 || url,doc.emergingthreats.net/2005896
1 || 2005897 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum INSERT || cve,CVE-2006-6911 || url,www.milw0rm.com/exploits/3089 || url,doc.emergingthreats.net/2005897
1 || 2005898 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum DELETE || cve,CVE-2006-6911 || url,www.milw0rm.com/exploits/3089 || url,doc.emergingthreats.net/2005898
1 || 2005899 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum ASCII || cve,CVE-2006-6911 || url,www.milw0rm.com/exploits/3089 || url,doc.emergingthreats.net/2005899
1 || 2005900 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Digitizing Quote And Ordering System SQL Injection Attempt -- search.asp ordernum UPDATE || cve,CVE-2006-6911 || url,www.milw0rm.com/exploits/3089 || url,doc.emergingthreats.net/2005900
1 || 2005901 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005901
1 || 2005902 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage UNION SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005902
1 || 2005903 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage INSERT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005903
1 || 2005904 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage DELETE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005904
1 || 2005905 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage ASCII || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005905
1 || 2005906 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newmessage UPDATE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005906
1 || 2005907 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005907
1 || 2005908 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname UNION SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005908
1 || 2005909 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname INSERT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005909
1 || 2005910 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname DELETE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005910
1 || 2005911 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname ASCII || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005911
1 || 2005912 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newname UPDATE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005912
1 || 2005913 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005913
1 || 2005914 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite UNION SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005914
1 || 2005915 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite INSERT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005915
1 || 2005916 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite DELETE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005916
1 || 2005917 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite ASCII || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005917
1 || 2005918 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newwebsite UPDATE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005918
1 || 2005919 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005919
1 || 2005920 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail UNION SELECT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005920
1 || 2005921 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail INSERT || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005921
1 || 2005922 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail DELETE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005922
1 || 2005923 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail ASCII || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005923
1 || 2005924 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Update SQL Injection Attempt -- guestadd.php newemail UPDATE || cve,CVE-2006-6880 || url,www.milw0rm.com/exploits/3017 || url,doc.emergingthreats.net/2005924
1 || 2005925 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did SELECT || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005925
1 || 2005926 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did UNION SELECT || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005926
1 || 2005927 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did INSERT || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005927
1 || 2005928 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did DELETE || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005928
1 || 2005929 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did ASCII || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005929
1 || 2005930 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php did UPDATE || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005930
1 || 2005931 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid SELECT || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005931
1 || 2005932 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid UNION SELECT || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005932
1 || 2005933 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid INSERT || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005933
1 || 2005934 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid DELETE || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005934
1 || 2005935 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid ASCII || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005935
1 || 2005936 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia SQL Injection Attempt -- mod.php cid UPDATE || cve,CVE-2006-6873 || url,www.milw0rm.com/exploits/3004 || url,doc.emergingthreats.net/2005936
1 || 2005937 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate SELECT || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005937
1 || 2005938 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate UNION SELECT || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005938
1 || 2005939 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate INSERT || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005939
1 || 2005940 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate DELETE || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005940
1 || 2005941 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate ASCII || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005941
1 || 2005942 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate UPDATE || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005942
1 || 2005943 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp SELECT || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005943
1 || 2005944 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp UNION SELECT || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005944
1 || 2005945 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp INSERT || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005945
1 || 2005946 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp DELETE || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005946
1 || 2005947 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp ASCII || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005947
1 || 2005948 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp UPDATE || cve,CVE-2006-6861 || url,www.securityfocus.com/bid/21822 || url,doc.emergingthreats.net/2005948
1 || 2005949 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key SELECT || cve,CVE-2006-6859 || url,www.securityfocus.com/bid/21824 || url,doc.emergingthreats.net/2005949
1 || 2005950 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key UNION SELECT || cve,CVE-2006-6859 || url,www.securityfocus.com/bid/21824 || url,doc.emergingthreats.net/2005950
1 || 2005951 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key INSERT || cve,CVE-2006-6859 || url,www.securityfocus.com/bid/21824 || url,doc.emergingthreats.net/2005951
1 || 2005952 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key DELETE || cve,CVE-2006-6859 || url,www.securityfocus.com/bid/21824 || url,doc.emergingthreats.net/2005952
1 || 2005953 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key ASCII || cve,CVE-2006-6859 || url,www.securityfocus.com/bid/21824 || url,doc.emergingthreats.net/2005953
1 || 2005954 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key UPDATE || cve,CVE-2006-6859 || url,www.securityfocus.com/bid/21824 || url,doc.emergingthreats.net/2005954
1 || 2005955 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num SELECT || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005955
1 || 2005956 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num UNION SELECT || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005956
1 || 2005957 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num INSERT || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005957
1 || 2005958 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num DELETE || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005958
1 || 2005959 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num ASCII || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005959
1 || 2005960 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num UPDATE || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005960
1 || 2005961 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode SELECT || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005961
1 || 2005962 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode UNION SELECT || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005962
1 || 2005963 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode INSERT || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005963
1 || 2005964 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode DELETE || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005964
1 || 2005965 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode ASCII || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005965
1 || 2005966 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode UPDATE || cve,CVE-2006-6846 || url,www.milw0rm.com/exploits/3032 || url,doc.emergingthreats.net/2005966
1 || 2005967 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id SELECT || cve,CVE-2006-6842 || url,www.milw0rm.com/exploits/3033 || url,doc.emergingthreats.net/2005967
1 || 2005968 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id UNION SELECT || cve,CVE-2006-6842 || url,www.milw0rm.com/exploits/3033 || url,doc.emergingthreats.net/2005968
1 || 2005969 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id INSERT || cve,CVE-2006-6842 || url,www.milw0rm.com/exploits/3033 || url,doc.emergingthreats.net/2005969
1 || 2005970 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id DELETE || cve,CVE-2006-6842 || url,www.milw0rm.com/exploits/3033 || url,doc.emergingthreats.net/2005970
1 || 2005971 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id ASCII || cve,CVE-2006-6842 || url,www.milw0rm.com/exploits/3033 || url,doc.emergingthreats.net/2005971
1 || 2005972 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id UPDATE || cve,CVE-2006-6842 || url,www.milw0rm.com/exploits/3033 || url,doc.emergingthreats.net/2005972
1 || 2005973 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w SELECT || cve,CVE-2006-6835 || url,www.securityfocus.com/archive/1/archive/1/455495/100/0/threaded || url,doc.emergingthreats.net/2005973
1 || 2005974 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w UNION SELECT || cve,CVE-2006-6835 || url,www.securityfocus.com/archive/1/archive/1/455495/100/0/threaded || url,doc.emergingthreats.net/2005974
1 || 2005975 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w INSERT || cve,CVE-2006-6835 || url,www.securityfocus.com/archive/1/archive/1/455495/100/0/threaded || url,doc.emergingthreats.net/2005975
1 || 2005976 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w DELETE || cve,CVE-2006-6835 || url,www.securityfocus.com/archive/1/archive/1/455495/100/0/threaded || url,doc.emergingthreats.net/2005976
1 || 2005977 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w ASCII || cve,CVE-2006-6835 || url,www.securityfocus.com/archive/1/archive/1/455495/100/0/threaded || url,doc.emergingthreats.net/2005977
1 || 2005978 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- journal.php w UPDATE || cve,CVE-2006-6835 || url,www.securityfocus.com/archive/1/archive/1/455495/100/0/threaded || url,doc.emergingthreats.net/2005978
1 || 2005979 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS aFAQ SQL Injection Attempt -- faqDsp.asp catcode SELECT || cve,CVE-2006-6831 || url,www.milw0rm.com/exploits/3031 || url,doc.emergingthreats.net/2005979
1 || 2005980 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS aFAQ SQL Injection Attempt -- faqDsp.asp catcode UNION SELECT || cve,CVE-2006-6831 || url,www.milw0rm.com/exploits/3031 || url,doc.emergingthreats.net/2005980
1 || 2005981 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS aFAQ SQL Injection Attempt -- faqDsp.asp catcode INSERT || cve,CVE-2006-6831 || url,www.milw0rm.com/exploits/3031 || url,doc.emergingthreats.net/2005981
1 || 2005982 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS aFAQ SQL Injection Attempt -- faqDsp.asp catcode DELETE || cve,CVE-2006-6831 || url,www.milw0rm.com/exploits/3031 || url,doc.emergingthreats.net/2005982
1 || 2005983 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS aFAQ SQL Injection Attempt -- faqDsp.asp catcode ASCII || cve,CVE-2006-6831 || url,www.milw0rm.com/exploits/3031 || url,doc.emergingthreats.net/2005983
1 || 2005984 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS aFAQ SQL Injection Attempt -- faqDsp.asp catcode UPDATE || cve,CVE-2006-6831 || url,www.milw0rm.com/exploits/3031 || url,doc.emergingthreats.net/2005984
1 || 2005985 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp grup SELECT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005985
1 || 2005986 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp grup UNION SELECT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005986
1 || 2005987 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp grup INSERT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005987
1 || 2005988 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp grup DELETE || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005988
1 || 2005989 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp grup ASCII || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005989
1 || 2005990 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp grup UPDATE || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005990
1 || 2005991 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp id SELECT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005991
1 || 2005992 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp id UNION SELECT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005992
1 || 2005993 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp id INSERT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005993
1 || 2005994 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp id DELETE || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005994
1 || 2005995 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp id ASCII || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005995
1 || 2005996 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp id UPDATE || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005996
1 || 2005997 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp id SELECT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005997
1 || 2005998 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp id UNION SELECT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005998
1 || 2005999 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp id INSERT || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2005999
1 || 2006000 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp id DELETE || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2006000
1 || 2006001 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp id ASCII || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2006001
1 || 2006002 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- admin.asp id UPDATE || cve,CVE-2006-6828 || url,www.frsirt.com/english/advisories/2006/5150 || url,doc.emergingthreats.net/2006002
1 || 2006003 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php lastname SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006003
1 || 2006004 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php lastname UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006004
1 || 2006005 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php lastname INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006005
1 || 2006006 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php lastname DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006006
1 || 2006007 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php lastname ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006007
1 || 2006008 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php lastname UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006008
1 || 2006009 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php firstname SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006009
1 || 2006010 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php firstname UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006010
1 || 2006011 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php firstname INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006011
1 || 2006012 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php firstname DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006012
1 || 2006013 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php firstname ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006013
1 || 2006014 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php firstname UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006014
1 || 2006015 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordOld SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006015
1 || 2006016 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordOld UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006016
1 || 2006017 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordOld INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006017
1 || 2006018 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordOld DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006018
1 || 2006019 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordOld ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006019
1 || 2006020 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordOld UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006020
1 || 2006021 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordNew SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006021
1 || 2006022 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordNew UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006022
1 || 2006023 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordNew INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006023
1 || 2006024 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordNew DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006024
1 || 2006025 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordNew ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006025
1 || 2006026 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php passwordNew UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006026
1 || 2006027 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php id SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006027
1 || 2006028 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php id UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006028
1 || 2006029 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php id INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006029
1 || 2006030 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php id DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006030
1 || 2006031 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php id ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006031
1 || 2006032 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php id UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006032
1 || 2006033 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php language SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006033
1 || 2006034 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php language UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006034
1 || 2006035 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php language INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006035
1 || 2006036 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php language DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006036
1 || 2006037 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php language ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006037
1 || 2006038 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php language UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006038
1 || 2006039 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php defaultLetter SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006039
1 || 2006040 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php defaultLetter UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006040
1 || 2006041 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php defaultLetter INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006041
1 || 2006042 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php defaultLetter DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006042
1 || 2006043 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php defaultLetter ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006043
1 || 2006044 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php defaultLetter UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006044
1 || 2006045 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserPass SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006045
1 || 2006046 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserPass UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006046
1 || 2006047 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserPass INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006047
1 || 2006048 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserPass DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006048
1 || 2006049 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserPass ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006049
1 || 2006050 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserPass UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006050
1 || 2006051 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserType SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006051
1 || 2006052 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserType UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006052
1 || 2006053 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserType INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006053
1 || 2006054 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserType DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006054
1 || 2006055 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserType ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006055
1 || 2006056 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserType UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006056
1 || 2006057 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserEmail SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006057
1 || 2006058 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserEmail UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006058
1 || 2006059 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserEmail INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006059
1 || 2006060 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserEmail DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006060
1 || 2006061 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserEmail ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006061
1 || 2006062 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- user.php newuserEmail UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006062
1 || 2006063 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php goTo SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006063
1 || 2006064 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php goTo UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006064
1 || 2006065 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php goTo INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006065
1 || 2006066 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php goTo DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006066
1 || 2006067 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php goTo ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006067
1 || 2006068 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php goTo UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006068
1 || 2006069 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php search SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006069
1 || 2006070 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php search UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006070
1 || 2006071 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php search INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006071
1 || 2006072 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php search DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006072
1 || 2006073 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php search ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006073
1 || 2006074 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- search.php search UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006074
1 || 2006075 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- save.php groupAddName SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006075
1 || 2006076 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- save.php groupAddName UNION SELECT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006076
1 || 2006077 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- save.php groupAddName INSERT || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006077
1 || 2006078 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- save.php groupAddName DELETE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006078
1 || 2006079 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- save.php groupAddName ASCII || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006079
1 || 2006080 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Address Book SQL Injection Attempt -- save.php groupAddName UPDATE || cve,CVE-2006-4575 || url,www.securityfocus.com/bid/21870 || url,doc.emergingthreats.net/2006080
1 || 2006081 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006081
1 || 2006082 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006082
1 || 2006083 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006083
1 || 2006084 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006084
1 || 2006085 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006085
1 || 2006086 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006086
1 || 2006087 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006087
1 || 2006088 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006088
1 || 2006089 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006089
1 || 2006090 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006090
1 || 2006091 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006091
1 || 2006092 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- send_password_preferences.asp UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006092
1 || 2006093 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- list.asp SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006093
1 || 2006094 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- list.asp UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006094
1 || 2006095 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- list.asp INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006095
1 || 2006096 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- list.asp DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006096
1 || 2006097 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- list.asp ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006097
1 || 2006098 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- list.asp UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006098
1 || 2006099 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006099
1 || 2006100 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006100
1 || 2006101 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006101
1 || 2006102 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006102
1 || 2006103 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006103
1 || 2006104 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- login.asp sent UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006104
1 || 2006105 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006105
1 || 2006106 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006106
1 || 2006107 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006107
1 || 2006108 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006108
1 || 2006109 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006109
1 || 2006110 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- content.asp sent UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006110
1 || 2006111 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006111
1 || 2006112 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006112
1 || 2006113 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006113
1 || 2006114 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006114
1 || 2006115 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006115
1 || 2006116 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- members.asp sent UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006116
1 || 2006117 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006117
1 || 2006118 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent UNION SELECT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006118
1 || 2006119 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent INSERT || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006119
1 || 2006120 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent DELETE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006120
1 || 2006121 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent ASCII || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006121
1 || 2006122 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- inc_secureloginmanager.asp sent UPDATE || cve,CVE-2006-6816 || url,www.securityfocus.com/bid/21788 || url,doc.emergingthreats.net/2006122
1 || 2006123 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID SELECT || cve,CVE-2006-6813 || url,www.milw0rm.com/exploits/2997 || url,doc.emergingthreats.net/2006123
1 || 2006124 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID UNION SELECT || cve,CVE-2006-6813 || url,www.milw0rm.com/exploits/2997 || url,doc.emergingthreats.net/2006124
1 || 2006125 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID INSERT || cve,CVE-2006-6813 || url,www.milw0rm.com/exploits/2997 || url,doc.emergingthreats.net/2006125
1 || 2006126 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID DELETE || cve,CVE-2006-6813 || url,www.milw0rm.com/exploits/2997 || url,doc.emergingthreats.net/2006126
1 || 2006127 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID ASCII || cve,CVE-2006-6813 || url,www.milw0rm.com/exploits/2997 || url,doc.emergingthreats.net/2006127
1 || 2006128 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mxmania File Upload Manager (FUM) SQL Injection Attempt -- detail.asp ID UPDATE || cve,CVE-2006-6813 || url,www.milw0rm.com/exploits/2997 || url,doc.emergingthreats.net/2006128
1 || 2006129 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent SELECT || cve,CVE-2006-6807 || url,www.milw0rm.com/exploits/3001 || url,doc.emergingthreats.net/2006129
1 || 2006130 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent UNION SELECT || cve,CVE-2006-6807 || url,www.milw0rm.com/exploits/3001 || url,doc.emergingthreats.net/2006130
1 || 2006131 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent INSERT || cve,CVE-2006-6807 || url,www.milw0rm.com/exploits/3001 || url,doc.emergingthreats.net/2006131
1 || 2006132 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent DELETE || cve,CVE-2006-6807 || url,www.milw0rm.com/exploits/3001 || url,doc.emergingthreats.net/2006132
1 || 2006133 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent ASCII || cve,CVE-2006-6807 || url,www.milw0rm.com/exploits/3001 || url,doc.emergingthreats.net/2006133
1 || 2006134 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softwebs Nepal Ananda Real Estate SQL Injection Attempt -- list.asp agent UPDATE || cve,CVE-2006-6807 || url,www.milw0rm.com/exploits/3001 || url,doc.emergingthreats.net/2006134
1 || 2006135 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID SELECT || cve,CVE-2006-6806 || url,www.milw0rm.com/exploits/2990 || url,doc.emergingthreats.net/2006135
1 || 2006136 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID UNION SELECT || cve,CVE-2006-6806 || url,www.milw0rm.com/exploits/2990 || url,doc.emergingthreats.net/2006136
1 || 2006137 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID INSERT || cve,CVE-2006-6806 || url,www.milw0rm.com/exploits/2990 || url,doc.emergingthreats.net/2006137
1 || 2006138 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID DELETE || cve,CVE-2006-6806 || url,www.milw0rm.com/exploits/2990 || url,doc.emergingthreats.net/2006138
1 || 2006139 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID ASCII || cve,CVE-2006-6806 || url,www.milw0rm.com/exploits/2990 || url,doc.emergingthreats.net/2006139
1 || 2006140 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID UPDATE || cve,CVE-2006-6806 || url,www.milw0rm.com/exploits/2990 || url,doc.emergingthreats.net/2006140
1 || 2006141 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID SELECT || cve,CVE-2006-6804 || url,www.milw0rm.com/exploits/2992 || url,doc.emergingthreats.net/2006141
1 || 2006142 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID UNION SELECT || cve,CVE-2006-6804 || url,www.milw0rm.com/exploits/2992 || url,doc.emergingthreats.net/2006142
1 || 2006143 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID INSERT || cve,CVE-2006-6804 || url,www.milw0rm.com/exploits/2992 || url,doc.emergingthreats.net/2006143
1 || 2006144 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID DELETE || cve,CVE-2006-6804 || url,www.milw0rm.com/exploits/2992 || url,doc.emergingthreats.net/2006144
1 || 2006145 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID ASCII || cve,CVE-2006-6804 || url,www.milw0rm.com/exploits/2992 || url,doc.emergingthreats.net/2006145
1 || 2006146 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragon Business Directory SQL Injection Attempt -- bus_details.asp ID UPDATE || cve,CVE-2006-6804 || url,www.milw0rm.com/exploits/2992 || url,doc.emergingthreats.net/2006146
1 || 2006147 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id SELECT || cve,CVE-2006-6803 || url,www.milw0rm.com/exploits/2989 || url,doc.emergingthreats.net/2006147
1 || 2006148 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id UNION SELECT || cve,CVE-2006-6803 || url,www.milw0rm.com/exploits/2989 || url,doc.emergingthreats.net/2006148
1 || 2006149 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id INSERT || cve,CVE-2006-6803 || url,www.milw0rm.com/exploits/2989 || url,doc.emergingthreats.net/2006149
1 || 2006150 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id DELETE || cve,CVE-2006-6803 || url,www.milw0rm.com/exploits/2989 || url,doc.emergingthreats.net/2006150
1 || 2006151 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id ASCII || cve,CVE-2006-6803 || url,www.milw0rm.com/exploits/2989 || url,doc.emergingthreats.net/2006151
1 || 2006152 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eCars SQL Injection Attempt -- Types.asp Type_id UPDATE || cve,CVE-2006-6803 || url,www.milw0rm.com/exploits/2989 || url,doc.emergingthreats.net/2006152
1 || 2006153 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID SELECT || cve,CVE-2006-6802 || url,www.milw0rm.com/exploits/2991 || url,doc.emergingthreats.net/2006153
1 || 2006154 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID UNION SELECT || cve,CVE-2006-6802 || url,www.milw0rm.com/exploits/2991 || url,doc.emergingthreats.net/2006154
1 || 2006155 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID INSERT || cve,CVE-2006-6802 || url,www.milw0rm.com/exploits/2991 || url,doc.emergingthreats.net/2006155
1 || 2006156 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID DELETE || cve,CVE-2006-6802 || url,www.milw0rm.com/exploits/2991 || url,doc.emergingthreats.net/2006156
1 || 2006157 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID ASCII || cve,CVE-2006-6802 || url,www.milw0rm.com/exploits/2991 || url,doc.emergingthreats.net/2006157
1 || 2006158 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID UPDATE || cve,CVE-2006-6802 || url,www.milw0rm.com/exploits/2991 || url,doc.emergingthreats.net/2006158
1 || 2006159 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp grup SELECT || cve,CVE-2006-6794 || url,www.securityfocus.com/bid/21726 || url,doc.emergingthreats.net/2006159
1 || 2006160 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp grup UNION SELECT || cve,CVE-2006-6794 || url,www.securityfocus.com/bid/21726 || url,doc.emergingthreats.net/2006160
1 || 2006161 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp grup INSERT || cve,CVE-2006-6794 || url,www.securityfocus.com/bid/21726 || url,doc.emergingthreats.net/2006161
1 || 2006162 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp grup DELETE || cve,CVE-2006-6794 || url,www.securityfocus.com/bid/21726 || url,doc.emergingthreats.net/2006162
1 || 2006163 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp grup ASCII || cve,CVE-2006-6794 || url,www.securityfocus.com/bid/21726 || url,doc.emergingthreats.net/2006163
1 || 2006164 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Efkan Forum SQL Injection Attempt -- default.asp grup UPDATE || cve,CVE-2006-6794 || url,www.securityfocus.com/bid/21726 || url,doc.emergingthreats.net/2006164
1 || 2006165 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID SELECT || cve,CVE-2006-6792 || url,www.milw0rm.com/exploits/2993 || url,doc.emergingthreats.net/2006165
1 || 2006166 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID UNION SELECT || cve,CVE-2006-6792 || url,www.milw0rm.com/exploits/2993 || url,doc.emergingthreats.net/2006166
1 || 2006167 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID INSERT || cve,CVE-2006-6792 || url,www.milw0rm.com/exploits/2993 || url,doc.emergingthreats.net/2006167
1 || 2006168 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID DELETE || cve,CVE-2006-6792 || url,www.milw0rm.com/exploits/2993 || url,doc.emergingthreats.net/2006168
1 || 2006169 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID ASCII || cve,CVE-2006-6792 || url,www.milw0rm.com/exploits/2993 || url,doc.emergingthreats.net/2006169
1 || 2006170 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Calendar MX BASIC SQL Injection Attempt -- calendar_detail.asp ID UPDATE || cve,CVE-2006-6792 || url,www.milw0rm.com/exploits/2993 || url,doc.emergingthreats.net/2006170
1 || 2006171 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtUse SELECT || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006171
1 || 2006172 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtUse UNION SELECT || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006172
1 || 2006173 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtUse INSERT || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006173
1 || 2006174 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtUse DELETE || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006174
1 || 2006175 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtUse ASCII || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006175
1 || 2006176 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtUse UPDATE || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006176
1 || 2006177 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtPas SELECT || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006177
1 || 2006178 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtPas UNION SELECT || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006178
1 || 2006179 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtPas INSERT || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006179
1 || 2006180 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtPas DELETE || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006180
1 || 2006181 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtPas ASCII || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006181
1 || 2006182 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS chatwm SQL Injection Attempt -- SelGruFra.asp txtPas UPDATE || cve,CVE-2006-6791 || url,www.securityfocus.com/bid/21732 || url,doc.emergingthreats.net/2006182
1 || 2006183 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID SELECT || cve,CVE-2006-6787 || url,www.milw0rm.com/exploits/2998 || url,doc.emergingthreats.net/2006183
1 || 2006184 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID UNION SELECT || cve,CVE-2006-6787 || url,www.milw0rm.com/exploits/2998 || url,doc.emergingthreats.net/2006184
1 || 2006185 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID INSERT || cve,CVE-2006-6787 || url,www.milw0rm.com/exploits/2998 || url,doc.emergingthreats.net/2006185
1 || 2006186 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID DELETE || cve,CVE-2006-6787 || url,www.milw0rm.com/exploits/2998 || url,doc.emergingthreats.net/2006186
1 || 2006187 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID ASCII || cve,CVE-2006-6787 || url,www.milw0rm.com/exploits/2998 || url,doc.emergingthreats.net/2006187
1 || 2006188 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Newsletter MX SQL Injection Attempt -- admin_mail_adressee.asp ID UPDATE || cve,CVE-2006-6787 || url,www.milw0rm.com/exploits/2998 || url,doc.emergingthreats.net/2006188
1 || 2006189 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId SELECT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006189
1 || 2006190 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId UNION SELECT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006190
1 || 2006191 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId INSERT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006191
1 || 2006192 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId DELETE || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006192
1 || 2006193 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId ASCII || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006193
1 || 2006194 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm newsId UPDATE || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006194
1 || 2006195 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm categoryid SELECT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006195
1 || 2006196 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm categoryid UNION SELECT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006196
1 || 2006197 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm categoryid INSERT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006197
1 || 2006198 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm categoryid DELETE || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006198
1 || 2006199 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm categoryid ASCII || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006199
1 || 2006200 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm categoryid UPDATE || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006200
1 || 2006201 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm langId SELECT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006201
1 || 2006202 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm langId UNION SELECT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006202
1 || 2006203 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm langId INSERT || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006203
1 || 2006204 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm langId DELETE || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006204
1 || 2006205 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm langId ASCII || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006205
1 || 2006206 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Future Internet SQL Injection Attempt -- index.cfm langId UPDATE || cve,CVE-2006-6776 || url,www.securityfocus.com/bid/21727 || url,doc.emergingthreats.net/2006206
1 || 2006207 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id SELECT || cve,CVE-2006-6754 || url,www.securityfocus.com/bid/21710 || url,doc.emergingthreats.net/2006207
1 || 2006208 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id UNION SELECT || cve,CVE-2006-6754 || url,www.securityfocus.com/bid/21710 || url,doc.emergingthreats.net/2006208
1 || 2006209 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id INSERT || cve,CVE-2006-6754 || url,www.securityfocus.com/bid/21710 || url,doc.emergingthreats.net/2006209
1 || 2006210 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id DELETE || cve,CVE-2006-6754 || url,www.securityfocus.com/bid/21710 || url,doc.emergingthreats.net/2006210
1 || 2006211 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id ASCII || cve,CVE-2006-6754 || url,www.securityfocus.com/bid/21710 || url,doc.emergingthreats.net/2006211
1 || 2006212 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ixprim SQL Injection Attempt -- ixm_ixpnews.php story_id UPDATE || cve,CVE-2006-6754 || url,www.securityfocus.com/bid/21710 || url,doc.emergingthreats.net/2006212
1 || 2006213 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xt-News SQL Injection Attempt -- show_news.php id_news SELECT || cve,CVE-2006-6747 || url,www.securityfocus.com/bid/21719 || url,doc.emergingthreats.net/2006213
1 || 2006214 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xt-News SQL Injection Attempt -- show_news.php id_news UNION SELECT || cve,CVE-2006-6747 || url,www.securityfocus.com/bid/21719 || url,doc.emergingthreats.net/2006214
1 || 2006215 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xt-News SQL Injection Attempt -- show_news.php id_news INSERT || cve,CVE-2006-6747 || url,www.securityfocus.com/bid/21719 || url,doc.emergingthreats.net/2006215
1 || 2006216 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xt-News SQL Injection Attempt -- show_news.php id_news DELETE || cve,CVE-2006-6747 || url,www.securityfocus.com/bid/21719 || url,doc.emergingthreats.net/2006216
1 || 2006217 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xt-News SQL Injection Attempt -- show_news.php id_news ASCII || cve,CVE-2006-6747 || url,www.securityfocus.com/bid/21719 || url,doc.emergingthreats.net/2006217
1 || 2006218 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xt-News SQL Injection Attempt -- show_news.php id_news UPDATE || cve,CVE-2006-6747 || url,www.securityfocus.com/bid/21719 || url,doc.emergingthreats.net/2006218
1 || 2006219 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user SELECT || cve,CVE-2006-6716 || url,www.milw0rm.com/exploits/2945 || url,doc.emergingthreats.net/2006219
1 || 2006220 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user UNION SELECT || cve,CVE-2006-6716 || url,www.milw0rm.com/exploits/2945 || url,doc.emergingthreats.net/2006220
1 || 2006221 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user INSERT || cve,CVE-2006-6716 || url,www.milw0rm.com/exploits/2945 || url,doc.emergingthreats.net/2006221
1 || 2006222 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user DELETE || cve,CVE-2006-6716 || url,www.milw0rm.com/exploits/2945 || url,doc.emergingthreats.net/2006222
1 || 2006223 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user ASCII || cve,CVE-2006-6716 || url,www.milw0rm.com/exploits/2945 || url,doc.emergingthreats.net/2006223
1 || 2006224 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eric GUILLAUME uploader&downloader SQL Injection Attempt -- administre2.php id_user UPDATE || cve,CVE-2006-6716 || url,www.milw0rm.com/exploits/2945 || url,doc.emergingthreats.net/2006224
1 || 2006225 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006225
1 || 2006226 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p UNION SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006226
1 || 2006227 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p INSERT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006227
1 || 2006228 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p DELETE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006228
1 || 2006229 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p ASCII || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006229
1 || 2006230 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- detail.asp p UPDATE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006230
1 || 2006231 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006231
1 || 2006232 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l UNION SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006232
1 || 2006233 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l INSERT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006233
1 || 2006234 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l DELETE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006234
1 || 2006235 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l ASCII || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006235
1 || 2006236 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp l UPDATE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006236
1 || 2006237 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006237
1 || 2006238 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ UNION SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006238
1 || 2006239 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ INSERT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006239
1 || 2006240 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ DELETE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006240
1 || 2006241 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ ASCII || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006241
1 || 2006242 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp typ UPDATE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006242
1 || 2006243 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006243
1 || 2006244 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc UNION SELECT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006244
1 || 2006245 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc INSERT || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006245
1 || 2006246 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc DELETE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006246
1 || 2006247 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc ASCII || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006247
1 || 2006248 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MGinternet Property Site Manager SQL Injection Attempt -- listings.asp loc UPDATE || cve,CVE-2006-6709 || url,www.securityfocus.com/bid/21073 || url,doc.emergingthreats.net/2006248
1 || 2006249 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006249
1 || 2006250 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid UNION SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006250
1 || 2006251 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid INSERT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006251
1 || 2006252 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid DELETE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006252
1 || 2006253 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid ASCII || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006253
1 || 2006254 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP kid UPDATE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006254
1 || 2006255 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006255
1 || 2006256 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id UNION SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006256
1 || 2006257 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id INSERT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006257
1 || 2006258 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id DELETE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006258
1 || 2006259 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id ASCII || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006259
1 || 2006260 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- HABERLER.ASP id UPDATE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006260
1 || 2006261 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006261
1 || 2006262 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id UNION SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006262
1 || 2006263 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id INSERT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006263
1 || 2006264 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id DELETE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006264
1 || 2006265 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id ASCII || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006265
1 || 2006266 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP id UPDATE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006266
1 || 2006267 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006267
1 || 2006268 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid UNION SELECT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006268
1 || 2006269 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid INSERT || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006269
1 || 2006270 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid DELETE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006270
1 || 2006271 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid ASCII || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006271
1 || 2006272 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- ASPKAT.ASP kid UPDATE || cve,CVE-2006-6672 || url,www.frsirt.com/english/advisories/2006/5085 || url,doc.emergingthreats.net/2006272
1 || 2006273 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id SELECT || cve,CVE-2006-6671 || url,www.securityfocus.com/bid/21676 || url,doc.emergingthreats.net/2006273
1 || 2006274 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id UNION SELECT || cve,CVE-2006-6671 || url,www.securityfocus.com/bid/21676 || url,doc.emergingthreats.net/2006274
1 || 2006275 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id INSERT || cve,CVE-2006-6671 || url,www.securityfocus.com/bid/21676 || url,doc.emergingthreats.net/2006275
1 || 2006276 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id DELETE || cve,CVE-2006-6671 || url,www.securityfocus.com/bid/21676 || url,doc.emergingthreats.net/2006276
1 || 2006277 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id ASCII || cve,CVE-2006-6671 || url,www.securityfocus.com/bid/21676 || url,doc.emergingthreats.net/2006277
1 || 2006278 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Burak Yylmaz Download Portal SQL Injection Attempt -- down.asp id UPDATE || cve,CVE-2006-6671 || url,www.securityfocus.com/bid/21676 || url,doc.emergingthreats.net/2006278
1 || 2006279 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006279
1 || 2006280 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod UNION SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006280
1 || 2006281 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod INSERT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006281
1 || 2006282 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod DELETE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006282
1 || 2006283 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod ASCII || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006283
1 || 2006284 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick_mod UPDATE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006284
1 || 2006285 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006285
1 || 2006286 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick UNION SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006286
1 || 2006287 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick INSERT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006287
1 || 2006288 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick DELETE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006288
1 || 2006289 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick ASCII || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006289
1 || 2006290 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- repass.php nick UPDATE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006290
1 || 2006291 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006291
1 || 2006292 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick UNION SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006292
1 || 2006293 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick INSERT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006293
1 || 2006294 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick DELETE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006294
1 || 2006295 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick ASCII || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006295
1 || 2006296 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick UPDATE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006296
1 || 2006297 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006297
1 || 2006298 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod UNION SELECT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006298
1 || 2006299 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod INSERT || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006299
1 || 2006300 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod DELETE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006300
1 || 2006301 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod ASCII || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006301
1 || 2006302 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VerliAdmin SQL Injection Attempt -- verify.php nick_mod UPDATE || cve,CVE-2006-6667 || url,www.frsirt.com/english/advisories/2006/5059 || url,doc.emergingthreats.net/2006302
1 || 2006303 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contra Haber Sistemi SQL Injection Attempt -- haber.asp id SELECT || cve,CVE-2006-6642 || url,www.securityfocus.com/bid/21626 || url,doc.emergingthreats.net/2006303
1 || 2006304 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contra Haber Sistemi SQL Injection Attempt -- haber.asp id UNION SELECT || cve,CVE-2006-6642 || url,www.securityfocus.com/bid/21626 || url,doc.emergingthreats.net/2006304
1 || 2006305 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contra Haber Sistemi SQL Injection Attempt -- haber.asp id INSERT || cve,CVE-2006-6642 || url,www.securityfocus.com/bid/21626 || url,doc.emergingthreats.net/2006305
1 || 2006306 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contra Haber Sistemi SQL Injection Attempt -- haber.asp id DELETE || cve,CVE-2006-6642 || url,www.securityfocus.com/bid/21626 || url,doc.emergingthreats.net/2006306
1 || 2006307 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contra Haber Sistemi SQL Injection Attempt -- haber.asp id ASCII || cve,CVE-2006-6642 || url,www.securityfocus.com/bid/21626 || url,doc.emergingthreats.net/2006307
1 || 2006308 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contra Haber Sistemi SQL Injection Attempt -- haber.asp id UPDATE || cve,CVE-2006-6642 || url,www.securityfocus.com/bid/21626 || url,doc.emergingthreats.net/2006308
1 || 2006309 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid SELECT || cve,CVE-2006-6594 || url,www.secunia.com/advisories/23372 || url,doc.emergingthreats.net/2006309
1 || 2006310 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid UNION SELECT || cve,CVE-2006-6594 || url,www.secunia.com/advisories/23372 || url,doc.emergingthreats.net/2006310
1 || 2006311 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid INSERT || cve,CVE-2006-6594 || url,www.secunia.com/advisories/23372 || url,doc.emergingthreats.net/2006311
1 || 2006312 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid DELETE || cve,CVE-2006-6594 || url,www.secunia.com/advisories/23372 || url,doc.emergingthreats.net/2006312
1 || 2006313 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid ASCII || cve,CVE-2006-6594 || url,www.secunia.com/advisories/23372 || url,doc.emergingthreats.net/2006313
1 || 2006314 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptMate User Manager SQL Injection Attempt -- usermessages.asp mesid UPDATE || cve,CVE-2006-6594 || url,www.secunia.com/advisories/23372 || url,doc.emergingthreats.net/2006314
1 || 2006315 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id SELECT || cve,CVE-2006-6577 || url,www.securityfocus.com/bid/21366 || url,doc.emergingthreats.net/2006315
1 || 2006316 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id UNION SELECT || cve,CVE-2006-6577 || url,www.securityfocus.com/bid/21366 || url,doc.emergingthreats.net/2006316
1 || 2006317 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id INSERT || cve,CVE-2006-6577 || url,www.securityfocus.com/bid/21366 || url,doc.emergingthreats.net/2006317
1 || 2006318 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id DELETE || cve,CVE-2006-6577 || url,www.securityfocus.com/bid/21366 || url,doc.emergingthreats.net/2006318
1 || 2006319 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id ASCII || cve,CVE-2006-6577 || url,www.securityfocus.com/bid/21366 || url,doc.emergingthreats.net/2006319
1 || 2006320 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- polls.php id UPDATE || cve,CVE-2006-6577 || url,www.securityfocus.com/bid/21366 || url,doc.emergingthreats.net/2006320
1 || 2006321 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID SELECT || cve,CVE-2006-6559 || url,www.exploit-db.com/exploits/2908/ || url,doc.emergingthreats.net/2006321
1 || 2006322 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID UNION SELECT || cve,CVE-2006-6559 || url,www.exploit-db.com/exploits/2908/ || url,doc.emergingthreats.net/2006322
1 || 2006323 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID INSERT || cve,CVE-2006-6559 || url,www.exploit-db.com/exploits/2908/ || url,doc.emergingthreats.net/2006323
1 || 2006324 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID DELETE || cve,CVE-2006-6559 || url,www.exploit-db.com/exploits/2908/ || url,doc.emergingthreats.net/2006324
1 || 2006325 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID ASCII || cve,CVE-2006-6559 || url,www.exploit-db.com/exploits/2908/ || url,doc.emergingthreats.net/2006325
1 || 2006326 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lotfian Request For Travel SQL Injection Attempt -- ProductDetails.asp PID UPDATE || cve,CVE-2006-6559 || url,www.exploit-db.com/exploits/2908/ || url,doc.emergingthreats.net/2006326
1 || 2006327 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id SELECT || cve,CVE-2006-6542 || url,www.milw0rm.com/exploits/2906 || url,doc.emergingthreats.net/2006327
1 || 2006328 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id UNION SELECT || cve,CVE-2006-6542 || url,www.milw0rm.com/exploits/2906 || url,doc.emergingthreats.net/2006328
1 || 2006329 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id INSERT || cve,CVE-2006-6542 || url,www.milw0rm.com/exploits/2906 || url,doc.emergingthreats.net/2006329
1 || 2006330 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id DELETE || cve,CVE-2006-6542 || url,www.milw0rm.com/exploits/2906 || url,doc.emergingthreats.net/2006330
1 || 2006331 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id ASCII || cve,CVE-2006-6542 || url,www.milw0rm.com/exploits/2906 || url,doc.emergingthreats.net/2006331
1 || 2006332 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fantastic News SQL Injection Attempt -- news.php id UPDATE || cve,CVE-2006-6542 || url,www.milw0rm.com/exploits/2906 || url,doc.emergingthreats.net/2006332
1 || 2006333 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bluetrait SQL Injection Attempt -- bt-trackback.php SELECT || cve,CVE-2006-6540 || url,www.secunia.com/advisories/23316 || url,doc.emergingthreats.net/2006333
1 || 2006334 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bluetrait SQL Injection Attempt -- bt-trackback.php UNION SELECT || cve,CVE-2006-6540 || url,www.secunia.com/advisories/23316 || url,doc.emergingthreats.net/2006334
1 || 2006335 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bluetrait SQL Injection Attempt -- bt-trackback.php INSERT || cve,CVE-2006-6540 || url,www.secunia.com/advisories/23316 || url,doc.emergingthreats.net/2006335
1 || 2006336 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bluetrait SQL Injection Attempt -- bt-trackback.php DELETE || cve,CVE-2006-6540 || url,www.secunia.com/advisories/23316 || url,doc.emergingthreats.net/2006336
1 || 2006337 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bluetrait SQL Injection Attempt -- bt-trackback.php ASCII || cve,CVE-2006-6540 || url,www.secunia.com/advisories/23316 || url,doc.emergingthreats.net/2006337
1 || 2006338 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bluetrait SQL Injection Attempt -- bt-trackback.php UPDATE || cve,CVE-2006-6540 || url,www.secunia.com/advisories/23316 || url,doc.emergingthreats.net/2006338
1 || 2006339 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp SELECT || cve,CVE-2006-6525 || url,www.secunia.com/advisories/23304 || url,doc.emergingthreats.net/2006339
1 || 2006340 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp UNION SELECT || cve,CVE-2006-6525 || url,www.secunia.com/advisories/23304 || url,doc.emergingthreats.net/2006340
1 || 2006341 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp INSERT || cve,CVE-2006-6525 || url,www.secunia.com/advisories/23304 || url,doc.emergingthreats.net/2006341
1 || 2006342 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp DELETE || cve,CVE-2006-6525 || url,www.secunia.com/advisories/23304 || url,doc.emergingthreats.net/2006342
1 || 2006343 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp ASCII || cve,CVE-2006-6525 || url,www.secunia.com/advisories/23304 || url,doc.emergingthreats.net/2006343
1 || 2006344 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EzHRS HR Assist SQL Injection Attempt -- vdateUsr.asp UPDATE || cve,CVE-2006-6525 || url,www.secunia.com/advisories/23304 || url,doc.emergingthreats.net/2006344
1 || 2006345 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa SELECT || cve,CVE-2006-6521 || url,www.securityfocus.com/bid/21513 || url,doc.emergingthreats.net/2006345
1 || 2006346 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa UNION SELECT || cve,CVE-2006-6521 || url,www.securityfocus.com/bid/21513 || url,doc.emergingthreats.net/2006346
1 || 2006347 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa INSERT || cve,CVE-2006-6521 || url,www.securityfocus.com/bid/21513 || url,doc.emergingthreats.net/2006347
1 || 2006348 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa DELETE || cve,CVE-2006-6521 || url,www.securityfocus.com/bid/21513 || url,doc.emergingthreats.net/2006348
1 || 2006349 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa ASCII || cve,CVE-2006-6521 || url,www.securityfocus.com/bid/21513 || url,doc.emergingthreats.net/2006349
1 || 2006350 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa UPDATE || cve,CVE-2006-6521 || url,www.securityfocus.com/bid/21513 || url,doc.emergingthreats.net/2006350
1 || 2006351 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa SELECT || cve,CVE-2006-6519 || url,www.securityfocus.com/bid/21516 || url,doc.emergingthreats.net/2006351
1 || 2006352 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa UNION SELECT || cve,CVE-2006-6519 || url,www.securityfocus.com/bid/21516 || url,doc.emergingthreats.net/2006352
1 || 2006353 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa INSERT || cve,CVE-2006-6519 || url,www.securityfocus.com/bid/21516 || url,doc.emergingthreats.net/2006353
1 || 2006354 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa DELETE || cve,CVE-2006-6519 || url,www.securityfocus.com/bid/21516 || url,doc.emergingthreats.net/2006354
1 || 2006355 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa ASCII || cve,CVE-2006-6519 || url,www.securityfocus.com/bid/21516 || url,doc.emergingthreats.net/2006355
1 || 2006356 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa UPDATE || cve,CVE-2006-6519 || url,www.securityfocus.com/bid/21516 || url,doc.emergingthreats.net/2006356
1 || 2006357 || 9 || trojan-activity || 0 || ET MALWARE User Agent (TEST) - Likely Webhancer Related Spyware || url,doc.emergingthreats.net/bin/view/Main/2006357
1 || 2006361 || 9 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (Huai_Huai) || md5,ee600bdcc45989750dee846b5049f935 || md5,91b9aa25563ae524d3ca4582630eb8eb || md5,1051f7176fe0a50414649d369e752e98
1 || 2006362 || 9 || trojan-activity || 0 || ET MALWARE Qcbar/Adultlinks Spyware User-Agent (IBSBand) || url,doc.emergingthreats.net/2006362
1 || 2006364 || 7 || trojan-activity || 0 || ET TROJAN Dialer-967 User-Agent || url,doc.emergingthreats.net/2006364
1 || 2006365 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (MYURL) || url,doc.emergingthreats.net/bin/view/Main/2006365
1 || 2006366 || 7 || trojan-activity || 0 || ET TROJAN Bot Backdoor Checkin/registration Request || url,doc.emergingthreats.net/2006366
1 || 2006367 || 7 || policy-violation || 0 || ET DELETED Metacafe.com family filter off || url,doc.emergingthreats.net/2006367
1 || 2006368 || 7 || policy-violation || 0 || ET DELETED Rapidshare download unauthd image post || url,en.wikipedia.org/wiki/RapidShare || url,doc.emergingthreats.net/2006368
1 || 2006369 || 6 || policy-violation || 0 || ET POLICY Rapidshare auth cookie download || url,en.wikipedia.org/wiki/RapidShare || url,doc.emergingthreats.net/2006369
1 || 2006370 || 9 || trojan-activity || 0 || ET MALWARE Effectivebrands.com Spyware User-Agent (atsu) || url,doc.emergingthreats.net/2006370
1 || 2006371 || 7 || trojan-activity || 0 || ET P2P BearShare P2P Gnutella Client User-Agent (BearShare 6.x.x.x) || url,doc.emergingthreats.net/bin/view/Main/2006371
1 || 2006372 || 7 || trojan-activity || 0 || ET P2P Bittorrent P2P Client User-Agent (Bittorrent/5.x.x) || url,doc.emergingthreats.net/bin/view/Main/2006372
1 || 2006375 || 5 || trojan-activity || 0 || ET P2P Bittorrent P2P Client HTTP Request  || url,doc.emergingthreats.net/bin/view/Main/2006375
1 || 2006377 || 6 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Agent.bwr || url,doc.emergingthreats.net/2006377
1 || 2006379 || 6 || trojan-activity || 0 || ET P2P BearShare P2P Gnutella Client HTTP Request  || url,doc.emergingthreats.net/bin/view/Main/2006379
1 || 2006380 || 12 || policy-violation || 0 || ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted || url,doc.emergingthreats.net/bin/view/Main/2006380
1 || 2006381 || 11 || trojan-activity || 0 || ET MALWARE Ask.com Toolbar/Spyware User-Agent (AskPBar) || url,doc.emergingthreats.net/2006381
1 || 2006382 || 9 || trojan-activity || 0 || ET TROJAN Matcash or related downloader User-Agent Detected || url,doc.emergingthreats.net/2006382
1 || 2006384 || 7 || trojan-activity || 0 || ET TROJAN Generic Password Stealer Checkin URL Detected || url,doc.emergingthreats.net/2006384
1 || 2006385 || 10 || trojan-activity || 0 || ET DELETED PWS-LDPinch posting data || url,doc.emergingthreats.net/2006385
1 || 2006386 || 9 || trojan-activity || 0 || ET MALWARE Deepdo.com Toolbar/Spyware User Agent (DeepdoUpdate) || url,doc.emergingthreats.net/2006386
1 || 2006387 || 8 || trojan-activity || 0 || ET TROJAN Downloader User-Agent Detected (Windows Updates Manager|3.12|...) || url,doc.emergingthreats.net/2006387
1 || 2006388 || 8 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (006) || url,doc.emergingthreats.net/bin/view/Main/2006388
1 || 2006391 || 5 || trojan-activity || 0 || ET TROJAN Poebot Related User Agent (SPM_ID=) || url,doc.emergingthreats.net/2006391
1 || 2006392 || 10 || trojan-activity || 0 || ET MALWARE Win-touch.com Spyware User-Agent (WTRecover) || url,doc.emergingthreats.net/2006392
1 || 2006393 || 10 || trojan-activity || 0 || ET MALWARE Win-touch.com Spyware User-Agent (WTInstaller) || url,doc.emergingthreats.net/2006393
1 || 2006394 || 7 || trojan-activity || 0 || ET TROJAN Downloader User-Agent Detected (ld) || url,doc.emergingthreats.net/2006394
1 || 2006395 || 5 || trojan-activity || 0 || ET TROJAN Socks666 Connection Initial Packet || url,doc.emergingthreats.net/2006396
1 || 2006396 || 5 || trojan-activity || 0 || ET TROJAN Socks666 Connect Command Packet || url,doc.emergingthreats.net/2006396
1 || 2006397 || 6 || trojan-activity || 0 || ET TROJAN Socks666 Successful Connect Packet Packet || url,doc.emergingthreats.net/2006396
1 || 2006398 || 6 || trojan-activity || 0 || ET TROJAN Socks666 Checkin Packet || url,doc.emergingthreats.net/2006396
1 || 2006399 || 5 || trojan-activity || 0 || ET TROJAN Socks666 Checkin Success Packet || url,doc.emergingthreats.net/2006396
1 || 2006400 || 6 || trojan-activity || 0 || ET TROJAN Downloader.26001 Url Pattern Detected || url,doc.emergingthreats.net/2006400
1 || 2006401 || 6 || trojan-activity || 0 || ET TROJAN Downloader.26001 Url Pattern Detected (lunch_id) || url,doc.emergingthreats.net/2006401
1 || 2006402 || 10 || policy-violation || 0 || ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted || url,doc.emergingthreats.net/bin/view/Main/2006402
1 || 2006403 || 6 || trojan-activity || 0 || ET TROJAN General Trojan Checkin by MAC chkmac.php
1 || 2006404 || 5 || trojan-activity || 0 || ET TROJAN DownLoader.30525 Checkin || url,doc.emergingthreats.net/bin/view/Main/2006404
1 || 2006405 || 4 || trojan-activity || 0 || ET TROJAN Proxy.Win32.Agent.mx || url,doc.emergingthreats.net/2006405
1 || 2006406 || 5 || trojan-activity || 0 || ET TROJAN Proxy.Win32.Agent.mx (2) || url,doc.emergingthreats.net/2006406
1 || 2006408 || 14 || policy-violation || 0 || ET POLICY HTTP Request on Unusual Port Possibly Hostile || url,doc.emergingthreats.net/2006408
1 || 2006409 || 10 || policy-violation || 0 || ET POLICY HTTP POST on unusual Port Possibly Hostile || url,doc.emergingthreats.net/2006409
1 || 2006410 || 6 || policy-violation || 0 || ET DELETED PHP Anonymizing/Evasion Proxy In Use || url,sourceforge.net/projects/php-proxy/ || url,doc.emergingthreats.net/2006410
1 || 2006411 || 9 || trojan-activity || 0 || ET TROJAN Storm Worm HTTP Request || url,doc.emergingthreats.net/2006411
1 || 2006413 || 8 || trojan-activity || 0 || ET MALWARE Mycashbank.co.kr Spyware User-Agent (pint_agency) || url,doc.emergingthreats.net/2006413
1 || 2006414 || 5 || trojan-activity || 0 || ET TROJAN Possible Warezov/Stration Data Post to Controller (pr2.cgi) || url,doc.emergingthreats.net/2006414
1 || 2006417 || 8 || policy-violation || 0 || ET ATTACK_RESPONSE Weak Netbios Lanman Auth Challenge Detected || url,doc.emergingthreats.net/bin/view/Main/2006417
1 || 2006418 || 8 || trojan-activity || 0 || ET USER_AGENTS Vaccineprogram.co.kr Related Spyware User-Agent (Museon) || url,doc.emergingthreats.net/2006418
1 || 2006419 || 8 || trojan-activity || 0 || ET MALWARE Vaccineprogram.co.kr Related Spyware User-Agent (anycleaner) || url,doc.emergingthreats.net/2006419
1 || 2006420 || 7 || trojan-activity || 0 || ET USER_AGENTS Vaccineprogram.co.kr Related Spyware User Agent (pcsafe) || url,doc.emergingthreats.net/2006420
1 || 2006421 || 8 || trojan-activity || 0 || ET MALWARE Doctorvaccine.co.kr Related Spyware User-Agent (DoctorVaccine) || url,doc.emergingthreats.net/2006421
1 || 2006422 || 8 || trojan-activity || 0 || ET MALWARE Platinumreward.co.kr Spyware User-Agent (WT_GET_COMM) || url,doc.emergingthreats.net/2006422
1 || 2006423 || 8 || trojan-activity || 0 || ET MALWARE Doctorpro.co.kr Related Spyware User-Agent (doctorpro1) || url,doc.emergingthreats.net/2006423
1 || 2006425 || 6 || trojan-activity || 0 || ET DELETED Doctorpro.co.kr Related Fake Anti-Spyware Install Checkin || url,doc.emergingthreats.net/bin/view/Main/2006425
1 || 2006426 || 6 || trojan-activity || 0 || ET DELETED Doctorpro.co.kr Related Fake Anti-Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2006426
1 || 2006427 || 6 || trojan-activity || 0 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Mac Check || url,doc.emergingthreats.net/bin/view/Main/2006427
1 || 2006428 || 6 || trojan-activity || 0 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin (open) || url,doc.emergingthreats.net/bin/view/Main/2006428
1 || 2006429 || 9 || trojan-activity || 0 || ET MALWARE Karine.co.kr Related Spyware User Agent (chk Profile) || url,doc.emergingthreats.net/2006429
1 || 2006430 || 9 || trojan-activity || 0 || ET MALWARE Karine.co.kr Related Spyware User-Agent (Access down) || url,doc.emergingthreats.net/2006430
1 || 2006431 || 6 || trojan-activity || 0 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post || url,doc.emergingthreats.net/bin/view/Main/2006431
1 || 2006432 || 6 || trojan-activity || 0 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Checkin (ret) || url,doc.emergingthreats.net/bin/view/Main/2006432
1 || 2006433 || 6 || trojan-activity || 0 || ET MALWARE Doctorpro.co.kr Related Fake Anti-Spyware Post (api_result) || url,doc.emergingthreats.net/bin/view/Main/2006433
1 || 2006434 || 8 || trojan-activity || 0 || ET POLICY Possible Ecard Trojan download || url,doc.emergingthreats.net/2006434
1 || 2006435 || 8 || misc-activity || 0 || ET SCAN LibSSH Based SSH Connection - Often used as a BruteForce Tool || url,doc.emergingthreats.net/2006435
1 || 2006441 || 7 || trojan-activity || 0 || ET TROJAN Zlob User Agent - updating (Winlogon) || url,doc.emergingthreats.net/2006441
1 || 2006443 || 10 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection Attempt DELETE FROM || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2006443
1 || 2006444 || 10 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection Attempt INSERT INTO || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2006444
1 || 2006445 || 10 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection Attempt SELECT FROM || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2006445
1 || 2006446 || 11 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection Attempt UNION SELECT || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2006446
1 || 2006447 || 12 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection Attempt UPDATE SET || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2006447
1 || 2006448 || 4 || trojan-activity || 0 || ET TROJAN Win32.Agent.ajx Trojan Reporting to Server || url,doc.emergingthreats.net/2006448
1 || 2006449 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Elxis CMS SQL Injection Attempt -- mod_banners.php SELECT || cve,CVE-2007-3250 || url,www.securityfocus.com/bid/24478 || url,doc.emergingthreats.net/2006449
1 || 2006450 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Elxis CMS SQL Injection Attempt -- mod_banners.php UNION SELECT || cve,CVE-2007-3250 || url,www.securityfocus.com/bid/24478 || url,doc.emergingthreats.net/2006450
1 || 2006451 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Elxis CMS SQL Injection Attempt -- mod_banners.php INSERT || cve,CVE-2007-3250 || url,www.securityfocus.com/bid/24478 || url,doc.emergingthreats.net/2006451
1 || 2006452 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Elxis CMS SQL Injection Attempt -- mod_banners.php DELETE || cve,CVE-2007-3250 || url,www.securityfocus.com/bid/24478 || url,doc.emergingthreats.net/2006452
1 || 2006453 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Elxis CMS SQL Injection Attempt -- mod_banners.php ASCII || cve,CVE-2007-3250 || url,www.securityfocus.com/bid/24478 || url,doc.emergingthreats.net/2006453
1 || 2006454 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Elxis CMS SQL Injection Attempt -- mod_banners.php UPDATE || cve,CVE-2007-3250 || url,www.securityfocus.com/bid/24478 || url,doc.emergingthreats.net/2006454
1 || 2006455 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page SELECT || cve,CVE-2007-3128 || url,www.osvdb.org/34164 || url,doc.emergingthreats.net/2006455
1 || 2006456 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page UNION SELECT || cve,CVE-2007-3128 || url,www.osvdb.org/34164 || url,doc.emergingthreats.net/2006456
1 || 2006457 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page INSERT || cve,CVE-2007-3128 || url,www.osvdb.org/34164 || url,doc.emergingthreats.net/2006457
1 || 2006458 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page DELETE || cve,CVE-2007-3128 || url,www.osvdb.org/34164 || url,doc.emergingthreats.net/2006458
1 || 2006459 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page ASCII || cve,CVE-2007-3128 || url,www.osvdb.org/34164 || url,doc.emergingthreats.net/2006459
1 || 2006460 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page UPDATE || cve,CVE-2007-3128 || url,www.osvdb.org/34164 || url,doc.emergingthreats.net/2006460
1 || 2006461 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm SELECT || cve,CVE-2007-3273 || url,www.securityfocus.com/bid/24498 || url,doc.emergingthreats.net/2006461
1 || 2006462 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm UNION SELECT || cve,CVE-2007-3273 || url,www.securityfocus.com/bid/24498 || url,doc.emergingthreats.net/2006462
1 || 2006463 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm INSERT || cve,CVE-2007-3273 || url,www.securityfocus.com/bid/24498 || url,doc.emergingthreats.net/2006463
1 || 2006464 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm DELETE || cve,CVE-2007-3273 || url,www.securityfocus.com/bid/24498 || url,doc.emergingthreats.net/2006464
1 || 2006465 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm ASCII || cve,CVE-2007-3273 || url,www.securityfocus.com/bid/24498 || url,doc.emergingthreats.net/2006465
1 || 2006466 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- index.cfm UPDATE || cve,CVE-2007-3273 || url,www.securityfocus.com/bid/24498 || url,doc.emergingthreats.net/2006466
1 || 2006467 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- autherror.cfm errorcode SELECT || cve,CVE-2007-3301 || url,www.securityfocus.com/bid/24528 || url,doc.emergingthreats.net/2006467
1 || 2006468 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- autherror.cfm errorcode UNION SELECT || cve,CVE-2007-3301 || url,www.securityfocus.com/bid/24528 || url,doc.emergingthreats.net/2006468
1 || 2006469 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- autherror.cfm errorcode INSERT || cve,CVE-2007-3301 || url,www.securityfocus.com/bid/24528 || url,doc.emergingthreats.net/2006469
1 || 2006470 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- autherror.cfm errorcode DELETE || cve,CVE-2007-3301 || url,www.securityfocus.com/bid/24528 || url,doc.emergingthreats.net/2006470
1 || 2006471 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- autherror.cfm errorcode ASCII || cve,CVE-2007-3301 || url,www.securityfocus.com/bid/24528 || url,doc.emergingthreats.net/2006471
1 || 2006472 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FuseTalk SQL Injection Attempt -- autherror.cfm errorcode UPDATE || cve,CVE-2007-3301 || url,www.securityfocus.com/bid/24528 || url,doc.emergingthreats.net/2006472
1 || 2006473 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid SELECT || cve,CVE-2007-3293 || url,www.exploit-db.com/exploits/4082/ || url,doc.emergingthreats.net/2006473
1 || 2006474 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid UNION SELECT || cve,CVE-2007-3293 || url,www.exploit-db.com/exploits/4082/ || url,doc.emergingthreats.net/2006474
1 || 2006475 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid INSERT || cve,CVE-2007-3293 || url,www.exploit-db.com/exploits/4082/ || url,doc.emergingthreats.net/2006475
1 || 2006476 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid DELETE || cve,CVE-2007-3293 || url,www.exploit-db.com/exploits/4082/ || url,doc.emergingthreats.net/2006476
1 || 2006477 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid ASCII || cve,CVE-2007-3293 || url,www.exploit-db.com/exploits/4082/ || url,doc.emergingthreats.net/2006477
1 || 2006478 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LiveCMS SQL Injection Attempt -- categoria.php cid UPDATE || cve,CVE-2007-3293 || url,www.exploit-db.com/exploits/4082/ || url,doc.emergingthreats.net/2006478
1 || 2006479 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php SELECT || cve,CVE-2007-3307 || url,www.milw0rm.com/exploits/4078 || url,doc.emergingthreats.net/2006479
1 || 2006480 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php UNION SELECT || cve,CVE-2007-3307 || url,www.milw0rm.com/exploits/4078 || url,doc.emergingthreats.net/2006480
1 || 2006481 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php INSERT || cve,CVE-2007-3307 || url,www.milw0rm.com/exploits/4078 || url,doc.emergingthreats.net/2006481
1 || 2006482 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php DELETE || cve,CVE-2007-3307 || url,www.milw0rm.com/exploits/4078 || url,doc.emergingthreats.net/2006482
1 || 2006484 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php ASCII || cve,CVE-2007-3307 || url,www.milw0rm.com/exploits/4078 || url,doc.emergingthreats.net/2006484
1 || 2006485 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Solar Empire SQL Injection Attempt -- game_listing.php UPDATE || cve,CVE-2007-3307 || url,www.milw0rm.com/exploits/4078 || url,doc.emergingthreats.net/2006485
1 || 2006486 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- print.php id SELECT || cve,CVE-2007-3311 || url,www.milw0rm.com/exploits/3588 || url,doc.emergingthreats.net/2006486
1 || 2006487 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- print.php id UNION SELECT || cve,CVE-2007-3311 || url,www.milw0rm.com/exploits/3588 || url,doc.emergingthreats.net/2006487
1 || 2006488 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- print.php id INSERT || cve,CVE-2007-3311 || url,www.milw0rm.com/exploits/3588 || url,doc.emergingthreats.net/2006488
1 || 2006489 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- print.php id DELETE || cve,CVE-2007-3311 || url,www.milw0rm.com/exploits/3588 || url,doc.emergingthreats.net/2006489
1 || 2006490 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- print.php id ASCII || cve,CVE-2007-3311 || url,www.milw0rm.com/exploits/3588 || url,doc.emergingthreats.net/2006490
1 || 2006491 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Xoops SQL Injection Attempt -- print.php id UPDATE || cve,CVE-2007-3311 || url,www.milw0rm.com/exploits/3588 || url,doc.emergingthreats.net/2006491
1 || 2006492 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username SELECT || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006492
1 || 2006493 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username UNION SELECT || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006493
1 || 2006494 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username INSERT || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006494
1 || 2006495 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username DELETE || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006495
1 || 2006496 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username ASCII || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006496
1 || 2006497 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username UPDATE || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006497
1 || 2006498 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item SELECT || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006498
1 || 2006499 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item UNION SELECT || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006499
1 || 2006500 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item INSERT || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006500
1 || 2006501 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item DELETE || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006501
1 || 2006502 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item ASCII || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006502
1 || 2006503 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item UPDATE || cve,CVE-2007-3313 || url,www.milw0rm.com/exploits/4081 || url,doc.emergingthreats.net/2006503
1 || 2006504 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct SELECT || cve,CVE-2007-3323 || url,www.securityfocus.com/bid/24562 || url,doc.emergingthreats.net/2006504
1 || 2006505 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UNION SELECT || cve,CVE-2007-3323 || url,www.securityfocus.com/bid/24562 || url,doc.emergingthreats.net/2006505
1 || 2006506 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct INSERT || cve,CVE-2007-3323 || url,www.securityfocus.com/bid/24562 || url,doc.emergingthreats.net/2006506
1 || 2006507 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct DELETE || cve,CVE-2007-3323 || url,www.securityfocus.com/bid/24562 || url,doc.emergingthreats.net/2006507
1 || 2006508 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ASCII || cve,CVE-2007-3323 || url,www.securityfocus.com/bid/24562 || url,doc.emergingthreats.net/2006508
1 || 2006509 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UPDATE || cve,CVE-2007-3323 || url,www.securityfocus.com/bid/24562 || url,doc.emergingthreats.net/2006509
1 || 2006510 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006510
1 || 2006511 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UNION SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006511
1 || 2006512 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID INSERT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006512
1 || 2006513 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID DELETE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006513
1 || 2006514 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ASCII || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006514
1 || 2006515 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UPDATE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006515
1 || 2006516 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006516
1 || 2006517 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UNION SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006517
1 || 2006518 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID INSERT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006518
1 || 2006519 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID DELETE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006519
1 || 2006520 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ASCII || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006520
1 || 2006521 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UPDATE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006521
1 || 2006522 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006522
1 || 2006523 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID UNION SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006523
1 || 2006524 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID INSERT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006524
1 || 2006525 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID DELETE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006525
1 || 2006526 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID ASCII || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006526
1 || 2006527 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID UPDATE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006527
1 || 2006528 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006528
1 || 2006529 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID UNION SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006529
1 || 2006530 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID INSERT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006530
1 || 2006531 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID DELETE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006531
1 || 2006532 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID ASCII || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006532
1 || 2006533 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Client_ID UPDATE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006533
1 || 2006534 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006534
1 || 2006535 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UNION SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006535
1 || 2006536 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID INSERT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006536
1 || 2006537 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID DELETE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006537
1 || 2006538 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ASCII || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006538
1 || 2006539 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UPDATE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006539
1 || 2006540 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006540
1 || 2006541 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UNION SELECT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006541
1 || 2006542 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID INSERT || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006542
1 || 2006543 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID DELETE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006543
1 || 2006544 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ASCII || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006544
1 || 2006545 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UPDATE || cve,CVE-2007-3345 || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || url,doc.emergingthreats.net/2006545
1 || 2006546 || 7 || attempted-admin || 0 || ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack! || url,doc.emergingthreats.net/2006546
1 || 2006547 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id SELECT || cve,CVE-2007-3354 || url,www.securityfocus.com/bid/24584 || url,doc.emergingthreats.net/2006547
1 || 2006548 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UNION SELECT || cve,CVE-2007-3354 || url,www.securityfocus.com/bid/24584 || url,doc.emergingthreats.net/2006548
1 || 2006549 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id INSERT || cve,CVE-2007-3354 || url,www.securityfocus.com/bid/24584 || url,doc.emergingthreats.net/2006549
1 || 2006550 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id DELETE || cve,CVE-2007-3354 || url,www.securityfocus.com/bid/24584 || url,doc.emergingthreats.net/2006550
1 || 2006551 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id ASCII || cve,CVE-2007-3354 || url,www.securityfocus.com/bid/24584 || url,doc.emergingthreats.net/2006551
1 || 2006552 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UPDATE || cve,CVE-2007-3354 || url,www.securityfocus.com/bid/24584 || url,doc.emergingthreats.net/2006552
1 || 2006553 || 9 || trojan-activity || 0 || ET MALWARE Cpushpop.com Spyware User-Agent (CPUSH_UPDATER) || url,doc.emergingthreats.net/2006553
1 || 2006554 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyPage SQL Injection Attempt -- default.aspx docId SELECT || cve,CVE-2006-6486 || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || url,doc.emergingthreats.net/2006554
1 || 2006555 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyPage SQL Injection Attempt -- default.aspx docId UNION SELECT || cve,CVE-2006-6486 || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || url,doc.emergingthreats.net/2006555
1 || 2006556 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyPage SQL Injection Attempt -- default.aspx docId INSERT || cve,CVE-2006-6486 || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || url,doc.emergingthreats.net/2006556
1 || 2006557 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyPage SQL Injection Attempt -- default.aspx docId DELETE || cve,CVE-2006-6486 || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || url,doc.emergingthreats.net/2006557
1 || 2006558 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyPage SQL Injection Attempt -- default.aspx docId ASCII || cve,CVE-2006-6486 || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || url,doc.emergingthreats.net/2006558
1 || 2006559 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasyPage SQL Injection Attempt -- default.aspx docId UPDATE || cve,CVE-2006-6486 || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || url,doc.emergingthreats.net/2006559
1 || 2006560 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- email.php id SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006560
1 || 2006561 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- email.php id UNION SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006561
1 || 2006562 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- email.php id INSERT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006562
1 || 2006564 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- email.php id DELETE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006564
1 || 2006565 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- email.php id ASCII || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006565
1 || 2006566 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- email.php id UPDATE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006566
1 || 2006567 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006567
1 || 2006568 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no UNION SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006568
1 || 2006569 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no INSERT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006569
1 || 2006570 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no DELETE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006570
1 || 2006571 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no ASCII || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006571
1 || 2006572 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no UPDATE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006572
1 || 2006573 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006573
1 || 2006574 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre UNION SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006574
1 || 2006575 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre INSERT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006575
1 || 2006576 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre DELETE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006576
1 || 2006577 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre ASCII || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006577
1 || 2006578 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre UPDATE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006578
1 || 2006579 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006579
1 || 2006580 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce UNION SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006580
1 || 2006581 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce INSERT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006581
1 || 2006582 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce DELETE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006582
1 || 2006583 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce ASCII || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006583
1 || 2006584 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce UPDATE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006584
1 || 2006585 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006585
1 || 2006586 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce UNION SELECT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006586
1 || 2006587 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce INSERT || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006587
1 || 2006588 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce DELETE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006588
1 || 2006589 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce ASCII || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006589
1 || 2006590 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce UPDATE || cve,CVE-2006-6478 || url,www.securityfocus.com/bid/21514/exploit || url,doc.emergingthreats.net/2006590
1 || 2006591 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid SELECT || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006591
1 || 2006592 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid UNION SELECT || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006592
1 || 2006593 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid INSERT || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006593
1 || 2006594 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid DELETE || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006594
1 || 2006595 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid ASCII || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006595
1 || 2006596 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid UPDATE || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006596
1 || 2006597 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass SELECT || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006597
1 || 2006598 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass UNION SELECT || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006598
1 || 2006599 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass INSERT || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006599
1 || 2006600 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass DELETE || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006600
1 || 2006601 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass ASCII || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006601
1 || 2006602 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass UPDATE || cve,CVE-2006-6450 || url,www.securityfocus.com/bid/21473 || url,doc.emergingthreats.net/2006602
1 || 2006603 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user SELECT || cve,CVE-2006-6448 || url,www.frsirt.com/english/advisories/2006/4850 || url,doc.emergingthreats.net/2006603
1 || 2006604 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UNION SELECT || cve,CVE-2006-6448 || url,www.frsirt.com/english/advisories/2006/4850 || url,doc.emergingthreats.net/2006604
1 || 2006605 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user INSERT || cve,CVE-2006-6448 || url,www.frsirt.com/english/advisories/2006/4850 || url,doc.emergingthreats.net/2006605
1 || 2006606 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user DELETE || cve,CVE-2006-6448 || url,www.frsirt.com/english/advisories/2006/4850 || url,doc.emergingthreats.net/2006606
1 || 2006607 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ASCII || cve,CVE-2006-6448 || url,www.frsirt.com/english/advisories/2006/4850 || url,doc.emergingthreats.net/2006607
1 || 2006608 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UPDATE || cve,CVE-2006-6448 || url,www.frsirt.com/english/advisories/2006/4850 || url,doc.emergingthreats.net/2006608
1 || 2006609 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iWare Professional SQL Injection Attempt -- index.php D SELECT || cve,CVE-2006-6446 || url,www.securityfocus.com/bid/21467 || url,doc.emergingthreats.net/2006609
1 || 2006610 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iWare Professional SQL Injection Attempt -- index.php D UNION SELECT || cve,CVE-2006-6446 || url,www.securityfocus.com/bid/21467 || url,doc.emergingthreats.net/2006610
1 || 2006611 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iWare Professional SQL Injection Attempt -- index.php D INSERT || cve,CVE-2006-6446 || url,www.securityfocus.com/bid/21467 || url,doc.emergingthreats.net/2006611
1 || 2006612 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iWare Professional SQL Injection Attempt -- index.php D DELETE || cve,CVE-2006-6446 || url,www.securityfocus.com/bid/21467 || url,doc.emergingthreats.net/2006612
1 || 2006613 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iWare Professional SQL Injection Attempt -- index.php D ASCII || cve,CVE-2006-6446 || url,www.securityfocus.com/bid/21467 || url,doc.emergingthreats.net/2006613
1 || 2006614 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iWare Professional SQL Injection Attempt -- index.php D UPDATE || cve,CVE-2006-6446 || url,www.securityfocus.com/bid/21467 || url,doc.emergingthreats.net/2006614
1 || 2006615 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_doc SELECT || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006615
1 || 2006616 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_doc UNION SELECT || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006616
1 || 2006617 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_doc INSERT || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006617
1 || 2006618 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_doc DELETE || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006618
1 || 2006619 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_doc ASCII || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006619
1 || 2006620 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_doc UPDATE || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006620
1 || 2006621 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_aut SELECT || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006621
1 || 2006622 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_aut UNION SELECT || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006622
1 || 2006623 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_aut INSERT || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006623
1 || 2006624 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_aut DELETE || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006624
1 || 2006625 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_aut ASCII || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006625
1 || 2006626 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dol storye SQL Injection Attempt -- dettaglio.asp id_aut UPDATE || cve,CVE-2006-6414 || url,www.securityfocus.com/bid/21463 || url,doc.emergingthreats.net/2006626
1 || 2006627 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details SELECT || cve,CVE-2006-6403 || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || url,doc.emergingthreats.net/2006627
1 || 2006628 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details UNION SELECT || cve,CVE-2006-6403 || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || url,doc.emergingthreats.net/2006628
1 || 2006629 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details INSERT || cve,CVE-2006-6403 || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || url,doc.emergingthreats.net/2006629
1 || 2006630 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details DELETE || cve,CVE-2006-6403 || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || url,doc.emergingthreats.net/2006630
1 || 2006631 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details ASCII || cve,CVE-2006-6403 || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || url,doc.emergingthreats.net/2006631
1 || 2006632 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyStats SQL Injection Attempt -- mystats.php details UPDATE || cve,CVE-2006-6403 || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || url,doc.emergingthreats.net/2006632
1 || 2006633 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006633
1 || 2006634 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp UNION SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006634
1 || 2006635 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp INSERT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006635
1 || 2006636 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp DELETE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006636
1 || 2006637 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp ASCII || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006637
1 || 2006638 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp UPDATE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006638
1 || 2006639 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006639
1 || 2006640 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp UNION SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006640
1 || 2006641 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp INSERT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006641
1 || 2006642 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp DELETE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006642
1 || 2006643 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp ASCII || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006643
1 || 2006644 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp UPDATE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006644
1 || 2006645 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006645
1 || 2006646 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID UNION SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006646
1 || 2006647 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID INSERT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006647
1 || 2006648 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID DELETE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006648
1 || 2006649 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID ASCII || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006649
1 || 2006650 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID UPDATE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006650
1 || 2006651 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006651
1 || 2006652 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID UNION SELECT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006652
1 || 2006653 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID INSERT || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006653
1 || 2006654 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID DELETE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006654
1 || 2006655 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID ASCII || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006655
1 || 2006656 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID UPDATE || cve,CVE-2006-6398 || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || url,doc.emergingthreats.net/2006656
1 || 2006657 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni SELECT || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006657
1 || 2006658 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni UNION SELECT || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006658
1 || 2006659 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni INSERT || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006659
1 || 2006660 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni DELETE || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006660
1 || 2006661 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni ASCII || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006661
1 || 2006662 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni UPDATE || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006662
1 || 2006663 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci SELECT || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006663
1 || 2006664 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci UNION SELECT || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006664
1 || 2006665 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci INSERT || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006665
1 || 2006666 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci DELETE || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006666
1 || 2006667 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci ASCII || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006667
1 || 2006668 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci UPDATE || cve,CVE-2006-6387 || url,www.securityfocus.com/bid/21464 || url,doc.emergingthreats.net/2006668
1 || 2006669 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- post.php img SELECT || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006669
1 || 2006670 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- post.php img UNION SELECT || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006670
1 || 2006671 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- post.php img INSERT || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006671
1 || 2006672 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- post.php img DELETE || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006672
1 || 2006673 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- post.php img ASCII || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006673
1 || 2006674 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- post.php img UPDATE || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006674
1 || 2006675 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img SELECT || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006675
1 || 2006676 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img UNION SELECT || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006676
1 || 2006677 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img INSERT || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006677
1 || 2006678 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img DELETE || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006678
1 || 2006679 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img ASCII || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006679
1 || 2006680 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Gallery SQL Injection Attempt -- index.php img UPDATE || cve,CVE-2006-6370 || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || url,doc.emergingthreats.net/2006680
1 || 2006681 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid SELECT || cve,CVE-2006-6369 || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || url,doc.emergingthreats.net/2006681
1 || 2006682 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid UNION SELECT || cve,CVE-2006-6369 || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || url,doc.emergingthreats.net/2006682
1 || 2006683 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid INSERT || cve,CVE-2006-6369 || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || url,doc.emergingthreats.net/2006683
1 || 2006684 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid DELETE || cve,CVE-2006-6369 || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || url,doc.emergingthreats.net/2006684
1 || 2006685 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid ASCII || cve,CVE-2006-6369 || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || url,doc.emergingthreats.net/2006685
1 || 2006686 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid UPDATE || cve,CVE-2006-6369 || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || url,doc.emergingthreats.net/2006686
1 || 2006687 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp iFile SELECT || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006687
1 || 2006688 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp iFile UNION SELECT || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006688
1 || 2006689 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp iFile INSERT || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006689
1 || 2006690 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp iFile DELETE || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006690
1 || 2006691 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp iFile ASCII || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006691
1 || 2006692 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp iFile UPDATE || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006692
1 || 2006694 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action SELECT || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006694
1 || 2006695 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action UNION SELECT || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006695
1 || 2006696 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action INSERT || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006696
1 || 2006697 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action DELETE || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006697
1 || 2006698 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action ASCII || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006698
1 || 2006699 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUdownload SQL Injection Attempt -- detail.asp action UPDATE || cve,CVE-2006-6367 || url,www.securityfocus.com/bid/21405 || url,doc.emergingthreats.net/2006699
1 || 2006700 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUpaypal SQL Injection Attempt -- detail.asp iType SELECT || cve,CVE-2006-6365 || url,www.securityfocus.com/bid/14034 || url,doc.emergingthreats.net/2006700
1 || 2006701 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUpaypal SQL Injection Attempt -- detail.asp iType UNION SELECT || cve,CVE-2006-6365 || url,www.securityfocus.com/bid/14034 || url,doc.emergingthreats.net/2006701
1 || 2006702 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUpaypal SQL Injection Attempt -- detail.asp iType INSERT || cve,CVE-2006-6365 || url,www.securityfocus.com/bid/14034 || url,doc.emergingthreats.net/2006702
1 || 2006703 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUpaypal SQL Injection Attempt -- detail.asp iType DELETE || cve,CVE-2006-6365 || url,www.securityfocus.com/bid/14034 || url,doc.emergingthreats.net/2006703
1 || 2006704 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUpaypal SQL Injection Attempt -- detail.asp iType ASCII || cve,CVE-2006-6365 || url,www.securityfocus.com/bid/14034 || url,doc.emergingthreats.net/2006704
1 || 2006705 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DUware DUpaypal SQL Injection Attempt -- detail.asp iType UPDATE || cve,CVE-2006-6365 || url,www.securityfocus.com/bid/14034 || url,doc.emergingthreats.net/2006705
1 || 2006706 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuClassmate SQL Injection Attempt -- default.asp iCity SELECT || cve,CVE-2006-6355 || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || url,doc.emergingthreats.net/2006706
1 || 2006707 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuClassmate SQL Injection Attempt -- default.asp iCity UNION SELECT || cve,CVE-2006-6355 || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || url,doc.emergingthreats.net/2006707
1 || 2006708 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuClassmate SQL Injection Attempt -- default.asp iCity INSERT || cve,CVE-2006-6355 || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || url,doc.emergingthreats.net/2006708
1 || 2006709 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuClassmate SQL Injection Attempt -- default.asp iCity DELETE || cve,CVE-2006-6355 || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || url,doc.emergingthreats.net/2006709
1 || 2006710 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuClassmate SQL Injection Attempt -- default.asp iCity ASCII || cve,CVE-2006-6355 || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || url,doc.emergingthreats.net/2006710
1 || 2006711 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuClassmate SQL Injection Attempt -- default.asp iCity UPDATE || cve,CVE-2006-6355 || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || url,doc.emergingthreats.net/2006711
1 || 2006712 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews SELECT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006712
1 || 2006713 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews UNION SELECT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006713
1 || 2006714 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews INSERT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006714
1 || 2006715 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews DELETE || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006715
1 || 2006716 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews ASCII || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006716
1 || 2006717 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DuWare DuNews SQL Injection Attempt -- detail.asp iNews UPDATE || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006717
1 || 2006718 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp iType SELECT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006718
1 || 2006719 || 7 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp iType UNION SELECT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006719
1 || 2006720 || 7 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp iType INSERT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006720
1 || 2006721 || 7 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp iType DELETE || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006721
1 || 2006722 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp iType ASCII || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006722
1 || 2006723 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp iType UPDATE || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006723
1 || 2006724 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp Action SELECT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006724
1 || 2006725 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp Action UNION SELECT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006725
1 || 2006726 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp Action INSERT || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006726
1 || 2006727 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp Action DELETE || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006727
1 || 2006728 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp Action ASCII || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006728
1 || 2006729 || 8 || web-application-attack || 0 || ET DELETED DuWare DuNews SQL Injection Attempt -- detail.asp Action UPDATE || cve,CVE-2006-6354 || url,www.securityfocus.com/bid/15681 || url,doc.emergingthreats.net/2006729
1 || 2006730 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main SELECT || cve,CVE-2006-6349 || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || url,doc.emergingthreats.net/2006730
1 || 2006731 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UNION SELECT || cve,CVE-2006-6349 || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || url,doc.emergingthreats.net/2006731
1 || 2006732 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main INSERT || cve,CVE-2006-6349 || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || url,doc.emergingthreats.net/2006732
1 || 2006733 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main DELETE || cve,CVE-2006-6349 || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || url,doc.emergingthreats.net/2006733
1 || 2006734 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ASCII || cve,CVE-2006-6349 || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || url,doc.emergingthreats.net/2006734
1 || 2006735 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UPDATE || cve,CVE-2006-6349 || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || url,doc.emergingthreats.net/2006735
1 || 2006736 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006736
1 || 2006737 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php UNION SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006737
1 || 2006738 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php INSERT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006738
1 || 2006739 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php DELETE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006739
1 || 2006740 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php ASCII || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006740
1 || 2006741 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php UPDATE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006741
1 || 2006742 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006742
1 || 2006743 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php UNION SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006743
1 || 2006744 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php INSERT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006744
1 || 2006745 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php DELETE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006745
1 || 2006746 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php ASCII || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006746
1 || 2006747 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php UPDATE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006747
1 || 2006748 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.register.inc.php SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006748
1 || 2006749 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.register.inc.php UNION SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006749
1 || 2006750 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.register.inc.php INSERT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006750
1 || 2006751 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.register.inc.php DELETE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006751
1 || 2006752 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.register.inc.php ASCII || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006752
1 || 2006753 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.register.inc.php UPDATE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006753
1 || 2006754 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- polls.php id SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006754
1 || 2006755 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- polls.php id UNION SELECT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006755
1 || 2006756 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- polls.php id INSERT || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006756
1 || 2006757 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- polls.php id DELETE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006757
1 || 2006758 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- polls.php id ASCII || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006758
1 || 2006759 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- polls.php id UPDATE || cve,CVE-2006-6344 || url,www.secunia.com/advisories/23180 || url,doc.emergingthreats.net/2006759
1 || 2006760 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category SELECT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006760
1 || 2006761 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UNION SELECT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006761
1 || 2006762 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category INSERT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006762
1 || 2006763 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category DELETE || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006763
1 || 2006764 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ASCII || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006764
1 || 2006765 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UPDATE || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006765
1 || 2006766 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent SELECT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006766
1 || 2006767 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UNION SELECT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006767
1 || 2006768 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent INSERT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006768
1 || 2006769 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent DELETE || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006769
1 || 2006770 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ASCII || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006770
1 || 2006771 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UPDATE || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006771
1 || 2006772 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id SELECT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006772
1 || 2006773 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UNION SELECT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006773
1 || 2006774 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id INSERT || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006774
1 || 2006775 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id DELETE || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006775
1 || 2006776 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ASCII || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006776
1 || 2006777 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UPDATE || cve,CVE-2006-6342 || url,www.securityfocus.com/bid/21199 || url,doc.emergingthreats.net/2006777
1 || 2006778 || 9 || trojan-activity || 0 || ET MALWARE Debelizombi.com Spyware User-Agent (blahrx) || url,doc.emergingthreats.net/2006778
1 || 2006779 || 7 || not-suspicious || 0 || ET POLICY Nagios HTTP Monitoring Connection || url,doc.emergingthreats.net/2006779
1 || 2006780 || 8 || trojan-activity || 0 || ET MALWARE Zango Cash Spyware User-Agent (ZC-Bridgev26) || url,doc.emergingthreats.net/2006780
1 || 2006781 || 39 || trojan-activity || 0 || ET MALWARE Zango Cash Spyware User-Agent (ZC XML-RPC C++ Client) || url,doc.emergingthreats.net/2006781
1 || 2006782 || 9 || trojan-activity || 0 || ET MALWARE Mirage.ru Related Spyware User-Agent (szNotifyIdent) || url,doc.emergingthreats.net/2006782
1 || 2006783 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici SELECT || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006783
1 || 2006784 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici UNION SELECT || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006784
1 || 2006785 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici INSERT || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006785
1 || 2006786 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici DELETE || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006786
1 || 2006787 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici ASCII || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006787
1 || 2006788 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp kullanici UPDATE || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006788
1 || 2006789 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola SELECT || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006789
1 || 2006790 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola UNION SELECT || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006790
1 || 2006791 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola INSERT || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006791
1 || 2006792 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola DELETE || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006792
1 || 2006793 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola ASCII || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006793
1 || 2006794 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aspee and Dogantepe Ziyaretci Defteri SQL Injection Attempt -- giris.asp parola UPDATE || cve,CVE-2006-6337 || url,www.securityfocus.com/bid/21398 || url,doc.emergingthreats.net/2006794
1 || 2006795 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi SELECT || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006795
1 || 2006796 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi UNION SELECT || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006796
1 || 2006797 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi INSERT || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006797
1 || 2006798 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi DELETE || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006798
1 || 2006799 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi ASCII || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006799
1 || 2006800 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi UPDATE || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006800
1 || 2006801 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre SELECT || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006801
1 || 2006802 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre UNION SELECT || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006802
1 || 2006803 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre INSERT || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006803
1 || 2006804 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre DELETE || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006804
1 || 2006805 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre ASCII || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006805
1 || 2006806 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre UPDATE || cve,CVE-2006-6298 || url,www.securityfocus.com/bid/21418 || url,doc.emergingthreats.net/2006806
1 || 2006807 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid SELECT || cve,CVE-2006-6280 || url,www.securityfocus.com/bid/21172 || url,doc.emergingthreats.net/2006807
1 || 2006808 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid UNION SELECT || cve,CVE-2006-6280 || url,www.securityfocus.com/bid/21172 || url,doc.emergingthreats.net/2006808
1 || 2006809 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid INSERT || cve,CVE-2006-6280 || url,www.securityfocus.com/bid/21172 || url,doc.emergingthreats.net/2006809
1 || 2006810 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid DELETE || cve,CVE-2006-6280 || url,www.securityfocus.com/bid/21172 || url,doc.emergingthreats.net/2006810
1 || 2006811 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid ASCII || cve,CVE-2006-6280 || url,www.securityfocus.com/bid/21172 || url,doc.emergingthreats.net/2006811
1 || 2006812 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid UPDATE || cve,CVE-2006-6280 || url,www.securityfocus.com/bid/21172 || url,doc.emergingthreats.net/2006812
1 || 2006813 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Expinion.net iNews SQL Injection Attempt -- articles.asp ex SELECT || cve,CVE-2006-6274 || url,www.securityfocus.com/bid/21296 || url,doc.emergingthreats.net/2006813
1 || 2006814 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Expinion.net iNews SQL Injection Attempt -- articles.asp ex UNION SELECT || cve,CVE-2006-6274 || url,www.securityfocus.com/bid/21296 || url,doc.emergingthreats.net/2006814
1 || 2006815 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Expinion.net iNews SQL Injection Attempt -- articles.asp ex INSERT || cve,CVE-2006-6274 || url,www.securityfocus.com/bid/21296 || url,doc.emergingthreats.net/2006815
1 || 2006816 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Expinion.net iNews SQL Injection Attempt -- articles.asp ex DELETE || cve,CVE-2006-6274 || url,www.securityfocus.com/bid/21296 || url,doc.emergingthreats.net/2006816
1 || 2006817 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Expinion.net iNews SQL Injection Attempt -- articles.asp ex ASCII || cve,CVE-2006-6274 || url,www.securityfocus.com/bid/21296 || url,doc.emergingthreats.net/2006817
1 || 2006818 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Expinion.net iNews SQL Injection Attempt -- articles.asp ex UPDATE || cve,CVE-2006-6274 || url,www.securityfocus.com/bid/21296 || url,doc.emergingthreats.net/2006818
1 || 2006819 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum2.asp soruid SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006819
1 || 2006820 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum2.asp soruid UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006820
1 || 2006821 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum2.asp soruid INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006821
1 || 2006822 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum2.asp soruid DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006822
1 || 2006823 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum2.asp soruid ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006823
1 || 2006824 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum2.asp soruid UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006824
1 || 2006825 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006825
1 || 2006826 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006826
1 || 2006827 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006827
1 || 2006828 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006828
1 || 2006829 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006829
1 || 2006830 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006830
1 || 2006831 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006831
1 || 2006832 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006832
1 || 2006833 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006833
1 || 2006834 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006834
1 || 2006835 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006835
1 || 2006836 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- aramayap.asp kelimeler UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006836
1 || 2006837 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006837
1 || 2006838 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006838
1 || 2006839 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006839
1 || 2006840 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006840
1 || 2006841 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006841
1 || 2006842 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- giris.asp kullaniciadi UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006842
1 || 2006843 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006843
1 || 2006844 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006844
1 || 2006845 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006845
1 || 2006846 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006846
1 || 2006847 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006847
1 || 2006848 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- mesajkutum.asp mesajno UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006848
1 || 2006849 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006849
1 || 2006850 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006850
1 || 2006851 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006851
1 || 2006852 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006852
1 || 2006853 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006853
1 || 2006854 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006854
1 || 2006855 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum.asp baslik SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006855
1 || 2006856 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum.asp baslik UNION SELECT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006856
1 || 2006857 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum.asp baslik INSERT || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006857
1 || 2006858 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum.asp baslik DELETE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006858
1 || 2006859 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum.asp baslik ASCII || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006859
1 || 2006860 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- forum.asp baslik UPDATE || cve,CVE-2006-6270 || url,www.securityfocus.com/archive/1/archive/1/451958/100/200/threaded || url,doc.emergingthreats.net/2006860
1 || 2006862 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id SELECT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006862
1 || 2006863 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id UNION SELECT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006863
1 || 2006864 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id INSERT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006864
1 || 2006865 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id DELETE || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006865
1 || 2006866 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id ASCII || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006866
1 || 2006867 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- rating.asp id UPDATE || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006867
1 || 2006868 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid SELECT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006868
1 || 2006869 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid UNION SELECT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006869
1 || 2006870 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid INSERT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006870
1 || 2006871 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid DELETE || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006871
1 || 2006872 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid ASCII || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006872
1 || 2006873 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- meal_rest.asp mealid UPDATE || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006873
1 || 2006874 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid SELECT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006874
1 || 2006875 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid UNION SELECT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006875
1 || 2006876 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid INSERT || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006876
1 || 2006877 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid DELETE || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006877
1 || 2006878 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid ASCII || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006878
1 || 2006879 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Infinitytechs Restaurants CM SQL Injection Attempt -- res_details.asp resid UPDATE || cve,CVE-2006-6269 || url,www.securityfocus.com/archive/1/archive/1/451970/100/200/threaded || url,doc.emergingthreats.net/2006879
1 || 2006880 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id SELECT || cve,CVE-2006-6268 || url,www.securityfocus.com/bid/21227 || url,doc.emergingthreats.net/2006880
1 || 2006881 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id UNION SELECT || cve,CVE-2006-6268 || url,www.securityfocus.com/bid/21227 || url,doc.emergingthreats.net/2006881
1 || 2006882 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id INSERT || cve,CVE-2006-6268 || url,www.securityfocus.com/bid/21227 || url,doc.emergingthreats.net/2006882
1 || 2006883 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id DELETE || cve,CVE-2006-6268 || url,www.securityfocus.com/bid/21227 || url,doc.emergingthreats.net/2006883
1 || 2006884 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id ASCII || cve,CVE-2006-6268 || url,www.securityfocus.com/bid/21227 || url,doc.emergingthreats.net/2006884
1 || 2006885 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Land Down Under (LDU) SQL Injection Attempt -- users.php id UPDATE || cve,CVE-2006-6268 || url,www.securityfocus.com/bid/21227 || url,doc.emergingthreats.net/2006885
1 || 2006886 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci SELECT || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006886
1 || 2006887 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci UNION SELECT || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006887
1 || 2006888 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci INSERT || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006888
1 || 2006889 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci DELETE || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006889
1 || 2006890 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci ASCII || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006890
1 || 2006891 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- slideshow.asp ci UPDATE || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006891
1 || 2006892 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci SELECT || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006892
1 || 2006893 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci UNION SELECT || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006893
1 || 2006894 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci INSERT || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006894
1 || 2006895 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci DELETE || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006895
1 || 2006896 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci ASCII || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006896
1 || 2006897 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Uapplication UPhotoGallery SQL Injection Attempt -- thumbnails.asp ci UPDATE || cve,CVE-2006-6247 || url,www.securityfocus.com/bid/21319 || url,doc.emergingthreats.net/2006897
1 || 2006898 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp cat SELECT || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006898
1 || 2006899 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp cat UNION SELECT || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006899
1 || 2006900 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp cat INSERT || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006900
1 || 2006901 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp cat DELETE || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006901
1 || 2006902 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp cat ASCII || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006902
1 || 2006903 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp cat UPDATE || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006903
1 || 2006904 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp did SELECT || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006904
1 || 2006905 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp did UNION SELECT || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006905
1 || 2006906 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp did INSERT || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006906
1 || 2006907 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp did DELETE || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006907
1 || 2006908 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp did ASCII || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006908
1 || 2006909 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FipsSHOP SQL Injection Attempt -- index.asp did UPDATE || cve,CVE-2006-6243 || url,www.securityfocus.com/bid/21289 || url,doc.emergingthreats.net/2006909
1 || 2006910 || 7 || trojan-activity || 0 || ET DELETED perlb0t/w0rmb0t Response (Case 1) || url,doc.emergingthreats.net/2006910
1 || 2006911 || 8 || trojan-activity || 0 || ET TROJAN perlb0t/w0rmb0t Response 2 || url,doc.emergingthreats.net/2006911
1 || 2006912 || 10 || trojan-activity || 0 || ET DELETED perlb0t/w0rmb0t Response (Case 3) || url,doc.emergingthreats.net/2006912
1 || 2006921 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit SELECT || cve,CVE-2006-6237 || url,www.milw0rm.com/exploits/2841 || url,doc.emergingthreats.net/2006921
1 || 2006922 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit UNION SELECT || cve,CVE-2006-6237 || url,www.milw0rm.com/exploits/2841 || url,doc.emergingthreats.net/2006922
1 || 2006923 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit INSERT || cve,CVE-2006-6237 || url,www.milw0rm.com/exploits/2841 || url,doc.emergingthreats.net/2006923
1 || 2006924 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit DELETE || cve,CVE-2006-6237 || url,www.milw0rm.com/exploits/2841 || url,doc.emergingthreats.net/2006924
1 || 2006925 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit ASCII || cve,CVE-2006-6237 || url,www.milw0rm.com/exploits/2841 || url,doc.emergingthreats.net/2006925
1 || 2006926 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board Lite SQL Injection Attempt -- thread.php threadvisit UPDATE || cve,CVE-2006-6237 || url,www.milw0rm.com/exploits/2841 || url,doc.emergingthreats.net/2006926
1 || 2006927 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid SELECT || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006927
1 || 2006928 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid UNION SELECT || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006928
1 || 2006929 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid INSERT || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006929
1 || 2006930 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid DELETE || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006930
1 || 2006931 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid ASCII || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006931
1 || 2006932 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php cid UPDATE || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006932
1 || 2006933 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php pid SELECT || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006933
1 || 2006934 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php pid UNION SELECT || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006934
1 || 2006935 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php pid INSERT || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006935
1 || 2006936 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php pid DELETE || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006936
1 || 2006937 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php pid ASCII || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006937
1 || 2006938 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php pid UPDATE || cve,CVE-2006-6234 || url,www.securityfocus.com/archive/1/archive/1/437835/100/200/threaded || url,doc.emergingthreats.net/2006938
1 || 2006939 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid SELECT || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006939
1 || 2006940 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid UNION SELECT || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006940
1 || 2006941 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid INSERT || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006941
1 || 2006942 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid DELETE || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006942
1 || 2006943 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid ASCII || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006943
1 || 2006944 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- recipe.php recipeid UPDATE || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006944
1 || 2006945 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- list.php categoryid SELECT || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006945
1 || 2006946 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- list.php categoryid UNION SELECT || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006946
1 || 2006947 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- list.php categoryid INSERT || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006947
1 || 2006948 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- list.php categoryid DELETE || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006948
1 || 2006949 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- list.php categoryid ASCII || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006949
1 || 2006950 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recipes Complete Website SQL Injection Attempt -- list.php categoryid UPDATE || cve,CVE-2006-6220 || url,www.milw0rm.com/exploits/2834 || url,doc.emergingthreats.net/2006950
1 || 2006951 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php seite_id SELECT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006951
1 || 2006952 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php seite_id UNION SELECT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006952
1 || 2006953 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php seite_id INSERT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006953
1 || 2006954 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php seite_id DELETE || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006954
1 || 2006955 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php seite_id ASCII || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006955
1 || 2006956 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php seite_id UPDATE || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006956
1 || 2006957 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php gruppe_id SELECT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006957
1 || 2006958 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php gruppe_id UNION SELECT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006958
1 || 2006959 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php gruppe_id INSERT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006959
1 || 2006960 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php gruppe_id DELETE || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006960
1 || 2006961 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php gruppe_id ASCII || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006961
1 || 2006962 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php gruppe_id UPDATE || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006962
1 || 2006963 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php go_target SELECT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006963
1 || 2006964 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php go_target UNION SELECT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006964
1 || 2006965 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php go_target INSERT || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006965
1 || 2006966 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php go_target DELETE || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006966
1 || 2006967 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php go_target ASCII || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006967
1 || 2006968 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dev4u CMS SQL Injection Attempt -- index.php go_target UPDATE || cve,CVE-2006-6218 || url,www.securityfocus.com/bid/21170 || url,doc.emergingthreats.net/2006968
1 || 2006969 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id SELECT || cve,CVE-2006-6216 || url,www.milw0rm.com/exploits/2851 || url,doc.emergingthreats.net/2006969
1 || 2006970 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id UNION SELECT || cve,CVE-2006-6216 || url,www.milw0rm.com/exploits/2851 || url,doc.emergingthreats.net/2006970
1 || 2006971 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id INSERT || cve,CVE-2006-6216 || url,www.milw0rm.com/exploits/2851 || url,doc.emergingthreats.net/2006971
1 || 2006972 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id DELETE || cve,CVE-2006-6216 || url,www.milw0rm.com/exploits/2851 || url,doc.emergingthreats.net/2006972
1 || 2006973 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id ASCII || cve,CVE-2006-6216 || url,www.milw0rm.com/exploits/2851 || url,doc.emergingthreats.net/2006973
1 || 2006974 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id UPDATE || cve,CVE-2006-6216 || url,www.milw0rm.com/exploits/2851 || url,doc.emergingthreats.net/2006974
1 || 2006975 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login SELECT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006975
1 || 2006976 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login UNION SELECT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006976
1 || 2006977 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login INSERT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006977
1 || 2006978 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login DELETE || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006978
1 || 2006979 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login ASCII || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006979
1 || 2006980 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login UPDATE || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006980
1 || 2006981 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password SELECT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006981
1 || 2006982 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UNION SELECT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006982
1 || 2006983 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password INSERT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006983
1 || 2006984 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password DELETE || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006984
1 || 2006985 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password ASCII || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006985
1 || 2006986 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php password UPDATE || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006986
1 || 2006987 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid SELECT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006987
1 || 2006988 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid UNION SELECT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006988
1 || 2006989 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid INSERT || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006989
1 || 2006990 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid DELETE || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006990
1 || 2006991 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid ASCII || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006991
1 || 2006992 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- dlwallpaper.php wallpaperid UPDATE || cve,CVE-2006-6215 || url,www.frsirt.com/english/advisories/2006/4687 || url,doc.emergingthreats.net/2006992
1 || 2006993 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid SELECT || cve,CVE-2006-6214 || url,www.milw0rm.com/exploits/2835 || url,doc.emergingthreats.net/2006993
1 || 2006994 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid UNION SELECT || cve,CVE-2006-6214 || url,www.milw0rm.com/exploits/2835 || url,doc.emergingthreats.net/2006994
1 || 2006995 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid INSERT || cve,CVE-2006-6214 || url,www.milw0rm.com/exploits/2835 || url,doc.emergingthreats.net/2006995
1 || 2006996 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid DELETE || cve,CVE-2006-6214 || url,www.milw0rm.com/exploits/2835 || url,doc.emergingthreats.net/2006996
1 || 2006997 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid ASCII || cve,CVE-2006-6214 || url,www.milw0rm.com/exploits/2835 || url,doc.emergingthreats.net/2006997
1 || 2006998 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- wallpaper.php wallpaperid UPDATE || cve,CVE-2006-6214 || url,www.milw0rm.com/exploits/2835 || url,doc.emergingthreats.net/2006998
1 || 2006999 || 8 || trojan-activity || 0 || ET TROJAN Brontok User-Agent Detected (Brontok.A3 Browser) || url,doc.emergingthreats.net/2006999
1 || 2007000 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP ListPics SQL Injection Attempt -- listpics.asp ID SELECT || cve,CVE-2006-6210 || url,www.securityfocus.com/bid/21279 || url,doc.emergingthreats.net/2007000
1 || 2007001 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP ListPics SQL Injection Attempt -- listpics.asp ID UNION SELECT || cve,CVE-2006-6210 || url,www.securityfocus.com/bid/21279 || url,doc.emergingthreats.net/2007001
1 || 2007002 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP ListPics SQL Injection Attempt -- listpics.asp ID INSERT || cve,CVE-2006-6210 || url,www.securityfocus.com/bid/21279 || url,doc.emergingthreats.net/2007002
1 || 2007003 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP ListPics SQL Injection Attempt -- listpics.asp ID DELETE || cve,CVE-2006-6210 || url,www.securityfocus.com/bid/21279 || url,doc.emergingthreats.net/2007003
1 || 2007004 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP ListPics SQL Injection Attempt -- listpics.asp ID ASCII || cve,CVE-2006-6210 || url,www.securityfocus.com/bid/21279 || url,doc.emergingthreats.net/2007004
1 || 2007005 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASP ListPics SQL Injection Attempt -- listpics.asp ID UPDATE || cve,CVE-2006-6210 || url,www.securityfocus.com/bid/21279 || url,doc.emergingthreats.net/2007005
1 || 2007006 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant SELECT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007006
1 || 2007007 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant UNION SELECT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007007
1 || 2007008 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant INSERT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007008
1 || 2007009 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant DELETE || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007009
1 || 2007010 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant ASCII || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007010
1 || 2007011 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant UPDATE || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007011
1 || 2007012 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup SELECT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007012
1 || 2007013 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup UNION SELECT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007013
1 || 2007014 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup INSERT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007014
1 || 2007015 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup DELETE || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007015
1 || 2007016 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup ASCII || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007016
1 || 2007017 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup UPDATE || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007017
1 || 2007018 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup SELECT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007018
1 || 2007019 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup UNION SELECT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007019
1 || 2007020 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup INSERT || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007020
1 || 2007021 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup DELETE || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007021
1 || 2007022 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup ASCII || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007022
1 || 2007023 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup UPDATE || cve,CVE-2006-6209 || url,www.securityfocus.com/bid/21273 || url,doc.emergingthreats.net/2007023
1 || 2007024 || 8 || web-application-attack || 0 || ET DELETED Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007024
1 || 2007025 || 8 || web-application-attack || 0 || ET DELETED Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id UNION SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007025
1 || 2007026 || 8 || web-application-attack || 0 || ET DELETED Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id INSERT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007026
1 || 2007027 || 8 || web-application-attack || 0 || ET DELETED Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id DELETE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007027
1 || 2007028 || 8 || web-application-attack || 0 || ET DELETED Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id ASCII || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007028
1 || 2007029 || 8 || web-application-attack || 0 || ET DELETED Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp ad_id UPDATE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007029
1 || 2007030 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007030
1 || 2007031 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid UNION SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007031
1 || 2007032 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid INSERT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007032
1 || 2007033 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid DELETE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007033
1 || 2007034 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid ASCII || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007034
1 || 2007035 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dircat.asp cid UPDATE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007035
1 || 2007036 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007036
1 || 2007037 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid UNION SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007037
1 || 2007038 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid INSERT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007038
1 || 2007039 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid DELETE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007039
1 || 2007040 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid ASCII || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007040
1 || 2007041 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- dirSub.asp sid UPDATE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007041
1 || 2007042 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007042
1 || 2007043 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID UNION SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007043
1 || 2007044 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID INSERT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007044
1 || 2007045 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID DELETE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007045
1 || 2007046 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID ASCII || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007046
1 || 2007047 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp AD_ID UPDATE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007047
1 || 2007048 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007048
1 || 2007049 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id UPDATE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007049
1 || 2007050 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id INSERT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007050
1 || 2007051 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id DELETE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007051
1 || 2007052 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id ASCII || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007052
1 || 2007053 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id UPDATE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007053
1 || 2007054 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007054
1 || 2007055 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id UNION SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007055
1 || 2007056 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id INSERT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007056
1 || 2007057 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id DELETE || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007057
1 || 2007058 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp sub_id ASCII || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007058
1 || 2007059 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eClassifieds SQL Injection Attempt -- ad.asp cat_id UNION SELECT || cve,CVE-2006-6208 || url,www.securityfocus.com/bid/21192 || url,doc.emergingthreats.net/2007059
1 || 2007060 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Evolve shopping cart SQL Injection Attempt -- products.asp partno SELECT || cve,CVE-2006-6207 || url,www.securityfocus.com/bid/21323 || url,doc.emergingthreats.net/2007060
1 || 2007061 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Evolve shopping cart SQL Injection Attempt -- products.asp partno UNION SELECT || cve,CVE-2006-6207 || url,www.securityfocus.com/bid/21323 || url,doc.emergingthreats.net/2007061
1 || 2007062 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Evolve shopping cart SQL Injection Attempt -- products.asp partno INSERT || cve,CVE-2006-6207 || url,www.securityfocus.com/bid/21323 || url,doc.emergingthreats.net/2007062
1 || 2007063 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Evolve shopping cart SQL Injection Attempt -- products.asp partno DELETE || cve,CVE-2006-6207 || url,www.securityfocus.com/bid/21323 || url,doc.emergingthreats.net/2007063
1 || 2007064 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Evolve shopping cart SQL Injection Attempt -- products.asp partno ASCII || cve,CVE-2006-6207 || url,www.securityfocus.com/bid/21323 || url,doc.emergingthreats.net/2007064
1 || 2007065 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Evolve shopping cart SQL Injection Attempt -- products.asp partno UPDATE || cve,CVE-2006-6207 || url,www.securityfocus.com/bid/21323 || url,doc.emergingthreats.net/2007065
1 || 2007066 || 4 || policy-violation || 0 || ET DELETED Yahoo Chat Signin Inside Webmail || url,yahoo.com || url,doc.emergingthreats.net/2007066
1 || 2007067 || 4 || policy-violation || 0 || ET DELETED Yahoo Chat Signin Success Inside Webmail || url,yahoo.com || url,doc.emergingthreats.net/2007067
1 || 2007068 || 4 || policy-violation || 0 || ET DELETED Yahoo Chat Activity Inside Webmail || url,yahoo.com || url,doc.emergingthreats.net/2007068
1 || 2007069 || 3 || policy-violation || 0 || ET DELETED Yahoo Chat Activity Inside Webmail (2) || url,yahoo.com || url,doc.emergingthreats.net/2007069
1 || 2007070 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID SELECT || cve,CVE-2006-6206 || url,www.securityfocus.com/bid/21324 || url,doc.emergingthreats.net/2007070
1 || 2007071 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID UNION SELECT || cve,CVE-2006-6206 || url,www.securityfocus.com/bid/21324 || url,doc.emergingthreats.net/2007071
1 || 2007072 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID INSERT || cve,CVE-2006-6206 || url,www.securityfocus.com/bid/21324 || url,doc.emergingthreats.net/2007072
1 || 2007073 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID DELETE || cve,CVE-2006-6206 || url,www.securityfocus.com/bid/21324 || url,doc.emergingthreats.net/2007073
1 || 2007074 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID ASCII || cve,CVE-2006-6206 || url,www.securityfocus.com/bid/21324 || url,doc.emergingthreats.net/2007074
1 || 2007075 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WarHound General Shopping Cart SQL Injection Attempt -- item.asp ItemID UPDATE || cve,CVE-2006-6206 || url,www.securityfocus.com/bid/21324 || url,doc.emergingthreats.net/2007075
1 || 2007076 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007076
1 || 2007077 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007077
1 || 2007078 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007078
1 || 2007079 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007079
1 || 2007080 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007080
1 || 2007081 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dircat.asp cid UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007081
1 || 2007082 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007082
1 || 2007083 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007083
1 || 2007084 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007084
1 || 2007085 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007085
1 || 2007086 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007086
1 || 2007087 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- dirSub.asp sid UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007087
1 || 2007088 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007088
1 || 2007089 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007089
1 || 2007090 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007090
1 || 2007091 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007091
1 || 2007092 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007092
1 || 2007093 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- types.asp TYPE_ID UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007093
1 || 2007094 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007094
1 || 2007095 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007095
1 || 2007096 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007096
1 || 2007097 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007097
1 || 2007098 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007098
1 || 2007099 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- homeDetail.asp AD_ID UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007099
1 || 2007100 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp cat SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007100
1 || 2007101 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp cat UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007101
1 || 2007102 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp cat INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007102
1 || 2007103 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp cat DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007103
1 || 2007104 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp cat ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007104
1 || 2007105 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp cat UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007105
1 || 2007106 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007106
1 || 2007107 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007107
1 || 2007108 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007108
1 || 2007109 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007109
1 || 2007110 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007110
1 || 2007111 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp compare UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007111
1 || 2007112 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007112
1 || 2007113 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007113
1 || 2007114 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007114
1 || 2007115 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007115
1 || 2007116 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007116
1 || 2007117 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp clear UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007117
1 || 2007118 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007118
1 || 2007119 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007119
1 || 2007120 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007120
1 || 2007121 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007121
1 || 2007122 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007122
1 || 2007123 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- compareHomes.asp adID UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007123
1 || 2007124 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007124
1 || 2007125 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007125
1 || 2007126 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007126
1 || 2007127 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007127
1 || 2007128 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007128
1 || 2007129 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp aminprice UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007129
1 || 2007130 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007130
1 || 2007131 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007131
1 || 2007132 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007132
1 || 2007133 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007133
1 || 2007134 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007134
1 || 2007135 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp amaxprice UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007135
1 || 2007136 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007136
1 || 2007137 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms UNION SELECT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007137
1 || 2007138 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms INSERT || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007138
1 || 2007139 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms DELETE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007139
1 || 2007140 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms ASCII || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007140
1 || 2007141 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthrallweb eHomes SQL Injection Attempt -- result.asp abedrooms UPDATE || cve,CVE-2006-6204 || url,www.securityfocus.com/bid/21193 || url,doc.emergingthreats.net/2007141
1 || 2007142 || 4 || trojan-activity || 0 || ET TROJAN Virtumonde Variant Reporting to Controller via HTTP || url,doc.emergingthreats.net/2007142
1 || 2007176 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid SELECT || cve,CVE-2006-6200 || url,www.securityfocus.com/archive/1/archive/1/452553/100/0/threaded || url,doc.emergingthreats.net/2007176
1 || 2007177 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid UNION SELECT || cve,CVE-2006-6200 || url,www.securityfocus.com/archive/1/archive/1/452553/100/0/threaded || url,doc.emergingthreats.net/2007177
1 || 2007178 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid INSERT || cve,CVE-2006-6200 || url,www.securityfocus.com/archive/1/archive/1/452553/100/0/threaded || url,doc.emergingthreats.net/2007178
1 || 2007179 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid DELETE || cve,CVE-2006-6200 || url,www.securityfocus.com/archive/1/archive/1/452553/100/0/threaded || url,doc.emergingthreats.net/2007179
1 || 2007180 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid ASCII || cve,CVE-2006-6200 || url,www.securityfocus.com/archive/1/archive/1/452553/100/0/threaded || url,doc.emergingthreats.net/2007180
1 || 2007181 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php sid UPDATE || cve,CVE-2006-6200 || url,www.securityfocus.com/archive/1/archive/1/452553/100/0/threaded || url,doc.emergingthreats.net/2007181
1 || 2007182 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id SELECT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007182
1 || 2007183 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id UNION SELECT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007183
1 || 2007184 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id INSERT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007184
1 || 2007185 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id DELETE || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007185
1 || 2007186 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id ASCII || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007186
1 || 2007187 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp show_id UPDATE || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007187
1 || 2007188 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid SELECT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007188
1 || 2007189 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid UNION SELECT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007189
1 || 2007190 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid INSERT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007190
1 || 2007191 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid DELETE || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007191
1 || 2007192 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid ASCII || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007192
1 || 2007193 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- filelist.asp parentid UPDATE || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007193
1 || 2007194 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid SELECT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007194
1 || 2007195 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid UNION SELECT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007195
1 || 2007196 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid INSERT || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007196
1 || 2007197 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid DELETE || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007197
1 || 2007198 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid ASCII || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007198
1 || 2007199 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fixit iDMS Pro Image Gallery SQL Injection Attempt -- showfile.asp fid UPDATE || cve,CVE-2006-6195 || url,www.securityfocus.com/bid/21282 || url,doc.emergingthreats.net/2007199
1 || 2007200 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp cat UNION SELECT || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007200
1 || 2007201 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp cat INSERT || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007201
1 || 2007202 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp cat DELETE || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007202
1 || 2007203 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp cat ASCII || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007203
1 || 2007204 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp cat UPDATE || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007204
1 || 2007205 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp did SELECT || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007205
1 || 2007206 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp did UNION SELECT || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007206
1 || 2007207 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp did INSERT || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007207
1 || 2007208 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp did DELETE || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007208
1 || 2007209 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp did ASCII || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007209
1 || 2007210 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp did UPDATE || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007210
1 || 2007211 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id SELECT || cve,CVE-2006-6193 || url,www.milw0rm.com/exploits/2848 || url,doc.emergingthreats.net/2007211
1 || 2007212 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id UNION SELECT || cve,CVE-2006-6193 || url,www.milw0rm.com/exploits/2848 || url,doc.emergingthreats.net/2007212
1 || 2007213 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id INSERT || cve,CVE-2006-6193 || url,www.milw0rm.com/exploits/2848 || url,doc.emergingthreats.net/2007213
1 || 2007214 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id DELETE || cve,CVE-2006-6193 || url,www.milw0rm.com/exploits/2848 || url,doc.emergingthreats.net/2007214
1 || 2007215 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id ASCII || cve,CVE-2006-6193 || url,www.milw0rm.com/exploits/2848 || url,doc.emergingthreats.net/2007215
1 || 2007216 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BasicForum SQL Injection Attempt -- edit.asp id UPDATE || cve,CVE-2006-6193 || url,www.milw0rm.com/exploits/2848 || url,doc.emergingthreats.net/2007216
1 || 2007217 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id SELECT || cve,CVE-2006-6191 || url,www.milw0rm.com/exploits/2853 || url,doc.emergingthreats.net/2007217
1 || 2007218 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id UNION SELECT || cve,CVE-2006-6191 || url,www.milw0rm.com/exploits/2853 || url,doc.emergingthreats.net/2007218
1 || 2007219 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id INSERT || cve,CVE-2006-6191 || url,www.milw0rm.com/exploits/2853 || url,doc.emergingthreats.net/2007219
1 || 2007220 || 12 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id DELETE || cve,CVE-2006-6191 || url,www.milw0rm.com/exploits/2853 || url,doc.emergingthreats.net/2007220
1 || 2007221 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id ASCII || cve,CVE-2006-6191 || url,www.milw0rm.com/exploits/2853 || url,doc.emergingthreats.net/2007221
1 || 2007222 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 8pixel.net simpleblog SQL Injection Attempt -- edit.asp id UPDATE || cve,CVE-2006-6191 || url,www.milw0rm.com/exploits/2853 || url,doc.emergingthreats.net/2007222
1 || 2007223 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date SELECT || cve,CVE-2006-6189 || url,www.securityfocus.com/bid/21310 || url,doc.emergingthreats.net/2007223
1 || 2007224 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UNION SELECT || cve,CVE-2006-6189 || url,www.securityfocus.com/bid/21310 || url,doc.emergingthreats.net/2007224
1 || 2007225 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date INSERT || cve,CVE-2006-6189 || url,www.securityfocus.com/bid/21310 || url,doc.emergingthreats.net/2007225
1 || 2007226 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date DELETE || cve,CVE-2006-6189 || url,www.securityfocus.com/bid/21310 || url,doc.emergingthreats.net/2007226
1 || 2007227 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date ASCII || cve,CVE-2006-6189 || url,www.securityfocus.com/bid/21310 || url,doc.emergingthreats.net/2007227
1 || 2007228 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Blog SQL Injection Attempt -- displayCalendar.asp date UPDATE || cve,CVE-2006-6189 || url,www.securityfocus.com/bid/21310 || url,doc.emergingthreats.net/2007228
1 || 2007229 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007229
1 || 2007230 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage UNION SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007230
1 || 2007231 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage INSERT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007231
1 || 2007232 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage DELETE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007232
1 || 2007233 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage ASCII || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007233
1 || 2007234 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp currentpage UPDATE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007234
1 || 2007235 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007235
1 || 2007236 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id UNION SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007236
1 || 2007237 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id INSERT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007237
1 || 2007238 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id DELETE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007238
1 || 2007239 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id ASCII || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007239
1 || 2007240 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_gallery.asp gallery_id UPDATE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007240
1 || 2007241 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007241
1 || 2007242 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id UNION SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007242
1 || 2007243 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id INSERT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007243
1 || 2007244 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id DELETE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007244
1 || 2007245 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id ASCII || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007245
1 || 2007246 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- download_image.asp image_id UPDATE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007246
1 || 2007247 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007247
1 || 2007248 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage UNION SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007248
1 || 2007249 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage INSERT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007249
1 || 2007250 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage DELETE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007250
1 || 2007251 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage ASCII || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007251
1 || 2007252 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp currentpage UPDATE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007252
1 || 2007253 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007253
1 || 2007254 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby UNION SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007254
1 || 2007255 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby INSERT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007255
1 || 2007256 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby DELETE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007256
1 || 2007257 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby ASCII || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007257
1 || 2007258 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- gallery.asp orderby UPDATE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007258
1 || 2007259 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007259
1 || 2007260 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage UNION SELECT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007260
1 || 2007261 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage INSERT || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007261
1 || 2007262 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage DELETE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007262
1 || 2007263 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage ASCII || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007263
1 || 2007264 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech Click Gallery SQL Injection Attempt -- view_recent.asp currentpage UPDATE || cve,CVE-2006-6187 || url,www.securityfocus.com/archive/1/archive/1/452733/100/0/threaded || url,doc.emergingthreats.net/2007264
1 || 2007265 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort SELECT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007265
1 || 2007266 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort UNION SELECT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007266
1 || 2007267 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort INSERT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007267
1 || 2007268 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort DELETE || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007268
1 || 2007269 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort ASCII || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007269
1 || 2007270 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp AlphaSort UPDATE || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007270
1 || 2007271 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp In SELECT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007271
1 || 2007272 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp In UNION SELECT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007272
1 || 2007273 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp In INSERT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007273
1 || 2007274 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp In DELETE || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007274
1 || 2007275 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp In ASCII || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007275
1 || 2007276 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp In UPDATE || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007276
1 || 2007277 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp orderby SELECT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007277
1 || 2007278 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp orderby UNION SELECT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007278
1 || 2007279 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp orderby INSERT || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007279
1 || 2007280 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp orderby DELETE || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007280
1 || 2007281 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp orderby ASCII || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007281
1 || 2007282 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClickTech ClickContact SQL Injection Attempt -- default.asp orderby UPDATE || cve,CVE-2006-6181 || url,www.securityfocus.com/bid/21302 || url,doc.emergingthreats.net/2007282
1 || 2007283 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultimate Survey Pro SQL Injection Attempt -- index.asp cat SELECT || cve,CVE-2006-6194 || url,www.securityfocus.com/archive/1/archive/1/452554/100/0/threaded || url,doc.emergingthreats.net/2007283
1 || 2007284 || 6 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Agent.cav Url Pattern Detected (ping) || url,doc.emergingthreats.net/2007284
1 || 2007285 || 4 || trojan-activity || 0 || ET TROJAN Virtumonde Variant Reporting to Controller via HTTP (2) || url,doc.emergingthreats.net/2007285
1 || 2007286 || 6 || trojan-activity || 0 || ET TROJAN Feral Checkin via HTTP || url,doc.emergingthreats.net/2007286
1 || 2007288 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.php id SELECT || cve,CVE-2006-6177 || url,www.securityfocus.com/archive/1/archive/1/452269/100/100/threaded || url,doc.emergingthreats.net/2007288
1 || 2007289 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.php id UNION SELECT || cve,CVE-2006-6177 || url,www.securityfocus.com/archive/1/archive/1/452269/100/100/threaded || url,doc.emergingthreats.net/2007289
1 || 2007290 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.php id INSERT || cve,CVE-2006-6177 || url,www.securityfocus.com/archive/1/archive/1/452269/100/100/threaded || url,doc.emergingthreats.net/2007290
1 || 2007291 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.php id DELETE || cve,CVE-2006-6177 || url,www.securityfocus.com/archive/1/archive/1/452269/100/100/threaded || url,doc.emergingthreats.net/2007291
1 || 2007292 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.php id ASCII || cve,CVE-2006-6177 || url,www.securityfocus.com/archive/1/archive/1/452269/100/100/threaded || url,doc.emergingthreats.net/2007292
1 || 2007293 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.php id UPDATE || cve,CVE-2006-6177 || url,www.securityfocus.com/archive/1/archive/1/452269/100/100/threaded || url,doc.emergingthreats.net/2007293
1 || 2007294 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007294
1 || 2007295 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id UNION SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007295
1 || 2007296 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id INSERT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007296
1 || 2007297 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id DELETE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007297
1 || 2007298 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id ASCII || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007298
1 || 2007299 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp id UPDATE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007299
1 || 2007300 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007300
1 || 2007301 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id UNION SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007301
1 || 2007302 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id INSERT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007302
1 || 2007303 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id DELETE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007303
1 || 2007304 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id ASCII || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007304
1 || 2007305 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp id UPDATE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007305
1 || 2007306 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007306
1 || 2007307 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id UNION SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007307
1 || 2007308 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id INSERT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007308
1 || 2007309 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id DELETE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007309
1 || 2007310 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id ASCII || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007310
1 || 2007311 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp id UPDATE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007311
1 || 2007312 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007312
1 || 2007313 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid UNION SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007313
1 || 2007314 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid INSERT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007314
1 || 2007315 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid DELETE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007315
1 || 2007316 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid ASCII || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007316
1 || 2007317 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- forgotpass.asp uid UPDATE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007317
1 || 2007318 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007318
1 || 2007319 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid UNION SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007319
1 || 2007320 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid INSERT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007320
1 || 2007321 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid DELETE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007321
1 || 2007322 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid ASCII || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007322
1 || 2007323 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- update.asp uid UPDATE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007323
1 || 2007324 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007324
1 || 2007325 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid UNION SELECT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007325
1 || 2007326 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid INSERT || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007326
1 || 2007327 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid DELETE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007327
1 || 2007328 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid ASCII || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007328
1 || 2007329 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- status.asp uid UPDATE || cve,CVE-2006-6161 || url,www.frsirt.com/english/advisories/2006/4704 || url,doc.emergingthreats.net/2007329
1 || 2007330 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id SELECT || cve,CVE-2006-6160 || url,www.milw0rm.com/exploits/2846 || url,doc.emergingthreats.net/2007330
1 || 2007331 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id UNION SELECT || cve,CVE-2006-6160 || url,www.milw0rm.com/exploits/2846 || url,doc.emergingthreats.net/2007331
1 || 2007332 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id INSERT || cve,CVE-2006-6160 || url,www.milw0rm.com/exploits/2846 || url,doc.emergingthreats.net/2007332
1 || 2007333 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id DELETE || cve,CVE-2006-6160 || url,www.milw0rm.com/exploits/2846 || url,doc.emergingthreats.net/2007333
1 || 2007334 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id ASCII || cve,CVE-2006-6160 || url,www.milw0rm.com/exploits/2846 || url,doc.emergingthreats.net/2007334
1 || 2007335 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Doug Luxem Liberum Help Desk SQL Injection Attempt -- details.asp id UPDATE || cve,CVE-2006-6160 || url,www.milw0rm.com/exploits/2846 || url,doc.emergingthreats.net/2007335
1 || 2007336 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ContentNow SQL Injection Attempt -- index.php pageid SELECT || cve,CVE-2006-6157 || url,www.milw0rm.com/exploits/2822 || url,doc.emergingthreats.net/2007336
1 || 2007337 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ContentNow SQL Injection Attempt -- index.php pageid UNION SELECT || cve,CVE-2006-6157 || url,www.milw0rm.com/exploits/2822 || url,doc.emergingthreats.net/2007337
1 || 2007338 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ContentNow SQL Injection Attempt -- index.php pageid INSERT || cve,CVE-2006-6157 || url,www.milw0rm.com/exploits/2822 || url,doc.emergingthreats.net/2007338
1 || 2007339 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ContentNow SQL Injection Attempt -- index.php pageid DELETE || cve,CVE-2006-6157 || url,www.milw0rm.com/exploits/2822 || url,doc.emergingthreats.net/2007339
1 || 2007340 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ContentNow SQL Injection Attempt -- index.php pageid ASCII || cve,CVE-2006-6157 || url,www.milw0rm.com/exploits/2822 || url,doc.emergingthreats.net/2007340
1 || 2007341 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ContentNow SQL Injection Attempt -- index.php pageid UPDATE || cve,CVE-2006-6157 || url,www.milw0rm.com/exploits/2822 || url,doc.emergingthreats.net/2007341
1 || 2007344 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos FAQ Manager SQL Injection Attempt -- index.asp tID SELECT || cve,CVE-2006-6149 || url,www.milw0rm.com/exploits/2836 || url,doc.emergingthreats.net/2007344
1 || 2007345 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos FAQ Manager SQL Injection Attempt -- index.asp tID UNION SELECT || cve,CVE-2006-6149 || url,www.milw0rm.com/exploits/2836 || url,doc.emergingthreats.net/2007345
1 || 2007346 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos FAQ Manager SQL Injection Attempt -- index.asp tID INSERT || cve,CVE-2006-6149 || url,www.milw0rm.com/exploits/2836 || url,doc.emergingthreats.net/2007346
1 || 2007347 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos FAQ Manager SQL Injection Attempt -- index.asp tID DELETE || cve,CVE-2006-6149 || url,www.milw0rm.com/exploits/2836 || url,doc.emergingthreats.net/2007347
1 || 2007348 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos FAQ Manager SQL Injection Attempt -- index.asp tID ASCII || cve,CVE-2006-6149 || url,www.milw0rm.com/exploits/2836 || url,doc.emergingthreats.net/2007348
1 || 2007349 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos FAQ Manager SQL Injection Attempt -- index.asp tID UPDATE || cve,CVE-2006-6149 || url,www.milw0rm.com/exploits/2836 || url,doc.emergingthreats.net/2007349
1 || 2007350 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID SELECT || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007350
1 || 2007351 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID UNION SELECT || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007351
1 || 2007352 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID INSERT || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007352
1 || 2007353 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID DELETE || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007353
1 || 2007354 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID ASCII || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007354
1 || 2007355 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- openlink.asp LinkID UPDATE || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007355
1 || 2007356 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID SELECT || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007356
1 || 2007357 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID UNION SELECT || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007357
1 || 2007358 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID INSERT || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007358
1 || 2007359 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID DELETE || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007359
1 || 2007360 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID ASCII || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007360
1 || 2007361 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JiRos Links Manager SQL Injection Attempt -- viewlinks.asp CategoryID UPDATE || cve,CVE-2006-6147 || url,www.securityfocus.com/bid/21226 || url,doc.emergingthreats.net/2007361
1 || 2007362 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch SELECT || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007362
1 || 2007363 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch INSERT || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007363
1 || 2007364 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch UNION SELECT || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007364
1 || 2007365 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch DELETE || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007365
1 || 2007366 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch ASCII || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007366
1 || 2007367 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- linkslist.asp psearch UPDATE || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007367
1 || 2007368 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- search.asp SELECT || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007368
1 || 2007369 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- search.asp UNION SELECT || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007369
1 || 2007370 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- search.asp INSERT || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007370
1 || 2007371 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- search.asp DELETE || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007371
1 || 2007372 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- search.asp ASCII || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007372
1 || 2007373 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Link Exchange Lite SQL Injection Attempt -- search.asp UPDATE || cve,CVE-2006-6132 || url,www.securityfocus.com/archive/1/archive/1/452256/100/0/threaded || url,doc.emergingthreats.net/2007373
1 || 2007374 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which SELECT || cve,CVE-2006-6117 || url,www.milw0rm.com/exploits/2829 || url,doc.emergingthreats.net/2007374
1 || 2007375 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which UNION SELECT || cve,CVE-2006-6117 || url,www.milw0rm.com/exploits/2829 || url,doc.emergingthreats.net/2007375
1 || 2007376 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which INSERT || cve,CVE-2006-6117 || url,www.milw0rm.com/exploits/2829 || url,doc.emergingthreats.net/2007376
1 || 2007377 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which DELETE || cve,CVE-2006-6117 || url,www.milw0rm.com/exploits/2829 || url,doc.emergingthreats.net/2007377
1 || 2007378 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which ASCII || cve,CVE-2006-6117 || url,www.milw0rm.com/exploits/2829 || url,doc.emergingthreats.net/2007378
1 || 2007379 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which UPDATE || cve,CVE-2006-6117 || url,www.milw0rm.com/exploits/2829 || url,doc.emergingthreats.net/2007379
1 || 2007380 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat SELECT || cve,CVE-2006-6116 || url,www.milw0rm.com/exploits/2830 || url,doc.emergingthreats.net/2007380
1 || 2007381 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat UNION SELECT || cve,CVE-2006-6116 || url,www.milw0rm.com/exploits/2830 || url,doc.emergingthreats.net/2007381
1 || 2007382 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat INSERT || cve,CVE-2006-6116 || url,www.milw0rm.com/exploits/2830 || url,doc.emergingthreats.net/2007382
1 || 2007383 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat DELETE || cve,CVE-2006-6116 || url,www.milw0rm.com/exploits/2830 || url,doc.emergingthreats.net/2007383
1 || 2007384 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat ASCII || cve,CVE-2006-6116 || url,www.milw0rm.com/exploits/2830 || url,doc.emergingthreats.net/2007384
1 || 2007385 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat UPDATE || cve,CVE-2006-6116 || url,www.milw0rm.com/exploits/2830 || url,doc.emergingthreats.net/2007385
1 || 2007386 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid SELECT || cve,CVE-2006-6115 || url,www.milw0rm.com/exploits/2828 || url,doc.emergingthreats.net/2007386
1 || 2007387 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid UNION SELECT || cve,CVE-2006-6115 || url,www.milw0rm.com/exploits/2828 || url,doc.emergingthreats.net/2007387
1 || 2007388 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid INSERT || cve,CVE-2006-6115 || url,www.milw0rm.com/exploits/2828 || url,doc.emergingthreats.net/2007388
1 || 2007389 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid DELETE || cve,CVE-2006-6115 || url,www.milw0rm.com/exploits/2828 || url,doc.emergingthreats.net/2007389
1 || 2007390 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid ASCII || cve,CVE-2006-6115 || url,www.milw0rm.com/exploits/2828 || url,doc.emergingthreats.net/2007390
1 || 2007391 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS fipsCMS SQL Injection Attempt -- index.asp fid UPDATE || cve,CVE-2006-6115 || url,www.milw0rm.com/exploits/2828 || url,doc.emergingthreats.net/2007391
1 || 2007392 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid SELECT || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007392
1 || 2007393 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid UNION SELECT || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007393
1 || 2007394 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid INSERT || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007394
1 || 2007395 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid DELETE || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007395
1 || 2007396 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid ASCII || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007396
1 || 2007397 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- product.asp productid UPDATE || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007397
1 || 2007398 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search SELECT || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007398
1 || 2007399 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search UNION SELECT || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007399
1 || 2007400 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search INSERT || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007400
1 || 2007401 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search DELETE || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007401
1 || 2007402 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search ASCII || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007402
1 || 2007403 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Alan Ward A-Cart Pro SQL Injection Attempt -- search.asp search UPDATE || cve,CVE-2006-6111 || url,www.securityfocus.com/bid/21166 || url,doc.emergingthreats.net/2007403
1 || 2007404 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd SELECT || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007404
1 || 2007405 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd UNION SELECT || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007405
1 || 2007406 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd INSERT || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007406
1 || 2007407 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd DELETE || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007407
1 || 2007408 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd ASCII || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007408
1 || 2007409 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php ipadd UPDATE || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007409
1 || 2007410 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url SELECT || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007410
1 || 2007411 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url UNION SELECT || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007411
1 || 2007412 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url INSERT || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007412
1 || 2007413 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url DELETE || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007413
1 || 2007414 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url ASCII || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007414
1 || 2007415 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HIOX Star Rating System Script (HSRS) SQL Injection Attempt -- addrating.php url UPDATE || cve,CVE-2006-6155 || url,www.frsirt.com/english/advisories/2006/4689 || url,doc.emergingthreats.net/2007415
1 || 2007416 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- cat.asp cat SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007416
1 || 2007417 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- cat.asp cat UNION SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007417
1 || 2007418 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- cat.asp cat INSERT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007418
1 || 2007419 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- cat.asp cat DELETE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007419
1 || 2007420 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- cat.asp cat ASCII || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007420
1 || 2007421 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- cat.asp cat UPDATE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007421
1 || 2007422 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp keyword SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007422
1 || 2007423 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp keyword UNION SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007423
1 || 2007424 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp keyword INSERT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007424
1 || 2007425 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp keyword DELETE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007425
1 || 2007426 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp keyword ASCII || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007426
1 || 2007427 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp keyword UPDATE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007427
1 || 2007428 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp order SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007428
1 || 2007429 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp order UNION SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007429
1 || 2007430 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp order INSERT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007430
1 || 2007431 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp order DELETE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007431
1 || 2007432 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp order ASCII || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007432
1 || 2007433 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp order UPDATE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007433
1 || 2007434 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp sort SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007434
1 || 2007435 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp sort UNION SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007435
1 || 2007436 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp sort INSERT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007436
1 || 2007437 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp sort DELETE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007437
1 || 2007438 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp sort ASCII || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007438
1 || 2007439 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp sort UPDATE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007439
1 || 2007440 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007440
1 || 2007441 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect UNION SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007441
1 || 2007442 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect INSERT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007442
1 || 2007443 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect DELETE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007443
1 || 2007444 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect ASCII || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007444
1 || 2007445 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp menuSelect UPDATE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007445
1 || 2007446 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp state SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007446
1 || 2007447 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp state UNION SELECT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007447
1 || 2007448 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp state INSERT || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007448
1 || 2007449 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp state DELETE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007449
1 || 2007450 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp state ASCII || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007450
1 || 2007451 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vSpin.net Classified System SQL Injection Attempt -- search.asp state UPDATE || cve,CVE-2006-6152 || url,www.securityfocus.com/bid/21190 || url,doc.emergingthreats.net/2007451
1 || 2007452 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob SELECT || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007452
1 || 2007453 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob UNION SELECT || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007453
1 || 2007454 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob INSERT || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007454
1 || 2007455 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob DELETE || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007455
1 || 2007456 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob ASCII || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007456
1 || 2007457 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publications_list.asp vjob UPDATE || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007457
1 || 2007458 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID SELECT || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007458
1 || 2007459 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID UNION SELECT || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007459
1 || 2007460 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID INSERT || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007460
1 || 2007461 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID DELETE || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007461
1 || 2007462 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID ASCII || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007462
1 || 2007463 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BPG-InfoTech Content Management System SQL Injection Attempt -- publication_view.asp InfoID UPDATE || cve,CVE-2006-6110 || url,www.securityfocus.com/archive/1/archive/1/451537/100/100/threaded || url,doc.emergingthreats.net/2007463
1 || 2007464 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- openPolicy.asp policy SELECT || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007464
1 || 2007465 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- openPolicy.asp policy UNION SELECT || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007465
1 || 2007466 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- openPolicy.asp policy INSERT || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007466
1 || 2007467 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- openPolicy.asp policy DELETE || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007467
1 || 2007468 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- openPolicy.asp policy ASCII || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007468
1 || 2007469 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- openPolicy.asp policy UPDATE || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007469
1 || 2007470 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- prodList.asp brand SELECT || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007470
1 || 2007471 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- prodList.asp brand UNION SELECT || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007471
1 || 2007472 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- prodList.asp brand INSERT || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007472
1 || 2007473 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- prodList.asp brand DELETE || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007473
1 || 2007474 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- prodList.asp brand ASCII || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007474
1 || 2007475 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CandyPress Store SQL Injection Attempt -- prodList.asp brand UPDATE || cve,CVE-2006-6109 || url,www.securityfocus.com/bid/21090/info || url,doc.emergingthreats.net/2007475
1 || 2007476 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID SELECT || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007476
1 || 2007477 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID UNION SELECT || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007477
1 || 2007478 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID INSERT || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007478
1 || 2007479 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID DELETE || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007479
1 || 2007480 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID ASCII || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007480
1 || 2007481 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_view.asp articleID UPDATE || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007481
1 || 2007482 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- default.asp page SELECT || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007482
1 || 2007483 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- default.asp page UNION SELECT || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007483
1 || 2007484 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- default.asp page DELETE || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007484
1 || 2007485 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- default.asp page ASCII || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007485
1 || 2007486 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- default.asp page UPDATE || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007486
1 || 2007487 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID SELECT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007487
1 || 2007488 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID UNION SELECT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007488
1 || 2007489 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID INSERT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007489
1 || 2007490 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID DELETE || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007490
1 || 2007491 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID ASCII || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007491
1 || 2007492 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_categories.asp catID UPDATE || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007492
1 || 2007493 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID SELECT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007493
1 || 2007494 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID UNION SELECT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007494
1 || 2007495 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID INSERT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007495
1 || 2007496 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID DELETE || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007496
1 || 2007497 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID ASCII || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007497
1 || 2007498 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activeNews_comments.asp articleID UPDATE || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007498
1 || 2007499 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query SELECT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007499
1 || 2007500 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query UNION SELECT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007500
1 || 2007501 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query INSERT || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007501
1 || 2007502 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query DELETE || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007502
1 || 2007503 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query ASCII || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007503
1 || 2007504 || 9 || web-application-attack || 0 || ET DELETED 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007504
1 || 2007505 || 9 || web-application-attack || 0 || ET DELETED 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007505
1 || 2007506 || 9 || web-application-attack || 0 || ET DELETED 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007506
1 || 2007507 || 9 || web-application-attack || 0 || ET DELETED 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007507
1 || 2007508 || 9 || web-application-attack || 0 || ET DELETED 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007508
1 || 2007509 || 9 || web-application-attack || 0 || ET DELETED 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007509
1 || 2007510 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007510
1 || 2007511 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007511
1 || 2007512 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007512
1 || 2007513 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007513
1 || 2007514 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007514
1 || 2007515 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp categoryID_list UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007515
1 || 2007516 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007516
1 || 2007517 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007517
1 || 2007518 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007518
1 || 2007519 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007519
1 || 2007520 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007520
1 || 2007521 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp sale_type UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007521
1 || 2007522 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007522
1 || 2007523 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007523
1 || 2007524 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007524
1 || 2007525 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007525
1 || 2007526 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007526
1 || 2007527 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp stock_number UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007527
1 || 2007528 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007528
1 || 2007529 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007529
1 || 2007530 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007530
1 || 2007531 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007531
1 || 2007532 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007532
1 || 2007533 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp manufacturer UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007533
1 || 2007534 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007534
1 || 2007535 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007535
1 || 2007536 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007536
1 || 2007537 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007537
1 || 2007538 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007538
1 || 2007539 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp model UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007539
1 || 2007540 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007540
1 || 2007541 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007541
1 || 2007542 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007542
1 || 2007543 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007543
1 || 2007544 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007544
1 || 2007545 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vehicleID UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007545
1 || 2007546 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007546
1 || 2007547 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007547
1 || 2007548 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007548
1 || 2007549 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007549
1 || 2007550 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007550
1 || 2007551 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp year UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007551
1 || 2007552 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007552
1 || 2007553 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007553
1 || 2007554 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007554
1 || 2007555 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007555
1 || 2007556 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007556
1 || 2007557 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp vin UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007557
1 || 2007558 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007558
1 || 2007559 || 10 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price UNION SELECT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007559
1 || 2007560 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price INSERT || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007560
1 || 2007561 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price DELETE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007561
1 || 2007562 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price ASCII || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007562
1 || 2007563 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 20/20 Auto Gallery SQL Injection Attempt -- vehiclelistings.asp listing_price UPDATE || cve,CVE-2006-6092 || url,www.securityfocus.com/bid/21154 || url,doc.emergingthreats.net/2007563
1 || 2007564 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- default.asp page INSERT || cve,CVE-2006-6095 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007564
1 || 2007565 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActiveNews Manager SQL Injection Attempt -- activenews_search.asp query UPDATE || cve,CVE-2006-6094 || url,www.securityfocus.com/bid/21167 || url,doc.emergingthreats.net/2007565
1 || 2007566 || 8 || trojan-activity || 0 || ET TROJAN Downloader.MisleadApp Fake Security Product Install || url,doc.emergingthreats.net/2007566
1 || 2007567 || 10 || trojan-activity || 0 || ET TROJAN Zlob User Agent - updating (unknown) || url,doc.emergingthreats.net/2007567
1 || 2007568 || 5 || trojan-activity || 0 || ET TROJAN Zlob Updating via HTTP || url,doc.emergingthreats.net/2007568
1 || 2007569 || 11 || trojan-activity || 0 || ET DELETED QQPass Related User-Agent Infection Checkin (App4) || url,doc.emergingthreats.net/2007569
1 || 2007570 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Dummy) || url,doc.emergingthreats.net/bin/view/Main/2007570
1 || 2007571 || 6 || policy-violation || 0 || ET POLICY Remote Desktop Connection via non RDP Port || url,doc.emergingthreats.net/2007571
1 || 2007572 || 5 || trojan-activity || 0 || ET DELETED Vundo.dam http Checkin after infection || url,doc.emergingthreats.net/2007572
1 || 2007573 || 4 || trojan-activity || 0 || ET TROJAN Vundo.dam http Update || url,doc.emergingthreats.net/2007573
1 || 2007575 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (AntiSpyware) - Likely 2squared.com related || url,doc.emergingthreats.net/bin/view/Main/2007575
1 || 2007576 || 4 || trojan-activity || 0 || ET POLICY CCProxy in use remotely - Possibly Hostile/Malware || url,www.youngzsoft.net || url,doc.emergingthreats.net/bin/view/Main/2007576
1 || 2007577 || 6 || trojan-activity || 0 || ET TROJAN General Downloader Checkin URL (GUID+) || url,doc.emergingthreats.net/2007577
1 || 2007578 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Qhost C&C Traffic Outbound (case1) || url,/www.viruslist.com/en/viruses/encyclopedia?virusid=142254 || url,doc.emergingthreats.net/2007578
1 || 2007579 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Qhost C&C Traffic Outbound (case2) || url,/www.viruslist.com/en/viruses/encyclopedia?virusid=142254 || url,doc.emergingthreats.net/2007579
1 || 2007580 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Qhost C&C Traffic Inbound (case1) || url,/www.viruslist.com/en/viruses/encyclopedia?virusid=142254 || url,doc.emergingthreats.net/2007580
1 || 2007581 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Qhost C&C Traffic Inbound (case2) || url,/www.viruslist.com/en/viruses/encyclopedia?virusid=142254 || url,doc.emergingthreats.net/2007581
1 || 2007582 || 9 || trojan-activity || 0 || ET MALWARE Vikiller.com Fake Antispyware User-Agent (vikiller ctrl...) || url,doc.emergingthreats.net/2007582
1 || 2007583 || 10 || trojan-activity || 0 || ET TROJAN iebar Spyware User Agent (iebar) || url,doc.emergingthreats.net/2007583
1 || 2007584 || 7 || misc-attack || 0 || ET EXPLOIT TrendMicro ServerProtect Exploit possible worma(little-endian DCERPC Request) || url,isc.sans.org/diary.html?storyid=3310 || url,doc.emergingthreats.net/bin/view/Main/2007584
1 || 2007585 || 4 || trojan-activity || 0 || ET TROJAN Win32.SkSocket C&C Connection || url,doc.emergingthreats.net/2007585
1 || 2007587 || 6 || trojan-activity || 0 || ET TROJAN General Downloader or Virut C&C Ack || url,doc.emergingthreats.net/2007587
1 || 2007592 || 7 || trojan-activity || 0 || ET TROJAN Hupigon URL Infection Checkin Detected || url,doc.emergingthreats.net/2007592
1 || 2007593 || 5 || trojan-activity || 0 || ET MALWARE SpyShredder Fake Anti-Spyware Install Download || url,doc.emergingthreats.net/bin/view/Main/2007593
1 || 2007594 || 9 || trojan-activity || 0 || ET TROJAN Banker.Delf User-Agent (Mz) || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2007594
1 || 2007595 || 6 || trojan-activity || 0 || ET TROJAN Downloader.Dluca HTTP Checkin || url,doc.emergingthreats.net/2007595
1 || 2007597 || 8 || trojan-activity || 0 || ET MALWARE NewWeb/Sudui.com Spyware User-Agent (B Register) || url,doc.emergingthreats.net/2007597
1 || 2007598 || 8 || trojan-activity || 0 || ET MALWARE NewWeb/Sudui.com Spyware User-Agent (updatesodui) || url,doc.emergingthreats.net/2007598
1 || 2007599 || 8 || trojan-activity || 0 || ET MALWARE NewWeb/Sudui.com Spyware User-Agent (aaaabbb) || url,doc.emergingthreats.net/2007599
1 || 2007600 || 8 || trojan-activity || 0 || ET MALWARE TryMedia Spyware User-Agent (TryMedia_DM_2.0.0) || url,doc.emergingthreats.net/2007600
1 || 2007601 || 6 || trojan-activity || 0 || ET MALWARE Advertisementserver.com Spyware Initial Checkin || url,doc.emergingthreats.net/bin/view/Main/2007601
1 || 2007602 || 8 || trojan-activity || 0 || ET MALWARE Advertisementserver.com Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2007602
1 || 2007603 || 4 || trojan-activity || 0 || ET TROJAN Proxy.Win32.Wopla.ag Check-In || url,doc.emergingthreats.net/2007603
1 || 2007604 || 5 || trojan-activity || 0 || ET TROJAN Proxy.Win32.Wopla.ag Server Reply || url,doc.emergingthreats.net/2007604
1 || 2007605 || 3 || trojan-activity || 0 || ET DELETED Singworm MSN message Outbound || url,doc.emergingthreats.net/2007605
1 || 2007606 || 3 || trojan-activity || 0 || ET DELETED Singworm MSN message Inbound || url,doc.emergingthreats.net/2007606
1 || 2007607 || 5 || trojan-activity || 0 || ET MALWARE Zango Spyware Post || url,usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000045 || url,doc.emergingthreats.net/bin/view/Main/2007607
1 || 2007608 || 3 || trojan-activity || 0 || ET TROJAN Win32.Agent.bea C&C connection || url,doc.emergingthreats.net/2007608
1 || 2007609 || 4 || trojan-activity || 0 || ET TROJAN Win32.Small.qh/xSock User-Agent Detected || url,doc.emergingthreats.net/2007609
1 || 2007610 || 6 || trojan-activity || 0 || ET TROJAN Win32.Small.qh/xSock Checkin URL Detected || url,doc.emergingthreats.net/2007610
1 || 2007611 || 8 || trojan-activity || 0 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 1 || url,doc.emergingthreats.net/2007611
1 || 2007612 || 8 || trojan-activity || 0 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and No Message Body - Priority 3 || url,doc.emergingthreats.net/2007612
1 || 2007613 || 7 || trojan-activity || 0 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 1 || url,doc.emergingthreats.net/2007613
1 || 2007614 || 7 || trojan-activity || 0 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and MAC Message Body - Priority 3 || url,doc.emergingthreats.net/2007614
1 || 2007615 || 8 || trojan-activity || 0 || ET DELETED Unidentified Spyware User Agent (0 0 + 128 chars) || url,doc.emergingthreats.net/2007615
1 || 2007616 || 11 || trojan-activity || 0 || ET USER_AGENTS klm123.com Spyware User Agent || url,doc.emergingthreats.net/2007616
1 || 2007617 || 9 || trojan-activity || 0 || ET MALWARE VirusProtectPro Spyware User-Agent (VirusProtectPro) || url,doc.emergingthreats.net/2007617
1 || 2007618 || 6 || trojan-activity || 0 || ET TROJAN Storm Worm ICMP DDOS Traffic || url,doc.emergingthreats.net/2007618
1 || 2007620 || 6 || trojan-activity || 0 || ET TROJAN Zlob Updating via HTTP (v2) || url,doc.emergingthreats.net/2007620
1 || 2007621 || 5 || trojan-activity || 0 || ET DELETED Kaiten IRCbotnet login || url,en.wikipedia.org/wiki/IRC_bot || url,doc.emergingthreats.net/2007621
1 || 2007622 || 4 || trojan-activity || 0 || ET DELETED Kaiten IRCbotnet Response || url,en.wikipedia.org/wiki/IRC_bot || url,doc.emergingthreats.net/2007622
1 || 2007623 || 5 || trojan-activity || 0 || ET DELETED Kaiten IRCbotnet Commands || url,en.wikipedia.org/wiki/IRC_bot || url,doc.emergingthreats.net/2007623
1 || 2007624 || 5 || trojan-activity || 0 || ET DELETED Pitbull IRCbotnet Response || url,en.wikipedia.org/wiki/IRC_bot || url,doc.emergingthreats.net/2007624
1 || 2007625 || 6 || trojan-activity || 0 || ET DELETED Pitbull IRCbotnet Commands || url,en.wikipedia.org/wiki/IRC_bot || url,doc.emergingthreats.net/2007625
1 || 2007626 || 6 || trojan-activity || 0 || ET DELETED Pitbull IRCbotnet Fetch || url,en.wikipedia.org/wiki/IRC_bot || url,doc.emergingthreats.net/2007626
1 || 2007627 || 5 || policy-violation || 0 || ET POLICY Hyves Login Attempt || url,doc.emergingthreats.net/2007627
1 || 2007628 || 5 || policy-violation || 0 || ET POLICY Hyves Inbox Access || url,doc.emergingthreats.net/2007628
1 || 2007629 || 5 || policy-violation || 0 || ET POLICY Hyves Message Access || url,doc.emergingthreats.net/2007629
1 || 2007630 || 6 || policy-violation || 0 || ET POLICY Hyves Compose Message || url,doc.emergingthreats.net/2007630
1 || 2007631 || 6 || policy-violation || 0 || ET POLICY Hyves Message Submit || url,doc.emergingthreats.net/2007631
1 || 2007633 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Matcash related Trojan Downloader (Ismazo Advanced Loader) || url,doc.emergingthreats.net/2007633
1 || 2007634 || 3 || trojan-activity || 0 || ET TROJAN Storm Worm Encrypted Traffic Outbound - Likely Search by md5 || url,doc.emergingthreats.net/2007634
1 || 2007635 || 3 || trojan-activity || 0 || ET TROJAN Storm Worm Encrypted Traffic Inbound - Likely Connect Ack || url,doc.emergingthreats.net/2007635
1 || 2007636 || 3 || trojan-activity || 0 || ET TROJAN Storm Worm Encrypted Traffic Inbound - Likely Search by md5 || url,doc.emergingthreats.net/2007636
1 || 2007637 || 3 || trojan-activity || 0 || ET TROJAN Storm Worm Encrypted Traffic Outbound - Likely Connect Ack || url,doc.emergingthreats.net/2007637
1 || 2007638 || 4 || policy-violation || 0 || ET POLICY Netflix On-demand User-Agent || url,doc.emergingthreats.net/2007638
1 || 2007639 || 5 || policy-violation || 0 || ET POLICY FOX,ABC On-demand UA || url,doc.emergingthreats.net/2007639
1 || 2007640 || 6 || trojan-activity || 0 || ET DELETED Storm Making initial outbound connection || url,doc.emergingthreats.net/bin/view/Main/StormWorm
1 || 2007641 || 6 || trojan-activity || 0 || ET DELETED Storm Controller Response to Drone via tcp || url,doc.emergingthreats.net/bin/view/Main/StormWorm
1 || 2007642 || 6 || trojan-activity || 0 || ET MALWARE Viruscheck.co.kr Related Fake Anti-Spyware Post (chkvs) || url,doc.emergingthreats.net/bin/view/Main/2007642
1 || 2007643 || 10 || trojan-activity || 0 || ET MALWARE Viruscheck.co.kr Fake Antispyware User-Agent (viruscheck) || url,doc.emergingthreats.net/2007643
1 || 2007644 || 7 || trojan-activity || 0 || ET TROJAN Win32.Agent.cah Checkin Request || url,doc.emergingthreats.net/2007644
1 || 2007645 || 10 || trojan-activity || 0 || ET MALWARE Ufixer.com Fake Antispyware User-Agent (Ultimate Fixer) || url,doc.emergingthreats.net/2007645
1 || 2007646 || 9 || trojan-activity || 0 || ET TROJAN Farfli User Agent Detected || url,doc.emergingthreats.net/2007646
1 || 2007647 || 9 || trojan-activity || 0 || ET DELETED Casalemedia.com Related User Agent (0 0 ...) || url,doc.emergingthreats.net/2007647
1 || 2007648 || 8 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (XXX) || url,doc.emergingthreats.net/bin/view/Main/2007648
1 || 2007649 || 5 || trojan-activity || 0 || ET MALWARE Spylog.ru Related Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2007649
1 || 2007650 || 4 || trojan-activity || 0 || ET TROJAN Mac Trojan HTTP Checkin (accept-language violation) || url,doc.emergingthreats.net/2007650
1 || 2007651 || 6 || web-application-activity || 0 || ET ATTACK_RESPONSE x2300 phpshell detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007651
1 || 2007652 || 5 || web-application-activity || 0 || ET ATTACK_RESPONSE c99shell phpshell detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007652
1 || 2007653 || 6 || web-application-activity || 0 || ET ATTACK_RESPONSE RFI Scanner detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007653
1 || 2007654 || 6 || web-application-activity || 0 || ET ATTACK_RESPONSE C99 Modified phpshell detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007654
1 || 2007655 || 6 || web-application-activity || 0 || ET ATTACK_RESPONSE lila.jpg phpshell detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007655
1 || 2007656 || 6 || web-application-activity || 0 || ET ATTACK_RESPONSE ALBANIA id.php detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007656
1 || 2007657 || 6 || web-application-activity || 0 || ET ATTACK_RESPONSE Mic22 id.php detected || url,www.rfxn.com/vdb.php || url,doc.emergingthreats.net/bin/view/Main/2007657
1 || 2007659 || 9 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (QdrBi Starter) || url,doc.emergingthreats.net/bin/view/Main/2007659
1 || 2007660 || 11 || trojan-activity || 0 || ET MALWARE Winxpperformance.com Related Spyware User-Agent (Microsoft Internet Browser) || url,doc.emergingthreats.net/2007660
1 || 2007661 || 6 || trojan-activity || 0 || ET TROJAN Hupigon User Agent Detected (RAV1.23) || url,doc.emergingthreats.net/2007661
1 || 2007663 || 4 || trojan-activity || 0 || ET TROJAN Win32.Agent.pt User-Agent Detected || url,doc.emergingthreats.net/2007663
1 || 2007664 || 5 || trojan-activity || 0 || ET MALWARE AVSystemcare.com.com Fake Anti-Virus Product || url,doc.emergingthreats.net/bin/view/Main/2007664
1 || 2007666 || 8 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (install_s) || url,doc.emergingthreats.net/bin/view/Main/2007666
1 || 2007667 || 8 || trojan-activity || 0 || ET MALWARE Spyware User-Agent (count) || url,doc.emergingthreats.net/bin/view/Main/2007667
1 || 2007668 || 17 || trojan-activity || 0 || ET TROJAN Blackenergy Bot Checkin to C&C || url,asert.arbornetworks.com/2007/10/blackenergy-ddos-bot-analysis-available || url,doc.emergingthreats.net/2007668
1 || 2007669 || 11 || trojan-activity || 0 || ET DELETED Nulprot Checkin Response || url,doc.emergingthreats.net/2007669
1 || 2007670 || 9 || not-suspicious || 0 || ET DELETED Likely Binary in HTTP by Type Flowbit || url,doc.emergingthreats.net/2007670
1 || 2007671 || 15 || policy-violation || 0 || ET POLICY Binary Download Smaller than 1 MB Likely Hostile || url,doc.emergingthreats.net/2007671
1 || 2007672 || 7 || misc-activity || 0 || ET DELETED B0tN3t IRCbotnet || url,en.wikipedia.org/wiki/Botnet || url,doc.emergingthreats.net/2007672
1 || 2007673 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity TCP (1) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007674 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity TCP (2) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007675 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity TCP (3) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007676 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity TCP (4) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007677 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity TCP (5) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007678 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity UDP (1) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007679 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity UDP (2) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007680 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity UDP (3) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007681 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity UDP (4) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007682 || 6 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 DNS Activity UDP (5) || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007683 || 12 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 HTTP Activity 1 || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007684 || 12 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 HTTP Activity 2 || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007685 || 12 || trojan-activity || 0 || ET TROJAN E-Jihad 3.0 HTTP Activity 3 || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007686 || 10 || denial-of-service || 0 || ET TROJAN E-Jihad 3.0 DDoS HTTP Activity OUTBOUND || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007687 || 10 || denial-of-service || 0 || ET TROJAN E-Jihad 3.0 DDoS HTTP Activity INBOUND || url,doc.emergingthreats.net/bin/view/Main/EJihadHackTool
1 || 2007688 || 10 || trojan-activity || 0 || ET TROJAN Prg Trojan HTTP POST v1 || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2007688
1 || 2007689 || 5 || trojan-activity || 0 || ET TROJAN Hupigon User Agent Detected (??) || url,doc.emergingthreats.net/2007689
1 || 2007690 || 9 || trojan-activity || 0 || ET MALWARE IEDefender (iedefender.com) Fake Antispyware User Agent (IEDefender 2.1) || url,doc.emergingthreats.net/2007690
1 || 2007692 || 7 || trojan-activity || 0 || ET TROJAN Basine Trojan Checkin || url,doc.emergingthreats.net/2007692
1 || 2007693 || 10 || trojan-activity || 0 || ET MALWARE Zredirector.com Related Spyware User-Agent (BndDriveLoader) || url,doc.emergingthreats.net/2007693
1 || 2007694 || 9 || trojan-activity || 0 || ET MALWARE Popads123.com Related Spyware User-Agent (LmaokaazLdr) || url,doc.emergingthreats.net/2007694
1 || 2007695 || 19 || policy-violation || 0 || ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System || url,doc.emergingthreats.net/bin/view/Main/Windows98UA
1 || 2007696 || 5 || trojan-activity || 0 || ET MALWARE Softwarereferral.com Adware Checkin || url,doc.emergingthreats.net/bin/view/Main/2007696
1 || 2007697 || 10 || trojan-activity || 0 || ET MALWARE Antivirgear.com Fake Anti-Spyware User-Agent (AntiVirGear) || url,doc.emergingthreats.net/2007697
1 || 2007698 || 4 || trojan-activity || 0 || ET TROJAN Vanquish Trojan HTTP Checkin || url,doc.emergingthreats.net/2007698
1 || 2007699 || 7 || trojan-activity || 0 || ET TROJAN Banker.Delf User-Agent (WINDOWS_LOADS) || url,doc.emergingthreats.net/2007699
1 || 2007700 || 6 || trojan-activity || 0 || ET TROJAN ExplorerHijack Trojan HTTP Checkin || url,doc.emergingthreats.net/2007700
1 || 2007701 || 5 || trojan-activity || 0 || ET DELETED Storm Worm Encrypted Variant 1 Traffic (1) || url,doc.emergingthreats.net/2007701
1 || 2007702 || 5 || trojan-activity || 0 || ET DELETED Storm Worm Encrypted Variant 1 Traffic (2) || url,doc.emergingthreats.net/2007702
1 || 2007703 || 11 || attempted-user || 0 || ET WEB_CLIENT Apple Quicktime RTSP Content-Type overflow attempt || url,www.kb.cert.org/vuls/id/659761 || url,www.milw0rm.com/exploits/4657 || url,doc.emergingthreats.net/2007703
1 || 2007704 || 6 || attempted-user || 0 || ET WEB_CLIENT Apple Quicktime RTSP Content-Type overflow attempt || url,www.kb.cert.org/vuls/id/659761 || url,www.milw0rm.com/exploits/4657 || url,doc.emergingthreats.net/2007704
1 || 2007711 || 11 || trojan-activity || 0 || ET DELETED Srizbi registering with controller || url,www.secureworks.com/research/threats/ronpaul/ || url,doc.emergingthreats.net/2007711
1 || 2007712 || 8 || trojan-activity || 0 || ET TROJAN Srizbi requesting template || url,www.secureworks.com/research/threats/ronpaul/ || url,doc.emergingthreats.net/2007712
1 || 2007715 || 9 || trojan-activity || 0 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - user || url,doc.emergingthreats.net/bin/view/Main/2007715
1 || 2007717 || 7 || trojan-activity || 0 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - pass || url,doc.emergingthreats.net/bin/view/Main/2007717
1 || 2007723 || 8 || trojan-activity || 0 || ET ATTACK_RESPONSE Off-Port FTP Without Banners - retr || url,doc.emergingthreats.net/bin/view/Main/2007723
1 || 2007724 || 12 || trojan-activity || 0 || ET TROJAN Prg Trojan HTTP POST version 2 || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2007724
1 || 2007725 || 6 || trojan-activity || 0 || ET ATTACK_RESPONSE Unusual FTP Server Banner on High Port (WinFtpd) || url,doc.emergingthreats.net/bin/view/Main/2007725
1 || 2007726 || 6 || trojan-activity || 0 || ET ATTACK_RESPONSE Unusual FTP Server Banner on High Port (StnyFtpd) || url,doc.emergingthreats.net/bin/view/Main/2007726
1 || 2007727 || 5 || policy-violation || 0 || ET P2P possible torrent download || url,doc.emergingthreats.net/bin/view/Main/2007727
1 || 2007728 || 10 || trojan-activity || 0 || ET TROJAN TROJ_PROX.AFV POST || url,trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPROXY%2EAFV&VSect=T || url,doc.emergingthreats.net/2007728
1 || 2007742 || 7 || trojan-activity || 0 || ET TROJAN Storm C&C with typo'd User-Agent (Windoss) || url,doc.emergingthreats.net/2007742
1 || 2007743 || 10 || trojan-activity || 0 || ET TROJAN Nebuler/Dialer.qn HTTP Request - Checkin || url,www.symantec.com/security_response/writeup.jsp?docid=2006-051916-2518-99&tabid=2 || url,www.microsoft.com/security/portal/Entry.aspx?Name=Trojan%3aWin32%2fNebuler.gen!D || url,www.threatexpert.com/report.aspx?md5=e9f1f226ff86e72c558e9a9da32c796d || url,doc.emergingthreats.net/2007743
1 || 2007744 || 8 || trojan-activity || 0 || ET MALWARE Guard-Center.com Fake AntiVirus Post-Install Checkin || url,doc.emergingthreats.net/bin/view/Main/2007744
1 || 2007746 || 5 || policy-violation || 0 || ET GAMES Gold VIP Club Casino Client in Use || url,doc.emergingthreats.net/2007746
1 || 2007747 || 7 || trojan-activity || 0 || ET DELETED MBR Trojan (Sinowal/Mebroot/) Phoning Home || url,doc.emergingthreats.net/2007747
1 || 2007748 || 8 || trojan-activity || 0 || ET DELETED NPRC Malicious POST Request Possible DOJ or DOT Malware || url,www.websense.com/securitylabs/alerts/alert.php?AlertID=835 || url,doc.emergingthreats.net/2007748
1 || 2007749 || 6 || trojan-activity || 0 || ET MALWARE host-domain-lookup.com spyware related Checkin || url,doc.emergingthreats.net/bin/view/Main/2007749
1 || 2007750 || 6 || trojan-activity || 0 || ET MALWARE host-domain-lookup.com spyware related Start Report || url,doc.emergingthreats.net/bin/view/Main/2007750
1 || 2007751 || 3 || trojan-activity || 0 || ET TROJAN Saturn Proxy Initial Outbound Checkin (404.txt) || url,doc.emergingthreats.net/2007751
1 || 2007752 || 5 || trojan-activity || 0 || ET TROJAN Saturn Proxy Checkin Response || url,doc.emergingthreats.net/2007752
1 || 2007753 || 3 || trojan-activity || 0 || ET TROJAN Saturn Proxy C&C Activity || url,doc.emergingthreats.net/2007753
1 || 2007754 || 4 || policy-violation || 0 || ET POLICY Club World Casino Client in Use || url,doc.emergingthreats.net/2007754
1 || 2007755 || 5 || trojan-activity || 0 || ET DELETED Trojan-Downloader.Win32.Small.hkp Checkin via HTTP || url,doc.emergingthreats.net/2007755
1 || 2007756 || 11 || trojan-activity || 0 || ET DELETED PWS-LDPinch posting data (2) || url,doc.emergingthreats.net/2007756
1 || 2007757 || 10 || attempted-recon || 0 || ET SCAN w3af User Agent || url,w3af.sourceforge.net || url,doc.emergingthreats.net/2007757
1 || 2007758 || 8 || trojan-activity || 0 || ET TROJAN Eldorado.BHO User-Agent Detected (netcfg) || url,doc.emergingthreats.net/2007758
1 || 2007759 || 7 || trojan-activity || 0 || ET MALWARE Alfaantivirus.com Fake Anti-Virus User-Agent (IM Download) || url,doc.emergingthreats.net/2007759
1 || 2007762 || 5 || trojan-activity || 0 || ET DELETED Majestic-12 Spider Bot User-Agent Inbound (MJ12bot) || url,www.majestic12.co.uk/ || url,doc.emergingthreats.net/2007762
1 || 2007763 || 6 || policy-violation || 0 || ET POLICY CBS Streaming Video || url,doc.emergingthreats.net/2007763
1 || 2007764 || 5 || policy-violation || 0 || ET POLICY NBC Streaming Video || url,doc.emergingthreats.net/2007764
1 || 2007765 || 9 || policy-violation || 0 || ET POLICY Logmein.com Host List Download || url,doc.emergingthreats.net/2007765
1 || 2007766 || 6 || policy-violation || 0 || ET POLICY Logmein.com Update Activity || url,doc.emergingthreats.net/2007766
1 || 2007767 || 6 || trojan-activity || 0 || ET TROJAN Pakes User-Agent Detected || url,doc.emergingthreats.net/2007767
1 || 2007768 || 6 || trojan-activity || 0 || ET TROJAN Pakes Update Detected || url,doc.emergingthreats.net/2007768
1 || 2007769 || 4 || trojan-activity || 0 || ET TROJAN Zhelatin Update Detected || url,doc.emergingthreats.net/2007769
1 || 2007770 || 6 || trojan-activity || 0 || ET TROJAN Tear Application User-Agent Detected || url,doc.emergingthreats.net/2007770
1 || 2007771 || 10 || trojan-activity || 0 || ET TROJAN Pushdo Update URL Detected || url,doc.emergingthreats.net/2007771
1 || 2007772 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Internet Explorer (compatible)) || url,doc.emergingthreats.net/bin/view/Main/2007772
1 || 2007774 || 9 || trojan-activity || 0 || ET TROJAN Lop.gfr/Swizzor HTTP Update/Checkin || url,doc.emergingthreats.net/2007774
1 || 2007775 || 10 || trojan-activity || 0 || ET DELETED Krunchy/BZub HTTP Checkin/Update || url,doc.emergingthreats.net/2007775
1 || 2007776 || 9 || trojan-activity || 0 || ET TROJAN Krunchy/BZub HTTP POST Update || url,doc.emergingthreats.net/2007776
1 || 2007777 || 4 || trojan-activity || 0 || ET DELETED Browser HiJacker/Infostealer Stat file || url,doc.emergingthreats.net/2007777
1 || 2007778 || 13 || trojan-activity || 0 || ET TROJAN User-agent DownloadNetFile Win32.small.hsh downloader || url,doc.emergingthreats.net/2007778
1 || 2007779 || 5 || trojan-activity || 0 || ET TROJAN Kpang.com Related Trojan User-Agent (kpangupdate) || url,doc.emergingthreats.net/2007779
1 || 2007780 || 3 || trojan-activity || 0 || ET TROJAN Ssppyy.com Surveillance Agent Reporting via Email || url,doc.emergingthreats.net/2007780
1 || 2007781 || 6 || trojan-activity || 0 || ET DELETED Zapchast Bot User-Agent || url,www.majestic12.co.uk/bot.php || url,doc.emergingthreats.net/2007781
1 || 2007786 || 7 || trojan-activity || 0 || ET MALWARE PCDoc.co.kr Fake AV User-Agent (PCDoc11) || url,doc.emergingthreats.net/bin/view/Main/2007786
1 || 2007787 || 4 || trojan-activity || 0 || ET TROJAN Zhelatin npopup Update Detected || url,doc.emergingthreats.net/2007787
1 || 2007788 || 5 || trojan-activity || 0 || ET MALWARE Theinstalls.com Initial Checkin || url,www.theinstalls.com || url,doc.emergingthreats.net/bin/view/Main/2007788
1 || 2007798 || 7 || trojan-activity || 0 || ET DELETED Theinstalls.com Trojan Download || url,www.theinstalls.com || url,doc.emergingthreats.net/bin/view/Main/2007798
1 || 2007799 || 4 || policy-violation || 0 || ET P2P Azureus P2P Client User-Agent || url,doc.emergingthreats.net/bin/view/Main/2007799
1 || 2007800 || 4 || policy-violation || 0 || ET P2P LimeWire P2P Traffic || url,www.limewire.com || url,doc.emergingthreats.net/bin/view/Main/2007800
1 || 2007801 || 4 || policy-violation || 0 || ET P2P Gnutella TCP Traffic || url,doc.emergingthreats.net/bin/view/Main/2007801
1 || 2007802 || 4 || network-scan || 0 || ET SCAN Grim's Ping ftp scanning tool || url,archives.neohapsis.com/archives/snort/2002-04/0448.html || url,grimsping.cjb.net || url,doc.emergingthreats.net/2007802
1 || 2007803 || 4 || trojan-activity || 0 || ET TROJAN Win32.Inject.ql Checkin Post || url,doc.emergingthreats.net/2007803
1 || 2007804 || 6 || trojan-activity || 0 || ET MALWARE PCDoc.co.kr Fake AV User-Agent (mypcdoctor) || url,doc.emergingthreats.net/bin/view/Main/2007804
1 || 2007805 || 4 || trojan-activity || 0 || ET DELETED Blink.com related Backdoor Checkin || url,doc.emergingthreats.net/2007805
1 || 2007806 || 5 || trojan-activity || 0 || ET DELETED Blink.com related Upgrade Command Given || url,doc.emergingthreats.net/2007806
1 || 2007807 || 4 || trojan-activity || 0 || ET TROJAN Rcash.co.kr Bootup Checkin via HTTP || url,doc.emergingthreats.net/2007807
1 || 2007808 || 6 || trojan-activity || 0 || ET TROJAN Cashpoint.com Related checkin User-Agent (inetinst) || url,doc.emergingthreats.net/2007808
1 || 2007809 || 7 || trojan-activity || 0 || ET MALWARE Doctorvaccine.co.kr Related Spyware-User Agent (ers) || url,doc.emergingthreats.net/2007809
1 || 2007810 || 6 || trojan-activity || 0 || ET TROJAN Cashpoint.com Related checkin User-Agent (okcpmgr) || url,doc.emergingthreats.net/2007810
1 || 2007811 || 5 || trojan-activity || 0 || ET TROJAN Metajuan trojan checkin || url,www.symantec.com/security_response/writeup.jsp?docid=2007-030112-0714-99 || url,doc.emergingthreats.net/2007811
1 || 2007820 || 6 || trojan-activity || 0 || ET MALWARE Rabio Spyware/Adware Initial Registration || url,www.spywareguide.com/product_show.php?id=3770 || url,www.rabio.com || url,doc.emergingthreats.net/bin/view/Main/2007820
1 || 2007821 || 6 || trojan-activity || 0 || ET MALWARE Rabio.com Related Adware/Spyware User-Agent (HTTP_CONNECT_2) || url,doc.emergingthreats.net/bin/view/Main/2007821
1 || 2007822 || 5 || trojan-activity || 0 || ET TROJAN Densmail.com Related Trojan Checkin || url,doc.emergingthreats.net/2007822
1 || 2007823 || 8 || trojan-activity || 0 || ET DELETED Banker.OT Checkin || url,doc.emergingthreats.net/2007823
1 || 2007824 || 7 || trojan-activity || 0 || ET TROJAN Banker.anv Generally Suspicious User-Agent (CustomExchangeBrowser) || url,doc.emergingthreats.net/2007824
1 || 2007825 || 4 || trojan-activity || 0 || ET TROJAN Neonaby.com Related Trojan User-Agent (neonabyupdate) || url,doc.emergingthreats.net/2007825
1 || 2007826 || 5 || trojan-activity || 0 || ET TROJAN Suspicious Useragent Used by Several trojans (API-Guide test program) || url,doc.emergingthreats.net/2007826
1 || 2007827 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (ie) - Possible Trojan Downloader || url,doc.emergingthreats.net/2007827
1 || 2007828 || 14 || trojan-activity || 0 || ET DELETED LDPinch Checkin (2) || url,doc.emergingthreats.net/2007828
1 || 2007829 || 9 || trojan-activity || 0 || ET TROJAN Illusion Bot (Lussilon) Checkin || url,doc.emergingthreats.net/2007829
1 || 2007831 || 5 || trojan-activity || 0 || ET TROJAN Downloader General Bot Checking In via HTTP Post (bot_id push) || url,doc.emergingthreats.net/2007831
1 || 2007832 || 3 || trojan-activity || 0 || ET TROJAN Theoreon.com Related Trojan Checkin || url,doc.emergingthreats.net/2007832
1 || 2007833 || 5 || trojan-activity || 0 || ET TROJAN Eldorado.BHO User-Agent Detected (MSIE 5.5) || url,doc.emergingthreats.net/2007833
1 || 2007834 || 4 || trojan-activity || 0 || ET TROJAN Renos/ssd.com HTTP Checkin || url,doc.emergingthreats.net/2007834
1 || 2007836 || 6 || trojan-activity || 0 || ET TROJAN Downloader General Bot Checking In - Possible Win32.Small.htz related || url,doc.emergingthreats.net/2007836
1 || 2007837 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (WinInet) || url,doc.emergingthreats.net/2007837
1 || 2007838 || 5 || trojan-activity || 0 || ET TROJAN Delf HTTP Checkin (1) || url,doc.emergingthreats.net/2007838
1 || 2007839 || 7 || trojan-activity || 0 || ET MALWARE Drpcclean.com Related Spyware User-Agent (DrPCClean Transmit) || url,doc.emergingthreats.net/2007839
1 || 2007840 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Possible Trojan Downloader Shell || url,doc.emergingthreats.net/2007840 || url,www.securelist.com/en/blog/434/The_Chinese_bootkit
1 || 2007842 || 6 || trojan-activity || 0 || ET DELETED Softspydelete.com Fake Anti-Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2007842
1 || 2007843 || 6 || trojan-activity || 0 || ET TROJAN Bzub2 Related RPC/Http Checkin || url,doc.emergingthreats.net/2007843
1 || 2007845 || 9 || trojan-activity || 0 || ET MALWARE Errclean.com Related Spyware User-Agent (Locus NetInstaller) || url,doc.emergingthreats.net/2007845
1 || 2007847 || 3 || web-application-attack || 0 || ET ACTIVEX Sony ImageStation (SonyISUpload.cab 1.0.0.38) ActiveX Buffer Overflow Exploit || url,www.milw0rm.com/exploits/5086 || url,www.milw0rm.com/exploits/5100 || url,doc.emergingthreats.net/bin/view/Main/2007847
1 || 2007849 || 4 || trojan-activity || 0 || ET TROJAN Kpang.com Related Trojan User-Agent (alertup) || url,doc.emergingthreats.net/2007849
1 || 2007851 || 9 || web-application-attack || 0 || ET ACTIVEX Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Buffer Overflow Exploit || url,www.milw0rm.com/exploits/5106 || bugtraq,21458 || cve,CVE-2006-6334 || url,doc.emergingthreats.net/bin/view/Main/2007851
1 || 2007852 || 9 || web-application-attack || 0 || ET ACTIVEX Gateway Weblaunch2.ocx ActiveX Control Insecure Method Exploit || url,www.milw0rm.com/exploits/4982 || bugtraq,27193 || url,doc.emergingthreats.net/2007852
1 || 2007853 || 7 || web-application-attack || 0 || ET ACTIVEX ImageShack Toolbar ImageShackToolbar.dll ActiveX Control Insecure Method Vulnerability || url,www.milw0rm.com/exploits/4981 || bugtraq,27439 || url,doc.emergingthreats.net/2007853
1 || 2007854 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Mozilla) - Possible Spyware Related || url,doc.emergingthreats.net/bin/view/Main/2007854
1 || 2007855 || 5 || trojan-activity || 0 || ET MALWARE OneStepSearch Host Activity || url,doc.emergingthreats.net/bin/view/Main/2007855
1 || 2007856 || 4 || trojan-activity || 0 || ET MALWARE System-defender.com Fake AV Install Checkin || url,www.system-defender.com || url,doc.emergingthreats.net/bin/view/Main/2007856
1 || 2007858 || 2 || trojan-activity || 0 || ET TROJAN Delf Keylog FTP Upload || url,doc.emergingthreats.net/2007858
1 || 2007859 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (microsoft) - Possible Trojan Downloader || url,doc.emergingthreats.net/bin/view/Main/2007859
1 || 2007860 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (Internet Explorer 6.0) - Possible Trojan Downloader || url,doc.emergingthreats.net/bin/view/Main/2007860
1 || 2007861 || 4 || trojan-activity || 0 || ET MALWARE Softcashier.com Spyware Install Checkin || url,doc.emergingthreats.net/bin/view/Main/2007861
1 || 2007862 || 11 || trojan-activity || 0 || ET TROJAN LDPinch Checkin (3) || url,doc.emergingthreats.net/2007862
1 || 2007863 || 9 || trojan-activity || 0 || ET TROJAN Banload HTTP Checkin || url,doc.emergingthreats.net/2007863
1 || 2007864 || 8 || trojan-activity || 0 || ET TROJAN Banload HTTP Checkin Detected || url,doc.emergingthreats.net/2007864
1 || 2007865 || 4 || trojan-activity || 0 || ET MALWARE Winreanimator.com Fake AV Install Attempt || url,www.winreanimator.com || url,doc.emergingthreats.net/bin/view/Main/2007865
1 || 2007866 || 8 || trojan-activity || 0 || ET CHAT Gadu-Gadu Chat Client Checkin via HTTP || url,doc.emergingthreats.net/2007866
1 || 2007867 || 10 || trojan-activity || 0 || ET DELETED Delf HTTP Post Checkin (1) || url,doc.emergingthreats.net/2007867
1 || 2007868 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Firefox) - Possible Trojan Downloader || url,doc.emergingthreats.net/bin/view/Main/2007868
1 || 2007869 || 7 || trojan-activity || 0 || ET MALWARE Vombanetwork Spyware User-Agent (VombaProductsInstaller) || url,doc.emergingthreats.net/2007869
1 || 2007870 || 4 || trojan-activity || 0 || ET MALWARE Vombanetworks.com Spyware Installer Checkin || url,doc.emergingthreats.net/bin/view/Main/2007870
1 || 2007874 || 6 || web-application-attack || 0 || ET EXPLOIT Now SMS/MMS Gateway HTTP BOF Vulnerability || bugtraq,27896 || url,aluigi.altervista.org/adv/nowsmsz-adv.txt || url,doc.emergingthreats.net/bin/view/Main/2007874
1 || 2007875 || 4 || web-application-attack || 0 || ET EXPLOIT Now SMS/MMS Gateway SMPP BOF Vulnerability || bugtraq,27896 || url,aluigi.altervista.org/adv/nowsmsz-adv.txt || url,doc.emergingthreats.net/bin/view/Main/2007875
1 || 2007876 || 2 || successful-dos || 0 || ET EXPLOIT ExtremeZ-IP File and Print Server Multiple Vulnerabilities - udp || bugtraq,27718 || url,aluigi.altervista.org/adv/ezipirla-adv.txt || cve,CVE-2008-0767 || url,doc.emergingthreats.net/bin/view/Main/2007876
1 || 2007877 || 4 || successful-dos || 0 || ET EXPLOIT ExtremeZ-IP File and Print Server Multiple Vulnerabilities - tcp || bugtraq,27718 || url,aluigi.altervista.org/adv/ezipirla-adv.txt || cve,CVE-2008-0759 || url,doc.emergingthreats.net/bin/view/Main/2007877
1 || 2007878 || 11 || web-application-attack || 0 || ET ACTIVEX Apple QuickTime <= 7.4.1 QTPlugin.ocx Multiple Remote Stack Overflow || bugtraq,27769 || cve,CVE-2008-0778 || url,www.milw0rm.com/exploits/5110 || url,doc.emergingthreats.net/2007878
1 || 2007880 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (single dash) || url,doc.emergingthreats.net/bin/view/Main/2007880
1 || 2007881 || 7 || trojan-activity || 0 || ET MALWARE Mycomclean.com Spyware User-Agent (HTTP_GET_COMM) || url,doc.emergingthreats.net/2007881
1 || 2007882 || 7 || trojan-activity || 0 || ET MALWARE Mycomclean.com Spyware User-Agent (SHINI) || url,doc.emergingthreats.net/2007882
1 || 2007883 || 7 || trojan-activity || 0 || ET MALWARE Virusheat.com Fake Anti-Spyware User-Agent (VirusHeat 4.3) || url,doc.emergingthreats.net/2007883
1 || 2007884 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (Example) || url,doc.emergingthreats.net/bin/view/Main/2007884
1 || 2007885 || 8 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (downloader) || url,doc.emergingthreats.net/bin/view/Main/2007885
1 || 2007886 || 5 || trojan-activity || 0 || ET DELETED Anti-virus-pro.com Fake AV Checkin || url,doc.emergingthreats.net/bin/view/Main/2007886
1 || 2007889 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list UNION SELECT || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007889
1 || 2007890 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list INSERT || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007890
1 || 2007891 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list DELETE || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007891
1 || 2007892 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability graph_view graph_list UPDATE || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007892
1 || 2007893 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id SELECT || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007893
1 || 2007894 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id UNION SELECT || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007894
1 || 2007895 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id INSERT || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007895
1 || 2007896 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id DELETE || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007896
1 || 2007897 || 9 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id UPDATE || cve,CVE-2008-0785 || bugtraq,27749 || url,doc.emergingthreats.net/2007897
1 || 2007898 || 5 || trojan-activity || 0 || ET TROJAN Sohanad Checkin via HTTP || url,doc.emergingthreats.net/2007898
1 || 2007899 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (HTTP_CONNECT) || url,doc.emergingthreats.net/bin/view/Main/2007899
1 || 2007900 || 7 || trojan-activity || 0 || ET MALWARE Kpang.com Spyware User-Agent (auctionplusup) || url,doc.emergingthreats.net/2007900
1 || 2007901 || 7 || trojan-activity || 0 || ET TROJAN Banker.OPX HTTP Checkin || url,doc.emergingthreats.net/2007901
1 || 2007903 || 8 || web-application-attack || 0 || ET ACTIVEX 4XEM VatDecoder VatCtrl Class ActiveX Control Url Property Buffer Overflow Vulnerability || bugtraq,28010 || url,www.milw0rm.com/exploits/5193 || url,doc.emergingthreats.net/2007903
1 || 2007904 || 8 || web-application-attack || 0 || ET ACTIVEX RTSP MPEG4 SP Control ActiveX Control Url Property Buffer Overflow Vulnerability || bugtraq,28010 || url,www.milw0rm.com/exploits/5193 || url,doc.emergingthreats.net/2007904
1 || 2007905 || 48 || web-application-attack || 0 || ET ACTIVEX D-Link MPEG4 SHM (Audio) Control ActiveX Control Url Property Buffer Overflow Vulnerability || bugtraq,28010 || url,www.milw0rm.com/exploits/5193 || url,doc.emergingthreats.net/2007905
1 || 2007908 || 7 || trojan-activity || 0 || ET MALWARE Searchspy.co.kr Spyware User-Agent (HTTPGETDATA) || url,doc.emergingthreats.net/2007908
1 || 2007909 || 7 || trojan-activity || 0 || ET MALWARE Searchspy.co.kr Spyware User-Agent (HTTPFILEDOWN) || url,doc.emergingthreats.net/2007909
1 || 2007910 || 8 || trojan-activity || 0 || ET MALWARE Searchspy.co.kr Spyware User-Agent (HTTP_FILEDOWN) || url,doc.emergingthreats.net/2007910
1 || 2007911 || 7 || trojan-activity || 0 || ET TROJAN Delf Download via HTTP || url,doc.emergingthreats.net/2007911
1 || 2007912 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan-Dropper.Win32.Agent.eut (Yhrbg) || url,doc.emergingthreats.net/2007912
1 || 2007913 || 7 || trojan-activity || 0 || ET TROJAN Dialer.MC(vf) HTTP Request - Checkin || url,doc.emergingthreats.net/2007913
1 || 2007914 || 4 || trojan-activity || 0 || ET WORM SDBot HTTP Checkin || url,doc.emergingthreats.net/2007914
1 || 2007917 || 2 || trojan-activity || 0 || ET TROJAN Dropper-497 (Yumato) Initial Checkin || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
1 || 2007918 || 2 || trojan-activity || 0 || ET TROJAN Dropper-497 (Yumato) System Stats Report || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
1 || 2007919 || 2 || trojan-activity || 0 || ET TROJAN Dropper-497 Yumato Reply from server || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
1 || 2007920 || 3 || trojan-activity || 0 || ET TROJAN Dropper-497 (Yumato) Status Reply from server || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
1 || 2007921 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Explorer) || url,doc.emergingthreats.net/bin/view/Main/2007921
1 || 2007922 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.brg C&C Checkin || url,doc.emergingthreats.net/2007922
1 || 2007923 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (Digital) || url,doc.emergingthreats.net/2007923
1 || 2007924 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (downloaded) || url,doc.emergingthreats.net/2007924
1 || 2007925 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (wnames) || url,doc.emergingthreats.net/2007925
1 || 2007926 || 6 || trojan-activity || 0 || ET DELETED Suspicious User-Agent - Possible Trojan Downloader (cv_v5.0.0) || url,doc.emergingthreats.net/2007926
1 || 2007927 || 7 || trojan-activity || 0 || ET MALWARE Donkeyhote.co.kr Spyware User-Agent (UDonkey) || url,doc.emergingthreats.net/2007927
1 || 2007928 || 7 || trojan-activity || 0 || ET MALWARE Gcashback.co.kr Spyware User-Agent (InvokeAd) || url,doc.emergingthreats.net/2007928
1 || 2007929 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (User-Agent Mozilla/4.0 (compatible )) || url,doc.emergingthreats.net/bin/view/Main/2007929
1 || 2007930 || 4 || trojan-activity || 0 || ET TROJAN Delf/Hupigon C&C Channel Version Report || url,doc.emergingthreats.net/2007930
1 || 2007931 || 7 || web-application-attack || 0 || ET ACTIVEX ACTIVEX IncrediMail IMMenuShellExt ActiveX Control Buffer Overflow Vulnerability || url,www.milw0rm.com/exploits/3877 || bugtraq,23674 || cve,CVE-2007-1683 || url,doc.emergingthreats.net/2007931
1 || 2007932 || 8 || web-application-attack || 0 || ET ACTIVEX Symantec BackupExec Calendar Control (PVCalendar.ocx) BoF Vulnerability || url,www.milw0rm.com/exploits/5205 || cve,CVE-2007-6017 || bugtraq,28008 || url,doc.emergingthreats.net/2007932
1 || 2007933 || 8 || misc-attack || 0 || ET EXPLOIT Zilab Chat and Instant Messaging Heap Overflow Vulnerability || url,aluigi.altervista.org/adv/zilabzcsx-adv.txt || bugtraq,27940 || url,doc.emergingthreats.net/bin/view/Main/2007933
1 || 2007934 || 7 || misc-attack || 0 || ET EXPLOIT Zilab Chat and Instant Messaging User Info BoF Vulnerability || url,aluigi.altervista.org/adv/zilabzcsx-adv.txt || bugtraq,27940 || url,doc.emergingthreats.net/bin/view/Main/2007934
1 || 2007935 || 7 || trojan-activity || 0 || ET MALWARE Geopia.com Fake Anti-Spyware/AV User-Agent (fs3update) || url,doc.emergingthreats.net/2007935
1 || 2007937 || 4 || successful-dos || 0 || ET EXPLOIT Borland VisiBroker Smart Agent Heap Overflow || bugtraq,28084 || url,aluigi.altervista.org/adv/visibroken-adv.txt || url,doc.emergingthreats.net/bin/view/Main/2007937
1 || 2007938 || 7 || trojan-activity || 0 || ET MALWARE Geopia.com Fake Anti-Spyware/AV User-Agent (fian3manager) || url,doc.emergingthreats.net/2007938
1 || 2007939 || 5 || trojan-activity || 0 || ET TROJAN Delf Checkin via HTTP (up) || url,doc.emergingthreats.net/2007939
1 || 2007940 || 5 || trojan-activity || 0 || ET TROJAN Banker.ili HTTP Checkin || url,doc.emergingthreats.net/2007940
1 || 2007942 || 7 || trojan-activity || 0 || ET USER_AGENTS Suspicious User Agent (_) || url,doc.emergingthreats.net/bin/view/Main/2007942
1 || 2007943 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (HTTP) || url,doc.emergingthreats.net/bin/view/Main/2007943
1 || 2007944 || 6 || trojan-activity || 0 || ET MALWARE SysVenFak Fake AV Package User-Agent (gh2008) || url,doc.emergingthreats.net/bin/view/Main/2007944
1 || 2007945 || 4 || trojan-activity || 0 || ET MALWARE SysVenFak Fake AV Package Victim Checkin (victim.php) || url,doc.emergingthreats.net/bin/view/Main/2007945
1 || 2007946 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (popup) || url,doc.emergingthreats.net/bin/view/Main/2007946
1 || 2007947 || 7 || trojan-activity || 0 || ET MALWARE Nguide.co.kr Fake Security Tool User-Agent (nguideup) || url,doc.emergingthreats.net/2007947
1 || 2007948 || 9 || trojan-activity || 0 || ET MALWARE User-Agent (double dashes) || url,doc.emergingthreats.net/bin/view/Main/2007948
1 || 2007949 || 6 || trojan-activity || 0 || ET TROJAN Medbod UDP Phone Home Packet || url,doc.emergingthreats.net/2007949
1 || 2007950 || 4 || trojan-activity || 0 || ET TROJAN Possible Infection Report Mail - Indy Mail lib and Nome do Computador in Body || url,doc.emergingthreats.net/2007950
1 || 2007951 || 5 || trojan-activity || 0 || ET MALWARE Hex Encoded IP HTTP Request - Likely Malware || url,doc.emergingthreats.net/bin/view/Main/2007951
1 || 2007952 || 5 || trojan-activity || 0 || ET TROJAN Downloader.49651 Checkin || url,doc.emergingthreats.net/2007952
1 || 2007953 || 5 || trojan-activity || 0 || ET TROJAN Downloader.49651 Install Report || url,doc.emergingthreats.net/2007953
1 || 2007954 || 5 || trojan-activity || 0 || ET TROJAN Downloader.49651 Online Report || url,doc.emergingthreats.net/2007954
1 || 2007955 || 5 || trojan-activity || 0 || ET TROJAN Cygo Checkin || url,doc.emergingthreats.net/2007955
1 || 2007956 || 7 || trojan-activity || 0 || ET MALWARE Snoopstick.net Related Spyware User-Agent (SnoopStick Updater) || url,doc.emergingthreats.net/bin/view/Main/2007956
1 || 2007957 || 2 || trojan-activity || 0 || ET TROJAN Banker.ike UDP C&C || url,doc.emergingthreats.net/2007957
1 || 2007958 || 7 || trojan-activity || 0 || ET MALWARE Msconfig.co.kr Related User Agent (BACKMAN) || url,doc.emergingthreats.net/2007958
1 || 2007959 || 7 || trojan-activity || 0 || ET MALWARE Msconfig.co.kr Related User-Agent (GLOBALx) || url,doc.emergingthreats.net/2007959
1 || 2007961 || 9 || trojan-activity || 0 || ET MALWARE Fake Wget User-Agent (wget 3.0) - Likely Hostile || url,doc.emergingthreats.net/2007961
1 || 2007962 || 7 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic Checkin || url,doc.emergingthreats.net/2007962
1 || 2007963 || 4 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Status OK || url,doc.emergingthreats.net/2007963
1 || 2007964 || 4 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Server Status OK || url,doc.emergingthreats.net/2007964
1 || 2007965 || 5 || trojan-activity || 0 || ET TROJAN Goldun Reporting Install || url,doc.emergingthreats.net/2007965
1 || 2007966 || 2 || trojan-activity || 0 || ET TROJAN Win32.Inject.zy Checkin Post || url,doc.emergingthreats.net/2007966
1 || 2007967 || 6 || trojan-activity || 0 || ET TROJAN Universal1337 FTP Upload of Compromised Data || url,doc.emergingthreats.net/bin/view/Main/TrojanUniversal1337 || url,www.megasecurity.org/trojans/u/universal1337/Universal1337v2.html
1 || 2007968 || 5 || trojan-activity || 0 || ET TROJAN Universal1337 Email Upload of Compromised Data || url,doc.emergingthreats.net/bin/view/Main/TrojanUniversal1337 || url,www.megasecurity.org/trojans/u/universal1337/Universal1337v2.html
1 || 2007970 || 7 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Checkin (XY) || url,doc.emergingthreats.net/2007970
1 || 2007971 || 3 || policy-violation || 0 || ET POLICY SSN Detected in Clear Text (SSN ) || url,doc.emergingthreats.net/2007971
1 || 2007972 || 3 || policy-violation || 0 || ET POLICY SSN Detected in Clear Text (SSN# ) || url,doc.emergingthreats.net/2007972
1 || 2007973 || 3 || trojan-activity || 0 || ET TROJAN Perfect Keylogger FTP Initial Install Log Upload || url,doc.emergingthreats.net/2007973
1 || 2007974 || 4 || trojan-activity || 0 || ET TROJAN Perfect Keylogger FTP Log Upload || url,doc.emergingthreats.net/2007974
1 || 2007975 || 5 || trojan-activity || 0 || ET TROJAN Common Downloader Trojan Checkin || url,doc.emergingthreats.net/2007975
1 || 2007977 || 7 || trojan-activity || 0 || ET MALWARE Dokterfix.com Fake AV User-Agent (Magic NetInstaller) || url,doc.emergingthreats.net/2007977
1 || 2007978 || 5 || trojan-activity || 0 || ET MALWARE Direct-web.co.kr Related Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2007978
1 || 2007979 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.brg C&C Reporting Version || url,doc.emergingthreats.net/2007979
1 || 2007980 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.brg C&C Kill Command Send || url,doc.emergingthreats.net/2007980
1 || 2007981 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.brg C&C Kill Command Acknowledge || url,doc.emergingthreats.net/2007981
1 || 2007982 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.brg C&C DDoS Outbound || url,doc.emergingthreats.net/2007982
1 || 2007984 || 6 || trojan-activity || 0 || ET TROJAN Banker Trojan (General) HTTP Checkin || url,doc.emergingthreats.net/2007984
1 || 2007986 || 6 || trojan-activity || 0 || ET TROJAN Emogen Reporting via HTTP || url,doc.emergingthreats.net/2007986
1 || 2007987 || 5 || trojan-activity || 0 || ET TROJAN Dropper.Win32.VB.on Keylog/System Info Report via HTTP || url,doc.emergingthreats.net
1 || 2007989 || 3 || trojan-activity || 0 || ET TROJAN Vundo HTTP Pre-Install Checkin || url,doc.emergingthreats.net/2007989
1 || 2007990 || 3 || trojan-activity || 0 || ET TROJAN Vundo HTTP Post-Install Checkin || url,doc.emergingthreats.net/2007990
1 || 2007991 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (Unknown) || url,doc.emergingthreats.net/bin/view/Main/2007991
1 || 2007992 || 3 || trojan-activity || 0 || ET TROJAN Shark Pass Stealer Email Report || url,doc.emergingthreats.net/2007992
1 || 2007993 || 12 || trojan-activity || 0 || ET MALWARE User-Agent (2 spaces) || url,doc.emergingthreats.net/bin/view/Main/2007993
1 || 2007994 || 8 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (1 space) || url,doc.emergingthreats.net/bin/view/Main/2007994
1 || 2007995 || 6 || trojan-activity || 0 || ET MALWARE Vaccine-program.co.kr Related Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2007995
1 || 2007996 || 4 || trojan-activity || 0 || ET MALWARE Sears.com/Kmart.com My SHC Community spyware download || url,community.ca.com/blogs/securityadvisor/archive/2007/12/20/sears-com-join-the-community-get-spyware.aspx || url,www.benedelman.org/news/010108-1.html || url,doc.emergingthreats.net/bin/view/Main/2007996
1 || 2007998 || 9 || web-application-attack || 0 || ET ACTIVEX Rediff Bol Downloader ActiveX Control Remote Code Execution || cve,CVE-2006-6838 || bugtraq,21831 || url,downloads.securityfocus.com/vulnerabilities/exploits/21831.html || url,doc.emergingthreats.net/2007998
1 || 2007999 || 7 || trojan-activity || 0 || ET TROJAN Banker Trojan (General) HTTP Checkin (vit) || url,doc.emergingthreats.net/2007999
1 || 2008000 || 7 || trojan-activity || 0 || ET MALWARE Easydownloadsoft.com Fake Anti-Virus User-Agent (IM Downloader) || url,doc.emergingthreats.net/2008000
1 || 2008003 || 4 || trojan-activity || 0 || ET TROJAN Win32.Agent.cyt (Or variant) HTTP POST Checkin || url,doc.emergingthreats.net/2008003
1 || 2008004 || 4 || trojan-activity || 0 || ET TROJAN Win32.Agent.cyt (Or variant) HTTP POST Checkin (2) || url,doc.emergingthreats.net/2008004
1 || 2008005 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.cfi (related) System Info Upload via FTP || url,doc.emergingthreats.net/2008005
1 || 2008006 || 6 || trojan-activity || 0 || ET TROJAN Delf CnC Channel Packet 1 || url,doc.emergingthreats.net/2008006
1 || 2008007 || 5 || trojan-activity || 0 || ET TROJAN Delf CnC Channel Packet 1 reply || url,doc.emergingthreats.net/2008007
1 || 2008008 || 5 || trojan-activity || 0 || ET TROJAN Delf CnC Channel Checkin Replies || url,doc.emergingthreats.net/2008008
1 || 2008009 || 5 || trojan-activity || 0 || ET TROJAN Delf CnC Channel Keepalive Pong || url,doc.emergingthreats.net/2008009
1 || 2008010 || 6 || trojan-activity || 0 || ET TROJAN Delf CnC Channel Keepalive Ping || url,doc.emergingthreats.net/2008010
1 || 2008012 || 6 || trojan-activity || 0 || ET TROJAN Winquickupdates.com/Mycashloads.com Related Trojan Install Report || url,doc.emergingthreats.net/bin/view/Main/2008012
1 || 2008013 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Internet) || url,doc.emergingthreats.net/bin/view/Main/2008013
1 || 2008015 || 10 || trojan-activity || 0 || ET MALWARE User-Agent (Win95) || url,doc.emergingthreats.net/bin/view/Main/2008015
1 || 2008016 || 4 || trojan-activity || 0 || ET MALWARE Servicepack.kr Fake Patch Software Checkin || url,doc.emergingthreats.net/bin/view/Main/2008016
1 || 2008017 || 3 || trojan-activity || 0 || ET TROJAN Philis.J ICMP Sweep (Payload Hello,World) || url,vil.nai.com/vil/content/v_141203.htm || url,doc.emergingthreats.net/2008017
1 || 2008019 || 6 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (https) || url,doc.emergingthreats.net/2008019
1 || 2008020 || 4 || trojan-activity || 0 || ET WORM Win32.Socks.s HTTP Post Checkin || url,doc.emergingthreats.net/2008020
1 || 2008021 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C Initial Checkin (ams) || url,doc.emergingthreats.net/2008021
1 || 2008022 || 4 || trojan-activity || 0 || ET TROJAN Turkojan C&C Info Command (MINFO) || url,doc.emergingthreats.net/2008022
1 || 2008023 || 5 || trojan-activity || 0 || ET TROJAN Turkojan C&C Info Command Response (MINFO) || url,doc.emergingthreats.net/2008023
1 || 2008024 || 4 || trojan-activity || 0 || ET TROJAN Turkojan C&C Logs Parse Command (LOGS1) || url,doc.emergingthreats.net/2008024
1 || 2008025 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C Logs Parse Response Response (LOGS1) || url,doc.emergingthreats.net/2008025
1 || 2008026 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C Keepalive (BAGLANTI) || url,doc.emergingthreats.net/2008026
1 || 2008027 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C Browse Drive Command (BROWSC) || url,doc.emergingthreats.net/2008027
1 || 2008028 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C Browse Drive Command Response (metin) || url,doc.emergingthreats.net/2008028
1 || 2008029 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C nxt Command (nxt) || url,doc.emergingthreats.net/2008029
1 || 2008030 || 3 || trojan-activity || 0 || ET TROJAN Turkojan C&C nxt Command Response (nxt) || url,doc.emergingthreats.net/2008030
1 || 2008031 || 3 || trojan-activity || 0 || ET TROJAN Dorf/Win32.Inject.adt C&C Communication Outbound || url,doc.emergingthreats.net/2008031
1 || 2008032 || 3 || trojan-activity || 0 || ET TROJAN Dorf/Win32.Inject.adt C&C Communication Inbound || url,doc.emergingthreats.net/2008032
1 || 2008033 || 5 || trojan-activity || 0 || ET TROJAN Banker.maf SMTP Checkin (Not in the Control...) || url,doc.emergingthreats.net/2008033
1 || 2008034 || 6 || trojan-activity || 0 || ET TROJAN LDPinch SMTP Password Report || url,doc.emergingthreats.net/2008034
1 || 2008035 || 6 || trojan-activity || 0 || ET TROJAN System.Poser HTTP Checkin || url,doc.emergingthreats.net/2008035
1 || 2008036 || 9 || trojan-activity || 0 || ET MALWARE 360safe.com related Fake Security Product Update || url,doc.emergingthreats.net/bin/view/Main/2008036
1 || 2008037 || 8 || policy-violation || 0 || ET POLICY Gteko User-Agent Detected - Dell Remote Access || url,doc.emergingthreats.net/bin/view/Main/Windows98UA
1 || 2008038 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (Mozilla/4.0 (compatible ICS)) || url,doc.emergingthreats.net/bin/view/Main/2008038
1 || 2008039 || 3 || trojan-activity || 0 || ET TROJAN Egspy Infection Report Email || url,research.sunbelt-software.com/threatdisplay.aspx?name=EgySpy&threatid=48410 || url,doc.emergingthreats.net/2008039
1 || 2008040 || 7 || trojan-activity || 0 || ET MALWARE Privacyprotector Related Spyware User-Agent (Ssol NetInstaller) || url,doc.emergingthreats.net/2008040
1 || 2008041 || 4 || trojan-activity || 0 || ET TROJAN Hupigon CnC init (variant abb) || url,doc.emergingthreats.net/2008041
1 || 2008042 || 3 || trojan-activity || 0 || ET TROJAN Hupigon CnC Data Post (variant abb) || url,doc.emergingthreats.net/2008042
1 || 2008043 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (c \windows) || url,doc.emergingthreats.net/bin/view/Main/2008043
1 || 2008044 || 8 || trojan-activity || 0 || ET TROJAN Delf Checkin via HTTP (5) || url,doc.emergingthreats.net/2008044
1 || 2008046 || 7 || trojan-activity || 0 || ET TROJAN Rf-cheats.ru Trojan Related User-Agent (RFRudokop v.1.1 account verification) || url,doc.emergingthreats.net/2008046
1 || 2008047 || 7 || trojan-activity || 0 || ET TROJAN Egspy Infection Report via HTTP || url,research.sunbelt-software.com/threatdisplay.aspx?name=EgySpy&threatid=48410 || url,doc.emergingthreats.net/2008047
1 || 2008048 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Version 1.23) || url,doc.emergingthreats.net/bin/view/Main/2008048
1 || 2008049 || 5 || trojan-activity || 0 || ET TROJAN Yahoo550.com Related Downloader/Trojan Checkin || url,doc.emergingthreats.net/2008049
1 || 2008051 || 4 || not-suspicious || 0 || ET POLICY Dell MyWay Remote control agent || url,doc.emergingthreats.net/2008051
1 || 2008052 || 10 || trojan-activity || 0 || ET MALWARE User-Agent (Internet Explorer) || url,doc.emergingthreats.net/bin/view/Main/2008052
1 || 2008054 || 7 || bad-unknown || 0 || ET DELETED Nginx Server in use - Often Hostile Traffic || url,doc.emergingthreats.net/2008054
1 || 2008055 || 3 || trojan-activity || 0 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC || url,doc.emergingthreats.net/2008055
1 || 2008056 || 4 || trojan-activity || 0 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC packet 2 || url,doc.emergingthreats.net/2008056
1 || 2008057 || 2 || trojan-activity || 0 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response || url,doc.emergingthreats.net/2008057
1 || 2008058 || 6 || trojan-activity || 0 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC port 443 || url,doc.emergingthreats.net/2008058
1 || 2008059 || 4 || trojan-activity || 0 || ET DELETED Win32.Inject.ajq Initial Checkin to CnC packet 2 port 443 || url,doc.emergingthreats.net/2008059
1 || 2008060 || 2 || trojan-activity || 0 || ET TROJAN Win32.Inject.ajq Initial Checkin to CnC Response port 443 || url,doc.emergingthreats.net/2008060
1 || 2008061 || 5 || trojan-activity || 0 || ET DELETED LDPinch Checkin (4) || url,doc.emergingthreats.net/2008061
1 || 2008062 || 9 || web-application-attack || 0 || ET ACTIVEX Universal HTTP File Upload Remote File Deletetion || url,www.milw0rm.com/exploits/5272 || url,doc.emergingthreats.net/2008062
1 || 2008063 || 3 || successful-user || 0 || ET EXPLOIT MDAEMON (Post Auth) Remote Root IMAP FETCH Command Universal Exploit || url,www.milw0rm.com/exploits/5248 || bugtraq,28245 || url,doc.emergingthreats.net/bin/view/Main/2008063 || cve,2008-1358
1 || 2008064 || 6 || bad-unknown || 0 || ET DELETED Nginx Server with no version string - Often Hostile Traffic || url,doc.emergingthreats.net/2008064
1 || 2008065 || 5 || bad-unknown || 0 || ET POLICY Nginx Server with modified version string - Often Hostile Traffic || url,doc.emergingthreats.net/2008065
1 || 2008066 || 7 || trojan-activity || 0 || ET MALWARE Blank User-Agent (descriptor but no string) || url,doc.emergingthreats.net/bin/view/Main/2008066
1 || 2008067 || 4 || trojan-activity || 0 || ET MALWARE Kwsearchguide.com Related Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2008067
1 || 2008069 || 4 || trojan-activity || 0 || ET MALWARE Kwsearchguide.com Related Spyware Keepalive || url,doc.emergingthreats.net/bin/view/Main/2008069
1 || 2008070 || 8 || policy-violation || 0 || ET POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System (Win98) || url,doc.emergingthreats.net/bin/view/Main/Windows98UA
1 || 2008071 || 6 || trojan-activity || 0 || ET TROJAN Delf Checkin via HTTP (6) || url,doc.emergingthreats.net/2008071
1 || 2008073 || 13 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (App4) || url,doc.emergingthreats.net/bin/view/Main/2008073
1 || 2008074 || 8 || trojan-activity || 0 || ET TROJAN Banload User-Agent Detected (WebUpdate) || url,doc.emergingthreats.net/2008074
1 || 2008076 || 5 || trojan-activity || 0 || ET TROJAN General Downloader URL Pattern (/loader/setup.php) || url,doc.emergingthreats.net/2008076
1 || 2008081 || 3 || trojan-activity || 0 || ET TROJAN Xorer.ez HTTP Checkin to CnC || url,doc.emergingthreats.net/2008081
1 || 2008082 || 3 || trojan-activity || 0 || ET TROJAN Vundo HTTP Post-Install Checkin (2) || url,doc.emergingthreats.net/2008082
1 || 2008083 || 13 || trojan-activity || 0 || ET DELETED Suspicious User Agent (Zlob Related) (UA00000) || url,doc.emergingthreats.net/2008083
1 || 2008084 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Mozilla-web) || url,doc.emergingthreats.net/bin/view/Main/2008084
1 || 2008085 || 10 || trojan-activity || 0 || ET MALWARE Alexa Search Toolbar User-Agent 2 (Alexa Toolbar) || url,doc.emergingthreats.net/2008085
1 || 2008086 || 5 || trojan-activity || 0 || ET TROJAN Daemonize.ft HTTP Checkin || url,doc.emergingthreats.net/2008086
1 || 2008087 || 5 || trojan-activity || 0 || ET TROJAN Downloader.VB.CEJ HTTP Checkin || url,doc.emergingthreats.net/2008087
1 || 2008090 || 6 || trojan-activity || 0 || ET TROJAN Delf Checkin via HTTP (7) || url,doc.emergingthreats.net/2008090
1 || 2008091 || 5 || trojan-activity || 0 || ET DELETED LDPinch Checkin (8) || url,doc.emergingthreats.net/2008091
1 || 2008092 || 3 || attempted-recon || 0 || ET SCAN Internal to Internal UPnP Request tcp port 2555 || url,www.upnp-hacks.org/upnp.html || url,doc.emergingthreats.net/2008092
1 || 2008093 || 5 || attempted-recon || 0 || ET SCAN External to Internal UPnP Request tcp port 2555 || url,www.upnp-hacks.org/upnp.html || url,doc.emergingthreats.net/2008093
1 || 2008094 || 4 || attempted-recon || 0 || ET SCAN External to Internal UPnP Request udp port 1900 || url,www.upnp-hacks.org/upnp.html || url,doc.emergingthreats.net/2008094
1 || 2008096 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (INSTALLER) || url,doc.emergingthreats.net/bin/view/Main/2008096
1 || 2008097 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (IEMGR) || url,doc.emergingthreats.net/bin/view/Main/2008097
1 || 2008098 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (GOOGLE) || url,doc.emergingthreats.net/bin/view/Main/2008098
1 || 2008099 || 8 || web-application-attack || 0 || ET ACTIVEX ChilkatHttp ActiveX 2.3 Arbitrary Files Overwrite || bugtraq,28546 || url,www.milw0rm.com/exploits/5338 || url,doc.emergingthreats.net/2008099
1 || 2008100 || 11 || trojan-activity || 0 || ET TROJAN PRG/wnspoem/Zeus InfoStealer Trojan Config Download || url,doc.emergingthreats.net/2008100
1 || 2008103 || 4 || trojan-activity || 0 || ET DELETED Bobax/Kraken/Oderoor TCP 447 CnC Channel Initial Packet Outbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor
1 || 2008104 || 3 || trojan-activity || 0 || ET TROJAN Bobax/Kraken/Oderoor UDP 447 CnC Channel Initial Packet Outbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor
1 || 2008105 || 3 || trojan-activity || 0 || ET TROJAN Bobax/Kraken/Oderoor UDP 447 CnC Channel Initial Packet Inbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor
1 || 2008106 || 3 || trojan-activity || 0 || ET TROJAN Bobax/Kraken/Oderoor TCP 447 CnC Channel Initial Packet Inbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor
1 || 2008107 || 4 || trojan-activity || 0 || ET DELETED Possible Bobax/Kraken/Oderoor UDP 447 CnC Channel Inbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor
1 || 2008108 || 4 || trojan-activity || 0 || ET DELETED Possible Bobax/Kraken/Oderoor TCP 447 CnC Channel Inbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor
1 || 2008109 || 3 || trojan-activity || 0 || ET TROJAN Possible Bobax/Kraken/Oderoor UDP 447 CnC Channel Outbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor
1 || 2008110 || 4 || trojan-activity || 0 || ET DELETED Possible Bobax/Kraken/Oderoor TCP 447 CnC Channel Outbound || url,doc.emergingthreats.net/bin/view/Main/OdeRoor
1 || 2008113 || 3 || policy-violation || 0 || ET P2P Tor Get Server Request || url,tor.eff.org || url,doc.emergingthreats.net/2008113
1 || 2008115 || 3 || policy-violation || 0 || ET P2P Tor Get Status Request || url,tor.eff.org || url,doc.emergingthreats.net/2008115
1 || 2008116 || 3 || policy-violation || 0 || ET TFTP Outbound TFTP Write Request || url,doc.emergingthreats.net/2008116
1 || 2008117 || 3 || policy-violation || 0 || ET TFTP Outbound TFTP Data Transfer || url,doc.emergingthreats.net/2008117
1 || 2008118 || 3 || policy-violation || 0 || ET TFTP Outbound TFTP ACK || url,doc.emergingthreats.net/2008118
1 || 2008119 || 3 || policy-violation || 0 || ET TFTP Outbound TFTP Error Message || url,doc.emergingthreats.net/2008119
1 || 2008120 || 3 || policy-violation || 0 || ET TFTP Outbound TFTP Read Request || url,doc.emergingthreats.net/2008120
1 || 2008123 || 7 || trojan-activity || 0 || ET TROJAN Likely Bot Username in IRC (XP-..) || url,doc.emergingthreats.net/2008123
1 || 2008124 || 5 || trojan-activity || 0 || ET TROJAN Likely Bot Nick in IRC (USA +..) || url,doc.emergingthreats.net/2008124
1 || 2008126 || 8 || web-application-attack || 0 || ET ACTIVEX IBiz E-Banking Integrator V2 ActiveX Edition Insecure Method || url,www.milw0rm.com/exploits/5416 || url,doc.emergingthreats.net/2008126
1 || 2008127 || 10 || web-application-attack || 0 || ET ACTIVEX Data Dynamics ActiveBar ActiveX Control (Actbar3.ocx 3.2) Multiple Insecure Methods || bugtraq,24959 || cve,CVE-2007-3883 || url,www.exploit-db.com/exploits/5395/ || url,doc.emergingthreats.net/2008127
1 || 2008128 || 9 || web-application-attack || 0 || ET ACTIVEX Tumbleweed SecureTransport FileTransfer ActiveX BOF Exploit || bugtraq,28662 || url,www.milw0rm.com/exploits/5398 || url,doc.emergingthreats.net/2008128
1 || 2008129 || 7 || web-application-attack || 0 || ET ACTIVEX LEADTOOLS Multimedia Toolkit 15 Arbitrary Files Overwrite || url,www.shinnai.altervista.org/xplits/TXT_lyyELAFI8pOPu2p7N6cq.html || bugtraq,28442 || cve,CVE-2008-1605 || url,doc.emergingthreats.net/2008129
1 || 2008130 || 5 || trojan-activity || 0 || ET TROJAN Win32.Lydra.hj HTTP Checkin || url,doc.emergingthreats.net/2008130
1 || 2008132 || 5 || trojan-activity || 0 || ET TROJAN Common Downloader Access Count Tracking URL || url,doc.emergingthreats.net/2008132
1 || 2008133 || 5 || trojan-activity || 0 || ET TROJAN Common Downloader Install Count Tracking URL || url,doc.emergingthreats.net/2008133
1 || 2008134 || 8 || trojan-activity || 0 || ET TROJAN Common Downloader Install Count Tracking URL (partner) || url,doc.emergingthreats.net/2008134 || url,www.threatexpert.com/report.aspx?md5=ea70e0971cc490a15e53d24ad6564403
1 || 2008135 || 4 || trojan-activity || 0 || ET MALWARE Soft-Show.cn Related Fake AV Install || url,doc.emergingthreats.net/bin/view/Main/2008135
1 || 2008136 || 5 || trojan-activity || 0 || ET TROJAN Egspy Install Report via HTTP || url,doc.emergingthreats.net/2008136
1 || 2008139 || 7 || trojan-activity || 0 || ET TROJAN RhiFrem Trojan Activity - cmd || url,www.castlecops.com/U_S_Courts_phish792683.html || url,doc.emergingthreats.net/2008139
1 || 2008140 || 8 || trojan-activity || 0 || ET TROJAN RhiFrem Trojan Activity - log || url,www.castlecops.com/U_S_Courts_phish792683.html || url,doc.emergingthreats.net/2008140
1 || 2008141 || 8 || trojan-activity || 0 || ET MALWARE Win-touch.com Spyware User-Agent (WinTouch) || url,doc.emergingthreats.net/2008141
1 || 2008142 || 4 || trojan-activity || 0 || ET TROJAN Vapsup User-Agent (doshowmeanad loader v2.1) || url,doc.emergingthreats.net/2008142
1 || 2008143 || 5 || trojan-activity || 0 || ET DELETED Downloader Checkin Pattern Used by Several Trojans || url,doc.emergingthreats.net/2008143
1 || 2008144 || 6 || trojan-activity || 0 || ET TROJAN Proxy.Corpes.j Infection Report || url,doc.emergingthreats.net/2008144
1 || 2008145 || 7 || trojan-activity || 0 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRInstaller) || url,doc.emergingthreats.net/2008145
1 || 2008146 || 7 || trojan-activity || 0 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SpeedRunner) || url,doc.emergingthreats.net/2008146
1 || 2008147 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (RBR) || url,doc.emergingthreats.net/bin/view/Main/2008147
1 || 2008148 || 4 || trojan-activity || 0 || ET MALWARE Soft-Show.cn Related Fake AV Install Ad Pull || url,doc.emergingthreats.net/bin/view/Main/2008148
1 || 2008149 || 8 || trojan-activity || 0 || ET MALWARE 360safe.com related Fake Security Product Update (KillerSet) || url,doc.emergingthreats.net/bin/view/Main/2008149
1 || 2008150 || 7 || trojan-activity || 0 || ET MALWARE Avsystemcare.com Fake AV User-Agent (LocusSoftware, NetInstaller) || url,doc.emergingthreats.net/2008150
1 || 2008151 || 7 || trojan-activity || 0 || ET MALWARE Speed-runner.com Fake Speed Test User-Agent (SRRecover) || url,doc.emergingthreats.net/2008151
1 || 2008152 || 6 || trojan-activity || 0 || ET TROJAN Pakes/Cutwail/Kobcka Checkin URL || url,doc.emergingthreats.net/2008152
1 || 2008153 || 5 || trojan-activity || 0 || ET TROJAN Citi-bank.ru Related Trojan Checkin || url,doc.emergingthreats.net/2008153
1 || 2008155 || 4 || trojan-activity || 0 || ET TROJAN Trats.a Post-Infection Checkin || url,doc.emergingthreats.net/2008155
1 || 2008156 || 4 || trojan-activity || 0 || ET TROJAN Hupigon User Agent Detected (VIP2007) || url,doc.emergingthreats.net/2008156
1 || 2008157 || 6 || trojan-activity || 0 || ET MALWARE Sidelinker.com-Upspider.com Spyware Checkin || url,doc.emergingthreats.net/bin/view/Main/2008157
1 || 2008158 || 5 || trojan-activity || 0 || ET MALWARE Sidelinker.com-Upspider.com Spyware Count || url,doc.emergingthreats.net/bin/view/Main/2008158
1 || 2008159 || 4 || trojan-activity || 0 || ET TROJAN Otwycal User-Agent (Downing) || url,doc.emergingthreats.net/2008159
1 || 2008170 || 8 || web-application-attack || 0 || ET WEB_CLIENT Microsoft Internet Explorer ieframe.dll Script Injection Vulnerability || bugtraq,28581 || url,doc.emergingthreats.net/bin/view/Main/2008170
1 || 2008171 || 7 || web-application-attack || 0 || ET WEB_SERVER HP OpenView Network Node Manager CGI Directory Traversal || bugtraq,28745 || cve,CVE-2008-0068 || url,aluigi.altervista.org/adv/closedviewx-adv.txt || url,doc.emergingthreats.net/2008171
1 || 2008173 || 8 || web-application-attack || 0 || ET ACTIVEX PPStream PowerPlayer.DLL ActiveX Control BoF Vulnerability || bugtraq,25502 || url,doc.emergingthreats.net/2008173
1 || 2008174 || 8 || trojan-activity || 0 || ET DELETED Generic Spambot (often Tibs) Post-Infection Checkin || url,doc.emergingthreats.net/2008174
1 || 2008175 || 5 || attempted-admin || 0 || ET WEB_SERVER Possible SQL Injection (varchar) || url,doc.emergingthreats.net/2008175
1 || 2008176 || 6 || attempted-admin || 0 || ET WEB_SERVER Possible SQL Injection (exec) || url,doc.emergingthreats.net/2008176
1 || 2008177 || 5 || trojan-activity || 0 || ET TROJAN Ceckno Reporting to Controller || url,doc.emergingthreats.net/2008177
1 || 2008178 || 3 || trojan-activity || 0 || ET TROJAN Ceckno Keepalive from Controller || url,doc.emergingthreats.net/2008178
1 || 2008179 || 3 || not-suspicious || 0 || ET SCAN PRO Search Crawler Probe || url,sourceforge.net/project/showfiles.php?group_id=149797 || url,doc.emergingthreats.net/2008179
1 || 2008180 || 6 || trojan-activity || 0 || ET MALWARE V-Clean.com Fake AV Checkin || url,doc.emergingthreats.net/bin/view/Main/2008180
1 || 2008181 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (MS Internet Explorer) || url,doc.emergingthreats.net/bin/view/Main/2008181
1 || 2008182 || 8 || trojan-activity || 0 || ET TROJAN Common Downloader Install Report URL || url,doc.emergingthreats.net/2008182
1 || 2008183 || 7 || trojan-activity || 0 || ET TROJAN Common Downloader Install Report URL (pid - mac) || url,doc.emergingthreats.net/2008183
1 || 2008184 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Installer) || url,doc.emergingthreats.net/bin/view/Main/2008184
1 || 2008185 || 4 || trojan-activity || 0 || ET TROJAN Win32 Cloaker Related Post Infection Checkin || url,doc.emergingthreats.net/2008185
1 || 2008186 || 4 || web-application-attack || 0 || ET SCAN DirBuster Web App Scan in Progress || url,owasp.org || url,doc.emergingthreats.net/2008186
1 || 2008187 || 8 || attempted-recon || 0 || ET SCAN Paros Proxy Scanner Detected || url,www.parosproxy.org || url,doc.emergingthreats.net/2008187
1 || 2008189 || 5 || trojan-activity || 0 || ET TROJAN SpamTool.Win32.Agent.gy/Grum/Tedroo Or Similar HTTP Checkin || url,doc.emergingthreats.net/2008189 || url,www.secureworks.com/research/threats/botnets2009/ || url,securitylabs.websense.com/content/Blogs/2721.aspx
1 || 2008190 || 7 || trojan-activity || 0 || ET MALWARE WinButler User-Agent (WinButler) || url,www.winbutler.com || url,www.prevx.com/filenames/239975745155427649-0/WINBUTLER.EXE.html || url,doc.emergingthreats.net/2008190
1 || 2008192 || 3 || trojan-activity || 0 || ET WORM Korgo.P Reporting || url,www.f-secure.com/v-descs/korgo_p.shtml || url,doc.emergingthreats.net/2008192
1 || 2008194 || 6 || trojan-activity || 0 || ET TROJAN Common Downloader Install Report URL (wmid - ucid) || url,doc.emergingthreats.net/2008194
1 || 2008195 || 5 || trojan-activity || 0 || ET TROJAN Dropper mdodo.com Related Trojan || url,doc.emergingthreats.net/2008195
1 || 2008196 || 5 || trojan-activity || 0 || ET TROJAN Dropper 6dzone.com Related Trojan || url,doc.emergingthreats.net/2008196
1 || 2008197 || 5 || trojan-activity || 0 || ET MALWARE Winxdefender.com Fake AV Package Post Install Checkin || url,doc.emergingthreats.net/bin/view/Main/2008197
1 || 2008198 || 7 || trojan-activity || 0 || ET MALWARE Pcclear.co.kr/Pcclear.com Fake AV User-Agent (PCClearPlus) || url,www.pcclear.com || url,www.pcclear.co.kr || url,doc.emergingthreats.net/2008198
1 || 2008199 || 17 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (QQ) || url,doc.emergingthreats.net/bin/view/Main/2008199
1 || 2008200 || 8 || trojan-activity || 0 || ET MALWARE vaccine-program.co.kr Related Spyware User-Agent (vaccine) || url,doc.emergingthreats.net/2008200
1 || 2008201 || 7 || trojan-activity || 0 || ET MALWARE Sidebar Related Spyware User-Agent (Sidebar Client) || url,doc.emergingthreats.net/2008201
1 || 2008202 || 7 || trojan-activity || 0 || ET MALWARE UbrenQuatroRusDldr Downloader User-Agent (UbrenQuatroRusDldr 096044) || url,doc.emergingthreats.net/2008202
1 || 2008203 || 8 || trojan-activity || 0 || ET MALWARE BndVeano4GetDownldr Downloader User-Agent (BndVeano4GetDownldr) || url,doc.emergingthreats.net/2008203
1 || 2008204 || 7 || trojan-activity || 0 || ET MALWARE yeps.co.kr Related User-Agent (ISecu) || url,doc.emergingthreats.net/2008204
1 || 2008205 || 8 || trojan-activity || 0 || ET MALWARE yeps.co.kr Related User-Agent (ISUpd) || url,doc.emergingthreats.net/2008205
1 || 2008206 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Client Visiting Possibly Compromised Site (HaCKeD By BeLa & BodyguarD) || url,www.incidents.org/diary.html?storyid=4405 || url,doc.emergingthreats.net/bin/view/Main/2008206
1 || 2008207 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Possible File Injection Compromise (HaCKeD By BeLa & BodyguarD) || url,www.incidents.org/diary.html?storyid=4405 || url,doc.emergingthreats.net/bin/view/Main/2008207
1 || 2008208 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (TestAgent) || url,doc.emergingthreats.net/bin/view/Main/2008208
1 || 2008209 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (SERVER2_03) || url,doc.emergingthreats.net/bin/view/Main/2008209
1 || 2008210 || 8 || trojan-activity || 0 || ET MALWARE Misspelled Mozilla User-Agent (Mozila) || url,doc.emergingthreats.net/bin/view/Main/2008210
1 || 2008211 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (WinProxy) || url,doc.emergingthreats.net/bin/view/Main/2008211
1 || 2008212 || 5 || trojan-activity || 0 || ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via Email || url,en.wikipedia.org/wiki/Optix_Pro
1 || 2008213 || 8 || trojan-activity || 0 || ET DELETED LDPinch Checkin (9) || url,doc.emergingthreats.net/2008213
1 || 2008214 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (sickness29a/0.1) || url,doc.emergingthreats.net/bin/view/Main/2008214
1 || 2008215 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (up2dash updater) || url,doc.emergingthreats.net/bin/view/Main/2008215
1 || 2008216 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (NSIS_DOWNLOAD) || url,doc.emergingthreats.net/bin/view/Main/2008216
1 || 2008218 || 7 || trojan-activity || 0 || ET TROJAN Optix Pro Trojan/Keylogger Reporting Installation via HTTP-Email Post || url,en.wikipedia.org/wiki/Optix_Pro || url,doc.emergingthreats.net/2008218
1 || 2008219 || 6 || trojan-activity || 0 || ET TROJAN Looked.P/Gamania/Delf #108/! Style CnC Checkin || url,doc.emergingthreats.net/bin/view/Main/Win32Looked
1 || 2008220 || 5 || trojan-activity || 0 || ET TROJAN Looked.P/Gamania/Delf #109/! Style CnC Checkin Response from Server || url,doc.emergingthreats.net/bin/view/Main/Win32Looked
1 || 2008221 || 4 || trojan-activity || 0 || ET TROJAN Asprox-style Message ID || url,www.secureworks.com/research/threats/danmecasprox || url,doc.emergingthreats.net/2008221
1 || 2008222 || 4 || trojan-activity || 0 || ET TROJAN Asprox phishing email detected || url,www.secureworks.com/research/threats/danmecasprox || url,doc.emergingthreats.net/2008222
1 || 2008223 || 4 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Checkin (FYWL) || url,doc.emergingthreats.net/2008223
1 || 2008224 || 4 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Checkin (XYLL) || url,doc.emergingthreats.net/2008224
1 || 2008225 || 8 || web-application-attack || 0 || ET ACTIVEX Possible Universal HTTP Image/File Upload ActiveX Remote File Deletion Exploit || url,www.milw0rm.com/exploits/5569 || url,doc.emergingthreats.net/2008225
1 || 2008226 || 8 || web-application-attack || 0 || ET ACTIVEX Microsoft Works 7 WkImgSrv.dll ActiveX Remote BOF Exploit || bugtraq,28820 || url,www.milw0rm.com/exploits/5460 || url,www.milw0rm.com/exploits/5530 || url,doc.emergingthreats.net/2008226
1 || 2008228 || 10 || trojan-activity || 0 || ET SCAN Suspicious User-Agent inbound (bot) || url,doc.emergingthreats.net/bin/view/Main/2008228
1 || 2008230 || 2 || misc-activity || 0 || ET SCAN Behavioral Unusually fast outbound Telnet Connections, Potential Scan or Brute Force || url,www.rapid7.com/nexpose-faq-answer2.htm || url,doc.emergingthreats.net/2008230
1 || 2008231 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Mozilla 1.02.45 biz) || url,doc.emergingthreats.net/bin/view/Main/2008231
1 || 2008232 || 5 || trojan-activity || 0 || ET TROJAN Generic Spambot (often Tibs) Post-Infection Checkin (justcount.net likely) || url,doc.emergingthreats.net/2008232
1 || 2008233 || 12 || trojan-activity || 0 || ET TROJAN Common Downloader Install Report URL (farfly checkin) || url,doc.emergingthreats.net/2008233
1 || 2008236 || 3 || trojan-activity || 0 || ET TROJAN Fake.Googlebar or Softcash.org Related Post-Infection Checkin || url,doc.emergingthreats.net/2008236
1 || 2008237 || 3 || trojan-activity || 0 || ET TROJAN Pass Stealer FTP Upload || url,doc.emergingthreats.net/2008237
1 || 2008238 || 4 || policy-violation || 0 || ET POLICY Hotmail Inbox Access || url,doc.emergingthreats.net/2008238
1 || 2008239 || 4 || policy-violation || 0 || ET POLICY Hotmail Message Access || url,doc.emergingthreats.net/2008239
1 || 2008240 || 4 || policy-violation || 0 || ET POLICY Hotmail Compose Message Access || url,doc.emergingthreats.net/2008240
1 || 2008241 || 5 || policy-violation || 0 || ET DELETED Hotmail Compose Message Submit || url,doc.emergingthreats.net/2008241
1 || 2008242 || 4 || policy-violation || 0 || ET POLICY Hotmail Access Full Mode || url,doc.emergingthreats.net/2008242
1 || 2008243 || 5 || trojan-activity || 0 || ET TROJAN my247eshop.com User-Agent || url,doc.emergingthreats.net/2008243
1 || 2008244 || 5 || trojan-activity || 0 || ET TROJAN ProxyBot Phone Home Traffic || url,doc.emergingthreats.net/2008244
1 || 2008245 || 5 || trojan-activity || 0 || ET DELETED Juicopotomous to Controller || url,doc.emergingthreats.net/2008245
1 || 2008246 || 4 || trojan-activity || 0 || ET DELETED Juicopotomous ack from Controller || url,doc.emergingthreats.net/2008246
1 || 2008247 || 5 || trojan-activity || 0 || ET DELETED Juicopotomous ack to Controller || url,doc.emergingthreats.net/2008247
1 || 2008248 || 5 || trojan-activity || 0 || ET TROJAN Cashout Proxy Bot reg_DST || url,doc.emergingthreats.net/2008248
1 || 2008249 || 4 || trojan-activity || 0 || ET TROJAN Knockbot Proxy Checkin || url,doc.emergingthreats.net/2008249
1 || 2008250 || 3 || trojan-activity || 0 || ET TROJAN Winspywareprotect.com Fake AV/Anti-Spyware Install Checkin || url,doc.emergingthreats.net/2008250
1 || 2008251 || 3 || trojan-activity || 0 || ET TROJAN Winspywareprotect.com Fake AV/Anti-Spyware Secondary Checkin || url,doc.emergingthreats.net/2008251
1 || 2008253 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (chek) || url,doc.emergingthreats.net/bin/view/Main/2008253
1 || 2008254 || 4 || trojan-activity || 0 || ET TROJAN Vipdataend/Ceckno C&C Traffic - Checkin || url,doc.emergingthreats.net/2008254
1 || 2008255 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (IE) || url,doc.emergingthreats.net/bin/view/Main/2008255
1 || 2008256 || 7 || trojan-activity || 0 || ET TROJAN Banload HTTP Checkin Detected (envia.php) || url,doc.emergingthreats.net/2008256
1 || 2008257 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Nimo Software HTTP Retriever 1.0) || url,doc.emergingthreats.net/bin/view/Main/2008257
1 || 2008258 || 3 || trojan-activity || 0 || ET TROJAN Hupigon CnC Communication (variant bysj) || url,doc.emergingthreats.net/2008258
1 || 2008259 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (AutoHotkey) || url,doc.emergingthreats.net/bin/view/Main/2008259
1 || 2008260 || 5 || trojan-activity || 0 || ET TROJAN Pointpack.kr Related Trojan Checkin || url,doc.emergingthreats.net/2008260
1 || 2008261 || 4 || trojan-activity || 0 || ET TROJAN Common Spambot HTTP Checkin || url,doc.emergingthreats.net/2008261
1 || 2008262 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (WebForm 1) || url,doc.emergingthreats.net/bin/view/Main/2008262
1 || 2008263 || 13 || trojan-activity || 0 || ET TROJAN DNS Changer HTTP Post Checkin || url,doc.emergingthreats.net/2008263
1 || 2008264 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (opera) || url,doc.emergingthreats.net/bin/view/Main/2008264
1 || 2008266 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Zilla) || url,doc.emergingthreats.net/bin/view/Main/2008266
1 || 2008267 || 8 || trojan-activity || 0 || ET TROJAN Banker.JU Related HTTP Post-infection Checkin || url,doc.emergingthreats.net/2008267
1 || 2008268 || 9 || trojan-activity || 0 || ET DELETED Delf Checkin via HTTP (8) || url,doc.emergingthreats.net/2008268
1 || 2008269 || 3 || trojan-activity || 0 || ET TROJAN Emogen Infection Checkin Initial Packet || url,doc.emergingthreats.net/2008269
1 || 2008270 || 3 || trojan-activity || 0 || ET TROJAN Emogen Infection Checkin CnC Keepalive || url,doc.emergingthreats.net/2008270
1 || 2008271 || 9 || trojan-activity || 0 || ET TROJAN DMSpammer HTTP Post Checkin || url,doc.emergingthreats.net/2008271
1 || 2008273 || 4 || trojan-activity || 0 || ET TROJAN Bifrose Connect to Controller || url,doc.emergingthreats.net/2008273
1 || 2008274 || 4 || trojan-activity || 0 || ET TROJAN Bifrose Response from Controller || url,doc.emergingthreats.net/2008274
1 || 2008275 || 5 || trojan-activity || 0 || ET TROJAN Hitpop Checkin || url,atlas-public.ec2.arbor.net/docs/Hitpop_DDoS_Malware_Analysis_PUBLIC.pdf || url,doc.emergingthreats.net/2008275
1 || 2008276 || 14 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (contains loader) || url,doc.emergingthreats.net/bin/view/Main/2008276
1 || 2008277 || 7 || trojan-activity || 0 || ET TROJAN Pakes Winifixer.com Related Checkin URL || url,doc.emergingthreats.net/2008277
1 || 2008278 || 3 || trojan-activity || 0 || ET DELETED Generic Raider Obfuscated VBScript || url,bbs.duba.net/viewthread.php?tid=21892104&page=1&extra=page=1 || url,doc.emergingthreats.net/2008278
1 || 2008279 || 9 || trojan-activity || 0 || ET MALWARE ZenoSearch Spyware User-Agent || url,doc.emergingthreats.net/2008279
1 || 2008280 || 6 || trojan-activity || 0 || ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL || url,doc.emergingthreats.net/2008280
1 || 2008282 || 5 || trojan-activity || 0 || ET TROJAN Antispywaremaster.com Fake AV Checkin || url,doc.emergingthreats.net/2008282
1 || 2008283 || 9 || trojan-activity || 0 || ET TROJAN Banload HTTP Checkin Detected (quem=) || url,doc.emergingthreats.net/2008283
1 || 2008284 || 3 || misc-activity || 0 || ET POLICY Inbound HTTP CONNECT Attempt on Off-Port || url,doc.emergingthreats.net/2008284
1 || 2008285 || 2 || trojan-activity || 0 || ET TROJAN RLPacked Binary - Likely Hostile || url,rlpack.jezgra.net || url,www.teamfurry.com/wordpress/2007/04/01/unpacking-rlpack/ || url,doc.emergingthreats.net/2008285
1 || 2008289 || 5 || policy-violation || 0 || ET CHAT Possible MSN Messenger File Transfer || url,www.hypothetic.org/docs/msn/client/file_transfer.php || url,doc.emergingthreats.net/2008289
1 || 2008291 || 3 || trojan-activity || 0 || ET TROJAN Win32.Onlinegames.ajok CnC Packet to Server || url,doc.emergingthreats.net/2008291
1 || 2008292 || 3 || trojan-activity || 0 || ET TROJAN Win32.Onlinegames.ajok CnC Packet from Server || url,doc.emergingthreats.net/2008292
1 || 2008294 || 7 || trojan-activity || 0 || ET MALWARE AntiSpywareMaster.com Fake AV User-Agent (AsmUpdater) || url,doc.emergingthreats.net/2008294
1 || 2008295 || 6 || policy-violation || 0 || ET CHAT Gadu-Gadu IM Login Server Request || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008295
1 || 2008297 || 4 || policy-violation || 0 || ET CHAT GaduGadu Chat Server Welcome Packet || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008297
1 || 2008298 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Client Login Packet || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008298
1 || 2008299 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Server Login OK Packet || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008299
1 || 2008300 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Server Login Failed Packet || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008300
1 || 2008301 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Server Available Status Packet || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008301
1 || 2008302 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Send Message || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008302
1 || 2008303 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Receive Message || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008303
1 || 2008304 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Keepalive PING || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008304
1 || 2008305 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat Keepalive PONG || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008305
1 || 2008306 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat File Send Request || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008306
1 || 2008307 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat File Send Details || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008307
1 || 2008308 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat File Send Accept || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008308
1 || 2008309 || 3 || policy-violation || 0 || ET CHAT GaduGadu Chat File Send Begin || url,piotr.trzcionkowski.pl/default.asp?load=/programy/pppgg_protokol.html || url,doc.emergingthreats.net/2008309
1 || 2008310 || 2 || trojan-activity || 0 || ET TROJAN Codesoft PW Stealer Email Report Outbound || url,doc.emergingthreats.net/2008310
1 || 2008311 || 5 || attempted-recon || 0 || ET SCAN Watchfire AppScan Web App Vulnerability Scanner || url,www.watchfire.com/products/appscan/default.aspx || url,doc.emergingthreats.net/2008311
1 || 2008312 || 4 || attempted-recon || 0 || ET SCAN DEBUG Method Request with Command || url,doc.emergingthreats.net/2008312
1 || 2008313 || 7 || web-application-attack || 0 || ET WEB_CLIENT Iframe in Purported Image Download (jpeg) - Likely SQL Injection Attacks Related || url,doc.emergingthreats.net/bin/view/Main/2008313
1 || 2008314 || 7 || web-application-attack || 0 || ET WEB_CLIENT Iframe in Purported Image Download (gif) - Likely SQL Injection Attacks Related || url,doc.emergingthreats.net/bin/view/Main/2008314
1 || 2008315 || 6 || web-application-attack || 0 || ET DELETED Iframe in Purported Image Download (png) - Likely SQL Injection Attacks Related || url,doc.emergingthreats.net/bin/view/Main/2008315
1 || 2008317 || 9 || trojan-activity || 0 || ET TROJAN Hitpop.AG/Pophot.az HTTP Checkin || url,doc.emergingthreats.net/2008317
1 || 2008318 || 5 || trojan-activity || 0 || ET MALWARE Adaware.BarACE Checkin and Update || url,www.symantec.com/security_response/writeup.jsp?docid=2007-021714-2431-99&tabid=2 || url,doc.emergingthreats.net/bin/view/Main/2008318
1 || 2008319 || 6 || trojan-activity || 0 || ET TROJAN Win32.Small.wpx or Related Downloader Posting Data || url,doc.emergingthreats.net/2008319
1 || 2008320 || 2 || trojan-activity || 0 || ET TROJAN Banload Gadu-Gadu CnC Message Detected || url,doc.emergingthreats.net/2008320
1 || 2008321 || 3 || trojan-activity || 0 || ET TROJAN Win32.Small.AB or related Post-infection checkin || url,doc.emergingthreats.net/2008321
1 || 2008322 || 10 || trojan-activity || 0 || ET TROJAN FraudLoad.aww HTTP CnC Post || url,doc.emergingthreats.net/2008322
1 || 2008324 || 6 || trojan-activity || 0 || ET TROJAN Zalupko/Koceg/Mandaph manda.php Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Backdoor%3aWin32%2fKoceg.gen!B || url,www.symantec.com/security_response/writeup.jsp?docid=2008-042816-0445-99&tabid=2 || url,www.threatexpert.com/report.aspx?md5=b2aad8e259cbfdd2ba1fcbf22bcee2e9 || url,doc.emergingthreats.net/2008324
1 || 2008326 || 7 || trojan-activity || 0 || ET TROJAN Banker Infostealer/PRG POST on High Port || url,www.securescience.net/FILES/securescience/10378/pubMalwareCaseStudy.pdf || url,doc.emergingthreats.net/2008326
1 || 2008327 || 2 || trojan-activity || 0 || ET TROJAN Perfect Keylogger FTP Initial Install Log Upload (Null obfuscated) || url,doc.emergingthreats.net/2008327
1 || 2008328 || 7 || trojan-activity || 0 || ET DELETED Banload iLLBrain Trojan Activity || url,doc.emergingthreats.net/2008328
1 || 2008329 || 5 || trojan-activity || 0 || ET TROJAN xpsecuritycenter.com Fake AntiVirus GET-Install Checkin || url,www.symantec.com/security_response/writeup.jsp?docid=2008-051910-0118-99&tabid=1 || url,doc.emergingthreats.net/2008329
1 || 2008330 || 11 || misc-activity || 0 || ET POLICY HTTP CONNECT Tunnel Attempt Outbound || url,doc.emergingthreats.net/2008330
1 || 2008331 || 8 || trojan-activity || 0 || ET TROJAN Banker/Banbra Variant POST via x-www-form-urlencoded || url,doc.emergingthreats.net/2008331
1 || 2008332 || 2 || trojan-activity || 0 || ET TROJAN Steam Pass Stealer FTP Upload || url,doc.emergingthreats.net/2008332
1 || 2008333 || 4 || trojan-activity || 0 || ET TROJAN Lop.gfr/Swizzor HTTP Update/Checkin (usually host-domain-lookup.com related) || url,doc.emergingthreats.net/2008333
1 || 2008334 || 9 || trojan-activity || 0 || ET TROJAN Beizhu/Womble/Vipdataend Checking in with Controller || url,doc.emergingthreats.net/2008334
1 || 2008335 || 7 || trojan-activity || 0 || ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive || url,doc.emergingthreats.net/2008335
1 || 2008336 || 6 || policy-violation || 0 || ET POLICY Eurobarre.us Setup User-Agent || url,doc.emergingthreats.net/2008336
1 || 2008338 || 9 || trojan-activity || 0 || ET TROJAN KLog Nick Keylogger Checkin || url,doc.emergingthreats.net/2008338
1 || 2008339 || 4 || trojan-activity || 0 || ET TROJAN Keypack.co.kr Related Trojan User-Agent Detected || url,doc.emergingthreats.net/2008339
1 || 2008340 || 10 || trojan-activity || 0 || ET TROJAN Lost Door Checkin || url,doc.emergingthreats.net/2008340
1 || 2008341 || 4 || trojan-activity || 0 || ET TROJAN Themida Packed Binary - Likely Hostile || url,www.oreans.com/themida.php || url,cwsandbox.org/?page=samdet&id=164533&password=wnnpi || url,doc.emergingthreats.net/2008341
1 || 2008342 || 11 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ld) || url,doc.emergingthreats.net/bin/view/Main/2008342
1 || 2008343 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (123) || url,doc.emergingthreats.net/bin/view/Main/2008343
1 || 2008344 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (DownloadNetFile) || url,doc.emergingthreats.net/bin/view/Main/2008344
1 || 2008345 || 5 || trojan-activity || 0 || ET TROJAN Dialer.Trojan Activity || url,doc.emergingthreats.net/2008345
1 || 2008346 || 6 || trojan-activity || 0 || ET DELETED Mitglieder Checkin || url,doc.emergingthreats.net/2008346
1 || 2008347 || 8 || successful-recon-limited || 0 || ET TROJAN Swizzor Checkin || url,doc.emergingthreats.net/2008347
1 || 2008348 || 2 || trojan-activity || 0 || ET TROJAN SC-KeyLog Keylogger Installed - Sending Log Email Report || url,www.soft-central.net/keylog.php || url,doc.emergingthreats.net/2008348
1 || 2008349 || 9 || trojan-activity || 0 || ET DELETED Injecter Checkin || url,doc.emergingthreats.net/2008349
1 || 2008350 || 7 || policy-violation || 0 || ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile || url,doc.emergingthreats.net/bin/view/Main/2008350
1 || 2008351 || 4 || policy-violation || 0 || ET POLICY ICP Email Send via HTTP - Often Trojan Install Reports || url,doc.emergingthreats.net/2008351
1 || 2008352 || 9 || trojan-activity || 0 || ET TROJAN CoreFlooder.Q Data Posting || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FCOREFLOOD%2EQ || url,doc.emergingthreats.net/2008352
1 || 2008353 || 8 || trojan-activity || 0 || ET TROJAN CoreFlooder.Q C&C Checkin || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FCOREFLOOD%2EQ || url,doc.emergingthreats.net/2008353
1 || 2008354 || 4 || trojan-activity || 0 || ET DELETED LDPinch Checkin on Port 82 || url,doc.emergingthreats.net/2008354
1 || 2008355 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (angel) || url,doc.emergingthreats.net/bin/view/Main/2008355
1 || 2008356 || 4 || trojan-activity || 0 || ET MALWARE Seekmo.com Spyware Data Upload || url,doc.emergingthreats.net/bin/view/Main/2008356
1 || 2008358 || 5 || trojan-activity || 0 || ET TROJAN Pakes/Cutwail/Kobcka Checkin Detected High Ports || url,doc.emergingthreats.net/2008358
1 || 2008359 || 8 || trojan-activity || 0 || ET TROJAN Unnamed - kuaiche.com related || url,doc.emergingthreats.net/bin/view/Main/2008359
1 || 2008360 || 4 || trojan-activity || 0 || ET TROJAN Steam Steal0r || url,doc.emergingthreats.net/2008360
1 || 2008361 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Accessing) || url,doc.emergingthreats.net/bin/view/Main/2008361
1 || 2008362 || 4 || web-application-activity || 0 || ET SCAN bsqlbf Brute Force SQL Injection || url,code.google.com/p/bsqlbf-v2/ || url,doc.emergingthreats.net/2008362
1 || 2008363 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ISMYIE) || url,doc.emergingthreats.net/bin/view/Main/2008363
1 || 2008364 || 6 || trojan-activity || 0 || ET TROJAN Donkeyp2p Update Detected || url,doc.emergingthreats.net/2008364
1 || 2008365 || 8 || trojan-activity || 0 || ET TROJAN Playtech Downloader Online Gaming Checkin || md5,00740d7d15862efb30629ab1fd7b8242
1 || 2008366 || 4 || trojan-activity || 0 || ET TROJAN LD Pinch Checkin (HTTP POST on port 82) || url,doc.emergingthreats.net/2008366
1 || 2008367 || 8 || trojan-activity || 0 || ET DELETED Possible Windows executable sent when remote host claims to send Javascript || url,doc.emergingthreats.net/bin/view/Main/2008367
1 || 2008368 || 7 || trojan-activity || 0 || ET TROJAN Unknown Keylogger checkin || url,doc.emergingthreats.net/bin/view/Main/2008368
1 || 2008369 || 8 || trojan-activity || 0 || ET TROJAN Keylogger Crack by bahman || url,doc.emergingthreats.net/2008369
1 || 2008370 || 4 || trojan-activity || 0 || ET MALWARE Shopcenter.co.kr Spyware Install Report || url,doc.emergingthreats.net/bin/view/Main/2008370
1 || 2008372 || 10 || trojan-activity || 0 || ET MALWARE Adsincontext.com Related Spyware User-Agent (Connector v1.2) || url,doc.emergingthreats.net/2008372
1 || 2008374 || 15 || trojan-activity || 0 || ET POLICY Suspicious User-Agent (InetURL) || url,doc.emergingthreats.net/bin/view/Main/2008374
1 || 2008375 || 7 || trojan-activity || 0 || ET MALWARE Gooochi Related Spyware Ad pull || url,www.threatexpert.com/reports.aspx?find=ads.gooochi.biz || url,doc.emergingthreats.net/bin/view/Main/2008375
1 || 2008376 || 5 || trojan-activity || 0 || ET TROJAN RegHelper Installation || url,doc.emergingthreats.net/2008376
1 || 2008377 || 5 || trojan-activity || 0 || ET TROJAN Virtumod/Agent.ufv/Virtumonde Get Request || url,doc.emergingthreats.net/2008377
1 || 2008378 || 11 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ErrCode) || url,doc.emergingthreats.net/bin/view/Main/2008378
1 || 2008379 || 5 || trojan-activity || 0 || ET TROJAN Swizzor Checkin (kgen_up) || url,doc.emergingthreats.net/2008379
1 || 2008380 || 2 || trojan-activity || 0 || ET TROJAN Poison Ivy Key Exchange with CnC Init || url,doc.emergingthreats.net/2008380
1 || 2008381 || 2 || trojan-activity || 0 || ET TROJAN Poison Ivy Key Exchange with CnC Response || url,doc.emergingthreats.net/2008381
1 || 2008382 || 6 || trojan-activity || 0 || ET TROJAN Piptea.a Related Trojan Checkin (1) || url,doc.emergingthreats.net/2008382
1 || 2008383 || 6 || trojan-activity || 0 || ET TROJAN Piptea.a Related Trojan Checkin (2) || url,doc.emergingthreats.net/2008383
1 || 2008384 || 6 || trojan-activity || 0 || ET TROJAN Piptea.a Related Trojan Checkin (3) || url,doc.emergingthreats.net/2008384
1 || 2008386 || 4 || trojan-activity || 0 || ET TROJAN Zlob HTTP Checkin || url,doc.emergingthreats.net/2008386
1 || 2008387 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Possible ASPROX Hostile JS Being Served by a Local Webserver (/ngg.js) || url,doc.emergingthreats.net/bin/view/Main/2008387 || url,infosec20.blogspot.com/2008/07/asprox-payload-morphed.html
1 || 2008388 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible ASPROX Hostile JS Being Served by a Local Webserver (/b.js) || url,doc.emergingthreats.net/bin/view/Main/2008388
1 || 2008389 || 2 || trojan-activity || 0 || ET DELETED Likely Hupigon Post to Controller || url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml || url,doc.emergingthreats.net/2008389
1 || 2008390 || 2 || trojan-activity || 0 || ET DELETED Hupigon Response from Controller (YES - ~~@@) || url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml || url,doc.emergingthreats.net/2008390
1 || 2008391 || 11 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (svchost) || url,doc.emergingthreats.net/bin/view/Main/2008391
1 || 2008393 || 3 || trojan-activity || 0 || ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL (2) || url,doc.emergingthreats.net/2008393
1 || 2008395 || 4 || trojan-activity || 0 || ET TROJAN 3alupKo/Win32.Socks.n Related Checkin URL (3) || url,doc.emergingthreats.net/2008395
1 || 2008396 || 4 || trojan-activity || 0 || ET TROJAN Zlob Initial Check-in Version 2 (confirm.php?sid=) || url,doc.emergingthreats.net/2008396
1 || 2008397 || 5 || trojan-activity || 0 || ET TROJAN Fullspace.cc or Related Checkin (1) || url,doc.emergingthreats.net/2008397
1 || 2008398 || 5 || trojan-activity || 0 || ET TROJAN Fullspace.cc or Related Checkin (2) || url,doc.emergingthreats.net/2008398
1 || 2008399 || 6 || trojan-activity || 0 || ET TROJAN contacy.info Trojan Checkin (User agent clk_jdfhid) || url,doc.emergingthreats.net/2008399
1 || 2008400 || 10 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ReadFileURL) || url,doc.emergingthreats.net/bin/view/Main/2008400
1 || 2008402 || 3 || trojan-activity || 0 || ET MALWARE Realtimegaming.com Online Casino Spyware Gaming Checkin || url,doc.emergingthreats.net/bin/view/Main/2008402
1 || 2008405 || 5 || trojan-activity || 0 || ET TROJAN Obitel trojan calling home || url,www.abuse.ch/?p=143 || url,doc.emergingthreats.net/2008405
1 || 2008406 || 8 || trojan-activity || 0 || ET POLICY RemoteSpy.com Upload Detect || url,doc.emergingthreats.net/2008406
1 || 2008407 || 5 || web-application-attack || 0 || ET ACTIVEX Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download (1) || bugtraq,30114 || url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html || url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html || url,doc.emergingthreats.net/bin/view/Main/2008407
1 || 2008408 || 5 || web-application-attack || 0 || ET ACTIVEX Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download (2) || bugtraq,30114 || url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html || url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html || url,doc.emergingthreats.net/bin/view/Main/2008408
1 || 2008409 || 4 || web-application-attack || 0 || ET ACTIVEX Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download (3) || bugtraq,30114 || url,downloads.securityfocus.com/vulnerabilities/exploits/30114.html || url,pstgroup.blogspot.com/2008/07/exploitmicrosoft-office-snapshot-viewer.html || url,doc.emergingthreats.net/bin/view/Main/2008409
1 || 2008411 || 5 || trojan-activity || 0 || ET TROJAN LDPinch SMTP Password Report with mail client The Bat! || url,doc.emergingthreats.net/2008411
1 || 2008412 || 5 || trojan-activity || 0 || ET TROJAN Trojan-Dropper.Win32.Small.avu HTTP Checkin || url,doc.emergingthreats.net/2008412
1 || 2008413 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (PcPcUpdater) || url,doc.emergingthreats.net/bin/view/Main/2008413
1 || 2008414 || 2 || attempted-recon || 0 || ET SCAN Cisco Torch TFTP Scan || url,www.hackingexposedcisco.com/?link=tools || url,www.securiteam.com/tools/5EP0F1FEUA.html || url,doc.emergingthreats.net/2008414
1 || 2008415 || 9 || attempted-recon || 0 || ET SCAN Cisco Torch IOS HTTP Scan || url,www.hackingexposedcisco.com/?link=tools || url,www.securiteam.com/tools/5EP0F1FEUA.html || url,doc.emergingthreats.net/2008415
1 || 2008416 || 6 || attempted-recon || 0 || ET SCAN Httprint Web Server Fingerprint Scan || url,www.net-square.com/httprint/ || url,www.net-square.com/httprint/httprint_paper.html || url,doc.emergingthreats.net/2008416
1 || 2008417 || 8 || attempted-recon || 0 || ET SCAN Wapiti Web Server Vulnerability Scan || url,wapiti.sourceforge.net/ || url,doc.emergingthreats.net/2008417
1 || 2008418 || 5 || misc-activity || 0 || ET POLICY Metasploit Framework Update || url,www.metasploit.com/framework/ || url,www.ethicalhacker.net/content/view/29/24/ || url,doc.emergingthreats.net/2008418
1 || 2008419 || 4 || trojan-activity || 0 || ET MALWARE Advert-network.com Related Spyware Updating || url,doc.emergingthreats.net/bin/view/Main/2008419
1 || 2008420 || 3 || trojan-activity || 0 || ET TROJAN HTTP GET Request on port 53 - Very Likely Hostile || url,doc.emergingthreats.net/2008420
1 || 2008422 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Inet_read) || url,doc.emergingthreats.net/bin/view/Main/2008422
1 || 2008423 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (CFS Agent) || url,doc.emergingthreats.net/bin/view/Main/2008423
1 || 2008424 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (CFS_DOWNLOAD) || url,doc.emergingthreats.net/bin/view/Main/2008424
1 || 2008425 || 6 || trojan-activity || 0 || ET MALWARE Advert-network.com Related Spyware Checking for Updates || url,doc.emergingthreats.net/bin/view/Main/2008425
1 || 2008426 || 4 || misc-attack || 0 || ET EXPLOIT SecurityGateway 1.0.1 Remote Buffer Overflow || url,frsirt.com/english/advisories/2008/1717 || url,milw0rm.com/exploits/5718 || url,doc.emergingthreats.net/bin/view/Main/2008426 || cve,2008-4193
1 || 2008427 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (AdiseExplorer) || url,doc.emergingthreats.net/bin/view/Main/2008427
1 || 2008428 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (HTTP Downloader) || url,doc.emergingthreats.net/bin/view/Main/2008428
1 || 2008429 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (HttpDownload) || url,doc.emergingthreats.net/bin/view/Main/2008429
1 || 2008430 || 5 || trojan-activity || 0 || ET TROJAN Win32.Dialer.buv Sending Information Home || url,doc.emergingthreats.net/2008430
1 || 2008431 || 5 || trojan-activity || 0 || ET TROJAN PWS.Gamania Checkin || url,doc.emergingthreats.net/2008431
1 || 2008433 || 8 || trojan-activity || 0 || ET TROJAN Pandex checkin detected || url,doc.emergingthreats.net/2008433
1 || 2008434 || 8 || trojan-activity || 0 || ET TROJAN Coreflood/AFcore Trojan Infection || url,www.secureworks.com/research/threats/coreflood || url,doc.emergingthreats.net/2008434
1 || 2008435 || 2 || trojan-activity || 0 || ET TROJAN Win32.Testlink Trojan Speed Test Start port 8888 || url,doc.emergingthreats.net/2008435
1 || 2008436 || 3 || trojan-activity || 0 || ET TROJAN Win32.Testlink Trojan Speed Test port 8888 || url,doc.emergingthreats.net/2008436
1 || 2008437 || 2 || trojan-activity || 0 || ET TROJAN Win32.Testlink Trojan Checkin port 8888 || url,doc.emergingthreats.net/2008437
1 || 2008438 || 13 || trojan-activity || 0 || ET MALWARE Possible Windows executable sent when remote host claims to send a Text File || url,doc.emergingthreats.net/bin/view/Main/2008438
1 || 2008439 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AlstraSoft Affiliate Network Pro (pgm) Parameter SQL Injection || bugtraq,30259 || url,milw0rm.com/exploits/6087 || url,doc.emergingthreats.net/2008439
1 || 2008440 || 11 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Download App) || url,doc.emergingthreats.net/bin/view/Main/2008440
1 || 2008441 || 8 || trojan-activity || 0 || ET TROJAN Win32 Dialer Variant || url,doc.emergingthreats.net/2008441
1 || 2008442 || 8 || trojan-activity || 0 || ET TROJAN Rootkit.Win32.Clbd.cz Checkin || url,doc.emergingthreats.net/2008442
1 || 2008443 || 9 || trojan-activity || 0 || ET TROJAN Coreflood/AFcore Trojan Infection (2) || url,www.secureworks.com/research/threats/coreflood || url,doc.emergingthreats.net/2008443
1 || 2008444 || 3 || suspicious-filename-detect || 0 || ET EXPLOIT PWDump4 Password dumping exe copied to victim || url,xinn.org/Snort-pwdump4.html || url,doc.emergingthreats.net/bin/view/Main/2008444
1 || 2008445 || 3 || suspicious-filename-detect || 0 || ET EXPLOIT Pwdump6 Session Established test file created on victim || url,xinn.org/Snort-pwdump6.html || url,doc.emergingthreats.net/bin/view/Main/2008445
1 || 2008446 || 9 || bad-unknown || 0 || ET DNS Excessive DNS Responses with 1 or more RR's (100+ in 10 seconds) - possible Cache Poisoning Attempt || url,doc.emergingthreats.net/bin/view/Main/2008446
1 || 2008447 || 7 || bad-unknown || 0 || ET DNS Query Responses with 3 RR's set (50+ in 2 seconds) - possible NS RR Cache Poisoning Attempt || url,infosec20.blogspot.com/2008/07/kaminsky-dns-cache-poisoning-poc.html || url,doc.emergingthreats.net/bin/view/Main/2008447
1 || 2008449 || 2 || trojan-activity || 0 || ET TROJAN Keylogger.ane Checkin || url,doc.emergingthreats.net/2008449
1 || 2008450 || 5 || trojan-activity || 0 || ET TROJAN Donbot Connect to CnC || url,doc.emergingthreats.net/2008450 || url,blog.fireeye.com/research/2009/10/a-little_more_on_donbot.html || url,www.avertlabs.com/research/blog/index.php/2009/04/05/donbot-joining-the-club-of-million-dollar-botnets/
1 || 2008451 || 3 || trojan-activity || 0 || ET TROJAN Donbot Report to CnC || url,blog.fireeye.com/research/2009/10/a-little_more_on_donbot.html || url,www.avertlabs.com/research/blog/index.php/2009/04/05/donbot-joining-the-club-of-million-dollar-botnets/ || url,doc.emergingthreats.net/2008451
1 || 2008452 || 10 || trojan-activity || 0 || ET DELETED Emo/Downloader.uxk checkin || url,doc.emergingthreats.net/2008452
1 || 2008453 || 7 || web-application-attack || 0 || ET SCAN Tomcat Auth Brute Force attempt (admin) || url,doc.emergingthreats.net/2008453
1 || 2008454 || 7 || web-application-attack || 0 || ET SCAN Tomcat Auth Brute Force attempt (tomcat) || url,doc.emergingthreats.net/2008454
1 || 2008455 || 6 || web-application-attack || 0 || ET SCAN Tomcat Auth Brute Force attempt (manager) || url,doc.emergingthreats.net/2008455
1 || 2008456 || 5 || trojan-activity || 0 || ET MALWARE EMO/PCPrivacyCleaner Rougue Secuirty App GET Checkin || url,www.spywaresignatures.com/details/pcprivacycleaner.pdf || url,doc.emergingthreats.net/bin/view/Main/2008456
1 || 2008457 || 9 || trojan-activity || 0 || ET MALWARE Deepdo Toolbar User-Agent (FavUpdate) || url,research.sunbelt-software.com/threatdisplay.aspx?name=Deepdo%20Toolbar&threatid=129378 || url,doc.emergingthreats.net/2008457
1 || 2008458 || 8 || trojan-activity || 0 || ET TROJAN Downloader UserAgent(AutoDL\/1.0) || url,doc.emergingthreats.net/2008458
1 || 2008460 || 10 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (hacker) || url,doc.emergingthreats.net/bin/view/Main/2008460
1 || 2008461 || 6 || trojan-activity || 0 || ET TROJAN Rouge Security Software Win32.BHO.egw || url,research.sunbelt-software.com/threatdisplay.aspx?name=Trojan.Win32.BHO.egw&threatid=313636 || url,doc.emergingthreats.net/2008461
1 || 2008463 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ieguideupdate) || url,doc.emergingthreats.net/bin/view/Main/2008463
1 || 2008464 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (adsntD) || url,doc.emergingthreats.net/bin/view/Main/2008464
1 || 2008465 || 2 || trojan-activity || 0 || ET TROJAN Backdoor Possible Backdoor.Cow Varient (Backdoor.Win32.Agent.lam) C&C traffic || url,doc.emergingthreats.net/2008465
1 || 2008467 || 5 || attempted-admin || 0 || ET WEB_SERVER Possible SQL Injection Attempt Danmec related (declare) || url,doc.emergingthreats.net/2008467
1 || 2008468 || 4 || trojan-activity || 0 || ET DELETED LDPinch Checkin Flowbit set || url,doc.emergingthreats.net/2008468
1 || 2008469 || 7 || trojan-activity || 0 || ET DELETED LDPinch Checkin v2 || url,doc.emergingthreats.net/2008469
1 || 2008470 || 6 || bad-unknown || 0 || ET DNS Excessive NXDOMAIN responses - Possible DNS Backscatter or Domain Generation Algorithm Lookups || url,doc.emergingthreats.net/bin/view/Main/2008470
1 || 2008471 || 4 || trojan-activity || 0 || ET TROJAN HotLan.C Spambot C&C download command || url,doc.emergingthreats.net/2008471
1 || 2008472 || 4 || policy-violation || 0 || ET POLICY Netviewer.com Remote Control Proxy Test || url,doc.emergingthreats.net/2008472
1 || 2008473 || 9 || trojan-activity || 0 || ET TROJAN HotLan.C Spambot Trojan Activity || url,doc.emergingthreats.net/2008473
1 || 2008474 || 4 || trojan-activity || 0 || ET MALWARE Adware.Look2Me Activity || url,doc.emergingthreats.net/bin/view/Main/2008474
1 || 2008475 || 4 || bad-unknown || 0 || ET DNS Query Responses with 3 RR's set (50+ in 2 seconds) - possible A RR Cache Poisoning Attempt || url,infosec20.blogspot.com/2008/07/kaminsky-dns-cache-poisoning-poc.html || url,doc.emergingthreats.net/bin/view/Main/2008475
1 || 2008476 || 3 || suspicious-filename-detect || 0 || ET EXPLOIT Foofus.net Password dumping, dll injection || url,xinn.org/Snort-fgdump.html || url,doc.emergingthreats.net/bin/view/Main/2008476
1 || 2008477 || 6 || trojan-activity || 0 || ET TROJAN Banload POST Checkin (dados) || url,doc.emergingthreats.net/2008477
1 || 2008481 || 3 || trojan-activity || 0 || ET TROJAN Trojan-PSW.Win32.Nilage.crg Checkin || url,doc.emergingthreats.net/2008481
1 || 2008482 || 4 || trojan-activity || 0 || ET TROJAN thespybot.com installation download detected || url,doc.emergingthreats.net/2008482
1 || 2008483 || 8 || trojan-activity || 0 || ET TROJAN Win32/Antivirus2008 || url,doc.emergingthreats.net/2008483
1 || 2008484 || 7 || trojan-activity || 0 || ET MALWARE Cleancop.co.kr Fake AV User-Agent (CleancopUpdate) || url,doc.emergingthreats.net/2008484
1 || 2008485 || 7 || trojan-activity || 0 || ET MALWARE Searchtool.co.kr Fake Product User-Agent (searchtoolup) || url,doc.emergingthreats.net/2008485
1 || 2008488 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (NULL) || url,doc.emergingthreats.net/bin/view/Main/2008488
1 || 2008489 || 9 || policy-violation || 0 || ET POLICY Suspicious User-Agent (dwplayer) || url,doc.emergingthreats.net/bin/view/Main/2008489
1 || 2008490 || 7 || trojan-activity || 0 || ET TROJAN Dialer.Win32.E-Group.n Checkin || url,doc.emergingthreats.net/2008490
1 || 2008491 || 3 || trojan-activity || 0 || ET DELETED Banker.OT Checkin (2 packet) || url,doc.emergingthreats.net/2008491
1 || 2008492 || 5 || trojan-activity || 0 || ET TROJAN Win32.Downloader.pgp Checkin || url,doc.emergingthreats.net/2008492
1 || 2008493 || 6 || trojan-activity || 0 || ET TROJAN Pushdo Checkin || url,doc.emergingthreats.net/2008493
1 || 2008494 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ieagent) || url,doc.emergingthreats.net/bin/view/Main/2008494
1 || 2008495 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (antispyprogram) || url,doc.emergingthreats.net/bin/view/Main/2008495
1 || 2008500 || 7 || trojan-activity || 0 || ET MALWARE Sogoul.com Spyware User-Agent (SogouIMEMiniSetup) || url,doc.emergingthreats.net/2008500
1 || 2008502 || 5 || trojan-activity || 0 || ET TROJAN Antispywareexpert.com Fake AS Install Checkin || url,doc.emergingthreats.net/2008502
1 || 2008503 || 8 || policy-violation || 0 || ET MALWARE ZCOM Adware/Spyware User-Agent (ZCOM Software)
1 || 2008504 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (SUiCiDE/1.5) || url,doc.emergingthreats.net/bin/view/Main/2008504
1 || 2008506 || 9 || trojan-activity || 0 || ET TROJAN Trojan-PWS.Win32.VB.tr Checkin Detected || url,doc.emergingthreats.net/2008506
1 || 2008507 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.fdi Bot Reporting to Controller || url,doc.emergingthreats.net/2008507
1 || 2008509 || 3 || trojan-activity || 0 || ET TROJAN VirtualProtect Packed Binary - Likely Hostile || url,bits.packetninjas.org/eblog/?p=3 || url,doc.emergingthreats.net/2008509
1 || 2008510 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (\xa2\xa2HttpClient) || url,doc.emergingthreats.net/bin/view/Main/2008510
1 || 2008511 || 5 || trojan-activity || 0 || ET TROJAN Win32/Antivirus2008 Fake AV Install Report || url,doc.emergingthreats.net/2008511
1 || 2008512 || 13 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (C slash)
1 || 2008513 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (msIE 7.0) || url,doc.emergingthreats.net/bin/view/Main/2008513
1 || 2008514 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (AVP2006IE) || url,doc.emergingthreats.net/bin/view/Main/2008514
1 || 2008515 || 8 || trojan-activity || 0 || ET TROJAN Hupigon.AZG Checkin || url,www.pandasecurity.com/homeusers/security-info/about-malware/encyclopedia/overview.aspx?idvirus=143511&sind=0 || url,vil.nai.com/vil/content/v_145056.htm || url,doc.emergingthreats.net/2008515
1 || 2008516 || 5 || trojan-activity || 0 || ET TROJAN XPantivirus2008 Download || url,www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/page4.html || url,seo.mhvt.net/blog/?p=390 || url,virscan.org/report/a61cd44fc387188da2ee3fbdeda10782.html || url,doc.emergingthreats.net/2008516
1 || 2008517 || 2 || attempted-user || 0 || ET EXPLOIT SQL sp_configure - configuration change || url,msdn.microsoft.com/en-us/library/ms190693.aspx || url,doc.emergingthreats.net/bin/view/Main/2008517
1 || 2008518 || 2 || attempted-user || 0 || ET EXPLOIT SQL sp_configure attempt || url,msdn.microsoft.com/en-us/library/ms190693.aspx || url,doc.emergingthreats.net/bin/view/Main/2008518
1 || 2008519 || 6 || trojan-activity || 0 || ET TROJAN Win32.Agent.zrm/Infostealer.Bancos Checkin || url,doc.emergingthreats.net/2008519
1 || 2008520 || 5 || trojan-activity || 0 || ET DELETED Sinowal/Mebroot/Torpig Client POST || url,doc.emergingthreats.net/2008520
1 || 2008521 || 3 || trojan-activity || 0 || ET TROJAN Keylogger Infection Report via POST || url,doc.emergingthreats.net/2008521
1 || 2008522 || 3 || trojan-activity || 0 || ET TROJAN Stpage Checkin (nomodem) || url,doc.emergingthreats.net/2008522
1 || 2008523 || 8 || trojan-activity || 0 || ET TROJAN Proxy.Win32.Fackemo.g/Katusha/FakeAlert Checkin || md5,29457bd7a95e11bfd0e614a6e237a344 || md5,173a060ed791e620c2ec84d7b360ed60 || url,www.bugbopper.com/NameLookup.asp?Name=Packed_Win32_TDSS_o
1 || 2008524 || 2 || misc-activity || 0 || ET DELETED Milw0rm Exploit Archive Download || url,www.milw0rm.com || url,doc.emergingthreats.net/2008524
1 || 2008525 || 2 || misc-activity || 0 || ET DELETED Packetstormsecurity Exploits Of The Month Download || url,www.packetstormsecurity.org || url,doc.emergingthreats.net/2008525
1 || 2008526 || 5 || attempted-recon || 0 || ET SCAN Smap VOIP Device Scan || url,www.go2linux.org/smap-find-voip-enabled-devices || url,doc.emergingthreats.net/2008526
1 || 2008527 || 5 || trojan-activity || 0 || ET TROJAN Virusremover2008.com Checkin || url,doc.emergingthreats.net/2008527
1 || 2008529 || 6 || web-application-activity || 0 || ET SCAN Core-Project Scanning Bot UA Detected
1 || 2008531 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Infected System Looking up chr.santa-inbox.com CnC Server || url,doc.emergingthreats.net/bin/view/Main/2008531
1 || 2008532 || 3 || trojan-activity || 0 || ET TROJAN Bifrose Connect to Controller (variant 2) || url,doc.emergingthreats.net/2008532
1 || 2008533 || 3 || policy-violation || 0 || ET POLICY Possible External Ultrasurf Anonymizer DNS Query || url,doc.emergingthreats.net/2008533
1 || 2008536 || 6 || attempted-recon || 0 || ET DELETED Halberd Load Balanced Webserver Detection Scan || url,www.halberd.superadditive.com || url,doc.emergingthreats.net/2008536
1 || 2008537 || 6 || attempted-recon || 0 || ET SCAN Hmap Webserver Fingerprint Scan || url,www.ujeni.murkyroc.com/hmap/ || url,doc.emergingthreats.net/2008537
1 || 2008538 || 6 || attempted-recon || 0 || ET SCAN Sqlmap SQL Injection Scan || url,sqlmap.sourceforge.net || url,doc.emergingthreats.net/2008538
1 || 2008540 || 4 || trojan-activity || 0 || ET TROJAN Hupigon.dkxh Checkin to CnC || url,doc.emergingthreats.net/2008540
1 || 2008541 || 7 || trojan-activity || 0 || ET TROJAN Bravix Checkin || url,doc.emergingthreats.net/2008541
1 || 2008542 || 7 || attempted-user || 0 || ET SCADA CitectSCADA ODBC Overflowflow Attempt || cve,2008-2639 || url,www.digitalbond.com/index.php/2008/09/08/ids-signature-for-citect-vuln/ || url,digitalbond.com/tools/quickdraw/vulnerability-rules
1 || 2008543 || 2 || not-suspicious || 0 || ET POLICY Known SSL traffic on port 995 (imaps) being excluded from SSL Alerts || url,doc.emergingthreats.net/2008543
1 || 2008544 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (winlogon) || url,doc.emergingthreats.net/bin/view/Main/2008544
1 || 2008545 || 3 || trojan-activity || 0 || ET TROJAN Social-bos.biz related trojan checkin (trackid=hex) || url,doc.emergingthreats.net/2008545
1 || 2008546 || 6 || trojan-activity || 0 || ET DELETED Emo/Downloader.vr Checkin || url,doc.emergingthreats.net/2008546 || url,www.malwaredomainlist.com/mdl.php?search=emo+&colsearch=All&quantity=50
1 || 2008547 || 3 || trojan-activity || 0 || ET TROJAN PECompact2 Packed Binary - Likely Hostile || url,www.bitsum.com/pecompact.shtml || url,bits.packetninjas.org/eblog/?p=306 || url,doc.emergingthreats.net/2008547
1 || 2008549 || 13 || trojan-activity || 0 || ET MALWARE Systemdoctor.com/Antivir2008 related Fake Anti-Virus User-Agent (AntivirXP) || url,www.wiki-security.com/wiki/Parasite/Antivirus2008 || url,doc.emergingthreats.net/2008549
1 || 2008550 || 5 || trojan-activity || 0 || ET TROJAN General Bot HTTP CnC Pattern || url,doc.emergingthreats.net/2008550
1 || 2008551 || 3 || trojan-activity || 0 || ET TROJAN Banito/Agent.pb Pass Stealer Email Report Outbound || url,doc.emergingthreats.net/2008551
1 || 2008556 || 6 || trojan-activity || 0 || ET ATTACK_RESPONSE FTP CWD to windows system32 - Suspicious || url,doc.emergingthreats.net/bin/view/Main/2008556
1 || 2008557 || 2 || trojan-activity || 0 || ET DELETED Likely EXE Cryptor Packed Binary - Likely Malware || url,bits.packetninjas.org || url,doc.emergingthreats.net/2008557
1 || 2008558 || 7 || trojan-activity || 0 || ET MALWARE iwin.com Games/Spyware User-Agent (iWin GameInfo Installer Helper) || url,doc.emergingthreats.net/2008558
1 || 2008559 || 7 || trojan-activity || 0 || ET ATTACK_RESPONSE Windows LMHosts File Download - Likely DNSChanger Infection || url,doc.emergingthreats.net/bin/view/Main/2008559
1 || 2008560 || 2 || misc-activity || 0 || ET SCAN NNG MS02-039 Exploit False Positive Generator - May Conceal A Genuine Attack || url,packetstormsecurity.nl/filedesc/nng-4.13r-public.rar.html || url,doc.emergingthreats.net/2008560
1 || 2008561 || 3 || misc-activity || 0 || ET POLICY External Unencrypted Connection To Aanval Console || url,www.aanval.com || url,doc.emergingthreats.net/bin/view/Main/2008561
1 || 2008562 || 3 || unknown || 0 || ET TROJAN Suspicious SMTP handshake outbound || url,doc.emergingthreats.net/bin/view/Main/2008562
1 || 2008563 || 3 || unknown || 0 || ET TROJAN Suspicious SMTP handshake reply || url,doc.emergingthreats.net/bin/view/Main/2008563
1 || 2008564 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Internet HTTP Request) || url,doc.emergingthreats.net/bin/view/Main/2008564
1 || 2008567 || 5 || trojan-activity || 0 || ET TROJAN Win32.Crypt.nc Checkin || url,doc.emergingthreats.net/2008567
1 || 2008568 || 3 || attempted-recon || 0 || ET SCAN Voiper Toolkit Torturer Scan || url,sourceforge.net/projects/voiper || url,doc.emergingthreats.net/2008568
1 || 2008569 || 3 || misc-activity || 0 || ET POLICY External Unencrypted Connection to Ossec WUI || url,www.ossec.net || url,doc.emergingthreats.net/2008569
1 || 2008570 || 3 || misc-activity || 0 || ET POLICY External Unencrypted Connection to BASE Console || url,base.secureideas.net || url,doc.emergingthreats.net/bin/view/Main/2008570
1 || 2008571 || 5 || attempted-recon || 0 || ET SCAN Acunetix Version 6 Crawl/Scan Detected || url,www.acunetix.com/ || url,doc.emergingthreats.net/2008571
1 || 2008572 || 3 || trojan-activity || 0 || ET POLICY External MYSQL Server Connection || url,doc.emergingthreats.net/2008572
1 || 2008573 || 3 || trojan-activity || 0 || ET TROJAN Viruscatch.co.kr/Win32.Small.hvd Mysql Command and Control Connection (user viruscatch) || url,doc.emergingthreats.net/2008573
1 || 2008575 || 4 || trojan-activity || 0 || ET POLICY ASProtect/ASPack Packed Binary || url,www.aspack.com/downloads.aspx || url,bits.packetninjas.org/eblog/ || url,doc.emergingthreats.net/2008575
1 || 2008576 || 5 || trojan-activity || 0 || ET DELETED TinyPE Binary - Possibly Hostile || url,www.phreedom.org/solar/code/tinype/ || url,www.packetninjas.net/blog/2008/11/20/ids-signature-for-extremely-small-portable-executable-files.html || url,doc.emergingthreats.net/2008576
1 || 2008577 || 3 || attempted-recon || 0 || ET SCAN Voiper Fuzzing Scan || url,sourceforge.net/projects/voiper || url,doc.emergingthreats.net/2008577
1 || 2008578 || 4 || attempted-recon || 0 || ET SCAN Sipvicious Scan || url,blog.sipvicious.org || url,doc.emergingthreats.net/2008578
1 || 2008579 || 4 || attempted-recon || 0 || ET SCAN Sipp SIP Stress Test Detected || url,sourceforge.net/projects/sipp/ || url,doc.emergingthreats.net/2008579
1 || 2008580 || 5 || trojan-activity || 0 || ET TROJAN Trojan Sinowal/Torpig Phoning Home || url,doc.emergingthreats.net/2008580
1 || 2008581 || 3 || policy-violation || 0 || ET P2P BitTorrent DHT ping request || url,wiki.theory.org/BitTorrentDraftDHTProtocol || url,doc.emergingthreats.net/bin/view/Main/2008581
1 || 2008582 || 7 || policy-violation || 0 || ET P2P BitTorrent DHT find_node request || url,wiki.theory.org/BitTorrentDraftDHTProtocol || url,doc.emergingthreats.net/bin/view/Main/2008582
1 || 2008583 || 4 || policy-violation || 0 || ET P2P BitTorrent DHT nodes reply || url,wiki.theory.org/BitTorrentDraftDHTProtocol || url,doc.emergingthreats.net/bin/view/Main/2008583
1 || 2008584 || 5 || policy-violation || 0 || ET P2P BitTorrent DHT get_peers request || url,wiki.theory.org/BitTorrentDraftDHTProtocol || url,doc.emergingthreats.net/bin/view/Main/2008584
1 || 2008585 || 4 || policy-violation || 0 || ET P2P BitTorrent DHT announce_peers request || url,wiki.theory.org/BitTorrentDraftDHTProtocol || url,doc.emergingthreats.net/bin/view/Main/2008585
1 || 2008586 || 8 || trojan-activity || 0 || ET USER_AGENTS Casino Related Spyware User-Agent Detected (Viper 4.0) || url,doc.emergingthreats.net/2008586
1 || 2008587 || 3 || trojan-activity || 0 || ET TROJAN TroDjan 2.0 Infection Report || url,doc.emergingthreats.net/2008587
1 || 2008588 || 2 || trojan-activity || 0 || ET TROJAN TroDjan 2.0 FTP Channel Open Command || url,doc.emergingthreats.net/2008588
1 || 2008589 || 2 || trojan-activity || 0 || ET POLICY FTP Conversation on Low Port - Likely Hostile (TYPE A) || url,doc.emergingthreats.net/2008589
1 || 2008590 || 2 || trojan-activity || 0 || ET POLICY FTP Conversation on Low Port - Likely Hostile (PASV) || url,doc.emergingthreats.net/2008590
1 || 2008591 || 3 || policy-violation || 0 || ET P2P Ares Server Connection || url,aresgalaxy.sourceforge.net || url,doc.emergingthreats.net/bin/view/Main/2008591
1 || 2008592 || 4 || trojan-activity || 0 || ET TROJAN Nbar.co.kr Related Trojan Checkin || url,doc.emergingthreats.net/2008592
1 || 2008594 || 8 || trojan-activity || 0 || ET MALWARE ezday.co.kr Related Spyware User-Agent (Ezshop) || url,doc.emergingthreats.net/2008594
1 || 2008595 || 8 || policy-violation || 0 || ET P2P SoulSeek P2P Server Connection || url,www.slsknet.org || url,doc.emergingthreats.net/2008595
1 || 2008597 || 3 || attempted-recon || 0 || ET SCAN Cisco Torch SNMP Scan || url,www.hackingexposedcisco.com/?link=tools || url,www.securiteam.com/tools/5EP0F1FEUA.html || url,doc.emergingthreats.net/2008597
1 || 2008598 || 3 || attempted-recon || 0 || ET SCAN Sipsak SIP scan || url,sipsak.org/ || url,doc.emergingthreats.net/2008598
1 || 2008600 || 8 || trojan-activity || 0 || ET DELETED Suspicious User-Agent Detected (Windows+NT) || url,doc.emergingthreats.net/bin/view/Main/2008600
1 || 2008601 || 2 || trojan-activity || 0 || ET TROJAN Visual Shock Keylogger Reporting to Controller || url,research.sunbelt-software.com/threatdisplay.aspx?threatid=42573 || url,doc.emergingthreats.net/2008601
1 || 2008602 || 2 || trojan-activity || 0 || ET TROJAN Visual Shock Keylogger Reporting Idle to Controller || url,research.sunbelt-software.com/threatdisplay.aspx?threatid=42573 || url,doc.emergingthreats.net/2008602
1 || 2008603 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Detected (RLMultySocket) || url,doc.emergingthreats.net/bin/view/Main/2008603
1 || 2008605 || 3 || attempted-recon || 0 || ET SCAN Stompy Web Application Session Scan || url,www.darknet.org.uk/2007/03/stompy-the-web-application-session-analyzer-tool/ || url,doc.emergingthreats.net/2008605
1 || 2008606 || 3 || attempted-recon || 0 || ET SCAN Enumiax Inter-Asterisk Exchange Protocol Username Scan || url,sourceforge.net/projects/enumiax/ || url,doc.emergingthreats.net/2008606
1 || 2008607 || 10 || web-application-attack || 0 || ET ACTIVEX Chilkat IMAP ActiveX File Execution and IE DoS || url,www.milw0rm.com/exploits/6600 || url,doc.emergingthreats.net/2008607
1 || 2008608 || 8 || trojan-activity || 0 || ET TROJAN WinFixer Trojan Related User-Agent (ElectroSun) || url,doc.emergingthreats.net/2008608
1 || 2008609 || 4 || attempted-recon || 0 || ET SCAN Sivus VOIP Vulnerability Scanner SIP Scan || url,www.security-database.com/toolswatch/SiVus-VoIP-Security-Scanner-1-09.html || url,www.vopsecurity.org/ || url,doc.emergingthreats.net/2008609
1 || 2008610 || 3 || attempted-recon || 0 || ET SCAN Sivus VOIP Vulnerability Scanner SIP Components Scan || url,www.security-database.com/toolswatch/SiVus-VoIP-Security-Scanner-1-09.html || url,www.vopsecurity.org/ || url,doc.emergingthreats.net/2008610
1 || 2008611 || 5 || policy-violation || 0 || ET P2P SoulSeek P2P Login Response || url,www.slsknet.org || url,doc.emergingthreats.net/2008611
1 || 2008612 || 9 || web-application-attack || 0 || ET ACTIVEX Autodesk Design Review DWF Viewer ActiveX Control SaveAs Insecure Method || url,retrogod.altervista.org/9sg_autodesk_revit_arch_2009_exploit.html || url,secunia.com/Advisories/31989/ || url,doc.emergingthreats.net/2008612
1 || 2008613 || 9 || web-application-attack || 0 || ET ACTIVEX GdPicture Pro ActiveX control SaveAsPDF Insecure Method || url,secunia.com/Advisories/31966/ || url,milw0rm.com/exploits/6638 || url,doc.emergingthreats.net/2008613
1 || 2008614 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Lance show.php catid SQL Injection || url,secunia.com/Advisories/32027/ || url,www.milw0rm.com/exploits/6605 || url,doc.emergingthreats.net/2008614
1 || 2008615 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Real Estate Manager realestate-index.php cat_id SQL Injection || url,secunia.com/Advisories/32049/ || url,www.milw0rm.com/exploits/6599 || url,doc.emergingthreats.net/2008615
1 || 2008616 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pilot Online Training Solution news_read.php id SQL Injection || url,secunia.com/Advisories/31969/ || url,www.milw0rm.com/exploits/6613 || url,doc.emergingthreats.net/2008616
1 || 2008617 || 5 || attempted-recon || 0 || ET SCAN Wikto Scan || url,www.sensepost.com/research/wikto/WiktoDoc1-51.htm || url,doc.emergingthreats.net/2008617
1 || 2008618 || 8 || web-application-attack || 0 || ET ACTIVEX IAS Helper COM Component iashlpr.dll activex remote DOS || url,www.securityfocus.com/archive/1/archive/1/496695/100/0/threaded || cve,2008-2639 || url,securityreason.com/securityalert/4323 || url,doc.emergingthreats.net/2008618
1 || 2008619 || 8 || web-application-attack || 0 || ET ACTIVEX Novell ZENWorks for Desktops Remote Heap-Based Buffer Overflow || bugtraq,31435 || url,securitytracker.com/alerts/2008/Sep/1020951.html || url,doc.emergingthreats.net/2008619
1 || 2008620 || 38 || web-application-attack || 0 || ET ACTIVEX Internet Information Service iisext.dll activex setpassword Insecure Method || cve,2008-4301 || url,www.securityfocus.com/archive/1/archive/1/496694/100/0/threaded || url,doc.emergingthreats.net/2008620
1 || 2008621 || 7 || web-application-attack || 0 || ET ACTIVEX Internet Information Service adsiis.dll activex remote DOS || cve,2008-4300 || url,securityreason.com/securityalert/4325 || url,doc.emergingthreats.net/2008621
1 || 2008623 || 6 || trojan-activity || 0 || ET TROJAN Cinmus.Checkin 1 || url,doc.emergingthreats.net/2008623
1 || 2008624 || 8 || trojan-activity || 0 || ET TROJAN Cinmus.Checkin 2 || url,doc.emergingthreats.net/2008624
1 || 2008625 || 6 || policy-violation || 0 || ET P2P Pando Client User-Agent Detected (Mozilla/4.0 (Windows U) Pando/1.xx) || url,doc.emergingthreats.net/bin/view/Main/2008625
1 || 2008626 || 4 || trojan-activity || 0 || ET TROJAN PlayMP3z.biz Related Spyware/Trojan Install Report || url,doc.emergingthreats.net/2008626
1 || 2008627 || 7 || attempted-recon || 0 || ET SCAN Httprecon Web Server Fingerprint Scan || url,www.computec.ch/projekte/httprecon/ || url,doc.emergingthreats.net/2008627
1 || 2008628 || 6 || attempted-recon || 0 || ET SCAN WSFuzzer Web Application Fuzzing || url,www.owasp.org/index.php/Category%3aOWASP_WSFuzzer_Project || url,doc.emergingthreats.net/2008628
1 || 2008629 || 6 || attempted-recon || 0 || ET SCAN Wikto Backend Data Miner Scan || url,www.sensepost.com/research/wikto/WiktoDoc1-51.htm || url,doc.emergingthreats.net/2008629
1 || 2008639 || 6 || trojan-activity || 0 || ET TROJAN Tibs Trojan Downloader || url,doc.emergingthreats.net/2008639
1 || 2008640 || 5 || attempted-recon || 0 || ET SCAN SIP erase_registrations/add registrations attempt || url,www.hackingvoip.com/sec_tools.html || url,doc.emergingthreats.net/2008640
1 || 2008641 || 4 || attempted-recon || 0 || ET SCAN sipscan probe || url,www.hackingvoip.com/sec_tools.html || url,doc.emergingthreats.net/2008641
1 || 2008642 || 2 || trojan-activity || 0 || ET TROJAN Keylogger PRO GOLD Post || url,doc.emergingthreats.net/2008642
1 || 2008643 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Detected (Downloader1.2) || url,doc.emergingthreats.net/bin/view/Main/2008643
1 || 2008644 || 4 || trojan-activity || 0 || ET TROJAN Spy-Net Trojan Connection || url,doc.emergingthreats.net/2008644
1 || 2008645 || 3 || trojan-activity || 0 || ET TROJAN Spy-Net Trojan Connection (2) || url,doc.emergingthreats.net/2008645
1 || 2008647 || 8 || trojan-activity || 0 || ET MALWARE Internet-antivirus.com Related Fake AV User-Agent (Update Internet Antivirus) || url,doc.emergingthreats.net/2008647
1 || 2008648 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS trac q variable open redirect || cve,CVE-2008-2951 || url,doc.emergingthreats.net/2008648
1 || 2008649 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Realtor v_cat SQL Injection || url,www.milw0rm.com/exploits/6694 || url,secunia.com/advisories/32149/ || url,doc.emergingthreats.net/2008649
1 || 2008650 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Autos catid SQL Injection || url,www.milw0rm.com/exploits/6696 || url,secunia.com/advisories/32139/ || url,doc.emergingthreats.net/2008650
1 || 2008651 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JMweb MP3 src Multiple Local File Inclusion || url,www.exploit-db.com/exploits/6669/ || url,doc.emergingthreats.net/2008651
1 || 2008652 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ScriptsEz Easy Image Downloader id File Disclosure || url,www.milw0rm.com/exploits/6715 || url,secunia.com/Advisories/32210/ || url,doc.emergingthreats.net/2008652
1 || 2008653 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Built2go Real Estate Listings event_id SQL Injection || url,www.milw0rm.com/exploits/6697 || url,secunia.com/Advisories/32129/ || url,doc.emergingthreats.net/2008653
1 || 2008654 || 6 || attempted-recon || 0 || ET SCAN SQLix SQL Injection Vector Scan || url,www.owasp.org/index.php/Category%3aOWASP_SQLiX_Project || url,doc.emergingthreats.net/2008654
1 || 2008656 || 7 || trojan-activity || 0 || ET MALWARE AV2010 Rogue Security Application User-Agent (AV2010) || url,doc.emergingthreats.net/2008656
1 || 2008657 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Detected (Compatible) || url,doc.emergingthreats.net/bin/view/Main/2008657
1 || 2008658 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Detected (GetUrlSize) || url,doc.emergingthreats.net/bin/view/Main/2008658
1 || 2008659 || 7 || trojan-activity || 0 || ET DELETED Suspicious User-Agent Detected (DigitAl56K/6.3) || url,doc.emergingthreats.net/bin/view/Main/2008659
1 || 2008660 || 7 || trojan-activity || 0 || ET TROJAN Torpig Infection Reporting || url,www2.gmer.net/mbr/ || url,www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf || url,doc.emergingthreats.net/2008660 || url,offensivecomputing.net/?q=node/909
1 || 2008661 || 6 || trojan-activity || 0 || ET TROJAN Zbot/Zeus HTTP POST || url,doc.emergingthreats.net/2008661
1 || 2008662 || 3 || trojan-activity || 0 || ET TROJAN Generic PSW Agent server reply || url,doc.emergingthreats.net/2008662
1 || 2008663 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Detected (aguarovex-loader v3.221) || url,doc.emergingthreats.net/bin/view/Main/2008663
1 || 2008664 || 11 || trojan-activity || 0 || ET TROJAN Generic Dropper HTTP Bot grabbing config || url,doc.emergingthreats.net/2008664
1 || 2008665 || 8 || trojan-activity || 0 || ET TROJAN Zbot/Zeus or Related Infection Checkin || url,doc.emergingthreats.net/2008665
1 || 2008666 || 9 || trojan-activity || 0 || ET TROJAN Delf Key Checkin (Clicker.Win32.Delf.afl) || url,doc.emergingthreats.net/2008666
1 || 2008667 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Agent.fvt Checkin || url,doc.emergingthreats.net/2008667
1 || 2008668 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myEvent viewevent.php SQL Injection || bugtraq,31773 || url,www.milw0rm.com/exploits/6760 || url,doc.emergingthreats.net/2008668
1 || 2008669 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AstroSPACES profile.php SQL Injection || bugtraq,31771 || url,www.milw0rm.com/exploits/6758 || url,doc.emergingthreats.net/2008669
1 || 2008672 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS My PHP Dating id parameter SQL Injection || url,secunia.com/advisories/32268 || url,www.exploit-db.com/exploits/6754/ || url,doc.emergingthreats.net/2008672
1 || 2008673 || 11 || web-application-attack || 0 || ET ACTIVEX Microsoft PicturePusher ActiveX Cross Site File Upload Attack || url,milw0rm.com/exploits/6699 || url,doc.emergingthreats.net/2008673
1 || 2008674 || 3 || trojan-activity || 0 || ET TROJAN Likely eCard Malware Laden Email Inbound || url,www.sophos.com/blogs/gc/g/2008/10/15/you-have-not-received-an-ecard/ || url,doc.emergingthreats.net/2008674
1 || 2008675 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Start || url,doc.emergingthreats.net/2008675
1 || 2008676 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Assasin.20.C Control Session Server Reply || url,doc.emergingthreats.net/2008676
1 || 2008677 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Assasin.20.C Control Channel Client Reply || url,doc.emergingthreats.net/2008677
1 || 2008678 || 9 || web-application-attack || 0 || ET ACTIVEX Hummingbird Deployment Wizard 2008 ActiveX Insecure Methods || url,secunia.com/Advisories/32337/ || url,doc.emergingthreats.net/2008678
1 || 2008679 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CafeEngine id Remote SQL Injection (dish.php) || url,secunia.com/advisories/32308/ || url,milw0rm.com/exploits/6762 || url,doc.emergingthreats.net/2008679
1 || 2008680 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CafeEngine id Remote SQL Injection (menu.php) || url,secunia.com/advisories/32308/ || url,milw0rm.com/exploits/6762 || url,doc.emergingthreats.net/2008680
1 || 2008681 || 6 || trojan-activity || 0 || ET MALWARE iframebiz - /qwertyuiyw12ertyuytre/adv***.php || url,iframecash.biz || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOADR.QC&VSect=T || url,doc.emergingthreats.net/bin/view/Main/2008681
1 || 2008682 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Zonebac.D || url,doc.emergingthreats.net/2008682
1 || 2008683 || 9 || web-application-attack || 0 || ET ACTIVEX Dart Communications PowerTCP FTP for ActiveX DartFtp.dll Control Buffer Overflow || bugtraq,31814 || url,www.milw0rm.com/exploits/6793 || url,doc.emergingthreats.net/2008683
1 || 2008684 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Shop Shopping Cart Script search_results.php SQL Injection || bugtraq,30692 || url,doc.emergingthreats.net/2008684
1 || 2008685 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla DS-Syndicate Component feed_id SQL Injection || url,www.secunia.com/advisories/32321 || url,www.exploit-db.com/exploits/6792/ || url,doc.emergingthreats.net/2008685
1 || 2008686 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS zeeproperty adid Parameter Remote SQL Injection || url,secunia.com/Advisories/32333/ || url,milw0rm.com/exploits/6780 || url,doc.emergingthreats.net/2008686
1 || 2008687 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PassWiki site_id Parameter Local File Inclusion || bugtraq,29455 || url,doc.emergingthreats.net/2008687
1 || 2008688 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XOOPS Makale Module id SQL Injection || url,secunia.com/advisories/32347/ || url,www.milw0rm.com/exploits/6795 || url,doc.emergingthreats.net/2008688
1 || 2008689 || 5 || trojan-activity || 0 || ET TROJAN Gimmiv.A.dll Infection || url,www.microsoft.com/security/portal/Entry.aspx?name=TrojanSpy%3aWin32%2fGimmiv.A || url,doc.emergingthreats.net/2008689
1 || 2008690 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (1) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008690
1 || 2008691 || 6 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (2) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008691
1 || 2008692 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (3) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008692
1 || 2008693 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (4) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008693
1 || 2008694 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (5) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008694
1 || 2008695 || 5 || attempted-admin || 0 || ET DELETED Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (6) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008695
1 || 2008696 || 6 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (7) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008696
1 || 2008697 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (8) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008697
1 || 2008698 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (9) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008698
1 || 2008699 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (10) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008699
1 || 2008700 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008700
1 || 2008701 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (11) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008701
1 || 2008702 || 6 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (12) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008702
1 || 2008703 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (13) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008703
1 || 2008704 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (14) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008704
1 || 2008705 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (15) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008705
1 || 2008706 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (16) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008706
1 || 2008707 || 6 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (17) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008707
1 || 2008708 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (18) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008708
1 || 2008709 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (19) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008709
1 || 2008710 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (20) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008710
1 || 2008711 || 5 || attempted-admin || 0 || ET DELETED Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (21) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008711
1 || 2008712 || 6 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (22) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008712
1 || 2008713 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (23) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008713
1 || 2008714 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (24) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008714
1 || 2008715 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (25) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008715
1 || 2008716 || 5 || attempted-admin || 0 || ET DELETED Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (26) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008716
1 || 2008717 || 6 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (27) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008717
1 || 2008718 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (28) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008718
1 || 2008719 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (29) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008719
1 || 2008720 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 (30) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008720
1 || 2008721 || 5 || attempted-admin || 0 || ET NETBIOS Microsoft Windows NETAPI Stack Overflow Inbound - MS08-067 - Known Exploit Instance (2) || url,www.microsoft.com/technet/security/Bulletin/MS08-067.mspx || cve,2008-4250 || url,www.kb.cert.org/vuls/id/827267 || url,doc.emergingthreats.net/bin/view/Main/2008721
1 || 2008722 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Customer contact.php SQL injection || bugtraq,28852 || url,doc.emergingthreats.net/2008722
1 || 2008723 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ShopMaker product.php id Parameter Remote SQL Injection || url,www.milw0rm.com/exploits/6799 || bugtraq,31854 || url,doc.emergingthreats.net/2008723
1 || 2008724 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bahar Download Script aspkat.asp SQL Injection || bugtraq,31852 || url,doc.emergingthreats.net/2008724
1 || 2008725 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Newsletter Plugin newsletter Parameter SQL Injection || url,milw0rm.com/exploits/6777 || url,secunia.com/advisories/32336 || url,doc.emergingthreats.net/2008725
1 || 2008726 || 3 || trojan-activity || 0 || ET TROJAN Gimmiv Infection Ping Outbound || url,doc.emergingthreats.net/2008726
1 || 2008727 || 3 || trojan-activity || 0 || ET TROJAN Gimmiv Infection Ping Inbound || url,doc.emergingthreats.net/2008727
1 || 2008728 || 6 || trojan-activity || 0 || ET DELETED General Downloader URL - Post Infection || url,doc.emergingthreats.net/2008728
1 || 2008729 || 5 || attempted-recon || 0 || ET SCAN Mini MySqlatOr SQL Injection Scanner || url,www.scrt.ch/pages_en/minimysqlator.html || url,doc.emergingthreats.net/2008729
1 || 2008730 || 3 || trojan-activity || 0 || ET TROJAN Ipbill.com Related Dialer Trojan Checkin || url,doc.emergingthreats.net/2008730
1 || 2008731 || 3 || trojan-activity || 0 || ET TROJAN Ipbill.com Related Dialer Trojan Server Response || url,doc.emergingthreats.net/2008731
1 || 2008732 || 4 || trojan-activity || 0 || ET TROJAN FraudTool.Win32.SysCleaner.a || url,doc.emergingthreats.net/2008732
1 || 2008733 || 2 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Regrun.ro FTP connection detected || url,doc.emergingthreats.net/2008733
1 || 2008734 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Detected (WINS_HTTP_SEND Program/1.0) || url,doc.emergingthreats.net/bin/view/Main/2008734
1 || 2008735 || 8 || trojan-activity || 0 || ET MALWARE Suspicious User Agent (FTP) || url,doc.emergingthreats.net/bin/view/Main/2008735
1 || 2008736 || 5 || bad-unknown || 0 || ET DELETED Borlander Adware Checkin || url,doc.emergingthreats.net/bin/view/Main/2008736
1 || 2008737 || 12 || trojan-activity || 0 || ET TROJAN Conficker/KernelBot/MS08-067 related Trojan Checkin || url,doc.emergingthreats.net/bin/view/Main/2008737
1 || 2008738 || 8 || not-suspicious || 0 || ET TROJAN Suspicious Accept-Language HTTP Header, zh-cn, likely Kernelbot/Conficker Trojan Related || url,doc.emergingthreats.net/bin/view/Main/2008738
1 || 2008739 || 8 || trojan-activity || 0 || ET TROJAN Conficker/MS08-067 Worm Traffic Outbound || url,doc.emergingthreats.net/bin/view/Main/2008739
1 || 2008740 || 6 || trojan-activity || 0 || ET DELETED Ligats/DR.Ilomo Agent Post || url,doc.emergingthreats.net/2008740
1 || 2008742 || 9 || trojan-activity || 0 || ET MALWARE Admoke/Adload.AFB!tr.dldr Checkin || md5,6085f2ff15282611fd82f9429d82912b
1 || 2008743 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (bdsclk) - Possible Admoke Admware || url,doc.emergingthreats.net/bin/view/Main/2008743
1 || 2008744 || 2 || policy-violation || 0 || ET POLICY Possible External FreeGate DNS Query || url,doc.emergingthreats.net/2008744
1 || 2008745 || 2 || policy-violation || 0 || ET POLICY Possible External FreeGate DNS Query || url,doc.emergingthreats.net/2008745
1 || 2008746 || 2 || policy-violation || 0 || ET POLICY Possible External FreeGate DNS Query || url,doc.emergingthreats.net/2008746
1 || 2008747 || 2 || policy-violation || 0 || ET POLICY Possible External FreeGate DNS Query || url,doc.emergingthreats.net/2008747
1 || 2008748 || 3 || policy-violation || 0 || ET POLICY Possible External FreeGate DNS Query || url,doc.emergingthreats.net/2008748
1 || 2008749 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (checkonline) || url,doc.emergingthreats.net/bin/view/Main/2008749
1 || 2008750 || 4 || trojan-activity || 0 || ET DELETED Buzus FTP Log Upload || url,doc.emergingthreats.net/2008750
1 || 2008752 || 3 || trojan-activity || 0 || ET TROJAN AdWare.Win32.Yokbar User-Agent Detected (YOK Agent) || url,doc.emergingthreats.net/2008752
1 || 2008753 || 3 || trojan-activity || 0 || ET TROJAN AdWare.Win32.Yokbar Checkin URL || url,doc.emergingthreats.net/2008753
1 || 2008754 || 6 || trojan-activity || 0 || ET TROJAN Possible Rar'd Malware sent when remote host claims to send an Image || url,doc.emergingthreats.net/bin/view/Main/2008754
1 || 2008755 || 3 || trojan-activity || 0 || ET TROJAN Autorun.qvi Related HTTP Get on Off Port || url,doc.emergingthreats.net/2008755
1 || 2008756 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Kvadrlson 1.0) || url,doc.emergingthreats.net/bin/view/Main/2008756
1 || 2008757 || 5 || trojan-activity || 0 || ET MALWARE Zenosearch Malware Checkin HTTP POST || url,doc.emergingthreats.net/bin/view/Main/2008757
1 || 2008758 || 4 || trojan-activity || 0 || ET TROJAN Mcboo.com/Bundlext.com related Trojan Checkin URL || url,doc.emergingthreats.net/2008758
1 || 2008759 || 7 || trojan-activity || 0 || ET MALWARE Matcash Trojan Related Spyware Code Download || url,doc.emergingthreats.net/bin/view/Main/2008759
1 || 2008760 || 6 || trojan-activity || 0 || ET TROJAN Insidebar.co.kr Related Infection Checkin || url,doc.emergingthreats.net/2008760
1 || 2008765 || 7 || trojan-activity || 0 || ET TROJAN Brontok/Joseray User-Agent Detected (Joseray.A3 Browser) || url,doc.emergingthreats.net/2008765
1 || 2008766 || 5 || trojan-activity || 0 || ET DELETED Generic Downloader Checkin Url Detected || url,doc.emergingthreats.net/2008766
1 || 2008767 || 4 || trojan-activity || 0 || ET TROJAN Kangkio User-Agent (lsosss) || url,doc.emergingthreats.net/2008767
1 || 2008770 || 5 || trojan-activity || 0 || ET P2P Unknown Trojan P2P Data Download || url,www.chinatechnews.com/2008/07/21/7014-baofengcom-shifts-to-internet-video-sector/ || url,doc.emergingthreats.net/2008770
1 || 2008771 || 7 || trojan-activity || 0 || ET P2P Unknown Trojan P2P Download Request || url,www.chinatechnews.com/2008/07/21/7014-baofengcom-shifts-to-internet-video-sector/ || url,doc.emergingthreats.net/2008771
1 || 2008772 || 5 || trojan-activity || 0 || ET P2P Unknown Trojan P2P Request || url,www.chinatechnews.com/2008/07/21/7014-baofengcom-shifts-to-internet-video-sector/ || url,doc.emergingthreats.net/2008772
1 || 2008776 || 3 || web-application-attack || 0 || ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-1 || url,milw0rm.com/exploits/6738 || cve,CVE-2008-4572 || bugtraq,31729 || url,doc.emergingthreats.net/bin/view/Main/2008776
1 || 2008777 || 3 || web-application-attack || 0 || ET EXPLOIT GuildFTPd CWD and LIST Command Heap Overflow - POC-2 || url,milw0rm.com/exploits/6738 || cve,CVE-2008-4572 || bugtraq,31729 || url,doc.emergingthreats.net/bin/view/Main/2008777
1 || 2008779 || 4 || unknown || 0 || ET DELETED Unknown Keepalive out || url,doc.emergingthreats.net/bin/view/Main/2008779
1 || 2008780 || 4 || unknown || 0 || ET DELETED Unknown Keepalive in || url,doc.emergingthreats.net/bin/view/Main/2008780
1 || 2008781 || 6 || trojan-activity || 0 || ET DELETED Set flow on rar file get || url,doc.emergingthreats.net/2008781
1 || 2008782 || 5 || trojan-activity || 0 || ET POLICY Possible Trojan File Download bad rar file header (not a valid rar file) || url,www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162 || url,doc.emergingthreats.net/2008782
1 || 2008783 || 7 || trojan-activity || 0 || ET DELETED Possible Trojan File Download - Rar Requested but not received || url, www.win-rar.com/index.php?id=24&kb=1&kb_article_id=162 || url,doc.emergingthreats.net/2008783
1 || 2008784 || 6 || trojan-activity || 0 || ET DELETED Lighty Variant or UltimateDefender POST || url,doc.emergingthreats.net/2008784
1 || 2008785 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aj Square RSS Reader url SQL Injection || url,secunia.com/advisories/32413/ || url,milw0rm.com/exploits/6856 || url,doc.emergingthreats.net/2008785
1 || 2008786 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PozScripts Classified Auctions id parameter SQL Injection || url,milw0rm.com/exploits/6839 || url,secunia.com/advisories/32373 || url,doc.emergingthreats.net/2008786
1 || 2008787 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel poll_id parameter SQL Injection || url,milw0rm.com/exploits/6854 || url,secunia.com/advisories/32431 || url,doc.emergingthreats.net/2008787
1 || 2008788 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 BLOG Engine macgurublog.php uid Parameter SQL Injection || bugtraq,29344 || url,milw0rm.com/exploits/6856 || url,doc.emergingthreats.net/2008788
1 || 2008789 || 6 || web-application-attack || 0 || ET ACTIVEX DB Software Laboratory VImpX.ocx ActiveX Control Multiple Insecure Methods || bugtraq,31907 || url,milw0rm.com/exploits/6828 || url,doc.emergingthreats.net/2008789
1 || 2008790 || 5 || web-application-attack || 0 || ET ACTIVEX DjVu DjVu_ActiveX_MSOffice.dll ActiveX Component Heap Buffer Overflow || bugtraq,31987 || url,milw0rm.com/exploits/6878 || url,doc.emergingthreats.net/2008790
1 || 2008791 || 3 || web-application-attack || 0 || ET ACTIVEX Visagesoft eXPert PDF Viewer ActiveX Control Arbitrary File Overwrite || bugtraq,31984 || url,milw0rm.com/exploits/6875 || url,doc.emergingthreats.net/2008791
1 || 2008792 || 48 || web-application-attack || 0 || ET ACTIVEX Microsoft DebugDiag CrashHangExt.dll ActiveX Control Remote Denial of Service || bugtraq,31996 || url,doc.emergingthreats.net/2008792
1 || 2008793 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SFS EZ BIZ PRO track.php id Parameter Remote SQL Injection || url,secunia.com/advisories/32552/ || url,milw0rm.com/exploits/6910 || url,doc.emergingthreats.net/2008793
1 || 2008794 || 3 || misc-activity || 0 || ET POLICY TeamViewer Keep-alive outbound || url,www.teamviewer.com || url,en.wikipedia.org/wiki/TeamViewer || url,doc.emergingthreats.net/2008794
1 || 2008795 || 4 || misc-activity || 0 || ET POLICY TeamViewer Keep-alive inbound || url,www.teamviewer.com || url,en.wikipedia.org/wiki/TeamViewer || url,doc.emergingthreats.net/2008795
1 || 2008797 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (miip) || url,doc.emergingthreats.net/bin/view/Main/2008797
1 || 2008798 || 5 || trojan-activity || 0 || ET MALWARE Zenosearch Malware Checkin HTTP POST (2) || url,doc.emergingthreats.net/bin/view/Main/2008798
1 || 2008802 || 8 || trojan-activity || 0 || ET DELETED Possible Downadup/Conficker-A Worm Activity || url,www.microsoft.com/security/portal/Entry.aspx?Name=Worm%3aWin32%2fConficker.A || url,www.f-secure.com/v-descs/worm_w32_downadup_a.shtml || url,doc.emergingthreats.net/bin/view/Main/2008802
1 || 2008805 || 3 || trojan-activity || 0 || ET TROJAN DNS Changer.bnm/Downloader.bnm CnC Channel Start || url,doc.emergingthreats.net/2008805
1 || 2008806 || 3 || trojan-activity || 0 || ET TROJAN DNS Changer.bnm/Downloader.bnm CnC Channel Start Response || url,doc.emergingthreats.net/2008806
1 || 2008807 || 4 || trojan-activity || 0 || ET TROJAN DNS Changer.bnm/Downloader.bnm Second CnC Channel Start || url,doc.emergingthreats.net/2008807
1 || 2008808 || 4 || trojan-activity || 0 || ET TROJAN DNS Changer.bnm/Downloader.bnm Second CnC Channel Traffic || url,doc.emergingthreats.net/2008808
1 || 2008809 || 9 || web-application-attack || 0 || ET ACTIVEX MW6 Technologies Barcode ActiveX Barcode.dll Multiple Arbitrary File Overwrite || bugtraq,31979 || url,milw0rm.com/exploits/6871 || url,doc.emergingthreats.net/2008809
1 || 2008810 || 9 || web-application-attack || 0 || ET ACTIVEX MW6 PDF417 MW6PDF417.dll ActiveX Control Multiple Arbitrary File Overwrite || bugtraq,31983 || url,milw0rm.com/exploits/6873 || url,doc.emergingthreats.net/2008810
1 || 2008811 || 9 || web-application-attack || 0 || ET ACTIVEX MW6 DataMatrix DataMatrix.dll ActiveX Control Multiple Arbitrary File Overwrite || bugtraq,31980 || url,milw0rm.com/exploits/6872 || url,doc.emergingthreats.net/2008811
1 || 2008812 || 9 || web-application-attack || 0 || ET ACTIVEX MW6 Aztec ActiveX Aztec.dll ActiveX Control Multiple Arbitrary File Overwrite || bugtraq,31974 || url,milw0rm.com/exploits/6870 || url,doc.emergingthreats.net/2008812
1 || 2008813 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 Plugin lyrics_menu lyrics_song.php l_id Parameter Remote SQL Injection || url,secunia.com/advisories/32477/ || url,milw0rm.com/exploits/6885 || url,doc.emergingthreats.net/2008813
1 || 2008814 || 9 || web-application-attack || 0 || ET ACTIVEX Chilkat Crypt ActiveX Component WriteFile Insecure Method || url,secunia.com/Advisories/32513/ || url,milw0rm.com/exploits/6963 || url,doc.emergingthreats.net/2008814
1 || 2008815 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SFS EZ Hotscripts-like Site showcategory.php cid Parameter SQL Injection || url,secunia.com/advisories/32536/ || url,milw0rm.com/exploits/6903 || url,doc.emergingthreats.net/2008815
1 || 2008816 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SFS EZ Hotscripts-like Site software-description.php id Parameter SQL Injection || url,secunia.com/advisories/32536/ || url,milw0rm.com/exploits/6915 || url,doc.emergingthreats.net/2008816
1 || 2008817 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YourFreeWorld Autoresponder hosting tr.php id Parameter SQL Injection || url,secunia.com/advisories/32504/ || url,milw0rm.com/exploits/6938 || url,doc.emergingthreats.net/2008817
1 || 2008818 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YourFreeWorld Reminder Service tr.php id Parameter SQL Injection || url,secunia.com/advisories/32504/ || url,milw0rm.com/exploits/6943 || url,doc.emergingthreats.net/2008818
1 || 2008819 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YourFreeWorld Classifieds Blaster tr.php id Parameter SQL Injection || url,secunia.com/advisories/32504/ || url,milw0rm.com/exploits/6944 || url,doc.emergingthreats.net/2008819
1 || 2008821 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tours Manager cityview.php cityid Parameter SQL Injection || url,secunia.com/advisories/32503/ || url,milw0rm.com/exploits/6988 || url,doc.emergingthreats.net/2008821
1 || 2008822 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Pro Desk Component include_file Local File Inclusion || url,secunia.com/advisories/32523/ || url,www.exploit-db.com/exploits/6980/ || url,doc.emergingthreats.net/2008822
1 || 2008823 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pre Podcast Portal tour.php id SQL Injection || url,secunia.com/advisories/32563/ || url,milw0rm.com/exploits/6997 || url,doc.emergingthreats.net/2008823
1 || 2008824 || 4 || web-application-attack || 0 || ET DELETED Way Of The Warrior visualizza.php plancia Parameter Local File Inclusion || url,secunia.com/advisories/32515/ || url,milw0rm.com/exploits/6992 || url,doc.emergingthreats.net/2008824
1 || 2008825 || 3 || web-application-attack || 0 || ET DELETED Way Of The Warrior crea.php plancia Parameter Local File Inclusion || url,secunia.com/advisories/32515/ || url,milw0rm.com/exploits/6992 || url,doc.emergingthreats.net/2008825
1 || 2008826 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Way Of The Warrior crea.php plancia Remote File Inclusion || url,secunia.com/advisories/32515/ || url,milw0rm.com/exploits/6992 || url,doc.emergingthreats.net/2008826
1 || 2008827 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TurnkeyForms Business Survey Pro id parameter SQL Injection || url,secunia.com/advisories/32561/ || url,milw0rm.com/exploits/7029 || url,doc.emergingthreats.net/2008827
1 || 2008828 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turnkeyforms Software Directory showcategory.php cid parameter SQL Injection || url,secunia.com/advisories/32568/ || url,milw0rm.com/exploits/7027 || url,doc.emergingthreats.net/2008828
1 || 2008829 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TurnkeyForms Local Classifieds listtest.php r parameter SQL Injection || url,secunia.com/advisories/32591/ || url,milw0rm.com/exploits/7035 || url,doc.emergingthreats.net/2008829
1 || 2008830 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DevelopItEasy Photo Gallery cat_id paramter SQL Injection || url,secunia.com/advisories/32593/ || url,milw0rm.com/exploits/7016 || url,doc.emergingthreats.net/2008830
1 || 2008831 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DevelopItEasy Photo Gallery photo_id paramter SQL Injection || url,secunia.com/advisories/32593/ || url,milw0rm.com/exploits/7016 || url,doc.emergingthreats.net/2008831
1 || 2008832 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast path parameter Local File Inclusion || url,secunia.com/advisories/32628/ || url,bugreport.ir/index_57.htm || url,doc.emergingthreats.net/2008832
1 || 2008833 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Enthusiast path parameter Remote File Inclusion || url,secunia.com/advisories/32628/ || url,bugreport.ir/index_57.htm || url,doc.emergingthreats.net/2008833
1 || 2008834 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DevelopItEasy News And Article aid parameter SQL Injection || url,milw0rm.com/exploits/7014 || url,secunia.com/Advisories/32595/ || url,doc.emergingthreats.net/2008834
1 || 2008835 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyioSoft EasyBookMarker Parent parameter SQL Injection || url,secunia.com/advisories/32636/ || url,www.exploit-db.com/exploits/7053/ || url,doc.emergingthreats.net/2008835
1 || 2008837 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Maran PHP Shop id Parameter Remote SQL Injection || bugtraq,32043 || url,frsirt.com/english/advisories/2008/2976 || url,doc.emergingthreats.net/2008837
1 || 2008838 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DeltaScripts PHP Classifieds siteid parameter Remote SQL Injection || url,frsirt.com/english/advisories/2008/3079 || bugtraq,32191 || url,doc.emergingthreats.net/2008838
1 || 2008839 || 7 || trojan-activity || 0 || ET MALWARE AdWare.Win32.MWGuide checkin || url,doc.emergingthreats.net/2008839
1 || 2008840 || 6 || trojan-activity || 0 || ET MALWARE AdWare.Win32.MWGuide keepalive || url,doc.emergingthreats.net/2008840
1 || 2008841 || 5 || trojan-activity || 0 || ET TROJAN Trojan-PWS.Win32.Small.gs Passwords leak over FTP || url,doc.emergingthreats.net/2008841
1 || 2008842 || 4 || policy-violation || 0 || ET POLICY Possible HTTP-TUNNEL to External Proxy for Anonymous Access || url,doc.emergingthreats.net/2008842
1 || 2008843 || 4 || policy-violation || 0 || ET POLICY Possible HTTP-TUNNEL to External Proxy for Anonymous Access (server download) || url,doc.emergingthreats.net/2008843
1 || 2008846 || 4 || trojan-activity || 0 || ET DELETED Worm.Win32.Evolmi Checkin || url,doc.emergingthreats.net/2008846
1 || 2008847 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Mozil1a) || url,doc.emergingthreats.net/bin/view/Main/2008847
1 || 2008848 || 7 || trojan-activity || 0 || ET DELETED Worm.Win32.Koobface.C User-Agent || url,doc.emergingthreats.net/2008848
1 || 2008849 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms add3rdparty.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008849
1 || 2008850 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addpolling.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008850
1 || 2008851 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addcontact.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008851
1 || 2008852 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addbrandnews.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008852
1 || 2008853 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addnewsletter.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008853
1 || 2008854 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addgame.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008854
1 || 2008855 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addtour.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008855
1 || 2008856 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addarticles.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008856
1 || 2008857 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addproduct.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008857
1 || 2008858 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS evision cms addplain.php module parameter Local File Inclusion || bugtraq,32180 || url,milw0rm.com/exploits/7031 || url,doc.emergingthreats.net/2008858
1 || 2008859 || 5 || trojan-activity || 0 || ET TROJAN Downloader Win32.Small.agoy Checkin || url,www.threatexpert.com/report.aspx?md5=e491d25d82f4928138a0d8b3a6365c39 || url,www.threatexpert.com/reports.aspx?find=%2Fjutr%2F || url,doc.emergingthreats.net/2008859
1 || 2008860 || 3 || misc-activity || 0 || ET TELNET External Telnet Attempt To Cisco Device With No Telnet Password Set (Automatically Dissalowed Until Password Set) || url,articles.techrepublic.com.com/5100-10878_11-5875046.html || url,doc.emergingthreats.net/bin/view/Main/2008860
1 || 2008861 || 4 || misc-activity || 0 || ET TELNET External Telnet Login To Cisco Device || url,articles.techrepublic.com.com/5100-10878_11-5875046.html || url,doc.emergingthreats.net/bin/view/Main/2008861
1 || 2008862 || 3 || misc-activity || 0 || ET POLICY External Access to Cisco Aironet AP Over HTTP (Post Authentication) || url,supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_HTTPS_on_the_AP || url,doc.emergingthreats.net/bin/view/Main/2008862
1 || 2008863 || 4 || trojan-activity || 0 || ET TROJAN Virtumonde Variant Reporting to Controller via HTTP (3) || url,www.threatexpert.com/reports.aspx?find=apstpldr.dll.html || url,doc.emergingthreats.net/2008863
1 || 2008864 || 7 || trojan-activity || 0 || ET TROJAN Koobface Trojan HTTP Post Checkin || url,doc.emergingthreats.net/2008864
1 || 2008865 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PozScripts Business Directory Script cid parameter SQL Injection || url,frsirt.com/english/advisories/2008/3118 || url,milw0rm.com/exploits/7098 || url,doc.emergingthreats.net/2008865
1 || 2008866 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClipShare Pro channel_detail.php chid Parameter SQL Injection || bugtraq,32311 || url,milw0rm.com/exploits/7128 || url,doc.emergingthreats.net/2008866
1 || 2008867 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SlimCMS edit.php pageid Parameter SQL Injection || bugtraq,32300 || url,doc.emergingthreats.net/2008867
1 || 2008869 || 7 || web-application-attack || 0 || ET ACTIVEX VeryDOC PDF Viewer ActiveX Control OpenPDF Buffer Overflow || bugtraq,32313 || url,milw0rm.com/exploits/7126 || url,doc.emergingthreats.net/2008869
1 || 2008870 || 10 || web-application-attack || 0 || ET ACTIVEX Chilkat Socket ACTIVEX Remote Arbitrary File Creation || bugtraq,32333 || url,milw0rm.com/exploits/7142 || url,doc.emergingthreats.net/2008870
1 || 2008871 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpFan init.php Remote File Inclusion || bugtraq,32335 || url,milw0rm.com/exploits/7143 || url,doc.emergingthreats.net/2008871
1 || 2008872 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultrastats serverid parameter SQL Injection || bugtraq,32340 || url,milw0rm.com/exploits/7148 || url,doc.emergingthreats.net/2008872
1 || 2008873 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPStore Wholesales id Parameter SQL Injection || url,secunia.com/advisories/32741/ || url,packetstorm.linuxsecurity.com/0811-exploits/wholesale-sql.txt || url,doc.emergingthreats.net/2008873
1 || 2008874 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPStore Yahoo Answers id parameter SQL Injection || url,secunia.com/advisories/32717/ || url,milw0rm.com/exploits/7131 || url,doc.emergingthreats.net/2008874
1 || 2008875 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Vlog System note parameter SQL Injection || url,secunia.com/advisories/32784/ || url,www.milw0rm.com/exploits/7186 || url,doc.emergingthreats.net/2008875
1 || 2008878 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Free Directory Script 1.1.1 API_HOME_DIR Local File Inclusion || url,secunia.com/advisories/32745/ || url,milw0rm.com/exploits/7155 || url,doc.emergingthreats.net/2008878
1 || 2008879 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Free Directory Script 1.1.1 API_HOME_DIR parameter Remote File Inclusion || url,secunia.com/advisories/32745/ || url,milw0rm.com/exploits/7155 || url,doc.emergingthreats.net/2008879
1 || 2008880 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PunBB Functions_navlinks.php pun_user language Parameter Local File Inclusion || bugtraq,32360 || url,milw0rm.com/exploits/7159 || url,doc.emergingthreats.net/2008880
1 || 2008881 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PunBB profile_send.php pun_user language Parameter Local File Inclusion || bugtraq,32360 || url,milw0rm.com/exploits/7159 || url,doc.emergingthreats.net/2008881
1 || 2008882 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PunBB viewtopic_PM-link.php pun_user language Parameter Local File Inclusion || bugtraq,32360 || url,milw0rm.com/exploits/7159 || url,doc.emergingthreats.net/2008882
1 || 2008883 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easyedit CMS page.php intpageID parameter sql injection || url,secunia.com/advisories/32822/ || url,packetstormsecurity.org/0811-exploits/easyeditcms-sql.txt || url,doc.emergingthreats.net/2008883
1 || 2008884 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easyedit CMS subcategory.php intSubCategoryID parameter sql injection || url,secunia.com/advisories/32822/ || url,packetstormsecurity.org/0811-exploits/easyeditcms-sql.txt || url,doc.emergingthreats.net/2008884
1 || 2008885 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easyedit CMS news.php intPageID parameter sql injection || url,secunia.com/advisories/32822/ || url,packetstormsecurity.org/0811-exploits/easyeditcms-sql.txt || url,doc.emergingthreats.net/2008885
1 || 2008886 || 6 || web-application-attack || 0 || ET DELETED Microsoft XML Core Services DTD Cross Domain Information Disclosure object || bugtraq,32155 || url,milw0rm.com/exploits/7196 || url,doc.emergingthreats.net/2008886
1 || 2008887 || 7 || web-application-attack || 0 || ET ACTIVEX Microsoft XML Core Services DTD Cross Domain Information Disclosure clsid || bugtraq,32155 || url,milw0rm.com/exploits/7196 || url,doc.emergingthreats.net/2008887
1 || 2008888 || 5 || trojan-activity || 0 || ET DELETED Gh0st Remote Access Trojan Client Connect || url,doc.emergingthreats.net/2008888
1 || 2008889 || 5 || trojan-activity || 0 || ET DELETED Gh0st Remote Access Trojan Server Response || url,www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081211 || url,doc.emergingthreats.net/2008889
1 || 2008891 || 7 || trojan-activity || 0 || ET TROJAN MEREDROP/micr0s0fts.cn Related Checkin || url,doc.emergingthreats.net/2008891
1 || 2008892 || 7 || trojan-activity || 0 || ET MALWARE Smileware Connection Spyware Related User-Agent (Smileware Connection) || url,doc.emergingthreats.net/2008892
1 || 2008893 || 9 || trojan-activity || 0 || ET TROJAN Perfect Keylogger Install Email Report || url,doc.emergingthreats.net/2008893
1 || 2008894 || 7 || trojan-activity || 0 || ET MALWARE Popupblockade.com Spyware Related User-Agent (PopupBlockade/1.63.0.2/Reg) || url,doc.emergingthreats.net/2008894
1 || 2008895 || 6 || web-application-attack || 0 || ET ACTIVEX Visagesoft eXPert PDF EditorX ActiveX Control Arbitrary File Overwrite || bugtraq,32664 || url,milw0rm.com/exploits/7358 || url,doc.emergingthreats.net/2008895
1 || 2008896 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bandwebsite lyrics.php id parameter Sql Injection || url,www.milw0rm.com/exploits/7215 || bugtraq,32454 || url,doc.emergingthreats.net/2008896
1 || 2008897 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MODx CMS snippet.reflect.php reflect_base Remote File Inclusion || url,www.exploit-db.com/exploits/7204/ || url,secunia.com/advisories/32824/ || url,doc.emergingthreats.net/2008897
1 || 2008898 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MODx CMS snippet.reflect.php reflect_base Local File Inclusion || url,www.exploit-db.com/exploits/7204/ || url,secunia.com/advisories/32824/ || url,doc.emergingthreats.net/2008898
1 || 2008899 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pie RSS module lib parameter remote file inclusion || bugtraq,32465 || url,milw0rm.com/exploits/7225 || url,doc.emergingthreats.net/2008899
1 || 2008900 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ModernBill export_batch.inc.php DIR Parameter Remote File Inclusion || url,secunia.com/advisories/32529/ || url,milw0rm.com/exploits/6916 || url,doc.emergingthreats.net/2008900
1 || 2008901 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ModernBill run_auto_suspend.cron.php DIR Parameter Remote File Inclusion || url,secunia.com/advisories/32529/ || url,milw0rm.com/exploits/6916 || url,doc.emergingthreats.net/2008901
1 || 2008902 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ModernBill send_email_cache.php DIR Parameter Remote File Inclusion || url,secunia.com/advisories/32529/ || url,milw0rm.com/exploits/6916 || url,doc.emergingthreats.net/2008902
1 || 2008903 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ModernBill 2checkout_return.inc.php DIR Parameter Remote File Inclusion || url,secunia.com/advisories/32529/ || url,milw0rm.com/exploits/6916 || url,doc.emergingthreats.net/2008903
1 || 2008904 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ModernBill nettools.popup.php DIR Parameter Remote File Inclusion || url,secunia.com/advisories/32529/ || url,milw0rm.com/exploits/6916 || url,doc.emergingthreats.net/2008904
1 || 2008905 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Delf-5496 Checkin Error || url,doc.emergingthreats.net/2008905
1 || 2008906 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Delf-5496 Egg Request || url,doc.emergingthreats.net/2008906
1 || 2008907 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Delf-5496 File Manager Access Report || url,doc.emergingthreats.net/2008907
1 || 2008908 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Delf-5496 New Infection Report || url,doc.emergingthreats.net/2008908
1 || 2008909 || 2 || attempted-user || 0 || ET SQL MSSQL sp_replwritetovarbin - potential memory overwrite case 1 || url,archives.neohapsis.com/archives/fulldisclosure/2008-12/0239.html || url,doc.emergingthreats.net/bin/view/Main/2008909
1 || 2008910 || 2 || attempted-user || 0 || ET DELETED MSSQL sp_replwritetovarbin - potential memory overwrite case 2 || url,archives.neohapsis.com/archives/fulldisclosure/2008-12/0239.html || url,doc.emergingthreats.net/bin/view/Main/2008910
1 || 2008911 || 3 || trojan-activity || 0 || ET TROJAN Spyguarder.com Fake AV Install Report || url,doc.emergingthreats.net/2008911
1 || 2008912 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Errordigger.com related) || url,doc.emergingthreats.net/bin/view/Main/2008912
1 || 2008913 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Trojan.Hijack.IrcBot.457 related) || url,doc.emergingthreats.net/bin/view/Main/2008913
1 || 2008914 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (xr - Worm.Win32.VB.cj related) || url,doc.emergingthreats.net/bin/view/Main/2008914
1 || 2008915 || 5 || trojan-activity || 0 || ET MALWARE MySideSearch.com Spyware Install || url,doc.emergingthreats.net/bin/view/Main/2008915
1 || 2008916 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Yandesk) || url,doc.emergingthreats.net/bin/view/Main/2008916
1 || 2008917 || 4 || trojan-activity || 0 || ET MALWARE Hotbar.com Related Spyware Install Report || url,doc.emergingthreats.net/bin/view/Main/2008917
1 || 2008918 || 5 || trojan-activity || 0 || ET MALWARE Hotbar.com Related Spyware Activity Report || url,doc.emergingthreats.net/bin/view/Main/2008918
1 || 2008919 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent pricers.info related (section) || url,doc.emergingthreats.net/bin/view/Main/2008919
1 || 2008920 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32/PcClient.ZL Checkin || url,doc.emergingthreats.net/2008920
1 || 2008921 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nitrotech members.php id Parameter SQL Injection || bugtraq,32458 || url,doc.emergingthreats.net/2008921
1 || 2008922 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nitrotech common.php root Parameter Remote File Inclusion || url,xforce.iss.net/xforce/xfdb/29904 || url,milw0rm.com/exploits/7218 || url,doc.emergingthreats.net/2008922
1 || 2008923 || 3 || web-application-attack || 0 || ET DELETED TxtBlog index.php m Parameter Local File Inclusion || bugtraq,32498 || url,milw0rm.com/exploits/7241 || url,doc.emergingthreats.net/2008923
1 || 2008924 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rakhi Software Price Comparison Script product.php subcategory_id SQL Injection || bugtraq,32504 || url,milw0rm.com/exploits/7250 || url,doc.emergingthreats.net/2008924
1 || 2008925 || 8 || web-application-attack || 0 || ET ACTIVEX Microsoft Windows Media Services nskey.dll ActiveX Control Possible Remote Buffer Overflow || bugtraq,30814 || cve,2008-5232 || url,doc.emergingthreats.net/2008925
1 || 2008926 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Venalsur Booking Centre HotelID Parameter SQL Injection || url,www.milw0rm.com/exploits/7253 || bugtraq,32512 || url,doc.emergingthreats.net/2008926
1 || 2008927 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lito Lite CMS cate.php cid parameter Remote SQL Injection || url,www.exploit-db.com/exploits/7294/ || url,secunia.com/advisories/32910/ || url,doc.emergingthreats.net/2008927
1 || 2008928 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS z1exchange edit.php site parameter SQL injection || bugtraq,32556 || url,milw0rm.com/exploits/7311 || url,doc.emergingthreats.net/2008928
1 || 2008929 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bcoos adresses module viewcat.php cid Parameter SQL injection || url,secunia.com/Advisories/32870/ || url,milw0rm.com/exploits/7317 || url,doc.emergingthreats.net/2008929
1 || 2008930 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ParsBlogger blog.asp wr parameter Remote SQL Injection || url,milw0rm.com/exploits/7239 || bugtraq,32488 || url,doc.emergingthreats.net/2008930
1 || 2008931 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Experts answer.php question_id parameter SQL Injection || cve,2008-5267 || url,milw0rm.com/exploits/5776 || bugtraq,29642 || url,doc.emergingthreats.net/2008931
1 || 2008932 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SunByte e-Flower popupproduct.php id Parameter SQL Injection || url,www.milw0rm.com/exploits/7323 || bugtraq,32589 || url,doc.emergingthreats.net/2008932
1 || 2008933 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Check New findoffice.php search parameter Remote SQL Injection || url,www.milw0rm.com/exploits/7328 || bugtraq,32590 || url,doc.emergingthreats.net/2008933
1 || 2008934 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Turnkey Arcade Script id parameter SQL injection || url,secunia.com/advisories/32890/ || url,milw0rm.com/exploits/7256 || url,doc.emergingthreats.net/2008934
1 || 2008935 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Werner Hilversum FAQ Manager header.php config_path parameter Remote File Inclusion || bugtraq,32472 || url,milw0rm.com/exploits/7229 || url,doc.emergingthreats.net/2008935
1 || 2008936 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ASPApps.com Template Creature media_level.asp mcatid parameter SQL Injection || url,www.milw0rm.com/exploits/7339 || bugtraq,32641 || url,doc.emergingthreats.net/2008936
1 || 2008937 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gravity-gtd rpc.php objectname parameter Local File Inclusion || url,www.milw0rm.com/exploits/7344 || url,secunia.com/advisories/32982/ || url,doc.emergingthreats.net/2008937
1 || 2008938 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Multi SEO phpBB pfad parameter local file inclusion || url,secunia.com/advisories/32986/ || url,milw0rm.com/exploits/7335 || url,doc.emergingthreats.net/2008938
1 || 2008939 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wbstreet show.php id parameter Remote SQL Injection || url,www.milw0rm.com/exploits/7337 || bugtraq,32635 || url,doc.emergingthreats.net/2008939
1 || 2008940 || 6 || trojan-activity || 0 || ET TROJAN DNSChanger.AT or related Infection Checkin Post || url,doc.emergingthreats.net/2008940
1 || 2008941 || 9 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (HELLO) || url,doc.emergingthreats.net/bin/view/Main/2008941
1 || 2008942 || 7 || attempted-admin || 0 || ET POLICY Dlink Soho Router Config Page Access Attempt || url,doc.emergingthreats.net/2008942
1 || 2008943 || 7 || trojan-activity || 0 || ET TROJAN Lop_com or variant Checkin (9kgen_up) || url,www.threatexpert.com/reports.aspx?find=9kgen_up.int || url,doc.emergingthreats.net/2008943
1 || 2008944 || 4 || trojan-activity || 0 || ET TROJAN TDSServ or Tidserv variant Checkin || url,www.threatexpert.com/reports.aspx?find=%2Fcrcmds%2Fmain || url,doc.emergingthreats.net/2008944
1 || 2008945 || 6 || trojan-activity || 0 || ET TROJAN dlink router access attempt || url,doc.emergingthreats.net/2008945
1 || 2008946 || 4 || trojan-activity || 0 || ET TROJAN UpackbyDwing binary in HTTP Download Possibly Hostile || url,www.packetninjas.net || url,doc.emergingthreats.net/2008946
1 || 2008947 || 5 || trojan-activity || 0 || ET TROJAN UpackbyDwing binary in HTTP (2) Possibly Hostile || url,www.packetninjas.net || url,doc.emergingthreats.net/2008947
1 || 2008949 || 5 || trojan-activity || 0 || ET TROJAN Win32.Small.yml or Related HTTP Checkin || url,doc.emergingthreats.net/2008949
1 || 2008950 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Small.yml client registration || url,doc.emergingthreats.net/2008950
1 || 2008951 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Small.yml client command || url,doc.emergingthreats.net/2008951
1 || 2008952 || 4 || trojan-activity || 0 || ET TROJAN Win32.Small.yml or Related HTTP Command || url,doc.emergingthreats.net/2008952
1 || 2008953 || 9 || successful-admin || 0 || ET ATTACK_RESPONSE Possible MS CMD Shell opened on local system || url,doc.emergingthreats.net/bin/view/Main/2008953
1 || 2008954 || 6 || trojan-activity || 0 || ET DELETED Mac User-Agent Typo Likely Hostile/Trojan Infection || url,doc.emergingthreats.net/2008954
1 || 2008955 || 7 || trojan-activity || 0 || ET TROJAN Mac User-Agent Typo INBOUND Likely Hostile || url,doc.emergingthreats.net/2008955
1 || 2008956 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (IE/1.0) || url,doc.emergingthreats.net/bin/view/Main/2008956
1 || 2008958 || 5 || trojan-activity || 0 || ET TROJAN Waledac Beacon Traffic Detected || url,www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081231 || url,doc.emergingthreats.net/2008958
1 || 2008961 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPmyGallery lang parameter Local File Inclusion || url,milw0rm.com/exploits/7392 || bugtraq,32705 || url,doc.emergingthreats.net/2008961
1 || 2008962 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPmyGallery confdir parameter Remote File Inclusion || url,milw0rm.com/exploits/7392 || bugtraq,32705 || url,doc.emergingthreats.net/2008962
1 || 2008963 || 9 || web-application-attack || 0 || ET ACTIVEX EasyMail Objects emmailstore.dll ActiveX Control Remote Buffer Overflow || bugtraq,32722 || url,milw0rm.com/exploits/7402 || url,doc.emergingthreats.net/2008963
1 || 2008964 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS lcxBBportal Alpha portal_block.php phpbb_root_path parameter Remote File Inclusion || url,milw0rm.com/exploits/7341 || bugtraq,32647 || url,doc.emergingthreats.net/2008964
1 || 2008965 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS lcxBBportal Alpha acp_lcxbbportal.php phpbb_root_path parameter Remote File Inclusion || url,milw0rm.com/exploits/7341 || bugtraq,32647 || url,doc.emergingthreats.net/2008965
1 || 2008966 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ccTiddly index.php cct_base parameter Remote File Inclusion || url,www.milw0rm.com/exploits/7336 || url,secunia.com/Advisories/32995/ || url,doc.emergingthreats.net/2008966
1 || 2008967 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ccTiddly proxy.php cct_base parameter Remote File Inclusion || url,www.milw0rm.com/exploits/7336 || url,secunia.com/Advisories/32995/ || url,doc.emergingthreats.net/2008967
1 || 2008968 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ccTiddly header.php cct_base parameter Remote File Inclusion || url,www.milw0rm.com/exploits/7336 || url,secunia.com/Advisories/32995/ || url,doc.emergingthreats.net/2008968
1 || 2008969 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ccTiddly include.php cct_base parameter Remote File Inclusion || url,www.milw0rm.com/exploits/7336 || url,secunia.com/Advisories/32995/ || url,doc.emergingthreats.net/2008969
1 || 2008970 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ccTiddly workspace.php cct_base parameter Remote File Inclusion || url,www.milw0rm.com/exploits/7336 || url,secunia.com/Advisories/32995/ || url,doc.emergingthreats.net/2008970
1 || 2008972 || 4 || trojan-activity || 0 || ET TROJAN Pointfree.co.kr Trojan/Spyware Infection Checkin || url,doc.emergingthreats.net/2008972
1 || 2008973 || 5 || trojan-activity || 0 || ET TROJAN onmuz.com Infection Activity || url,doc.emergingthreats.net/2008973
1 || 2008974 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Mozilla/4.0 (compatible)) || url,doc.emergingthreats.net/bin/view/Main/2008974
1 || 2008975 || 12 || trojan-activity || 0 || ET TROJAN Suspicious Malformed Double Accept Header || url,doc.emergingthreats.net/2008975
1 || 2008976 || 5 || trojan-activity || 0 || ET TROJAN Vundo Variant reporting to Controller via HTTP (1) || url,doc.emergingthreats.net/2008976
1 || 2008977 || 5 || trojan-activity || 0 || ET TROJAN Vundo Variant reporting to Controller via HTTP (2) || url,doc.emergingthreats.net/2008977
1 || 2008983 || 6 || trojan-activity || 0 || ET USER_AGENTS Suspicious User Agent (BlackSun) || url,www.bitdefender.com/VIRUS-1000328-en--Trojan.Pws.Wow.NCY.html || url,doc.emergingthreats.net/bin/view/Main/2008983
1 || 2008984 || 6 || trojan-activity || 0 || ET TROJAN Trojan-GameThief.Win32.OnLineGames infection report || url,doc.emergingthreats.net/2008984
1 || 2008985 || 3 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via whatismyip.com Automation Page - Possible Infection || url,doc.emergingthreats.net/2008985
1 || 2008986 || 5 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via whatismyip.com - Possible Infection
1 || 2008987 || 4 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via showip.net - Possible Infection || url,doc.emergingthreats.net/2008987
1 || 2008988 || 4 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via cmyip.com - Possible Infection || url,doc.emergingthreats.net/2008988
1 || 2008989 || 4 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via showmyip.com - Possible Infection || url,doc.emergingthreats.net/2008989
1 || 2008992 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpAddEdit editform parameter Local File Inclusion || url,milw0rm.com/exploits/7417 || bugtraq,32774 || url,doc.emergingthreats.net/2008992
1 || 2008993 || 8 || web-application-attack || 0 || ET ACTIVEX Microsoft Visual Basic Common AVI ActiveX Control File Parsing Buffer Overflow || url,www.milw0rm.com/exploits/7431 || bugtraq,32613 || url,doc.emergingthreats.net/2008993
1 || 2008994 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Multiple Membership Script id parameter SQL injection || url,secunia.com/advisories/33019/ || url,milw0rm.com/exploits/7346 || url,doc.emergingthreats.net/2008994
1 || 2008995 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CF_Calendar calid parameter SQL Injection || url,secunia.com/advisories/33074/ || url,milw0rm.com/exploits/7413 || url,doc.emergingthreats.net/2008995
1 || 2008996 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Text-File Login script slogin_path parameter remote file inclusion || bugtraq,32811 || url,milw0rm.com/exploits/7444 || url,doc.emergingthreats.net/2008996
1 || 2008997 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS icash Click&BaneX user_menu.asp ID parameter SQL Injection || url,milw0rm.com/exploits/7484 || bugtraq,32856 || url,doc.emergingthreats.net/2008997
1 || 2008998 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EvimGibi Pro Resim Galerisi kat_id parameter SQL Injection || url,secunia.com/advisories/33199/ || url,packetstorm.linuxsecurity.com/0812-exploits/evimgibi-sql.txt || url,doc.emergingthreats.net/2008998
1 || 2008999 || 8 || web-application-attack || 0 || ET ACTIVEX EvansFTP EvansFTP.ocx Remote Buffer Overflow || bugtraq,32814 || url,www.milw0rm.com/exploits/7460 || url,doc.emergingthreats.net/2008999
1 || 2009000 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RSS Simple News news.php pid parameter Remote SQL Injection || url,www.milw0rm.com/exploits/7541 || bugtraq,32962 || url,doc.emergingthreats.net/2009000
1 || 2009001 || 4 || policy-violation || 0 || ET POLICY Login Credentials Possibly Passed in URI || url,doc.emergingthreats.net/2009001
1 || 2009002 || 8 || web-application-attack || 0 || ET ACTIVEX Phoenician Casino FlashAX ActiveX Control Remote Buffer Overflow || bugtraq,32901 || url,www.milw0rm.com/exploits/7505 || url,doc.emergingthreats.net/2009002
1 || 2009003 || 7 || trojan-activity || 0 || ET TROJAN Win32/Korklic.A || url,doc.emergingthreats.net/2009003
1 || 2009004 || 4 || policy-violation || 0 || ET POLICY Login Credentials Possibly Passed in POST Data || url,doc.emergingthreats.net/2009004
1 || 2009005 || 10 || policy-violation || 0 || ET MALWARE Simbar Spyware User-Agent Detected || url,research.sunbelt-software.com/threatdisplay.aspx?name=AdWare.Win32.Simbar.a&threatid=427805 || url,vil.nai.com/vil/content/v_131206.htm || url,doc.emergingthreats.net/bin/view/Main/2009005
1 || 2009009 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClaSS export.php ftype parameter Information Disclosure || url,secunia.com/advisories/33222 || bugtraq,32929 || url,doc.emergingthreats.net/2009009
1 || 2009010 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Plugin Page Flip Image Gallery getConfig.php book_id parameter Remote File Disclosure || url,www.milw0rm.com/exploits/7543 || bugtraq,32966 || url,doc.emergingthreats.net/2009010
1 || 2009011 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rematic CMS referenzdetail.php id parameter SQL Injection || url,secunia.com/advisories/33208/ || url,milw0rm.com/exploits/7502 || url,doc.emergingthreats.net/2009011
1 || 2009012 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Rematic CMS produkte.php id parameter SQL Injection || url,secunia.com/advisories/33208/ || url,milw0rm.com/exploits/7502 || url,doc.emergingthreats.net/2009012
1 || 2009013 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebPhotoPro art.php idm Parameter SQL Injection || bugtraq,32829 || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || url,doc.emergingthreats.net/2009013
1 || 2009014 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebPhotoPro rub.php idr Parameter SQL Injection || bugtraq,32829 || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || url,doc.emergingthreats.net/2009014
1 || 2009015 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebPhotoPro galeri_info.php ida Parameter SQL Injection || bugtraq,32829 || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || url,doc.emergingthreats.net/2009015
1 || 2009016 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebPhotoPro galeri_info.php lang Parameter SQL Injection || bugtraq,32829 || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || url,doc.emergingthreats.net/2009016
1 || 2009017 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebPhotoPro rubrika.php idr Parameter SQL Injection || bugtraq,32829 || url,packetstormsecurity.org/0808-exploits/webphotopro-sql.txt || url,doc.emergingthreats.net/2009017
1 || 2009018 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Text Lines Rearrange Script filename parameter File Disclosure || url,securityfocus.com/bid/32968 || url,milw0rm.com/exploits/7542 || url,doc.emergingthreats.net/2009018
1 || 2009019 || 2 || trojan-activity || 0 || ET TROJAN VMProtect Demo version Packed Binary - Likely Hostile || url,www.vmprotect.ru || url,www.packetninjas.net || url,doc.emergingthreats.net/2009019
1 || 2009020 || 3 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via ipchicken.com - Possible Infection || url,doc.emergingthreats.net/2009020
1 || 2009021 || 9 || trojan-activity || 0 || ET MALWARE User-Agent (IE_6.0) || url,doc.emergingthreats.net/bin/view/Main/2009021
1 || 2009022 || 6 || trojan-activity || 0 || ET TROJAN Zlob User Agent (securityinternet) || url,www.bitdefender.com/VIRUS-1000328-en--Trojan.Pws.Wow.NCY.html || url,doc.emergingthreats.net/2009022
1 || 2009024 || 13 || trojan-activity || 0 || ET TROJAN Downadup/Conficker A or B Worm reporting || url,www.f-secure.com/weblog/archives/00001584.html || url,doc.emergingthreats.net/bin/view/Main/2009024
1 || 2009025 || 3 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic Checkin variant 2 || url,doc.emergingthreats.net/2009025
1 || 2009026 || 3 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Status OK (variant 2) || url,doc.emergingthreats.net/2009026
1 || 2009027 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (FileDownloader) || url,doc.emergingthreats.net/bin/view/Main/2009027
1 || 2009028 || 9 || attempted-admin || 0 || ET MALWARE 404 Response with an EXE Attached - Likely Malware Drop || url,doc.emergingthreats.net/bin/view/Main/2009028
1 || 2009029 || 6 || web-application-attack || 0 || ET WEB_SERVER SQL Injection Attempt (Agent NV32ts) || url,doc.emergingthreats.net/2009029
1 || 2009032 || 9 || trojan-activity || 0 || ET DELETED Armitage Exploit Request || url,doc.emergingthreats.net/2009032
1 || 2009033 || 7 || policy-violation || 0 || ET POLICY Suspicious Executable (Win exe under 128) || url,doc.emergingthreats.net/2009033
1 || 2009034 || 7 || policy-violation || 0 || ET POLICY Suspicious Executable (PE offset 160) || url,doc.emergingthreats.net/2009034
1 || 2009035 || 7 || policy-violation || 0 || ET POLICY Suspicious Executable (PE offset 512) || url,doc.emergingthreats.net/2009035
1 || 2009036 || 8 || trojan-activity || 0 || ET TROJAN Armitage Loader Check-in || url,doc.emergingthreats.net/2009036
1 || 2009037 || 2 || trojan-activity || 0 || ET TROJAN Vipdataend C&C Traffic - Checkin (variant 3) || url,doc.emergingthreats.net/2009037
1 || 2009038 || 3 || attempted-recon || 0 || ET SCAN SQLNinja MSSQL Version Scan || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009038
1 || 2009039 || 3 || attempted-recon || 0 || ET SCAN SQLNinja MSSQL XPCmdShell Scan || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009039
1 || 2009040 || 4 || attempted-recon || 0 || ET SCAN SQLNinja MSSQL User Scan || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009040
1 || 2009041 || 4 || attempted-recon || 0 || ET SCAN SQLNinja MSSQL Database User Rights Scan || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009041
1 || 2009042 || 5 || attempted-recon || 0 || ET SCAN SQLNinja MSSQL Authentication Mode Scan || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009042
1 || 2009043 || 4 || attempted-admin || 0 || ET SCAN SQLNinja Attempt To Recreate xp_cmdshell Using sp_configure || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009043
1 || 2009044 || 4 || attempted-admin || 0 || ET SCAN SQLNinja Attempt To Create xp_cmdshell Session || url,sqlninja.sourceforge.net/index.html || url,doc.emergingthreats.net/2009044
1 || 2009045 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cfagcms right.php title Parameter SQL Injection || bugtraq,32851 || url,milw0rm.com/exploits/7483 || url,doc.emergingthreats.net/2009045
1 || 2009046 || 48 || web-application-attack || 0 || ET ACTIVEX Chilkat Socket Activex Remote Arbitrary File Overwrite 1 || bugtraq,32333 || url,milw0rm.com/exploits/7594 || url,doc.emergingthreats.net/2009046
1 || 2009047 || 8 || web-application-attack || 0 || ET ACTIVEX SaschArt SasCam Webcam Server ActiveX Control Get Method Buffer Overflow || bugtraq,33053 || url,milw0rm.com/exploits/7617 || url,doc.emergingthreats.net/2009047
1 || 2009048 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sepcity Lawyer Portal deptdisplay.asp ID parameter SQL Injection || url,milw0rm.com/exploits/7610 || bugtraq,33040 || url,doc.emergingthreats.net/2009048
1 || 2009049 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RealtyListings type.asp iType Parameter SQL Injection || url,secunia.com/advisories/33167/ || url,milw0rm.com/exploits/7464 || url,doc.emergingthreats.net/2009049
1 || 2009050 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RealtyListings detail.asp iPro Parameter SQL Injection || url,secunia.com/advisories/33167/ || url,milw0rm.com/exploits/7464 || url,doc.emergingthreats.net/2009050
1 || 2009051 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPOF DB_AdoDB.Class.PHP PHPOF_INCLUDE_PATH parameter Remote File Inclusion || bugtraq,25541 || url,doc.emergingthreats.net/2009051
1 || 2009052 || 3 || trojan-activity || 0 || ET TROJAN Hupigon System Stats Report (I-variant) || url,doc.emergingthreats.net/bin/view/Main/TrojanDropper497
1 || 2009053 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MODx CMS Thumbnail.php base_path Remote File Inclusion || url,securityvulns.com/Odocument913.html || url,doc.emergingthreats.net/2009053
1 || 2009054 || 8 || trojan-activity || 0 || ET TROJAN Asprox Form Submission to C&C || url,doc.emergingthreats.net/2009054
1 || 2009055 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pligg check_url.php url parameter SQL Injection || url,milw0rm.com/exploits/7544 || bugtraq,32970 || url,doc.emergingthreats.net/2009055
1 || 2009056 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pixel8 Web Photo Album AlbumID SQL Injection || url,secunia.com/advisories/33373/ || url,milw0rm.com/exploits/7627 || url,doc.emergingthreats.net/2009056
1 || 2009057 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PowerNews news.php newsid parameter SQL Injection || url,secunia.com/advisories/33363/ || url,milw0rm.com/exploits/7641 || url,doc.emergingthreats.net/2009057
1 || 2009058 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WSN Guest search.php search parameter SQL Injection || bugtraq,33097 || url,milw0rm.com/exploits/7659 || url,doc.emergingthreats.net/2009058
1 || 2009059 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Feederator add_tmsp.php mosConfig_absolute_path parameter remote file inclusion || bugtraq,32194 || url,milw0rm.com/exploits/7040 || url,doc.emergingthreats.net/2009059
1 || 2009060 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Feederator edit_tmsp.php mosConfig_absolute_path parameter remote file inclusion || bugtraq,32194 || url,milw0rm.com/exploits/7040 || url,doc.emergingthreats.net/2009060
1 || 2009061 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Feederator subscription.php GLOBALS mosConfig_absolute_path parameter remote file inclusion || bugtraq,32194 || url,milw0rm.com/exploits/7040 || url,doc.emergingthreats.net/2009061
1 || 2009062 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Feederator tmsp.php mosConfig_absolute_path parameter remote file inclusion || bugtraq,32194 || url,milw0rm.com/exploits/7040 || url,doc.emergingthreats.net/2009062
1 || 2009063 || 8 || web-application-attack || 0 || ET ACTIVEX Easy Grid ActiveX Multiple Arbitrary File Overwrite || bugtraq,33272 || url,doc.emergingthreats.net/2009063
1 || 2009064 || 8 || web-application-attack || 0 || ET ACTIVEX Ciansoft PDFBuilderX Control ActiveX Arbitrary File Overwrite || bugtraq,33233 || url,milw0rm.com/exploits/7794 || url,doc.emergingthreats.net/2009064
1 || 2009065 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Daily add_postit.php id Parameter SQL Injection || url,secunia.com/Advisories/32408 || url,milw0rm.com/exploits/6833 || url,doc.emergingthreats.net/2009065
1 || 2009066 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Daily delete.php id Parameter SQL Injection || url,secunia.com/Advisories/32/32408 || url,milw0rm.com/exploits/6833 || url,doc.emergingthreats.net/2009066
1 || 2009067 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion Members CV(job) Module members.php sortby parameter SQL injection || bugtraq,33156 || url,milw0rm.com/exploits/7697 || url,doc.emergingthreats.net/2009067
1 || 2009068 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGaming CMS previews.php browse parameter SQL injection || cve,2008-5841 || bugtraq,31340 || url,milw0rm.com/exploits/6540 || url,doc.emergingthreats.net/2009068
1 || 2009069 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGaming CMS reviews.php browse parameter SQL injection || cve,2008-5841 || bugtraq,31340 || url,milw0rm.com/exploits/6540 || url,doc.emergingthreats.net/2009069
1 || 2009070 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpSkelSite TplSuffix parameter local file inclusion || bugtraq,33092 || url,doc.emergingthreats.net/2009070
1 || 2009071 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpSkelSite theme parameter remote file inclusion || bugtraq,33092 || url,doc.emergingthreats.net/2009071
1 || 2009073 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 admin_words.php ModName parameter Local File inclusion || bugtraq,33103 || url,doc.emergingthreats.net/2009073
1 || 2009074 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 admin_groups_reapir.php ModName parameter Local File inclusion || bugtraq,33103 || url,doc.emergingthreats.net/2009074
1 || 2009075 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PNphpBB2 admin_smilies.php ModName parameter Local File inclusion || bugtraq,33103 || url,doc.emergingthreats.net/2009075
1 || 2009076 || 16 || bad-unknown || 0 || ET DELETED Nginx Serving PDF - Possible hostile content (PDF) || url,doc.emergingthreats.net/bin/view/Main/2009076
1 || 2009077 || 3 || trojan-activity || 0 || ET TROJAN TROJ_INJECT.NI Update Request || url,www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_INJECT.NI&VSect=T || url,doc.emergingthreats.net/2009077
1 || 2009078 || 5 || trojan-activity || 0 || ET TROJAN Backdoor Lanfiltrator Checkin || url,research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.LanFiltrator.3b&threatid=51642 || url,doc.emergingthreats.net/2009078
1 || 2009079 || 3 || trojan-activity || 0 || ET TROJAN Delfsnif/Buzus.fte Remote Response || url,www.threatexpert.com/threats/virtool-win32-delfsnif-gen.html || url,doc.emergingthreats.net/2009079
1 || 2009080 || 8 || trojan-activity || 0 || ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile || url,doc.emergingthreats.net/2009080
1 || 2009081 || 10 || trojan-activity || 0 || ET TROJAN Password Stealer - User-Agent (Ucheck) || url,doc.emergingthreats.net/2009081
1 || 2009082 || 6 || trojan-activity || 0 || ET DELETED Password Stealer Reporting - ?a=%NN&b= || url,doc.emergingthreats.net/2009082
1 || 2009083 || 6 || not-suspicious || 0 || ET DELETED Set flow on bmp file get || url,doc.emergingthreats.net/2009083
1 || 2009084 || 9 || trojan-activity || 0 || ET DELETED Possible Trojan File Download - BMP Requested but not received || url,doc.emergingthreats.net/2009084
1 || 2009085 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS playSMS init.php apps_path plug parameter local file inclusion || url,secunia.com/advisories/33386/ || url,milw0rm.com/exploits/7687 || url,doc.emergingthreats.net/2009085
1 || 2009086 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS playSMS init.php apps_path themes parameter remote file inclusion || url,secunia.com/advisories/33386/ || url,milw0rm.com/exploits/7687 || url,doc.emergingthreats.net/2009086
1 || 2009087 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS playSMS init.php apps_path themes parameter local file inclusion || url,secunia.com/advisories/33386/ || url,milw0rm.com/exploits/7687 || url,doc.emergingthreats.net/2009087
1 || 2009088 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS playSMS function.php apps_path libs parameter remote file inclusion || url,secunia.com/advisories/33386/ || url,milw0rm.com/exploits/7687 || url,doc.emergingthreats.net/2009088
1 || 2009089 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS playSMS function.php apps_path libs parameter local file inclusion || url,secunia.com/advisories/33386/ || url,milw0rm.com/exploits/7687 || url,doc.emergingthreats.net/2009089
1 || 2009090 || 5 || trojan-activity || 0 || ET TROJAN Generic Banker Trojan Downloader Config to client || url,doc.emergingthreats.net/2009090
1 || 2009091 || 5 || policy-violation || 0 || ET MALWARE Adware/Spyware Trymedia.com EXE download || url,www.browserdefender.com/site/trymedia.com || url,www.threatexpert.com/reports.aspx?find=Adware.Trymedia || url,doc.emergingthreats.net/2009091
1 || 2009092 || 9 || trojan-activity || 0 || ET DELETED New Malware Information Post || url,doc.emergingthreats.net/2009092
1 || 2009093 || 5 || trojan-activity || 0 || ET DELETED Backdoor PcClient.CAK.Pakes POST on non-http Port || url,doc.emergingthreats.net/2009093
1 || 2009094 || 7 || trojan-activity || 0 || ET TROJAN Password Stealer (PSW.Win32.Magania Family) GET || url,www.f-secure.com/v-descs/trojan-psw_w32_magania.shtml || url,www.threatexpert.com/reports.aspx?find=Trojan-PWS.Magania || url,doc.emergingthreats.net/2009094
1 || 2009095 || 3 || policy-violation || 0 || ET POLICY Newzbin Usenet Reader License Check || url,doc.emergingthreats.net/2009095
1 || 2009096 || 8 || trojan-activity || 0 || ET TROJAN Tigger.a/Syzor Control Checkin || url,voices.washingtonpost.com/securityfix/2009/02/the_t-i-double-guh-r_trojan_ic.html?wprss=securityfix || url,mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html || url,doc.emergingthreats.net/2009096
1 || 2009097 || 2 || policy-violation || 0 || ET P2P Manolito Connection (1) || url,doc.emergingthreats.net/2009097
1 || 2009098 || 3 || policy-violation || 0 || ET P2P Manolito Ping || url,doc.emergingthreats.net/2009098
1 || 2009099 || 3 || policy-violation || 0 || ET P2P ThunderNetwork UDP Traffic || url,xunlei.com || url,en.wikipedia.org/wiki/Xunlei || url,doc.emergingthreats.net/2009099
1 || 2009100 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SocialEngine browse_classifieds.php Remote SQL Injection || url,secunia.com/advisories/33474/ || url,milw0rm.com/exploits/7730 || url,doc.emergingthreats.net/2009100
1 || 2009101 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS REALTOR define.php Remote File Inclusion || bugtraq,33227 || url,milw0rm.com/exploits/7743 || url,doc.emergingthreats.net/2009101
1 || 2009102 || 8 || web-application-attack || 0 || ET ACTIVEX Easy Grid ActiveX Multiple Arbitrary File Overwrite || bugtraq,33272 || url,doc.emergingthreats.net/2009102
1 || 2009103 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Free Bible Search readbible.php SQL Injection || bugtraq,33301 || url,milw0rm.com/exploits/7798 || url,doc.emergingthreats.net/2009103
1 || 2009104 || 8 || web-application-attack || 0 || ET ACTIVEX MetaProducts MetaTreeX ActiveX Control Arbitrary File Overwrite || bugtraq,33318 || url,milw0rm.com/exploits/7804 || url,doc.emergingthreats.net/2009104
1 || 2009108 || 4 || trojan-activity || 0 || ET TROJAN Parite Setup Connection (tqzn.com related) || url,doc.emergingthreats.net/2009108
1 || 2009111 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (get_site1) || url,doc.emergingthreats.net/2009111
1 || 2009114 || 7 || trojan-activity || 0 || ET TROJAN Downadup/Conficker A Worm reporting || url,www.f-secure.com/weblog/archives/00001584.html || url,doc.emergingthreats.net/bin/view/Main/2009114
1 || 2009115 || 6 || web-application-attack || 0 || ET ACTIVEX JamDTA ActiveX Control SaveToFile Arbitrary File Overwrite || bugtraq,33345 || url,doc.emergingthreats.net/2009115
1 || 2009117 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easynet4u Link Host directory.php cat_id parameter SQL Injection || bugtraq,31717 || url,www.milw0rm.com/exploits/6728 || url,doc.emergingthreats.net/2009117
1 || 2009118 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetik.net ESA sayfalar.php KayitNo Parameter SQL Injection || bugtraq,31352 || url,www.milw0rm.com/exploits/6549 || url,doc.emergingthreats.net/2009118
1 || 2009119 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Jetik.net ESA diger.php KayitNo Parameter SQL Injection || bugtraq,31352 || url,www.milw0rm.com/exploits/6549 || url,doc.emergingthreats.net/2009119
1 || 2009120 || 9 || web-application-attack || 0 || ET ACTIVEX FlexCell Grid ActiveX Multiple Arbitrary File Overwrite || url,www.milw0rm.com/exploits/7868 || bugtraq,33453 || url,doc.emergingthreats.net/2009120
1 || 2009121 || 9 || web-application-attack || 0 || ET ACTIVEX NCTsoft NCTAudioFile2 ActiveX Control NCTWMAFILE2.DLL Arbitrary File Overwrite || url,www.milw0rm.com/exploits/7871 || bugtraq,24613 || url,doc.emergingthreats.net/2009121
1 || 2009122 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wazzum Dating Software profile_view.php userid Parameter SQL Injection || url,www.milw0rm.com/exploits/7877 || url,secunia.com/Advisories/33654/ || url,doc.emergingthreats.net/2009122
1 || 2009123 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SezHoo SezHooTabsAndActions.php IP Parameter Remote File Inclusion || bugtraq,31756 || url,www.milw0rm.com/exploits/6751 || url,doc.emergingthreats.net/2009123
1 || 2009124 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (GETJOB) || url,doc.emergingthreats.net/2009124
1 || 2009125 || 15 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Inject.esi/Comfoo Outbound Communication || url,doc.emergingthreats.net/2009125 || url,www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/
1 || 2009126 || 8 || trojan-activity || 0 || ET TROJAN Win32/Monkif Downloader Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32%2fMonkif.C || url,doc.emergingthreats.net/2009126
1 || 2009127 || 7 || trojan-activity || 0 || ET TROJAN General Banker.PWS POST Checkin || url,doc.emergingthreats.net/2009127
1 || 2009128 || 5 || trojan-activity || 0 || ET TROJAN Bifrose Connect to Controller (PING PONG) || url,doc.emergingthreats.net/2009128
1 || 2009129 || 5 || trojan-activity || 0 || ET TROJAN Bifrose Response from Controller (PING PONG) || url,doc.emergingthreats.net/2009129
1 || 2009130 || 3 || trojan-activity || 0 || ET TROJAN Overtoolbar.net Backdoor ICMP Checkin Request || url,doc.emergingthreats.net/2009130
1 || 2009131 || 3 || trojan-activity || 0 || ET TROJAN Overtoolbar.net Backdoor ICMP Checkin Response || url,doc.emergingthreats.net/2009131
1 || 2009132 || 6 || web-application-attack || 0 || ET WEB_CLIENT Internet Explorer javascript onUnload http spliting attempt (body) || url,doc.emergingthreats.net/2009132
1 || 2009133 || 6 || web-application-attack || 0 || ET WEB_CLIENT Internet Explorer javascript onUnload http spliting attempt (img) || url,doc.emergingthreats.net/2009133
1 || 2009134 || 6 || web-application-attack || 0 || ET WEB_CLIENT Internet Explorer javascript onURLFlip http spliting attempt (body) || url,doc.emergingthreats.net/2009134
1 || 2009135 || 6 || web-application-attack || 0 || ET WEB_CLIENT Internet Explorer javascript onURLFlip http spliting attempt || url,doc.emergingthreats.net/2009135
1 || 2009136 || 6 || web-application-attack || 0 || ET ACTIVEX Web on Windows ActiveX Insecure Methods || bugtraq,33515 || url,xforce.iss.net/xforce/xfdb/48337 || url,doc.emergingthreats.net/2009136
1 || 2009137 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Realty dpage.php docID parameter SQL Injection || url,secunia.com/advisories/31484/ || url,packetstorm.linuxsecurity.com/0808-exploits/phprealty-sql.txt || url,doc.emergingthreats.net/2009137
1 || 2009138 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Synactis All_IN_THE_BOX ActiveX SaveDoc Method Arbitrary File Overwrite || url,milw0rm.com/exploits/7928 || bugtraq,33535 || url,doc.emergingthreats.net/2009138
1 || 2009139 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Million Pixel Ad Script tops_top.php id_cat parameter SQL Injection || url,secunia.com/advisories/31626/ || url,milw0rm.com/exploits/6044 || url,doc.emergingthreats.net/2009139
1 || 2009140 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ReVou Micro Blogging user_updates.php user Parameter SQL Injection || url,milw0rm.com/exploits/7925 || bugtraq,33540 || url,doc.emergingthreats.net/2009140
1 || 2009141 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNBank utdb_access.php minsoft_path Parameter Remote File Inclusion || bugtraq,31492 || url,milw0rm.com/exploits/6632 || url,doc.emergingthreats.net/2009141
1 || 2009142 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MiNBank utgn_message.php minsoft_path Parameter Remote File Inclusion || bugtraq,31492 || url,milw0rm.com/exploits/6632 || url,doc.emergingthreats.net/2009142
1 || 2009143 || 37 || web-application-attack || 0 || ET ACTIVEX ACTIVEX PPMate PPMedia Class ActiveX Control Buffer Overflow || cve,2008-3242 || url,secunia.com/advisories/30952 || url,milw0rm.com/exploits/6090 || url,doc.emergingthreats.net/2009143
1 || 2009144 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sourdough neededFiles Parameter Remote File Inclusion || url,doc.emergingthreats.net/2009144
1 || 2009145 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Syntax Desktop preview.php synTarget Parameter Local File Inclusion || url,www.milw0rm.com/exploits/7977 || bugtraq,33601 || url,doc.emergingthreats.net/2009145
1 || 2009146 || 4 || web-application-activity || 0 || ET ATTACK_RESPONSE Possible ASPXSpy Request || url,doc.emergingthreats.net/2009146
1 || 2009147 || 4 || web-application-activity || 0 || ET ATTACK_RESPONSE Possible ASPXSpy Related Activity || url,doc.emergingthreats.net/2009147
1 || 2009149 || 4 || web-application-activity || 0 || ET ATTACK_RESPONSE Possible ASPXSpy Upload Attempt || url,doc.emergingthreats.net/2009149
1 || 2009150 || 6 || trojan-activity || 0 || ET MALWARE Viruskill.co.kr Fake AV User-Agent Detected (virus_kill) || url,doc.emergingthreats.net/2009150
1 || 2009151 || 8 || web-application-attack || 0 || ET WEB_SERVER PHP Generic Remote File Include Attempt (HTTP) || url,doc.emergingthreats.net/2009151
1 || 2009152 || 8 || web-application-attack || 0 || ET WEB_SERVER PHP Generic Remote File Include Attempt (HTTPS) || url,doc.emergingthreats.net/2009152
1 || 2009153 || 8 || web-application-attack || 0 || ET WEB_SERVER PHP Generic Remote File Include Attempt (FTP) || url,doc.emergingthreats.net/2009153
1 || 2009154 || 8 || attempted-recon || 0 || ET SCAN Automated Injection Tool User-Agent (AutoGetColumn) || url,doc.emergingthreats.net/2009154
1 || 2009155 || 8 || web-application-attack || 0 || ET WEB_SERVER PHP Generic Remote File Include Attempt (FTPS) || url,doc.emergingthreats.net/2009155
1 || 2009156 || 9 || trojan-activity || 0 || ET TROJAN Koobface Checkin via POST || url,www.virustotal.com/analisis/a4a854e56ecc0a54204fc3b043c63094 || url,doc.emergingthreats.net/2009156
1 || 2009157 || 6 || trojan-activity || 0 || ET MALWARE Fake AV User-Agent (N1) || url,doc.emergingthreats.net/2009157
1 || 2009158 || 4 || attempted-recon || 0 || ET SCAN WebShag Web Application Scan Detected || url,www.scrt.ch/pages_en/outils.html || url,doc.emergingthreats.net/2009158
1 || 2009159 || 7 || attempted-recon || 0 || ET SCAN Toata Scanner User-Agent Detected || url,isc.sans.org/diary.html?storyid=5599 || url,doc.emergingthreats.net/2009159
1 || 2009160 || 8 || web-application-attack || 0 || ET ACTIVEX GeoVision LiveX_v8200 ActiveX Control Arbitrary File Overwrite || url,milw0rm.com/exploits/8059 || url,doc.emergingthreats.net/2009160
1 || 2009161 || 8 || web-application-attack || 0 || ET ACTIVEX GeoVision LiveX_v7000 ActiveX Control Arbitrary File Overwrite || url,xforce.iss.net/xforce/xfdb/48773 || url,milw0rm.com/exploits/8059 || url,doc.emergingthreats.net/2009161
1 || 2009162 || 8 || web-application-attack || 0 || ET ACTIVEX GeoVision LiveX_v8120 ActiveX Control Arbitrary File Overwrite || url,xforce.iss.net/xforce/xfdb/48773 || url,milw0rm.com/exploits/8059 || url,doc.emergingthreats.net/2009162
1 || 2009163 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GBook header.php abspath Parameter Remote File Inclusion || url,secunia.com/advisories/33768/ || url,milw0rm.com/exploits/7955 || url,doc.emergingthreats.net/2009163
1 || 2009164 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS openEngine filepool.php oe_classpath parameter Remote File Inclusion || bugtraq,31423 || url,milw0rm.com/exploits/6585 || url,doc.emergingthreats.net/2009164
1 || 2009165 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Barcode Generator LSTable.php class_dir parameter Remote File Inclusion || bugtraq,31419 || url,milw0rm.com/exploits/6575 || url,doc.emergingthreats.net/2009165
1 || 2009166 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Concord Consortium CoAST header.php sections_file parameter remote file inclusion || bugtraq,31461 || url,milw0rm.com/exploits/6598 || url,doc.emergingthreats.net/2009166
1 || 2009167 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AdaptCMS Lite rss_importer_functions.php sitepath Parameter Remote File Inclusion || url,milw0rm.com/exploits/8016 || bugtraq,33698 || url,doc.emergingthreats.net/2009167
1 || 2009168 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Papoo CMS message_class.php pfadhier Local File Inclusion || bugtraq,33718 || url,milw0rm.com/exploits/8030 || url,doc.emergingthreats.net/2009168
1 || 2009169 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Thyme export.php export_to Parameter Local File Inclusion || bugtraq,33731 || url,milw0rm.com/exploits/8029 || url,doc.emergingthreats.net/2009169
1 || 2009170 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Psyb0t Code Download || url,www.adam.com.au/bogaurd/PSYB0T.pdf || url,doc.emergingthreats.net/2009170
1 || 2009171 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Psyb0t Bot Nick || url,www.adam.com.au/bogaurd/PSYB0T.pdf || url,doc.emergingthreats.net/2009171
1 || 2009172 || 2 || trojan-activity || 0 || ET TROJAN Psyb0t joining an IRC Channel || url,www.adam.com.au/bogaurd/PSYB0T.pdf || url,doc.emergingthreats.net/2009172
1 || 2009173 || 5 || trojan-activity || 0 || ET TROJAN Possible Vundo Trojan Variant reporting to Controller || url,doc.emergingthreats.net/2009173
1 || 2009174 || 4 || trojan-activity || 0 || ET TROJAN Possible Vundo EXE Download Attempt || url,doc.emergingthreats.net/2009174
1 || 2009175 || 6 || trojan-activity || 0 || ET DELETED Zbot/Zeus C&C Access || url,doc.emergingthreats.net/2009175
1 || 2009178 || 8 || web-application-attack || 0 || ET ACTIVEX Nokia Phoenix Service Software ActiveX Control Buffer Overflow || bugtraq,33726 || url,doc.emergingthreats.net/2009178
1 || 2009179 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SnippetMaster vars.inc.php _SESSION Parameter Remote File Inclusion || url,secunia.com/advisories/33865/ || url,milw0rm.com/exploits/8017 || url,doc.emergingthreats.net/2009179
1 || 2009180 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SnippetMaster pcltar.lib.php g_pcltar_lib_dir Parameter Remote File Inclusion || url,secunia.com/advisories/33865/ || url,milw0rm.com/exploits/8017 || url,doc.emergingthreats.net/2009180
1 || 2009181 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SnippetMaster vars.inc.php _SESSION Parameter Local File Inclusion || url,secunia.com/advisories/33865/ || url,milw0rm.com/exploits/8017 || url,doc.emergingthreats.net/2009181
1 || 2009182 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SnippetMaster pcltar.lib.php g_pcltar_lib_dir Parameter Local File Inclusion || url,secunia.com/advisories/33865/ || url,milw0rm.com/exploits/8017 || url,doc.emergingthreats.net/2009182
1 || 2009184 || 8 || web-application-attack || 0 || ET ACTIVEX FathFTP ActiveX DeleteFile Arbitrary File Deletion || bugtraq,33842 || url,xforce.iss.net/xforce/xfdb/48837 || url,doc.emergingthreats.net/2009184
1 || 2009185 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS A Better Member-Based ASP Photo Gallery view.asp entry parameter SQL injection || bugtraq,33693 || url,milw0rm.com/exploits/8012 || url,doc.emergingthreats.net/2009185
1 || 2009186 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Auto Listings Script moreinfo.php itemno Parameter SQL Injection || bugtraq,32131 || url,milw0rm.com/exploits/7003 || url,doc.emergingthreats.net/2009186
1 || 2009187 || 7 || web-application-attack || 0 || ET ACTIVEX iDefense COMRaider ActiveX Control Arbitrary File Deletion || bugtraq,33867 || bugtraq,33942 || url,doc.emergingthreats.net/2009187
1 || 2009188 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gapicms toolbar.php dirDepth Parameter Remote File Inclusion || url,vupen.com/english/advisories/2008/2059 || url,milw0rm.com/exploits/6036 || url,doc.emergingthreats.net/2009188
1 || 2009190 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YACS update_trailer.php context Parameter Remote File Inclusion || url,milw0rm.com/exploits/8066 || url,secunia.com/advisories/33959/ || url,doc.emergingthreats.net/2009190
1 || 2009191 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YACS update_trailer.php context Parameter Local File Inclusion || url,milw0rm.com/exploits/8066 || url,secunia.com/advisories/33959/ || url,doc.emergingthreats.net/2009191
1 || 2009192 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Faethon info.php item Parameter SQL Injection || bugtraq,33775 || url,milw0rm.com/exploits/8054 || url,doc.emergingthreats.net/2009192
1 || 2009194 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X7 Chat mini.php help_file Parameter Local File Inclusion || url,milw0rm.com/exploits/6592 || bugtraq,31460 || url,doc.emergingthreats.net/2009194
1 || 2009195 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Basebuilder main.inc.php mj_config Parameter Local File Inclusion || url,secunia.com/advisories/31947/ || url,milw0rm.com/exploits/6533 || url,doc.emergingthreats.net/2009195
1 || 2009196 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Basebuilder main.inc.php mj_config Parameter Remote File inclusion || url,secunia.com/advisories/31947/ || url,milw0rm.com/exploits/6533 || url,doc.emergingthreats.net/2009196
1 || 2009198 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kalptaru Infotech Product Sale Framework customer.forumtopic.php forum_topic_id parameter SQL Injection || cve,2008-5590 || bugtraq,32672 || url,www.exploit-db.com/exploits/7368/ || url,doc.emergingthreats.net/2009198
1 || 2009199 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Script Toko Online shop_display_products.php cat_id Parameter SQL Injection || cve,CVE-2009-0296 || url,secunia.com/advisories/33661/ || url,milw0rm.com/exploits/7873 || url,doc.emergingthreats.net/2009199
1 || 2009200 || 6 || trojan-activity || 0 || ET TROJAN Conficker.a Shellcode || url,www.honeynet.org/node/388 || url,doc.emergingthreats.net/2009200
1 || 2009201 || 6 || trojan-activity || 0 || ET TROJAN Conficker.b Shellcode || url,www.honeynet.org/node/388 || url,doc.emergingthreats.net/2009201
1 || 2009202 || 8 || trojan-activity || 0 || ET DELETED GhostNet Trojan Reporting || url,www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network || url,doc.emergingthreats.net/2009202
1 || 2009203 || 5 || trojan-activity || 0 || ET TROJAN Alman Dropper Checkin || url,doc.emergingthreats.net/2009203
1 || 2009204 || 7 || trojan-activity || 0 || ET TROJAN Crypt.CFI.Gen Checkin || url,doc.emergingthreats.net/2009204
1 || 2009205 || 5 || trojan-activity || 0 || ET TROJAN Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 1) || url,mtc.sri.com/Conficker/addendumC/ || url,doc.emergingthreats.net/2009205
1 || 2009206 || 4 || trojan-activity || 0 || ET TROJAN Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4) || url,mtc.sri.com/Conficker/addendumC/ || url,doc.emergingthreats.net/2009206
1 || 2009207 || 4 || trojan-activity || 0 || ET TROJAN Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5) || url,mtc.sri.com/Conficker/addendumC/ || url,doc.emergingthreats.net/2009207
1 || 2009208 || 4 || trojan-activity || 0 || ET TROJAN Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16) || url,mtc.sri.com/Conficker/addendumC/ || url,doc.emergingthreats.net/2009208
1 || 2009209 || 5 || trojan-activity || 0 || ET TROJAN Rogue A/V Win32/FakeXPA GET Request || url,doc.emergingthreats.net/2009209
1 || 2009210 || 3 || trojan-activity || 0 || ET ATTACK_RESPONSE Unusual FTP Server Banner (fuckFtpd) || url,doc.emergingthreats.net/2009210
1 || 2009211 || 3 || trojan-activity || 0 || ET ATTACK_RESPONSE Unusual FTP Server Banner (NzmxFtpd) || url,doc.emergingthreats.net/2009211
1 || 2009212 || 5 || trojan-activity || 0 || ET TROJAN Zbot/Zeus Dropper Infection - /check || url,doc.emergingthreats.net/2009212
1 || 2009213 || 6 || trojan-activity || 0 || ET TROJAN Zbot/Zeus Dropper Infection - /loads.php || url,doc.emergingthreats.net/2009213
1 || 2009215 || 5 || trojan-activity || 0 || ET TROJAN Farfli HTTP Checkin Activity || url,www.virustotal.com/analisis/3b532a7bf7850483882024652f6c8a8b || url,doc.emergingthreats.net/2009215
1 || 2009216 || 7 || attempted-admin || 0 || ET DELETED Oracle WebLogic IIS connector JSESSIONID Remote Overflow Exploit || cve,2008-5457 || url,infosec20.blogspot.com/2009/04/oracle-weblogic-iis-remote-buffer.html || url,doc.emergingthreats.net/2009216
1 || 2009217 || 6 || attempted-admin || 0 || ET SCAN Tomcat admin-admin login credentials || url,tomcat.apache.org || url,doc.emergingthreats.net/2009217
1 || 2009218 || 7 || attempted-admin || 0 || ET SCAN Tomcat admin-blank login credentials || url,tomcat.apache.org || url,doc.emergingthreats.net/2009218
1 || 2009219 || 3 || successful-admin || 0 || ET SCAN Tomcat Successful default credential login from external source || url,tomcat.apache.org || url,doc.emergingthreats.net/2009219
1 || 2009220 || 4 || successful-admin || 0 || ET SCAN Tomcat upload from external source || url,tomcat.apache.org || url,doc.emergingthreats.net/2009220
1 || 2009222 || 7 || trojan-activity || 0 || ET MALWARE NewWeb User-Agent (Lobo Lunar) || url,doc.emergingthreats.net/2009222
1 || 2009223 || 8 || trojan-activity || 0 || ET TROJAN Fake AV Downloader.Onestage/FakeAlert.ZR User-Agent (AV1) || md5,208e5551efce47ac6c95691715c12e46 || md5,735dff747d0c7ce74dde31547b2b5750 || md5,a84a144677a786c6855fd4899d024948
1 || 2009224 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ea-gBook index_inc.php inc_ordner parameter local file inclusion || url,secunia.com/advisories/33927/ || bugtraq,33774 || url,milw0rm.com/exploits/8052 || url,doc.emergingthreats.net/2009224
1 || 2009225 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ea-gBook index_inc.php inc_ordner parameter remote file inclusion || url,secunia.com/advisories/33927/ || bugtraq,33774 || url,milw0rm.com/exploits/8052 || url,doc.emergingthreats.net/2009225
1 || 2009226 || 8 || web-application-attack || 0 || ET ACTIVEX Sopcast SopCore ActiveX Control Remote Code Execution || bugtraq,33920 || url,packetstorm.linuxsecurity.com/0902-exploits/9sg_sopcastia.txt || url,doc.emergingthreats.net/2009226
1 || 2009227 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eFiction toplists.php list Parameter SQL Injection || url,secunia.com/advisories/30606/ || url,milw0rm.com/exploits/5785 || url,doc.emergingthreats.net/2009227
1 || 2009228 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AlstraSoft Video Share Enterprise album.php UID Parameter SQL Injection || cve,CVE-2008-3386 || url,www.milw0rm.com/exploits/6092 || url,secunia.com/advisories/31134/ || url,doc.emergingthreats.net/2009228
1 || 2009229 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TECHNOTE shop_this_skin_path Paramter Remote File Inclusion || url,secunia.com/advisories/33732/ || cve,CVE-2009-0441 || url,milw0rm.com/exploits/7965 || url,doc.emergingthreats.net/2009229
1 || 2009230 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TECHNOTE shop_this_skin_path Paramter Local File Inclusion || url,secunia.com/advisories/33732/ || cve,CVE-2009-0441 || url,milw0rm.com/exploits/7965 || url,doc.emergingthreats.net/2009230
1 || 2009231 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hedgehog CMS header.php c_temp_path Local File Inclusion || cve,CVE-2008-2898 || url,secunia.com/advisories/30778/ || url,milw0rm.com/exploits/5904 || url,doc.emergingthreats.net/2009231
1 || 2009232 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hedgehog CMS footer.php c_temp_path Remote File Inclusion || cve,CVE-2008-2898 || url,secunia.com/advisories/30778/ || url,milw0rm.com/exploits/8028 || url,doc.emergingthreats.net/2009232
1 || 2009233 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hedgehog CMS header.php c_temp_path Remote File Inclusion || cve,CVE-2008-2898 || url,secunia.com/advisories/30778/ || url,milw0rm.com/exploits/5904 || url,doc.emergingthreats.net/2009233
1 || 2009234 || 5 || policy-violation || 0 || ET MALWARE Adware-Mirar Reporting (BAR) || url,doc.emergingthreats.net/2009234
1 || 2009235 || 5 || trojan-activity || 0 || ET TROJAN PWSteal.Bancos Generic Banker Trojan SCR Download || url,www.symantec.com/security_response/writeup.jsp?docid=2005-050210-0214-99&tabid=2 || url,www.packetninjas.net || url,doc.emergingthreats.net/2009235
1 || 2009236 || 9 || trojan-activity || 0 || ET MALWARE Pigeon.AYX/AVKill Related User-Agent (CTTBasic) || url,doc.emergingthreats.net/2009236
1 || 2009238 || 2 || trojan-activity || 0 || ET TROJAN PcClient Backdoor Checkin Packet 1 || url,doc.emergingthreats.net/2009238
1 || 2009239 || 2 || trojan-activity || 0 || ET TROJAN PcClient Backdoor Checkin || url,doc.emergingthreats.net/2009239
1 || 2009240 || 8 || trojan-activity || 0 || ET TROJAN General Win32 Backdoor Checkin POST Packet 1 || url,doc.emergingthreats.net/2009240
1 || 2009241 || 6 || trojan-activity || 0 || ET TROJAN General Win32 Backdoor Checkin POST || url,doc.emergingthreats.net/2009241
1 || 2009242 || 3 || trojan-activity || 0 || ET TROJAN LDPinch Reporting infection via Email || url,doc.emergingthreats.net/2009242
1 || 2009243 || 2 || bad-unknown || 0 || ET POLICY HSRP Active Router Changed || url,packetlife.net/blog/2008/oct/27/hijacking-hsrp/ || url,doc.emergingthreats.net/2009243
1 || 2009244 || 2 || bad-unknown || 0 || ET ATTACK_RESPONSE Cisco TclShell TFTP Read Request || url,wwww.irmplc.com/downloads/whitepapers/Creating_Backdoors_in_Cisco_IOS_using_Tcl.pdf || url,doc.emergingthreats.net/2009244
1 || 2009245 || 2 || bad-unknown || 0 || ET ATTACK_RESPONSE Cisco TclShell TFTP Download || url,wwww.irmplc.com/downloads/whitepapers/Creating_Backdoors_in_Cisco_IOS_using_Tcl.pdf || url,doc.emergingthreats.net/2009245
1 || 2009246 || 3 || shellcode-detect || 0 || ET SHELLCODE Bindshell2 Decoder Shellcode || url,doc.emergingthreats.net/2009246
1 || 2009247 || 3 || shellcode-detect || 0 || ET SHELLCODE Rothenburg Shellcode || url,doc.emergingthreats.net/2009247
1 || 2009248 || 3 || shellcode-detect || 0 || ET SHELLCODE Lindau (linkbot) xor Decoder Shellcode || url,doc.emergingthreats.net/2009248
1 || 2009249 || 3 || shellcode-detect || 0 || ET SHELLCODE Adenau Shellcode || url,doc.emergingthreats.net/2009249
1 || 2009250 || 3 || shellcode-detect || 0 || ET SHELLCODE Mainz/Bielefeld Shellcode || url,doc.emergingthreats.net/2009250
1 || 2009251 || 3 || shellcode-detect || 0 || ET SHELLCODE Wuerzburg Shellcode || url,doc.emergingthreats.net/2009251
1 || 2009252 || 3 || shellcode-detect || 0 || ET SHELLCODE Schauenburg Shellcode || url,doc.emergingthreats.net/2009252
1 || 2009253 || 3 || shellcode-detect || 0 || ET SHELLCODE Koeln Shellcode || url,doc.emergingthreats.net/2009253
1 || 2009254 || 3 || shellcode-detect || 0 || ET SHELLCODE Lichtenfels Shellcode || url,doc.emergingthreats.net/2009254
1 || 2009255 || 3 || shellcode-detect || 0 || ET SHELLCODE Mannheim Shellcode || url,doc.emergingthreats.net/2009255
1 || 2009256 || 3 || shellcode-detect || 0 || ET SHELLCODE Berlin Shellcode || url,doc.emergingthreats.net/2009256
1 || 2009257 || 3 || shellcode-detect || 0 || ET SHELLCODE Leimbach Shellcode || url,doc.emergingthreats.net/2009257
1 || 2009258 || 3 || shellcode-detect || 0 || ET SHELLCODE Aachen Shellcode || url,doc.emergingthreats.net/2009258
1 || 2009259 || 3 || shellcode-detect || 0 || ET SHELLCODE Furth Shellcode || url,doc.emergingthreats.net/2009259
1 || 2009260 || 3 || shellcode-detect || 0 || ET SHELLCODE Langenfeld Shellcode || url,doc.emergingthreats.net/2009260
1 || 2009261 || 3 || shellcode-detect || 0 || ET SHELLCODE Bonn Shellcode || url,doc.emergingthreats.net/2009261
1 || 2009262 || 3 || shellcode-detect || 0 || ET SHELLCODE Siegburg Shellcode || url,doc.emergingthreats.net/2009262
1 || 2009263 || 3 || shellcode-detect || 0 || ET SHELLCODE Plain1 Shellcode || url,doc.emergingthreats.net/2009263
1 || 2009264 || 3 || shellcode-detect || 0 || ET SHELLCODE Plain2 Shellcode || url,doc.emergingthreats.net/2009264
1 || 2009265 || 3 || shellcode-detect || 0 || ET SHELLCODE Bindshell1 Decoder Shellcode || url,doc.emergingthreats.net/2009265
1 || 2009266 || 2 || shellcode-detect || 0 || ET SHELLCODE Bindshell1 Decoder Shellcode (UDP) || url,doc.emergingthreats.net/2009266
1 || 2009267 || 2 || shellcode-detect || 0 || ET SHELLCODE Plain2 Shellcode (UDP) || url,doc.emergingthreats.net/2009267
1 || 2009268 || 2 || shellcode-detect || 0 || ET SHELLCODE Plain1 Shellcode (UDP) || url,doc.emergingthreats.net/2009268
1 || 2009269 || 2 || shellcode-detect || 0 || ET SHELLCODE Siegburg Shellcode (UDP) || url,doc.emergingthreats.net/2009269
1 || 2009270 || 2 || shellcode-detect || 0 || ET SHELLCODE Bonn Shellcode (UDP) || url,doc.emergingthreats.net/2009270
1 || 2009271 || 2 || shellcode-detect || 0 || ET SHELLCODE Langenfeld Shellcode (UDP) || url,doc.emergingthreats.net/2009271
1 || 2009272 || 2 || shellcode-detect || 0 || ET SHELLCODE Furth Shellcode (UDP) || url,doc.emergingthreats.net/2009272
1 || 2009273 || 2 || shellcode-detect || 0 || ET SHELLCODE Aachen Shellcode (UDP) || url,doc.emergingthreats.net/2009273
1 || 2009274 || 2 || shellcode-detect || 0 || ET SHELLCODE Leimbach Shellcode (UDP) || url,doc.emergingthreats.net/2009274
1 || 2009275 || 2 || shellcode-detect || 0 || ET SHELLCODE Berlin Shellcode (UDP) || url,doc.emergingthreats.net/2009275
1 || 2009276 || 2 || shellcode-detect || 0 || ET SHELLCODE Mannheim Shellcode (UDP) || url,doc.emergingthreats.net/2009276
1 || 2009277 || 2 || shellcode-detect || 0 || ET SHELLCODE Lichtenfels Shellcode (UDP) || url,doc.emergingthreats.net/2009277
1 || 2009278 || 2 || shellcode-detect || 0 || ET SHELLCODE Koeln Shellcode (UDP) || url,doc.emergingthreats.net/2009278
1 || 2009279 || 2 || shellcode-detect || 0 || ET SHELLCODE Schauenburg Shellcode (UDP) || url,doc.emergingthreats.net/2009279
1 || 2009280 || 2 || shellcode-detect || 0 || ET SHELLCODE Wuerzburg Shellcode (UDP) || url,doc.emergingthreats.net/2009280
1 || 2009281 || 2 || shellcode-detect || 0 || ET SHELLCODE Mainz/Bielefeld Shellcode (UDP) || url,doc.emergingthreats.net/2009281
1 || 2009282 || 2 || shellcode-detect || 0 || ET SHELLCODE Adenau Shellcode (UDP) || url,doc.emergingthreats.net/2009282
1 || 2009283 || 2 || shellcode-detect || 0 || ET SHELLCODE Lindau (linkbot) xor Decoder Shellcode (UDP) || url,doc.emergingthreats.net/2009283
1 || 2009284 || 2 || shellcode-detect || 0 || ET SHELLCODE Rothenburg Shellcode (UDP) || url,doc.emergingthreats.net/2009284
1 || 2009285 || 2 || shellcode-detect || 0 || ET SHELLCODE Bindshell2 Decoder Shellcode (UDP) || url,doc.emergingthreats.net/2009285
1 || 2009286 || 3 || bad-unknown || 0 || ET SCAN Modbus Scanning detected || url,code.google.com/p/modscan/ || url,www.rtaautomation.com/modbustcp/ || url,doc.emergingthreats.net/2009286
1 || 2009287 || 7 || trojan-activity || 0 || ET TROJAN CoreFlooder C&C Checkin (2) || url,doc.emergingthreats.net/2009287
1 || 2009288 || 56 || web-application-attack || 0 || ET WEB_SERVER Attack Tool Revolt Scanner || url,www.Whitehatsecurityresponse.blogspot.com || url,doc.emergingthreats.net/2009288
1 || 2009289 || 6 || trojan-activity || 0 || ET MALWARE No-ad.co.kr Fake AV Related User-Agent (U2Clean) || url,doc.emergingthreats.net/2009289
1 || 2009290 || 2 || trojan-activity || 0 || ET DELETED Possible Hupigon Connect || url,doc.emergingthreats.net/2009290
1 || 2009291 || 2 || trojan-activity || 0 || ET DELETED Hupigon CnC Client Status || url,doc.emergingthreats.net/2009291
1 || 2009292 || 2 || trojan-activity || 0 || ET DELETED Hupigon CnC Server Response || url,doc.emergingthreats.net/2009292
1 || 2009293 || 1 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (15 digit spaced 2) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2009293
1 || 2009294 || 1 || policy-violation || 0 || ET POLICY Credit Card Number Detected in Clear (15 digit dashed 2) || url,www.beachnet.com/~hstiles/cardtype.html || url,doc.emergingthreats.net/2009294
1 || 2009295 || 9 || trojan-activity || 0 || ET USER_AGENTS Suspicious Mozilla User-Agent Likely Fake (Mozilla/5.0) || url,doc.emergingthreats.net/2009295
1 || 2009296 || 6 || trojan-activity || 0 || ET TROJAN Banker/Banbra Related HTTP Post-infection Checkin || url,doc.emergingthreats.net/2009296
1 || 2009297 || 6 || trojan-activity || 0 || ET TROJAN Boaxxe HTTP POST Checkin || url,doc.emergingthreats.net/2009297
1 || 2009298 || 3 || attempted-recon || 0 || ET SCAN Port Unreachable Response to Xprobe2 OS Fingerprint Scan || url,xprobe.sourceforge.net/ || url,doc.emergingthreats.net/2009298
1 || 2009299 || 6 || trojan-activity || 0 || ET TROJAN General Trojan Downloader || url,doc.emergingthreats.net/2009299
1 || 2009300 || 6 || trojan-activity || 0 || ET TROJAN Small.zon checkin || url,doc.emergingthreats.net/2009300
1 || 2009301 || 6 || policy-violation || 0 || ET DELETED Megaupload file download service access || url,doc.emergingthreats.net/2009301
1 || 2009302 || 7 || policy-violation || 0 || ET POLICY Badongo file download service access || url,doc.emergingthreats.net/2009302
1 || 2009303 || 4 || policy-violation || 0 || ET POLICY MediaFire file download service access || url,doc.emergingthreats.net/2009303
1 || 2009304 || 4 || policy-violation || 0 || ET POLICY Gigasize file download service access || url,doc.emergingthreats.net/2009304
1 || 2009305 || 6 || trojan-activity || 0 || ET DELETED Adware.AdzgaloreBiz/AdRotator!IK Install/Checkin || url,www.threatexpert.com/report.aspx?md5=1ca433d3f5538fda49c5defb59232f9d || url,doc.emergingthreats.net/2009305
1 || 2009306 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid cron.php include_path Parameter Local File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009306
1 || 2009307 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid cron.php include_path Parameter Remote File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009307
1 || 2009308 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid ST_browsers.php include_path Parameter Local File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009308
1 || 2009309 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid ST_browsers.php include_path Parameter Remote File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009309
1 || 2009310 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid ST_countries.php include_path Parameter Local File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009310
1 || 2009311 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid ST_countries.php include_path Parameter Remote File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009311
1 || 2009312 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid ST_platforms.php include_path Parameter Local File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009312
1 || 2009313 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid ST_platforms.php include_path Parameter Remote File Inclusion || url,milw0rm.com/exploits/8195 || bugtraq,34074 || url,doc.emergingthreats.net/2009313
1 || 2009314 || 9 || web-application-attack || 0 || ET ACTIVEX Orbit Downloader ActiveX Control Arbitrary File Delete || bugtraq,34200 || url,milw0rm.com/exploits/8257 || url,doc.emergingthreats.net/2009314
1 || 2009315 || 8 || web-application-attack || 0 || ET ACTIVEX PrecisionID Datamatrix ActiveX control Arbitrary File Overwrite || url,milw0rm.com/exploits/8332 || url,securityfocus.com/archive/1/502319 || url,doc.emergingthreats.net/2009315
1 || 2009316 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YapBB class_yapbbcooker.php cfgIncludeDirectory Parameter Remote File Inclusion || bugtraq,30686 || url,doc.emergingthreats.net/2009316
1 || 2009317 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DesktopOnNet don3_requiem.php app_path Parameter Remote File Inclusion || cve,2008-2649 || url,xforce.iss.net/xforce/xfdb/42790 || url,milw0rm.com/exploits/5715 || url,doc.emergingthreats.net/2009317
1 || 2009318 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DesktopOnNet frontpage.php app_path Parameter Remote File Inclusion || cve,2008-2649 || url,xforce.iss.net/xforce/xfdb/42790 || url,milw0rm.com/exploits/5715 || url,doc.emergingthreats.net/2009318
1 || 2009319 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DeZine DZcms products.php pcat parameter SQL injection || bugtraq,33194 || url,milw0rm.com/exploits/7722 || url,doc.emergingthreats.net/2009319
1 || 2009320 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS rgboard _footer.php skin_path parameter local file inclusion || bugtraq,33621 || url,milw0rm.com/exploits/7978 || url,doc.emergingthreats.net/2009320
1 || 2009321 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS rgboard footer.php _path parameter remote file inclusion || bugtraq,33621 || url,milw0rm.com/exploits/7978 || url,doc.emergingthreats.net/2009321
1 || 2009322 || 7 || web-application-attack || 0 || ET ACTIVEX SupportSoft DNA Editor Module ActiveX Control Insecure Method Remote Code Execution || bugtraq,34004 || url,milw0rm.com/exploits/8160 || url,doc.emergingthreats.net/2009322
1 || 2009323 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Demium CMS tracking.php follow_kat Parameter SQL Injection || bugtraq,33933 || url,milw0rm.com/exploits/8124 || url,doc.emergingthreats.net/2009323
1 || 2009324 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Demium CMS urheber.php name Parameter Local File Inclusion || bugtraq,33933 || url,milw0rm.com/exploits/8124 || url,doc.emergingthreats.net/2009324
1 || 2009325 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phPortal gunaysoft.php icerikyolu Parameter Remote File Inclusion || bugtraq,30064 || cve,CVE-2008-3022 || url,xforce.iss.net/xforce/xfdb/43569 || url,doc.emergingthreats.net/2009325
1 || 2009326 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phPortal gunaysoft.php sayfaid Parameter Remote File Inclusion || bugtraq,30064 || cve,CVE-2008-3022 || url,xforce.iss.net/xforce/xfdb/43569 || url,doc.emergingthreats.net/2009326
1 || 2009327 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phPortal gunaysoft.php uzanti Parameter Remote File Inclusion || bugtraq,30064 || cve,CVE-2008-3022 || url,xforce.iss.net/xforce/xfdb/43569 || url,doc.emergingthreats.net/2009327
1 || 2009328 || 8 || web-application-attack || 0 || ET ACTIVEX GeoVision LiveAudio ActiveX Control Remote Code Execution || bugtraq,34115 || url,milw0rm.com/exploits/8206 || url,doc.emergingthreats.net/2009328
1 || 2009329 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ZABBIX locales.php srclang Parameter Local File Inclusion || url,secunia.com/advisories/34091/ || url,milw0rm.com/exploits/8140 || bugtraq,33965 || url,doc.emergingthreats.net/2009329
1 || 2009330 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyForum centre.php padmin Parameter Local File Inclusion || url,vupen.com/english/advisories/2008/2938 || url,www.exploit-db.com/exploits/6846/ || url,doc.emergingthreats.net/2009330
1 || 2009331 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS tinyCMS templater.php Local File Inclusion || url,milw0rm.com/exploits/6287 || bugtraq,30785 || url,doc.emergingthreats.net/2009331
1 || 2009332 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ODARS resource_categories_view.php CLASSES_ROOT parameter local file inclusion || url,secunia.com/advisories/30784/ || url,milw0rm.com/exploits/5906 || url,doc.emergingthreats.net/2009332
1 || 2009333 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ODARS resource_categories_view.php CLASSES_ROOT parameter Remote file inclusion || url,secunia.com/advisories/30784/ || url,milw0rm.com/exploits/5906 || url,doc.emergingthreats.net/2009333
1 || 2009334 || 30 || web-application-attack || 0 || ET ACTIVEX Morovia Barcode ActiveX Control Arbitrary File Overwrite || url,milw0rm.com/exploits/8208 || bugtraq,23934 || url,doc.emergingthreats.net/2009334
1 || 2009335 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS nicLOR CMS-School showarticle.php aID Parameter SQL Injection || bugtraq,32112 || url,milw0rm.com/exploits/6982 || url,xforce.iss.net/xforce/xfdb/46330 || url,doc.emergingthreats.net/2009335
1 || 2009345 || 8 || attempted-recon || 0 || ET ATTACK_RESPONSE HTTP 401 Unauthorized || url,doc.emergingthreats.net/2009345
1 || 2009346 || 9 || attempted-recon || 0 || ET ATTACK_RESPONSE Frequent HTTP 401 Unauthorized - Possible Brute Force Attack || url,doc.emergingthreats.net/2009346
1 || 2009347 || 6 || trojan-activity || 0 || ET TROJAN Tigger.a/Syzor Checkin || url,doc.emergingthreats.net/2009347
1 || 2009349 || 6 || trojan-activity || 0 || ET TROJAN Metafisher/Bzub/Cimuz/Tanspy Reporting User Activity || url,doc.emergingthreats.net/2009349
1 || 2009350 || 4 || trojan-activity || 0 || ET TROJAN Win32.Hupigon Control Server Response || url,doc.emergingthreats.net/2009350
1 || 2009351 || 8 || trojan-activity || 0 || ET TROJAN Urlzone/Bebloh Communication with Controller || url,threatinfo.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_BEBLOH.KO&VSect=Td || url,doc.emergingthreats.net/2009351
1 || 2009353 || 9 || trojan-activity || 0 || ET TROJAN Bredolab Downloader Communicating With Controller (1) || url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B || url,doc.emergingthreats.net/2009353
1 || 2009354 || 9 || trojan-activity || 0 || ET TROJAN Bredolab Downloader Communicating With Controller (2) || url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B || url,doc.emergingthreats.net/2009354
1 || 2009355 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (runUpdater.html) || url,doc.emergingthreats.net/2009355
1 || 2009356 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (runPatch.html) || url,doc.emergingthreats.net/2009356
1 || 2009358 || 5 || web-application-attack || 0 || ET SCAN Nmap Scripting Engine User-Agent Detected (Nmap Scripting Engine) || url,doc.emergingthreats.net/2009358
1 || 2009359 || 3 || web-application-attack || 0 || ET SCAN Nmap Scripting Engine User-Agent Detected (Nmap NSE) || url,doc.emergingthreats.net/2009359
1 || 2009360 || 10 || trojan-activity || 0 || ET TROJAN Bredolab Check In || url,www.martinsecurity.net/2009/05/20/inside-the-massive-gumblar-attacka-dentro-del-enorme-ataque-gumblar/ || url,doc.emergingthreats.net/2009360
1 || 2009361 || 5 || attempted-recon || 0 || ET WEB_SERVER cmd.exe In URI - Possible Command Execution Attempt || url,doc.emergingthreats.net/2009361
1 || 2009362 || 5 || attempted-recon || 0 || ET WEB_SERVER /system32/ in Uri - Possible Protected Directory Access Attempt || url,doc.emergingthreats.net/2009362
1 || 2009363 || 6 || attempted-admin || 0 || ET WEB_SERVER Suspicious Chmod Usage in URI || url,doc.emergingthreats.net/2009363
1 || 2009364 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Beerwins PHPLinkAdmin linkadmin.php page Parameter Remote File Inclusion || url,milw0rm.com/exploits/8216 || bugtraq,34129 || url,doc.emergingthreats.net/2009364
1 || 2009365 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Beerwins PHPLinkAdmin edlink.php linkid Parameter SQL Injection || url,milw0rm.com/exploits/8216 || bugtraq,34129 || url,doc.emergingthreats.net/2009365
1 || 2009366 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasySiteNetwork Riddles Complete Website riddle.php riddleid Parameter SQL Injection || bugtraq,29966 || url,milw0rm.com/exploits/5946 || url,doc.emergingthreats.net/2009366
1 || 2009367 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cmsWorks lib.module.php mod_root Parameter Remote File Inclusion || url,milw0rm.com/exploits/5921 || bugtraq,29914 || url,doc.emergingthreats.net/2009367
1 || 2009368 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DeluxeBB misc.php qorder Parameter SQL Injection || bugtraq,34174 || url,milw0rm.com/exploits/8240 || url,doc.emergingthreats.net/2009368
1 || 2009369 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Simple RSS Reader admin.rssreader.php mosConfig_live_site Parameter Remote File Inclusion || url,vupen.com/english/advisories/2008/3119 || bugtraq,32265 || url,www.exploit-db.com/exploits/7096/ || url,doc.emergingthreats.net/2009369
1 || 2009370 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Boonex Dolphin HTMLSax3.php Remote File Inclusion || url,milw0rm.com/exploits/6024 || bugtraq,30136 || url,doc.emergingthreats.net/2009370
1 || 2009371 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Boonex Dolphin safehtml.php Remote File Inclusion || url,milw0rm.com/exploits/6024 || bugtraq,30136 || url,doc.emergingthreats.net/2009371
1 || 2009372 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Boonex Dolphin content.inc.php Remote File Inclusion || url,milw0rm.com/exploits/6024 || bugtraq,30136 || url,doc.emergingthreats.net/2009372
1 || 2009373 || 8 || web-application-attack || 0 || ET ACTIVEX Symantec Norton Ghost EasySetupInt.dll ActiveX Multiple Remote Denial of Service || url,milw0rm.com/exploits/8523 || bugtraq,34696 || url,doc.emergingthreats.net/2009373
1 || 2009374 || 10 || trojan-activity || 0 || ET TROJAN Virut Counter/Check-in  || url,www.threatexpert.com/reports.aspx?find=ipk8888.cn&x=0&y=0 || url,doc.emergingthreats.net/2009374
1 || 2009375 || 3 || policy-violation || 0 || ET CHAT General MSN Chat Activity || url,www.hypothetic.org/docs/msn/general/http_examples.php || url,doc.emergingthreats.net/2009375
1 || 2009376 || 5 || policy-violation || 0 || ET CHAT MSN User-Agent Activity || url,www.hypothetic.org/docs/msn/general/http_examples.php || url,doc.emergingthreats.net/2009376
1 || 2009377 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Acute Control Panel container.php theme_directory parameter local file inclusion || url,secunia.com/advisories/34485/ || bugtraq,34265 || url,milw0rm.com/exploits/8291 || url,doc.emergingthreats.net/2009377
1 || 2009378 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Acute Control Panel container.php theme_directory parameter remote file inclusion || url,secunia.com/advisories/34485/ || bugtraq,34265 || url,milw0rm.com/exploits/8291 || url,doc.emergingthreats.net/2009378
1 || 2009379 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Acute Control Panel header.php theme_directory parameter remote file inclusion || url,secunia.com/advisories/34485/ || bugtraq,34265 || url,milw0rm.com/exploits/8291 || url,doc.emergingthreats.net/2009379
1 || 2009380 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Acute Control Panel header.php theme_directory parameter local file inclusion || url,secunia.com/advisories/34485/ || bugtraq,34265 || url,milw0rm.com/exploits/8291 || url,doc.emergingthreats.net/2009380
1 || 2009381 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interact embedforum.php Remote File Inclusion || url,milw0rm.com/exploits/5526 || bugtraq,28996 || url,doc.emergingthreats.net/2009381
1 || 2009382 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Agares Media ThemeSiteScript frontpage_right.php Remote File Inclusion || bugtraq,31959 || url,milw0rm.com/exploits/6859 || url,vupen.com/english/advisories/2008/2959 || url,doc.emergingthreats.net/2009382
1 || 2009383 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Dada Mail Manager Component config.dadamail.php GLOBALS Parameter Local File Inclusion || url,secunia.com/advisories/32551 || bugtraq,32135 || url,www.exploit-db.com/exploits/7002/ || url,doc.emergingthreats.net/2009383
1 || 2009384 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Dada Mail Manager Component config.dadamail.php GLOBALS Parameter Remote File Inclusion || url,secunia.com/advisories/32551 || bugtraq,32135 || url,www.exploit-db.com/exploits/7002/ || url,doc.emergingthreats.net/2009384
1 || 2009385 || 7 || web-application-attack || 0 || ET ACTIVEX Symantec WinFax Pro DCCFAXVW.DLL Heap Buffer Overflow || bugtraq,34766 || url,milw0rm.com/exploits/8562 || url,doc.emergingthreats.net/2009385
1 || 2009386 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interact lib.inc.php Remote File Inclusion || url,milw0rm.com/exploits/5526 || bugtraq,28996 || url,doc.emergingthreats.net/2009386
1 || 2009387 || 4 || attempted-admin || 0 || ET POLICY PPTP Requester is not authorized to establish a command channel || url,tools.ietf.org/html/rfc2637 || url,doc.emergingthreats.net/2009387 || url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-June/002705.html
1 || 2009388 || 5 || trojan-activity || 0 || ET TROJAN Bredolab Downloader Response Binaries from Controller || url,www.microsoft.com/security/portal/Entry.aspx?Name=TrojanDownloader%3aWin32/Bredolab.B || url,doc.emergingthreats.net/2009388
1 || 2009389 || 9 || trojan-activity || 0 || ET DELETED Tornado Pack Binary Request || url,dxp2532.blogspot.com/2009/05/tornado-exploit-pack.html
1 || 2009390 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPizabi dac.php sendChatData Parameter Local File Inclusion || url,milw0rm.com/exploits/8268 || bugtraq,34213 || url,doc.emergingthreats.net/2009390
1 || 2009391 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Onguma Time Sheet Component onguma.class.php mosConfig_absolute_path Parameter Remote File Inclusion || bugtraq,32095 || cve,CVE-2008-6347 || url,www.exploit-db.com/exploits/6976/ || url,doc.emergingthreats.net/2009391
1 || 2009393 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YouTube Blog cuerpo.php base_archivo Local File Inclusion || url,milw0rm.com/exploits/6117 || bugtraq,30345 || url,secunia.com/advisories/31161 || url,doc.emergingthreats.net/2009393
1 || 2009394 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GDL gdl.php node Parameter SQL Injection || bugtraq,34144 || url,milw0rm.com/exploits/8228 || url,doc.emergingthreats.net/2009394
1 || 2009395 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OTManager ADM_Pagina.php Tipo Remote File Inclusion || cve,CVE-2008-5063 || url,vupen.com/english/advisories/2008/3093 || url,secunia.com/advisories/32645 || url,doc.emergingthreats.net/2009395
1 || 2009396 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OTManager ADM_Pagina.php Tipo Local File Inclusion || cve,CVE-2008-5063 || url,vupen.com/english/advisories/2008/3093 || url,secunia.com/advisories/32645 || url,doc.emergingthreats.net/2009396
1 || 2009397 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpProfiles body_comm.inc.php content parameter remote file inclusion || bugtraq,27952 || url,milw0rm.com/exploits/5175 || url,doc.emergingthreats.net/2009397
1 || 2009398 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HoMaP plugin_admin.php _settings Parameter Remote File Inclusion || url,milw0rm.com/exploits/5902 || bugtraq,29877 || url,doc.emergingthreats.net/2009398
1 || 2009399 || 8 || web-application-attack || 0 || ET ACTIVEX Autodesk IDrop Indicator ActiveX Control Memory Corruption || url,secunia.com/advisories/34563/ || url,archives.neohapsis.com/archives/fulldisclosure/2009-04/0020.html || url,vupen.com/english/advisories/2009/0942 || url,milw0rm.com/exploits/8560 || url,doc.emergingthreats.net/2009399
1 || 2009400 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft Communications Control Clsid Access || url,www.microsoft.com/technet/security/advisory/969898.mspx || url,doc.emergingthreats.net/2009400
1 || 2009401 || 26 || attempted-user || 0 || ET ACTIVEX Microgaming FlashXControl Control Clsid Access || url,www.microsoft.com/technet/security/advisory/969898.mspx || url,www.microgaming.co.uk/news_flashxcontrol.php || url,doc.emergingthreats.net/2009401
1 || 2009402 || 9 || attempted-user || 0 || ET ACTIVEX eBay Enhanced Picture Services Control Clsid Access (1) || url,www.kb.cert.org/vuls/id/983731 || url,www.microsoft.com/technet/security/advisory/969898.mspx || url,pages.ebay.com/securitycenter/activex/index.html || url,doc.emergingthreats.net/2009402
1 || 2009403 || 9 || attempted-user || 0 || ET ACTIVEX eBay Enhanced Picture Services Control Clsid Access (2) || url,www.kb.cert.org/vuls/id/983731 || url,www.microsoft.com/technet/security/advisory/969898.mspx || url,pages.ebay.com/securitycenter/activex/index.html || url,doc.emergingthreats.net/2009403
1 || 2009404 || 8 || attempted-user || 0 || ET ACTIVEX HP Virtual Rooms Control Clsid Access || url,www.microsoft.com/technet/security/advisory/969898.mspx || url,h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01678405 || url,doc.emergingthreats.net/2009404
1 || 2009405 || 4 || trojan-activity || 0 || ET TROJAN Personal Defender 2009 - prinimalka.py || url,malwarebytes.besttechie.net/2008/11/03/removal-instructions-for-personal-defender-2009/ || url,doc.emergingthreats.net/2009405
1 || 2009406 || 4 || trojan-activity || 0 || ET TROJAN Personal Defender 2009 - trash.py || url,malwarebytes.besttechie.net/2008/11/03/removal-instructions-for-personal-defender-2009/ || url,doc.emergingthreats.net/2009406
1 || 2009407 || 2 || trojan-activity || 0 || ET TROJAN Koobface BLACKLABEL || url,blog.threatexpert.com/2008/12/koobface-leaves-victims-black-spot.html || url,doc.emergingthreats.net/2009407
1 || 2009408 || 8 || trojan-activity || 0 || ET TROJAN Patcher/Bankpatch V2 Communication with Controller || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS%3AWin32%2FBanker.O
1 || 2009409 || 5 || trojan-activity || 0 || ET TROJAN Patcher/Bankpatch Module Download Request || url,www.symantec.com/security_response/writeup.jsp?docid=2008-081817-1808-99&tabid=2 || url,doc.emergingthreats.net/2009409
1 || 2009410 || 5 || trojan-activity || 0 || ET TROJAN Gozi check-in / update || url,www.secureworks.com/research/threats/gozi || url,doc.emergingthreats.net/2009410
1 || 2009411 || 10 || attempted-user || 0 || ET ACTIVEX McAfee ePolicy Orchestrator naPolicyManager.dll Arbitrary Data Write Attempt || url,www.securitytracker.com/alerts/2009/Jun/1022413.html || url,www.packetstormsecurity.com/0906-exploits/mcafee-activex.txt || url,doc.emergingthreats.net/2009411
1 || 2009412 || 11 || trojan-activity || 0 || ET DELETED Generic Trojan Checkin || url,doc.emergingthreats.net/2009412
1 || 2009413 || 4 || attempted-dos || 0 || ET DELETED Possible Slowloris Tool HTTP/Proxy Denial Of Service Attempt || url,isc.sans.org/diary.html?storyid=6601 || url,www.packetstormsecurity.com/filedesc/slowloris.pl.txt.html || url,doc.emergingthreats.net/2009413
1 || 2009414 || 5 || attempted-dos || 0 || ET DOS Large amount of TCP ZeroWindow - Possible Nkiller2 DDos attack || url,doc.emergingthreats.net/2009414
1 || 2009415 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PhpBlock basicfogfactory.class.php PATH_TO_CODE Parameter Remote File Inclusion || bugtraq,28588 || url,milw0rm.com/exploits/5348 || url,doc.emergingthreats.net/2009415
1 || 2009416 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS txtSQL startup.php CFG Parameter Remote File Inclusion || bugtraq,30625 || url,milw0rm.com/exploits/6224 || url,doc.emergingthreats.net/2009416
1 || 2009417 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blogplus block_center_down.php Local File Inclusion || url,milw0rm.com/exploits/8290 || bugtraq,34261 || url,secunia.com/advisories/34480/ || url,doc.emergingthreats.net/2009417
1 || 2009418 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blogplus block_center_top.php Local File Inclusion || url,milw0rm.com/exploits/8290 || bugtraq,34261 || url,secunia.com/advisories/34480/ || url,doc.emergingthreats.net/2009418
1 || 2009420 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blogplus block_left.php Local File Inclusion || url,milw0rm.com/exploits/8290 || bugtraq,34261 || url,secunia.com/advisories/34480/ || url,doc.emergingthreats.net/2009420
1 || 2009421 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blogplus block_right.php Local File Inclusion || url,milw0rm.com/exploits/8290 || bugtraq,34261 || url,secunia.com/advisories/34480/ || url,doc.emergingthreats.net/2009421
1 || 2009422 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blogplus window_down.php Local File Inclusion || url,milw0rm.com/exploits/8290 || bugtraq,34261 || url,secunia.com/advisories/34480/ || url,doc.emergingthreats.net/2009422
1 || 2009423 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Blogplus window_top.php Local File Inclusion || url,milw0rm.com/exploits/8290 || bugtraq,34261 || url,secunia.com/advisories/34480/ || url,doc.emergingthreats.net/2009423
1 || 2009424 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AjaxPortal ajaxp_backend.php page Parameter SQL Injection || url,milw0rm.com/exploits/8341 || bugtraq,34338 || url,doc.emergingthreats.net/2009424
1 || 2009425 || 10 || web-application-attack || 0 || ET ACTIVEX BaoFeng Storm ActiveX Control OnBeforeVideoDownload Method Buffer Overflow || bugtraq,34789 || url,milw0rm.com/exploits/8579 || url,doc.emergingthreats.net/2009425
1 || 2009427 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grape Web Statistics functions.php location Parameter Remote File Inclusion || bugtraq,28838 || url,juniper.net/security/auto/vulnerabilities/vuln28838.html || url,milw0rm.com/exploits/5463 || url,doc.emergingthreats.net/2009427
1 || 2009428 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ExBB threadstop.php exbb Parameter Local File Inclusion || bugtraq,28686 || url,milw0rm.com/exploits/5405 || url,doc.emergingthreats.net/2009428
1 || 2009429 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CAT2 spaw_control.class.php spaw_root Parameter Local File Inclusion || url,xforce.iss.net/xforce/xfdb/43536 || bugtraq,30042 || url,milw0rm.com/exploits/5983 || url,doc.emergingthreats.net/2009429
1 || 2009430 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mole viewsource.php fname Parameter Local File Inclusion || url,milw0rm.com/exploits/5394 || url,secunia.com/advisories/29685 || bugtraq,28659 || url,doc.emergingthreats.net/2009430
1 || 2009431 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NewsOffice news_show.php newsoffice_directory Parameter Local File Inclusion || url,secunia.com/advisories/29797 || bugtraq,28748 || url,www.exploit-db.com/exploits/5429/ || url,doc.emergingthreats.net/2009431
1 || 2009432 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NewsOffice news_show.php newsoffice_directory Parameter Remote File Inclusion || url,secunia.com/advisories/29797 || bugtraq,28748 || url,www.exploit-db.com/exploits/5429/ || url,doc.emergingthreats.net/2009432
1 || 2009434 || 6 || web-application-attack || 0 || ET ACTIVEX Sun Java Runtime Environment ActiveX Control Multiple Remote Buffer Overflow || url,xforce.iss.net/xforce/xfdb/50508 || bugtraq,34931 || url,milw0rm.com/exploits/8665 || url,doc.emergingthreats.net/2009434
1 || 2009435 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 123 FlashChat Module 123flashchat.php e107path Parameter Remote File Inclusion || url,xforce.iss.net/xforce/xfdb/41867 || url,secunia.com/advisories/29870 || url,milw0rm.com/exploits/5459 || url,doc.emergingthreats.net/2009435
1 || 2009436 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 123 FlashChat Module 123flashchat.php e107path Parameter Local File Inclusion || url,xforce.iss.net/xforce/xfdb/41867 || url,secunia.com/advisories/29870 || url,milw0rm.com/exploits/5459 || url,doc.emergingthreats.net/2009436
1 || 2009437 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mole viewsource.php dirn Parameter Local File Inclusion || url,milw0rm.com/exploits/5394 || url,secunia.com/advisories/29685 || bugtraq,28659 || url,doc.emergingthreats.net/2009437
1 || 2009438 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (Mozilla/4.8 ru) || url,doc.emergingthreats.net/2009438
1 || 2009439 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (HelpSrvc) || url,doc.emergingthreats.net/2009439
1 || 2009440 || 6 || trojan-activity || 0 || ET DELETED Suspicious User Agent (Internet Antivirus Pro) || url,doc.emergingthreats.net/2009440
1 || 2009441 || 6 || trojan-activity || 0 || ET TROJAN Swizzor Family GET || url,www.threatexpert.com/report.aspx?md5=ed06e3cd6f57fc260194bf9fa224181e || url,doc.emergingthreats.net/2009441
1 || 2009442 || 10 || trojan-activity || 0 || ET TROJAN Murlo Trojan Checkin || url,doc.emergingthreats.net/2009442
1 || 2009443 || 5 || trojan-activity || 0 || ET TROJAN NoBo Downloader Dropper GET || url,www.spynomore.com/trojan-nobo-v1-3.htm || url,doc.emergingthreats.net/2009443
1 || 2009444 || 5 || trojan-activity || 0 || ET TROJAN Virut Family GET || url,www.f-secure.com/v-descs/virus_w32_virut.shtml || url,www.spywareremove.com/removeVirusVirutr.html || url,www.malwaredomainlist.com/mdl.php?search=lgate.php&colsearch=All&quantity=50 || url,www.threatexpert.com/reports.aspx?find=virut&x=0&y=0 || url,doc.emergingthreats.net/2009444
1 || 2009445 || 10 || trojan-activity || 0 || ET MALWARE User-Agent (AgavaDwnl) - Possibly Xema || url,doc.emergingthreats.net/2009445
1 || 2009446 || 8 || trojan-activity || 0 || ET POLICY trymedia.com User-Agent (Macrovision_DM) || url,doc.emergingthreats.net/2009445
1 || 2009447 || 7 || trojan-activity || 0 || ET TROJAN TSPY_BANKER.IDV/Infostealer.Bancos Module Download || url,doc.emergingthreats.net/2009447
1 || 2009448 || 5 || trojan-activity || 0 || ET TROJAN Zbot/Beomok/PSW - HTTP POST || url,doc.emergingthreats.net/2009448
1 || 2009449 || 4 || trojan-activity || 0 || ET TROJAN Trash Family - HTTP POST || url,www.spywareguide.com/product_show.php?id=1935 || url,www.sunbeltsecurity.com/threatdisplay.aspx?name=Trojan.Trash.Gen&tid=178782&cs=03253E96A71C3EE824071E5BE3A32CCD || url,doc.emergingthreats.net/2009449
1 || 2009450 || 6 || trojan-activity || 0 || ET TROJAN Atya Dropper Possible Rootkit - HTTP GET || url,www.paretologic.com/resources/definitions.aspx?remove=%41%67%65%6e%74%20%41%74%79%61%20%54%72%6f%6a%61%6e || url,doc.emergingthreats.net/2009450
1 || 2009451 || 6 || trojan-activity || 0 || ET TROJAN Common Trojan HTTP GET Logging || url,www.virustotal.com/analisis/df09ec9ec4e5caa42db9d08e0f9d34b378e301a1eeb3aa1e6dbd0de1aa4a66be-1246158969 || url,doc.emergingthreats.net/2009451
1 || 2009453 || 6 || trojan-activity || 0 || ET TROJAN BANLOAD Downloader GET Checkin || url,www.sophos.com/security/analyses/viruses-and-spyware/trojbanloe.html || url,doc.emergingthreats.net/2009453
1 || 2009454 || 6 || trojan-activity || 0 || ET DELETED Parite.B GET || url,www.pandasecurity.com/homeusers/security-info/18181/information/Parite.B || url,www.pctools.com/mrc/infections/id/Virus.Parite.B/ || url,www.threatexpert.com/threats/w32-parite-b.html || url,doc.emergingthreats.net/2009454
1 || 2009455 || 7 || trojan-activity || 0 || ET TROJAN FAKE AV HTTP CnC Post || url,doc.emergingthreats.net/2009455
1 || 2009456 || 5 || trojan-activity || 0 || ET DELETED Suspicious User Agent (ClickAdsByIE) || url,doc.emergingthreats.net/2009445
1 || 2009457 || 6 || trojan-activity || 0 || ET TROJAN Virut Counter/Check-in  || url,www.threatexpert.com/reports.aspx?find=ipk8888.cn&x=0&y=0 || url,doc.emergingthreats.net/2009457
1 || 2009458 || 8 || trojan-activity || 0 || ET TROJAN Win32/Sisron/BackDoor.Cybergate.1 Checkin || url,doc.emergingthreats.net/2009458
1 || 2009459 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orlando CMS classes init.php GLOBALS Parameter Remote File Inclusion || bugtraq,29820 || url,milw0rm.com/exploits/5864 || url,doc.emergingthreats.net/2009459
1 || 2009460 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orlando CMS newscat.php GLOBALS Parameter Remote File Inclusion || bugtraq,29820 || url,milw0rm.com/exploits/5864 || url,doc.emergingthreats.net/2009460
1 || 2009461 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orlando CMS init.php GLOBALS Parameter Local File Inclusion || bugtraq,29820 || url,milw0rm.com/exploits/5864 || url,doc.emergingthreats.net/2009461
1 || 2009462 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orlando CMS stage1.php GLOBALS Parameter Local File Inclusion || bugtraq,29820 || url,milw0rm.com/exploits/5864 || url,doc.emergingthreats.net/2009462
1 || 2009463 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orlando CMS stage4.php GLOBALS Parameter Local File Inclusion || bugtraq,29820 || url,milw0rm.com/exploits/5864 || url,doc.emergingthreats.net/2009463
1 || 2009464 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orlando CMS stage6.php GLOBALS Parameter Local File Inclusion || bugtraq,29820 || url,milw0rm.com/exploits/5864 || url,doc.emergingthreats.net/2009464
1 || 2009466 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Competitions Component add.php GLOBALS Parameter Remote File Inclusion || bugtraq,32192 || url,milw0rm.com/exploits/7039 || url,doc.emergingthreats.net/2009466
1 || 2009467 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Competitions Component competitions.php GLOBALS Parameter Remote File Inclusion || bugtraq,32192 || url,milw0rm.com/exploits/7039 || url,doc.emergingthreats.net/2009467
1 || 2009468 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Recly Competitions Component settings.php mosConfig_absolute_path Parameter Remote File Inclusion || bugtraq,32192 || url,milw0rm.com/exploits/7039 || url,doc.emergingthreats.net/2009468
1 || 2009469 || 11 || web-application-attack || 0 || ET ACTIVEX AOL Radio AmpX ActiveX Control ConvertFile Method Buffer Overflow || url,milw0rm.com/exploits/8733 || bugtraq,35028 || url,doc.emergingthreats.net/2009469
1 || 2009470 || 10 || trojan-activity || 0 || ET TROJAN Generic Info Stealer - HTTP POST || url,doc.emergingthreats.net/2009470
1 || 2009471 || 9 || trojan-activity || 0 || ET TROJAN Bancos/Banker Info Stealer Post || url,www.pctools.com/mrc/infections/id/Trojan.Bancos/ || url,www.threatexpert.com/reports.aspx?find=Trojan.Bancos || url,doc.emergingthreats.net/2009471
1 || 2009472 || 6 || trojan-activity || 0 || ET TROJAN Fasec/FakeAV Alert/Keylogger/Dropper/DNSChanger Possible Rootkit - HTTP GET || url,www.avast.com/eng/win32-fasec.html || url,www.threatexpert.com/threats/virus-win32-fasec.html || url,doc.emergingthreats.net/2009472
1 || 2009474 || 4 || trojan-activity || 0 || ET TROJAN Sality - Fake Opera User-Agent || url,www.spywareremove.com/removeTrojanDownloaderSalityG.html || url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM || url,doc.emergingthreats.net/2009474
1 || 2009475 || 8 || policy-violation || 0 || ET POLICY TeamViewer Dyngate User-Agent || url,www.teamviewer.com/index.aspx || url,doc.emergingthreats.net/2009475
1 || 2009476 || 8 || attempted-recon || 0 || ET SCAN Possible jBroFuzz Fuzzer Detected || url,www.owasp.org/index.php/Category%3aOWASP_JBroFuzz || url,doc.emergingthreats.net/2009476
1 || 2009477 || 3 || attempted-recon || 0 || ET SCAN SQLBrute SQL Scan Detected || url,www.justinclarke.com/archives/2006/03/sqlbrute.html || url,www.darknet.org.uk/2007/06/sqlbrute-sql-injection-brute-force-tool/ || url,doc.emergingthreats.net/2009477
1 || 2009478 || 4 || attempted-recon || 0 || ET DELETED SQLCheck Database Scan Detected || url,wiki.remote-exploit.org/backtrack/wiki/SQLcheck || url,doc.emergingthreats.net/2009478
1 || 2009479 || 8 || attempted-recon || 0 || ET SCAN Asp-Audit Web Scan Detected || url,www.hacker-soft.net/Soft/Soft_2895.htm || url,wiki.remote-exploit.org/backtrack/wiki/asp-audit || url,doc.emergingthreats.net/2009479
1 || 2009480 || 7 || attempted-recon || 0 || ET SCAN Grendel Web Scan - Default User Agent Detected || url,www.grendel-scan.com || url,doc.emergingthreats.net/2009480
1 || 2009481 || 5 || attempted-recon || 0 || ET SCAN Grendel-Scan Web Application Security Scan Detected || url,www.grendel-scan.com || url,doc.emergingthreats.net/2009481
1 || 2009483 || 4 || attempted-recon || 0 || ET SCAN Grabber.py Web Scan Detected || url,rgaucher.info/beta/grabber/ || url,doc.emergingthreats.net/2009483
1 || 2009484 || 7 || web-application-attack || 0 || ET WEB_SERVER Cpanel lastvisit.html Arbitary file disclosure || url,milw0rm.com/exploits/9039 || bugtraq,35518 || url,doc.emergingthreats.net/2009484
1 || 2009485 || 6 || attempted-recon || 0 || ET WEB_SERVER /etc/shadow Detected in URI || url,en.wikipedia.org/wiki/Shadow_password || url,doc.emergingthreats.net/2009485
1 || 2009486 || 14 || trojan-activity || 0 || ET TROJAN APT1 WEBC2-UGX Related Pingbed/Downbot User-Agent (Windows+NT+5.x) || url,www.mandiant.com/apt1 || md5,14cfaefa5b8bc6400467fba8af146b71
1 || 2009487 || 5 || trojan-activity || 0 || ET TROJAN Downloader Possible AV KILLER || url,doc.emergingthreats.net/2009487
1 || 2009491 || 4 || web-application-attack || 0 || ET DELETED Microsoft DirectShow ActiveX Exploit Attempt || url,csis.dk/dk/nyheder/nyheder.asp?tekstID=799 || url,tools.cisco.com/security/center/viewAlert.x?alertId=18595 || url,doc.emergingthreats.net/2009491
1 || 2009493 || 5 || trojan-activity || 0 || ET DELETED Likely MSVIDCTL.dll exploit in transit || url,isc.sans.org/diary.html?storyid=6733 || url,tools.cisco.com/security/center/viewAlert.x?alertId=18595 || url,doc.emergingthreats.net/2009493
1 || 2009494 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde XSS attempt colorpicker.php || url,bugs.horde.org/ticket/8399 || url,doc.emergingthreats.net/2009494
1 || 2009495 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde XSS attempt test.php || url,bugs.horde.org/ticket/8399 || url,doc.emergingthreats.net/2009495
1 || 2009496 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde XSS attempt passwd/main.php || url,bugs.horde.org/ticket/8398 || url,doc.emergingthreats.net/2009496
1 || 2009497 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde XSS attempt colorpicker.php (2) || url,bugs.horde.org/ticket/8399 || url,doc.emergingthreats.net/2009497
1 || 2009498 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde XSS attempt test.php (2) || url,bugs.horde.org/ticket/8399 || url,doc.emergingthreats.net/2009498
1 || 2009499 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde XSS attempt passwd/main.php (2) || url,bugs.horde.org/ticket/8398 || url,doc.emergingthreats.net/2009499
1 || 2009500 || 8 || web-application-attack || 0 || ET ACTIVEX Chinagames ActiveX Control CreateChinagames Method Buffer Overflow || bugtraq,34871 || url,milw0rm.com/exploits/8758 || url,doc.emergingthreats.net/2009500
1 || 2009501 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS nweb2fax viewrq.php var_filename Parameter Directory Traversal || bugtraq,29804 || url,milw0rm.com/exploits/5856 || url,doc.emergingthreats.net/2009501
1 || 2009502 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Quantum Game Library server_request.php CONFIG Parameter Remote File Inclusion || bugtraq,27945 || url,secunia.com/advisories/29077 || url,milw0rm.com/exploits/5174 || url,doc.emergingthreats.net/2009502
1 || 2009503 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Quantum Game Library server_request.php CONFIG Parameter Local File Inclusion || bugtraq,27945 || url,secunia.com/advisories/29077 || url,milw0rm.com/exploits/5174 || url,doc.emergingthreats.net/2009503
1 || 2009504 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Quantum Game Library smarty.inc.php CONFIG Parameter Remote File Inclusion || bugtraq,27945 || url,secunia.com/advisories/29077 || url,milw0rm.com/exploits/5174 || url,doc.emergingthreats.net/2009504
1 || 2009505 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Quantum Game Library smarty.inc.php CONFIG Parameter Local File Inclusion || bugtraq,27945 || url,secunia.com/advisories/29077 || url,milw0rm.com/exploits/5174 || url,doc.emergingthreats.net/2009505
1 || 2009506 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Falcon Series One sitemap.xml.php dir Parameter Remote File Inclusion || url,secunia.com/advisories/28047 || url,milw0rm.com/exploits/4712 || url,doc.emergingthreats.net/2009506
1 || 2009507 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Falcon Series One sitemap.xml.php dir Parameter Local File Inclusion || url,secunia.com/advisories/28047 || url,milw0rm.com/exploits/4712 || url,doc.emergingthreats.net/2009507
1 || 2009508 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Job2C windetail.php adtype Parameter Local File Inclusion || bugtraq,34537 || url,milw0rm.com/exploits/8443 || url,doc.emergingthreats.net/2009508
1 || 2009509 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Job2C detail.php adtype Parameter Local File Inclusion || bugtraq,34537 || url,milw0rm.com/exploits/8443 || url,doc.emergingthreats.net/2009509
1 || 2009511 || 7 || web-application-attack || 0 || ET EXPLOIT VLC web interface buffer overflow attempt || url,milw0rm.org/exploits/9029 || url,doc.emergingthreats.net/2009511
1 || 2009512 || 8 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Session) - Possible Trojan-Clicker || url,doc.emergingthreats.net/2009512
1 || 2009513 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Rentventory SQL Injection Attempt || url,www.milw0rm.com/exploits/9081 || url,doc.emergingthreats.net/2009513
1 || 2009514 || 6 || trojan-activity || 0 || ET TROJAN FAKE/ROGUE AV HTTP Post || url,doc.emergingthreats.net/2009514
1 || 2009516 || 7 || trojan-activity || 0 || ET TROJAN Generic Win32.Autorun HTTP Post || url,www.threatexpert.com/threats/worm-win32-autorun.html || url,doc.emergingthreats.net/2009516
1 || 2009517 || 8 || trojan-activity || 0 || ET TROJAN Qhosts Trojan Check-in || url,www.symantec.com/security_response/writeup.jsp?docid=2003-100116-5901-99 || url,doc.emergingthreats.net/2009517
1 || 2009518 || 4 || trojan-activity || 0 || ET TROJAN s4t4n1c Trojan Check-in || url,doc.emergingthreats.net/2009518
1 || 2009519 || 8 || trojan-activity || 0 || ET TROJAN Gaboc Trojan Check-in || url,www.threatexpert.com/report.aspx?md5=6e871b9c440d5c77b9158ebcbe3fcd4b || url,doc.emergingthreats.net/2009519
1 || 2009520 || 7 || trojan-activity || 0 || ET TROJAN Urlzone/Bebloh Trojan Check-in || url,doc.emergingthreats.net/2009520
1 || 2009521 || 4 || trojan-activity || 0 || ET TROJAN Unknown Trojan HTTP Check-in  || url,doc.emergingthreats.net/2009521
1 || 2009522 || 8 || trojan-activity || 0 || ET TROJAN Win32/Pasta Downloader - GET Checkin to Fake GIF || url,malwarebytes.org/malwarenet.php?name=Trojan.Pasta || url,doc.emergingthreats.net/2009522
1 || 2009524 || 7 || trojan-activity || 0 || ET MALWARE MySideSearch Browser Optimizer || url,www.spywareremove.com/removeMySideSearch.html || url,www.threatexpert.com/threats/adware-win32-mysidesearch.html || url,www.pctools.com/mrc/infections/id/Adware.MySideSearch/ || url,doc.emergingthreats.net/2009524
1 || 2009525 || 5 || trojan-activity || 0 || ET TROJAN Sality - Fake Opera User-Agent || url,www.spywareremove.com/removeTrojanDownloaderSalityG.html || url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM || url,doc.emergingthreats.net/2009525
1 || 2009526 || 6 || trojan-activity || 0 || ET TROJAN Downloader Checkin - Downloads Rogue Adware  || url,doc.emergingthreats.net/2009526
1 || 2009527 || 7 || trojan-activity || 0 || ET TROJAN Generic Downloader Checkin - HTTP GET  || url,doc.emergingthreats.net/2009527
1 || 2009530 || 6 || trojan-activity || 0 || ET TROJAN Sality - Fake Opera User-Agent (Opera/8.89) || url,www.spywareremove.com/removeTrojanDownloaderSalityG.html || url,www.microsoft.com/security/portal/beta/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AM || url,doc.emergingthreats.net/2009530
1 || 2009531 || 9 || trojan-activity || 0 || ET TROJAN Gamania Trojan Check-in || url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=166939 || url,doc.emergingthreats.net/2009531
1 || 2009532 || 5 || trojan-activity || 0 || ET TROJAN BackDoor-EGB Check-in || url,doc.emergingthreats.net/2009532 || url,home.mcafee.com/virusinfo/virusprofile.aspx?key=239060
1 || 2009533 || 7 || trojan-activity || 0 || ET TROJAN Keylogger Pro Update Check || url,vil.nai.com/vil/content/v_130975.htm || url,doc.emergingthreats.net/2009533
1 || 2009534 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Poker) || url,vil.nai.com/vil/content/v_130975.htm || url,doc.emergingthreats.net/2009534
1 || 2009535 || 4 || misc-activity || 0 || ET POLICY Telnet to HP JetDirect Printer With No Password Set || url,h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj05999#A3 || url,doc.emergingthreats.net/2009535
1 || 2009536 || 4 || misc-activity || 0 || ET POLICY External FTP Connection TO Local HP JetDirect Printer || url,h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj06165 || url,doc.emergingthreats.net/2009536
1 || 2009537 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Loands) - Possible Trojan Downloader GET Request || url,doc.emergingthreats.net/2009537
1 || 2009538 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ms_ie) - Crypt.ZPACK Gen Trojan Downloader GET Request || url,doc.emergingthreats.net/2009538
1 || 2009539 || 8 || trojan-activity || 0 || ET TROJAN Downloader Infostealer - GET Checkin || url,doc.emergingthreats.net/2009539
1 || 2009540 || 9 || trojan-activity || 0 || ET TROJAN PCFlashbang.com Spyware Checkin (PCFlashBangA) || url,www.ca.com/us/securityadvisor/pest/pest.aspx?id=453113169 || url,doc.emergingthreats.net/2009540
1 || 2009541 || 6 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent filled with System Details - GET Request || url,doc.emergingthreats.net/2009541
1 || 2009542 || 5 || trojan-activity || 0 || ET DELETED Silentbanker/Yaludle Checkin to C&C || url,doc.emergingthreats.net/2009542
1 || 2009544 || 6 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (InHold) - Possible Trojan Downloader GET Request || url,doc.emergingthreats.net/2009544
1 || 2009545 || 9 || trojan-activity || 0 || ET MALWARE User-Agent (_TEST_) || url,doc.emergingthreats.net/2009545
1 || 2009547 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Forthgoner) - Possible Trojan Downloader GET Request || url,doc.emergingthreats.net/2009547
1 || 2009548 || 5 || trojan-activity || 0 || ET DELETED Adware/Spyware Adrotator for Rogue AV || url,www.spywaredetector.net/spyware_encyclopedia/Trojan.Vapsup.htm || url,www.spywaredetector.net/spyware_encyclopedia/Fake AntiSpyware.POWER-ANTIVIRUS-2009.htm || url,www.threatexpert.com/threats/adware-agent-gen.html || url,novirusthanks.org/blog/2008/11/rogue-antispyware-2009-served-through-beedlyus-ads/ || url,doc.emergingthreats.net/2009548
1 || 2009549 || 6 || trojan-activity || 0 || ET TROJAN Generic Downloader - HTTP POST || url,doc.emergingthreats.net/2009549
1 || 2009550 || 8 || trojan-activity || 0 || ET TROJAN Banker PWS/Infostealer HTTP GET Checkin || url,www.pctools.com/mrc/infections/id/Trojan.Banker/ || url,doc.emergingthreats.net/2009550
1 || 2009553 || 7 || trojan-activity || 0 || ET TROJAN FAKE/ROGUE AV Encoded data= HTTP POST || url,doc.emergingthreats.net/2009553
1 || 2009554 || 6 || trojan-activity || 0 || ET TROJAN FAKE/ROGUE AV/Security Application Checkin || url,doc.emergingthreats.net/2009554
1 || 2009555 || 7 || attempted-recon || 0 || ET SCAN Absinthe SQL Injection Tool HTTP Header Detected || url,0x90.org/releases/absinthe || url,doc.emergingthreats.net/2009555
1 || 2009557 || 2 || trojan-activity || 0 || ET TROJAN Yoda's Protector Packed Binary - VERY Likely Hostile || url,doc.emergingthreats.net/2009557
1 || 2009558 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter File Download Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009558
1 || 2009559 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Process List (ps) Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009559
1 || 2009560 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Getuid Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009560
1 || 2009561 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Process Migration Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009561
1 || 2009562 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter ipconfig Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009562
1 || 2009563 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Sysinfo Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009563
1 || 2009564 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Route Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009564
1 || 2009565 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Kill Process Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009565
1 || 2009566 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Print Working Directory Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009566
1 || 2009567 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter View Current Process ID Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009567
1 || 2009568 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Execute Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009568
1 || 2009569 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter System Reboot/Shutdown Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009569
1 || 2009570 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter System Get Idle Time Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009570
1 || 2009571 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Make Directory Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009571
1 || 2009572 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Remove Directory Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009572
1 || 2009573 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Change Directory Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009573
1 || 2009574 || 3 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter List (ls) Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009574
1 || 2009575 || 3 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter rev2self Command Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009575
1 || 2009576 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Enabling/Disabling of Keyboard Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009576
1 || 2009577 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Enabling/Disabling of Mouse Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009577
1 || 2009578 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter File/Memory Interaction Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009578
1 || 2009579 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Registry Interation Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009579
1 || 2009580 || 2 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter File Upload Detected || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009580
1 || 2009581 || 4 || successful-admin || 0 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host || url,doc.emergingthreats.net/2009581
1 || 2009582 || 2 || attempted-recon || 0 || ET SCAN NMAP -sS window 1024 || url,doc.emergingthreats.net/2000537
1 || 2009583 || 2 || attempted-recon || 0 || ET SCAN NMAP -sS window 3072 || url,doc.emergingthreats.net/2000537
1 || 2009584 || 1 || attempted-recon || 0 || ET SCAN NMAP -sS window 4096 || url,doc.emergingthreats.net/2000537
1 || 2009586 || 3 || misc-activity || 0 || ET DELETED Milw0rm Exploit Launch Attempt || url,www.milw0rm.com || url,doc.emergingthreats.net/2009586
1 || 2009587 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtualmin left.cgi XSS attempt  || url,milw0rm.com/exploits/9143 || url,doc.emergingthreats.net/2009587
1 || 2009588 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtualmin link.cgi XSS attempt  || url,milw0rm.com/exploits/9143 || url,doc.emergingthreats.net/2009588
1 || 2009589 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Virtualmin Anonymous Proxy attempt || url,milw0rm.com/exploits/9143 || url,doc.emergingthreats.net/2009589
1 || 2009590 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb edituser.php XSS attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009590
1 || 2009591 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb console.php XSS attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009591
1 || 2009592 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb forcesd.php XSS attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009592
1 || 2009593 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb forcerestart.php XSS attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009593
1 || 2009594 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb changepw.php CSRF attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009594
1 || 2009595 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb hardstopvm.php CSRF attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009595
1 || 2009596 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Citrix XenCenterWeb writeconfig.php Remote Command Execution attempt || url,milw0rm.com/exploits/9106 || url,doc.emergingthreats.net/2009596
1 || 2009597 || 4 || trojan-activity || 0 || ET DELETED Adware Istbar Search Hijacker and Downloader || url,www.pctools.com/mrc/infections/id/Trojan.ISTbar/ || url,www.threatexpert.com/reports.aspx?find=Trojan.ISTbar || url,doc.emergingthreats.net/2009597
1 || 2009598 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (29) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009598
1 || 2009599 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (30) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009599
1 || 2009600 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (31) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009600
1 || 2009601 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (32) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009601
1 || 2009602 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (33) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009602
1 || 2009603 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (34) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009603
1 || 2009604 || 6 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (35) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009604
1 || 2009606 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (37) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009606
1 || 2009607 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (38) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009607
1 || 2009609 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (40) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009609
1 || 2009610 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (41) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009610
1 || 2009611 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (42) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009611
1 || 2009612 || 3 || web-application-attack || 0 || ET DELETED Vulnerable Microsoft Video ActiveX CLSID access (43) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009612
1 || 2009613 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (44) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009613
1 || 2009614 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (1) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009614
1 || 2009615 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (2) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009615
1 || 2009616 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (3) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009616
1 || 2009617 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (4) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009617
1 || 2009618 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (5) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009618
1 || 2009619 || 4 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (6) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009619
1 || 2009620 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (7) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009620
1 || 2009621 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (8) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009621
1 || 2009622 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (9) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009622
1 || 2009623 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (10) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009623
1 || 2009624 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (11) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009624
1 || 2009625 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (12) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009625
1 || 2009626 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (13) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009626
1 || 2009627 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (14) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009627
1 || 2009628 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (15) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009628
1 || 2009629 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (16) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009629
1 || 2009630 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (17) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009630
1 || 2009631 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (18) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009631
1 || 2009632 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (19) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009632
1 || 2009633 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (20) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009633
1 || 2009634 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (21) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009634
1 || 2009635 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (22) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009635
1 || 2009636 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (23) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009636
1 || 2009638 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (24) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009638
1 || 2009639 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (25) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009639
1 || 2009640 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (26) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009640
1 || 2009641 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (27) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009641
1 || 2009642 || 3 || web-application-attack || 0 || ET ACTIVEX Vulnerable Microsoft Video ActiveX CLSID access (28) || url,microsoft.com/technet/security/advisory/972890.mspx || url,doc.emergingthreats.net/2009642
1 || 2009643 || 5 || web-application-attack || 0 || ET WEB_SERVER Oracle Secure Enterprise Search 10.1.8 search Script XSS attempt || url,dsecrg.com/pages/vul/show.php?id=125 || url,doc.emergingthreats.net/2009643
1 || 2009644 || 5 || web-application-attack || 0 || ET WEB_SERVER Oracle BEA Weblogic Server 10.3 searchQuery XSS attempt || url,dsecrg.com/pages/vul/show.php?id=131 || url,doc.emergingthreats.net/2009644
1 || 2009646 || 5 || attempted-recon || 0 || ET SCAN Acunetix Version 6 (Free Edition) Scan Detected || url,www.acunetix.com/ || url,doc.emergingthreats.net/2009646
1 || 2009647 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hubscript XSS Attempt || url,www.packetstormsecurity.com/0907-exploits/hubscript-xssphpinfo.txt || url,doc.emergingthreats.net/2009647
1 || 2009650 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Hubscript PHPInfo Attempt || url,www.packetstormsecurity.com/0907-exploits/hubscript-xssphpinfo.txt || url,doc.emergingthreats.net/2009650
1 || 2009651 || 3 || successful-user || 0 || ET ATTACK_RESPONSE Metasploit Meterpreter Channel Interaction Detected, Likely Interaction With Executable || url,www.nologin.org/Downloads/Papers/meterpreter.pdf || url,doc.emergingthreats.net/2009651
1 || 2009652 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FreeWebShop startmodules.inc.php lang_file Parameter Local File Inclusion || bugtraq,34538 || url,milw0rm.com/exploits/8446 || url,doc.emergingthreats.net/2009652
1 || 2009653 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SMA-DB format.php _page_css Parameter Remote File Inclusion || bugtraq,34569 || url,milw0rm.com/exploits/8460 || url,doc.emergingthreats.net/2009653
1 || 2009654 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SMA-DB format.php _page_javascript Parameter Remote File Inclusion || bugtraq,34569 || url,milw0rm.com/exploits/8460 || url,doc.emergingthreats.net/2009654
1 || 2009656 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SMA-DB format.php _page_content Parameter Remote File Inclusion || bugtraq,34569 || url,milw0rm.com/exploits/8460 || url,doc.emergingthreats.net/2009656
1 || 2009657 || 8 || web-application-attack || 0 || ET ACTIVEX BaoFeng Storm ActiveX Control SetAttributeValue Method Buffer Overflow || bugtraq,34869 || url,juniper.net/security/auto/vulnerabilities/vuln34869.html || url,vupen.com/english/advisories/2009/1392 || url,milw0rm.com/exploits/8757 || url,doc.emergingthreats.net/2009657
1 || 2009658 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Kalptaru Infotech Automated Link Exchange Portal cat_id Parameter SQL Injection || bugtraq,29205 || url,milw0rm.com/exploits/5611 || url,doc.emergingthreats.net/2009658
1 || 2009659 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PowerPHPBoard footer.inc.php settings Parameter Local File Inclusion || cve,CVE-2008-1534 || url,juniper.net/security/auto/vulnerabilities/vuln28421.html || bugtraq,28421 || url,milw0rm.com/exploits/5303 || url,doc.emergingthreats.net/2009659
1 || 2009660 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PowerPHPBoard header.inc.php settings Parameter Local File Inclusion || cve,CVE-2008-1534 || url,juniper.net/security/auto/vulnerabilities/vuln28421.html || bugtraq,28421 || url,milw0rm.com/exploits/5303 || url,doc.emergingthreats.net/2009660
1 || 2009661 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS artmedic weblog artmedic_print.php date Parameter Local File Inclusion || url,secunia.com/advisories/28927/ || url,milw0rm.com/exploits/5116 || url,doc.emergingthreats.net/2009661
1 || 2009663 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TotalCalendar config.php inc_dir Parameter Remote File Inclusion || bugtraq,34617 || url,milw0rm.com/exploits/8494 || url,doc.emergingthreats.net/2009663
1 || 2009665 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Possible JAVA pack200-zip-exploit attempt || url,isc.sans.org/diary.html?storyid=6805&rss || url,doc.emergingthreats.net/2009665
1 || 2009667 || 2 || attempted-admin || 0 || ET POLICY FTP Frequent Administrator Login Attempts || url,doc.emergingthreats.net/2009667
1 || 2009668 || 2 || attempted-admin || 0 || ET POLICY FTP Frequent Admin Login Attempts || url,doc.emergingthreats.net/2009668
1 || 2009670 || 9 || web-application-attack || 0 || ET WEB_SERVER Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt || bugtraq,35464 || url,doc.emergingthreats.net/2009670
1 || 2009671 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS millionpixel payment.php order_id XSS attempt || url,www.packetstormsecurity.org/0907-exploits/millionpixel-xss.txt || url,doc.emergingthreats.net/2009671
1 || 2009672 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS programsrating rate.php id XSS attempt || url,www.packetstormsecurity.org/0907-exploits/programsrating-xss.txt || url,doc.emergingthreats.net/2009672
1 || 2009673 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS programsrating postcomments.php id XSS attempt || url,www.packetstormsecurity.org/0907-exploits/programsrating-xss.txt || url,doc.emergingthreats.net/2009673
1 || 2009674 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Guestbook guestbook.php mes_id SQL Injection attempt || url,www.milw0rm.com/exploits/9197 || url,doc.emergingthreats.net/2009674
1 || 2009675 || 5 || successful-recon-limited || 0 || ET ATTACK_RESPONSE Possible Ipconfig Information Detected in HTTP Response || url,en.wikipedia.org/wiki/Ipconfig || url,doc.emergingthreats.net/2009675
1 || 2009676 || 4 || successful-recon-limited || 0 || ET ATTACK_RESPONSE Ipconfig Response Detected || url,en.wikipedia.org/wiki/Ipconfig || url,doc.emergingthreats.net/2009676
1 || 2009677 || 7 || web-application-attack || 0 || ET WEB_SERVER Possible BASE Authentication Bypass Attempt || url,seclists.org/bugtraq/2009/Jun/0218.html || url,seclists.org/bugtraq/2009/Jun/0217.html || url,doc.emergingthreats.net/2009677
1 || 2009678 || 6 || attempted-admin || 0 || ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt || url,isc.sans.org/diary.html?storyid=6853 || url,www.theregister.co.uk/2009/07/21/critical_ddwrt_router_vuln/ || url,doc.emergingthreats.net/2009678 || url,www.dd-wrt.com/phpBB2/viewtopic.php?t=55173 || bid,35742 || cve,2009-2765
1 || 2009679 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phorum Possible Javascript/Remote-File-Inclusion 1 || url,www.securityfocus.com/bid/12869 || url,www.milw0rm.com/exploits/9231 || url,doc.emergingthreats.net/2009679
1 || 2009680 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phorum Possible Javascript/Remote-File-Inclusion 2 || url,www.securityfocus.com/bid/12869 || url,www.milw0rm.com/exploits/9231 || url,doc.emergingthreats.net/2009680
1 || 2009681 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phorum Possible Javascript/Remote-File-Inclusion 3 || url,www.securityfocus.com/bid/12869 || url,www.milw0rm.com/exploits/9231 || url,doc.emergingthreats.net/2009681
1 || 2009682 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phorum Possible Javascript/Remote-File-Inclusion 4 || url,www.securityfocus.com/bid/12869 || url,www.milw0rm.com/exploits/9231 || url,doc.emergingthreats.net/2009682
1 || 2009683 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phorum Possible Javascript/Remote-File-Inclusion 5 || url,www.securityfocus.com/bid/12869 || url,www.milw0rm.com/exploits/9231 || url,doc.emergingthreats.net/2009683
1 || 2009684 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Phorum Possible Javascript/Remote-File-Inclusion 6 || url,www.securityfocus.com/bid/12869 || url,www.milw0rm.com/exploits/9231 || url,doc.emergingthreats.net/2009684
1 || 2009685 || 4 || trojan-activity || 0 || ET TROJAN Unkown Trojan User-Agent (5.1 ...) || url,doc.emergingthreats.net/2009685
1 || 2009687 || 9 || web-application-attack || 0 || ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 1 || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=813 || url,doc.emergingthreats.net/2009687
1 || 2009688 || 8 || web-application-attack || 0 || ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 2 || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=813 || url,doc.emergingthreats.net/2009688
1 || 2009689 || 9 || web-application-attack || 0 || ET ACTIVEX Akamai Download Manager Stack Buffer Overflow CLSID Access 3 || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=813 || url,doc.emergingthreats.net/2009689
1 || 2009690 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMoney html.php page Remote File Inclusion || url,www.packetstormsecurity.org/0907-exploits/3awebmoney-rfi.txt || url,doc.emergingthreats.net/2009690
1 || 2009691 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebMoney html2.php page Remote File Inclusion || url,www.packetstormsecurity.org/0907-exploits/3awebmoney-rfi.txt || url,doc.emergingthreats.net/2009691
1 || 2009693 || 4 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Zen Cart Remote Code Execution  || url,www.securityfocus.com/bid/35467 || url,www.milw0rm.com/exploits/9004 || url,doc.emergingthreats.net/2009663
1 || 2009694 || 4 || trojan-activity || 0 || ET TROJAN Navipromo related update || url,doc.emergingthreats.net/2009694
1 || 2009696 || 3 || misc-activity || 0 || ET POLICY External Connection to Altiris HelpDesk || url,www.symantec.com/business/theme.jsp?themeid=altiris || url,doc.emergingthreats.net/2009696
1 || 2009697 || 3 || misc-activity || 0 || ET POLICY External Connection to Altiris Console || url,www.symantec.com/business/theme.jsp?themeid=altiris || url,doc.emergingthreats.net/2009697
1 || 2009698 || 1 || attempted-dos || 0 || ET VOIP INVITE Message Flood UDP || url,doc.emergingthreats.net/2009698
1 || 2009699 || 1 || attempted-dos || 0 || ET VOIP REGISTER Message Flood UDP || url,doc.emergingthreats.net/2009699
1 || 2009700 || 1 || attempted-dos || 0 || ET VOIP Multiple Unauthorized SIP Responses UDP || url,doc.emergingthreats.net/2009700
1 || 2009701 || 2 || attempted-dos || 0 || ET DOS DNS BIND 9 Dynamic Update DoS attempt || cve,2009-0696 || url,doc.emergingthreats.net/2009701
1 || 2009702 || 5 || policy-violation || 0 || ET POLICY DNS Update From External net || url,doc.emergingthreats.net/2009702
1 || 2009703 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (INet) || url,doc.emergingthreats.net/2009703
1 || 2009704 || 9 || trojan-activity || 0 || ET TROJAN Win32.Hupigon.dkwt Related Checkin || url,doc.emergingthreats.net/2009704
1 || 2009705 || 5 || trojan-activity || 0 || ET MALWARE W3i Related Adware/Spyware || url,www.tallemu.com/oasis2/vendor/w3i__llc/623302 || url,doc.emergingthreats.net/2009705
1 || 2009706 || 5 || misc-activity || 0 || ET POLICY Nessus Vulnerability Scanner Plugins Update || url,www.nessus.org/nessus/ || url,www.nessus.org/plugins/ || url,doc.emergingthreats.net/2009706
1 || 2009709 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMyAdmin Setup Code Injection (phpinfo) || cve,CVE-2009-1151 || url,www.securityfocus.com/bid/34236 || url,labs.neohapsis.com/2009/04/06/about-cve-2009-1151/ || url,doc.emergingthreats.net/2009709
1 || 2009710 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMyAdmin Setup Code Injection (system) || cve,CVE-2009-1151 || url,www.securityfocus.com/bid/34236 || url,labs.neohapsis.com/2009/04/06/about-cve-2009-1151/ || url,doc.emergingthreats.net/2009710
1 || 2009711 || 7 || trojan-activity || 0 || ET TROJAN Win32.Runner/Bublik Checkin || url,www.spywarecease.com/spyware-list/Spyware_Trojan.Win32.Runner.s.html || url,www.threatexpert.com/threats/trojan-win32-runner.html || md5,6d2919a92d7dda22f4bc7f9a9b15739f
1 || 2009712 || 5 || trojan-activity || 0 || ET MALWARE Adware PlusDream - GET Config Download/Update || url,doc.emergingthreats.net/2009712
1 || 2009714 || 5 || web-application-attack || 0 || ET WEB_SERVER Script tag in URI, Possible Cross Site Scripting Attempt || url,ha.ckers.org/xss.html || url,doc.emergingthreats.net/2009714
1 || 2009715 || 5 || web-application-attack || 0 || ET WEB_SERVER Onmouseover= in URI - Likely Cross Site Scripting Attempt || url,www.w3schools.com/jsref/jsref_onmouseover.asp || url,doc.emergingthreats.net/2009715
1 || 2009716 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ECShop user.php order_sn Parameter SQL Injection || bugtraq,34733 || url,milw0rm.com/exploits/8548 || url,doc.emergingthreats.net/2009716
1 || 2009717 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 1024 CMS standard.php page_include Parameter Remote File Inclusion || url,vupen.com/english/advisories/2009/0360 || url,milw0rm.com/exploits/8003 || url,doc.emergingthreats.net/2009717
1 || 2009718 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AvailScript Photo Album Script pics.php sid Parameter SQL Injection || bugtraq,31085 || url,milw0rm.com/exploits/6411 || url,doc.emergingthreats.net/2009718
1 || 2009719 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pHNews comments.php templates_dir Local File Inclusion || url,milw0rm.com/exploits/6000 || bugtraq,19838 || url,doc.emergingthreats.net/2009719
1 || 2009720 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pHNews comments.php template Local File Inclusion || url,milw0rm.com/exploits/6000 || bugtraq,19838 || url,doc.emergingthreats.net/2009720
1 || 2009723 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QuickTeam qte_web.php qte_web_path Parameter Remote File Inclusion || url,secunia.com/advisories/34997/ || url,milw0rm.com/exploits/8602 || url,doc.emergingthreats.net/2009723
1 || 2009724 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QuickTeam qte_init.php qte_root Parameter Local File Inclusion || url,secunia.com/advisories/34997/ || url,milw0rm.com/exploits/8602 || url,doc.emergingthreats.net/2009724
1 || 2009725 || 8 || web-application-attack || 0 || ET ACTIVEX Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow || url,milw0rm.com/exploits/8824 || bugtraq,23412 || url,doc.emergingthreats.net/2009725
1 || 2009726 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TotalCalendar config.php inc_dir Parameter Local File Inclusion || bugtraq,34617 || url,milw0rm.com/exploits/8494 || url,doc.emergingthreats.net/2009726
1 || 2009727 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection || cve,CVE-2008-6242 || bugtraq,32039 || url,milw0rm.com/exploits/6922 || url,doc.emergingthreats.net/2009727
1 || 2009728 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NotFTP config.php languages Parameter Local File Inclusion || url,milw0rm.com/exploits/8504 || bugtraq,34636 || url,doc.emergingthreats.net/2009728
1 || 2009729 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TotalCalendar cms_detect.php include Parameter Local File Inclusion || url,milw0rm.com/exploits/8503 || bugtraq,34634 || url,doc.emergingthreats.net/2009729
1 || 2009730 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JobHut browse.php pk Parameter SQL Injection || bugtraq,34300 || url,milw0rm.com/exploits/8318 || url,doc.emergingthreats.net/2009730
1 || 2009731 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VS Panel showcat.php Cat_ID Parameter SQL Injection || bugtraq,34648 || url,milw0rm.com/exploits/8506 || url,doc.emergingthreats.net/2009731
1 || 2009733 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Golabi index_logged.php cur_module Parameter Remote File Inclusion || url,milw0rm.com/exploits/8112 || url,vupen.com/english/advisories/2009/0553 || bugtraq,33916 || url,doc.emergingthreats.net/2009733
1 || 2009734 || 8 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 212cafe Board view.php qID Parameter SQL Injection || bugtraq,31426 || url,xforce.iss.net/xforce/xfdb/45428 || url,milw0rm.com/exploits/6578 || url,doc.emergingthreats.net/2009734
1 || 2009735 || 8 || web-application-attack || 0 || ET ACTIVEX Roxio CinePlayer IAManager.dll ActiveX Control Buffer Overflow || url,xforce.iss.net/xforce/xfdb/50868 || url,milw0rm.com/exploits/8835 || url,doc.emergingthreats.net/2009735
1 || 2009736 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProjectCMS select_image.php dir Parameter Directory Traversal || url,milw0rm.com/exploits/8608 || bugtraq,34816 || url,doc.emergingthreats.net/2009736
1 || 2009737 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProjectCMS admin_theme_remove.php file Parameter Remote Directory Delete || url,milw0rm.com/exploits/8608 || bugtraq,34816 || url,doc.emergingthreats.net/2009737
1 || 2009738 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS X-BLC get_read.php section Parameter SQL Injection || url,milw0rm.com/exploits/8258 || bugtraq,34197 || url,doc.emergingthreats.net/2009738
1 || 2009739 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DMXReady Multiple Products upload_image_category.asp cid Parameter SQL Injection || bugtraq,33253 || url,xforce.iss.net/xforce/xfdb/47959 || url,milw0rm.com/exploits/7767 || url,doc.emergingthreats.net/2009739
1 || 2009740 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BibCiter projects.php idp Parameter SQL Injection || url,secunia.com/advisories/33555 || bugtraq,33329 || url,milw0rm.com/exploits/7814 || url,doc.emergingthreats.net/2009740
1 || 2009741 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BibCiter contacts.php idc Parameter SQL Injection || url,secunia.com/advisories/33555 || bugtraq,33329 || url,milw0rm.com/exploits/7814 || url,doc.emergingthreats.net/2009741
1 || 2009742 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BibCiter users.php idu Parameter SQL Injection || url,secunia.com/advisories/33555 || bugtraq,33329 || url,milw0rm.com/exploits/7814 || url,doc.emergingthreats.net/2009742
1 || 2009743 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpDatingClub website.php page Parameter Local File Inclusion || bugtraq,30176 || url,milw0rm.com/exploits/6037 || url,doc.emergingthreats.net/2009743
1 || 2009744 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SuperNews valor.php noticia Parameter SQL Injection || url,milw0rm.com/exploits/8255 || bugtraq,34195 || url,doc.emergingthreats.net/2009744
1 || 2009745 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flatchat pmscript.php with Parameter Local File Inclusion || url,milw0rm.com/exploits/8549 || bugtraq,34734 || url,doc.emergingthreats.net/2009745
1 || 2009746 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QuickTeam qte_web.php qte_web_path Parameter Local File Inclusion || url,secunia.com/advisories/34997/ || url,milw0rm.com/exploits/8602 || url,doc.emergingthreats.net/2009746
1 || 2009747 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AvailScript Article Script articles.php aIDS Parameter SQL Injection || cve,CVE-2008-4371 || url,secunia.com/advisories/31816/ || url,milw0rm.com/exploits/6409 || url,doc.emergingthreats.net/2009747
1 || 2009749 || 4 || attempted-recon || 0 || ET SCAN Unusually Fast 403 Error Messages, Possible Web Application Scan || url,www.checkupdown.com/status/E403.html || url,doc.emergingthreats.net/2009749
1 || 2009750 || 6 || trojan-activity || 0 || ET TROJAN Banker/Bancos/Infostealer Possible Rootkit - HTTP HEAD Request || url,www.pctools.com/mrc/infections/id/Trojan.Banker/ || url,www.anti-spyware-101.com/remove-trojanbanker || url,doc.emergingthreats.net/2009750
1 || 2009751 || 9 || trojan-activity || 0 || ET TROJAN Fraudload/FakeAlert/FakeVimes Downloader - POST || url,www.pctools.com/mrc/infections/id/Trojan-Downloader.FraudLoad/ || url,www.threatexpert.com/reports.aspx?find=Trojan-Downloader.FraudLoad || url,doc.emergingthreats.net/2009751
1 || 2009752 || 7 || trojan-activity || 0 || ET TROJAN Monkif/DlKroha Trojan Activity HTTP Outbound || url,doc.emergingthreats.net/2009752 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32%2fMonkif.C
1 || 2009754 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat install.clickheat.php mosConfig_absolute_path Remote File Inclusion || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009754
1 || 2009755 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat _main.php mosConfig_absolute_path Parameter Remote File Inclusion - 1 || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009755
1 || 2009756 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion - 2 || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009756
1 || 2009757 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat Cache.php mosConfig_absolute_path Remote File Inclusion || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009757
1 || 2009758 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat Clickheat_Heatmap.php mosConfig_absolute_path Remote File Inclusion || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009758
1 || 2009759 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat GlobalVariables.php mosConfig_absolute_path Remote File Inclusion - 1 || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009759
1 || 2009760 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Clickheat main.php mosConfig_absolute_path Parameter Remote File Inclusion -2 || url,milw0rm.com/exploits/7038 || bugtraq,32190 || url,doc.emergingthreats.net/2009760
1 || 2009761 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LWS php User Base unverified.inc.php template Parameter Local File Inclusion || bugtraq,27964 || url,juniper.net/security/auto/vulnerabilities/vuln27964.html || url,www.exploit-db.com/exploits/5179/ || url,doc.emergingthreats.net/2009761
1 || 2009764 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cyberfolio css.php theme Parameter Local File Inclusion || cve,CVE-2008-6265 || bugtraq,32218 || url,vupen.com/english/advisories/2008/3070 || url,milw0rm.com/exploits/7065 || url,doc.emergingthreats.net/2009764
1 || 2009765 || 8 || trojan-activity || 0 || ET MALWARE Pivim Multibar User-Agent (Pivim Multibar) || url,doc.emergingthreats.net/2009765
1 || 2009766 || 9 || trojan-activity || 0 || ET MALWARE IE Toolbar User-Agent (IEToolbar) || url,doc.emergingthreats.net/2009766
1 || 2009767 || 4 || attempted-recon || 0 || ET SCAN Multiple NBTStat Query Responses to External Destination, Possible Automated Windows Network Enumeration || url,technet.microsoft.com/en-us/library/cc940106.aspx || url,doc.emergingthreats.net/2009767
1 || 2009768 || 4 || attempted-recon || 0 || ET SCAN NBTStat Query Response to External Destination, Possible Windows Network Enumeration || url,technet.microsoft.com/en-us/library/cc940106.aspx || url,doc.emergingthreats.net/2009768
1 || 2009769 || 3 || attempted-recon || 0 || ET SCAN SQL Power Injector SQL Injection User Agent Detected || url,www.sqlpowerinjector.com/index.htm || url,en.wikipedia.org/wiki/Sql_injection || url,doc.emergingthreats.net/2009769
1 || 2009770 || 6 || web-application-attack || 0 || ET WEB_SERVER Possible UNION SELECT SQL Injection In Cookie || url,www.w3schools.com/sql/sql_union.asp || url,www.w3schools.com/sql/sql_select.asp || url,en.wikipedia.org/wiki/SQL_injection || url,www.owasp.org/index.php/SQL_Injection || url,doc.emergingthreats.net/2009770
1 || 2009771 || 6 || web-application-attack || 0 || ET WEB_SERVER Possible SELECT FROM SQL Injection In Cookie || url,www.w3schools.com/sql/sql_select.asp || url,en.wikipedia.org/wiki/SQL_injection || url,www.owasp.org/index.php/SQL_Injection || url,doc.emergingthreats.net/2009771
1 || 2009772 || 6 || web-application-attack || 0 || ET WEB_SERVER Possible DELETE FROM SQL Injection In Cookie || url,www.w3schools.com/Sql/sql_delete.asp || url,en.wikipedia.org/wiki/SQL_injection || url,www.owasp.org/index.php/SQL_Injection || url,doc.emergingthreats.net/2009772
1 || 2009773 || 36 || web-application-attack || 0 || ET WEB_SERVER Possible INSERT INTO SQL Injection In Cookie || url,www.w3schools.com/SQL/sql_insert.asp || url,en.wikipedia.org/wiki/SQL_injection || url,www.owasp.org/index.php/SQL_Injection || url,doc.emergingthreats.net/2009773
1 || 2009776 || 7 || trojan-activity || 0 || ET TROJAN Oficla Downloader Activity Observed || url,www.threatexpert.com/report.aspx?md5=38e1d644e2a16041b5ec1a02826df280 || url,www.threatexpert.com/report.aspx?md5=1db0c8d48a76662496af7faf581b1cf0 || url,doc.emergingthreats.net/2009776
1 || 2009778 || 7 || attempted-recon || 0 || ET WEB_SPECIFIC_APPS Joomla Full Path Disclosure -- php5x.php || bugtraq,35780 || url,www.securityfocus.com/archive/1/505231 || url,doc.emergingthreats.net/2009778
1 || 2009779 || 6 || attempted-recon || 0 || ET WEB_SPECIFIC_APPS Joomla Full Path Disclosure -- ldap.php || bugtraq,35780 || url,www.securityfocus.com/archive/1/505231 || url,doc.emergingthreats.net/2009779
1 || 2009780 || 6 || attempted-recon || 0 || ET WEB_SPECIFIC_APPS Joomla Full Path Disclosure -- content.php || bugtraq,35780 || url,www.securityfocus.com/archive/1/505231 || url,doc.emergingthreats.net/2009780
1 || 2009783 || 8 || trojan-activity || 0 || ET MALWARE RubyFortune Spyware Capabilities User-Agent (Microgaming Install Program) - GET || url,vil.nai.com/vil/content/v_151034.htm || url,www.emsisoft.com/en/malware/?Adware.Win32.Ruby+Fortune+Casino+3.2.0.25 || url,www.threatexpert.com/reports.aspx?find=mgsmup.com || url,doc.emergingthreats.net/2009783
1 || 2009785 || 8 || trojan-activity || 0 || ET MALWARE QVOD Related Spyware/Malware User-Agent (Qvod) || url,www.siteadvisor.com/sites/update.qvod.com || url,www.threatexpert.com/reports.aspx?find=update.qvod.com || url,doc.emergingthreats.net/2009785
1 || 2009787 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Community CMS view.php article_id Parameter SQL Injection || bugtraq,34303 || url,milw0rm.com/exploits/8323 || url,doc.emergingthreats.net/2009787
1 || 2009788 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RSS-aggregator display.php path Parameter Remote File Inclusion || bugtraq,29873 || url,milw0rm.com/exploits/5900 || url,doc.emergingthreats.net/2009788
1 || 2009789 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TinyButStrong bs_us_examples_0view.php script Parameter Local File Inclusion || url,milw0rm.com/exploits/8667 || url,vupen.com/english/advisories/2009/1304 || url,doc.emergingthreats.net/2009789
1 || 2009790 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS beLive arch.php arch Parameter Local File Inclusion || url,milw0rm.com/exploits/8680 || bugtraq,34968 || url,secunia.com/advisories/35059/ || url,doc.emergingthreats.net/2009790
1 || 2009791 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GS Real Estate Portal email.php AgentID Parameter SQL Injection || url,juniper.net/security/auto/vulnerabilities/vuln32307.html || url,xforce.iss.net/xforce/xfdb/46638 || url,milw0rm.com/exploits/7117 || url,doc.emergingthreats.net/2009791
1 || 2009792 || 8 || web-application-attack || 0 || ET ACTIVEX Avax Vector avPreview.ocx ActiveX Control Buffer Overflow || url,packetstormsecurity.nl/0907-exploits/avax13-dos.txt || bugtraq,35582 || url,juniper.net/security/auto/vulnerabilities/vuln35583.html || url,doc.emergingthreats.net/2009792
1 || 2009793 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Crawler footer.php footer_file Parameter Remote File Inclusion || bugtraq,31217 || url,milw0rm.com/exploits/6475 || url,doc.emergingthreats.net/2009793
1 || 2009794 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VidShare Pro listing_video.php catid Parameter SQL Injection || url,milw0rm.com/exploits/8737 || bugtraq,35033 || url,doc.emergingthreats.net/2009794
1 || 2009795 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dog Pedigree Online Database managePerson.php personId Parameter SQL Injection || bugtraq,35032 || url,milw0rm.com/exploits/8738 || url,doc.emergingthreats.net/2009795
1 || 2009796 || 8 || trojan-activity || 0 || ET MALWARE FakeAV Windows Protection Suite/ReleaseXP.exe User-Agent (Releasexp) || url,doc.emergingthreats.net/2009796
1 || 2009797 || 3 || trojan-activity || 0 || ET TROJAN Bifrose Response from victim || url,doc.emergingthreats.net/2009797
1 || 2009798 || 2 || policy-violation || 0 || ET POLICY Carbonite Online Backup SSL Handshake || url,doc.emergingthreats.net/2009798
1 || 2009799 || 5 || web-application-attack || 0 || ET WEB_SERVER PHP Attack Tool Morfeus F Scanner - M || url,www.webmasterworld.com/search_engine_spiders/3227720.htm || url,doc.emergingthreats.net/2003466
1 || 2009800 || 4 || policy-violation || 0 || ET POLICY Carbonite.com Backup Software Leaking MAC Address || url,doc.emergingthreats.net/2009800
1 || 2009801 || 8 || policy-violation || 0 || ET POLICY Carbonite.com Backup Software User-Agent (Carbonite Installer) || url,doc.emergingthreats.net/2009801
1 || 2009803 || 6 || trojan-activity || 0 || ET DELETED Downloader Generic - GET || url,doc.emergingthreats.net/2009803
1 || 2009804 || 7 || trojan-activity || 0 || ET TROJAN Screenblaze SCR Related Backdoor - GET || url,vil.nai.com/vil/content/v_156782.htm || url,www.spywaredetector.net/spyware_encyclopedia/Backdoor.Prosti.htm || url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=207702#none || url,www.threatexpert.com/report.aspx?md5=0bcdc9c2e2102f36f594b9e727dae3c7 || url,doc.emergingthreats.net/2009804
1 || 2009805 || 5 || trojan-activity || 0 || ET TROJAN Luder.B User-Agent (Mozilla/4.0 (SPGK)) - GET || url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=212955#none || url,www.threatexpert.com/threats/virus-win32-luder-b.html || url,doc.emergingthreats.net/2009805
1 || 2009806 || 5 || trojan-activity || 0 || ET TROJAN Poison Ivy RAT/Backdoor follow on POST Data PUSH Packet || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPoisonivy.I&ThreatID=-2147363597 || url,www.viruslist.com/en/viruses/encyclopedia?virusid=133781 || url,doc.emergingthreats.net/2009806
1 || 2009807 || 5 || trojan-activity || 0 || ET MALWARE 2020search/PowerSearch Toolbar Adware/Spyware - GET || url,vil.nai.com/vil/content/v_103738.htm || url,www.sunbeltsecurity.com/ThreatDisplay.aspx?tid=13811&cs=1437A28B7A90C4C502B683CE6DE23C4E || url,www.symantec.com/security_response/writeup.jsp?docid=2004-111918-0210-99 || url,doc.emergingthreats.net/2009807
1 || 2009808 || 5 || trojan-activity || 0 || ET TROJAN Win32.Virut - GET || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fVirut || url,www.avast.com/eng/win32-virut.html || url,free.avg.com/66558 || url,www.threatexpert.com/threats/virus-win32-virut-ce.html || url,doc.emergingthreats.net/2009808
1 || 2009809 || 2 || trojan-activity || 0 || ET TROJAN Generic/Unknown Downloader Config to client || url,doc.emergingthreats.net/2009809
1 || 2009810 || 8 || trojan-activity || 0 || ET TROJAN Swizzor-based Downloader - Invalid User-Agent (Mozilla/4.0 (compatible MSIE 7.0 na .NET CLR 2.0.50727 .NET CLR 3.0.4506.2152 .NET CLR 3.5.30729)) || url,www.cyber-ta.org/releases/malware-analysis/public/2009-07-12-public/ARCHIVE/1247423556.chatter || url,doc.emergingthreats.net/2009810
1 || 2009811 || 6 || trojan-activity || 0 || ET TROJAN KillAV/Dropper/Mdrop/Hupigon - HTTP GET || url,doc.emergingthreats.net/2009811
1 || 2009812 || 7 || trojan-activity || 0 || ET TROJAN AVKiller with Backdoor checkin || url,doc.emergingthreats.net/2009812
1 || 2009813 || 3 || trojan-activity || 0 || ET TROJAN Trojan.MyDNS DNSChanger - HTTP POST || url,doc.emergingthreats.net/2009813
1 || 2009814 || 8 || trojan-activity || 0 || ET TROJAN Downloader (Win32.Doneltart) Checkin - HTTP GET || url,doc.emergingthreats.net/2009814
1 || 2009815 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_cmdshell Stored Procedure Via URI || url,msdn.microsoft.com/en-us/library/ms175046.aspx || url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm || url,doc.emergingthreats.net/2009815
1 || 2009816 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_servicecontrol Stored Procedure Via URI || url,www.sqlusa.com/bestpractices2005/administration/xpservicecontrol/ || url,doc.emergingthreats.net/2009816
1 || 2009817 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL sp_adduser Stored Procedure Via URI to Create New Database User || url,technet.microsoft.com/en-us/library/ms181422.aspx || url,doc.emergingthreats.net/2009817
1 || 2009818 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_regread/xp_regwrite/xp_regdeletevalue/xp_regdeletekey Stored Procedure Via URI to Modify Registry || url,www.mssqlcity.com/Articles/Undoc/UndocExtSP.htm || url,www.sql-server-performance.com/articles/dev/extended_stored_procedures_p1.aspx || url,doc.emergingthreats.net/2009818
1 || 2009819 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_fileexist Stored Procedure Via URI to Locate Files On Disk || url,www.mssqlcity.com/Articles/Undoc/UndocExtSP.htm || url,www.dugger-it.com/articles/xp_fileexist.asp || url,www.sql-server-performance.com/articles/dev/extended_stored_procedures_p1.aspx || url,doc.emergingthreats.net/2009819
1 || 2009820 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_enumerrorlogs Stored Procedure Via URI to View Error Logs || url,www.mssqlcity.com/Articles/Undoc/UndocExtSP.htm || url,www.sql-server-performance.com/articles/dev/extended_stored_procedures_p1.aspx || url,doc.emergingthreats.net/2009820
1 || 2009822 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_readerrorlogs Stored Procedure Via URI to View Error Logs || url,www.sql-server-performance.com/articles/dev/extended_stored_procedures_p1.aspx || url,www.sqlteam.com/article/using-xp_readerrorlog-in-sql-server-2005 || url,doc.emergingthreats.net/2009822
1 || 2009823 || 5 || web-application-attack || 0 || ET WEB_SERVER Attempt To Access MSSQL xp_enumdsn/xp_enumgroups/xp_ntsec_enumdomains Stored Procedure Via URI || url,www.mssqlcity.com/Articles/Undoc/UndocExtSP.htm || url,ferruh.mavituna.com/sql-injection-cheatsheet-oku/ || url,msdn.microsoft.com/en-us/library/ms173792.aspx || url,doc.emergingthreats.net/2009823
1 || 2009824 || 6 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Delf followon POST Data PUSH Packet || url,www.threatexpert.com/threats/trojan-downloader-win32-delf.html || url,doc.emergingthreats.net/2009824
1 || 2009825 || 8 || trojan-activity || 0 || ET TROJAN Win32.VB.tdq - Fake User-Agent || url,vil.nai.com/vil/content/v_187654.htm || url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=187654 || url,doc.emergingthreats.net/2009825
1 || 2009826 || 9 || trojan-activity || 0 || ET DELETED Generic Backdoor Retrieve Instructions/Configs - HTTP GET || url,doc.emergingthreats.net/2009826
1 || 2009827 || 3 || attempted-recon || 0 || ET SCAN Pavuk User Agent Detected - Website Mirroring Tool for Off-line Analysis || url,pavuk.sourceforge.net/about.html || url,doc.emergingthreats.net/2009827
1 || 2009828 || 6 || attempted-admin || 0 || ET EXPLOIT Possible IIS FTP Exploit attempt - Large SITE command || url,www.milw0rm.com/exploits/9541 || url,doc.emergingthreats.net/2009828 || cve,2009-3023
1 || 2009829 || 4 || trojan-activity || 0 || ET TROJAN Virut/Virutas/Virtob/QQHelper Dropper Family - HTTP GET || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FQQHelper.gen!E&ThreatID=-2147371486 || url,www.sophos.com/security/analyses/viruses-and-spyware/w32viruti.html || url,www.threatexpert.com/threats/w32-virut-i.html || url,doc.emergingthreats.net/2009829
1 || 2009830 || 7 || trojan-activity || 0 || ET TROJAN Win32/Wombot.A checkin Possible Bruteforcer for Web Forms and Accounts - HTTP POST || url,doc.emergingthreats.net/2009830 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FWombot.A
1 || 2009831 || 6 || trojan-activity || 0 || ET MALWARE Topgame-online.com Ruch Casino Install User-Agent (RichCasino) || url,doc.emergingthreats.net/2009831
1 || 2009832 || 3 || attempted-recon || 0 || ET SCAN DCERPC rpcmgmt ifids Unauthenticated BIND || url,www.symantec.com/avcenter/reference/Vista_Network_Attack_Surface_RTM.pdf || url,www.blackhat.com/presentations/win-usa-04/bh-win-04-seki-up2.pdf || url,seclists.org/fulldisclosure/2003/Aug/0432.html || url,doc.emergingthreats.net/2009832
1 || 2009833 || 9 || attempted-recon || 0 || ET SCAN WITOOL SQL Injection Scan || url,witool.sourceforge.net/ || url,doc.emergingthreats.net/2009833
1 || 2009834 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla portalid Component UNION SELECT SQL Injection || url,www.exploit-db.com/exploits/9563/ || url,www.securityfocus.com/bid/36206/info || url,doc.emergingthreats.net/2009834
1 || 2009835 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla portalid Component SELECT FROM SQL Injection || url,www.exploit-db.com/exploits/9563/ || url,www.securityfocus.com/bid/36206/info || url,doc.emergingthreats.net/2009835
1 || 2009836 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla portalid Component DELETE FROM SQL Injection || url,www.exploit-db.com/exploits/9563/ || url,www.securityfocus.com/bid/36206/info || url,doc.emergingthreats.net/2009836
1 || 2009837 || 7 || attempted-recon || 0 || ET DELETED OWASP Joomla Vulnerability Scanner Detected || url,www.owasp.org/index.php/Category%3aOWASP_Joomla_Vulnerability_Scanner_Project || url,doc.emergingthreats.net/2009837
1 || 2009838 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News search.php config Parameter Remote File Inclusion || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009838
1 || 2009839 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News archive.php config Parameter Remote File Inclusion -1 || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009839
1 || 2009840 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News Archive.php config Parameter Remote File Inclusion -2 || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009840
1 || 2009841 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News comments.php config Parameter Remote File Inclusion -1 || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009841
1 || 2009842 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News Comments.php config Parameter Remote File Inclusion -2 || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009842
1 || 2009843 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News news.php config Parameter Remote File Inclusion -1 || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009843
1 || 2009844 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News News.php config Parameter Remote File Inclusion -2 || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009844
1 || 2009845 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News SendFriend.php config Parameter Remote File Inclusion || bugtraq,33434 || url,juniper.net/security/auto/vulnerabilities/vuln33434.html || url,doc.emergingthreats.net/2009845
1 || 2009846 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WB News global.php config Parameter Remote File Inclusion || url,secunia.com/advisories/33691 || url,milw0rm.com/exploits/8026 || url,doc.emergingthreats.net/2009846
1 || 2009847 || 7 || web-application-attack || 0 || ET ACTIVEX Symantec Security Check RuFSI ActiveX Control Buffer Overflow || bugtraq,8008 || url,xforce.iss.net/xforce/xfdb/12423 || url,juniper.net/security/auto/vulnerabilities/vuln8008.html || url,doc.emergingthreats.net/2009847
1 || 2009848 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dragoon header.inc.php root Parameter Remote File Inclusion || url,milw0rm.com/exploits/5393 || bugtraq,28660 || url,doc.emergingthreats.net/2009848
1 || 2009849 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz num_questions.php quiz Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009849
1 || 2009850 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz answers.php quiz Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009850
1 || 2009851 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz answers.php order_number Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009851
1 || 2009852 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz high_score_web.php quiz Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009852
1 || 2009853 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz results_table_web.php quiz Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009853
1 || 2009854 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz question.php quiz Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009854
1 || 2009855 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz question.php order_number Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009855
1 || 2009856 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Quiz high_score.php quiz Parameter SQL Injection || bugtraq,35060 || url,milw0rm.com/exploits/8759 || url,doc.emergingthreats.net/2009856
1 || 2009857 || 7 || web-application-attack || 0 || ET ACTIVEX Awingsoft Web3D Player Remote Buffer Overflow || url,secunia.com/advisories/35764/ || url,milw0rm.com/exploits/9116 || url,shinnai.net/xplits/TXT_nsGUdeley3EHfKEV690p.html || url,doc.emergingthreats.net/2009857
1 || 2009858 || 8 || attempted-user || 0 || ET ACTIVEX Possible PPStream MList.ocx Buffer Overflow Attempt || url,www.securityfocus.com/bid/36234/info || url,doc.emergingthreats.net/2009858
1 || 2009860 || 5 || attempted-admin || 0 || ET EXPLOIT IIS FTP Exploit - NLST Globbing Exploit || url,www.milw0rm.com/exploits/9541 || url,doc.emergingthreats.net/2009860 || cve,2009-3023
1 || 2009861 || 6 || trojan-activity || 0 || ET MALWARE ErrorNuker FakeAV User-Agent (ERRN2004 (Windows XP)) || url,doc.emergingthreats.net/2009861
1 || 2009862 || 3 || trojan-activity || 0 || ET TROJAN Banker Trojan CnC AddNew Command || url,doc.emergingthreats.net/2009862
1 || 2009863 || 3 || trojan-activity || 0 || ET TROJAN Banker Trojan CnC Hello Command || url,doc.emergingthreats.net/2009863
1 || 2009864 || 5 || trojan-activity || 0 || ET DELETED Banker Trojan CnC Server Ping || url,doc.emergingthreats.net/2009864
1 || 2009867 || 6 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Mozilla/3.0 (compatible)) || url,doc.emergingthreats.net/2009867
1 || 2009868 || 11 || attempted-user || 0 || ET ACTIVEX Possible Acer LunchApp Arbitrary Code Exucution Attempt || url,securitytracker.com/alerts/2009/Aug/1022752.html || url,www.kb.cert.org/vuls/id/485961 || url,www.securityfocus.com/bid/21207/info || url,doc.emergingthreats.net/2009868
1 || 2009869 || 9 || attempted-user || 0 || ET ACTIVEX Possible SmartVMD VideoMovement.dll Buffer Overflow Attempt || url,www.securityfocus.com/bid/36217/info || url,doc.emergingthreats.net/2009869
1 || 2009870 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XRMS CRM workflow-activities.php include_directory Remote File Inclusion || cve,CVE-2008-3399 || url,milw0rm.com/exploits/6131 || url,xforce.iss.net/xforce/xfdb/43992 || url,doc.emergingthreats.net/2009870
1 || 2009871 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPauction GPL converter.inc.php include_path Parameter Remote File Inclusion || url,vupen.com/english/advisories/2008/0908 || bugtraq,28284 || url,milw0rm.com/exploits/5266 || url,doc.emergingthreats.net/2009871
1 || 2009872 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPauction GPL messages.inc.php include_path Parameter Remote File Inclusion || url,vupen.com/english/advisories/2008/0908 || bugtraq,28284 || url,milw0rm.com/exploits/5266 || url,doc.emergingthreats.net/2009872
1 || 2009873 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPauction GPL settings.inc.php include_path Parameter Remote File Inclusion || url,vupen.com/english/advisories/2008/0908 || bugtraq,28284 || url,milw0rm.com/exploits/5266 || url,doc.emergingthreats.net/2009873
1 || 2009874 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce _functions.php GLOBALS Parameter Remote File Inclusion || bugtraq,35103 || url,milw0rm.com/exploits/8790 || url,doc.emergingthreats.net/2009874
1 || 2009875 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cpCommerce _functions.php GLOBALS Parameter Local File Inclusion || bugtraq,35103 || url,milw0rm.com/exploits/8790 || url,doc.emergingthreats.net/2009875
1 || 2009876 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokuwiki doku.php config_cascade Local File Inclusion || bugtraq,35095 || url,milw0rm.com/exploits/8781 || url,doc.emergingthreats.net/2009876
1 || 2009877 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VirtueMart Google Base Component admin.googlebase.php Remote File Inclusion || bugtraq,32098 || url,milw0rm.com/exploits/6975 || url,doc.emergingthreats.net/2009877
1 || 2009878 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Harlandscripts Pro Traffic One mypage.php trg Parameter SQL Injection || url,secunia.com/advisories/32467 || bugtraq,31986 || url,milw0rm.com/exploits/6874 || url,doc.emergingthreats.net/2009878
1 || 2009880 || 6 || trojan-activity || 0 || ET MALWARE Casalemedia Spyware Reporting URL Visited 3 || url,doc.emergingthreats.net/2009880
1 || 2009881 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla Com_joomlub Component Union Select SQL Injection || url,www.exploit-db.com/exploits/9593/ || url,doc.emergingthreats.net/2009881
1 || 2009882 || 3 || attempted-recon || 0 || ET SCAN Default Mysqloit User Agent Detected - Mysql Injection Takover Tool || url,code.google.com/p/mysqloit/ || url,doc.emergingthreats.net/2009882
1 || 2009883 || 5 || attempted-recon || 0 || ET SCAN Possible Mysqloit Operating System Fingerprint/SQL Injection Test Scan Detected || url,code.google.com/p/mysqloit/ || url,doc.emergingthreats.net/2009883
1 || 2009884 || 3 || attempted-recon || 0 || ET SCAN Unusually Fast 400 Error Messages (Bad Request), Possible Web Application Scan || url,www.w3.org/Protocols/rfc2616/rfc2616-sec10.html || url,support.microsoft.com/kb/247249 || url,doc.emergingthreats.net/2009884
1 || 2009885 || 3 || attempted-recon || 0 || ET SCAN Unusually Fast 404 Error Messages (Page Not Found), Possible Web Application Scan/Directory Guessing Attack || url,www.w3.org/Protocols/rfc2616/rfc2616-sec10.html || url,en.wikipedia.org/wiki/HTTP_404 || url,doc.emergingthreats.net/2009885
1 || 2009886 || 4 || attempted-dos || 0 || ET NETBIOS Remote SMB2.0 DoS Exploit || url,securityreason.com/exploitalert/7138 || url,doc.emergingthreats.net/2009886
1 || 2009887 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProjectButler RFI attempt  || url,www.sans.org/top20/ || url,www.packetstormsecurity.org/0908-exploits/projectbutler-rfi.txt || url,doc.emergingthreats.net/2009887
1 || 2009888 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXcms RFI attempt (1)  || url,www.sans.org/top20/ || url,packetstormsecurity.org/0908-exploits/maxcms-rfi.txt || url,doc.emergingthreats.net/2009888
1 || 2009889 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXcms RFI attempt (2)  || url,www.sans.org/top20/ || url,packetstormsecurity.org/0908-exploits/maxcms-rfi.txt || url,doc.emergingthreats.net/2009889
1 || 2009890 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXcms RFI attempt (3)  || url,www.sans.org/top20/ || url,packetstormsecurity.org/0908-exploits/maxcms-rfi.txt || url,doc.emergingthreats.net/2009890
1 || 2009891 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXcms RFI attempt (4)  || url,www.sans.org/top20/ || url,packetstormsecurity.org/0908-exploits/maxcms-rfi.txt || url,doc.emergingthreats.net/2009891
1 || 2009892 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Paid4Mail RFI attempt  || url,packetstormsecurity.org/0907-exploits/paid4mail-rfi.txt || url,doc.emergingthreats.net/2009892
1 || 2009893 || 7 || attempted-user || 0 || ET ACTIVEX Possible HTTP ACTi SetText() nvUnifiedControl.dll Buffer Overflow Attempt || url,tools.cisco.com/security/center/viewIpsSignature.x?signatureId=18237&signatureSubId=1&softwareVersion=6.0&releaseVersion=S429 || url,www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=22546 || url,www.securityfocus.com/bid/25465 || url,doc.emergingthreats.net/2009893
1 || 2009894 || 7 || attempted-user || 0 || ET ACTIVEX Possible HTTP ACTi SaveXMLFile()/DeleteXMLFile() nvUnifiedControl.dll Arbitrary File Overwrite/Deletion Attempt || url,tools.cisco.com/security/center/viewIpsSignature.x?signatureId=18237&signatureSubId=1&softwareVersion=6.0&releaseVersion=S429 || url,www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=22546 || url,www.securityfocus.com/bid/25465 || url,doc.emergingthreats.net/2009894
1 || 2009895 || 3 || policy-violation || 0 || ET POLICY OperaUnite URL Registration || url,unite.opera.com || url,doc.emergingthreats.net/2009895
1 || 2009896 || 3 || trojan-activity || 0 || ET TROJAN Win32/Winwebsec User-Agent Detected || url,www.f-secure.com/sw-desc/rogue_w32_winwebsec.shtml || url,blogs.technet.com/mmpc/archive/2009/05/13/msrt-tackles-another-rogue.aspx || url,doc.emergingthreats.net/2009896
1 || 2009897 || 11 || trojan-activity || 0 || ET MALWARE Possible Windows executable sent when remote host claims to send html content || url,doc.emergingthreats.net/2009897
1 || 2009898 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pragyan CMS form.lib.php sourceFolder Parameter Remote File Inclusion || bugtraq,30235 || url,juniper.net/security/auto/vulnerabilities/vuln30235.html || url,milw0rm.com/exploits/6078 || url,doc.emergingthreats.net/2009898
1 || 2009903 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AdaptBB latestposts.php forumspath Parameter Remote File Inclusion || url,secunia.com/advisories/35315/ || url,milw0rm.com/exploits/8851 || url,doc.emergingthreats.net/2009903
1 || 2009904 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AdaptBB latestposts.php forumspath Parameter Local File Inclusion || url,secunia.com/advisories/35315/ || url,milw0rm.com/exploits/8851 || url,doc.emergingthreats.net/2009904
1 || 2009905 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Unclassified NewsBoard forum.php __tplCollection Parameter Local File Inclusion || url,www.exploit-db.com/exploits/8841/ || url,secunia.com/advisories/35299/ || url,doc.emergingthreats.net/2009905
1 || 2009906 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Online Grades parents.php ADD Parameter SQL Injection || url,secunia.com/advisories/35304/ || url,milw0rm.com/exploits/8844 || url,doc.emergingthreats.net/2009906
1 || 2009907 || 8 || attempted-user || 0 || ET ACTIVEX Remote Desktop Connection ActiveX Control Heap Overflow clsid access || cve,2009-1929 || url,www.microsoft.com/technet/security/Bulletin/MS09-044.mspx || url,doc.emergingthreats.net/2009907
1 || 2009908 || 7 || trojan-activity || 0 || ET DELETED PinBall Corp. Related suspicious activity || url,doc.emergingthreats.net/2009908
1 || 2009909 || 9 || trojan-activity || 0 || ET TROJAN Possible Windows executable sent when remote host claims to send HTML/CSS Content || url,doc.emergingthreats.net/bin/view/Main/2009909
1 || 2009913 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_djcatalog component SELECT FROM SQL Injection || url,www.exploit-db.com/exploits/9693/ || url,doc.emergingthreats.net/2009913
1 || 2009914 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_djcatalog component DELETE FROM SQL Injection || url,www.exploit-db.com/exploits/9693/ || url,doc.emergingthreats.net/2009914
1 || 2009915 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_djcatalog component INSERT INTO SQL Injection || url,www.exploit-db.com/exploits/9693/ || url,doc.emergingthreats.net/2009915
1 || 2009916 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_djcatalog component UNION SELECT SQL Injection || url,www.exploit-db.com/exploits/9693/ || url,doc.emergingthreats.net/2009916
1 || 2009917 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_djcatalog component UPDATE SET SQL Injection || url,www.exploit-db.com/exploits/9693/ || url,doc.emergingthreats.net/2009917
1 || 2009919 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Foobla RSS Feed Creator Component 'id' Parameter SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36427/info || url,doc.emergingthreats.net/2009919
1 || 2009920 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Foobla RSS Feed Creator Component 'id' Parameter DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36427/info || url,doc.emergingthreats.net/2009920
1 || 2009921 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Foobla RSS Feed Creator Component 'id' Parameter UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36427/info || url,doc.emergingthreats.net/2009921
1 || 2009922 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Foobla RSS Feed Creator Component 'id' Parameter UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36427/info || url,doc.emergingthreats.net/2009922
1 || 2009923 || 9 || attempted-user || 0 || ET ACTIVEX Possible Novell GroupWise Client 'gxmim1.dll' ActiveX Buffer Overflow Attempt || url,www.securityfocus.com/bid/36398 || url,doc.emergingthreats.net/2009923
1 || 2009924 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Foobla RSS Feed Creator Component 'id' Parameter INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36427/info || url,doc.emergingthreats.net/2009924
1 || 2009925 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script function_core.php web_root Parameter Remote File Inclusion || url,secunia.com/advisories/31920 || bugtraq,31225 || url,milw0rm.com/exploits/6480 || url,doc.emergingthreats.net/2009925
1 || 2009926 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script function_core.php web_root Parameter Local File Inclusion || url,secunia.com/advisories/31920 || bugtraq,31225 || url,milw0rm.com/exploits/6480 || url,doc.emergingthreats.net/2009926
1 || 2009927 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script layout_lyrics.php web_root Parameter Remote File Inclusion || url,secunia.com/advisories/31920 || bugtraq,31225 || url,milw0rm.com/exploits/6480 || url,doc.emergingthreats.net/2009927
1 || 2009928 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS x10 Automatic MP3 Script layout_lyrics.php web_root Parameter Local file Inclusion || url,secunia.com/advisories/31920 || bugtraq,31225 || url,milw0rm.com/exploits/6480 || url,doc.emergingthreats.net/2009928
1 || 2009929 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla! com_album Component Local File Inclusion Attempt || url,www.securityfocus.com/bid/36441/info || url,www.exploit-db.com/exploits/9706/ || url,doc.emergingthreats.net/2009929
1 || 2009930 || 9 || trojan-activity || 0 || ET MALWARE User-Agent (User Agent) - Likely Hostile || url,doc.emergingthreats.net/2009930
1 || 2009931 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible OpenSiteAdmin pageHeader.php Remote File Inclusion Attempt || url,www.securityfocus.com/bid/36445/info || url,www.owasp.org/index.php/PHP_File_Inclusion || url,doc.emergingthreats.net/2009931
1 || 2009932 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible eFront database.php Remote File Inclusion Attempt || url,www.securityfocus.com/bid/36411/info || url,www.owasp.org/index.php/PHP_File_Inclusion || url,doc.emergingthreats.net/2009932
1 || 2009933 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Mambo/Joomla! com_koesubmit Component 'koesubmit.php' Remote File Inclusion Attempt || url,www.securityfocus.com/bid/36447/info || url,www.owasp.org/index.php/PHP_File_Inclusion || url,doc.emergingthreats.net/2009933
1 || 2009934 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ideal MooFAQ Joomla Component file_includer.php file Parameter Local File Inclusion || bugtraq,35259 || url,www.exploit-db.com/exploits/8898/ || url,doc.emergingthreats.net/2009934
1 || 2009935 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Frontis aps_browse_sources.php source_class Parameter SQL Injection || url,secunia.com/advisories/35369/ || url,milw0rm.com/exploits/8900 || url,doc.emergingthreats.net/2009935
1 || 2009936 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Plogger plog-download.php checked Parameter SQL Injection || bugtraq,30547 || url,xforce.iss.net/xforce/xfdb/44233 || url,milw0rm.com/exploits/6204 || url,doc.emergingthreats.net/2009936
1 || 2009937 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Mambo MOStlyCE Module Image Manager Utility Arbitrary File Upload Attempt || url,www.securityfocus.com/bid/27472/info || url,doc.emergingthreats.net/2009937
1 || 2009938 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Survey Manager Component SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36464/info || url,doc.emergingthreats.net/2009938
1 || 2009939 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Survey Manager Component DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36464/info || url,doc.emergingthreats.net/2009939
1 || 2009940 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Survey Manager Component UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36464/info || url,doc.emergingthreats.net/2009940
1 || 2009941 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Survey Manager Component INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36464/info || url,doc.emergingthreats.net/2009941
1 || 2009942 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Survey Manager Component UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36464/info || url,doc.emergingthreats.net/2009942
1 || 2009943 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JBudgetsMagic 'bid' Parameter SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36461/info || url,doc.emergingthreats.net/2009943
1 || 2009944 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JBudgetsMagic 'bid' Parameter DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36461/info || url,doc.emergingthreats.net/2009944
1 || 2009945 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JBudgetsMagic 'bid' Parameter UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36461/info || url,doc.emergingthreats.net/2009945
1 || 2009946 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JBudgetsMagic 'bid' Parameter INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36461/info || url,doc.emergingthreats.net/2009946
1 || 2009947 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JBudgetsMagic 'bid' Parameter UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36461/info || url,doc.emergingthreats.net/2009947
1 || 2009948 || 9 || attempted-user || 0 || ET ACTIVEX Quiksoft EasyMail imap connect() ActiveX stack overflow vulnerability || url,www.milw0rm.com/exploits/9704 || url,www.securityfocus.com/bid/22583 || url,doc.emergingthreats.net/2009948
1 || 2009949 || 10 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .pl source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009949
1 || 2009950 || 10 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .inc source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009950
1 || 2009951 || 10 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .conf source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009951
1 || 2009952 || 10 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .asp source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009952
1 || 2009953 || 10 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .aspx source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009953
1 || 2009954 || 9 || web-application-attack || 0 || ET DELETED Tilde in URI after file, potential source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009954
1 || 2009955 || 10 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .php source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2009955
1 || 2009956 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JoomlaFacebook Component SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36484/info || url,doc.emergingthreats.net/2009956
1 || 2009957 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JoomlaFacebook Component DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36484/info || url,doc.emergingthreats.net/2009957
1 || 2009958 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JoomlaFacebook Component UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36484/info || url,doc.emergingthreats.net/2009958
1 || 2009959 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JoomlaFacebook Component INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36484/info || url,doc.emergingthreats.net/2009959
1 || 2009960 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! JoomlaFacebook Component UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36484/info || url,doc.emergingthreats.net/2009960
1 || 2009961 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SportFusion Component SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36481/info || url,doc.emergingthreats.net/2009961
1 || 2009962 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SportFusion Component DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36481/info || url,doc.emergingthreats.net/2009962
1 || 2009963 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SportFusion Component UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36481/info || url,doc.emergingthreats.net/2009963
1 || 2009964 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SportFusion Component INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36481/info || url,doc.emergingthreats.net/2009964
1 || 2009965 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! SportFusion Component UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36481/info || url,doc.emergingthreats.net/2009965
1 || 2009966 || 3 || policy-violation || 0 || ET P2P KuGoo P2P Connection || url,koogoo.com || url,doc.emergingthreats.net/2009966
1 || 2009967 || 5 || policy-violation || 0 || ET P2P eMule KAD Network Connection Request || url,emule-project.net || url,doc.emergingthreats.net/2009967
1 || 2009968 || 4 || policy-violation || 0 || ET P2P eMule KAD Network Connection Request(2) || url,emule-project.net || url,doc.emergingthreats.net/2009968
1 || 2009969 || 4 || policy-violation || 0 || ET P2P eMule KAD Network Firewalled Request || url,emule-project.net || url,doc.emergingthreats.net/2009969
1 || 2009970 || 4 || policy-violation || 0 || ET P2P eMule Kademlia Hello Request || url,emule-project.net || url,doc.emergingthreats.net/2009970
1 || 2009971 || 5 || policy-violation || 0 || ET P2P eMule KAD Network Hello Request (2) || url,emule-project.net || url,doc.emergingthreats.net/2009971
1 || 2009972 || 4 || policy-violation || 0 || ET P2P eMule KAD Network Server Status Request || url,emule-project.net || url,doc.emergingthreats.net/2009972
1 || 2009973 || 4 || policy-violation || 0 || ET P2P eMule KAD Network Send Username || url, emule-project.net || url,doc.emergingthreats.net/2009973
1 || 2009976 || 4 || denial-of-service || 0 || ET EXPLOIT Siemens Gigaset SE361 WLAN Data Flood Denial of Service Vulnerability || cve,CVE-2009-3322 || bugtraq,36366 || url,www.milw0rm.com/exploits/9646 || url,doc.emergingthreats.net/2009976
1 || 2009977 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability || cve,CVE-2009-3326 || url,www.milw0rm.com/exploits/9727 || url,doc.emergingthreats.net/2009977
1 || 2009978 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability || cve,CVE-2009-3326 || url,www.milw0rm.com/exploits/9727 || url,doc.emergingthreats.net/2009978
1 || 2009979 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability || cve,CVE-2009-3326 || url,www.milw0rm.com/exploits/9727 || url,doc.emergingthreats.net/2009979
1 || 2009980 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMScontrol 7.x (index.php id_menu) SQL Injection Vulnerability || cve,CVE-2009-3326 || url,www.milw0rm.com/exploits/9727 || url,doc.emergingthreats.net/2009980
1 || 2009981 || 2 || attempted-user || 0 || ET FTP Possible FTP Daemon Username SELECT FROM SQL Injection Attempt || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2009981
1 || 2009982 || 2 || attempted-user || 0 || ET FTP Possible FTP Daemon Username DELETE FROM SQL Injection Attempt || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2009982
1 || 2009983 || 2 || attempted-user || 0 || ET FTP Possible FTP Daemon Username INSERT INTO SQL Injection Attempt || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2009983
1 || 2009984 || 2 || attempted-user || 0 || ET FTP Possible FTP Daemon Username UPDATE SET SQL Injection Attempt || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2009984
1 || 2009985 || 2 || attempted-user || 0 || ET FTP Possible FTP Daemon Username UNION SELECT SQL Injection Attempt || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2009985
1 || 2009986 || 2 || trojan-activity || 0 || ET P2P Octoshape UDP Session || url,msmvps.com/blogs/bradley/archive/2009/01/20/peer-to-peer-on-cnn.aspx || url,doc.emergingthreats.net/2009986
1 || 2009987 || 7 || trojan-activity || 0 || ET DELETED OneStep Adware related User Agent (x) || url,www.symantec.com/security_response/writeup.jsp?docid=2008-112613-5052-99&tabid=2
1 || 2009988 || 5 || trojan-activity || 0 || ET TROJAN Banker.Delf User-Agent (MzApp) || url,www.avira.com/en/threats/section/details/id_vir/1836/tr_banker.delf.df735649.html || url,doc.emergingthreats.net/2007594
1 || 2009990 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM Lotus Connections simpleSearch.do Cross-Site Scripting Attempt || url,www.securitytracker.com/alerts/2009/Sep/1022945.html || url,doc.emergingthreats.net/2009990
1 || 2009991 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (MyIE/1.0) || url,doc.emergingthreats.net/2009991
1 || 2009993 || 8 || trojan-activity || 0 || ET MALWARE www.vaccinekiller.com Related Spyware User-Agent (VaccineKillerIU) || url,doc.emergingthreats.net/2009993
1 || 2009994 || 7 || trojan-activity || 0 || ET TROJAN User-Agent (STEROID Download) || url,anubis.iseclab.org/?action=result&task_id=17b118a86edba30f4f588db66eaf55d10 || url,security.thejoshmeister.com/2009/09/new-malware-ddos-botexe-etc-and.html || url,doc.emergingthreats.net/2009994
1 || 2009995 || 8 || trojan-activity || 0 || ET MALWARE User-Agent (ONANDON) || url,doc.emergingthreats.net/2009995
1 || 2009998 || 9 || policy-violation || 0 || ET POLICY Smilebox Spyware Download || url,www.smilebox.com/info/privacy.html || url,doc.emergingthreats.net/2009998
1 || 2009999 || 3 || attempted-user || 0 || ET EXPLOIT xp_servicecontrol access || url,doc.emergingthreats.net/2009999
1 || 2010000 || 3 || attempted-user || 0 || ET EXPLOIT xp_fileexist access || url,doc.emergingthreats.net/2010000
1 || 2010001 || 3 || attempted-user || 0 || ET EXPLOIT xp_enumerrorlogs access || url,doc.emergingthreats.net/2010001
1 || 2010002 || 4 || attempted-user || 0 || ET EXPLOIT xp_readerrorlogs access || url,doc.emergingthreats.net/2010002
1 || 2010003 || 4 || attempted-user || 0 || ET EXPLOIT xp_enumdsn access || url,doc.emergingthreats.net/2010003
1 || 2010004 || 5 || attempted-user || 0 || ET WEB_SERVER SQL sp_start_job attempt || url,doc.emergingthreats.net/2010004
1 || 2010007 || 12 || trojan-activity || 0 || ET TROJAN Potential Gemini Malware Download || url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791 || url,doc.emergingthreats.net/2010007
1 || 2010008 || 4 || policy-violation || 0 || ET P2P Octoshape P2P streaming media || url,doc.emergingthreats.net/2010008
1 || 2010009 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Webmin Pre-1.290 Compromise Attempt || url,bliki.rimuhosting.com/comments/knowledgebase/linux/miscapplications/webmin || url,doc.emergingthreats.net/2010009
1 || 2010010 || 8 || attempted-user || 0 || ET ACTIVEX Possible HP LoadRunner XUpload.ocx ActiveX Control MakeHttpRequest Arbitrary File Download Attempt || url,www.securityfocus.com/bid/36550/info || url,doc.emergingthreats.net/2010010
1 || 2010011 || 8 || attempted-user || 0 || ET ACTIVEX Possible Symantec Altiris Deployment Solution AeXNSPkgDLLib.dll ActiveX Control DownloadAndInstall Method Arbitrary Code Execution Attempt || url,securitytracker.com/alerts/2009/Sep/1022928.html || url,www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090922_00 || url,trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.rb?rev=7023 || url,doc.emergingthreats.net/2010011
1 || 2010012 || 7 || attempted-user || 0 || ET ACTIVEX Possible EMC Captiva QuickScan Pro KeyWorks KeyHelp Module keyhelp.ocx ActiveX Control Remote Buffer Overflow Attempt || url,www.securityfocus.com/bid/36546/info || url,tools.cisco.com/security/center/viewAlert.x?alertId=19135 || url,downloads.securityfocus.com/vulnerabilities/exploits/36546.html || url,doc.emergingthreats.net/2010012
1 || 2010013 || 8 || attempted-user || 0 || ET ACTIVEX Possible SAP GUI ActiveX Control Insecure Method File Overwrite Attempt || url,www.securitytracker.com/alerts/2009/Sep/1022953.html || url,doc.emergingthreats.net/2010013
1 || 2010014 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla! Game Server Component 'id' Parameter UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36213/info || url,doc.emergingthreats.net/2010014
1 || 2010015 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla! Game Server Component 'id' Parameter SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36213/info || url,doc.emergingthreats.net/2010015
1 || 2010016 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla! Game Server Component 'id' Parameter DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36213/info || url,doc.emergingthreats.net/2010016
1 || 2010017 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla! Game Server Component 'id' Parameter UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36213/info || url,doc.emergingthreats.net/2010017
1 || 2010018 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Joomla Game Server Component id Parameter INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36213/info || url,doc.emergingthreats.net/2010018
1 || 2010019 || 8 || attempted-recon || 0 || ET SCAN Tomcat Web Application Manager scanning || url,doc.emergingthreats.net/2010019
1 || 2010020 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SHOP-INET show_cat2.php grid Parameter SQL Injection || bugtraq,33471 || url,milw0rm.com/exploits/7874 || url,secunia.com/advisories/33660/ || url,doc.emergingthreats.net/2010020
1 || 2010021 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RS-CMS rscms_mod_newsview.php key Parameter Processing Remote SQL Injection || url,milw0rm.com/exploits/9000 || url,vupen.com/english/advisories/2009/1658 || url,doc.emergingthreats.net/2010021
1 || 2010022 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AdaptWeb a_index.php CodigoDisciplina Parameter Remote SQL Injection || cve,CVE-2009-2152 || url,en.securitylab.ru/nvd/381723.php || url,milw0rm.com/exploits/8954 || url,doc.emergingthreats.net/2010022
1 || 2010023 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LightOpenCMS smarty.php cwd Parameter Local File Inclusion || url,www.exploit-db.com/exploits/9015/ || url,en.securitylab.ru/nvd/381880.php || url,doc.emergingthreats.net/2010023
1 || 2010024 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LightOpenCMS smarty.php cwd Parameter Remote File Inclusion || url,www.exploit-db.com/exploits/9015/ || url,en.securitylab.ru/nvd/381880.php || url,doc.emergingthreats.net/2010024
1 || 2010025 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DM Albums album.php SECURITY_FILE Parameter Local File Inclusion || url,secunia.com/advisories/35622/ || bugtraq,35521 || url,milw0rm.com/exploits/9044 || url,doc.emergingthreats.net/2010025
1 || 2010026 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TorrentTrader Classic delreq.php categ Parameter Sql Injection || url,milw0rm.com/exploits/8958 || bugtraq,35369 || url,doc.emergingthreats.net/2010026
1 || 2010027 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DM Albums album.php SECURITY_FILE Parameter Remote File Inclusion || url,secunia.com/advisories/35622/ || bugtraq,35521 || url,milw0rm.com/exploits/9044 || url,doc.emergingthreats.net/2010027
1 || 2010028 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NewSolved newsscript.php jahr Parameter SQL Injection || url,secunia.com/advisories/35611/ || url,www.exploit-db.com/exploits/9042/ || url,doc.emergingthreats.net/7741
1 || 2010029 || 9 || web-application-attack || 0 || ET ACTIVEX PDFZilla 1.0.8 ActiveX DebugMsgLog method DOS CLSid Access || url,packetstormsecurity.org/0908-exploits/pdfzilla-overflow.txt || url,doc.emergingthreats.net/9130
1 || 2010030 || 6 || web-application-activity || 0 || ET POLICY Exchange 2003 OWA plain-text E-Mail message access not SSL || url,support.microsoft.com/kb/321832
1 || 2010031 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Novell eDirectory 'dconserv.dlm' Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/36567/info || url,doc.emergingthreats.net/2010031
1 || 2010032 || 4 || trojan-activity || 0 || ET DELETED Internal User may have Visited an ASProx Infected Site (ads-t.ru) || url,garwarner.blogspot.com/2009/10/cyber-security-awareness-month-day-one.html || url,doc.emergingthreats.net/2010032
1 || 2010033 || 5 || trojan-activity || 0 || ET DELETED Internal User may have Visited an ASProx Infected Site (bannert.ru) || url,garwarner.blogspot.com/2009/10/cyber-security-awareness-month-day-one.html || url,doc.emergingthreats.net/2010033
1 || 2010034 || 6 || trojan-activity || 0 || ET DELETED Internal User may have Visited an ASProx Infected Site (bannerdriven.ru) || url,garwarner.blogspot.com/2009/10/cyber-security-awareness-month-day-one.html || url,doc.emergingthreats.net/2010034
1 || 2010035 || 6 || attempted-user || 0 || ET ACTIVEX Possible EMC Captiva PixTools Distributed Imaging ActiveX Control Vulnerable WriteToLog Method Arbitrary File Creation/Overwrite Attempt || url,www.securityfocus.com/bid/36566/info || url,www.shinnai.net/xplits/TXT_17zVMhRhsRE6qC6DAj52.html || url,doc.emergingthreats.net/2010035
1 || 2010036 || 4 || attempted-user || 0 || ET ACTIVEX Possible EMC Captiva PixTools Distributed Imaging ActiveX Control Vulnerable SetLogLevel/SetLogFileName Method Arbitrary File Creation/Overwrite Attempt || url,www.securityfocus.com/bid/36566/info || url,www.shinnai.net/xplits/TXT_17zVMhRhsRE6qC6DAj52.html || url,doc.emergingthreats.net/2010036
1 || 2010037 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection INTO OUTFILE Arbitrary File Write Attempt || url,www.milw0rm.com/papers/372 || url,www.greensql.net/publications/backdoor-webserver-using-mysql-sql-injection || url,websec.wordpress.com/2007/11/17/mysql-into-outfile/ || url,doc.emergingthreats.net/2010037
1 || 2010038 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible INTO OUTFILE Arbitrary File Write SQL Injection In Cookie || url,www.milw0rm.com/papers/372 || url,www.greensql.net/publications/backdoor-webserver-using-mysql-sql-injection || url,websec.wordpress.com/2007/11/17/mysql-into-outfile/ || url,doc.emergingthreats.net/2010038
1 || 2010039 || 6 || attempted-user || 0 || ET ACTIVEX Possible AOL SuperBuddy ActiveX Control Remote Code Execution Attempt || url,www.securityfocus.com/bid/36580/info || url,www.securityfocus.com/archive/1/506889 || url,doc.emergingthreats.net/2010039
1 || 2010040 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36598/info || url,doc.emergingthreats.net/2010040
1 || 2010041 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36598/info || url,doc.emergingthreats.net/2010041
1 || 2010042 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36598/info || url,doc.emergingthreats.net/2010042
1 || 2010043 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36598/info || url,doc.emergingthreats.net/2010043
1 || 2010044 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! CB Resume Builder 'group_id' Parameter UPDATE SET SQL Injection || url,www.securityfocus.com/bid/36598/info || url,doc.emergingthreats.net/2010044
1 || 2010045 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Soundset Component 'cat_id' Parameter SELECT FROM SQL Injection || url,www.securityfocus.com/bid/36597/info || url,doc.emergingthreats.net/2010045
1 || 2010046 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Soundset Component 'cat_id' Parameter DELETE FROM SQL Injection || url,www.securityfocus.com/bid/36597/info || url,doc.emergingthreats.net/2010046
1 || 2010047 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Soundset Component 'cat_id' Parameter UNION SELECT SQL Injection || url,www.securityfocus.com/bid/36597/info || url,doc.emergingthreats.net/2010047
1 || 2010048 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla! Soundset Component 'cat_id' Parameter INSERT INTO SQL Injection || url,www.securityfocus.com/bid/36597/info || url,doc.emergingthreats.net/2010048
1 || 2010050 || 6 || trojan-activity || 0 || ET TROJAN Likely Fake Antivirus Download Antivirus_21.exe || url,doc.emergingthreats.net/2010050
1 || 2010051 || 4 || trojan-activity || 0 || ET TROJAN Likely Fake Antivirus Download ws.exe || url,doc.emergingthreats.net/2010051
1 || 2010052 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS MALWARE Likely Rogue Antivirus Download - ws.zip || url,doc.emergingthreats.net/2010052
1 || 2010053 || 3 || trojan-activity || 0 || ET DELETED TROJAN Likely FakeRean Download || url,doc.emergingthreats.net/2010053
1 || 2010054 || 6 || trojan-activity || 0 || ET TROJAN Likely TDSS Download (codec.exe) || url,doc.emergingthreats.net/2010054
1 || 2010055 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Likely TDSS Download (pcdef.exe) || url,doc.emergingthreats.net/2010055
1 || 2010056 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS TROJAN Likely TDSS Download (197.exe) || url,doc.emergingthreats.net/2010056
1 || 2010057 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Fake Antivirus Download installpv.exe || url,doc.emergingthreats.net/2010057
1 || 2010058 || 3 || trojan-activity || 0 || ET DELETED MALWARE Likely Unknown Trojan Download || url,doc.emergingthreats.net/2010058
1 || 2010059 || 7 || trojan-activity || 0 || ET TROJAN Likely Infostealer exe Download
1 || 2010060 || 3 || trojan-activity || 0 || ET DELETED TROJAN Likely Possible Rogue A/V Win32/FakeXPA Download || url,doc.emergingthreats.net/2010060
1 || 2010061 || 10 || trojan-activity || 0 || ET TROJAN Likely Fake Antivirus Download InternetAntivirusPro.exe || url,doc.emergingthreats.net/2010061
1 || 2010062 || 5 || trojan-activity || 0 || ET TROJAN Likely Fake Antivirus Download AntivirusPlus.exe || url,doc.emergingthreats.net/2010062
1 || 2010064 || 6 || trojan-activity || 0 || ET DELETED Buzus Posting Data || url,doc.emergingthreats.net/2010064
1 || 2010065 || 5 || trojan-activity || 0 || ET TROJAN SafeFighter Fake Scanner Installation in Progress || url,doc.emergingthreats.net/2010065
1 || 2010066 || 10 || trojan-activity || 0 || ET POLICY Data POST to an image file (gif) || url,doc.emergingthreats.net/2010066
1 || 2010067 || 9 || trojan-activity || 0 || ET POLICY Data POST to an image file (jpg) || url,doc.emergingthreats.net/2010067
1 || 2010068 || 7 || trojan-activity || 0 || ET POLICY Data POST to an image file (jpeg) || url,doc.emergingthreats.net/2010068
1 || 2010069 || 7 || trojan-activity || 0 || ET POLICY Data POST to an image file (bmp) || url,doc.emergingthreats.net/2010069
1 || 2010070 || 6 || trojan-activity || 0 || ET POLICY Data POST to an image file (png) || url,doc.emergingthreats.net/2010070
1 || 2010071 || 9 || trojan-activity || 0 || ET TROJAN Hiloti/Mufanom Downloader Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fHiloti.gen!A || url,doc.emergingthreats.net/2010071 || url,blog.fortinet.com/hiloti-the-botmaster-of-disguise/
1 || 2010072 || 8 || trojan-activity || 0 || ET TROJAN Bredolab Infection - Windows Key || url,doc.emergingthreats.net/2010072
1 || 2010073 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Docebo UPDATE SET SQL Injection Attempt || url,www.securityfocus.com/bid/36654/info || url,www.securityfocus.com/archive/1/507072 || url,doc.emergingthreats.net/2010073
1 || 2010074 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Docebo UNION SELECT SQL Injection Attempt || url,www.securityfocus.com/bid/36654/info || url,www.securityfocus.com/archive/1/507072 || url,doc.emergingthreats.net/2010074
1 || 2010075 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Docebo SELECT FROM SQL Injection Attempt || url,www.securityfocus.com/bid/36654/info || url,www.securityfocus.com/archive/1/507072 || url,doc.emergingthreats.net/2010075
1 || 2010076 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Docebo DELETE FROM SQL Injection Attempt || url,www.securityfocus.com/bid/36654/info || url,www.securityfocus.com/archive/1/507072 || url,doc.emergingthreats.net/2010076
1 || 2010077 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Docebo INSERT INTO Injection Attempt || url,www.securityfocus.com/bid/36654/info || url,www.securityfocus.com/archive/1/507072 || url,doc.emergingthreats.net/2010077
1 || 2010078 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Docebo UPDATE SET SQL Injection Attempt || url,www.securityfocus.com/bid/36654/info || url,www.securityfocus.com/archive/1/507072 || url,doc.emergingthreats.net/2010078
1 || 2010080 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible AIOCP cp_html2xhtmlbasic.php Remote File Inclusion Attempt || url,www.securityfocus.com/bid/36609/info || url,www.securityfocus.com/archive/1/507030 || url,doc.emergingthreats.net/2010080
1 || 2010081 || 2 || attempted-user || 0 || ET FTP Possible FTP Daemon Username INTO OUTFILE SQL Injection Attempt || url,www.milw0rm.com/papers/372 || url,www.greensql.net/publications/backdoor-webserver-using-mysql-sql-injection || url,websec.wordpress.com/2007/11/17/mysql-into-outfile/ || url,doc.emergingthreats.net/2010081
1 || 2010082 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible AWStats awstats.pl Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/30730/info || url,bugzilla.redhat.com/show_bug.cgi?id=474396 || url,sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764 || cve,2008-3714 || url,doc.emergingthreats.net/2010082
1 || 2010084 || 4 || web-application-attack || 0 || ET WEB_SERVER Possible ALTER SQL Injection Attempt || url,www.owasp.org/index.php/SQL_Injection || url,www.w3schools.com/SQl/sql_alter.asp || url,doc.emergingthreats.net/2010084
1 || 2010085 || 4 || web-application-attack || 0 || ET WEB_SERVER Possible DROP SQL Injection Attempt || url,www.owasp.org/index.php/SQL_Injection || url,www.w3schools.com/SQl/sql_drop.asp || url,doc.emergingthreats.net/2010085
1 || 2010086 || 5 || web-application-attack || 0 || ET WEB_SERVER Possible CREATE SQL Injection Attempt in URI || url,www.owasp.org/index.php/SQL_Injection || url,www.w3schools.com/Sql/sql_create_db.asp || url,doc.emergingthreats.net/2010086
1 || 2010087 || 6 || attempted-recon || 0 || ET SCAN Suspicious User-Agent Containing SQL Inject/ion, Likely SQL Injection Scanner || url,www.owasp.org/index.php/SQL_Injection || url,doc.emergingthreats.net/2010087
1 || 2010088 || 5 || attempted-recon || 0 || ET SCAN Suspicious User-Agent Containing Web Scan/er, Likely Web Scanner || url,doc.emergingthreats.net/2010088
1 || 2010089 || 5 || attempted-recon || 0 || ET SCAN Suspicious User-Agent Containing Security Scan/ner, Likely Scan || url,doc.emergingthreats.net/2010089
1 || 2010092 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Webradev Download Protect EmailTemplates.class.php Remote File Inclusion || url,milw0rm.com/exploits/8792 || url,doc.emergingthreats.net/2010092
1 || 2010093 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Webradev Download Protect PDPEmailReplaceConstants.class.php Remote File Inclusion || url,milw0rm.com/exploits/8792 || url,doc.emergingthreats.net/2010093
1 || 2010094 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Webradev Download Protect ResellersManager.class.php Remote File Inclusion || url,milw0rm.com/exploits/8792 || url,doc.emergingthreats.net/2010094
1 || 2010095 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPGenealogy CoupleDB.php DataDirectory Parameter Remote File Inclusion || url,milw0rm.com/exploits/9155 || url,packetstormsecurity.org/0907-exploits/phpgenealogy-rfi.txt || url,doc.emergingthreats.net/2010095
1 || 2010096 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GROUP-E head_auth.php CFG Parameter Remote File Inclusion || url,juniper.net/security/auto/vulnerabilities/vuln28024.html || bugtraq,28024 || url,milw0rm.com/exploits/5197 || url,doc.emergingthreats.net/2010096
1 || 2010097 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RaXnet Cacti top_graph_header.php config Parameter Remote File Inclusion || bugtraq,14030 || url,doc.emergingthreats.net/2010097
1 || 2010098 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Telephone Directory 2008 edit1.php code Parameter SQL Injection || bugtraq,29614 || url,xforce.iss.net/xforce/xfdb/42972 || url,milw0rm.com/exploits/5764 || url,doc.emergingthreats.net/2010098
1 || 2010099 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS News Manager ch_readalso.php read_xml_include Parameter Remote File Inclusion || bugtraq,29251 || url,xforce.iss.net/xforce/xfdb/42459 || url,milw0rm.com/exploits/5624 || url,doc.emergingthreats.net/2010099
1 || 2010100 || 7 || trojan-activity || 0 || ET TROJAN Palevo/BFBot/Mariposa client join attempt || url,defintel.com/docs/Mariposa_Analysis.pdf || url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html || url,doc.emergingthreats.net/2010100 || url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php || url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2 || url,www.symantec.com/connect/blogs/mariposa-butterfly
1 || 2010101 || 6 || trojan-activity || 0 || ET TROJAN Palevo/BFBot/Mariposa server join acknowledgement || url,defintel.com/docs/Mariposa_Analysis.pdf || url,defintel.blogspot.com/2009/09/half-of-fortune-100-companies.html || url,doc.emergingthreats.net/2010101 || url,blogs.pcmag.com/securitywatch/2009/09/botnet_reported_loose_in_fortu.php || url,www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99&tabid=2 || url,www.symantec.com/connect/blogs/mariposa-butterfly
1 || 2010119 || 6 || web-application-attack || 0 || ET WEB_SERVER xp_cmdshell Attempt in Cookie || url,www.databasejournal.com/features/mssql/article.php/3372131/Using-xpcmdshell.htm || url,msdn.microsoft.com/en-us/library/ms175046.aspx || url,tools.cisco.com/security/center/viewAlert.x?alertId=4072 || url,doc.emergingthreats.net/2010119
1 || 2010121 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Celepar module for Xoops aviso.php codigo SQL injection || url,milw0rm.com/exploits/9249 || url,xforce.iss.net/xforce/xfdb/51985 || url,doc.emergingthreats.net/2010121
1 || 2010122 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NewSolved newsscript.php idneu Parameter SQL Injection || url,secunia.com/advisories/35611/ || url,www.exploit-db.com/exploits/9042/ || url,doc.emergingthreats.net/2010122
1 || 2010123 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS NewSolved newsscript.php newsid Parameter SQL Injection || url,secunia.com/advisories/35611/ || url,www.exploit-db.com/exploits/9042/ || url,doc.emergingthreats.net/2010123
1 || 2010124 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SERWeb load_lang.php configdir Parameter Remote File Inclusion || bugtraq,26747 || url,milworm.com/exploits/9284 || url,doc.emergingthreats.net/2010124
1 || 2010125 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SERWeb main_prepend.php functionsdir Parameter Remote File Inclusion || bugtraq,26747 || url,milworm.com/exploits/9284 || url,doc.emergingthreats.net/2010125
1 || 2010126 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultrize TimeSheet timesheet.php include_dir Parameter Remote File Inclusion || url,milw0rm.com/exploits/9297 || url,secunia.com/advisories/36033/ || url,doc.emergingthreats.net/2010126
1 || 2010127 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ultrize TimeSheet timesheet.php include_dir Parameter Local File Inclusion || url,milw0rm.com/exploits/9297 || url,secunia.com/advisories/36033/ || url,doc.emergingthreats.net/2010127
1 || 2010129 || 6 || trojan-activity || 0 || ET TROJAN TROJAN Drop.Agent.bfsv HTTP Activity (UsER-AgENt) || url,doc.emergingthreats.net/2010129
1 || 2010131 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable UNION SELECT SQL Injection Attempt || url,securitytracker.com/alerts/2009/Oct/1023017.html || url,www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt || url,www.securityfocus.com/bid/36660/info || cve,2009-2734 || url,doc.emergingthreats.net/2010131
1 || 2010132 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable SELECT FROM SQL Injection Attempt || url,securitytracker.com/alerts/2009/Oct/1023017.html || url,www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt || url,www.securityfocus.com/bid/36660/info || cve,2009-2734 || url,doc.emergingthreats.net/2010132
1 || 2010133 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable INSERT INTO SQL Injection Attempt || url,securitytracker.com/alerts/2009/Oct/1023017.html || url,www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt || url,www.securityfocus.com/bid/36660/info || cve,2009-2734 || url,doc.emergingthreats.net/2010133
1 || 2010134 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable DELETE FROM SQL Injection Attempt || url,securitytracker.com/alerts/2009/Oct/1023017.html || url,www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt || url,www.securityfocus.com/bid/36660/info || cve,2009-2734 || url,doc.emergingthreats.net/2010134
1 || 2010135 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable UPDATE SET SQL Injection Attempt || url,securitytracker.com/alerts/2009/Oct/1023017.html || url,www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt || url,www.securityfocus.com/bid/36660/info || cve,2009-2734 || url,doc.emergingthreats.net/2010135
1 || 2010136 || 5 || trojan-activity || 0 || ET DELETED Suspicious User-Agent (asp2009) || url,www.threatexpert.com/report.aspx?md5=6cad864a439da7bbd6f1cec941cca72b || url,doc.emergingthreats.net/2010136
1 || 2010137 || 5 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (Sme32) || url,doc.emergingthreats.net/2010137
1 || 2010138 || 4 || trojan-activity || 0 || ET TROJAN Possible Win32/Agent.QBY CnC Post || url,www.threatexpert.com/report.aspx?uid=4f05faef-6a70-4957-8990-b316d8487f63 || url,doc.emergingthreats.net/2010138
1 || 2010139 || 5 || policy-violation || 0 || ET P2P Vuze BT Connection || url,vuze.com || url,doc.emergingthreats.net/2010139
1 || 2010140 || 5 || policy-violation || 0 || ET P2P Vuze BT UDP Connection || url,vuze.com || url,doc.emergingthreats.net/2010140
1 || 2010141 || 3 || policy-violation || 0 || ET P2P Vuze BT UDP Connection (2) || url,vuze.com || url,doc.emergingthreats.net/2010141
1 || 2010142 || 4 || policy-violation || 0 || ET P2P Vuze BT UDP Connection (3) || url,doc.emergingthreats.net/2010142
1 || 2010143 || 3 || policy-violation || 0 || ET P2P Vuze BT UDP Connection (4) || url,doc.emergingthreats.net/2010143
1 || 2010144 || 5 || policy-violation || 0 || ET P2P Vuze BT UDP Connection (5) || url,vuze.com || url,doc.emergingthreats.net/2010144
1 || 2010145 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM Rational RequisitePro ReqWebHelp Cross Site Scripting Attempt || url,www.securityfocus.com/bid/36721/info || url,www-01.ibm.com/support/docview.wss?uid=swg1PK83895 || url,doc.emergingthreats.net/2010145
1 || 2010146 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Apache Tomcat Host Manager Cross Site Scripting Attempt || url,www.securityfocus.com/bid/29502/info || cve,2008-1947 || url,doc.emergingthreats.net/2010146
1 || 2010147 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible bloofoxCMS 'search' Parameter Cross Site Scripting Attempt || url,www.securityfocus.com/bid/36700/info || url,doc.emergingthreats.net/2010147
1 || 2010148 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS DHL Spam Inbound || url,doc.emergingthreats.net/2010148
1 || 2010150 || 6 || trojan-activity || 0 || ET TROJAN Koobface HTTP Request (2) || url,ddanchev.blogspot.com/2009/09/koobface-botnets-scareware-business.html || url,doc.emergingthreats.net/2010150
1 || 2010151 || 8 || trojan-activity || 0 || ET TROJAN Koobface C&C availability check || url,us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/the_20heart_20of_20koobface_final_1_.pdf || url,doc.emergingthreats.net/2010151
1 || 2010152 || 3 || trojan-activity || 0 || ET TROJAN Koobface C&C availability check successful || url,us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/the_20heart_20of_20koobface_final_1_.pdf || url,doc.emergingthreats.net/2010152
1 || 2010153 || 6 || trojan-activity || 0 || ET TROJAN Koobface fetch C&C command detected || url,us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/the_20heart_20of_20koobface_final_1_.pdf || url,doc.emergingthreats.net/2010153
1 || 2010154 || 5 || web-application-attack || 0 || ET ACTIVEX EMC Captiva PixTools ActiveX Arbitrary File Creation/Overwrite function call Attempt || url,www.securityfocus.com/bid/36566/info || url,www.shinnai.net/xplits/TXT_17zVMhRhsRE6qC6DAj52.html || url,doc.emergingthreats.net/2010154
1 || 2010155 || 5 || web-application-attack || 0 || ET ACTIVEX EMC Captiva PixTools ActiveX Arbitrary File Creation/Overwrite function call Attempt || url,www.securityfocus.com/bid/36566/info || url,www.shinnai.net/xplits/TXT_17zVMhRhsRE6qC6DAj52.html || url,doc.emergingthreats.net/2010155
1 || 2010156 || 6 || misc-attack || 0 || ET GAMES Alien Arena 7.30 Remote Code Execution Attempt || url,www.packetstormsecurity.org/0910-advisories/alienarena-exec.txt || url,doc.emergingthreats.net/2010156
1 || 2010157 || 8 || not-suspicious || 0 || ET POLICY Suspicious User-Agent (XXX) Often Sony Update Related || url,doc.emergingthreats.net/bin/view/Main/2010157
1 || 2010158 || 6 || trojan-activity || 0 || ET TROJAN Nanspy Bot Checkin || url,doc.emergingthreats.net/2010158
1 || 2010159 || 4 || attempted-admin || 0 || ET WEB_SERVER Possible 3Com OfficeConnect Router Default User Account Remote Command Execution Attempt || url,securitytracker.com/alerts/2009/Oct/1023051.html || url,www.securityfocus.com/archive/1/507263 || url,www.securityfocus.com/bid/36722/info || url,doc.emergingthreats.net/2010159
1 || 2010160 || 7 || attempted-user || 0 || ET ACTIVEX Possible AOL IWinAmp ActiveX ConvertFile Buffer Overflow Attempt || url,www.milw0rm.org/exploits/8733 || url,www.securityfocus.com/bid/35028 || url,doc.emergingthreats.net/2010160
1 || 2010161 || 5 || attempted-user || 0 || ET ACTIVEX Possible Edraw PDF Viewer FtpConnect Component ActiveX Remote code execution Attempt || url,www.milw0rm.org/exploits/8986 || url,doc.emergingthreats.net/2010161
1 || 2010162 || 3 || attempted-recon || 0 || ET WEB_SERVER Possible Sucessful Juniper NetScreen ScreenOS Firmware Version Disclosure Attempt || url,securitytracker.com/alerts/2009/Apr/1022123.html || url,www.securityfocus.com/bid/34710 || url,seclists.org/bugtraq/2009/Apr/242 || url,www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-05 || url,doc.emergingthreats.net/2010162
1 || 2010163 || 7 || trojan-activity || 0 || ET TROJAN Glacial Dracon C&C Communication || url,www.threatexpert.com/report.aspx?md5=912692cb4e3f960c9cb4bbc96fa17c9d || url,www.threatexpert.com/report.aspx?md5=fd3d061ee86987e8f3f245c2dc0ceb46 || url,doc.emergingthreats.net/2010163
1 || 2010164 || 6 || trojan-activity || 0 || ET TROJAN Daonol C&C Communication || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fDaonol || url,blog.fireeye.com/research/2009/10/gumblar-not-gumby.html || url,www.iss.net/threats/gumblar.html || url,blog.scansafe.com/journal/2009/10/15/gumblar-website-botnet-awakes.html || url,doc.emergingthreats.net/2010164
1 || 2010165 || 7 || trojan-activity || 0 || ET TROJAN Tibs/Harnig Downloader Activity || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32%2fHarnig || url,www.threatexpert.com/report.aspx?md5=2ce9c871a8a217cafcdce15c6c1e8dfc || url,doc.emergingthreats.net/2010165
1 || 2010167 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security viewHeaders.asp Queue XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010167
1 || 2010168 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security viewHeaders.asp FileName XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010168
1 || 2010169 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security viewHeaders.asp IsolatedMessageID XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010169
1 || 2010170 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security viewHeaders.asp ServerName XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010170
1 || 2010171 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgAnalyse.asp FileName XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010171
1 || 2010172 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgAnalyse.asp IsolatedMessageID XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010172
1 || 2010173 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgAnalyse.asp ServerName XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010173
1 || 2010174 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgAnalyse.asp Dictionary XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010174
1 || 2010175 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgAnalyse.asp Scoring XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010175
1 || 2010176 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgAnalyse.asp MessagePart XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010176
1 || 2010177 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgForwardToRiskFilter.asp Queue XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010177
1 || 2010178 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgForwardToRiskFilter.asp FileName XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010178
1 || 2010179 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgForwardToRiskFilter.asp IsolatedMessageID XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010179
1 || 2010180 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebSense Email security msgForwardToRiskFilter.asp ServerName XSS Attempt || url,www.securityfocus.com/bid/36741/ || url,doc.emergingthreats.net/2010180
1 || 2010181 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Rational RequisitePro ReqWebHelp searchWord Cross Site Scripting Attempt || url,www.securityfocus.com/bid/36721/info || url,www-01.ibm.com/support/docview.wss?uid=swg1PK83895 || url,doc.emergingthreats.net/2010181
1 || 2010182 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Rational RequisitePro ReqWebHelp maxHits Cross Site Scripting Attempt || url,www.securityfocus.com/bid/36721/info || url,www-01.ibm.com/support/docview.wss?uid=swg1PK83895 || url,doc.emergingthreats.net/2010182
1 || 2010183 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Rational RequisitePro ReqWebHelp scopedSearch Cross Site Scripting Attempt || url,www.securityfocus.com/bid/36721/info || url,www-01.ibm.com/support/docview.wss?uid=swg1PK83895 || url,doc.emergingthreats.net/2010183
1 || 2010184 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Rational RequisitePro ReqWebHelp scope Cross Site Scripting Attempt || url,www.securityfocus.com/bid/36721/info || url,www-01.ibm.com/support/docview.wss?uid=swg1PK83895 || url,doc.emergingthreats.net/2010184
1 || 2010185 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QUICKTEAM qte_result.php title Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/0910-exploits/quickteam-sql.txt || url,doc.emergingthreats.net/2010185
1 || 2010186 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QUICKTEAM qte_result.php title Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/0910-exploits/quickteam-sql.txt || url,doc.emergingthreats.net/2010186
1 || 2010187 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QUICKTEAM qte_result.php title Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/0910-exploits/quickteam-sql.txt || url,doc.emergingthreats.net/2010187
1 || 2010188 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QUICKTEAM qte_result.php title Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/0910-exploits/quickteam-sql.txt || url,doc.emergingthreats.net/2010188
1 || 2010189 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS QUICKTEAM qte_result.php title Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/0910-exploits/quickteam-sql.txt || url,doc.emergingthreats.net/2010189
1 || 2010190 || 4 || attempted-user || 0 || ET ACTIVEX Altirix eXpress NS SC ActiveX Arbitrary Code Execution Function Call || url,trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/symantec_altirisdeployment_downloadandinstall.rb?rev=7023 || url,secunia.com/advisories/36679 || url,doc.emergingthreats.net/2010190
1 || 2010191 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS justVisual contact.php fs_jVroot Parameter Remote File Inclusion || url,secunia.com/advisories/36072/ || url,milw0rm.com/exploits/9308 || url,doc.emergingthreats.net/2010191
1 || 2010192 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS justVisual pageTemplate.php fs_jVroot Parameter Remote File Inclusion || url,secunia.com/advisories/36072/ || url,milw0rm.com/exploits/9308 || url,doc.emergingthreats.net/2010192
1 || 2010193 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS justVisual utilities.php fs_jVroot Parameter Remote File Inclusion || url,secunia.com/advisories/36072/ || url,milw0rm.com/exploits/9308 || url,doc.emergingthreats.net/2010193
1 || 2010194 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adobe JRun Directory Traversal || url,www.dsecrg.ru/pages/vul/show.php?id=152 || url,www.vupen.com/english/advisories/2009/2285 || url,doc.emergingthreats.net/2010194
1 || 2010195 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DS CMS DetailFile.php nFileId Parameter SQL Injection || url,packetstormsecurity.org/0908-exploits/dscms-sql.txt || url,doc.emergingthreats.net/2010195
1 || 2010196 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 2FLY Gift Delivery 2fly_gift.php gameid Parameter SQL Injection || url,secunia.com/advisories/36294/ || url,osvdb.org/show/osvdb/57136 || url,doc.emergingthreats.net/2010196
1 || 2010197 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KingCMS menu.php CONFIG Parameter Remote File Inclusion || url,osvdb.org/show/osvdb/57688 || url,doc.emergingthreats.net/2010197
1 || 2010198 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Autonomous LAN Party _bot.php master Parameter Remote File Inclusion || url,secunia.com/advisories/36354 || url,packetstormsecurity.nl/0908-exploits/autonomouslan-rfi.txt || url,doc.emergingthreats.net/2010198
1 || 2010200 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Computer Associates SiteMinder Web Agent Smpwservices.FCC Cross Site Scripting Attempt || cve,2007-5923 || url,www.securityfocus.com/bid/26375/info || url,doc.emergingthreats.net/2010200
1 || 2010201 || 3 || trojan-activity || 0 || ET TROJAN Silon Encrypted Data POST to C&C || url,www.trusteer.com/webform/w32silon-malware-analysis || url,doc.emergingthreats.net/2010201
1 || 2010203 || 6 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control EnableStartApplication/EnableStartBeforePrint/EnableKeepExistingFiles/EnablePassParameters Buffer Overflow Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010203
1 || 2010204 || 6 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control SetApplicationPath/SetStartApplicationParamCode/SetCustomStartAppParameter Buffer Overflow Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010204
1 || 2010205 || 7 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control SaveBlackIceDEVMODE Buffer Overflow Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010205
1 || 2010206 || 6 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control ClearUserSettings Buffer Overflow Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010206
1 || 2010207 || 6 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control ControlJob Buffer Overflow Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010207
1 || 2010208 || 4 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control EnableStartApplication/EnableStartBeforePrint/EnableKeepExistingFiles/EnablePassParameters Function Call Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010208
1 || 2010209 || 4 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control SetApplicationPath/SetStartApplicationParamCode/SetCustomStartAppParameter Function Call Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010209
1 || 2010210 || 4 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control SaveBlackIceDEVMODE Function Call Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010210
1 || 2010211 || 4 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control ClearUserSettings Function Call Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010211
1 || 2010212 || 4 || attempted-user || 0 || ET ACTIVEX Possible Black Ice Printer Driver Resource Toolkit ActiveX Control ControlJob Function Call Attempt || url,www.securityfocus.com/bid/36548 || url,doc.emergingthreats.net/2010212
1 || 2010214 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Adobe Flex SDK index.template.html Cross Site Scripting Attempt || cve,2009-1879 || url,securitytracker.com/alerts/2009/Aug/1022748.html || url,doc.emergingthreats.net/2010214
1 || 2010215 || 4 || web-application-attack || 0 || ET SCAN SQL Injection Attempt (Agent uil2pn) || url,www.prevx.com/filenames/89385984947861762-X1/UIL2PN.EXE.html || url,doc.emergingthreats.net/2010215
1 || 2010217 || 9 || trojan-activity || 0 || ET TROJAN DownloaderExchanger/Cbeplay Variant Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32%2fCbeplay.B || url,www.secureworks.com/research/threats/ppi/ || url,doc.emergingthreats.net/2010217
1 || 2010218 || 5 || trojan-activity || 0 || ET MALWARE Win32/InternetAntivirus User-Agent (Internet Antivirus Pro) || url,doc.emergingthreats.net/2010218
1 || 2010219 || 6 || attempted-user || 0 || ET ACTIVEX ACTIVEX SAP AG SAPgui sapirrfc.dll ActiveX Control Buffer Overflow Attempt || url,www.securityfocus.com/bid/35256/info || url,doc.emergingthreats.net/2010219
1 || 2010220 || 5 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (ClickAdsByIE) || url,doc.emergingthreats.net/2010220
1 || 2010221 || 6 || trojan-activity || 0 || ET TROJAN Possible Fake-Rean Installer Activity (Malwareurl.com Top 30) || url,www.sophos.com/security/analyses/viruses-and-spyware/trojfakereane.html?_log_from=rss || url,doc.emergingthreats.net/2010221
1 || 2010222 || 4 || bad-unknown || 0 || ET DELETED MALWARE Potential exploit redirect, in.cgi pepsi || url,malwareurl.com || url,doc.emergingthreats.net/2010222
1 || 2010223 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Mambo Cache_Lite Class mosConfig_absolute_path Remote File Inclusion Attempt || url,www.securityfocus.com/bid/29716/info || url,downloads.securityfocus.com/vulnerabilities/exploits/29716.rb || url,doc.emergingthreats.net/2010223
1 || 2010224 || 4 || trojan-activity || 0 || ET TROJAN Opachki Link Hijacker Traffic Redirection || url,www.secureworks.com/research/threats/opachki/?threat=opachki || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A || url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2 || url,doc.emergingthreats.net/2010224
1 || 2010227 || 5 || attempted-user || 0 || ET ACTIVEX Symantec Multiple Altiris Products AeXNSConsoleUtilities.dll ActiveX Control BrowseAndSaveFile Method Buffer Overflow Attempt || url,www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00 || url,www.securityfocus.com/bid/36698/info || url,sotiriu.de/adv/NSOADV-2009-001.txt || cve,2009-3031 || url,doc.emergingthreats.net/2010227
1 || 2010228 || 7 || policy-violation || 0 || ET POLICY Suspicious Microsoft Windows NT 6.1 User-Agent Detected || url,www.microsoft.com/windows/windows-7/default.aspx || url,doc.emergingthreats.net/2010228
1 || 2010229 || 3 || attempted-dos || 0 || ET WEB_SERVER Possible Cherokee Web Server GET AUX Request Denial Of Service Attempt || url,securitytracker.com/alerts/2009/Oct/1023095.html || url,www.securityfocus.com/bid/36814/info || url,www.securityfocus.com/archive/1/507456 || url,doc.emergingthreats.net/2010229
1 || 2010230 || 7 || trojan-activity || 0 || ET TROJAN W32.Koblu || url,doc.emergingthreats.net/2010230
1 || 2010231 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack Encrypted GIF download 1 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,www.threatexpert.com/threats/trojan-fraudpack-sd6.html || url,vil.nai.com/vil/content/v_157489.htm || url,blog.threatfire.com/2009/06/streamviewers-gif-images-embedded-with-encrypted-malware.html || url,doc.emergingthreats.net/2010231
1 || 2010232 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack Encrypted GIF download 2 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,vil.nai.com/vil/content/v_157489.htm || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOAD.TID&VSect=T || url,blog.threatfire.com/2009/06/streamviewers-gif-images-embedded-with-encrypted-malware.html || url,doc.emergingthreats.net/2010232
1 || 2010233 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack Encrypted GIF download 3 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,vil.nai.com/vil/content/v_157489.htm || url,blog.threatfire.com/2009/06/streamviewers-gif-images-embedded-with-encrypted-malware.html || url,doc.emergingthreats.net/2010233
1 || 2010234 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack HTTP Post 1 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,www.threatexpert.com/report.aspx?md5=7ca709f154e6abc678fbc4df8a3256b6 || url,www.threatexpert.com/threats/trojan-fraudpack-sd6.html || url,doc.emergingthreats.net/2010234
1 || 2010235 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack HTTP Post 2 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,www.threatexpert.com/threats/trojan-fraudpack-sd6.html || url,vil.nai.com/vil/content/v_157489.htm || url,doc.emergingthreats.net/2010235
1 || 2010236 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack HTTP Post 3 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,vil.nai.com/vil/content/v_157489.htm || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOAD.TID&VSect=T || url,doc.emergingthreats.net/2010236
1 || 2010237 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack HTTP Post 4 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,vil.nai.com/vil/content/v_157489.htm || url,doc.emergingthreats.net/2010237
1 || 2010238 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack HTTP Post 5 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,vil.nai.com/vil/content/v_157489.htm || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOAD.TID&VSect=T || url,doc.emergingthreats.net/2010238
1 || 2010239 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAlert/FraudPack/FakeAV/Guzz/Dload/Vobfus/ZPack HTTP Post 6 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.GUZZ&VSect=T || url,vil.nai.com/vil/content/v_157489.htm || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_DLOAD.TID&VSect=T || url,www.threatexpert.com/report.aspx?md5=316fd88ac18d21889b1dbf9b979c1959 || url,doc.emergingthreats.net/2010239
1 || 2010240 || 4 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV check-in HEAD || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010240
1 || 2010241 || 6 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV check-in GET || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010241
1 || 2010242 || 4 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV get_product_domains.php || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010242
1 || 2010243 || 4 || trojan-activity || 0 || ET DELETED Agent.END || url,doc.emergingthreats.net/2010243
1 || 2010244 || 5 || trojan-activity || 0 || ET TROJAN Obitel Downloader Request || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32%2fObitel.gen!A || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.ASLV&VSect=T || url,doc.emergingthreats.net/2010244
1 || 2010245 || 6 || attempted-user || 0 || ET ACTIVEX Multiple Altiris Products AeXNSConsoleUtilities.dll ActiveX Control BrowseAndSaveFile Method Buffer Overflow Attempt Function Call || url,www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091102_00 || url,www.securityfocus.com/bid/36698/info || url,sotiriu.de/adv/NSOADV-2009-001.txt || url,securitytracker.com/alerts/2009/Nov/1023122.html || cve,2009-3031 || url,doc.emergingthreats.net/2010245
1 || 2010246 || 8 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV Reporting via POST initial check-in || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010246
1 || 2010247 || 6 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV Reporting via POST || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010247
1 || 2010248 || 5 || trojan-activity || 0 || ET TROJAN Eleonore Exploit Pack activity || url,www.offensivecomputing.net/?q=node/1419 || url,doc.emergingthreats.net/2010248
1 || 2010252 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Datalife Engine api.class.php dle_config_api Parameter Remote File Inclusion || url,www.juniper.net/security/auto/vulnerabilities/vuln36212.html || url,milw0rm.com/exploits/9572 || url,doc.emergingthreats.net/2010252
1 || 2010253 || 6 || web-application-attack || 0 || ET ACTIVEX EasyMail Quicksoft ActiveX Control Remote code excution clsid access attempt || url,milw0rm.com/exploits/9684 || url,doc.emergingthreats.net/2010253
1 || 2010254 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ve-EDIT edit_htmlarea.php highlighter Parameter Remote File Inclusion || url,osvdb.org/show/osvdb/57679 || url,doc.emergingthreats.net/2010254
1 || 2010255 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ve-EDIT debug_php.php _GET Parameter Local File Inclusion || url,osvdb.org/show/osvdb/57680 || url,doc.emergingthreats.net/2010255
1 || 2010256 || 6 || web-application-attack || 0 || ET ACTIVEX Adobe Shockwave Player ActiveX Control Buffer Overflow clsid access || url,www.milw0rm.com/exploits/9682 || url,doc.emergingthreats.net/2010256
1 || 2010257 || 4 || attempted-user || 0 || ET ACTIVEX Installshiled 2009 premier ActiveX File Overwrite Function Call || url,packetstormsecurity.com/0909-exploits/installshield-overwrite.txt || url,doc.emergingthreats.net/2010257
1 || 2010258 || 4 || web-application-attack || 0 || ET ACTIVEX Installshiled 2009 premier ActiveX File Overwrite clsid Access || url,packetstormsecurity.com/0909-exploits/installshield-overwrite.txt || url,doc.emergingthreats.net/2010258
1 || 2010259 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DvBBS boardrule.php groupboardid Parameter SQL Injection || bugtraq,36282 || url,doc.emergingthreats.net/2010259
1 || 2010260 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla AjaxChat Component ajcuser.php GLOBALS Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/59056 || url,packetstormsecurity.org/0910-exploits/joomlaajaxchat-rfi.txt || url,doc.emergingthreats.net/2010260
1 || 2010261 || 5 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV User-Agent TALWinHttpClient || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010261
1 || 2010262 || 6 || trojan-activity || 0 || ET TROJAN WindowsEnterpriseSuite FakeAV Dynamic User-Agent || url,www.threatexpert.com/report.aspx?md5=d9bcb4e4d650a6ed4402fab8f9ef1387 || url,doc.emergingthreats.net/2010262
1 || 2010263 || 6 || attempted-user || 0 || ET ACTIVEX Wmm2fxa.dll COM Object Instantiation Memory Corruption CLSID 2 Access Attempt || cve,2006-1303 || bugtraq,18328 || url,www.microsoft.com/technet/security/bulletin/ms06-021.mspx || url,doc.emergingthreats.net/2010263
1 || 2010264 || 6 || attempted-user || 0 || ET ACTIVEX Wmm2fxa.dll COM Object Instantiation Memory Corruption CLSID 3 Access Attempt || cve,2006-1303 || bugtraq,18328 || url,www.microsoft.com/technet/security/bulletin/ms06-021.mspx || url,doc.emergingthreats.net/2010264
1 || 2010265 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (M0zilla) || url,doc.emergingthreats.net/2010265
1 || 2010266 || 6 || trojan-activity || 0 || ET TROJAN Banload Checkin || url,doc.emergingthreats.net/2010266
1 || 2010267 || 4 || trojan-activity || 0 || ET TROJAN Sinowal/Torpig Checkin || url,doc.emergingthreats.net/2010267
1 || 2010268 || 4 || trojan-activity || 0 || ET TROJAN W32.SillyFDC Checkin || url,doc.emergingthreats.net/2010268
1 || 2010270 || 6 || trojan-activity || 0 || ET TROJAN Asprox Data Post to C&C || url,www.secureworks.com/research/threats/danmecasprox/ || url,www.toorcon.org/tcx/18_Brown.pdf || url,doc.emergingthreats.net/2010270
1 || 2010271 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DEDECMS feedback_js.php arcurl Parameter SELECT FROM SQL Injection Attempt || url,osvdb.org/show/osvdb/59406 || url,www.packetstormsecurity.org/0910-exploits/dedecms-sql.txt || url,doc.emergingthreats.net/2010271
1 || 2010272 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DEDECMS feedback_js.php arcurl Parameter DELETE FROM SQL Injection Attempt || url,osvdb.org/show/osvdb/59406 || url,www.packetstormsecurity.org/0910-exploits/dedecms-sql.txt || url,doc.emergingthreats.net/2010272
1 || 2010273 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DEDECMS feedback_js.php arcurl Parameter UNION SELECT SQL Injection Attempt || url,osvdb.org/show/osvdb/59406 || url,www.packetstormsecurity.org/0910-exploits/dedecms-sql.txt || url,doc.emergingthreats.net/2010273
1 || 2010274 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DEDECMS feedback_js.php arcurl Parameter INSERT INTO SQL Injection Attempt || url,osvdb.org/show/osvdb/59406 || url,www.packetstormsecurity.org/0910-exploits/dedecms-sql.txt || url,doc.emergingthreats.net/2010274
1 || 2010275 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DEDECMS feedback_js.php arcurl Parameter UPDATE SET SQL Injection Attempt || url,osvdb.org/show/osvdb/59406 || url,www.packetstormsecurity.org/0910-exploits/dedecms-sql.txt || url,doc.emergingthreats.net/2010275
1 || 2010276 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ProdLer prodler.class.php sPath Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/58298 || url,doc.emergingthreats.net/2010276
1 || 2010277 || 6 || web-application-attack || 0 || ET ACTIVEX EasyMail Quicksoft ActiveX CreateStore method Remote code excution clsid access || url,www.milw0rm.com/exploits/9685 || url,doc.emergingthreats.net/2010277
1 || 2010278 || 6 || web-application-attack || 0 || ET ACTIVEX EasyMail ActiveX AddAttachment method Remote code excution clsid access attempt || url,www.milw0rm.com/exploits/9705 || url,doc.emergingthreats.net/2010278
1 || 2010279 || 5 || web-application-attack || 0 || ET ACTIVEX InstanGet v2.08 Activex Control DOS clsid access attempt || url,www.packetstormsecurity.org/0909-exploits/instantget-dos.txt || url,doc.emergingthreats.net/2010279
1 || 2010280 || 6 || web-application-attack || 0 || ET ACTIVEX Charm Real Converter pro 6.6 Activex Control DOS clsid access attempt || url,www.packetstormsecurity.org/0909-exploits/charmrc-dos.txt || url,doc.emergingthreats.net/2010280
1 || 2010281 || 3 || attempted-user || 0 || ET WEB_SERVER Apache mod_perl Apache Status and Apache2 Status Cross Site Scripting Attempt || url,www.securityfocus.com/bid/34383/info || cve,2009-0796 || url,doc.emergingthreats.net/2010281
1 || 2010282 || 8 || trojan-activity || 0 || ET TROJAN Generic Trojan Checkin (double Content-Type headers) || url,doc.emergingthreats.net/2010282
1 || 2010283 || 9 || trojan-activity || 0 || ET TROJAN Opachki Link Hijacker HTTP Header Injection || url,www.secureworks.com/research/threats/opachki/?threat=opachki || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fOpachki.A || url,www.symantec.com/security_response/writeup.jsp?docid=2009-092213-3317-99&tabid=2 || url,doc.emergingthreats.net/2010283
1 || 2010284 || 3 || web-application-attack || 0 || ET WEB_SERVER SELECT INSTR in URI, Possible ORACLE Related Blind SQL Injection Attempt || url,www.psoug.org/reference/substr_instr.html || url,www.easywebtech.com/artical/Oracle_INSTR.html || url,www.owasp.org/index.php/SQL_Injection || url,msdn.microsoft.com/en-us/library/ms161953.aspx || url,doc.emergingthreats.net/2010284
1 || 2010285 || 5 || web-application-attack || 0 || ET WEB_SERVER SELECT SUBSTR/ING in URI, Possible Blind SQL Injection Attempt || url,www.1keydata.com/sql/sql-substring.html || url,www.owasp.org/index.php/SQL_Injection || url,msdn.microsoft.com/en-us/library/ms161953.aspx || url,doc.emergingthreats.net/2010285
1 || 2010286 || 3 || web-application-attack || 0 || ET WEB_SERVER SELECT INSTR in Cookie, Possible ORACLE Related Blind SQL Injection Attempt || url,www.psoug.org/reference/substr_instr.html || url,www.easywebtech.com/artical/Oracle_INSTR.html || url,www.owasp.org/index.php/SQL_Injection || url,msdn.microsoft.com/en-us/library/ms161953.aspx || url,doc.emergingthreats.net/2010286
1 || 2010287 || 3 || web-application-attack || 0 || ET WEB_SERVER SELECT SUBSTR/ING in Cookie, Possible Blind SQL Injection Attempt || url,www.1keydata.com/sql/sql-substring.html || url,www.owasp.org/index.php/SQL_Injection || url,msdn.microsoft.com/en-us/library/ms161953.aspx || url,doc.emergingthreats.net/2010287
1 || 2010288 || 3 || trojan-activity || 0 || ET TROJAN W32/Scar Downloader Request || url,www.f-secure.com/v-descs/trojan_w32_scar_a.shtml || url,doc.emergingthreats.net/2010288
1 || 2010289 || 5 || trojan-activity || 0 || ET TROJAN Clod/Sereki Communication with C&C || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fSereki.A || url,www.threatexpert.com/report.aspx?md5=bbb6ac2181dbbe15efd13c294cb991fa || url,www.threatexpert.com/report.aspx?md5=3c39bfc78fcf3fe805c7472296bf6319 || url,doc.emergingthreats.net/2010289
1 || 2010290 || 10 || trojan-activity || 0 || ET TROJAN Clod/Sereki Checkin with C&C (noalert) || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fSereki.A || url,www.threatexpert.com/report.aspx?md5=bbb6ac2181dbbe15efd13c294cb991fa || url,www.threatexpert.com/report.aspx?md5=3c39bfc78fcf3fe805c7472296bf6319 || url,doc.emergingthreats.net/2010290
1 || 2010291 || 4 || trojan-activity || 0 || ET TROJAN Clod/Sereki Checkin Response || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fSereki.A || url,www.threatexpert.com/report.aspx?md5=bbb6ac2181dbbe15efd13c294cb991fa || url,www.threatexpert.com/report.aspx?md5=3c39bfc78fcf3fe805c7472296bf6319 || url,doc.emergingthreats.net/2010291
1 || 2010292 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 1 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010292
1 || 2010293 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 2 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010293
1 || 2010294 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 3 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010294
1 || 2010295 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 4 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010295
1 || 2010296 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 5 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010296
1 || 2010297 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 6 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010297
1 || 2010298 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 7 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010298
1 || 2010299 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 8 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010299
1 || 2010300 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 9 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010300
1 || 2010301 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 10 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010301
1 || 2010302 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 11 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010302
1 || 2010303 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 12 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010303
1 || 2010304 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 13 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010304
1 || 2010305 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 14 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010305
1 || 2010306 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 15 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010306
1 || 2010307 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 16 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010307
1 || 2010308 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 17 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010308
1 || 2010309 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 18 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010309
1 || 2010310 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 19 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010310
1 || 2010311 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 20 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010311
1 || 2010312 || 6 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 21 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010312
1 || 2010313 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 22 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010313
1 || 2010314 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 23 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010314
1 || 2010315 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 24 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010315
1 || 2010316 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 25 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010316
1 || 2010317 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 26 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010317
1 || 2010318 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 27 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010318
1 || 2010319 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 28 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010319
1 || 2010320 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 29 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010320
1 || 2010321 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 30 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010321
1 || 2010322 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 31 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010322
1 || 2010323 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 32 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010323
1 || 2010324 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 33 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010324
1 || 2010325 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 34 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010325
1 || 2010326 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 35 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010326
1 || 2010327 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 36 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010327
1 || 2010328 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 37 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010328
1 || 2010329 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 38 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010329
1 || 2010330 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 39 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010330
1 || 2010331 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 40 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010331
1 || 2010332 || 5 || attempted-user || 0 || ET ACTIVEX COM Object MS06-042 CLSID 41 Access Attempt || cve,2006-3638 || url,www.microsoft.com/technet/security/Bulletin/MS06-042.mspx || url,doc.emergingthreats.net/2010332
1 || 2010333 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (CrazyBro) || url,www.f-secure.com/v-descs/trojan-proxy_w32_kvadr_gen!a.shtml || url,www.threatexpert.com/report.aspx?md5=fd2d6bb1d2a9803c49f1e175d558a934 || url,www.threatexpert.com/report.aspx?md5=e4664144f8e95cfec510d5efa24a35e7 || url,anubis.iseclab.org/?action=result&task_id=14118b80c1b346124c183394d5b3004b1&format=html || url,doc.emergingthreats.net/2010333
1 || 2010334 || 5 || trojan-activity || 0 || ET TROJAN Dosenjo/Kvadr Proxy Trojan Activity || url,www.f-secure.com/v-descs/trojan-proxy_w32_kvadr_gen!a.shtml || url,www.threatexpert.com/report.aspx?md5=fd2d6bb1d2a9803c49f1e175d558a934 || url,www.threatexpert.com/report.aspx?md5=e4664144f8e95cfec510d5efa24a35e7 || url,doc.emergingthreats.net/2010334
1 || 2010337 || 19 || trojan-activity || 0 || ET TROJAN FakeAV Reporting - POST often to resolution|borders.php || url,www.sophos.com/security/analyses/viruses-and-spyware/trojagentmbr.html?_log_from=rss || url,doc.emergingthreats.net/2010337
1 || 2010338 || 2 || policy-violation || 0 || ET DELETED offers.e-centives.com Coupon Printer || url,offers.e-centives.com || url,doc.emergingthreats.net/2010338
1 || 2010339 || 3 || trojan-activity || 0 || ET DELETED Potential Fake Anti-Virus Download Inst_58s6.exe || url,cyveillanceblog.com/general-cyberintel/malware-google-search-results || url,doc.emergingthreats.net/2010339
1 || 2010341 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OS Commerce 2.2 RC2 Potential Anonymous Remote Code Execution || url,seclists.org/fulldisclosure/2009/Nov/169 || url,seclists.org/fulldisclosure/2009/Nov/170 || url,www.milw0rm.com/exploits/9556 || url,doc.emergingthreats.net/2010341
1 || 2010342 || 5 || trojan-activity || 0 || ET DELETED NACHA/Zeus Phishing Executable Download Attempt || url,garwarner.blogspot.com/2009/11/newest-zeus-nacha-electronic-payments.html || url,doc.emergingthreats.net/2010342
1 || 2010343 || 5 || web-application-activity || 0 || ET SCAN pangolin SQL injection tool || url,www.lifedork.net/pangolin-best-sql-injection-tool.html || url,doc.emergingthreats.net/2010343
1 || 2010344 || 3 || trojan-activity || 0 || ET TROJAN Chorns/Poison Ivy related Backdoor Initial Connection || url,doc.emergingthreats.net/2010344
1 || 2010345 || 3 || trojan-activity || 0 || ET TROJAN Chorns/Poison Ivy related Backdoor Keep Alive || url,doc.emergingthreats.net/2010345
1 || 2010346 || 6 || trojan-activity || 0 || ET TROJAN Ultimate HAckerz Team User-Agent (Made by UltimateHackerzTeam) - Likely Trojan Report || url,doc.emergingthreats.net/2010346
1 || 2010347 || 6 || trojan-activity || 0 || ET TROJAN Fake/Rogue AV Landing Page Encountered || url,en.wikipedia.org/wiki/Scareware || url,doc.emergingthreats.net/2010347
1 || 2010348 || 6 || trojan-activity || 0 || ET TROJAN - Possible Zeus/Perkesh (.bin) configuration download || url,zeustracker.abuse.ch || url,doc.emergingthreats.net/2010348
1 || 2010349 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_photoblog component category Parameter SELECT FROM SQL Injection Attempt || bugtraq,36809 || url,www.packetstormsecurity.org/0910-exploits/joomlaphotoblog-sql.txt || url,doc.emergingthreats.net/2010349
1 || 2010350 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_photoblog component category Parameter DELETE FROM SQL Injection Attempt || bugtraq,36809 || url,www.packetstormsecurity.org/0910-exploits/joomlaphotoblog-sql.txt || url,doc.emergingthreats.net/2010350
1 || 2010351 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_photoblog component category Parameter UNION SELECT SQL Injection Attempt || bugtraq,36809 || url,www.packetstormsecurity.org/0910-exploits/joomlaphotoblog-sql.txt || url,doc.emergingthreats.net/2010351
1 || 2010352 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_photoblog component category Parameter INSERT INTO SQL Injection Attempt || bugtraq,36809 || url,www.packetstormsecurity.org/0910-exploits/joomlaphotoblog-sql.txt || url,doc.emergingthreats.net/2010352
1 || 2010353 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_photoblog component category Parameter UPDATE SET SQL Injection Attempt || bugtraq,36809 || url,www.packetstormsecurity.org/0910-exploits/joomlaphotoblog-sql.txt || url,doc.emergingthreats.net/2010353
1 || 2010354 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Achievo debugger.php config_atkroot parameter Remote File Inclusion Attempt || bugtraq,36822 || url,doc.emergingthreats.net/2010354
1 || 2010355 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OBOphiX fonctions_racine.php chemin_lib parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/57869 || url,secunia.com/advisories/36658/ || url,doc.emergingthreats.net/2010355
1 || 2010356 || 6 || web-application-attack || 0 || ET ACTIVEX NCTAVIFile V 1.6.2 Activex File Creation clsid access attempt || url,www.packetstatic.com/0909-exploits/nctavi-exec.txt || url,doc.emergingthreats.net/2010356
1 || 2010357 || 4 || web-application-attack || 0 || ET ACTIVEX NCTAVIFile V 1.6.2 ActiveX File Creation Function call attempt || url,www.packetstatic.com/0909-exploits/nctavi-exec.txt || url,doc.emergingthreats.net/2010357
1 || 2010358 || 6 || successful-user || 0 || ET ACTIVEX Macrovision FLEXnet Connect ActiveX Control Arbitrary File Download || bugtraq,27279 || url,www.milw0rm.com/exploits/4913 || url,doc.emergingthreats.net/2010358
1 || 2010359 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FSphp FSphp.php FSPHP_LIB Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/58315 || url,www.milw0rm.com/exploits/9720 || url,doc.emergingthreats.net/2010359
1 || 2010360 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FSphp navigation.php FSPHP_LIB Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/58316 || url,www.milw0rm.com/exploits/9720 || url,doc.emergingthreats.net/2010360
1 || 2010361 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FSphp pathwirte.php FSPHP_LIB Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/58317 || url,www.milw0rm.com/exploits/9720 || url,doc.emergingthreats.net/2010361
1 || 2010362 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AjaxPortal di.php pathtoserverdata Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/55485 || url,doc.emergingthreats.net/2010362
1 || 2010363 || 6 || web-application-attack || 0 || ET ACTIVEX Orca Browser 1.1 Activex Command Execution clsid access attempt || url,www.packetstormsecurity.org/0909-exploits/orca-exec.txt || url,doc.emergingthreats.net/2010363
1 || 2010364 || 4 || web-application-attack || 0 || ET ACTIVEX Orca Browser 1.1 ActiveX Command Execution Function call attempt || url,www.packetstormsecurity.org/0909-exploits/orca-exec.txt || url,doc.emergingthreats.net/2010364
1 || 2010365 || 6 || web-application-attack || 0 || ET ACTIVEX ProgramChecker 1.5 Activex Command Execution clsid access attempt || url,www.packetstormsecurity.org/0909-exploits/programchecker-exec.txt || url,doc.emergingthreats.net/2010365
1 || 2010366 || 4 || web-application-attack || 0 || ET ACTIVEX ProgramChecker 1.5 ActiveX Command Execution Function call attempt || url,www.packetstormsecurity.org/0909-exploits/programchecker-exec.txt || url,doc.emergingthreats.net/2010366
1 || 2010367 || 6 || web-application-attack || 0 || ET ACTIVEX Gom Player V 2.1.16 Activex Command Execution clsid access attempt || url,www.packetstormsecurity.org/0909-exploits/gomplayer-exec.txt || url,doc.emergingthreats.net/2010367
1 || 2010368 || 4 || web-application-attack || 0 || ET ACTIVEX Gom Player V 2.1.16 ActiveX Command Execution Function call attempt || url,www.packetstormsecurity.org/0909-exploits/gomplayer-exec.txt || url,doc.emergingthreats.net/2010368
1 || 2010369 || 5 || attempted-user || 0 || ET ACTIVEX Possible Symantec Altiris Deployment Solution and Notification Server ActiveX Control RunCmd Arbitrary Code Execution Attempt || url,securitytracker.com/alerts/2009/Nov/1023238.html || url,www.securityfocus.com/bid/37092 || cve,2009-3033 || url,doc.emergingthreats.net/2010369
1 || 2010370 || 4 || attempted-user || 0 || ET ACTIVEX ACTIVEX Possible Symantec Altiris Deployment Solution and Notification Server ActiveX Control RunCmd Arbitrary Code Execution Function Call Attempt || url,securitytracker.com/alerts/2009/Nov/1023238.html || url,www.securityfocus.com/bid/37092 || cve,2009-3033 || url,doc.emergingthreats.net/2010370
1 || 2010371 || 2 || attempted-recon || 0 || ET SCAN Amap TCP Service Scan Detected || url,freeworld.thc.org/thc-amap/ || url,doc.emergingthreats.net/2010371
1 || 2010372 || 2 || attempted-recon || 0 || ET SCAN Amap UDP Service Scan Detected || url,freeworld.thc.org/thc-amap/ || url,doc.emergingthreats.net/2010372
1 || 2010373 || 6 || attempted-user || 0 || ET ACTIVEX Haihaisoft Universal Player ActiveX Control URL Property Buffer Overflow Attempt || url,www.shinnai.net/exploits/ZzLsi6TIfSuVPh1kPHmP.txt || url,www.securityfocus.com/bid/37151/info || url,doc.emergingthreats.net/2010373
1 || 2010374 || 4 || attempted-user || 0 || ET ACTIVEX Haihaisoft Universal Player ActiveX Control URL Property Buffer Overflow Function Call Attempt || url,www.shinnai.net/exploits/ZzLsi6TIfSuVPh1kPHmP.txt || url,www.securityfocus.com/bid/37151/info || url,doc.emergingthreats.net/2010374
1 || 2010375 || 2 || attempted-admin || 0 || ET EXPLOIT Possible Oracle Database Text Component ctxsys.drvxtabc.create_tables Remote SQL Injection Attempt || url,www.securityfocus.com/bid/36748 || cve,2009-1991 || url,doc.emergingthreats.net/2010375
1 || 2010376 || 3 || trojan-activity || 0 || ET DELETED WU Malicious Spam Inbound || url,doc.emergingthreats.net/2010376
1 || 2010377 || 6 || web-application-attack || 0 || ET POLICY JBOSS/JMX port 80 access from outside || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/ || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,doc.emergingthreats.net/2010377
1 || 2010378 || 5 || web-application-attack || 0 || ET POLICY JBOSS/JMX port 8080 access from outside || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/ || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,doc.emergingthreats.net/2010378
1 || 2010379 || 5 || web-application-attack || 0 || ET WEB_SERVER JBOSS/JMX REMOTE WAR deployment attempt (POST) || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/ || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,doc.emergingthreats.net/2010379
1 || 2010380 || 5 || web-application-attack || 0 || ET WEB_SERVER JBOSS/JMX REMOTE WAR deployment attempt (GET) || url,www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/ || url,www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf || url,doc.emergingthreats.net/2010380
1 || 2010381 || 10 || trojan-activity || 0 || ET TROJAN Syrutrk/Gibon/Bredolab Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fSyrutrk.A || url,www.threatexpert.com/report.aspx?md5=a5f94577d00d0306e4ef64bad30e5d37 || url,www.threatexpert.com/report.aspx?md5=011d403b345672adc29846074e717865 || url,doc.emergingthreats.net/2010381
1 || 2010382 || 7 || trojan-activity || 0 || ET TROJAN Fake AV GET || url,threatexpert.com/report.aspx?md5=8d1b47452307259f1e191e16ed23cd35 || url,doc.emergingthreats.net/2010382
1 || 2010383 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell || url,doc.emergingthreats.net/2010383
1 || 2010385 || 4 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Countdown Encoded 2) || url,doc.emergingthreats.net/2010385
1 || 2010386 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Countdown Encoded 3) || url,doc.emergingthreats.net/2010386
1 || 2010387 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Countdown Encoded 4) || url,doc.emergingthreats.net/2010387
1 || 2010388 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Countdown Encoded 5) || url,doc.emergingthreats.net/2010388
1 || 2010389 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Encoded 1) || url,doc.emergingthreats.net/2010389
1 || 2010390 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Encoded 2) || url,doc.emergingthreats.net/2010390
1 || 2010391 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 1) || url,doc.emergingthreats.net/2010391
1 || 2010392 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 2) || url,doc.emergingthreats.net/2010392
1 || 2010393 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 3) || url,doc.emergingthreats.net/2010393
1 || 2010394 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 4) || url,doc.emergingthreats.net/2010394
1 || 2010395 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Not Encoded 5) || url,doc.emergingthreats.net/2010395
1 || 2010396 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 1) || url,doc.emergingthreats.net/2010396
1 || 2010397 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 2) || url,doc.emergingthreats.net/2010397
1 || 2010398 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 3) || url,doc.emergingthreats.net/2010398
1 || 2010399 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 4) || url,doc.emergingthreats.net/2010399
1 || 2010400 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Pex Alphanumeric Encoded 5) || url,doc.emergingthreats.net/2010400
1 || 2010401 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (PexFstEnvMov Encoded 1) || url,doc.emergingthreats.net/2010401
1 || 2010402 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (PexFstEnvMov Encoded 2) || url,doc.emergingthreats.net/2010402
1 || 2010403 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (JmpCallAdditive Encoded) || url,doc.emergingthreats.net/2010403
1 || 2010404 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Alpha2 Encoded 1) || url,doc.emergingthreats.net/2010404
1 || 2010405 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Alpha2 Encoded 2) || url,doc.emergingthreats.net/2010405
1 || 2010406 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Bind shell (Alpha2 Encoded 3) || url,doc.emergingthreats.net/2010406
1 || 2010407 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (PexFnstenvSub Encoded 1) || url,doc.emergingthreats.net/2010407
1 || 2010408 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (PexFnstenvSub Encoded 2) || url,doc.emergingthreats.net/2010408
1 || 2010409 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Countdown Encoded 1) || url,doc.emergingthreats.net/2010409
1 || 2010410 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Countdown Encoded 2) || url,doc.emergingthreats.net/2010410
1 || 2010411 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Countdown Encoded 3) || url,doc.emergingthreats.net/2010411
1 || 2010412 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Countdown Encoded 4) || url,doc.emergingthreats.net/2010412
1 || 2010413 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Encoded 1) || url,doc.emergingthreats.net/2010413
1 || 2010414 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Encoded 2) || url,doc.emergingthreats.net/2010414
1 || 2010415 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Not Encoded 1) || url,doc.emergingthreats.net/2010415
1 || 2010416 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Not Encoded 2) || url,doc.emergingthreats.net/2010416
1 || 2010417 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Not Encoded 3) || url,doc.emergingthreats.net/2010417
1 || 2010418 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 1) || url,doc.emergingthreats.net/2010418
1 || 2010419 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 2) || url,doc.emergingthreats.net/2010419
1 || 2010420 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Pex Alphanumeric Encoded 3) || url,doc.emergingthreats.net/2010420
1 || 2010421 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (PexFnstenvMov Encoded 1) || url,doc.emergingthreats.net/2010421
1 || 2010422 || 3 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (PexFnstenvMov Encoded 2) || url,doc.emergingthreats.net/2010422
1 || 2010423 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (JmpCallAdditive Encoded 1) || url,doc.emergingthreats.net/2010423
1 || 2010424 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Alpha2 Encoded 1) || url,doc.emergingthreats.net/2010424
1 || 2010425 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Alpha2 Encoded 2) || url,doc.emergingthreats.net/2010425
1 || 2010426 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD Reverse shell (Alpha2 Encoded 3) || url,doc.emergingthreats.net/2010426
1 || 2010427 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Bind shell (SPARC Encoded 1) || url,doc.emergingthreats.net/2010427
1 || 2010428 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Bind shell (SPARC Encoded 2) || url,doc.emergingthreats.net/2010428
1 || 2010429 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Bind shell (Not Encoded 1) || url,doc.emergingthreats.net/2010429
1 || 2010430 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Bind shell (Not Encoded 2) || url,doc.emergingthreats.net/2010430
1 || 2010431 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Bind shell (Not Encoded 3) || url,doc.emergingthreats.net/2010431
1 || 2010432 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Bind shell (Not Encoded 4) || url,doc.emergingthreats.net/2010432
1 || 2010433 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (Not Encoded 1) || url,doc.emergingthreats.net/2010433
1 || 2010434 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (Not Encoded 2) || url,doc.emergingthreats.net/2010434
1 || 2010435 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (SPARC Encoded 1) || url,doc.emergingthreats.net/2010435
1 || 2010436 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (SPARC Encoded 2) || url,doc.emergingthreats.net/2010436
1 || 2010437 || 2 || shellcode-detect || 0 || ET SHELLCODE METASPLOIT BSD SPARC Reverse shell (Not Encoded 3) || url,doc.emergingthreats.net/2010437
1 || 2010438 || 6 || trojan-activity || 0 || ET MALWARE Possible Malicious Applet Access (justexploit kit) || url,www.malwaredomainlist.com/forums/index.php?topic=3570.0 || url,doc.emergingthreats.net/2010438
1 || 2010439 || 8 || trojan-activity || 0 || ET TROJAN Generic Trojan Checkin (UA VBTagEdit) || url,doc.emergingthreats.net/2010439
1 || 2010440 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS Potential Malware Download flash-HQ-plugin exe || url,malwareurl.com || url,doc.emergingthreats.net/2010440
1 || 2010441 || 5 || trojan-activity || 0 || ET TROJAN Possible Storm Variant HTTP Post (S) || url,cyber.secdev.ca/2009/11/russian-malware-bundle || url,www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf || url,doc.emergingthreats.net/2010441
1 || 2010442 || 4 || trojan-activity || 0 || ET TROJAN Possible Storm Variant HTTP Post (U) || url,cyber.secdev.ca/2009/11/russian-malware-bundle || url,www.blackhat.com/presentations/bh-usa-08/Stewart/BH_US_08_Stewart_Protocols_of_the_Storm.pdf || url,doc.emergingthreats.net/2010442
1 || 2010444 || 3 || bad-unknown || 0 || ET DELETED MALWARE Potential Malware Download, pdf exploit || url,malwareurl.com || url,doc.emergingthreats.net/2010444
1 || 2010446 || 3 || bad-unknown || 0 || ET DELETED MALWARE Potential Malware Download, loadjavad.php exploit || url,malwareurl.com || url,doc.emergingthreats.net/2010446
1 || 2010447 || 3 || bad-unknown || 0 || ET DELETED MALWARE Potential Malware Download, rogue antivirus (IAInstall.exe) || url,malwareurl.com || url,doc.emergingthreats.net/2010447
1 || 2010448 || 3 || bad-unknown || 0 || ET DELETED MALWARE Potential Malware Download, trojan zbot || url,malwareurl.com || url,doc.emergingthreats.net/2010448
1 || 2010449 || 3 || bad-unknown || 0 || ET DELETED MALWARE Potential Malware Download, exploit redirect || url,malwareurl.com || url,doc.emergingthreats.net/2010449
1 || 2010450 || 5 || trojan-activity || 0 || ET TROJAN Potential Gemini/Fake AV Download URL Detected || url,www.virustotal.com/analisis/c36e206c6dfe88345815da41c1b14b4f33a9636ad94dd46ce48f5b367f1c736c-1254242791 || url,doc.emergingthreats.net/2010450
1 || 2010452 || 8 || trojan-activity || 0 || ET TROJAN Potential Fake AV GET installer.1.exe || url,www.malwareurl.com || url,doc.emergingthreats.net/2010452
1 || 2010453 || 7 || trojan-activity || 0 || ET TROJAN Potential Fake AV GET installer_1.exe || url,www.malwareurl.com || url,doc.emergingthreats.net/2010453
1 || 2010454 || 3 || successful-admin || 0 || ET ATTACK_RESPONSE Metasploit/Meterpreter - Sending metsrv.dll to Compromised Host || url,doc.emergingthreats.net/2010454
1 || 2010456 || 6 || attempted-user || 0 || ET ACTIVEX SonicWALL SSL VPN Client Remote ActiveX AddRouteEntry Attempt || url,www.securityfocus.com/bid/26288/info || cve,2007-5603 || url,doc.emergingthreats.net/2010456
1 || 2010457 || 6 || attempted-user || 0 || ET WEB_SERVER Possible Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Attempt || url,www.securityfocus.com/bid/35475/info || cve,2009-1203 || url,doc.emergingthreats.net/2010457
1 || 2010458 || 10 || trojan-activity || 0 || ET TROJAN Dropper Checkin (often scripts.dlv4.com related) || url,doc.emergingthreats.net/2010458
1 || 2010460 || 4 || attempted-user || 0 || ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/29191/info || cve,2008-2165 || url,doc.emergingthreats.net/2010460
1 || 2010461 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (MSIE7 na) || url,doc.emergingthreats.net/2010461
1 || 2010462 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible Barracuda IM Firewall smtp_test.cgi Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/37248/info || url,doc.emergingthreats.net/2010462
1 || 2010463 || 6 || successful-user || 0 || ET WEB_SERVER RFI Scanner Success (Fx29ID) || url,doc.emergingthreats.net/2010463 || url,opinion.josepino.com/php/howto_website_hack1
1 || 2010465 || 5 || trojan-activity || 0 || ET TROJAN Potential Fake AV Download (download/install.php) || url,lists.emergingthreats.net/pipermail/emerging-sigs/2009-December/004891.html || url,malwareurl.com || url,www.malwaredomainlist.com || url,doc.emergingthreats.net/2010465
1 || 2010466 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PointComma pctemplate.php pcConfig Parameter Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0911-exploits/pointcomma-rfi.txt || url,doc.emergingthreats.net/2010466
1 || 2010467 || 4 || web-application-attack || 0 || ET ACTIVEX SAP GUI vsflexGrid ActiveX Buffer Overflow Function call Attempt || url,dsecrg.com/pages/vul/show.php?id=117 || url,osvdb.org/show/osvdb/41939 || url,doc.emergingthreats.net/2010467
1 || 2010468 || 6 || web-application-attack || 0 || ET ACTIVEX SAP GUI vsflexGrid ActiveX Archive method Buffer Overflow CLSID Attempt || url,dsecrg.com/pages/vul/show.php?id=117 || url,osvdb.org/show/osvdb/41939 || url,doc.emergingthreats.net/2010468
1 || 2010469 || 6 || web-application-attack || 0 || ET ACTIVEX SAP GUI vsflexGrid ActiveX Text method Buffer Overflow CLSID Attempt || url,dsecrg.com/pages/vul/show.php?id=117 || url,osvdb.org/show/osvdb/41939 || url,doc.emergingthreats.net/2010469
1 || 2010470 || 6 || web-application-attack || 0 || ET ACTIVEX SAP GUI vsflexGrid ActiveX EditSelText method Buffer Overflow CLSID Attempt || url,dsecrg.com/pages/vul/show.php?id=117 || url,osvdb.org/show/osvdb/41939 || url,doc.emergingthreats.net/2010470
1 || 2010471 || 6 || web-application-attack || 0 || ET ACTIVEX SAP GUI vsflexGrid ActiveX EditText method Buffer Overflow CLSID Attempt || url,dsecrg.com/pages/vul/show.php?id=117 || url,osvdb.org/show/osvdb/41939 || url,doc.emergingthreats.net/2010471
1 || 2010472 || 6 || web-application-attack || 0 || ET ACTIVEX SAP GUI vsflexGrid ActiveX CellFontName method Buffer Overflow CLSID Attempt || url,dsecrg.com/pages/vul/show.php?id=117 || url,osvdb.org/show/osvdb/41939 || url,doc.emergingthreats.net/2010472
1 || 2010473 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS p-Table for WordPress wptable-tinymce.php ABSPATH Parameter RFI Attempt || url,osvdb.org/show/osvdb/56763 || url,doc.emergingthreats.net/2010473
1 || 2010474 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla eZine Component d4m_ajax_pagenav.php Remote File Inclusion Attempt || bugtraq,37043 || url,doc.emergingthreats.net/2010474
1 || 2010475 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KR-Web krgourl.php DOCUMENT_ROOT Parameter Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0911-exploits/krweb-rfi.txt || url,doc.emergingthreats.net/2010475
1 || 2010476 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter SELECT FROM SQL Injection Attempt || bugtraq,36808 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || url,doc.emergingthreats.net/2010476
1 || 2010477 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter DELETE FROM SQL Injection Attempt || bugtraq,36808 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || url,doc.emergingthreats.net/2010477
1 || 2010478 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jshop pid Parameter UNION SELECT SQL Injection Attempt || bugtraq,36808 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || url,doc.emergingthreats.net/2010478
1 || 2010479 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter INSERT INTO SQL Injection Attempt || bugtraq,36808 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || url,doc.emergingthreats.net/2010479
1 || 2010480 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jshop component pid Parameter UPDATE SET SQL Injection Attempt || bugtraq,36808 || url,www.packetstormsecurity.org/0910-exploits/joomlajshop-sql.txt || url,doc.emergingthreats.net/2010480
1 || 2010481 || 6 || attempted-user || 0 || ET ACTIVEX SAP AG SAPgui EAI WebViewer2D ActiveX stack buffer overflow CLSid Access || url,dsecrg.com/pages/vul/show.php?id=143 || url,doc.emergingthreats.net/2010481
1 || 2010482 || 5 || attempted-user || 0 || ET ACTIVEX IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb || url,www.kb.cert.org/vuls/id/340420 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17871 || cve,2009-0215 || url,doc.emergingthreats.net/2010482
1 || 2010483 || 7 || attempted-user || 0 || ET ACTIVEX IBM Access Support ActiveX GetXMLValue Stack Overflow Attempt || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ibmegath_getxmlvalue.rb || url,www.kb.cert.org/vuls/id/340420 || url,tools.cisco.com/security/center/viewAlert.x?alertId=17871 || cve,2009-0215 || url,doc.emergingthreats.net/2010483
1 || 2010484 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FormMailer formmailer.admin.inc.php BASE_DIR Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/55751 || url,doc.emergingthreats.net/2010484
1 || 2010485 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phptraverse mp3_id.php GLOBALS Parameter Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0911-exploits/phptraverse-rfi.txt || url,doc.emergingthreats.net/2010485
1 || 2010486 || 2 || attempted-dos || 0 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) || url,www.kb.cert.org/vuls/id/568372 || cve,2009-3563 || url,doc.emergingthreats.net/2010486
1 || 2010487 || 2 || attempted-dos || 0 || ET DOS Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) || url,www.kb.cert.org/vuls/id/568372 || cve,2009-3563 || url,doc.emergingthreats.net/2010487
1 || 2010488 || 2 || attempted-dos || 0 || ET DELETED Potential Inbound NTP denial-of-service attempt (repeated mode 7 request) || url,www.kb.cert.org/vuls/id/568372 || cve,2009-3563 || url,doc.emergingthreats.net/2010488
1 || 2010489 || 2 || attempted-dos || 0 || ET DELETED Potential Inbound NTP denial-of-service attempt (repeated mode 7 reply) || url,www.kb.cert.org/vuls/id/568372 || cve,2009-3563 || url,doc.emergingthreats.net/2010489
1 || 2010490 || 6 || trojan-activity || 0 || ET TROJAN Vundo User-Agent Check-in || url,www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99 || url,doc.emergingthreats.net/2010490
1 || 2010491 || 2 || attempted-dos || 0 || ET DOS Possible MYSQL GeomFromWKB() function Denial Of Service Attempt || url,www.securityfocus.com/bid/37297/info || url,marc.info/?l=oss-security&m=125881733826437&w=2 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297.txt || cve,2009-4019 || url,doc.emergingthreats.net/2010491
1 || 2010492 || 3 || attempted-dos || 0 || ET DOS Possible MYSQL SELECT WHERE to User Variable Denial Of Service Attempt || url,www.securityfocus.com/bid/37297/info || url,marc.info/?l=oss-security&m=125881733826437&w=2 || url,downloads.securityfocus.com/vulnerabilities/exploits/37297-2.txt || cve,2009-4019 || url,doc.emergingthreats.net/2010492
1 || 2010493 || 2 || attempted-recon || 0 || ET SCAN Non-Allowed Host Tried to Connect to MySQL Server || url,www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html || url,doc.emergingthreats.net/2010493
1 || 2010494 || 2 || attempted-recon || 0 || ET SCAN Multiple MySQL Login Failures, Possible Brute Force Attempt || url,doc.emergingthreats.net/2010494
1 || 2010495 || 13 || attempted-user || 0 || ET WEB_CLIENT Possible Adobe Multimedia Doc.media.newPlayer Memory Corruption Attempt || url,www.metasploit.com/redmine/projects/framework/repository/revisions/7881/entry/modules/exploits/windows/fileformat/adobe_media_newplayer.rb || url,vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html || bid,37331 || cve,2009-4324
1 || 2010496 || 6 || trojan-activity || 0 || ET DELETED Adobe 0day Shovelware || url,isc.sans.org/diary.html?storyid=7747 || url,doc.emergingthreats.net/2010496
1 || 2010497 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Facebook Spam Inbound (1) || url,doc.emergingthreats.net/2010497 || url,postmaster.facebook.com/outbound
1 || 2010498 || 4 || trojan-activity || 0 || ET DELETED Facebook Spam Inbound (2) || url,doc.emergingthreats.net/2010498
1 || 2010500 || 5 || trojan-activity || 0 || ET MALWARE Executable purporting to be .txt file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99 || url,doc.emergingthreats.net/2010500
1 || 2010501 || 5 || trojan-activity || 0 || ET MALWARE Executable purporting to be .cfg file with no Referrer - Likely Malware || url,www.symantec.com/security_response/writeup.jsp?docid=2009-072313-3630-99 || url,doc.emergingthreats.net/2010501
1 || 2010505 || 6 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Cisco Adaptive Security Appliance WebVPN Cross Site Scripting Attempt || url,www.securityfocus.com/bid/34307/info || url,tools.cisco.com/security/center/viewAlert.x?alertId=17950 || cve,2009-1220 || url,doc.emergingthreats.net/2010505
1 || 2010506 || 5 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/29191/info || cve,2008-2165 || url,doc.emergingthreats.net/2010506
1 || 2010507 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible APC Switched Rack PDU Web Administration Interface Cross Site Scripting Attempt || url,securitytracker.com/alerts/2009/Dec/1023331.html || url,doc.emergingthreats.net/2010507
1 || 2010508 || 4 || attempted-recon || 0 || ET SCAN Springenwerk XSS Scanner User-Agent Detected || url,springenwerk.org/ || url,doc.emergingthreats.net/2010508
1 || 2010509 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sonicwall NSA E7500 XSS attempt (fwReg parameter) || url,securiteam.com/exploits/6O00C1FQAS.html || url,doc.emergingthreats.net/2010509
1 || 2010510 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible OSSIM uniqueid Parameter Remote Command Execution Attempt || url, www.securityfocus.com/bid/37375/info || url,doc.emergingthreats.net/2010510
1 || 2010511 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sonicwall Global Management System XSS attempt (scrn_name parameter) || url,securiteam.com/exploits/6P00D1FQAG.html || url,doc.emergingthreats.net/2010511
1 || 2010512 || 9 || trojan-activity || 0 || ET TROJAN FakeAV FakeSmoke HTTP POST check-in || url,isc.sans.org/diary.html?storyid=7768 || url,doc.emergingthreats.net/2010512
1 || 2010513 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 401 XSS Attempt (Local Source) || url,doc.emergingthreats.net/2010513
1 || 2010514 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 401 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010514
1 || 2010515 || 5 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 403 XSS Attempt (Local Source) || url,doc.emergingthreats.net/2010515
1 || 2010516 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 403 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010516
1 || 2010517 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 404 XSS Attempt (Local Source) || url,doc.emergingthreats.net/2010517
1 || 2010518 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 404 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010518
1 || 2010519 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 405 XSS Attempt (Local Source) || url,doc.emergingthreats.net/2010519
1 || 2010520 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 405 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010520
1 || 2010521 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 406 XSS Attempt (Local Source) || url,doc.emergingthreats.net/2010521
1 || 2010522 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 406 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010522
1 || 2010524 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 500 XSS Attempt (Internal Source) || url,doc.emergingthreats.net/2010524
1 || 2010525 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 500 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010525
1 || 2010526 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible HTTP 503 XSS Attempt (Internal Source) || url,doc.emergingthreats.net/2010526
1 || 2010527 || 4 || web-application-attack || 0 || ET WEB_CLIENT Possible HTTP 503 XSS Attempt (External Source) || url,doc.emergingthreats.net/2010527
1 || 2010528 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla MyRemote Video Gallery (user_id) Blind SQL Injection Attempt || url,milw0rm.org/exploits/9733 || url,doc.emergingthreats.net/2010528
1 || 2010529 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla component com_jinc (newsid) Blind SQL Injection Attempt || url,milw0rm.org/exploits/9732 || url,doc.emergingthreats.net/2010529
1 || 2010530 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Loggix Project RFI Attempt || url,www.exploit-db.com/exploits/9729/ || url,doc.emergingthreats.net/2010530
1 || 2010531 || 2 || web-application-attack || 0 || ET DELETED Possible PHP-Calendar configfile Remote .PHP File Inclusion Arbitrary Code Execution Attempt || url,securitytracker.com/alerts/2009/Dec/1023375.html || cve,2009-3702 || url,doc.emergingthreats.net/2010531
1 || 2010532 || 3 || trojan-activity || 0 || ET DELETED Malwareurl.com - potential oficla download (annonce.pdf) || url,www.malwareurl.com || url,doc.emergingthreats.net/2010532
1 || 2010534 || 3 || trojan-activity || 0 || ET DELETED Malwareurl.com - potential oficla download (loadjavad.php) || url,www.malwareurl.com || url,doc.emergingthreats.net/2010534
1 || 2010535 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component City Portal (Itemid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt || url,doc.emergingthreats.net/2010535
1 || 2010536 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component Event Manager 1.5 (id) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlacp-sql.txt || url,doc.emergingthreats.net/2010536
1 || 2010537 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_zcalendar (eid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt || url,doc.emergingthreats.net/2010537
1 || 2010538 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_acmis (Itemid) SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlazal-sql.txt || url,doc.emergingthreats.net/2010538
1 || 2010539 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_digistore (pid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0903-exploits/joomladigistore-sql.txt || url,doc.emergingthreats.net/2010539
1 || 2010540 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_jbook (Itemid) Blind SQL Injection Attempt || url,packetstormsecurity.org/filedesc/joomlajbook-sql.txt.html || url,doc.emergingthreats.net/2010540
1 || 2010541 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_personel (id) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlapersonel-sql.txt || url,doc.emergingthreats.net/2010541
1 || 2010542 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_joomportfolio (secid) Blind SQL Injection Attempt || url,packetstormsecurity.org/0912-exploits/joomlaportfolio-sql.txt || url,doc.emergingthreats.net/2010542
1 || 2010543 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (poll.php) || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt || url,doc.emergingthreats.net/2010543
1 || 2010544 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F3Site2009 LFI Exploit Attempt (new.php) || url,packetstormsecurity.org/0912-exploits/f3site2009-lfi.txt || url,doc.emergingthreats.net/2010544
1 || 2010546 || 3 || attempted-admin || 0 || ET EXPLOIT HP Open View Data Protector Buffer Overflow Attempt || url,dvlabs.tippingpoint.com/advisory/TPTI-09-15 || url,doc.emergingthreats.net/2010546 || cve,2007-2281
1 || 2010547 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_username) || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt || url,doc.emergingthreats.net/2010547
1 || 2010548 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_server) || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt || url,doc.emergingthreats.net/2010548
1 || 2010549 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_path) || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt || url,doc.emergingthreats.net/2010549
1 || 2010550 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Barracuda Web Application Firewall 600 XSS attempt (backup_password) || url,packetstormsecurity.org/0912-exploits/barracuda-inject.txt || url,doc.emergingthreats.net/2010550
1 || 2010551 || 8 || trojan-activity || 0 || ET DELETED iPhone Bot iKee.B Contacting C&C || url,mtc.sri.com/iPhone/ || url,doc.emergingthreats.net/2010551
1 || 2010553 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke Module Emporium SQL Injection Attempt || url,milw0rm.com/exploits/3334 || url,packetstormsecurity.org/0912-exploits/phpnukeemporium-sql.txt || url,doc.emergingthreats.net/2010553
1 || 2010554 || 4 || attempted-dos || 0 || ET DOS Netgear DG632 Web Management Denial Of Service Attempt || url, securitytracker.com/alerts/2009/Jun/1022403.html || cve,2009-2256 || url,doc.emergingthreats.net/2010554
1 || 2010555 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_joaktree Component treeId Parameter SELECT FROM SQL Injection Attempt || bugtraq,37178 || url,secunia.com/advisories/37535/ || url,doc.emergingthreats.net/2010555
1 || 2010556 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_joaktree Component treeId Parameter DELETE FROM SQL Injection Attempt || bugtraq,37178 || url,secunia.com/advisories/37535/ || url,doc.emergingthreats.net/2010556
1 || 2010557 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_joaktree Component treeId Parameter UNION SELECT SQL Injection Attempt || bugtraq,37178 || url,secunia.com/advisories/37535/ || url,doc.emergingthreats.net/2010557
1 || 2010558 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_joaktree Component treeId Parameter INSERT INTO SQL Injection Attempt || bugtraq,37178 || url,secunia.com/advisories/37535/ || url,doc.emergingthreats.net/2010558
1 || 2010559 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_joaktree Component treeId Parameter UPDATE SET SQL Injection Attempt || bugtraq,37178 || url,secunia.com/advisories/37535/ || url,doc.emergingthreats.net/2010559
1 || 2010560 || 4 || web-application-attack || 0 || ET ACTIVEX Microsoft Whale Intelligent App Gateway ActiveX Buffer Overflow Function call-1 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/mswhale_checkforupdates.rb || url,www.kb.cert.org/vuls/id/789121 || url,doc.emergingthreats.net/210560
1 || 2010561 || 4 || web-application-attack || 0 || ET ACTIVEX Microsoft Whale Intelligent App Gateway ActiveX Buffer Overflow Function call-2 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/mswhale_checkforupdates.rb || url,www.kb.cert.org/vuls/id/789121 || url,doc.emergingthreats.net/2010561
1 || 2010562 || 6 || web-application-attack || 0 || ET ACTIVEX Microsoft Whale Intelligent Application Gateway ActiveX Buffer Overflow-1 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/mswhale_checkforupdates.rb || url,www.kb.cert.org/vuls/id/789121 || url,doc.emergingthreats.net/2010562
1 || 2010563 || 6 || web-application-attack || 0 || ET ACTIVEX Microsoft Whale Intelligent Application Gateway ActiveX Buffer Overflow-2 || url,dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/mswhale_checkforupdates.rb || url,www.kb.cert.org/vuls/id/789121 || url,doc.emergingthreats.net/2010563
1 || 2010564 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sisplet CMS komentar.php site_path Parameter Remote File Inclusion Attempt || bugtraq,23334 || url,doc.emergingthreats.net/2010564
1 || 2010565 || 12 || trojan-activity || 0 || ET TROJAN Bebloh C&C HTTP POST || url,doc.emergingthreats.net/2010565
1 || 2010566 || 4 || trojan-activity || 0 || ET DELETED Zbot update (av_base/pay.php) || url,www.threatexpert.com/report.aspx?md5=06e69bfb6fffa17c4fc1e23af71b345c || url,doc.emergingthreats.net/2010566
1 || 2010567 || 4 || trojan-activity || 0 || ET DELETED Zbot update (av_base/ip.php) || url,www.threatexpert.com/report.aspx?md5=06e69bfb6fffa17c4fc1e23af71b345c || url,doc.emergingthreats.net/2010567
1 || 2010568 || 4 || trojan-activity || 0 || ET DELETED Zbot update (av-i386-daily.zip) || url,www.threatexpert.com/report.aspx?md5=06e69bfb6fffa17c4fc1e23af71b345c || url,doc.emergingthreats.net/2010565
1 || 2010569 || 6 || trojan-activity || 0 || ET DELETED Trojan Downloader Win32/Small.CBA download || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FSmall.CBA&ThreatID=-2147372177 || url,doc.emergingthreats.net/2010569
1 || 2010570 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Moderate Islam...) || url,doc.emergingthreats.net/2010570
1 || 2010571 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Jihad, Martyrdom...) || url,doc.emergingthreats.net/2010571
1 || 2010572 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (The Call to Global...) || url,doc.emergingthreats.net/2010572
1 || 2010573 || 3 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Knights under the...) || url,doc.emergingthreats.net/2010573
1 || 2010574 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Jihad against...) || url,doc.emergingthreats.net/2010574
1 || 2010575 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Declaration of War against the Americans...) || url,doc.emergingthreats.net/2010575
1 || 2010576 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Join the Caravan of Martyrs...) || url,doc.emergingthreats.net/2010576
1 || 2010577 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Sharia and Democracy...) || url,doc.emergingthreats.net/2010577
1 || 2010578 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Al Qaeda Propaganda Theme (fardh ain) || url,doc.emergingthreats.net/2010578
1 || 2010579 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Al Qaeda Propaganda Theme/Group (Takfir) || url,doc.emergingthreats.net/2010579
1 || 2010580 || 4 || policy-violation || 0 || ET POLICY Possible Reference to Al Qaeda Propaganda Theme (Al-Wala' Wal Bara) || url,doc.emergingthreats.net/2010580
1 || 2010581 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Moderate Islam...) SMTP || url,doc.emergingthreats.net/2010581
1 || 2010582 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Jihad, Martyrdom...) SMTP || url,doc.emergingthreats.net/2010582
1 || 2010583 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (The Call to Global...) SMTP || url,doc.emergingthreats.net/2010583
1 || 2010584 || 3 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Knights under the...) SMTP || url,doc.emergingthreats.net/2010584
1 || 2010585 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Jihad against...) SMTP || url,doc.emergingthreats.net/2010585
1 || 2010586 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Declaration of War against the Americans...) SMTP || url,doc.emergingthreats.net/2010586
1 || 2010587 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Join the Caravan of Martyrs...) SMTP || url,doc.emergingthreats.net/2010587
1 || 2010588 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Terrorist Literature (Sharia and Democracy...) SMTP || url,doc.emergingthreats.net/2010588
1 || 2010589 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Al Qaeda Propaganda Theme (fardh ain) SMTP || url,doc.emergingthreats.net/2010589
1 || 2010590 || 2 || policy-violation || 0 || ET POLICY Possible Reference to Al Qaeda Propaganda Theme/Group (Takfir) SMTP || url,doc.emergingthreats.net/2010590
1 || 2010591 || 4 || policy-violation || 0 || ET POLICY Possible Reference to Al Qaeda Propaganda Theme (Al-Wala' Wal Bara) SMTP || url,doc.emergingthreats.net/2010591
1 || 2010592 || 7 || web-application-attack || 0 || ET WEB_SERVER Possible Microsoft Internet Information Services (IIS) .asp Filename Extension Parsing File Upload Security Bypass Attempt (asp) || url,www.securityfocus.com/bid/37460/info || url,doc.emergingthreats.net/2010592 || url,www.securityfocus.com/bid/37460/info || url,soroush.secproject.com/downloadable/iis-semicolon-report.pdf || cve,2009-4444
1 || 2010593 || 7 || web-application-attack || 0 || ET WEB_SERVER Possible Microsoft Internet Information Services (IIS) .aspx Filename Extension Parsing File Upload Security Bypass Attempt (aspx) || url,www.securityfocus.com/bid/37460/info || url,doc.emergingthreats.net/2010593 || url,www.securityfocus.com/bid/37460/info || url,soroush.secproject.com/downloadable/iis-semicolon-report.pdf || cve,2009-4444
1 || 2010594 || 7 || trojan-activity || 0 || ET TROJAN Potential FakeAV HTTP POST Check-IN (?r=) || url,www.threatexpert.com/report.aspx?md5=94e13e13c6da5e32bde00bc527475bd2 || url,www.malwaredomainlist.com/forums/index.php?topic=3190.420 || url,doc.emergingthreats.net/2010594
1 || 2010595 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (???) || url,doc.emergingthreats.net/2010595
1 || 2010596 || 2 || trojan-activity || 0 || ET TROJAN Trest1 Binary Download Attempt (multiple malware variants served) || url,www.malwaredomainlist.com || url,www.malwareurl.com/search.php?domain=&s=trest1&match=0&rp=200&urls=on&redirs=on&ip=on&reverse=on&as=on || url,doc.emergingthreats.net/2010596
1 || 2010597 || 5 || trojan-activity || 0 || ET TROJAN Potential FakeAV HTTP GET Check-IN (/check) || url,www.threatexpert.com/report.aspx?md5=94e13e13c6da5e32bde00bc527475bd2 || url,www.malwaredomainlist.com/forums/index.php?topic=3190.420 || url,doc.emergingthreats.net/2010597
1 || 2010599 || 6 || trojan-activity || 0 || ET MALWARE User-Agent Mozilla/3.0 || url,doc.emergingthreats.net/2010599
1 || 2010600 || 3 || trojan-activity || 0 || ET DELETED Suspicious User Agent WebUpdate || url,doc.emergingthreats.net/2010600
1 || 2010601 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 35mm Slide Gallery imgdir Parameter Directory Traversal Attempt || url,www.packetstormsecurity.org/0912-exploits/35mmsg-traversal.txt || url,doc.emergingthreats.net/2010601
1 || 2010602 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClarkConnect Linux proxy.php XSS Attempt || url,www.securityfocus.com/bid/37446/info || url,doc.emergingthreats.net/2010602
1 || 2010604 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PozScripts Classified Ads 'store_info.php' SQL Injection Attempt || url,www.securityfocus.com/bid/37541/info || url,doc.emergingthreats.net/2010604
1 || 2010605 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Component com_viewfulllisting SQL Injection Attempt || url,www.packetstormsecurity.org/0912-exploits/mambovfl-sql.txt || url,doc.emergingthreats.net/2010605
1 || 2010606 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_kkcontent Blind SQL Injection Attempt || url,www.packetstormsecurity.org/0912-exploits/joomlakkcontent-sql.txt || url,doc.emergingthreats.net/2010606
1 || 2010607 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Attempt || url,www.packetstormsecurity.org/0912-exploits/xoopsdictionary-sql.txt || url,doc.emergingthreats.net/2010607
1 || 2010608 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iPortal X gallery_show.asp GID parameter Blind SQL Injection Attempt || url,www.packetstormsecurity.org/0912-exploits/galleryshow-sql.txt || url,doc.emergingthreats.net/2010608
1 || 2010609 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Helpdesk Pilot Knowledge Base SQL Injection Attempt || url,www.www.packetstormsecurity.org/0912-exploits/helpdesk-sql.txt || url,doc.emergingthreats.net/2010609
1 || 2010610 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RoseOnline CMS LFI Attempt || url,www.packetstormsecurity.org/0912-exploits/roseonlinecms-lfi.txt || url,doc.emergingthreats.net/2010610
1 || 2010611 || 6 || web-application-attack || 0 || ET ACTIVEX HP Openview NNM ActiveX DisplayName method Memory corruption Attempt || url,www.securityfocus.com/archive/1/507948 || url,doc.emergingthreats.net/2010611
1 || 2010612 || 6 || web-application-attack || 0 || ET ACTIVEX HP Openview NNM ActiveX AddGroup method Memory corruption Attempt || url,www.securityfocus.com/archive/1/507948 || url,doc.emergingthreats.net/2010612
1 || 2010613 || 6 || web-application-attack || 0 || ET ACTIVEX HP Openview NNM ActiveX InstallComponent method Memory corruption Attempt || url,www.securityfocus.com/archive/1/507948 || url,doc.emergingthreats.net/2010613
1 || 2010614 || 6 || web-application-attack || 0 || ET ACTIVEX HP Openview NNM ActiveX Subscribe method Memory corruption Attempt || url,www.securityfocus.com/archive/1/507948 || url,doc.emergingthreats.net/2010614
1 || 2010615 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBMS invoices_discount_ajax.php id Parameter SELECT FROM SQL Injection Attempt || url,osvdb.org/show/osvdb/59194 || url,xforce.iss.net/xforce/xfdb/51650 || url,doc.emergingthreats.net/2010615
1 || 2010616 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBMS invoices_discount_ajax.php id Parameter DELETE FROM SQL Injection Attempt || url,osvdb.org/show/osvdb/59194 || url,xforce.iss.net/xforce/xfdb/51650 || url,doc.emergingthreats.net/2010616
1 || 2010617 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBMS invoices_discount_ajax.php id Parameter UNION SELECT SQL Injection Attempt || url,osvdb.org/show/osvdb/59194 || url,xforce.iss.net/xforce/xfdb/51650 || url,doc.emergingthreats.net/2010617
1 || 2010618 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBMS invoices_discount_ajax.php id Parameter INSERT INTO SQL Injection Attempt || url,osvdb.org/show/osvdb/59194 || url,xforce.iss.net/xforce/xfdb/51650 || url,doc.emergingthreats.net/2010618
1 || 2010619 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBMS invoices_discount_ajax.php id Parameter UPDATE SET SQL Injection Attempt || url,osvdb.org/show/osvdb/59194 || url,xforce.iss.net/xforce/xfdb/51650 || url,doc.emergingthreats.net/2010619
1 || 2010620 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mamboleto Joomla component mamboleto.php Remote File Inclusion Attempt || url,xforce.iss.net/xforce/xfdb/54662 || url,www.exploit-db.com/exploits/10369 || url,doc.emergingthreats.net/2010620
1 || 2010621 || 4 || web-application-attack || 0 || ET WEB_SERVER SQL Injection Attempt (Agent CZ32ts) || url,doc.emergingthreats.net/2009029 || url,www.Whitehatsecurityresponse.blogspot.com
1 || 2010622 || 4 || web-application-attack || 0 || ET WEB_SERVER Possible Cisco Subscriber Edge Services Manager Cross Site Scripting/HTML Injection Attempt || url,www.securityfocus.com/bid/34454/info || url,doc.emergingthreats.net/2010622
1 || 2010623 || 3 || web-application-attack || 0 || ET WEB_SERVER Cisco IOS HTTP Server Exec Command Execution Attempt || url,articles.techrepublic.com.com/5100-10878_11-6039967.html || url,doc.emergingthreats.net/2010623
1 || 2010624 || 2 || attempted-dos || 0 || ET CURRENT_EVENTS Possible Cisco PIX/ASA Denial Of Service Attempt (Hping Created Packets) || url,www.securityfocus.com/bid/34429/info || url,www.securityfocus.com/bid/34429/exploit || url,www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080a99518.html || cve,2009-1157 || url,doc.emergingthreats.net/2010624
1 || 2010625 || 7 || trojan-activity || 0 || ET TROJAN FakeAV Landing Page (aid,sid) || url,www.bleepingcomputer.com/forums/lofiversion/index.php/t247125.html || url,doc.emergingthreats.net/2010625
1 || 2010626 || 7 || trojan-activity || 0 || ET TROJAN Likely FakeAV/Fakeinit/FraudLoad Checkin || url,www.threatexpert.com/report.aspx?md5=f5e907a11831c757a94cde9257b3574c || url,doc.emergingthreats.net/2010626
1 || 2010627 || 7 || trojan-activity || 0 || ET TROJAN Likely FakeAV/Fakeinit/FraudLoad Checkin || url,www.threatexpert.com/report.aspx?md5=f5e907a11831c757a94cde9257b3574c || url,doc.emergingthreats.net/2010627
1 || 2010628 || 7 || trojan-activity || 0 || ET TROJAN Likely FakeAV/Fakeinit/FraudLoad Checkin || url,www.threatexpert.com/report.aspx?md5=f5e907a11831c757a94cde9257b3574c || url,doc.emergingthreats.net/2010628
1 || 2010629 || 3 || trojan-activity || 0 || ET DELETED MySpace Spam Inbound || url,doc.emergingthreats.net/2010629
1 || 2010630 || 5 || trojan-activity || 0 || ET MALWARE Generic Adware Install Report || url,doc.emergingthreats.net/2010630
1 || 2010631 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyFusion last_seen_users_panel.php settings Parameter Local File Inclusion Attempt || url,osvdb.org/show/osvdb/56583 || url,www.exploit-db.com/exploits/9018/ || url,doc.emergingthreats.net/2010631
1 || 2010636 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jphoto Component Id Parameter SELECT FROM SQL Injection Attempt || bugtraq,37279 || url,doc.emergingthreats.net/2010636
1 || 2010637 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jphoto Component Id Parameter DELETE FROM SQL Injection Attempt || bugtraq,37279 || url,doc.emergingthreats.net/2010637
1 || 2010638 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jphoto Component Id Parameter UNION SELECT SQL Injection Attempt || bugtraq,37279 || url,doc.emergingthreats.net/2010638
1 || 2010639 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jphoto Component Id Parameter INSERT INTO SQL Injection Attempt || bugtraq,37279 || url,doc.emergingthreats.net/2010639
1 || 2010640 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jphoto Component Id Parameter UPDATE SET SQL Injection Attempt || bugtraq,37279 || url,doc.emergingthreats.net/2010640
1 || 2010641 || 2 || misc-activity || 0 || ET SCAN ICMP @hello request, Likely Precursor to Scan || url,doc.emergingthreats.net/2010641
1 || 2010642 || 3 || attempted-recon || 0 || ET SCAN Multiple FTP Root Login Attempts from Single Source - Possible Brute Force Attempt || url,doc.emergingthreats.net/2010642
1 || 2010643 || 3 || attempted-recon || 0 || ET SCAN Multiple FTP Administrator Login Attempts from Single Source - Possible Brute Force Attempt || url,doc.emergingthreats.net/2010643
1 || 2010644 || 15 || trojan-activity || 0 || ET CURRENT_EVENTS UPS Spam Inbound
1 || 2010645 || 8 || trojan-activity || 0 || ET POLICY User-Agent (Launcher) || url,doc.emergingthreats.net/2010645
1 || 2010646 || 3 || trojan-activity || 0 || ET TROJAN Lethic Spambot CnC Initial Connect || url,www.m86security.com/trace/spambotitem.asp?article=1205 || url,doc.emergingthreats.net/2010646
1 || 2010647 || 3 || trojan-activity || 0 || ET TROJAN Lethic Spambot CnC Initial Connect Bot Response || url,www.m86security.com/trace/spambotitem.asp?article=1205 || url,doc.emergingthreats.net/2010647
1 || 2010648 || 3 || trojan-activity || 0 || ET TROJAN Lethic Spambot CnC Connect Command || url,www.m86security.com/trace/spambotitem.asp?article=1205 || url,doc.emergingthreats.net/2010648
1 || 2010649 || 3 || trojan-activity || 0 || ET TROJAN Lethic Spambot CnC Connect Command (port 25 specifically) || url,www.m86security.com/trace/spambotitem.asp?article=1205 || url,doc.emergingthreats.net/2010649
1 || 2010650 || 3 || trojan-activity || 0 || ET TROJAN Lethic Spambot CnC Bot Command Confirmation || url,www.m86security.com/trace/spambotitem.asp?article=1205 || url,doc.emergingthreats.net/2010650
1 || 2010651 || 3 || trojan-activity || 0 || ET TROJAN Lethic Spambot CnC Bot Transaction Relay || url,www.m86security.com/trace/spambotitem.asp?article=1205 || url,doc.emergingthreats.net/2010651
1 || 2010652 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php SELECT FROM SQL Injection Attempt || url,www.exploit-db.com/exploits/10479 || url,doc.emergingthreats.net/2010652
1 || 2010653 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php DELETE FROM SQL Injection Attempt || url,www.exploit-db.com/exploits/10479 || url,doc.emergingthreats.net/2010653
1 || 2010654 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php UNION SELECT SQL Injection Attempt || url,www.exploit-db.com/exploits/10479 || url,doc.emergingthreats.net/2010654
1 || 2010655 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php INSERT INTO SQL Injection Attempt || url,www.exploit-db.com/exploits/10479 || url,doc.emergingthreats.net/2010655
1 || 2010656 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php UPDATE SET SQL Injection Attempt || url,www.exploit-db.com/exploits/10479 || url,doc.emergingthreats.net/2010656
1 || 2010657 || 5 || web-application-attack || 0 || ET ACTIVEX EasyMail Object SMTP Component Buffer Overflow Function call Attempt || url,secunia.com/advisories/24199/ || url,www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb || url,doc.emergingthreats.net/2010657
1 || 2010658 || 2 || web-application-attack || 0 || ET ACTIVEX EasyMail Object IMAP4 Component Buffer Overflow Function call Attempt || url,secunia.com/advisories/24199/ || url,doc.emergingthreats.net/2010658
1 || 2010659 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla mojoBlog wp-comments-post.php Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0912-exploits/joomlamojoblog-rfi.txt || bugtraq,37179 || url,doc.emergingthreats.net/2010659
1 || 2010660 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla mojoBlog wp-trackback.php Remote File Inclusion Attempt || url,www.packetstormsecurity.nl/0912-exploits/joomlamojoblog-rfi.txt || bugtraq,37179 || url,doc.emergingthreats.net/2010660
1 || 2010661 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS epay a_affil.php _REQUEST Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10697 || url,doc.emergingthreats.net/2010661
1 || 2010664 || 5 || attempted-user || 0 || ET WEB_CLIENT Possible Adobe Reader and Acrobat Forms Data Format Remote Security Bypass Attempt || url,www.securityfocus.com/bid/37763 || cve,2009-3956 || url,doc.emergingthreats.net/2010664 || url,www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf
1 || 2010665 || 7 || attempted-user || 0 || ET ACTIVEX Possible NOS Microsystems Adobe Reader/Acrobat getPlus Get_atlcomHelper ActiveX Control Multiple Stack Overflows Remote Code Execution Attempt || url,www.securityfocus.com/bid/37759 || url,www.kb.cert.org/vuls/id/773545 || url,www.adobe.com/support/security/bulletins/apsb10-02.html || url,www.exploit-db.com/exploits/11172/ || cve,2009-3958 || url,doc.emergingthreats.net/2010665
1 || 2010666 || 3 || attempted-user || 0 || ET DELETED Adobe Macromedia Flash Player In Windows XP Remote Arbitrary Code Execution CLSID Access Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=19710 || url,www.kb.cert.org/vuls/id/204889 || url,www.microsoft.com/technet/security/advisory/979267.mspx || url,doc.emergingthreats.net/2010666
1 || 2010667 || 5 || web-application-attack || 0 || ET WEB_SERVER /bin/bash In URI, Possible Shell Command Execution Attempt Within Web Exploit || url,doc.emergingthreats.net/2010667
1 || 2010669 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring Application INTO OUTFILE SQL Injection Attempt || url,www.securityfocus.com/bid/37802/info || url,doc.emergingthreats.net/2010669
1 || 2010670 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring Application SELECT FROM SQL Injection Attempt || url,www.securityfocus.com/bid/37802/info || url,doc.emergingthreats.net/2010670
1 || 2010672 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring Application INSERT INTO SQL Injection Attempt || url,www.securityfocus.com/bid/37802/info || url,doc.emergingthreats.net/2010672
1 || 2010673 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Network Monitoring Application UNTION SELECT SQL Injection Attempt || url,www.securityfocus.com/bid/37802/info || url,doc.emergingthreats.net/2010673
1 || 2010674 || 7 || attempted-dos || 0 || ET DOS Cisco 4200 Wireless Lan Controller Long Authorisation Denial of Service Attempt || url,www.securityfocus.com/bid/35805 || url,www.cisco.com/warp/public/707/cisco-amb-20090727-wlc.shtml || cve,2009-1164 || url,doc.emergingthreats.net/2010674
1 || 2010675 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (SogouExplorerMiniSetup) || url,doc.emergingthreats.net/2010675
1 || 2010676 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (Fast Browser Search) || url,doc.emergingthreats.net/2010676
1 || 2010677 || 6 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (My Session) || url,doc.emergingthreats.net/2010677
1 || 2010678 || 6 || trojan-activity || 0 || ET TROJAN Win32.OnLineGames User-Agent (BigFoot) || url,doc.emergingthreats.net/2010678
1 || 2010679 || 5 || trojan-activity || 0 || ET MALWARE Trojan.Win32.InternetAntivirus User-Agent (General Antivirus) || url,doc.emergingthreats.net/2010679
1 || 2010680 || 5 || trojan-activity || 0 || ET MALWARE chnsystem.com Spyware User-Agent (Update1.0) || url,doc.emergingthreats.net/2010680
1 || 2010681 || 2 || misc-activity || 0 || ET SCAN ICMP Delphi, Likely Precursor to Scan || url,www.koders.com/delphi/fid942A4EAF946B244BD3CD9BC83FEAAC35BA1F38AB.aspx || url,doc.emergingthreats.net/2010681
1 || 2010682 || 5 || trojan-activity || 0 || ET DELETED FakeAV AntivirusDoktor2009 User-Agent (768) || url,doc.emergingthreats.net/2010682
1 || 2010683 || 6 || trojan-activity || 0 || ET DELETED FakeAV AntivirusDoktor2009 User-Agent (657) || url,doc.emergingthreats.net/2010683
1 || 2010684 || 4 || trojan-activity || 0 || ET TROJAN Likely Fake Antivirus Download Setup_2012.exe || url,doc.emergingthreats.net/xxxxxxx
1 || 2010686 || 2 || misc-activity || 0 || ET SCAN ICMP =XXXXXXXX Likely Precursor to Scan || url,doc.emergingthreats.net/2010686
1 || 2010687 || 5 || web-application-attack || 0 || ET WEB_SERVER HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow Attempt || cve,2009-3849 || url,doc.emergingthreats.net/2010687
1 || 2010690 || 4 || attempted-user || 0 || ET ACTIVEX Possible activePDF WebGrabber ActiveX Control Buffer Overflow Function Call Attempt || url,www.fortiguard.com/encyclopedia/vulnerability/activepdf.webgrabber.apwebgrb.ocx.activex.access.html || url,packetstormsecurity.org/0911-exploits/activepdf_webgrabber.rb.txt || url,doc.emergingthreats.net/2010690
1 || 2010691 || 5 || attempted-user || 0 || ET ACTIVEX Possible activePDF WebGrabber ActiveX Control Buffer Overflow Attempt || url,www.fortiguard.com/encyclopedia/vulnerability/activepdf.webgrabber.apwebgrb.ocx.activex.access.html || url,packetstormsecurity.org/0911-exploits/activepdf_webgrabber.rb.txt || url,doc.emergingthreats.net/2010691
1 || 2010692 || 4 || attempted-user || 0 || ET ACTIVEX Possible McAfee Remediation Client Enginecom.Dll ActiveX Code Execution Function Call Attempt || url,fgc.fortinet.com/encyclopedia/vulnerability/mcafee.remediation.client.enginecom.dll.activex.access.html || url,doc.emergingthreats.net/2010692
1 || 2010693 || 6 || attempted-user || 0 || ET ACTIVEX Possible Novell iPrint Client ExecuteRequest ActiveX Control Buffer Overflow Attempt || cve,2008-0935 || url,doc.emergingthreats.net/2010693
1 || 2010694 || 6 || attempted-user || 0 || ET ACTIVEX Possible Novell iPrint Client GetDriverSettings ActiveX Control Buffer Overflow Attempt || cve,2008-2908 || url,doc.emergingthreats.net/2010694
1 || 2010695 || 2 || trojan-activity || 0 || ET TROJAN Aurora Backdoor (C&C) client connection to CnC || url,www.trustedsource.org/blog/373/An-Insight-into-the-Aurora-Communication-Protocol || url,doc.emergingthreats.net/2010695
1 || 2010696 || 2 || trojan-activity || 0 || ET TROJAN Aurora Backdoor (C&C) connection CnC response || url,www.trustedsource.org/blog/373/An-Insight-into-the-Aurora-Communication-Protocol || url,doc.emergingthreats.net/2010696
1 || 2010697 || 5 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent Beginning with digits - Likely spyware/trojan || url,doc.emergingthreats.net/2010697
1 || 2010698 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible D-Link Router HNAP Protocol Security Bypass Attempt || url,www.securityfocus.com/bid/37690 || url,doc.emergingthreats.net/2010698
1 || 2010699 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible HP Power Manager Management Web Server Login Remote Buffer Overflow Attempt || url,www.securityfocus.com/bid/36933 || cve,2009-2685 || url,doc.emergingthreats.net/2010699
1 || 2010700 || 6 || trojan-activity || 0 || ET TROJAN Likely Koobface Beaconing (getexe) || url,doc.emergingthreats.net/2010700
1 || 2010701 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VBulletin 4.0.1 SQL Injection Attempt || url,www.packetstormsecurity.org/1001-exploits/vbulletin401-sql.txt || url,doc.emergingthreats.net/2010701
1 || 2010702 || 4 || attempted-user || 0 || ET ACTIVEX Possible Windows Live Messenger ActiveX Control RichUploadControlContextData Buffer Overflow Attempt || url,www.securityfocus.com/bid/37908/info || url,doc.emergingthreats.net/2010702
1 || 2010703 || 4 || attempted-user || 0 || ET ACTIVEX Possible Windows Live Messenger ActiveX Control RichUploadControlContextData Buffer Overflow Function Call Attempt || url,www.securityfocus.com/bid/37908/info || url,doc.emergingthreats.net/2010703
1 || 2010704 || 5 || web-application-attack || 0 || ET WEB_SERVER Possible HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow Attempt || cve,2009-4179 || url,doc.emergingthreats.net/2010704
1 || 2010705 || 3 || attempted-user || 0 || ET ACTIVEX Adobe browser document ActiveX DoS Function call Attempt || url,www.packetstormsecurity.nl/0911-exploits/acropdf-dos.txt || url,doc.emergingthreats.net/2010705
1 || 2010706 || 9 || policy-violation || 0 || ET USER_AGENTS Internet Explorer 6 in use - Significant Security Risk || url,doc.emergingthreats.net/2010706
1 || 2010707 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dros core.write_compiled_include.php smarty Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10682 || url,doc.emergingthreats.net/2010707
1 || 2010708 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dros core.process_compiled_include.php smarty Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10682 || url,doc.emergingthreats.net/2010708
1 || 2010709 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dros function.config_load.php _compile_file Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10682 || url,doc.emergingthreats.net/2010709
1 || 2010710 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Foobla Suggestions Component idea_id SELECT FROM SQL Injection Attempt || bugtraq,36425 || url,doc.emergingthreats.net/2010710
1 || 2010711 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Foobla Suggestions Component idea_id DELETE FROM SQL Injection Attempt || bugtraq,36425 || url,doc.emergingthreats.net/2010711
1 || 2010712 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Foobla Suggestions Component idea_id UNION SELECT SQL Injection Attempt || bugtraq,36425 || url,doc.emergingthreats.net/2010712
1 || 2010713 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Foobla Suggestions Component idea_id INSERT INTO SQL Injection Attempt || bugtraq,36425 || url,doc.emergingthreats.net/2010713
1 || 2010714 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Foobla Suggestions Component idea_id UPDATE SET SQL Injection Attempt || bugtraq,36425 || url,doc.emergingthreats.net/2010714
1 || 2010715 || 9 || web-application-attack || 0 || ET SCAN ZmEu exploit scanner || url,doc.emergingthreats.net/2010715
1 || 2010716 || 3 || trojan-activity || 0 || ET DELETED Malwareurl - wywg executable download Likely Malware || url,malwareurl.com || url,doc.emergingthreats.net/2010716
1 || 2010717 || 5 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (FaceCooker) || url,doc.emergingthreats.net/2010717
1 || 2010718 || 6 || trojan-activity || 0 || ET TROJAN Gootkit Checkin User-Agent (Gootkit HTTP Client) || url,doc.emergingthreats.net/2010718
1 || 2010719 || 2 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS e107 CMS backdoor access, admin-access cookie and HTTP POST || url,seclists.org/fulldisclosure/2010/Jan/480 || url,www.e107.org/news.php || url,doc.emergingthreats.net/2010719
1 || 2010720 || 3 || web-application-attack || 0 || ET WEB_SERVER PHP Scan Precursor || url,doc.emergingthreats.net/2010720
1 || 2010721 || 7 || bad-unknown || 0 || ET USER_AGENTS Suspicious Non-Escaping backslash in User-Agent Outbound || url,www.w3.org/Protocols/rfc2616/rfc2616-sec14.html || url,mws.amazon.com/docs/devGuide/UserAgent.html || url,doc.emergingthreats.net/2010721
1 || 2010722 || 7 || bad-unknown || 0 || ET USER_AGENTS Suspicious Non-Escaping backslash in User-Agent Inbound || url,www.w3.org/Protocols/rfc2616/rfc2616-sec14.html || url,mws.amazon.com/docs/devGuide/UserAgent.html || url,doc.emergingthreats.net/2010722
1 || 2010723 || 4 || trojan-activity || 0 || ET TROJAN Oficla Russian Malware Bundle C&C instruction response with runurl || url,malwarelab.org/2009/11/russian-malware-bundle/ || url,doc.emergingthreats.net/2010723
1 || 2010724 || 4 || trojan-activity || 0 || ET TROJAN Oficla Russian Malware Bundle C&C instruction response || url,malwarelab.org/2009/11/russian-malware-bundle/ || url,doc.emergingthreats.net/2010724
1 || 2010725 || 8 || attempted-recon || 0 || ET POLICY ApacheBenchmark Tool User-Agent Detected || url,httpd.apache.org/docs/2.0/programs/ab.html/ || url,doc.emergingthreats.net/2010725
1 || 2010726 || 3 || attempted-user || 0 || ET ACTIVEX Adobe browser document ActiveX DoS Attempt || url,www.packetstormsecurity.nl/0911-exploits/acropdf-dos.txt || url,doc.emergingthreats.net/2010726
1 || 2010727 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (Live Enterprise Suite) || url,doc.emergingthreats.net/2010727
1 || 2010728 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress wp-admin/admin.php Module Configuration Security Bypass Attempt || url,www.securityfocus.com/bid/35584 || cve,2009-2334 || url,doc.emergingthreats.net/2010728
1 || 2010729 || 6 || trojan-activity || 0 || ET DELETED Zeus Bot / Zbot Checkin (/us01d/in.php) || url,garwarner.blogspot.com/2010/01/american-bankers-association-version-of.html || url,doc.emergingthreats.net/2010729
1 || 2010730 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible Cisco ASA Appliance Clientless SSL VPN HTML Rewriting Security Bypass Attempt/Cross Site Scripting Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=18442 || url,www.securityfocus.com/archive/1/504516 || url,www.securityfocus.com/bid/35476 || cve,2009-1201 || cve,2009-1202 || url,doc.emergingthreats.net/2010730
1 || 2010731 || 4 || attempted-recon || 0 || ET FTP FTP CWD command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010731
1 || 2010732 || 2 || attempted-recon || 0 || ET FTP FTP SITE command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010732
1 || 2010733 || 2 || attempted-recon || 0 || ET FTP FTP RMDIR command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010733
1 || 2010734 || 2 || attempted-recon || 0 || ET FTP FTP MKDIR command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010734
1 || 2010735 || 2 || attempted-recon || 0 || ET FTP FTP PWD command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010735
1 || 2010736 || 2 || attempted-recon || 0 || ET FTP FTP RETR command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010736
1 || 2010737 || 2 || attempted-recon || 0 || ET FTP FTP NLST command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010737
1 || 2010738 || 2 || attempted-recon || 0 || ET FTP FTP RNTO command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010738
1 || 2010739 || 2 || attempted-recon || 0 || ET FTP FTP RNFR command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010739
1 || 2010740 || 2 || attempted-recon || 0 || ET FTP FTP STOR command attempt without login || url,www.nsftools.com/tips/RawFTP.htm || url,doc.emergingthreats.net/2010740
1 || 2010741 || 4 || trojan-activity || 0 || ET TROJAN Suspicious exe.exe request - possible downloader/Oficla || url,anubis.iseclab.org/?action=result&task_id=11873c8979f34c8d4fd0da512df635cac&format=txt || url,doc.emergingthreats.net/2010741
1 || 2010742 || 4 || trojan-activity || 0 || ET DELETED Pinkslipbot Trojan Downloader || url,doc.emergingthreats.net/2010742
1 || 2010743 || 8 || trojan-activity || 0 || ET TROJAN Oficla Checkin (1) || url,www.threatexpert.com/report.aspx?md5=f71d48a86776f8c0da4d7a46257ff97c || url,doc.emergingthreats.net/2010743
1 || 2010744 || 4 || trojan-activity || 0 || ET TROJAN Oficla Russian Malware Bundle C&C instruction response (2) || url,malwarelab.org/2009/11/russian-malware-bundle/ || url,doc.emergingthreats.net/2010744
1 || 2010745 || 2 || attempted-user || 0 || ET ACTIVEX SoftArtisans XFile FileManager ActiveX stack overfow Function call Attempt || url,www.kb.cert.org/vuls/id/914785 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,osvdb.org/47794 || url,doc.emergingthreats.net/2010745
1 || 2010746 || 2 || attempted-user || 0 || ET ACTIVEX SoftArtisans XFile FileManager ActiveX Buildpath method stack overflow Attempt || url,www.kb.cert.org/vuls/id/914785 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,osvdb.org/47794 || url,doc.emergingthreats.net/2010746
1 || 2010747 || 2 || attempted-user || 0 || ET ACTIVEX SoftArtisans XFile FileManager ActiveX GetDriveName method stack overflow Attempt || url,www.kb.cert.org/vuls/id/914785 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,osvdb.org/47794 || url,doc.emergingthreats.net/2010747
1 || 2010748 || 2 || attempted-user || 0 || ET ACTIVEX SoftArtisans XFile FileManager ActiveX DriveExists method stack overflow Attempt || url,www.kb.cert.org/vuls/id/914785 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,osvdb.org/47794 || url,doc.emergingthreats.net/2010748
1 || 2010749 || 2 || attempted-user || 0 || ET ACTIVEX SoftArtisans XFile FileManager ActiveX DeleteFile method stack overflow Attempt || url,www.kb.cert.org/vuls/id/914785 || url,/www.packetstormsecurity.nl/0911-exploits/softartisans_getdrivename.rb.txt || url,osvdb.org/47794 || url,doc.emergingthreats.net/2010749
1 || 2010750 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter SELECT FROM SQL Injection Attempt || bugtraq,37146 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || url,doc.emergingthreats.net/2010750
1 || 2010751 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter DELETE FROM SQL Injection Attempt || bugtraq,37146 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || url,doc.emergingthreats.net/2010751
1 || 2010752 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter UNION SELECT SQL Injection Attempt || bugtraq,37146 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || url,doc.emergingthreats.net/2010752
1 || 2010753 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter INSERT INTO SQL Injection Attempt || bugtraq,37146 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || url,doc.emergingthreats.net/2010753
1 || 2010754 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_musicgallery Component Id Parameter UPDATE SET SQL Injection Attempt || bugtraq,37146 || url,www.packetstormsecurity.nl/0911-exploits/joomlamg-sql.txt || url,doc.emergingthreats.net/2010754
1 || 2010755 || 4 || attempted-dos || 0 || ET DOS IBM DB2 kuddb2 Remote Denial of Service Attempt || url,www.securityfocus.com/bid/38018 || url,intevydis.blogspot.com/2010/01/ibm-db2-97-kuddb2-dos.html || url,doc.emergingthreats.net/2010755
1 || 2010756 || 3 || trojan-activity || 0 || ET TROJAN Sasfis Botnet Client Reporting Back to Controller After Command Execution || url,www.fortiguard.com/analysis/sasfisanalysis.html || url,doc.emergingthreats.net/2010756
1 || 2010757 || 6 || not-suspicious || 0 || ET WEB_CLIENT VLC Media Player Aegisub Advanced SubStation (.ass) File Request flowbit set || url,doc.emergingthreats.net/2010757
1 || 2010758 || 5 || attempted-user || 0 || ET WEB_CLIENT VLC Media Player .ass File Buffer Overflow Attempt || url,www.securityfocus.com/bid/37832/info || url,doc.emergingthreats.net/2010758
1 || 2010759 || 2 || attempted-admin || 0 || ET EXPLOIT Xerox WorkCentre PJL Daemon Buffer Overflow Attempt || url,www.securityfocus.com/bid/38010 || url,doc.emergingthreats.net/2010759
1 || 2010760 || 6 || attempted-user || 0 || ET ACTIVEX Possible Gracenote CDDBControl ActiveX Control ViewProfile Method Heap Buffer Overflow Attempt || url,www.securityfocus.com/bid/37834 || url,doc.emergingthreats.net/2010760
1 || 2010761 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery Attempt || url,www.securityfocus.com/bid/37843 || url,doc.emergingthreats.net/2010761
1 || 2010762 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery UserCommand Attempt || url,www.securityfocus.com/bid/37843 || url,doc.emergingthreats.net/2010762
1 || 2010763 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery Ping UserCommand Attempt || url,www.securityfocus.com/bid/37843 || url,doc.emergingthreats.net/2010763
1 || 2010765 || 5 || trojan-activity || 0 || ET TROJAN Zalupko/Koceg/Mandaph HTTP Checkin (2) || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Backdoor%3aWin32%2fKoceg.gen!B || url,www.symantec.com/security_response/writeup.jsp?docid=2008-042816-0445-99&tabid=2 || url,www.threatexpert.com/report.aspx?md5=b2aad8e259cbfdd2ba1fcbf22bcee2e9 || url,doc.emergingthreats.net/2010765
1 || 2010766 || 11 || bad-unknown || 0 || ET POLICY Proxy TRACE Request - inbound || url,doc.emergingthreats.net/2010766
1 || 2010767 || 9 || bad-unknown || 0 || ET POLICY TRACE Request - outbound || url,doc.emergingthreats.net/2010767
1 || 2010768 || 5 || bad-unknown || 0 || ET SCAN Open-Proxy ScannerBot (webcollage-UA)  || url, stateofsecurity.com/?p=526 || url,www.botsvsbrowsers.com/details/214715/index.html || url,doc.emergingthreats.net/2010768
1 || 2010770 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HP System Management Homepage Input Validation Cross Site Scripting Attempt || url,h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000727 || cve,2009-4185 || url,doc.emergingthreats.net/2010770
1 || 2010771 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro view_messages.php row_y5_site_configuration Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010771
1 || 2010772 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro view_blog_comments.php Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010772
1 || 2010773 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro view_blog_archives.php Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010773
1 || 2010774 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro add_comments.php row_y5_site_configuration Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010774
1 || 2010775 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro downloads.php row_y5_site_configuration Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010775
1 || 2010776 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro emailsender.php row_y5_site_configuration Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010776
1 || 2010777 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS asaher pro left_menu.php row_y5_site_configuration Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/asaherpro-rfi.txt || url,doc.emergingthreats.net/2010777
1 || 2010778 || 6 || attempted-user || 0 || ET ACTIVEX HP Mercury Quality Center ActiveX ProgColor Buffer Overflow Attempt -1 || url,secunia.com/advisories/24692/ || url,www.packetstormsecurity.nl/0911-exploits/hpmqc_progcolor.rb.txt || url,www.kb.cert.org/vuls/id/589097 || url,doc.emergingthreats.net/2010778
1 || 2010779 || 6 || attempted-user || 0 || ET ACTIVEX HP Mercury Quality Center ActiveX ProgColor Buffer Overflow Attempt -2 || url,secunia.com/advisories/24692/ || url,www.packetstormsecurity.nl/0911-exploits/hpmqc_progcolor.rb.txt || url,www.kb.cert.org/vuls/id/589097 || url,doc.emergingthreats.net/2010779
1 || 2010780 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla mediaslide component viewer.php path Local File Inclusion Attempt || bugtraq,37440 || url,doc.emergingthreats.net/2010780
1 || 2010781 || 2 || suspicious-filename-detect || 0 || ET POLICY PsExec service created || url,xinn.org/Snort-psexec.html || url,doc.emergingthreats.net/2010781
1 || 2010782 || 2 || suspicious-filename-detect || 0 || ET POLICY RemoteControlX rctrlx service created || url,xinn.org/Snort-rctrlx.html || url,doc.emergingthreats.net/2010782
1 || 2010783 || 3 || suspicious-filename-detect || 0 || ET EXPLOIT GsecDump executed || url,xinn.org/Snort-gsecdump.html || url,doc.emergingthreats.net/2010783
1 || 2010784 || 4 || policy-violation || 0 || ET CHAT Facebook Chat (send message) || url,doc.emergingthreats.net/2010784
1 || 2010785 || 6 || policy-violation || 0 || ET CHAT Facebook Chat (buddy list) || url,doc.emergingthreats.net/2010785
1 || 2010786 || 4 || policy-violation || 0 || ET CHAT Facebook Chat (settings) || url,doc.emergingthreats.net/2010786
1 || 2010787 || 5 || trojan-activity || 0 || ET TROJAN Knockbot Proxy Response From Controller || url,www.malwaredomainlist.com/mdl.php?search=knock.php || url,doc.emergingthreats.net/2010787
1 || 2010788 || 5 || trojan-activity || 0 || ET TROJAN Knockbot Proxy Response From Controller (empty command) || url,www.malwaredomainlist.com/mdl.php?search=knock.php || url,doc.emergingthreats.net/2010788
1 || 2010789 || 5 || trojan-activity || 0 || ET DELETED SpyEye Bot Checkin || url,www.symantec.com/connect/blogs/spyeye-bot-versus-zeus-bot || url,www.symantec.com/business/security_response/writeup.jsp?docid=2010-020216-0135-99 || url,malwareint.blogspot.com/2010/01/spyeye-new-bot-on-market.html || url,www.threatexpert.com/report.aspx?md5=2b8a408b56eaf3ce0198c9d1d8a75ec0 || url,doc.emergingthreats.net/2010789
1 || 2010790 || 4 || trojan-activity || 0 || ET TROJAN Bredavi Configuration Update Response || url,doc.emergingthreats.net/2010790
1 || 2010791 || 3 || trojan-activity || 0 || ET DELETED Bredavi Checkin || url,doc.emergingthreats.net/2010791
1 || 2010794 || 7 || attempted-recon || 0 || ET WEB_SERVER DFind w00tw00t GET-Requests || url,doc.emergingthreats.net/2010794
1 || 2010795 || 8 || trojan-activity || 0 || ET ATTACK_RESPONSE Matahari client || url,doc.emergingthreats.net/2010795
1 || 2010796 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS MALWARE Unknown Malware Download Attempt || url,malwareurl.com || url,doc.emergingthreats.net/2010796
1 || 2010797 || 3 || policy-violation || 0 || ET POLICY Twitter Status Update || url,twitter.com || url,doc.emergingthreats.net/2010797
1 || 2010798 || 4 || attempted-user || 0 || ET WEB_CLIENT Possible Microsoft Internet Explorer URI Validation Remote Code Execution Attempt || url,www.securityfocus.com/bid/37884 || cve,2010-0027 || url,doc.emergingthreats.net/2010798
1 || 2010799 || 5 || attempted-user || 0 || ET WEB_CLIENT Possible Internet Explorer srcElement Memory Corruption Attempt || url,www.microsoft.com/technet/security/bulletin/ms10-002.mspx || url,tools.cisco.com/security/center/viewAlert.x?alertId=19726 || url,www.kb.cert.org/vuls/id/492515 || cve,2010-0249 || url,doc.emergingthreats.net/2010799
1 || 2010800 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F5 Data Manager DiagLogListActionBody.do Local File Inclusion Attempt || url,secunia.com/advisories/38113/ || url,doc.emergingthreats.net/2010800
1 || 2010801 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F5 Data Manager DiagCaptureFileListActionBody.do Local File Inclusion Attempt || url,secunia.com/advisories/38113/ || url,doc.emergingthreats.net/2010801
1 || 2010802 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F5 Data Manager ViewSatReport.do Local File Inclusion Attempt || url,secunia.com/advisories/38113/ || url,doc.emergingthreats.net/2010802
1 || 2010803 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F5 Data Manager DiagCaptureFileListActionBody.do capture parameter LFI Attempt || url,secunia.com/advisories/38113/ || url,doc.emergingthreats.net/2010803
1 || 2010804 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS F5 Data Manager ViewInventoryErrorReport.do Local File Inclusion Attempt || url,secunia.com/advisories/38113/ || url,doc.emergingthreats.net/2010804
1 || 2010805 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_yelp Component cid Parameter SELECT FROM SQL Injection Attempt || bugtraq,38022 || url,doc.emergingthreats.net/2010805
1 || 2010806 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_yelp Component cid Parameter DELETE FROM SQL Injection Attempt || bugtraq,38022 || url,doc.emergingthreats.net/2010806
1 || 2010807 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_yelp Component cid Parameter UNION SELECT SQL Injection Attempt || bugtraq,38022 || url,doc.emergingthreats.net/2010807
1 || 2010808 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_yelp Component cid Parameter INSERT INTO SQL Injection Attempt || bugtraq,38022 || url,doc.emergingthreats.net/2010808
1 || 2010809 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_yelp Component cid Parameter UPDATE SET SQL Injection Attempt || bugtraq,38022 || url,doc.emergingthreats.net/2010809
1 || 2010813 || 5 || attempted-user || 0 || ET WEB_CLIENT VLC Media Player smb URI Handling Remote Buffer Overflow Attempt || url,www.securityfocus.com/bid/35500/info || url,doc.emergingthreats.net/2010813
1 || 2010814 || 5 || attempted-user || 0 || ET ACTIVEX Possible AOL 9.5 BindToFile Heap Overflow Attempt || url,tcc.hellcode.net/advisories/hellcode-adv008.txt || url,doc.emergingthreats.net/2010814
1 || 2010815 || 5 || misc-activity || 0 || ET POLICY Incoming Connection Attempt From Amazon EC2 Cloud || url,doc.emergingthreats.net/2010815
1 || 2010816 || 6 || misc-activity || 0 || ET POLICY Incoming UDP Packet From Amazon EC2 Cloud || url,doc.emergingthreats.net/2010816
1 || 2010817 || 3 || attempted-dos || 0 || ET DOS Possible Cisco ASA 5500 Series Adaptive Security Appliance Remote SIP Inspection Device Reload Denial of Service Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=19915 || cve,2010-0569 || url,doc.emergingthreats.net/2010817
1 || 2010818 || 4 || attempted-dos || 0 || ET DELETED Possible Cisco ASA 5500 Series Adaptive Security Appliance Remote SIP Inspection Device Reload Denial of Service Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=19915 || cve,2010-0569 || url,doc.emergingthreats.net/2010818
1 || 2010819 || 4 || policy-violation || 0 || ET CHAT Facebook Chat using XMPP || url,www.facebook.com/sitetour/chat.php || url,doc.emergingthreats.net/2010819
1 || 2010820 || 4 || web-application-attack || 0 || ET WEB_SERVER Tilde in URI, potential .cgi source disclosure vulnerability || url,seclists.org/fulldisclosure/2009/Sep/0321.html || url,doc.emergingthreats.net/2010820
1 || 2010821 || 3 || trojan-activity || 0 || ET TROJAN Java Downloader likely malicious payload download src=xrun || url,www.bluetack.co.uk/forums/lofiversion/index.php/t18462.html || url,doc.emergingthreats.net/2010821
1 || 2010822 || 5 || trojan-activity || 0 || ET TROJAN smain?scout=acxc Generic Download landing || url,www.bluetack.co.uk/forums/lofiversion/index.php/t18462.html || url,www.threatexpert.com/report.aspx?md5=513077916da4e86827a6000b40db95d5 || url,doc.emergingthreats.net/2010822
1 || 2010823 || 4 || trojan-activity || 0 || ET TROJAN Torpig Related Fake User-Agent (Apache (compatible...)) || url,doc.emergingthreats.net/2010823
1 || 2010824 || 4 || trojan-activity || 0 || ET DELETED Torpig Ping-Pong Keepalives Outbound || url,doc.emergingthreats.net/2010824
1 || 2010825 || 4 || trojan-activity || 0 || ET DELETED Torpig Ping-Pong Keepalives Inbound || url,doc.emergingthreats.net/2010825
1 || 2010826 || 3 || trojan-activity || 0 || ET TROJAN Torpig Initial CnC Connect on port 8392 || url,doc.emergingthreats.net/2010826
1 || 2010827 || 3 || trojan-activity || 0 || ET TROJAN Torpig CnC Connect on port 8392 || url,doc.emergingthreats.net/2010827
1 || 2010828 || 3 || trojan-activity || 0 || ET TROJAN Torpig CnC IP Report Command on port 8392 || url,doc.emergingthreats.net/2010828
1 || 2010829 || 3 || trojan-activity || 0 || ET TROJAN Torpig CnC Report Command on port 8392 || url,doc.emergingthreats.net/2010829
1 || 2010830 || 5 || trojan-activity || 0 || ET DELETED Unknown Dropper Checkin (2) || url,doc.emergingthreats.net/2010830
1 || 2010833 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla intuit component intuit.php approval Local File Inclusion Attempt || url,www.exploit-db.com/exploits/10730 || url,doc.emergingthreats.net/2010833
1 || 2010834 || 6 || attempted-user || 0 || ET ACTIVEX Windows Defender ActiveX DeleteValue/WriteValue method Heap Overflow Attempt || url,www.packetstormsecurity.org/1001-exploits/msdef1-overflow.txt || url,doc.emergingthreats.net/2010834
1 || 2010835 || 4 || attempted-user || 0 || ET ACTIVEX Windows Defender ActiveX DeleteValue method Remote Code Execution Function Call || url,www.packetstormsecurity.org/1001-exploits/msdef1-overflow.txt || url,doc.emergingthreats.net/2010835
1 || 2010837 || 4 || attempted-user || 0 || ET ACTIVEX Windows Defender ActiveX WriteValue method Remote Code Execution Function Call || url,www.packetstormsecurity.org/1001-exploits/msdef2-overflow.txt || url,doc.emergingthreats.net/2010837
1 || 2010838 || 6 || trojan-activity || 0 || ET TROJAN WScript/VBScript XMLHTTP downloader likely malicious get?src= || url,www.bluetack.co.uk/forums/lofiversion/index.php/t18462.html || url,doc.emergingthreats.net/2010838
1 || 2010839 || 6 || attempted-user || 0 || ET ACTIVEX Possible Rising Online Virus Scanner ActiveX Control Scan() Method Stack Buffer Overflow Attempt || url,www.securityfocus.com/bid/38282 || url,doc.emergingthreats.net/2010839
1 || 2010840 || 5 || attempted-user || 0 || ET ACTIVEX Viscom Software Movie Player Pro SDK ActiveX 6.8 Remote Buffer Overflow Attempt || url,en.securitylab.ru/poc/extra/389924.php || url,doc.emergingthreats.net/2010840
1 || 2010841 || 4 || attempted-user || 0 || ET WEB_CLIENT DX Studio Player Firefox Plug-in Command Injection Attempt || cve,2009-2011 || url,doc.emergingthreats.net/2010841
1 || 2010842 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_avosbillets Component id Parameter UPDATE SET SQL Injection Attempt || bugtraq,37576 || url,doc.emergingthreats.net/2010842
1 || 2010843 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_avosbilletsy Component id Parameter SELECT FROM SQL Injection Attempt || bugtraq,37576 || url,doc.emergingthreats.net/2010843
1 || 2010844 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_avosbillets Component id Parameter DELETE FROM SQL Injection Attempt || bugtraq,37576 || url,doc.emergingthreats.net/2010844
1 || 2010845 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_avosbillets Component id Parameter UNION SELECT SQL Injection Attempt || bugtraq,37576 || url,doc.emergingthreats.net/2010845
1 || 2010846 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_avosbillets Component id Parameter INSERT INTO SQL Injection Attempt || bugtraq,37576 || url,doc.emergingthreats.net/2010846
1 || 2010847 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS com_if_nexus controller Parameter Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10754 || url,doc.emergingthreats.net/2010847
1 || 2010848 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla morfeoshow morfeoshow.html.php Remote File Inclusion Attempt || url,secdb.4sec.org/?s1=exp&sid=18773 || url,doc.emergingthreats.net/2010848
1 || 2010851 || 4 || web-application-attack || 0 || ET ACTIVEX Logitech VideoCall ActiveX Start method buffer overflow Attempt || url,osvdb.org/36820 || url,www.packetstormsecurity.nl/0911-exploits/logitechvideocall_start.rb.txt || url,www.kb.cert.org/vuls/id/330289 || url,doc.emergingthreats.net/2010851
1 || 2010852 || 4 || web-application-attack || 0 || ET ACTIVEX WinDVD7 IASystemInfo.DLL ActiveX ApplicationType method buffer overflow Attempt || url,www.packetstormsecurity.nl/0911-exploits/windvd7_applicationtype.rb.txt || url,secunia.com/advisories/24556/ || url,doc.emergingthreats.net/2010852
1 || 2010853 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_job Component id_job Parameter SELECT FROM SQL Injection Attempt || url,packetstorm.foofus.com/1002-exploits/joomlajobcom-sql.txt || url,doc.emergingthreats.net/2010853
1 || 2010854 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_job Component id_job Parameter DELETE FROM SQL Injection Attempt || url,packetstorm.foofus.com/1002-exploits/joomlajobcom-sql.txt || url,doc.emergingthreats.net/2010854
1 || 2010855 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_job Component id_job Parameter UNION SELECT SQL Injection Attempt || url,packetstorm.foofus.com/1002-exploits/joomlajobcom-sql.txt || url,doc.emergingthreats.net/2010855
1 || 2010856 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_job Component id_job Parameter INSERT INTO SQL Injection Attempt || url,packetstorm.foofus.com/1002-exploits/joomlajobcom-sql.txt || url,doc.emergingthreats.net/2010856
1 || 2010857 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_job Component id_job Parameter UPDATE SET SQL Injection Attempt || url,packetstorm.foofus.com/1002-exploits/joomlajobcom-sql.txt || url,doc.emergingthreats.net/2010857
1 || 2010859 || 5 || trojan-activity || 0 || ET DELETED Gh0st Trojan CnC || url,doc.emergingthreats.net/2010859
1 || 2010860 || 5 || trojan-activity || 0 || ET DELETED Gh0st Trojan CnC Response || url,doc.emergingthreats.net/2010860
1 || 2010861 || 7 || trojan-activity || 0 || ET DELETED Zeus Bot Request to CnC || url,doc.emergingthreats.net/2010861
1 || 2010862 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible APC Network Management Card Cross Site Scripting Attempt || cve,2009-1798 || url,doc.emergingthreats.net/2010862
1 || 2010863 || 6 || web-application-attack || 0 || ET WEB_SERVER LANDesk Command Injection Attempt || url,www.coresecurity.com/content/landesk-csrf-vulnerability || cve,2010-0369 || url,doc.emergingthreats.net/2010863
1 || 2010864 || 6 || web-application-attack || 0 || ET WEB_SERVER HP OpenView /OvCgi/Toolbar.exe Accept Language Heap Buffer Overflow Attempt || cve,2009-0921 || url,doc.emergingthreats.net/2010864
1 || 2010865 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Possible Lotus Domino readme.nsf Cross Site Scripting Attempt || url,www.securityfocus.com/bid/38481 || url,doc.emergingthreats.net/2010865
1 || 2010866 || 4 || trojan-activity || 0 || ET DELETED Hostile domain, NeoSploit FakeAV google.analytics.com.*.info || url,www.malwaredomainlist.com/forums/index.php?action=printpage#-#-topic=3781.0 || url,doc.emergingthreats.net/2010866
1 || 2010867 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Potential FakeAV download Setup_103s1 or Setup_207 variant || url,www.prevx.com/avgraph/1/AVG.html || url,doc.emergingthreats.net/2010867
1 || 2010868 || 6 || bad-unknown || 0 || ET MALWARE Incorrectly formatted User-Agent string (dashes instead of semicolons) Likely Hostile || url,doc.emergingthreats.net/2010868
1 || 2010869 || 3 || policy-violation || 0 || ET DELETED PE EXE or DLL Windows file download (2) || url,doc.emergingthreats.net/2010869
1 || 2010870 || 6 || trojan-activity || 0 || ET DELETED NeoSploit Exploit Kit Java exploit drive-by host likely infected (kav) || url,www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0 || url,doc.emergingthreats.net/2010870
1 || 2010871 || 6 || trojan-activity || 0 || ET DELETED NeoSploit Exploit Kit Java exploit drive-by host likely infected (nte) || url,www.malwaredomainlist.com/forums/index.php?action=printpage%3btopic=3781.0 || url,doc.emergingthreats.net/2010871
1 || 2010872 || 5 || trojan-activity || 0 || ET TROJAN Pragma hack Detected Outbound - Likely Infected Source || url,doc.emergingthreats.net/2010872
1 || 2010873 || 5 || not-suspicious || 0 || ET DELETED Opera User-Agent Flowbit Set || url,doc.emergingthreats.net/2010873
1 || 2010875 || 7 || trojan-activity || 0 || ET TROJAN Blackenergy Bot Checkin to C&C (2) || url,doc.emergingthreats.net/2010875
1 || 2010876 || 5 || attempted-user || 0 || ET DELETED Foxit PDF Reader Buffer Overflow Attempt || url,www.coresecurity.com/content/foxit-reader-vulnerabilities#lref.4 || cve,2009-0837 || url,doc.emergingthreats.net/2010876
1 || 2010877 || 3 || attempted-user || 0 || ET EXPLOIT Possible SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt || url,www.securityfocus.com/bid/38578 || url,seclists.org/fulldisclosure/2010/Mar/140 || url,doc.emergingthreats.net/2010877
1 || 2010878 || 6 || attempted-user || 0 || ET EXPLOIT Possible Foxit PDF Reader Authentication Bypass Attempt || url,www.coresecurity.com/content/foxit-reader-vulnerabilities#lref.4 || cve,2009-0836 || url,doc.emergingthreats.net/2010878
1 || 2010879 || 4 || misc-activity || 0 || ET DELETED Hex Obfuscated arguments.callee Javascript Method in PDF Possibly Hostile PDF || url,doc.emergingthreats.net/2010879
1 || 2010880 || 3 || misc-activity || 0 || ET DELETED Possible Hex Obfuscation of Javascript Declaration Within PDF File - Likely Hostile || url,doc.emergingthreats.net/2010880
1 || 2010881 || 6 || bad-unknown || 0 || ET WEB_CLIENT PDF With Unescape Method Defined Possible Hostile Obfuscation Attempt || url,isc.sans.org/diary.html?storyid=7903 || url,isc.sans.org/diary.html?storyid=7906 || url,doc.emergingthreats.net/2010881
1 || 2010882 || 8 || misc-activity || 0 || ET POLICY PDF File Containing Javascript
1 || 2010883 || 5 || misc-activity || 0 || ET POLICY PDF File Containing arguments.callee in Cleartext - Likely Hostile || url,isc.sans.org/diary.html?storyid=1519 || url,isc.sans.org/diary.html?storyid=7906 || url,doc.emergingthreats.net/2010883
1 || 2010884 || 4 || misc-activity || 0 || ET DELETED .pdf File Possibly Containing Basic Hex Obfuscation || url,isc.sans.org/diary.html?storyid=7903 || url,isc.sans.org/diary.html?storyid=7906 || url,doc.emergingthreats.net/2010884
1 || 2010885 || 8 || trojan-activity || 0 || ET TROJAN BlackEnergy v2.x HTTP Request with Encrypted Variables || url,www.secureworks.com/research/threats/blackenergy2/?threat=blackenergy2 || url,doc.emergingthreats.net/2010885
1 || 2010886 || 6 || trojan-activity || 0 || ET TROJAN BlackEnergy v2.x Plugin Download Request || url,www.secureworks.com/research/threats/blackenergy2/?threat=blackenergy2 || url,doc.emergingthreats.net/2010886
1 || 2010888 || 7 || trojan-activity || 0 || ET TROJAN Generic Downloader checkin (3) || url,doc.emergingthreats.net/2010888
1 || 2010889 || 3 || trojan-activity || 0 || ET USER_AGENTS Win32.Tdss User Agent Detected (Mozzila) || url,doc.emergingthreats.net/2010889
1 || 2010890 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS phpBB3 registration (Step1 GET) || url,doc.emergingthreats.net/2010890
1 || 2010891 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS phpBB3 registration (Step2 POST) || url,doc.emergingthreats.net/2010891
1 || 2010892 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS phpBB3 registration (Step3 GET) || url,doc.emergingthreats.net/2010892
1 || 2010893 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS phpBB3 registration (Step4 POST) || url,doc.emergingthreats.net/2010893
1 || 2010894 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB3 Brute-Force reg attempt (Bad pf_XXXXX) || url,doc.emergingthreats.net/2010894
1 || 2010895 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB3 Brute-Force reg attempt (Bad pf_XXXXX) || url,doc.emergingthreats.net/2010895
1 || 2010896 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB3 Brute-Force reg attempt (Bad flow 2) || url,doc.emergingthreats.net/2010896
1 || 2010897 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB3 Brute-Force reg attempt (Bad flow 2) || url,doc.emergingthreats.net/2010897
1 || 2010898 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB3 registration (Bogus Stage3 GET) || url,doc.emergingthreats.net/2010898
1 || 2010899 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS phpBB3 multiple login attempts || url,doc.emergingthreats.net/2010899
1 || 2010900 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBB3 possible spammer posting attempts || url,doc.emergingthreats.net/2010900
1 || 2010901 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Potential FakeAV download ASetup_2009.exe variant || url,www.prevx.com/avgraph/1/AVG.html || url,doc.emergingthreats.net/2010901
1 || 2010902 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMyAdmin Remote Code Execution Proof of Concept (p=) || url,www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/ || url,doc.emergingthreats.net/2010902
1 || 2010903 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMyAdmin Remote Code Execution Proof of Concept (c=) || url,www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/ || url,doc.emergingthreats.net/2010903
1 || 2010904 || 7 || bad-unknown || 0 || ET MALWARE Fake Mozilla User-Agent (Mozilla/0.xx) Inbound || url,doc.emergingthreats.net/2010904
1 || 2010905 || 7 || bad-unknown || 0 || ET MALWARE Fake Mozilla UA Outbound (Mozilla/0.xx) || url,doc.emergingthreats.net/2010905
1 || 2010906 || 5 || bad-unknown || 0 || ET USER_AGENTS badly formatted User-Agent string (no closing parenthesis) || url,doc.emergingthreats.net/2010906
1 || 2010908 || 5 || trojan-activity || 0 || ET MALWARE Mozilla User-Agent (Mozilla/5.0) Inbound Likely Fake || url,doc.emergingthreats.net/2010908
1 || 2010909 || 2 || trojan-activity || 0 || ET TROJAN Arucer Command Execution || url,doc.emergingthreats.net/2010909
1 || 2010910 || 2 || trojan-activity || 0 || ET TROJAN Arucer DIR Listing || url,doc.emergingthreats.net/2010910
1 || 2010911 || 2 || trojan-activity || 0 || ET TROJAN Arucer WRITE FILE command || url,doc.emergingthreats.net/2010911
1 || 2010912 || 2 || trojan-activity || 0 || ET TROJAN Arucer READ FILE Command || url,doc.emergingthreats.net/2010912
1 || 2010913 || 2 || trojan-activity || 0 || ET TROJAN Arucer NOP Command || url,doc.emergingthreats.net/2010913
1 || 2010914 || 2 || trojan-activity || 0 || ET TROJAN Arucer FIND FILE Command || url,doc.emergingthreats.net/2010914
1 || 2010915 || 2 || trojan-activity || 0 || ET TROJAN Arucer YES Command || url,doc.emergingthreats.net/2010915
1 || 2010916 || 2 || trojan-activity || 0 || ET TROJAN Arucer ADD RUN ONCE Command || url,doc.emergingthreats.net/2010916
1 || 2010917 || 2 || trojan-activity || 0 || ET TROJAN Arucer DEL FILE Command || url,doc.emergingthreats.net/2010917
1 || 2010918 || 6 || trojan-activity || 0 || ET DELETED Paymilon-A HTTP POST || url,www.sophos.com/security/analyses/viruses-and-spyware/malpaymilona.html || url,doc.emergingthreats.net/2010918
1 || 2010919 || 3 || web-application-attack || 0 || ET WEB_SERVER HP LaserJet Printer Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=148 || cve,2009-2684 || url,doc.emergingthreats.net/2010919
1 || 2010920 || 7 || web-application-attack || 0 || ET WEB_SERVER Exploit Suspected PHP Injection Attack (cmd=) || cve,2002-0953 || url,doc.emergingthreats.net/2010920
1 || 2010921 || 3 || web-application-attack || 0 || ET ACTIVEX Ask.com Toolbar askBar.dll ActiveX ShortFormat Buffer Overflow Attempt || url,www.packetstormsecurity.nl/0911-exploits/ask_shortformat.rb.txt || url,secunia.com/advisories/26960/ || url,doc.emergingthreats.net/2010921
1 || 2010922 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SaurusCMS class.writeexcel_workbook.inc.php class_path Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/saurus-rfi.txt || url,doc.emergingthreats.net/2010922
1 || 2010923 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SaurusCMS class.writeexcel_worksheet.inc.php class_path Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/saurus-rfi.txt || url,doc.emergingthreats.net/2010923
1 || 2010924 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter SELECT FROM SQL Injection Attempt || url,www.exploit-db.com/exploits/11103 || url,doc.emergingthreats.net/2010924
1 || 2010925 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter DELETE FROM SQL Injection Attempt || url,www.exploit-db.com/exploits/11103 || url,doc.emergingthreats.net/2010925
1 || 2010926 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter UNION SELECT SQL Injection Attempt || url,www.exploit-db.com/exploits/11103 || url,doc.emergingthreats.net/2010926
1 || 2010927 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter INSERT INTO SQL Injection Attempt || url,www.exploit-db.com/exploits/11103 || url,doc.emergingthreats.net/2010927
1 || 2010928 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_perchagallery Component id Parameter UPDATE SET SQL Injection Attempt || url,www.exploit-db.com/exploits/11103 || url,doc.emergingthreats.net/2010928
1 || 2010929 || 6 || attempted-user || 0 || ET ACTIVEX Foxit Reader ActiveX control OpenFile method Heap Overflow Attempt || url,www.exploit-db.com/exploits/11196 || url,doc.emergingthreats.net/2010929
1 || 2010930 || 4 || attempted-user || 0 || ET ACTIVEX Foxit Reader ActiveX OpenFile method Remote Code Execution Function Call || url,www.exploit-db.com/exploits/11196 || url,doc.emergingthreats.net/2010930
1 || 2010931 || 7 || attempted-user || 0 || ET WEB_CLIENT Possible IE iepeers.dll Use-after-free Code Execution Attempt || url,www.rec-sec.com/2010/03/10/internet-explorer-iepeers-use-after-free-exploit/ || url,tools.cisco.com/security/center/viewAlert.x?alertId=20052 || url,www.microsoft.com/technet/security/bulletin/ms10-018.mspx || url,www.kb.cert.org/vuls/id/744549 || cve,2010-0806 || url,doc.emergingthreats.net/2010931
1 || 2010932 || 5 || trojan-activity || 0 || ET TROJAN Dropper Checkin 2 (often scripts.dlv4.com related) || url,doc.emergingthreats.net/2010932
1 || 2010934 || 5 || trojan-activity || 0 || ET MALWARE Infobox3 Spyware User-Agent (InfoBox) || url,doc.emergingthreats.net/2010934
1 || 2010935 || 2 || bad-unknown || 0 || ET POLICY Suspicious inbound to MSSQL port 1433 || url,doc.emergingthreats.net/2010935
1 || 2010936 || 2 || bad-unknown || 0 || ET POLICY Suspicious inbound to Oracle SQL port 1521 || url,doc.emergingthreats.net/2010936
1 || 2010937 || 2 || bad-unknown || 0 || ET POLICY Suspicious inbound to mySQL port 3306 || url,doc.emergingthreats.net/2010937
1 || 2010938 || 2 || bad-unknown || 0 || ET POLICY Suspicious inbound to mSQL port 4333 || url,doc.emergingthreats.net/2010938
1 || 2010939 || 2 || bad-unknown || 0 || ET POLICY Suspicious inbound to PostgreSQL port 5432 || url,doc.emergingthreats.net/2010939
1 || 2010941 || 1 || attempted-user || 0 || ET EXPLOIT Possible Sendmail SpamAssassin Milter Plugin Remote Arbitrary Command Injection Attempt || url,www.securityfocus.com/bid/38578 || url,seclists.org/fulldisclosure/2010/Mar/140 || url,doc.emergingthreats.net/2010941
1 || 2010942 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_jcollection controller Parameter Local File Inclusion Attempt || url,www.exploit-db.com/exploits/11088 || url,doc.emergingthreats.net/2010942
1 || 2010943 || 2 || web-application-attack || 0 || ET ACTIVEX SoftCab Sound Converter ActiveX SaveFormat File overwrite Attempt || url,secunia.com/advisories/37967/ || url,doc.emergingthreats.net/2010943
1 || 2010944 || 2 || attempted-user || 0 || ET ACTIVEX Viscom Movie Player Pro SDK ActiveX DrawText method Buffer Overflow Function Call || url,www.shinnai.net/exploits/X6hU4E0E7P5H3qH5yXrn.txt || url,secunia.com/advisories/38156/ || url,doc.emergingthreats.net/2010944
1 || 2010945 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Yahoo CD Player ActiveX Open Stack Overflow Attempt || url,www.shinnai.net/exploits/pD9YWswsoR3EIcE9bf3N.txt || url,doc.emergingthreats.net/2010945
1 || 2010946 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Yahoo CD Player ActiveX Open Stack Overflow Function Call || url,www.shinnai.net/exploits/pD9YWswsoR3EIcE9bf3N.txt || url,doc.emergingthreats.net/2010946
1 || 2010947 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_hdflvplayer Component id Parameter SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/38691/ || url,doc.emergingthreats.net/2010947
1 || 2010948 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_hdflvplayer Component id Parameter DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/38691/ || url,doc.emergingthreats.net/2010948
1 || 2010949 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_hdflvplayer Component id Parameter UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/38691/ || url,doc.emergingthreats.net/2010949
1 || 2010950 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_hdflvplayer Component id Parameter INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/38691/ || url,doc.emergingthreats.net/2010950
1 || 2010951 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_hdflvplayer Component id Parameter UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/38691/ || url,doc.emergingthreats.net/2010951
1 || 2010952 || 4 || policy-violation || 0 || ET DELETED facebook activity || url,compnetworking.about.com/od/traceipaddresses/f/facebook-ip-address.htm || url,doc.emergingthreats.net/2010952
1 || 2010953 || 3 || attempted-recon || 0 || ET SCAN Skipfish Web Application Scan Detected || url,isc.sans.org/diary.html?storyid=8467 || url,code.google.com/p/skipfish/ || url,doc.emergingthreats.net/2010953
1 || 2010954 || 4 || network-scan || 0 || ET SCAN crimscanner User-Agent detected || url,doc.emergingthreats.net/2010954
1 || 2010956 || 3 || attempted-recon || 0 || ET SCAN Skipfish Web Application Scan Detected (2) || url,isc.sans.org/diary.html?storyid=8467 || url,code.google.com/p/skipfish/ || url,doc.emergingthreats.net/2010956
1 || 2010957 || 6 || attempted-user || 0 || ET ACTIVEX SAP GUI SAPBExCommonResources ActiveX Insecure Method Code Execution Attempt || url,dsecrg.com/pages/vul/show.php?id=164 || url,doc.emergingthreats.net/2010957
1 || 2010958 || 5 || attempted-user || 0 || ET ACTIVEX Possible Symantec Antivirus 10.0 Client Proxy ActiveX Control Buffer Overflow Attempt || url,www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02 || url,dsecrg.com/pages/vul/show.php?id=139 || cve,2010-0108 || url,doc.emergingthreats.net/2010958
1 || 2010959 || 4 || attempted-user || 0 || ET ACTIVEX Possible Symantec Antivirus 10.0 Client Proxy ActiveX Control Buffer Overflow Function Call Attempt || url,www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02 || url,dsecrg.com/pages/vul/show.php?id=139 || cve,2010-0108 || url,doc.emergingthreats.net/2010959
1 || 2010960 || 3 || attempted-recon || 0 || ET SCAN WhatWeb Web Application Fingerprint Scanner Default User-Agent Detected || url,www.morningstarsecurity.com/research/whatweb || url,doc.emergingthreats.net/2010960
1 || 2010961 || 5 || attempted-user || 0 || ET WEB_CLIENT Wscript Shell Run Attempt - Likely Hostile || url,msdn.microsoft.com/en-us/library/d5fk67ky(VS.85).aspx || url,doc.emergingthreats.net/2010961
1 || 2010962 || 6 || attempted-user || 0 || ET ACTIVEX AOL 9.5 Phobos.Playlist Import ActiveX Buffer Overflow Attempt || url,www.rec-sec.com/2010/01/25/aol-playlist-class-buffer-overflow/ || url,doc.emergingthreats.net/2010962
1 || 2010963 || 4 || web-application-attack || 0 || ET WEB_SERVER SELECT USER SQL Injection Attempt in URI || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2010963
1 || 2010964 || 3 || web-application-attack || 0 || ET WEB_SERVER SHOW CHARACTER SET SQL Injection Attempt in URI || url,en.wikipedia.org/wiki/SQL_injection || url,dev.mysql.com/doc/refman/5.0/en/show-character-set.html || url,doc.emergingthreats.net/2010964
1 || 2010965 || 3 || web-application-attack || 0 || ET WEB_SERVER SHOW VARIABLES SQL Injection Attempt in URI || url,en.wikipedia.org/wiki/SQL_injection || url,dev.mysql.com/doc/refman/5.1/en/server-system-variables.html || url,doc.emergingthreats.net/2010965
1 || 2010966 || 3 || web-application-attack || 0 || ET WEB_SERVER SHOW CURDATE/CURTIME SQL Injection Attempt in URI || url,en.wikipedia.org/wiki/SQL_injection || url,dev.mysql.com/doc/refman/5.1/en/date-and-time-functions.html#function_curdate || url,dev.mysql.com/doc/refman/5.1/en/date-and-time-functions.html#function_curtime || url,doc.emergingthreats.net/2010966
1 || 2010967 || 3 || web-application-attack || 0 || ET WEB_SERVER SHOW TABLES SQL Injection Attempt in URI || url,en.wikipedia.org/wiki/SQL_injection || url,dev.mysql.com/doc/refman/4.1/en/show-tables.html || url,doc.emergingthreats.net/2010967
1 || 2010968 || 7 || attempted-user || 0 || ET WEB_CLIENT Possible Foxit/Adobe PDF Reader Launch Action Remote Code Execution Attempt || url,www.kb.cert.org/vuls/id/570177 || url,www.h-online.com/security/news/item/Criminals-attempt-to-exploit-unpatched-hole-in-Adobe-Reader-979286.html || url,www.sudosecure.net/archives/673 || url,www.h-online.com/security/news/item/Adobe-issues-official-workaround-for-PDF-vulnerability-971932.html || url,blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/ || url,www.m86security.com/labs/i/PDF-Launch-Feature-Used-to-Install-Zeus,trace.1301~.asp || url,doc.emergingthreats.net/2010968
1 || 2010969 || 3 || policy-violation || 0 || ET POLICY Possible ProxyShell Anonymous Access Connection || url,doc.emergingthreats.net/2010969
1 || 2010970 || 3 || web-application-attack || 0 || ET WEB_SERVER HP OpenView Network Node Manager OvWebHelp.exe Heap Buffer Overflow Attempt || cve,2009-4178 || url,doc.emergingthreats.net/2010970
1 || 2010972 || 3 || policy-violation || 0 || ET POLICY Possible ProxyShell Hide IP Installation file download || url,www.browserdefender.com/file/484661/site/putas18.info/ || url,doc.emergingthreats.net/2010792
1 || 2010973 || 4 || trojan-activity || 0 || ET TROJAN Vobfus/Changeup/Chinky Download Command || url,doc.emergingthreats.net/2010973 || url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=beb8bc1ba5dbd8de0761ef362bc8b0a4 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fVobfus || url,www.symantec.com/security_response/writeup.jsp?docid=2009-081806-2906-99&tabid=2 || url,www.symantec.com/connect/blogs/w32changeup-threat-profile || url,www.threatexpert.com/report.aspx?md5=f8880b851ea5ed92dd97657574fb4f70
1 || 2010975 || 5 || trojan-activity || 0 || ET TROJAN Unruy Downloader Checkin || url,ddanchev.blogspot.com/2010/03/copyright-lawsuit-filed-against-you.html || url,isc.sans.org/diary.html?storyid=8497 || url,threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.STM&VSect=T || url,doc.emergingthreats.net/2010975
1 || 2010976 || 5 || attempted-user || 0 || ET WEB_SPECIFIC_APPS JcomBand toolbar ActiveX Control isRegistered Property Buffer Overflow Attempt || url,www.exploit-db.com/exploits/11059 || url,secunia.com/advisories/38081/ || url,doc.emergingthreats.net/2010976
1 || 2010977 || 5 || attempted-user || 0 || ET ACTIVEX AOL 9.5 ActiveX control Import method Heap Overflow Attempt || url,www.exploit-db.com/exploits/11204 || url,doc.emergingthreats.net/2010977
1 || 2010978 || 5 || attempted-user || 0 || ET ACTIVEX IE ActiveX control Exec method Remote code execution Attempt || url,www.packetstormsecurity.org/1001-exploits/wshomocx-activex.txt || url,doc.emergingthreats.net/2010978
1 || 2010979 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ispCP Omega admin1.template.php Remote File Inclusion Attempt || url,packetstorm.foofus.com/1003-exploits/ispcp-rfi.txt || bugtraq,38644 || url,doc.emergingthreats.net/2010979
1 || 2010980 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM ENOVIA SmarTeam v5 LoginPage.aspx Cross Site Scripting Attempt || url,packetstorm.foofus.com/1003-exploits/ibmenovia-xss.txt || url,doc.emergingthreats.net/2010980
1 || 2010981 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_quicknews Component newsid Parameter SELECT FROM SQL Injection Attempt || bugtraq,37161 || url,doc.emergingthreats.net/2010981
1 || 2010982 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_quicknews Component newsid Parameter DELETE FROM SQL Injection Attempt || bugtraq,37161 || url,doc.emergingthreats.net/2010982
1 || 2010983 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_quicknews Component newsid Parameter UNION SELECT SQL Injection Attempt || bugtraq,37161 || url,doc.emergingthreats.net/2010983
1 || 2010984 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_quicknews Component newsid Parameter INSERT INTO SQL Injection Attempt || bugtraq,37161 || url,doc.emergingthreats.net/2010984
1 || 2010985 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_quicknews Component newsid Parameter UPDATE SET SQL Injection Attempt || bugtraq,37161 || url,doc.emergingthreats.net/2010985
1 || 2010986 || 6 || attempted-user || 0 || ET ACTIVEX AOLShare ActiveX AppString method denial of service Attempt || url,packetstorm.foofus.com/1001-exploits/aolactivex-dos.txt || url,doc.emergingthreats.net/2010986
1 || 2010987 || 4 || attempted-user || 0 || ET ACTIVEX AOLShare ActiveX AppString method denial of service Function Call || url,packetstorm.foofus.com/1001-exploits/aolactivex-dos.txt || url,doc.emergingthreats.net/2010987
1 || 2010988 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CommonSpot Server longproc.cfm Cross Site Scripting Attempt || bugtraq,37986 || url,doc.emergingthreats.net/2010988
1 || 2010989 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_ccnewsletter controller Parameter Local File Inclusion Attempt || bugtraq,37987 || url,doc.emergingthreats.net/2010989
1 || 2010990 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla SQL Reports user_id Parameter SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/38678/ || url,doc.emergingthreats.net/2010990
1 || 2010991 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla SQL Reports user_id Parameter DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/38678/ || url,doc.emergingthreats.net/2010991
1 || 2010992 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla SQL Reports user_id Parameter UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/38678/ || url,doc.emergingthreats.net/2010992
1 || 2010993 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla SQL Reports user_id Parameter INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/38678/ || url,doc.emergingthreats.net/2010993
1 || 2010994 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla SQL Reports user_id Parameter UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/38678/ || url,doc.emergingthreats.net/2010994
1 || 2010995 || 4 || attempted-user || 0 || ET ACTIVEX BaoFeng Storm mps.dll ActiveX OnBeforeVideoDownload Buffer Overflow Function Call || bugtraq,34789 || url,doc.emergingthreats.net/2010995
1 || 2010996 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_communitypolls controller Parameter Local File Inclusion Attempt || url,www.exploit-db.com/exploits/11511 || url,doc.emergingthreats.net/2010996
1 || 2010997 || 6 || attempted-user || 0 || ET ACTIVEX Hyleos ChemView ActiveX Control SaveasMolFile Method Buffer Overflow Attempt || url,www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf || url,secunia.com/advisories/38523/ || url,doc.emergingthreats.net/2010997
1 || 2010998 || 6 || attempted-user || 0 || ET ACTIVEX Hyleos ChemView ActiveX Control ReadMolFile Method Buffer Overflow Attempt || url,www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf || url,secunia.com/advisories/38523/ || url,doc.emergingthreats.net/2010998
1 || 2010999 || 4 || attempted-user || 0 || ET ACTIVEX Hyleos ChemView ActiveX Buffer Overflow Function Call || url,www.security-assessment.com/files/advisories/2010-02-11_ChemviewX_Activex.pdf || url,secunia.com/advisories/38523/ || url,doc.emergingthreats.net/2010999
1 || 2011000 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Worksystems linkbar.php cfile Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10676 || url,doc.emergingthreats.net/2011000
1 || 2011001 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rsgallery2 Component catid Parameter SELECT FROM SQL Injection Attempt || bugtraq,38009 || url,doc.emergingthreats.net/2011001
1 || 2011002 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rsgallery2 Component catid Parameter DELETE FROM SQL Injection Attempt || bugtraq,38009 || url,doc.emergingthreats.net/2011002
1 || 2011003 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rsgallery2 Component catid Parameter UNION SELECT SQL Injection Attempt || bugtraq,38009 || url,doc.emergingthreats.net/2011003
1 || 2011004 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rsgallery2 Component catid Parameter INSERT INTO SQL Injection Attempt || bugtraq,38009 || url,doc.emergingthreats.net/2011004
1 || 2011005 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rsgallery2 Component catid Parameter UPDATE SET SQL Injection Attempt || bugtraq,38009 || url,doc.emergingthreats.net/2011005
1 || 2011006 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress NextGEN Gallery Plugin Cross Site Scripting Attempt || url,www.coresecurity.com/content/nextgen-gallery-xss-vulnerability || cve,2010-1186 || url,doc.emergingthreats.net/2011006
1 || 2011007 || 8 || attempted-user || 0 || ET ACTIVEX Microsoft Internet Explorer Tabular DataURL ActiveX Control Memory Corruption Attempt || url,securitytracker.com/alerts/2010/Mar/1023773.html || url,tools.cisco.com/security/center/viewAlert.x?alertId=20202 || url,www.metasploit.com/redmine/projects/framework/repository/revisions/9018/entry/modules/exploits/windows/browser/ms10_018_ie_tabular_activex.rb || url,www.microsoft.com/technet/security/bulletin/ms10-018.mspx || url,www.vupen.com/english/advisories/2010/0744 || url,www.kb.cert.org/vuls/id/744549 || cve,2010-0805 || url,doc.emergingthreats.net/2011007
1 || 2011008 || 4 || misc-activity || 0 || ET POLICY Possible Multiple Levels of Javascript Encoding & Compression Filters in PDF, Possibly Hostile PDF || url,www.symantec.com/connect/blogs/journey-center-pdf-stream || url,doc.emergingthreats.net/2011008
1 || 2011009 || 5 || bad-unknown || 0 || ET DELETED Java JAR PROPFIND via DAV possible alternative JVM exploit || url,blogs.zdnet.com/security/?p=6082 || url,doc.emergingthreats.net/2011009
1 || 2011010 || 5 || attempted-user || 0 || ET ACTIVEX Possible Java Deployment Toolkit CSLID Command Execution Attempt || url,seclists.org/fulldisclosure/2010/Apr/119 || url,doc.emergingthreats.net/2011010
1 || 2011011 || 2 || attempted-admin || 0 || ET SNMP Attempted UDP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String ILMI || url,www.cisco.com/warp/public/707/cisco-sa-20010228-ios-snmp-community.shtml || url,www.cisco.com/warp/public/707/cisco-sa-20010227-ios-snmp-ilmi.shtml || url,doc.emergingthreats.net/2011011
1 || 2011012 || 2 || attempted-admin || 0 || ET SNMP Attempted TCP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String ILMI || url,www.cisco.com/warp/public/707/cisco-sa-20010228-ios-snmp-community.shtml || url,www.cisco.com/warp/public/707/cisco-sa-20010227-ios-snmp-ilmi.shtml || url,doc.emergingthreats.net/2011012
1 || 2011013 || 2 || attempted-admin || 0 || ET SNMP Attempted UDP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String cable-docsis || url,www.cisco.com/warp/public/707/cisco-sa-20010228-ios-snmp-community.shtml || url,www.iss.net/security_center/reference/vuln/cisco-ios-cable-docsis.htm || url,www.kb.cert.org/vuls/id/840665 || cve,2004-1776 || url,doc.emergingthreats.net/2011013
1 || 2011014 || 2 || attempted-admin || 0 || ET SNMP Attempted TCP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String cable-docsis || url,www.cisco.com/warp/public/707/cisco-sa-20010228-ios-snmp-community.shtml || url,www.iss.net/security_center/reference/vuln/cisco-ios-cable-docsis.htm || url,www.kb.cert.org/vuls/id/840665 || cve,2004-1776 || url,doc.emergingthreats.net/2011014
1 || 2011015 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible Sun Microsystems Sun Java System Web Server Remote File Disclosure Attempt || url,www.packetstormsecurity.org/1004-exploits/sun-knockout.txt || url,doc.emergingthreats.net/2011015
1 || 2011016 || 4 || web-application-attack || 0 || ET WEB_SERVER Possible Sun Microsystems Sun Java System Web Server Long OPTIONS URI Overflow Attmept || url,www.packetstormsecurity.com/1004-exploits/sunjavasystem-exec.txt || cve,2010-0361 || url,doc.emergingthreats.net/2011016
1 || 2011017 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jcalpro cal_popup.php Remote File Inclusion Attempt || url,www.packetstormsecurity.org/0912-exploits/joomlajcalpro-rfi.txt || url,doc.emergingthreats.net/2011017
1 || 2011018 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gallery2 adodb-error.inc.php ADODB_LANG Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/10705 || url,doc.emergingthreats.net/2011018
1 || 2011019 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Comtrend ADSL Router srvName parameter XSS attempt || url,packetstorm.foofus.com/1001-exploits/comtrend-xss.txt || url,xforce.iss.net/xforce/xfdb/47765 || url,doc.emergingthreats.net/2011019
1 || 2011020 || 6 || attempted-user || 0 || ET ACTIVEX RKD Software ActiveX Control SaveasMolFile Method Buffer Overflow Attempt || url,packetstorm.foofus.com/1002-exploits/barcode_ax49.rb.txt || bugtraq,24596 || url,doc.emergingthreats.net/2011020
1 || 2011021 || 4 || attempted-user || 0 || ET ACTIVEX Rising Online Virus Scanner ActiveX Scan Method stack Overflow Function Call || url,packetstorm.foofus.com/1002-exploits/risingonline-dos.txt || bugtraq,38282 || url,doc.emergingthreats.net/2011021
1 || 2011022 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_blog Component id Parameter SELECT FROM SQL Injection Attempt || bugtraq,38668 || url,exploit-db.com/exploits/11688 || url,doc.emergingthreats.net/2011022
1 || 2011023 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_blog Component id Parameter DELETE FROM SQL Injection Attempt || bugtraq,38668 || url,exploit-db.com/exploits/11688 || url,doc.emergingthreats.net/2011023
1 || 2011024 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_blog Component id Parameter UNION SELECT SQL Injection Attempt || bugtraq,38668 || url,exploit-db.com/exploits/11688 || url,doc.emergingthreats.net/2011024
1 || 2011025 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_blog Component id Parameter INSERT INTO SQL Injection Attempt || bugtraq,38668 || url,exploit-db.com/exploits/11688 || url,doc.emergingthreats.net/2011025
1 || 2011026 || 13 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_blog Component id Parameter UPDATE SET SQL Injection Attempt || bugtraq,38668 || url,exploit-db.com/exploits/11688 || url,doc.emergingthreats.net/2011026
1 || 2011027 || 4 || attempted-recon || 0 || ET SCAN w3af Scan In Progress ARGENTINA Req Method || url,w3af.sourceforge.net || url,doc.emergingthreats.net/2011027
1 || 2011028 || 6 || attempted-recon || 0 || ET SCAN HZZP Scan in Progress calc in Headers || url,www.krakowlabs.com/dev.html || url,doc.emergingthreats.net/2011028
1 || 2011029 || 8 || attempted-recon || 0 || ET SCAN Netsparker Default User-Agent || url,www.mavitunasecurity.com/communityedition/
1 || 2011030 || 5 || attempted-recon || 0 || ET SCAN Netsparker Scan in Progress || url,www.mavitunasecurity.com/communityedition/ || url,doc.emergingthreats.net/2011030
1 || 2011031 || 4 || bad-unknown || 0 || ET SCAN HTTP GET invalid method case || url,www.w3.org/Protocols/rfc2616/rfc2616-sec9.html || url,doc.emergingthreats.net/2011031
1 || 2011032 || 4 || bad-unknown || 0 || ET SCAN HTTP POST invalid method case || url,www.w3.org/Protocols/rfc2616/rfc2616-sec9.html || url,doc.emergingthreats.net/2011032
1 || 2011033 || 4 || bad-unknown || 0 || ET SCAN HTTP HEAD invalid method case || url,www.w3.org/Protocols/rfc2616/rfc2616-sec9.html || url,doc.emergingthreats.net/2011033
1 || 2011034 || 5 || bad-unknown || 0 || ET SCAN HTTP OPTIONS invalid method case || url,www.w3.org/Protocols/rfc2616/rfc2616-sec9.html || url,doc.emergingthreats.net/2011034
1 || 2011035 || 4 || web-application-attack || 0 || ET WEB_SERVER SQL Injection BULK INSERT in URI to Insert File Content into Database Table || url,msdn.microsoft.com/en-us/library/ms188365.aspx || url,msdn.microsoft.com/en-us/library/ms175915.aspx || url,www.sqlteam.com/article/using-bulk-insert-to-load-a-text-file || url,doc.emergingthreats.net/2011035
1 || 2011037 || 4 || web-application-attack || 0 || ET WEB_SERVER Possible Attempt to Get SQL Server Version in URI using SELECT VERSION || url,support.microsoft.com/kb/321185 || url,doc.emergingthreats.net/2011037
1 || 2011039 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible INSERT VALUES SQL Injection Attempt || url,ferruh.mavituna.com/sql-injection-cheatsheet-oku/ || url,en.wikipedia.org/wiki/Insert_(SQL) || url,doc.emergingthreats.net/2011039
1 || 2011040 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible Usage of MYSQL Comments in URI for SQL Injection || url,dev.mysql.com/doc/refman/5.0/en/comments.html || url,en.wikipedia.org/wiki/SQL_injection || url,doc.emergingthreats.net/2011040
1 || 2011041 || 3 || web-application-attack || 0 || ET WEB_SERVER MYSQL Benchmark Command in URI to Consume Server Resources || url,dev.mysql.com/doc/refman/5.1/en/information-functions.html#function_benchmark || url,doc.emergingthreats.net/2011041
1 || 2011042 || 3 || web-application-attack || 0 || ET WEB_SERVER MYSQL SELECT CONCAT SQL Injection Attempt || url,ferruh.mavituna.com/sql-injection-cheatsheet-oku/ || url,www.webdevelopersnotes.com/tutorials/sql/a_little_more_on_the_mysql_select_statement.php3 || url,doc.emergingthreats.net/2011042
1 || 2011044 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Copperleaf Photolog postid Parameter SELECT FROM SQL Injection Attempt || url,www.exploit-db.com/exploits/11458 || url,doc.emergingthreats.net/2011044
1 || 2011045 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Copperleaf Photolog postid Parameter DELETE FROM SQL Injection Attempt || url,www.exploit-db.com/exploits/11458 || url,doc.emergingthreats.net/2011045
1 || 2011046 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Copperleaf Photolog postid Parameter INSERT INTO SQL Injection Attempt || url,www.exploit-db.com/exploits/11458 || url,doc.emergingthreats.net/2011046
1 || 2011047 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Copperleaf Photolog postid Parameter UPDATE SET SQL Injection Attempt || url,www.exploit-db.com/exploits/11458 || url,doc.emergingthreats.net/2011047
1 || 2011048 || 4 || attempted-user || 0 || ET ACTIVEX IncrediMail 2.0 Authenticate Method Remote Buffer Overflow Attempt || url,packetstormsecurity.org/1004-exploits/incredimail20-overflow.txt || url,exploit-db.com/exploits/12030 || url,doc.emergingthreats.net/2011048
1 || 2011049 || 6 || attempted-user || 0 || ET ACTIVEX IncrediMail 2.0 Authenticate Method Remote Buffer Overflow Function Call Attempt || url,packetstormsecurity.org/1004-exploits/incredimail20-overflow.txt || url,exploit-db.com/exploits/12030 || url,doc.emergingthreats.net/2011049
1 || 2011050 || 4 || attempted-user || 0 || ET ACTIVEX Liquid XML Studio 2010 OpenFile Method Remote Heap Overflow Attempt || url,exploit-db.com/exploits/11750 || url,doc.emergingthreats.net/2011050
1 || 2011051 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softsaurus CMS subHeader.php objects_path Parameter Remote File Inclusion -1 || bugtraq,38842 || url,exploit-db.com/exploits/11807 || url,doc.emergingthreats.net/2011051
1 || 2011052 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softsaurus CMS subHeader.php objects_path Parameter Remote File Inclusion -2 || bugtraq,38842 || url,exploit-db.com/exploits/11807 || url,doc.emergingthreats.net/2011052
1 || 2011053 || 3 || attempted-user || 0 || ET WEB_CLIENT Possible Java Deployment Toolkit Launch Method Remote Code Execution Attempt || url,seclists.org/fulldisclosure/2010/Apr/119 || url,www.darknet.org.uk/2010/04/serious-java-bug-exposes-users-to-code-execution/ || url,doc.emergingthreats.net/2011053
1 || 2011054 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible CactuShop User Invoices Persistent XSS Attempt || url,www.coresecurity.com/content/cactushop-xss-persistent-vulnerability || cve,2010-1486 || url,doc.emergingthreats.net/2011054
1 || 2011055 || 7 || attempted-user || 0 || ET ACTIVEX Possible EDraw Flowchart ActiveX Control OpenDocument Method Remote Code Execution Attempt || url,doc.emergingthreats.net/2011055
1 || 2011057 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp SELECT FROM SQL Injection Attempt || bugtraq,39510 || url,doc.emergingthreats.net/2011057
1 || 2011058 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp DELETE FROM SQL Injection Attempt || bugtraq,39510 || url,doc.emergingthreats.net/2011058
1 || 2011059 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp UNION SELECT SQL Injection Attempt || bugtraq,39510 || url,doc.emergingthreats.net/2011059
1 || 2011060 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp INSERT INTO SQL Injection Attempt || bugtraq,39510 || url,doc.emergingthreats.net/2011060
1 || 2011061 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp UPDATE SET SQL Injection Attempt || bugtraq,39510 || url,doc.emergingthreats.net/2011061
1 || 2011062 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mp3 Online Id Tag Editor getid3.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/12219 || url,doc.emergingthreats.net/2011062
1 || 2011063 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mp3 Online Id Tag Editor module.archive.gzip.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/12219 || url,doc.emergingthreats.net/2011063
1 || 2011065 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SurgeFTP surgeftpmgr.cgi classid Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/38097 || url,packetstormsecurity.org/1001-exploits/surgeftp-xss.txt || url,doc.emergingthreats.net/2011065
1 || 2011066 || 6 || trojan-activity || 0 || ET DELETED TROJAN SEO HTTP REFERER landing capture rewrite, likely Fake AV || url,doc.emergingthreats.net/2011066
1 || 2011067 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla wgPicasa Component controller Parameter Local File Inclusion Attempt || url,secunia.com/advisories/39467 || url,exploit-db.com/exploits/12230 || url,doc.emergingthreats.net/2011067
1 || 2011071 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Copperleaf Photolog postid Parameter UNION SELECT SQL Injection Attempt || url,www.exploit-db.com/exploits/11458 || url,doc.emergingthreats.net/2011071
1 || 2011072 || 5 || trojan-activity || 0 || ET TROJAN Fruspam polling for IP likely infected || url,community.ca.com/blogs/securityadvisor/archive/2009/03/26/in-the-wild-win32-fruspam-using-american-greetings.aspx || url,doc.emergingthreats.net/2011072
1 || 2011073 || 5 || web-application-attack || 0 || ET WEB_SERVER Microsoft SharePoint Server 2007 _layouts/help.aspx Cross Site Scripting Attempt || url,www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html || url,tools.cisco.com/security/center/viewAlert.x?alertId=20415 || url,www.microsoft.com/technet/security/Bulletin/MS10-039.mspx || url,tools.cisco.com/security/center/viewAlert.x?alertId=20610 || cve,2010-0817 || url,doc.emergingthreats.net/2011073
1 || 2011075 || 8 || attempted-user || 0 || ET ACTIVEX HP Operations Manager SourceView ActiveX LoadFile/SaveFile Method Buffer Overflow Attempt || url,packetstormsecurity.org/1004-exploits/CORELAN-10-027.txt || url,secunia.com/advisories/39538/ || url,doc.emergingthreats.net/2011075
1 || 2011077 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla FaceBook Component face_id Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/12299 || url,packetstormsecurity.org/1004-exploits/joomlagbufacebook-sql.txt || url,doc.emergingthreats.net/2011077
1 || 2011078 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla FaceBook Component face_id Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/12299 || url,packetstormsecurity.org/1004-exploits/joomlagbufacebook-sql.txt || url,doc.emergingthreats.net/2011078
1 || 2011079 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla FaceBook Component face_id Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/12299 || url,packetstormsecurity.org/1004-exploits/joomlagbufacebook-sql.txt || url,doc.emergingthreats.net/2011079
1 || 2011080 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla FaceBook Component face_id Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/12299 || url,packetstormsecurity.org/1004-exploits/joomlagbufacebook-sql.txt || url,doc.emergingthreats.net/2011080
1 || 2011081 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla FaceBook Component face_id Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/12299 || url,packetstormsecurity.org/1004-exploits/joomlagbufacebook-sql.txt || url,doc.emergingthreats.net/2011081
1 || 2011082 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS McAfee Email Gateway queueMsgType Parameter Cross Site Scripting Attempt || url,exploit-db.com/sploits/cybsec_advisory_2010_0402.pdf || url,doc.emergingthreats.net/2011082
1 || 2011083 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS McAfee Email Gateway QtnType Parameter Cross Site Scripting Attempt || url,exploit-db.com/sploits/cybsec_advisory_2010_0402.pdf || url,doc.emergingthreats.net/2011083
1 || 2011084 || 5 || trojan-activity || 0 || ET DELETED User-Agent (BlueSky) || url,doc.emergingthreats.net/2011084
1 || 2011085 || 7 || misc-activity || 0 || ET POLICY HTTP Redirect to IPv4 Address || url,doc.emergingthreats.net/2011085
1 || 2011086 || 6 || trojan-activity || 0 || ET TROJAN Trojan-Dropper.Win32.Flystud || url,doc.emergingthreats.net/2011086
1 || 2011087 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (gomtour) || url,doc.emergingthreats.net/2011087
1 || 2011088 || 3 || attempted-recon || 0 || ET SCAN Possible DavTest WebDav Vulnerability Scanner Initial Check Detected || url,www.darknet.org.uk/2010/04/davtest-webdav-vulerability-scanning-scanner-tool/ || url,code.google.com/p/davtest/ || url,doc.emergingthreats.net/2011088
1 || 2011089 || 3 || attempted-recon || 0 || ET SCAN DavTest WebDav Vulnerability Scanner Default User Agent Detected || url,www.darknet.org.uk/2010/04/davtest-webdav-vulerability-scanning-scanner-tool/ || url,code.google.com/p/davtest/ || url,doc.emergingthreats.net/2011089
1 || 2011090 || 8 || trojan-activity || 0 || ET POLICY User-Agent Recuva (Recuva) || url,doc.emergingthreats.net/2011090 || url,www.piriform.com/
1 || 2011091 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Manage Engine Service Desk Plus WorkOrder.do SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/39032/ || url,exploit-db.com/exploits/11793 || url,doc.emergingthreats.net/2011091
1 || 2011092 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Manage Engine Service Desk Plus WorkOrder.do DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/39032/ || url,exploit-db.com/exploits/11793 || url,doc.emergingthreats.net/2011092
1 || 2011093 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Manage Engine Service Desk Plus WorkOrder.do UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/39032/ || url,exploit-db.com/exploits/11793 || url,doc.emergingthreats.net/2011093
1 || 2011094 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Manage Engine Service Desk Plus WorkOrder.do INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/39032/ || url,exploit-db.com/exploits/11793 || url,doc.emergingthreats.net/2011094
1 || 2011095 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Manage Engine Service Desk Plus WorkOrder.do UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/39032/ || url,exploit-db.com/exploits/11793 || url,doc.emergingthreats.net/2011095
1 || 2011096 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fatwiki datumscalc.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/11188 || url,doc.emergingthreats.net/2011096
1 || 2011097 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fatwiki monatsblatt.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/11188 || url,doc.emergingthreats.net/2011097
1 || 2011098 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS YaPig last_gallery.php YAPIG_PATH Parameter Remote File Inclusion Attempt || url,inj3ct0r.com/exploits/11708 || url,doc.emergingthreats.net/2011098
1 || 2011099 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DaFun Spirit lgsl_players.php lgsl_path Parameter Remote File Inclusion || url,exploit-db.com/exploits/11888 || url,doc.emergingthreats.net/2011099
1 || 2011100 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DaFun Spirit lgsl_settings.php lgsl_path Parameter Remote File Inclusion || url,exploit-db.com/exploits/11888 || url,doc.emergingthreats.net/2011100
1 || 2011101 || 7 || trojan-activity || 0 || ET MALWARE Recuva User-Agent (OpenPage) - likely trojan dropper || url,doc.emergingthreats.net/2011101
1 || 2011103 || 10 || trojan-activity || 0 || ET TROJAN Exploit kit download payload likely Hiloti Gozi FakeAV etc || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FHiloti.gen%21D || url,doc.emergingthreats.net/2011103
1 || 2011104 || 10 || trojan-activity || 0 || ET TROJAN Exploit kit attack activity likely hostile || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FHiloti.gen%21D || url,doc.emergingthreats.net/2011104
1 || 2011105 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (i-scan) || url,doc.emergingthreats.net/2011105
1 || 2011106 || 5 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (lineguide) || url,doc.emergingthreats.net/2011106
1 || 2011107 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress WP-Cumulus Plugin tagcloud.swf Cross-Site Scripting Attempt || url,doc.emergingthreats.net/2011107
1 || 2011108 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfire Jabber-Server type Parameter SELECT FROM SQL Injection Attempt || url,www.securiteam.com/securitynews/6T00C0AN5G.html || url,doc.emergingthreats.net/2011108
1 || 2011109 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfire Jabber-Server type Parameter DELETE FROM SQL Injection Attempt || url,www.securiteam.com/securitynews/6T00C0AN5G.html || url,doc.emergingthreats.net/2011109
1 || 2011110 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfire Jabber-Server type Parameter UNION SELECT SQL Injection Attempt || url,www.securiteam.com/securitynews/6T00C0AN5G.html || url,doc.emergingthreats.net/2011110
1 || 2011111 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfire Jabber-Server type Parameter INSERT INTO SQL Injection Attempt || url,www.securiteam.com/securitynews/6T00C0AN5G.html || url,doc.emergingthreats.net/2011111
1 || 2011112 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfire Jabber-Server type Parameter UPDATE SET SQL Injection Attempt || url,www.securiteam.com/securitynews/6T00C0AN5G.html || url,doc.emergingthreats.net/2011112
1 || 2011113 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Business Objects Crystal Reports Web Form Viewer Directory Traversal Attempt || url,secunia.com/advisories/11803/ || bugtraq,10260 || url,doc.emergingthreats.net/2011113
1 || 2011114 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ARISg errmsg Parameter Cross Site Scripting Attempt || bugtraq,38441 || url,secunia.com/advisories/38793 || url,doc.emergingthreats.net/2011114
1 || 2011115 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cPanel fileop Parameter Cross Site Scripting Attempt || bugtraq,37394 || url,vupen.com/english/advisories/2009/3608 || url,doc.emergingthreats.net/2011115
1 || 2011116 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gallo gfw_smarty.php gfwroot Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/12488 || bugtraq,39890 || url,doc.emergingthreats.net/2011116
1 || 2011117 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PowerEasy ComeUrl Parameter Cross Site Scripting Attempt || bugtraq,39696 || url,secunia.com/advisories/39627 || url,doc.emergingthreats.net/2011117
1 || 2011118 || 4 || trojan-activity || 0 || ET DELETED Suspicious User Agent Maxthon || url,doc.emergingthreats.net/2011118
1 || 2011120 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (Save) || url,poweredbysave.com
1 || 2011121 || 6 || trojan-activity || 0 || ET TROJAN Phoenix Exploit Kit Facebook phishing page payload could be ZeuS || url,malwareint.blogspot.com/2010/03/new-phishing-campaign-against-facebook.html || url,doc.emergingthreats.net/2011121
1 || 2011122 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible SQL injection obfuscated via REVERSE function || url,snosoft.blogspot.com/2010/05/reversenoitcejni-lqs-dnilb-bank-hacking.html || url,doc.emergingthreats.net/2011122
1 || 2011123 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (Yodao Desktop Dict) || url,doc.emergingthreats.net/2011123
1 || 2011124 || 15 || non-standard-protocol || 0 || ET MALWARE Suspicious FTP 220 Banner on Local Port (spaced) || url,doc.emergingthreats.net/2011124
1 || 2011125 || 7 || not-suspicious || 0 || ET POLICY Maxthon Browser Background Agent UA (MxAgent) || url,doc.emergingthreats.net/2011125
1 || 2011126 || 5 || attempted-user || 0 || ET ACTIVEX Possible VMware Console ActiveX Format String Remote Code Execution Attempt || url,dsecrg.com/pages/vul/show.php?id=153 || url,lists.vmware.com/pipermail/security-announce/2010/000090.html || cve,2009-3732 || url,doc.emergingthreats.net/2011126
1 || 2011127 || 8 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (InTeRNeT) || url,doc.emergingthreats.net/2011127
1 || 2011128 || 4 || trojan-activity || 0 || ET TROJAN Eleonore Exploit Pack activity variant May 2010 || url,www.offensivecomputing.net/?q=node/1419 || url,doc.emergingthreats.net/2010248
1 || 2011129 || 6 || attempted-user || 0 || ET ACTIVEX Possible Attachmate Reflection X ActiveX Control 'ControlID' Buffer Overflow Attempt || url,doc.emergingthreats.net/2011129
1 || 2011130 || 4 || attempted-user || 0 || ET ACTIVEX Possible Attachmate Reflection X ActiveX Control 'ControlID' Buffer Overflow Function Call Attempt || url,doc.emergingthreats.net/2011130
1 || 2011131 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla jwmmxtd Component mosConfig_absolute_path Parameter Remote File Inclusion || url,exploit-db.com/exploits/11845 || url,doc.emergingthreats.net/2011131
1 || 2011132 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_universal Component Remote File Inclusion || url,exploit-db.com/exploits/11865 || bugtraq,38949 || url,doc.emergingthreats.net/2011132
1 || 2011133 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke viewslink module sid Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/12514 || bugtraq,39925 || url,doc.emergingthreats.net/2011133
1 || 2011134 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke viewslink module sid Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/12514 || bugtraq,39925 || url,doc.emergingthreats.net/2011134
1 || 2011135 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke viewslink module sid Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/12514 || bugtraq,39925 || url,doc.emergingthreats.net/2011135
1 || 2011136 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke viewslink module sid Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/12514 || bugtraq,39925 || url,doc.emergingthreats.net/2011136
1 || 2011137 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke viewslink module sid Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/12514 || bugtraq,39925 || url,doc.emergingthreats.net/2011137
1 || 2011138 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XAMPP showcode.php TEXT Parameter Cross Site Scripting Attempt || bugtraq,37997 || url,doc.emergingthreats.net/2011138
1 || 2011139 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS XAMPP xamppsecurity.phpp TEXT Parameter Cross Site Scripting Attempt || bugtraq,37997 || url,doc.emergingthreats.net/2011139
1 || 2011140 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JE Ajax Event Calendar view Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/12598 || url,doc.emergingthreats.net/2011140
1 || 2011141 || 3 || attempted-recon || 0 || ET WEB_SERVER PHP Easteregg Information-Disclosure (phpinfo) || url,osvdb.org/12184 || url,www.0php.com/php_easter_egg.php || url,seclists.org/nmap-dev/2010/q2/569 || url,doc.emergingthreats.net/2011141
1 || 2011142 || 3 || attempted-recon || 0 || ET WEB_SERVER PHP Easteregg Information-Disclosure (php-logo) || url,osvdb.org/12184 || url,www.0php.com/php_easter_egg.php || url,seclists.org/nmap-dev/2010/q2/569 || url,doc.emergingthreats.net/2011142
1 || 2011143 || 3 || attempted-recon || 0 || ET WEB_SERVER PHP Easteregg Information-Disclosure (zend-logo) || url,osvdb.org/12184 || url,www.0php.com/php_easter_egg.php || url,seclists.org/nmap-dev/2010/q2/569 || url,doc.emergingthreats.net/2011143
1 || 2011144 || 3 || attempted-recon || 0 || ET WEB_SERVER PHP Easteregg Information-Disclosure (funny-logo) || url,osvdb.org/12184 || url,www.0php.com/php_easter_egg.php || url,seclists.org/nmap-dev/2010/q2/569 || url,doc.emergingthreats.net/2011144
1 || 2011145 || 3 || web-application-attack || 0 || ET WEB_SERVER 3Com Intelligent Management Center Cross Site Scripting Attempt || url,securitytracker.com/alerts/2010/May/1024022.html || url,support.3com.com/documents/netmgr/imc/3Com_IMC_readme_plat_3.30-SP2.html || url,www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-02 || url,doc.emergingthreats.net/2011145
1 || 2011146 || 5 || policy-violation || 0 || ET MALWARE User-Agent (Download Master) - Possible Malware Downloader || url,www.httpuseragent.org/list/Download+Master-n727.htm || url,www.westbyte.com/dm/ || url,doc.emergingthreats.net/2011146
1 || 2011148 || 5 || trojan-activity || 0 || ET TROJAN Unknown Malware Download Request || url,www.prevx.com/filenames/X22210989379038527-X1/GR_OLD_CR.EXE.html || url,doc.emergingthreats.net/2011148
1 || 2011149 || 7 || trojan-activity || 0 || ET MALWARE User-Agent (webcount) || url,doc.emergingthreats.net/2011149
1 || 2011150 || 3 || trojan-activity || 0 || ET DELETED UPS Spam Inbound Variant 2 || url,doc.emergingthreats.net/201150
1 || 2011151 || 3 || trojan-activity || 0 || ET DELETED UPS Spam Inbound Variant 3 || url,doc.emergingthreats.net/2011151
1 || 2011152 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Consona Products n6plugindestructor.asp Cross Site Scripting Attempt || bugtraq,39999 || url,juniper.net/security/auto/vulnerabilities/vuln39999.html || url,doc.emergingthreats.net/2011152
1 || 2011153 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ektron CMS400.NET reterror.aspx info Parameter Cross Site Scripting Attempt || bugtraq,39679 || url,secunia.com/advisories/39547/ || url,doc.emergingthreats.net/2011153
1 || 2011154 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Ektron CMS400.NET medialist.aspx selectids Parameter Cross Site Scripting Attempt || bugtraq,39679 || url,secunia.com/advisories/39547/ || url,doc.emergingthreats.net/2011154
1 || 2011155 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RJ-iTop Network Vulnerabilities Scan System id SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/39404/ || url,doc.emergingthreats.net/2011155
1 || 2011156 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RJ-iTop Network Vulnerabilities Scan System id DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/39404/ || url,doc.emergingthreats.net/2011156
1 || 2011157 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RJ-iTop Network Vulnerabilities Scan System id UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/39404/ || url,doc.emergingthreats.net/2011157
1 || 2011158 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RJ-iTop Network Vulnerabilities Scan System id INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/39404/ || url,doc.emergingthreats.net/2011158
1 || 2011159 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RJ-iTop Network Vulnerabilities Scan System id UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/39404/ || url,doc.emergingthreats.net/2011159
1 || 2011160 || 4 || web-application-attack || 0 || ET WEB_SERVER Apache Axis2 xsd Parameter Directory Traversal Attempt || bugtraq,40343 || url,doc.emergingthreats.net/2011160
1 || 2011161 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HotNews hnmain.inc.php3 incdir Parameter Remote File Inclusion Attempt || url,inj3ct0r.com/exploits/11731 || url,exploit-db.com/exploits/12160 || url,doc.emergingthreats.net/2011161
1 || 2011162 || 5 || trojan-activity || 0 || ET TROJAN IRC Potential bot update/download via ftp command || url,doc.emergingthreats.net/2011162
1 || 2011164 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 29o3 CMS pageDescriptionObject.php LibDir Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/12558 || bugtraq,40049 || url,doc.emergingthreats.net/2011164 || cve,2010-1922
1 || 2011165 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutHeaderFuncs.php LibDir Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/12558 || bugtraq,40049 || url,doc.emergingthreats.net/2011165
1 || 2011167 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutParser.php LibDir Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/12558 || bugtraq,40049 || url,doc.emergingthreats.net/2011167
1 || 2011168 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt || bugtraq,39992 || url,doc.emergingthreats.net/2011168
1 || 2011169 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt || bugtraq,39992 || url,doc.emergingthreats.net/2011169
1 || 2011170 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt || bugtraq,39992 || url,doc.emergingthreats.net/2011170
1 || 2011171 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt || bugtraq,39992 || url,doc.emergingthreats.net/2011171
1 || 2011172 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke FriendSend module sid Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/1005-exploits/phpnukefriend-sql.txt || bugtraq,39992 || url,doc.emergingthreats.net/2011172
1 || 2011173 || 11 || misc-attack || 0 || ET ACTIVEX Windows Help Center Arbitrary Command Execution Exploit Attempt || url,www.exploit-db.com/exploits/13808/ || url,doc.emergingthreats.net/2011173 || cve,2010-1885
1 || 2011174 || 3 || web-application-attack || 0 || ET WEB_SERVER SQL Injection Attempt (Agent CZxt2s) || url,doc.emergingthreats.net/2011174
1 || 2011175 || 5 || web-application-attack || 0 || ET WEB_SERVER Casper Bot Search RFI Scan || url,doc.emergingthreats.net/2011175
1 || 2011176 || 4 || web-application-attack || 0 || ET DELETED MaMa CaSpEr RFI Scan || url,doc.emergingthreats.net/2011176
1 || 2011178 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV Download with Cookie WinSec || url,www.virustotal.com/analisis/6b5ff522ddf418a5cca87ebd924736774c1a58a9b51bb44ee72dac01f0db317a-1278686791 || url,doc.emergingthreats.net/2011178
1 || 2011179 || 5 || trojan-activity || 0 || ET TROJAN Generic Checkin - MSCommonInfoEx || url,doc.emergingthreats.net/2011179
1 || 2011180 || 4 || trojan-activity || 0 || ET TROJAN Phoenix Exploit Kit pdfopen.pdf || url,doc.emergingthreats.net/2011180
1 || 2011181 || 4 || trojan-activity || 0 || ET TROJAN Phoenix Exploit Kit pdfswf.pdf || url,doc.emergingthreats.net/2011181
1 || 2011182 || 4 || trojan-activity || 0 || ET TROJAN Phoenix Exploit Kit - libtiff.pdf || url,doc.emergingthreats.net/2011182
1 || 2011183 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit malware payload download || url,doc.emergingthreats.net/2011183
1 || 2011184 || 4 || trojan-activity || 0 || ET TROJAN Phoenix Exploit Kit VBscript download || url,doc.emergingthreats.net/2011184
1 || 2011185 || 2 || trojan-activity || 0 || ET DELETED Nine Ball Infection Ping Outbound || url,doc.emergingthreats.net/2011185
1 || 2011186 || 6 || trojan-activity || 0 || ET TROJAN Nine Ball Infection ya.ru Post || url,www.martinsecurity.net/page/3 || url,doc.emergingthreats.net/2011186
1 || 2011187 || 3 || trojan-activity || 0 || ET DELETED Nine Ball Infection Posting Data || url,www.martinsecurity.net/page/3 || url,doc.emergingthreats.net/2011187
1 || 2011188 || 5 || trojan-activity || 0 || ET TROJAN Nine Ball User-Agent Detected (NQX315) || url,doc.emergingthreats.net/2011188
1 || 2011189 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible Cisco IOS HTTP Server Cross Site Scripting Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=17364 || url,www.cisco.com/en/US/products/products_security_response09186a0080a5c501.html || cve,2008-3821 || url,doc.emergingthreats.net/2011189
1 || 2011190 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM BladeCenter Management Module cindefn.php Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=154 || url,doc.emergingthreats.net/2011190
1 || 2011191 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM BladeCenter Management Module power_management_policy_options.php Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=154 || url,doc.emergingthreats.net/2011191
1 || 2011192 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM BladeCenter Management Module pm_temp.php Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=154 || url,doc.emergingthreats.net/2011192
1 || 2011193 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM BladeCenter Management Module power_module.php Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=154 || url,doc.emergingthreats.net/2011193
1 || 2011194 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM BladeCenter Management Module blade_leds.php Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=154 || url,doc.emergingthreats.net/2011194
1 || 2011195 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible IBM BladeCenter Management Module ipmi_bladestatus.php Cross Site Scripting Attempt || url,dsecrg.com/pages/vul/show.php?id=154 || url,doc.emergingthreats.net/2011195
1 || 2011196 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid ICount Remote Code Execution Attempt || url,www.zerodayinitiative.com/advisories/ZDI-10-085/ || cve,2010-1554 || url,doc.emergingthreats.net/2011196
1 || 2011197 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid MaxAge Remote Code Execution Attempt || url,www.zerodayinitiative.com/advisories/ZDI-10-084/ || cve,2010-1553 || url,doc.emergingthreats.net/2011197
1 || 2011198 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible HP OpenView Network Node Manager Getnnmdata.exe Invalid Hostname Remote Code Execution Attempt || url,www.zerodayinitiative.com/advisories/ZDI-10-086/ || cve,2010-1555 || url,doc.emergingthreats.net/2011198
1 || 2011199 || 2 || trojan-activity || 0 || ET TROJAN Outbound AVISOSVB MSSQL Request || url,www.threatexpert.com/report.aspx?md5=1f5b6d6d94cc6272c937045e22e6d192 || url,doc.emergingthreats.net/2011199
1 || 2011200 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX SendCommand Method Buffer Overflow Attempt || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011200
1 || 2011201 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX Login Method Buffer Oveflow Attempt || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011201
1 || 2011202 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX Snapshot Method Buffer Overflow Attempt || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011202
1 || 2011203 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX _DownloadPBOpen Method Buffer Overflow Attempt || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011203
1 || 2011204 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX _DownloadPBClose Method Buffer Overflow Attempt || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011204
1 || 2011205 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX _DownloadPBControl Method Buffer Overflow Attempt || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011205
1 || 2011206 || 3 || attempted-user || 0 || ET ACTIVEX AVTECH Software ActiveX Buffer Overflow Function Call || url,zeroscience.mk/en/vulnerabilities/ZSL-2010-4934.php || url,exploit-db.com/exploits/12294 || url,doc.emergingthreats.net/2011206
1 || 2011207 || 2 || web-application-attack || 0 || ET ACTIVEX SaschArt SasCam Webcam Server ActiveX Control Head Method Buffer Overflow Attempt || url,exploit-db.com/exploits/14215/ || bugtraq,41343 || url,doc.emergingthreats.net/2011207
1 || 2011208 || 3 || attempted-user || 0 || ET WEB_SPECIFIC_APPS SaschArt SasCam Webcam Server ActiveX Buffer Overflow Function Call || url,exploit-db.com/exploits/14215/ || bugtraq,41343 || url,doc.emergingthreats.net/2011208
1 || 2011209 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClearSite device_admin.php cs_base_path Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/65117 || cve,CVE-2010-2145 || url,doc.emergingthreats.net/2011209
1 || 2011210 || 6 || attempted-user || 0 || ET ACTIVEX ComponentOne VSFlexGrid ActiveX Control Archive Method Buffer Overflow Attempt || url,exploit-db.com/exploits/12673 || url,doc.emergingthreats.net/2011210
1 || 2011211 || 4 || attempted-user || 0 || ET ACTIVEX AtHocGov IWSAlerts ActiveX Control Buffer Overflow Function Call Attempt || url,metasploit.com/modules/exploit/windows/browser/athocgov_completeinstallation || url,athoc.com/products/IWSAlerts_overview.aspx || url,doc.emergingthreats.net/2011211
1 || 2011212 || 6 || attempted-user || 0 || ET ACTIVEX Consona Products SdcUser.TgConCtl ActiveX Control Buffer Overflow Attempt || url,www.kb.cert.org/vuls/id/602801 || bugtraq,40006 || url,juniper.net/security/auto/vulnerabilities/vuln40006.html || url,doc.emergingthreats.net/2011212
1 || 2011213 || 4 || attempted-user || 0 || ET ACTIVEX Consona Products SdcUser.TgConCtl ActiveX Control BOF Function Call || url,www.kb.cert.org/vuls/id/602801 || bugtraq,40006 || url,juniper.net/security/auto/vulnerabilities/vuln40006.html || url,doc.emergingthreats.net/2011213
1 || 2011214 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ArdeaCore pathForArdeaCore Parameter Remote File Inclusion Attempt || bugtraq,40811 || url,vupen.com/english/advisories/2010/1444 || url,exploit-db.com/exploits/13832/ || url,doc.emergingthreats.net/2011214
1 || 2011215 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Campsite article_id Parameter SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/39580/ || url,doc.emergingthreats.net/2011215
1 || 2011216 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Campsite article_id Parameter DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/39580/ || url,doc.emergingthreats.net/2011216
1 || 2011217 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Campsite article_id Parameter UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/39580/ || url,doc.emergingthreats.net/2011217
1 || 2011218 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Campsite article_id Parameter INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/39580/ || url,doc.emergingthreats.net/2011218
1 || 2011219 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Campsite article_id Parameter UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/39580/ || url,doc.emergingthreats.net/2011219
1 || 2011220 || 3 || trojan-activity || 0 || ET DELETED Executable requested from /wp-content/languages || url,www.malewareurl.com || url,doc.emergingthreats.net/2011220
1 || 2011221 || 3 || trojan-activity || 0 || ET DELETED FakeAV Served To Client || url,doc.emergingthreats.net/2011221
1 || 2011222 || 3 || bad-unknown || 0 || ET DELETED Malvertising drive by kit encountered - bmb cookie || url,doc.emergingthreats.net/2011222
1 || 2011223 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Malvertising drive by kit encountered - Loading... || url,doc.emergingthreats.net/2011223
1 || 2011224 || 4 || bad-unknown || 0 || ET DELETED Malvertising drive by kit collecting browser info || url,doc.emergingthreats.net/2011224
1 || 2011225 || 6 || policy-violation || 0 || ET POLICY Suspicious User Agent (AskInstallChecker) || url,doc.emergingthreats.net/2011225
1 || 2011226 || 5 || trojan-activity || 0 || ET MALWARE Sogou Toolbar Checkin || url,doc.emergingthreats.net/2011225
1 || 2011227 || 4 || trojan-activity || 0 || ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers || url,doc.emergingthreats.net/2011227
1 || 2011228 || 3 || trojan-activity || 0 || ET DELETED Trojan.StartPage activity || url,doc.emergingthreats.net/2011228
1 || 2011229 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (Suggestion) || url,doc.emergingthreats.net/2011229
1 || 2011230 || 4 || bad-unknown || 0 || ET DELETED MALVERTISING client requesting drive by - /x/?src= || url,doc.emergingthreats.net/2011230
1 || 2011231 || 5 || bad-unknown || 0 || ET DELETED MALVERTISING client requesting redirect to drive by - .php?c=cust || url,doc.emergingthreats.net/2011231
1 || 2011232 || 7 || trojan-activity || 0 || ET P2P p2p Related User-Agent (eChanblard) || url,doc.emergingthreats.net/2011232
1 || 2011233 || 2 || trojan-activity || 0 || ET TROJAN Troxen GetSpeed Request || url,www.threatexpert.com/report.aspx?md5=af89d15930fe59dcb621069abc83cc66 || url,doc.emergingthreats.net/2011233
1 || 2011234 || 4 || trojan-activity || 0 || ET TROJAN Cosmu Process Dump Report || url,doc.emergingthreats.net/2011234
1 || 2011235 || 2 || attempted-admin || 0 || ET EXPLOIT Possible Novell Groupwise Internet Agent CREATE Verb Stack Overflow Attempt || url,www.exploit-db.com/exploits/14379/ || url,www.zerodayinitiative.com/advisories/ZDI-10-129/ || url,www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7006374&sliceId=2&docTypeID=DT_TID_1_1&dialogID=155271264&stateId=0 0 155267598 || url,doc.emergingthreats.net/2011235
1 || 2011236 || 4 || trojan-activity || 0 || ET TROJAN Trojan-Downloader Win32.Genome.avan || url,doc.emergingthreats.net/2011236
1 || 2011238 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (Mozilla/4.0 (SP3 WINLD)) || url,doc.emergingthreats.net/2011238
1 || 2011239 || 3 || attempted-user || 0 || ET DELETED Possible Microsoft Windows Shortcut LNK File Automatic File Execution Attempt Via WebDAV || url,support.microsoft.com/kb/2286198 || url,www.kb.cert.org/vuls/id/940193 || url,tools.cisco.com/security/center/viewAlert.x?alertId=20918 || cve,2010-2568 || url,doc.emergingthreats.net/2011239
1 || 2011240 || 5 || misc-attack || 0 || ET WEB_CLIENT Mozilla Firefox Window.Open Document URI Spoofing Attempt || url,www.mozilla.org/security/announce/2010/mfsa2010-45.html || url,bugzilla.mozilla.org/show_bug.cgi?id=556957 || cve,2010-1206 || url,doc.emergingthreats.net/2011240
1 || 2011241 || 2 || not-suspicious || 0 || ET EXPLOIT M3U File Request Flowbit Set || url,doc.emergingthreats.net/2011241
1 || 2011242 || 3 || attempted-user || 0 || ET EXPLOIT Possible VLC Media Player M3U File FTP URL Processing Stack Buffer Overflow Attempt || url,securitytracker.com/alerts/2010/Jul/1024172.html || url,doc.emergingthreats.net/2011242
1 || 2011243 || 4 || web-application-attack || 0 || ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork) || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/ || url,doc.emergingthreats.net/2011243
1 || 2011244 || 5 || web-application-attack || 0 || ET WEB_SERVER Bot Search RFI Scan (ByroeNet/Casper-Like sun4u) || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/ || url,doc.emergingthreats.net/2011244
1 || 2011245 || 3 || bad-unknown || 0 || ET WEB_CLIENT PDF Containing Windows Commands Downloaded || url,doc.emergingthreats.net/2011245
1 || 2011246 || 4 || bad-unknown || 0 || ET WEB_CLIENT Likely Malicious PDF Containing StrReverse || url,doc.emergingthreats.net/2011246
1 || 2011247 || 6 || trojan-activity || 0 || ET MALWARE Likely Hostile User-Agent (Forthgoer) || url,doc.emergingthreats.net/2011247
1 || 2011248 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (XieHongWei-HttpDown/2.0) || url,doc.emergingthreats.net/2011248
1 || 2011249 || 6 || web-application-attack || 0 || ET ACTIVEX RSP MP3 Player OCX ActiveX OpenFile Method Buffer Overflow Attempt || url,exploit-db.com/exploits/14309/ || url,packetstormsecurity.org/1007-exploits/rspmp3-overflow.txt || url,doc.emergingthreats.net/2011249
1 || 2011250 || 4 || web-application-attack || 0 || ET ACTIVEX Image22 ActiveX DrawIcon Method Buffer Overflow Attempt || url,exploit-db.com/exploits/14321/ || url,doc.emergingthreats.net/2011250
1 || 2011251 || 7 || web-application-attack || 0 || ET ACTIVEX FathFTP ActiveX Control GetFromURL Method Buffer Overflow Attempt || url,exploit-db.com/exploits/14269/ || url,doc.emergingthreats.net/2011251
1 || 2011252 || 5 || web-application-attack || 0 || ET DELETED FathFTP ActiveX Control RasIsConnected Method Buffer Overflow Attempt || url,exploit-db.com/exploits/14269/ || url,doc.emergingthreats.net/2011252
1 || 2011253 || 6 || attempted-user || 0 || ET ACTIVEX Registry OCX ActiveX FullPath Method Buffer Overflow Attempt || url,exploit-db.com/exploits/14200/ || url,doc.emergingthreats.net/2011253
1 || 2011254 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Redaxo CMS index.inc.php Remote File Inclusion Attempt || url,vupen.com/english/advisories/2010/0942 || url,exploit-db.com/exploits/12276 || url,doc.emergingthreats.net/2011254
1 || 2011255 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Redaxo CMS specials.inc.php Remote File Inclusion Attempt || url,vupen.com/english/advisories/2010/0942 || url,exploit-db.com/exploits/12276 || url,doc.emergingthreats.net/2011255
1 || 2011256 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FireStats window-add-excluded-ip.php Cross Site Scripting Attempt || url,secunia.com/advisories/40569/ || url,h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html || url,doc.emergingthreats.net/2011256
1 || 2011257 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FireStats window-add-excluded-url.php Cross Site Scripting Attempt || url,secunia.com/advisories/40569/ || url,h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html || url,doc.emergingthreats.net/2011257
1 || 2011258 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FireStats window-new-edit-site.php Cross Site Scripting Attempt || url,secunia.com/advisories/40569/ || url,h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html || url,doc.emergingthreats.net/2011258
1 || 2011259 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXcms fm_includes_special Parameter Remote File Inclusion Attempt || url,www.exploit-db.com/exploits/9350/ || url,vupen.com/english/advisories/2009/2136 || url,doc.emergingthreats.net/2011259
1 || 2011262 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/40665/ || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,doc.emergingthreats.net/2011262
1 || 2011263 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/40665/ || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,doc.emergingthreats.net/2011263
1 || 2011264 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/40665/ || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,doc.emergingthreats.net/2011264
1 || 2011265 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/40665/ || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,doc.emergingthreats.net/2011265
1 || 2011266 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Group-Office comment_id Parameter UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/40665/ || url,packetstormsecurity.org/1007-exploits/groupoffice-sql.txt || url,doc.emergingthreats.net/2011266
1 || 2011268 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle Business Process Management context Parameter Cross Site Scripting Attempt || url,exploit-db.com/exploits/14369/ || url,secunia.com/advisories/40605 || url,doc.emergingthreats.net/2011268
1 || 2011269 || 6 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Small || url,doc.emergingthreats.net/2011269
1 || 2011270 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible Microsoft Windows .lnk File Processing WebDAV Arbitrary Code Execution Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=20918 || url,www.kb.cert.org/vuls/id/940193 || url,www.microsoft.com/technet/security/advisory/2286198.mspx || cve,2010-2568 || url,doc.emergingthreats.net/2011270
1 || 2011271 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (CustomSpy) || url,doc.emergingthreats.net/2011271
1 || 2011272 || 5 || trojan-activity || 0 || ET TROJAN Win32/Chekafe.A or Related Infection Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32/Chekafe.A || url,doc.emergingthreats.net/2011272
1 || 2011273 || 5 || trojan-activity || 0 || ET DELETED User-Agent (GM Login) || url,doc.emergingthreats.net/2011273
1 || 2011274 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OpenX phpAdsNew phpAds_geoPlugin Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/14432/ || url,inj3ct0r.com/exploits/13426 || url,doc.emergingthreats.net/2011274
1 || 2011275 || 5 || policy-violation || 0 || ET DELETED Akamai Redswoosh CLIOnlineManager Connection Detected || url,doc.emergingthreats.net/2011275
1 || 2011276 || 7 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (InfoBot) || url,doc.emergingthreats.net/2011276
1 || 2011277 || 8 || trojan-activity || 0 || ET TROJAN Rogue.Win32/Winwebsec Checkin || url,doc.emergingthreats.net/2011277
1 || 2011278 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Cosmu.xet || url,www.threatexpert.com/report.aspx?md5=f39554f3afe92dca3597efc1f7709ad4
1 || 2011279 || 3 || trojan-activity || 0 || ET MALWARE User-Agent (browserbob.com)
1 || 2011280 || 3 || bad-unknown || 0 || ET WEB_SERVER Phoenix Exploit Kit - Admin Login Page Detected Outbound
1 || 2011281 || 2 || bad-unknown || 0 || ET WEB_CLIENT phoenix exploit kit - admin login page detected
1 || 2011282 || 3 || trojan-activity || 0 || ET USER_AGENTS Suspicious User Agent (ScrapeBox)
1 || 2011283 || 4 || trojan-activity || 0 || ET MALWARE User-Agent (TALWinInetHTTPClient)
1 || 2011285 || 4 || web-application-attack || 0 || ET WEB_SERVER Bot Search RFI Scan (Casper-Like, Jcomers Bot scan) || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/ || url,doc.emergingthreats.net/2011285
1 || 2011286 || 4 || web-application-attack || 0 || ET WEB_SERVER Bot Search RFI Scan (Casper-Like MaMa Cyber/ebes) || url,eromang.zataz.com/2010/07/13/byroenet-casper-bot-search-e107-rce-scanner/ || url,doc.emergingthreats.net/2011286
1 || 2011287 || 3 || web-application-attack || 0 || ET WEB_SERVER Gootkit Website Infection Receiving FTP Credentials from Control Server || url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp || url,doc.emergingthreats.net/2011287
1 || 2011289 || 3 || web-application-attack || 0 || ET WEB_SERVER Local Website Infected By Gootkit || url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp || url,doc.emergingthreats.net/2011285
1 || 2011290 || 6 || web-application-attack || 0 || ET WEB_SERVER Gootkit Website Infection Request for FTP Credentials from Control Server || url,www.m86security.com/labs/i/GootKit--Automated-Website-Infection,trace.1368~.asp || url,doc.emergingthreats.net/2011286
1 || 2011291 || 3 || web-application-attack || 0 || ET WEB_SERVER Asprox Spambot SQL-Injection Atempt
1 || 2011293 || 7 || trojan-activity || 0 || ET MALWARE Suspicious User Agent (GabPath)
1 || 2011294 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Win32.FraudPack.aweo || url,www.threatexpert.com/report.aspx?md5=4bc4c32a8d93c29b026bbfb24ccecd14
1 || 2011295 || 7 || trojan-activity || 0 || ET TROJAN Butterfly/Mariposa Bot client init connection
1 || 2011296 || 2 || trojan-activity || 0 || ET TROJAN Butterfly/Mariposa Bot Join Acknowledgment
1 || 2011297 || 3 || trojan-activity || 0 || ET MALWARE User-Agent (KRMAK) Butterfly Bot download
1 || 2011300 || 3 || trojan-activity || 0 || ET TROJAN Stuxnet index.php || url,research.zscaler.com/2010/07/lnk-cve-2010-2568-stuxnet-incident.html
1 || 2011302 || 3 || bad-unknown || 0 || ET DELETED MALVERTISING request to media.fastclick.net.* host
1 || 2011303 || 1 || bad-unknown || 0 || ET DELETED MALVERTISING request to js.zedo.com.* host
1 || 2011304 || 1 || bad-unknown || 0 || ET DELETED MALVERTISING request to view.ads.* host
1 || 2011305 || 1 || bad-unknown || 0 || ET DELETED MALVERTISING request to adnet.media.* host
1 || 2011306 || 1 || bad-unknown || 0 || ET DELETED MALVERTISING request to adfarm.mediaplex.com.* host
1 || 2011307 || 2 || bad-unknown || 0 || ET DELETED DRIVEBY bredolab - hidden div served by nginx
1 || 2011311 || 4 || policy-violation || 0 || ET CURRENT_EVENTS request for hide-my-ip.com autoupdate
1 || 2011312 || 3 || policy-violation || 0 || ET CURRENT_EVENTS hide-my-ip.com POST version check
1 || 2011324 || 3 || policy-violation || 0 || ET CURRENT_EVENTS Games.jar Download Suspicious Possible Exploit Attempt
1 || 2011325 || 3 || policy-violation || 0 || ET DELETED Notes1.pdf Download Suspicious Possible Exploit Attempt
1 || 2011326 || 2 || policy-violation || 0 || ET CURRENT_EVENTS NewGames.jar Download Suspicious Possible Exploit Attempt
1 || 2011328 || 4 || web-application-attack || 0 || ET EXPLOIT HP OpenView Network Node Manager OvJavaLocale Cookie Value Buffer Overflow Attempt || url,www.coresecurity.com/content/hp-nnm-ovjavalocale-buffer-overflow || bugtraq,42154 || cve,2010-2709
1 || 2011329 || 5 || bad-unknown || 0 || ET WEB_CLIENT Possible PDF Launch Function Remote Code Execution Attempt with Name Representation Obfuscation || url,www.kb.cert.org/vuls/id/570177 || url,www.h-online.com/security/news/item/Criminals-attempt-to-exploit-unpatched-hole-in-Adobe-Reader-979286.html || url,www.sudosecure.net/archives/673 || url,www.h-online.com/security/news/item/Adobe-issues-official-workaround-for-PDF-vulnerability-971932.html || url,blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/ || url,www.m86security.com/labs/i/PDF-Launch-Feature-Used-to-Install-Zeus,trace.1301~.asp || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/
1 || 2011330 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Fragus - landing page delivered
1 || 2011334 || 6 || bad-unknown || 0 || ET MALWARE User-Agent (C\:\\WINDOWS\\system32\\NetLogom.exe)
1 || 2011335 || 3 || trojan-activity || 0 || ET TROJAN Sality Variant Checkin Activity || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AU || url,www.threatexpert.com/report.aspx?md5=f39d0a669ad98b95370a4f525d7d79ec
1 || 2011336 || 4 || trojan-activity || 0 || ET TROJAN Sality Variant Downloader Activity || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FSality.AU || url,www.threatexpert.com/report.aspx?md5=f39d0a669ad98b95370a4f525d7d79ec
1 || 2011337 || 3 || trojan-activity || 0 || ET TROJAN Sality Variant Downloader Activity (2) || url,www.threatexpert.com/report.aspx?md5=76cf08503cdd036850bcc4f29f64022f || url,www.threatexpert.com/report.aspx?md5=579f2e29434218d62d31625d369cbc42
1 || 2011338 || 3 || trojan-activity || 0 || ET TROJAN Sality Variant Downloader Activity (3) || url,www.threatexpert.com/report.aspx?md5=438bcb3c4a304b65419674ce8775d8a3
1 || 2011339 || 2 || bad-unknown || 0 || ET DELETED PHARMSPAM image requested layout viagra_super_active.jpg
1 || 2011341 || 6 || trojan-activity || 0 || ET TROJAN Suspicious POST to WINDOWS Folder Possible Malware Infection
1 || 2011342 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Malvertising DRIVEBY Fragus Admin Panel Delivered To Client
1 || 2011343 || 3 || bad-unknown || 0 || ET WEB_CLIENT FakeAV scanner page encountered Initializing Virus Protection System
1 || 2011344 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS POST to /x48/x58/ Possible Zeus Version 3 Command and Control Server Traffic || url,www.m86security.com/labs/i/Customers-of-Global-Financial-Institution-Hit-by-Cybercrime,trace.1431~.asp || url,www.m86security.com/documents/pdfs/security_labs/cybercriminals_target_online_banking.pdf
1 || 2011345 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zeus Version 3 Infection Posting Banking HTTP Log to Command and Control Server || url,www.m86security.com/labs/i/Customers-of-Global-Financial-Institution-Hit-by-Cybercrime,trace.1431~.asp || url,www.m86security.com/documents/pdfs/security_labs/cybercriminals_target_online_banking.pdf
1 || 2011346 || 7 || shellcode-detect || 0 || ET SHELLCODE Possible Unescape %u Shellcode/Heap Spray || url,www.w3schools.com/jsref/jsref_unescape.asp || url,isc.sans.org/diary.html?storyid=7906 || url,isc.sans.org/diary.html?storyid=7903 || url,malzilla.sourceforge.net/tutorial01/index.html || url,doc.emergingthreats.net/2011346
1 || 2011347 || 2 || bad-unknown || 0 || ET WEB_CLIENT Possible String.FromCharCode Javascript Obfuscation Attempt || url,www.w3schools.com/jsref/jsref_fromCharCode.asp || url,www.roseindia.net/javascript/method-fromcharcode.shtml || url,isc.sans.org/diary.html?storyid=7906 || url,isc.sans.org/diary.html?storyid=7903
1 || 2011348 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Exploit Kit request for PDF exploit
1 || 2011349 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Exploit Kit request for Java exploit
1 || 2011350 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Exploit Kit request for Java and PDF exploits
1 || 2011351 || 2 || bad-unknown || 0 || ET DELETED Driveby bredolab server response contains .ru 8080/index.php?
1 || 2011353 || 2 || bad-unknown || 0 || ET DELETED Driveby bredolab jquery.jxx
1 || 2011354 || 3 || bad-unknown || 0 || ET DELETED Driveby bredolab request to a .ru 8080 URI
1 || 2011355 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Driveby bredolab hidden div served by nginx
1 || 2011357 || 3 || trojan-activity || 0 || ET TROJAN FakeAV SetupSecure Download Attempt SetupSecure || url,www.malwareurl.com/listing.php?domain=virus-scanner-6.com
1 || 2011358 || 4 || web-application-attack || 0 || ET WEB_SERVER ColdFusion Path Traversal (locale 1/5) || url,h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964 || url,www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ || cve,CVE-2010-2861 || url,www.exploit-db.com/exploits/14641/
1 || 2011359 || 5 || web-application-attack || 0 || ET WEB_SERVER ColdFusion Path Traversal (locale 2/5) || url,h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964 || url,www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ || cve,CVE-2010-2861 || url,www.exploit-db.com/exploits/14641/
1 || 2011360 || 5 || web-application-attack || 0 || ET WEB_SERVER ColdFusion Path Traversal (locale 3/5) || url,h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964 || url,www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ || cve,CVE-2010-2861 || url,www.exploit-db.com/exploits/14641/
1 || 2011362 || 5 || web-application-attack || 0 || ET WEB_SERVER ColdFusion Path Traversal (locale 5/5) || url,h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964 || url,www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ || cve,CVE-2010-2861 || url,www.exploit-db.com/exploits/14641/
1 || 2011364 || 5 || trojan-activity || 0 || ET TROJAN Sinowal/sinonet/mebroot/Torpig infected host POSTing process list
1 || 2011365 || 10 || trojan-activity || 0 || ET TROJAN Sinowal/sinonet/mebroot/Torpig infected host checkin
1 || 2011366 || 2 || attempted-user || 0 || ET WEB_CLIENT Possible Apple Quicktime Invalid SMIL URI Buffer Overflow Attempt || url,securitytracker.com/alerts/2010/Aug/1024336.html || bugtraq,41962 || cve,2010-1799
1 || 2011367 || 1 || bad-unknown || 0 || ET SCAN TCP Traffic (ET SCAN Malformed Packet SYN FIN)
1 || 2011368 || 1 || bad-unknown || 0 || ET SCAN TCP Traffic (ET SCAN Malformed Packet SYN RST)
1 || 2011369 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY phoenix exploit kit landing page
1 || 2011370 || 3 || trojan-activity || 0 || ET TROJAN Stupid Stealer C&C Communication (1) || url,amada.abuse.ch/?search=f4bf4fb71d0846b0d43f22f0a77253fb
1 || 2011371 || 3 || trojan-activity || 0 || ET TROJAN Stupid Stealer C&C Communication (2) || url,amada.abuse.ch/?search=f4bf4fb71d0846b0d43f22f0a77253fb
1 || 2011373 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FakeAV client requesting fake scanner page
1 || 2011374 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.co.cc domain
1 || 2011375 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.cz.cc domain
1 || 2011377 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SaurusCMS com_del.php class_path Parameter Remote File Inclusion Attempt || url,inj3ct0r.com/exploits/13665
1 || 2011378 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter SELECT FROM SQL Injection Attempt || bugtraq,41377
1 || 2011380 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter UNION SELECT SQL Injection Attempt || bugtraq,41377
1 || 2011381 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter INSERT INTO SQL Injection Attempt || bugtraq,41377
1 || 2011382 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter UPDATE SET SQL Injection Attempt || bugtraq,41377
1 || 2011383 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CSSTidy css_optimiser.php url Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/40515/ || url,cross-site-scripting.blogspot.com/2010/07/impresscms-121-final-reflected-cross.html
1 || 2011384 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MAXcms fm_includes_special Parameter Remote File Inclusion Attempt || url,inj3ct0r.com/exploits/5609 || url,vupen.com/english/advisories/2009/2136
1 || 2011385 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla NoticeBoard Component controller Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/12427
1 || 2011387 || 5 || trojan-activity || 0 || ET TROJAN indux.php check-in
1 || 2011389 || 4 || web-application-activity || 0 || ET SCAN w3af Scan Remote File Include Retrieval || url,w3af.sourceforge.net
1 || 2011390 || 2 || web-application-activity || 0 || ET SCAN Nikto Scan Remote File Include Retrieval || url,cirt.net/nikto2
1 || 2011391 || 9 || trojan-activity || 0 || ET MALWARE web shell detected
1 || 2011392 || 4 || trojan-activity || 0 || ET MALWARE User-Agent (http-get-demo) Possible Reverse Web Shell
1 || 2011393 || 3 || trojan-activity || 0 || ET MALWARE User-Agent (Microsoft Internet Explorer 6.0) Possible Reverse Web Shell
1 || 2011395 || 3 || trojan-activity || 0 || ET TROJAN wisp backdoor detected reporting
1 || 2011396 || 3 || trojan-activity || 0 || ET TROJAN FakeYak or Related Infection Checkin 1 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Rogue%3aWin32%2fFakeYak
1 || 2011397 || 3 || trojan-activity || 0 || ET TROJAN FakeYak or Related Infection Checkin 2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Rogue%3aWin32%2fFakeYak
1 || 2011398 || 3 || trojan-activity || 0 || ET TROJAN Yoyo-DDoS Bot Execute DDoS Command From CnC Server || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/
1 || 2011399 || 4 || trojan-activity || 0 || ET TROJAN Yoyo-DDoS Bot Download and Launch Executable Message From CnC Server || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/
1 || 2011400 || 3 || trojan-activity || 0 || ET TROJAN Yoyo-DDoS Bot Execute SYN Flood Command Message From CnC Server || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/
1 || 2011401 || 1 || trojan-activity || 0 || ET TROJAN Yoyo-DDoS Bot Unknown Command From CnC Server || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/
1 || 2011402 || 4 || denial-of-service || 0 || ET TROJAN Yoyo-DDoS Bot HTTP Flood Attack Inbound || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/
1 || 2011403 || 3 || denial-of-service || 0 || ET TROJAN Yoyo-DDoS Bot HTTP Flood Attack Outbound || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/
1 || 2011407 || 3 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .com.ru Domain || url,sign.kaffenews.com/?p=104
1 || 2011408 || 3 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .com.cn Domain || url,sign.kaffenews.com/?p=104
1 || 2011409 || 3 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .co.cc Domain || url,sign.kaffenews.com/?p=104
1 || 2011410 || 3 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .cz.cc Domain || url,sign.kaffenews.com/?p=104
1 || 2011411 || 3 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .co.kr Domain || url,sign.kaffenews.com/?p=104
1 || 2011412 || 2 || attempted-user || 0 || ET ACTIVEX Apple QuickTime _Marshaled_pUnk Backdoor Param Arbitrary Code Execution Attempt || url,www.exploit-db.com/exploits/14843/
1 || 2011413 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Group Office json.php fingerprint Parameter Remote Command Execution Attempt || url,inj3ct0r.com/exploits/13365
1 || 2011414 || 4 || trojan-activity || 0 || ET TROJAN Win32/Small.gen!AQ Communication with Controller || url,perpetualhorizon.blogspot.com/2010/08/shot-in-dark-analysis-of-failed-malware.html || url,www.threatexpert.com/report.aspx?md5=eb3140416c06fa8cb7851076dd100dfb || url,www.threatexpert.com/report.aspx?md5=8033dffa899dcd16769f389073f9f053
1 || 2011415 || 4 || trojan-activity || 0 || ET DELETED General Trojan Downloader Request Observed || url,www.threatexpert.com/report.aspx?md5=3dd8193692b62a875985349b67da38c6 || url,www.threatexpert.com/report.aspx?md5=6c9ad4d06f72edcd2b301d66b25ad101 || url,www.threatexpert.com/report.aspx?md5=91fa03240b5a59853d0dad708055a7a8
1 || 2011416 || 4 || trojan-activity || 0 || ET TROJAN General Trojan FakeAV Downloader
1 || 2011417 || 3 || bad-unknown || 0 || ET DELETED MALVERTISING Hidden iframe Redirecting to SEO Driveby Site
1 || 2011419 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV landing page - sector.hdd.png no-repeat
1 || 2011420 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV client requesting image - sector.hdd.png
1 || 2011421 || 2 || bad-unknown || 0 || ET DELETED FAKEAV redirecting to fake scanner page - /?777
1 || 2011422 || 2 || attempted-recon || 0 || ET VOIP Possible Modified Sipvicious OPTIONS Scan || url,code.google.com/p/sipvicious/ || url,blog.sipvicious.org/
1 || 2011423 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cacti cacti/utilities.php Cross Site Scripting Attempt || bid,42575 || cve,2010-2544 || cve,2010-2545
1 || 2011424 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible SQL Injection Using MSSQL sp_configure Command || url,technet.microsoft.com/en-us/library/ms188787.aspx || url,technet.microsoft.com/en-us/library/ms190693.aspx
1 || 2011425 || 4 || web-application-attack || 0 || ET DELETED Possible Attempt to Create MSSQL SOAP/HTTP Endpoint in URI to Allow for Operating System Interaction || url,msdn.microsoft.com/en-us/library/ms345123.aspx
1 || 2011426 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS V-EVA Classified Script clsid Parameter SELECT FROM SQL Injection Attempt || bugtraq,41204
1 || 2011427 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS V-EVA Classified Script clsid Parameter DELETE FROM SQL Injection Attempt || bugtraq,41204
1 || 2011428 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS V-EVA Classified Script clsid Parameter UNION SELECT SQL Injection Attempt || bugtraq,41204
1 || 2011429 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS V-EVA Classified Script clsid Parameter INSERT INTO SQL Injection Attempt || bugtraq,41204
1 || 2011450 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS V-EVA Classified Script clsid Parameter UPDATE SET SQL Injection Attempt || bugtraq,41204
1 || 2011451 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla JGrid Component File Inclusion Attempt || url,secunia.com/advisories/40987/ || url,exploit-db.com/exploits/14656/
1 || 2011452 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dance Studio Manager dailyview.php date Parameter Cross Site Scripting Attempt || url,inj3ct0r.com/exploits/13770
1 || 2011453 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion maincore.php folder_level Parameter Local File Inclusion Attempt || url,inj3ct0r.com/exploits/13709
1 || 2011454 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 4images global.php db_servertype Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/14712/
1 || 2011456 || 3 || misc-activity || 0 || ET WEB_CLIENT PROPFIND Flowbit Set
1 || 2011457 || 6 || attempted-user || 0 || ET WEB_CLIENT DLL or EXE File From Possible WebDAV Share, Possible DLL Preloading Exploit Attempt || url,blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html || url,www.us-cert.gov/cas/techalerts/TA10-238A.html || url,www.microsoft.com/technet/security/advisory/2269637.mspx || url,blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx || url,blog.metasploit.com/2010/08/better-faster-stronger.html || url,blog.rapid7.com/?p=5325
1 || 2011464 || 4 || web-application-attack || 0 || ET WEB_SERVER /bin/csh In URI Possible Shell Command Execution Attempt
1 || 2011465 || 7 || web-application-attack || 0 || ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt
1 || 2011466 || 5 || web-application-attack || 0 || ET WEB_SERVER /bin/tsh In URI Possible Shell Command Execution Attempt
1 || 2011467 || 5 || web-application-attack || 0 || ET WEB_SERVER /bin/ksh In URI Possible Shell Command Execution Attempt
1 || 2011468 || 4 || bad-unknown || 0 || ET DELETED MALVERTISING trafficbiztds.com - client requesting redirect to exploit kit
1 || 2011469 || 6 || bad-unknown || 0 || ET DELETED MALVERTISING trafficbiztds.com - client receiving redirect to exploit kit
1 || 2011470 || 3 || trojan-activity || 0 || ET TROJAN Daurso FTP Credential Theft Reported || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fDaurso || url,xanalysis.blogspot.com/2009/07/9121219837-badness.html || url,www.threatexpert.com/report.aspx?md5=348ba619aab3a92b99701335f95fe2a7 || url,www.threatexpert.com/report.aspx?md5=8be56dbd057c3bde42ae804bfd647bb6
1 || 2011471 || 3 || trojan-activity || 0 || ET TROJAN Daurso Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fDaurso || url,xanalysis.blogspot.com/2009/07/9121219837-badness.html || url,www.threatexpert.com/report.aspx?md5=348ba619aab3a92b99701335f95fe2a7 || url,www.threatexpert.com/report.aspx?md5=8be56dbd057c3bde42ae804bfd647bb6
1 || 2011472 || 2 || bad-unknown || 0 || ET WEB_CLIENT Possible Microsoft Internet Explorer CSS Cross-Origin Theft Attempt || url,www.theregister.co.uk/2010/09/06/mystery_ie_bug/ || url,www.darknet.org.uk/2010/09/microsoft-investigate-ie-css-cross-origin-theft-vulnerability/ || url,seclists.org/fulldisclosure/2010/Sep/64
1 || 2011473 || 4 || trojan-activity || 0 || ET TROJAN Antivirus2010 Checkin port 8082 || url,blog.emsisoft.com/2010/08/09/antivirus2010-userinit-and-then-some-more/ || url,doc.emergingthreats.net/2011473
1 || 2011474 || 3 || trojan-activity || 0 || ET DELETED FakeAV Checkin
1 || 2011475 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV scanner page enocuntered - .hdd_icon
1 || 2011478 || 5 || attempted-user || 0 || ET EXPLOIT Possible Microsoft Office Word 2007 sprmCMajority Buffer Overflow Attempt || url,www.exploit-db.com/moaub11-microsoft-office-word-sprmcmajority-buffer-overflow/ || url,www.microsoft.com/technet/security/Bulletin/MS10-056.mspx || bid,42136 || cve,2010-1900
1 || 2011479 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING redirect to exploit kit (unoeuro server)
1 || 2011480 || 4 || trojan-activity || 0 || ET TROJAN IMDDOS Botnet User-Agent STORMDDOS || url,www.damballa.com/downloads/r_pubs/Damballa_Report_IMDDOS.pdf
1 || 2011481 || 4 || trojan-activity || 0 || ET TROJAN IMDDOS Botnet User-Agent IAMDDOS || url,www.damballa.com/downloads/r_pubs/Damballa_Report_IMDDOS.pdf
1 || 2011482 || 5 || trojan-activity || 0 || ET TROJAN IMDDOS Botnet User-Agent kav || url,www.damballa.com/downloads/r_pubs/Damballa_Report_IMDDOS.pdf
1 || 2011483 || 4 || trojan-activity || 0 || ET TROJAN IMDDOS Botnet User-Agent YTDDOS || url,www.damballa.com/downloads/r_pubs/Damballa_Report_IMDDOS.pdf
1 || 2011484 || 4 || trojan-activity || 0 || ET TROJAN IMDDOS Botnet User-Agent i am ddos || url,www.damballa.com/downloads/r_pubs/Damballa_Report_IMDDOS.pdf
1 || 2011485 || 2 || attempted-user || 0 || ET WEB_CLIENT RealPlayer FLV Parsing Integer Overflow Attempt || url,service.real.com/realplayer/security/08262010_player/en/ || url,www.exploit-db.com/moaub-13-realplayer-flv-parsing-multiple-integer-overflow/ || bugtraq,42775 || cve,2010-3000
1 || 2011486 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Phoenix landing page - valium
1 || 2011487 || 2 || bad-unknown || 0 || ET FTP Suspicious Percentage Symbol Usage in FTP Username || url,www.checkpoint.com/defense/advisories/public/2010/sbp-16-Aug.html
1 || 2011488 || 1 || bad-unknown || 0 || ET FTP Suspicious Quotation Mark Usage in FTP Username || url,www.checkpoint.com/defense/advisories/public/2010/sbp-16-Aug.html
1 || 2011489 || 5 || trojan-activity || 0 || ET TROJAN Meredrop/Nusump Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FNusump&ThreatID=-2147329857 || url,www.threatexpert.com/report.aspx?md5=ef0616d75bd892ed69fe22a510079686 || url,www.threatexpert.com/report.aspx?md5=463cdec2df12a04d6ea1d015746ee950
1 || 2011490 || 3 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Zlob.bgs Checkin(1) || url,threatexpert.com/report.aspx?md5=ffdcea0ed88d47bc21d71040f9289ef4
1 || 2011491 || 3 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Zlob.bgs Checkin(2) || url,threatexpert.com/report.aspx?md5=ffdcea0ed88d47bc21d71040f9289ef4
1 || 2011492 || 2 || trojan-activity || 0 || ET TROJAN Adware.Kraddare Checkin
1 || 2011493 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OpenX OpenFlashChart Remote Exploit Attempt || url,www.afterdawn.com/news/article.cfm/2010/09/12/vulnerability_in_openx_advertisement_server_afterdawn_s_ads_affected_as_well || url,www.esarcasm.com/17960/no-esarcasm-is-not-a-tool-of-satan-or-malware-authors/ || url,www.thinq.co.uk/2010/9/13/pirate-bay-cracked-spread-malware/ || url,www.kreativrauschen.com/blog/2010/09/09/critical-vulnerability-in-openx-286-open-flash-chart-2/ || url,www.heise.de/newsticker/meldung/Ein-Jahr-alte-Luecke-gefaehrdet-OpenX-Ad-Server-1077941.html || url,www.kreativrauschen.de/blog/2010/09/09/kritische-sicherheitsluecke-in-openx-2-8-6-open-flash-chart-2/ || url,doc.emergingthreats.net/2011493
1 || 2011494 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OpenX OpenFlashChart Remote Exploit - possible Access to uploaded Files  || url,www.afterdawn.com/news/article.cfm/2010/09/12/vulnerability_in_openx_advertisement_server_afterdawn_s_ads_affected_as_well || url,www.esarcasm.com/17960/no-esarcasm-is-not-a-tool-of-satan-or-malware-authors/ || url,www.thinq.co.uk/2010/9/13/pirate-bay-cracked-spread-malware/ || url,www.kreativrauschen.com/blog/2010/09/09/critical-vulnerability-in-openx-286-open-flash-chart-2/ || url,www.heise.de/newsticker/meldung/Ein-Jahr-alte-Luecke-gefaehrdet-OpenX-Ad-Server-1077941.html || url,www.kreativrauschen.de/blog/2010/09/09/kritische-sicherheitsluecke-in-openx-2-8-6-open-flash-chart-2/ || url,doc.emergingthreats.net/2011494
1 || 2011495 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Executable Download named to be .com FQDN || url,malwareurl.com
1 || 2011496 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Executable Download named to be FQDN || url,malwareurl.com
1 || 2011497 || 4 || attempted-recon || 0 || ET SCAN Hydra User-Agent || url,freeworld.thc.org/thc-hydra
1 || 2011499 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF With Embedded Adobe Shockwave Flash, Possibly Related to Remote Code Execution Attempt || url,feliam.wordpress.com/2010/02/11/flash-on-a-pdf-with-minipdf-py/ || cve,2010-1297 || cve,2010-2201
1 || 2011500 || 2 || attempted-user || 0 || ET WEB_CLIENT Possible Adobe Acrobat and Reader Pushstring Memory Corruption Attempt || url,www.exploit-db.com/moaub12-adobe-acrobat-and-reader-pushstring-memory-corruption/ || bugtraq,41237 || cve,2010-2201
1 || 2011501 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible Adobe CoolType Smart INdependent Glyplets - SING - Table uniqueName Stack Buffer Overflow Attempt || url,contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.html || cve,2010-2883
1 || 2011502 || 1 || misc-attack || 0 || ET EXPLOIT Possible Etrust Secure Transaction Platform Identification and Entitlements Server File Disclosure Attempt || url,shh.thathost.com/secadv/2009-06-15-entrust-ies.txt || url,securitytracker.com/alerts/2010/Sep/1024391.html
1 || 2011503 || 1 || misc-attack || 0 || ET EXPLOIT Sucessful Etrust Secure Transaction Platform Identification and Entitlements Server File Disclosure Attempt || url,shh.thathost.com/secadv/2009-06-15-entrust-ies.txt || url,securitytracker.com/alerts/2010/Sep/1024391.html
1 || 2011504 || 3 || bad-unknown || 0 || ET WEB_CLIENT String Replace in PDF File, Likely Hostile || url,www.w3schools.com/jsref/jsref_replace.asp
1 || 2011505 || 3 || bad-unknown || 0 || ET WEB_CLIENT PDF With Embedded Flash, Possible Remote Code Execution Attempt || url,feliam.wordpress.com/2010/02/11/flash-on-a-pdf-with-minipdf-py/ || cve,2010-1297
1 || 2011506 || 3 || bad-unknown || 0 || ET WEB_CLIENT PDF With eval Function - Possibly Hostile || url,www.w3schools.com/jsref/jsref_eval.asp
1 || 2011507 || 7 || bad-unknown || 0 || ET WEB_CLIENT PDF With Embedded File || url,blog.didierstevens.com/2009/07/01/embedding-and-hiding-files-in-pdf-documents/
1 || 2011509 || 2 || attempted-user || 0 || ET ACTIVEX Possible Novell iPrint Client Browser Plugin ExecuteRequest debug Parameter Stack Overflow Attempt || url,www.exploit-db.com/moaub-14-novell-iprint-client-browser-plugin-executerequest-debug-parameter-stack-overflow/ || bid,42100 || url,doc.emergingthreats.net/2011509
1 || 2011510 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Eleonore - landing page
1 || 2011511 || 1 || denial-of-service || 0 || ET DOS ntop Basic-Auth DOS inbound || url,www.securityfocus.com/bid/36074 || url,www.securityfocus.com/archive/1/505862 || url,www.securityfocus.com/archive/1/505876
1 || 2011512 || 1 || denial-of-service || 0 || ET DOS ntop Basic-Auth DOS outbound || url,www.securityfocus.com/bid/36074 || url,www.securityfocus.com/archive/1/505862 || url,www.securityfocus.com/archive/1/505876
1 || 2011513 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Phoenix Exploit Kit - PROPFIND AVI
1 || 2011514 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit - tmp/flash.swf
1 || 2011515 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit - collab.pdf
1 || 2011517 || 3 || trojan-activity || 0 || ET MALWARE Inbound AlphaServer User-Agent (Powered By 64-Bit Alpha Processor)
1 || 2011518 || 3 || trojan-activity || 0 || ET MALWARE Outbound AlphaServer User-Agent (Powered By 64-Bit Alpha Processor)
1 || 2011519 || 2 || attempted-user || 0 || ET WEB_CLIENT Possible Adobe Acrobat Reader Newclass Invalid Pointer Remote Code Execution Attempt || url,www.exploit-db.com/adobe-acrobat-newclass-invalid-pointer-vulnerability/ || cve,2010-1297
1 || 2011520 || 4 || trojan-activity || 0 || ET TROJAN Knock.php Shiz or Rohimafo CnC Server Contact URL || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab
1 || 2011521 || 4 || trojan-activity || 0 || ET DELETED Shiz or Rohimafo config download || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab
1 || 2011522 || 3 || trojan-activity || 0 || ET DELETED Shiz or Rohimafo config loaded || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab
1 || 2011523 || 3 || trojan-activity || 0 || ET TROJAN Shiz or Rohimafo Reporting Listening Socket to CnC Server || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab
1 || 2011524 || 3 || trojan-activity || 0 || ET DELETED Knok.php Shiz or Rohimafo Host Information Submission to CnC Server || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab
1 || 2011525 || 3 || not-suspicious || 0 || ET POLICY OpenSSL Demo Cert Exchange
1 || 2011526 || 1 || suspicious-filename-detect || 0 || ET NETBIOS windows recycler request - suspicious || url,about-threats.trendmicro.com/ArchiveMalware.aspx?name=WORM_AUTORUN.ZBC || url,www.symantec.com/connect/forums/virus-alert-crecyclers-1-5-21-1482476501-1644491937-682003330-1013svchostexe || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FFakerecy.A || url,support.microsoft.com/kb/971029
1 || 2011527 || 4 || suspicious-filename-detect || 0 || ET NETBIOS windows recycler .exe request - suspicious || url,about-threats.trendmicro.com/ArchiveMalware.aspx?name=WORM_AUTORUN.ZBC || url,www.symantec.com/connect/forums/virus-alert-crecyclers-1-5-21-1482476501-1644491937-682003330-1013svchostexe
1 || 2011528 || 6 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of /Subtype || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/
1 || 2011529 || 6 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of Action || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/
1 || 2011530 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of EmbeddedFile || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/
1 || 2011531 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of Type || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/
1 || 2011532 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of Javascript || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/
1 || 2011533 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of URL || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/
1 || 2011534 || 7 || attempted-user || 0 || ET DELETED PDF Name Representation Obfuscation of JBIG2Decode, Very Likely Memory Corruption Attempt || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/ || url,blog.didierstevens.com/2009/03/01/quickpost-jbig2decode-signatures/ || bugtraq,33751 || cve,2009-0658
1 || 2011535 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of JS || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/
1 || 2011536 || 5 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of Pages || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/
1 || 2011537 || 4 || bad-unknown || 0 || ET WEB_CLIENT PDF Name Representation Obfuscation of OpenAction || url,blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/
1 || 2011538 || 2 || attempted-user || 0 || ET WEB_CLIENT Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Attempt || url,www.exploit-db.com/moaub-17-firefox-plugin-parameter-ensurecachedattrparamarrays-remote-code-execution/ || url,www.mozilla.org/security/announce/2010/mfsa2010-37.html || bugtraq,41842 || cve,2010-1214
1 || 2011539 || 3 || not-suspicious || 0 || ET POLICY OpenSSL Demo CA - Internet Widgits Pty (CN)
1 || 2011540 || 4 || trojan-activity || 0 || ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
1 || 2011541 || 4 || trojan-activity || 0 || ET POLICY OpenSSL Demo CA - Cryptsoft Pty (CN)
1 || 2011542 || 6 || bad-unknown || 0 || ET POLICY OpenSSL Demo CA - Cryptsoft Pty (O)
1 || 2011543 || 5 || attempted-user || 0 || ET WEB_CLIENT Adobe Shockwave Director tSAC Chunk memory corruption Attempt || url,exploit-db.com/download_pdf/15077
1 || 2011544 || 7 || trojan-activity || 0 || ET TROJAN JAR Download From Crimepack Exploit Kit || url,doc.emergingthreats.net/2011544 || url,krebsonsecurity.com/tag/crimepack/ || url,www.offensivecomputing.net/?q=node/1572
1 || 2011545 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Client requesting fake scanner page /scan/?key=
1 || 2011546 || 2 || bad-unknown || 0 || ET DELETED FAKEAV client requesting fake scanner page
1 || 2011547 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AlstraSoft AskMe que_id Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/14979/
1 || 2011552 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FCMS familynews.php current_user_id Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/14965/
1 || 2011553 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS FCMS settings.php current_user_id Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/14965/
1 || 2011554 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_jphone Local File Inclusion Attempt || url,exploit-db.com/exploits/14964/
1 || 2011555 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SnortReport nmap.php target Parameter Arbitrary Command Execution Attempt || url,osvdb.org/show/osvdb/67739
1 || 2011556 || 1 || web-application-attack || 0 || ET DELETED ClearSite device_admin.php cs_base_path Parameter Remote File Inclusion Attempt || url,osvdb.org/show/osvdb/65117 || cve,CVE-2010-2145
1 || 2011557 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_zoomportfolio component UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/41047/ || url,exploit-db.com/exploits/14718/
1 || 2011558 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_zoomportfolio component INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/41047/ || url,exploit-db.com/exploits/14718/
1 || 2011559 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_zoomportfolio component UPDATE SET SQL Injection Attempt || url,secunia.com/advisories/41047/ || url,exploit-db.com/exploits/14718/
1 || 2011560 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_zoomportfolio component SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/41047/ || url,exploit-db.com/exploits/14718/
1 || 2011561 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_zoomportfolio component DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/41047/ || url,exploit-db.com/exploits/14718/
1 || 2011562 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PithCMS oldnews_reader.php lang Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/13899/
1 || 2011563 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DynPage dynpage_load.php file Parameter Local File Inclusion Attempt || url,secunia.com/advisories/41317/
1 || 2011564 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Classifieds class.phpmailer.php lang_path Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/14893/
1 || 2011565 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dompdf dompdf.php input_file Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/14851/
1 || 2011566 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Easypush Server Manager addressbook.cgi page Parameter Cross Site Scripting Attempt || url,inj3ct0r.com/exploits/13944
1 || 2011571 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Euchia CMS catalogo.php id_livello Parameter Cross Site Scripting Attempt || url,inj3ct0r.com/exploits/13028
1 || 2011572 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Plogger phpThumb.php h Parameter Remote File Disclosure Attempt || url,exploit-db.com/exploits/14636/
1 || 2011573 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Plogger phpThumb.php src Parameter Remote File Disclosure Attempt || url,exploit-db.com/exploits/14636/
1 || 2011574 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Plogger phpThumb.php w Parameter Remote File Disclosure Attempt || url,exploit-db.com/exploits/14636/
1 || 2011575 || 2 || attempted-user || 0 || ET WEB_CLIENT Adobe Acrobat newfunction Remote Code Execution Attempt || url,www.adobe.com/support/security/bulletins/apsb10-15.html || url,www.exploit-db.com/moaub-23-adobe-acrobat-and-reader-newfunction-remote-code-execution-vulnerability/ || bid,41236 || cve,2010-2168
1 || 2011576 || 4 || trojan-activity || 0 || ET TROJAN nte Binary Download Attempt (multiple malware variants served) || url,www.malwaredomainlist.com || url,www.malwareurl.com/search.php?domain=&s=trest1&match=0&rp=200&urls=on&redirs=on&ip=on&reverse=on&as=on
1 || 2011577 || 3 || trojan-activity || 0 || ET TROJAN DNSTrojan FakeAV Dropper Activity Observed (1) || url,www.abuse.ch/?p=2740 || url,www.abuse.ch/?p=2796 || url,www.threatexpert.com/report.aspx?md5=c59cdd1366dd5c2f448c03738ec0dc88 || url,www.threatexpert.com/report.aspx?md5=b93360ec3798215a5cca573747df0139
1 || 2011578 || 3 || trojan-activity || 0 || ET TROJAN DNSTrojan FakeAV Dropper Activity Observed (2) || url,www.abuse.ch/?p=2740 || url,www.abuse.ch/?p=2796 || url,www.threatexpert.com/report.aspx?md5=c59cdd1366dd5c2f448c03738ec0dc88 || url,www.threatexpert.com/report.aspx?md5=b93360ec3798215a5cca573747df0139
1 || 2011579 || 1 || bad-unknown || 0 || ET POLICY route1.com SSL certificate for remote access detected
1 || 2011581 || 9 || bad-unknown || 0 || ET POLICY Vulnerable Java Version 1.5.x Detected || url,javatester.org/version.html
1 || 2011582 || 33 || bad-unknown || 0 || ET POLICY Vulnerable Java Version 1.6.x Detected || url,javatester.org/version.html
1 || 2011583 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Neosploit Exploit Pack Activity Observed || url,blog.fireeye.com/research/2010/01/pdf-obfuscation.html || url,blog.fireeye.com/research/2010/06/neosploit_notes.html || url,dxp2532.blogspot.com/2007/12/neosploit-exploit-toolkit.html
1 || 2011584 || 11 || bad-unknown || 0 || ET POLICY Vulnerable Java Version 1.4.x Detected || url,javatester.org/version.html
1 || 2011585 || 3 || trojan-activity || 0 || ET TROJAN Avzhan DDOS Bot Outbound Hardcoded Malformed GET Request Denial Of Service Attack Detected || url,asert.arbornetworks.com/2010/09/another-family-of-ddos-bots-avzhan/
1 || 2011588 || 19 || trojan-activity || 0 || ET TROJAN Zeus Bot Request to CnC || url,www.secureworks.com/research/threats/zeus/?threat=zeus || url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html
1 || 2011589 || 6 || web-application-attack || 0 || ET ACTIVEX Microsoft DirectX 9 msvidctl.dll ActiveX Control Code Execution Attempt || url,packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt
1 || 2011590 || 3 || attempted-user || 0 || ET ACTIVEX Microsoft DirectX 9 ActiveX Control Format String Function Call || url,packetstorm.linuxsecurity.com/1009-exploits/msvidctl-activex.txt
1 || 2011591 || 3 || trojan-activity || 0 || ET TROJAN Potential-Hiloti/FakeAV site access
1 || 2011592 || 1 || trojan-activity || 0 || ET TROJAN Yoyo-DDoS Bot Download and Launch Executable Message From CnC Server || url,asert.arbornetworks.com/2010/08/yoyoddos-a-new-family-of-ddos-bots/
1 || 2011666 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 29o3 CMS layoutManager.php LibDir Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/12558 || bugtraq,40049 || url,doc.emergingthreats.net/2011666
1 || 2011667 || 6 || trojan-activity || 0 || ET ATTACK_RESPONSE Backdoor reDuh http initiate || url,www.sensepost.com/labs/tools/pentest/reduh || url,doc.emergingthreats.net/2011667
1 || 2011668 || 6 || trojan-activity || 0 || ET ATTACK_RESPONSE Backdoor reDuh http tunnel || url,www.sensepost.com/labs/tools/pentest/reduh || url,doc.emergingthreats.net/2011668
1 || 2011669 || 4 || attempted-admin || 0 || ET EXPLOIT Linksys WAP54G debug.cgi Shell Access as Gemtek || url,seclists.org/fulldisclosure/2010/Jun/176 || url,doc.emergingthreats.net/2011669
1 || 2011670 || 3 || trojan-activity || 0 || ET DELETED Fake AV Related CSS Download || url,doc.emergingthreats.net/2011670
1 || 2011672 || 4 || misc-attack || 0 || ET DELETED Adobe Flash 0Day Exploit Attempt || url,www.exploit-db.com/exploits/13787/ || url,doc.emergingthreats.net/2011672
1 || 2011673 || 3 || attempted-dos || 0 || ET DOS Possible SolarWinds TFTP Server Read Request Denial Of Service Attempt || url,www.exploit-db.com/exploits/12683/ || url,doc.emergingthreats.net/2011673
1 || 2011674 || 3 || attempted-dos || 0 || ET DOS SolarWinds TFTP Server Long Write Request Denial Of Service Attempt || url,www.exploit-db.com/exploits/13836/ || url,doc.emergingthreats.net/2011674
1 || 2011675 || 4 || attempted-user || 0 || ET ACTIVEX Possible NOS Microsystems Adobe Reader/Acrobat getPlus Get_atlcom Helper ActiveX Control Multiple Stack Overflows Remote Code Execution Attempt || url,www.securityfocus.com/bid/37759 || url,www.kb.cert.org/vuls/id/773545 || url,www.exploit-db.com/exploits/11172/ || url,www.adobe.com/support/security/bulletins/apsb10-02.html || cve,2009-3958 || url,doc.emergingthreats.net/2011675
1 || 2011676 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Collaboration Server LoginPage.jhtml Cross Site Scripting Attempt || url,www.exploit-db.com/exploits/11403/ || cve,2010-0641 || url,doc.emergingthreats.net/2011676
1 || 2011677 || 7 || trojan-activity || 0 || ET MALWARE MSIL.Amiricil.gen HTTP Checkin || url,www.threatexpert.com/report.aspx?md5=af0bbdf6097233e8688c5429aa97bbed || url,doc.emergingthreats.net/2011677
1 || 2011678 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (HTTP_Query) || url,doc.emergingthreats.net/2011678
1 || 2011679 || 6 || trojan-activity || 0 || ET MALWARE User-Agent (dbcount) || url,doc.emergingthreats.net/2011679
1 || 2011680 || 6 || trojan-activity || 0 || ET DELETED Skype Easybits Extras Manager - Exploit || url,www.m86security.com/labs/traceitem.asp?article=1347 || url,doc.emergingthreats.net/2011680
1 || 2011681 || 3 || attempted-user || 0 || ET ACTIVEX Avaya CallPilot Unified Messaging ActiveX Function Call || url,secunia.com/advisories/40184/ || bugtraq,40535 || url,doc.emergingthreats.net/2011681
1 || 2011690 || 7 || attempted-user || 0 || ET ACTIVEX Possible Sygate Personal Firewall ActiveX SetRegString Method Stack Overflow Attempt || url,www.exploit-db.com/exploits/13834/ || url,www.corelan.be#=#=8800/index.php/forum/security-advisories/10-050-sygate-personal-firewall-5-6-build-2808-activex/ || url,doc.emergingthreats.net/2011690
1 || 2011691 || 6 || trojan-activity || 0 || ET MALWARE Hotbar Agent User-Agent (PinballCorp) || url,doc.emergingthreats.net/2011691
1 || 2011692 || 3 || attempted-user || 0 || ET ACTIVEX Avaya CallPilot Unified Messaging ActiveX InstallFrom Method Access Attempt || url,secunia.com/advisories/40184/ || bugtraq,40535 || url,doc.emergingthreats.net/10767
1 || 2011693 || 5 || trojan-activity || 0 || ET TROJAN Fragus Exploit Kit Landing || url,jsunpack.jeek.org/dec/go?report=d60344851322218108076f1ad8d21435de9d5b7c || url,www.malwareurl.com || url,doc.emergingthreats.net/2011693
1 || 2011694 || 9 || policy-violation || 0 || ET POLICY Windows 3.1 User-Agent Detected - Possible Malware or Non-Updated System || url,doc.emergingthreats.net/2011694
1 || 2011695 || 4 || attempted-user || 0 || ET WEB_CLIENT Possible Microsoft Internet Explorer Dynamic Object Tag/URLMON Sniffing Cross Domain Information Disclosure Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=19873 || url,tools.cisco.com/security/center/viewAlert.x?alertId=20610 || url,www.microsoft.com/technet/security/bulletin/ms10-035.mspx || url,www.coresecurity.com/content/internet-explorer-dynamic-object-tag || cve,2010-0255 || url,doc.emergingthreats.net/2011695
1 || 2011696 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible JBoss JMX Console Beanshell Deployer WAR Upload and Deployment Exploit Attempt || url,www.redteam-pentesting.de/en/publications/jboss/-bridging-the-gap-between-the-enterprise-and-you-or-whos-the-jboss-now || cve,2010-0738 || url,doc.emergingthreats.net/2011696
1 || 2011697 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS JBoss JMX Console Beanshell Deployer .WAR File Upload and Deployment Cross Site Request Forgery Attempt || url,www.redteam-pentesting.de/en/publications/jboss/-bridging-the-gap-between-the-enterprise-and-you-or-whos-the-jboss-now || cve,2010-0738 || url,doc.emergingthreats.net/2011697
1 || 2011698 || 6 || web-application-attack || 0 || ET WEB_CLIENT Java Web Start Command Injection (.jar) || url,seclists.org/fulldisclosure/2010/Apr/119 || url,doc.emergingthreats.net/2011698
1 || 2011699 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (Transmission/1.x) || url,www.transmissionbt.com || url,doc.emergingthreats.net/2011699
1 || 2011700 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (KTorrent/3.x.x) || url,ktorrent.org || url,doc.emergingthreats.net/2011700
1 || 2011701 || 6 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (Opera/10.x) || url,www.opera.com || url,doc.emergingthreats.net/2011701
1 || 2011702 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (BitTornado) || url,www.bittornado.com || url,doc.emergingthreats.net/2011702
1 || 2011703 || 6 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (Enhanced CTorrent 3.x) || url,www.rahul.net/dholmes/ctorrent || url,doc.emergingthreats.net/2011703
1 || 2011704 || 5 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (Deluge 1.x.x) || url,deluge-torrent.org || url,doc.emergingthreats.net/2011704
1 || 2011705 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (rTorrent) || url,libtorrent.rakshasa.no || url,doc.emergingthreats.net/2011705
1 || 2011706 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (uTorrent) || url,www.utorrent.com || url,doc.emergingthreats.net/2011706
1 || 2011707 || 4 || policy-violation || 0 || ET P2P Client User-Agent (Shareaza 2.x) || url,shareaza.sourceforge.net || url,doc.emergingthreats.net/2011707
1 || 2011708 || 6 || policy-violation || 0 || ET GAMES Blizzard Downloader Client User-Agent (Blizzard Downloader 2.x) || url,www.worldofwarcraft.com/info/faq/blizzarddownloader.html || url,doc.emergingthreats.net/2011708
1 || 2011710 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (BitComet) || url,www.bitcomet.com || url,doc.emergingthreats.net/2011710
1 || 2011711 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (KTorrent 2.x) || url,ktorrent.org || url,doc.emergingthreats.net/2011711
1 || 2011712 || 6 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (FDM 3.x) || url,www.freedownloadmanager.org || url,doc.emergingthreats.net/2011712
1 || 2011713 || 4 || policy-violation || 0 || ET P2P Bittorrent P2P Client User-Agent (BTSP) || url,doc.emergingthreats.net/2011713
1 || 2011714 || 6 || bad-unknown || 0 || ET DELETED Hidden iframe Served by nginx - Likely Hostile Code || url,doc.emergingthreats.net/2011714
1 || 2011715 || 3 || trojan-activity || 0 || ET DELETED MALVERTISING Adobe Exploited Check-In || url,doc.emergingthreats.net/2011715
1 || 2011716 || 3 || attempted-recon || 0 || ET SCAN Sipvicious User-Agent Detected (friendly-scanner) || url,code.google.com/p/sipvicious/ || url,blog.sipvicious.org/ || url,doc.emergingthreats.net/2011716
1 || 2011718 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (RangeCheck/0.1) || url,doc.emergingthreats.net/2011718
1 || 2011719 || 7 || trojan-activity || 0 || ET POLICY Win32/Sogou User-Agent (SOGOU_UPDATER) || url,doc.emergingthreats.net/2011719 || url,microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Program%3aWin32%2fSogou
1 || 2011720 || 3 || attempted-recon || 0 || ET SCAN Possible WafWoof Web Application Firewall Detection Scan || url,code.google.com/p/waffit/ || url,doc.emergingthreats.net/2011720
1 || 2011721 || 3 || attempted-recon || 0 || ET SCAN Possible Fast-Track Tool Spidering User-Agent Detected || url,www.offensive-security.com/metasploit-unleashed/Fast-Track-Modes || url,doc.emergingthreats.net/2011721
1 || 2011722 || 3 || attempted-user || 0 || ET ACTIVEX Axis Media Controller ActiveX SetImage Method Remote Code Execution Attempt || bugtraq,41078 || url,doc.emergingthreats.net/2011722
1 || 2011723 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Webmoney Advisor ActiveX Redirect Method Remote DoS Attempt || url,exploit-db.com/exploits/12431 || url,doc.emergingthreats.net/2011723
1 || 2011724 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Webmoney Advisor ActiveX Control DoS Function Call || url,exploit-db.com/exploits/12431 || url,doc.emergingthreats.net/2011724
1 || 2011725 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EZPX photoblog tpl_base_dir Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/13890/ || url,vupen.com/english/advisories/2010/1497 || bugtraq,40881 || url,doc.emergingthreats.net/2011725
1 || 2011726 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SchoolMation studentmain.php session Parameter SELECT FROM SQL Injection Attempt || bugtraq,40737 || url,exploit-db.com/exploits/13812/ || url,doc.emergingthreats.net/2011726
1 || 2011727 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SchoolMation studentmain.php session Parameter DELETE FROM SQL Injection Attempt || bugtraq,40737 || url,exploit-db.com/exploits/13812/ || url,doc.emergingthreats.net/2011727
1 || 2011728 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SchoolMation studentmain.php session Parameter UNION SELECT SQL Injection Attempt || bugtraq,40737 || url,exploit-db.com/exploits/13812/ || url,doc.emergingthreats.net/2011728
1 || 2011729 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SchoolMation studentmain.php session Parameter INSERT INTO SQL Injection Attempt || bugtraq,40737 || url,exploit-db.com/exploits/13812/ || url,doc.emergingthreats.net/2011729
1 || 2011730 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SchoolMation studentmain.php session Parameter UPDATE SET SQL Injection Attempt || bugtraq,40737 || url,exploit-db.com/exploits/13812/ || url,doc.emergingthreats.net/2011730
1 || 2011731 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SchoolMation studentmain.php session Parameter Cross Site Scripting Attempt || bugtraq,40737 || url,exploit-db.com/exploits/13812/ || url,doc.emergingthreats.net/2011731
1 || 2011732 || 2 || attempted-dos || 0 || ET DOS Possible VNC ClientCutText Message Denial of Service/Memory Corruption Attempt || url,www.fortiguard.com/encyclopedia/vulnerability/vnc.server.clientcuttext.message.memory.corruption.html || url,doc.emergingthreats.net/2011732
1 || 2011733 || 3 || policy-violation || 0 || ET GAMES TeamSpeak3 Connect || url,teamspeak.com || url,doc.emergingthreats.net/2011733
1 || 2011734 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Connection/Login || url,teamspeak.com || url,doc.emergingthreats.net/2011734
1 || 2011735 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Connection/Login Replay || url,teamspeak.com || url,doc.emergingthreats.net/2011735
1 || 2011736 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Connection/Ping || url,teamspeak.com || url,doc.emergingthreats.net/2011736
1 || 2011737 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Connection/Ping Reply || url,teamspeak.com || url,doc.emergingthreats.net/2011737
1 || 2011738 || 4 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Login Part 2 || url,teamspeak.com || url,doc.emergingthreats.net/2011738
1 || 2011739 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Channel List || url,teamspeak.com || url,doc.emergingthreats.net/2011739
1 || 2011740 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Player List || url,teamspeak.com || url,doc.emergingthreats.net/2011740
1 || 2011741 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Login End || url,teamspeak.com || url,doc.emergingthreats.net/2011741
1 || 2011742 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/New Player Joined || url,teamspeak.com || url,doc.emergingthreats.net/2011742
1 || 2011743 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Player Left || url,teamspeak.com || url,doc.emergingthreats.net/2011743
1 || 2011744 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Change Status || url,teamspeak.com || url,doc.emergingthreats.net/2011744
1 || 2011745 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Known Player Update || url,teamspeak.com || url,doc.emergingthreats.net/2011745
1 || 2011746 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 Standard/Disconnect || url,teamspeak.com || url,doc.emergingthreats.net/2011746
1 || 2011747 || 3 || policy-violation || 0 || ET GAMES TeamSpeak2 ACK || url,teamspeak.com || url,doc.emergingthreats.net/2011747
1 || 2011748 || 4 || policy-violation || 0 || ET GAMES TrackMania Game Launch || url,www.trackmania.com || url,doc.emergingthreats.net/2011748
1 || 2011749 || 3 || policy-violation || 0 || ET GAMES TrackMania Game Check for Patch || url,www.trackmania.com || url,doc.emergingthreats.net/2011749
1 || 2011750 || 4 || policy-violation || 0 || ET GAMES TrackMania Request GetConnectionAndGameParams || url,www.trackmania.com || url,doc.emergingthreats.net/2011750
1 || 2011751 || 4 || policy-violation || 0 || ET GAMES TrackMania Request OpenSession || url,www.trackmania.com || url,doc.emergingthreats.net/2011751
1 || 2011752 || 5 || policy-violation || 0 || ET GAMES TrackMania Request Connect || url,www.trackmania.com || url,doc.emergingthreats.net/2011752
1 || 2011753 || 4 || policy-violation || 0 || ET GAMES TrackMania Request Disconnect || url,www.trackmania.com || url,doc.emergingthreats.net/2011753
1 || 2011754 || 4 || policy-violation || 0 || ET GAMES TrackMania Request GetOnlineProfile || url,www.trackmania.com || url,doc.emergingthreats.net/2011754
1 || 2011755 || 4 || policy-violation || 0 || ET GAMES TrackMania Request GetBuddies || url,www.trackmania.com || url,doc.emergingthreats.net/2011755
1 || 2011756 || 4 || policy-violation || 0 || ET GAMES TrackMania Request SearchNew || url,www.trackmania.com || url,doc.emergingthreats.net/2011756
1 || 2011757 || 4 || policy-violation || 0 || ET GAMES TrackMania Request LiveUpdate || url,www.trackmania.com || url,doc.emergingthreats.net/2011757
1 || 2011758 || 3 || policy-violation || 0 || ET GAMES TrackMania Ad Report || url,www.trackmania.com || url,doc.emergingthreats.net/2011758
1 || 2011759 || 4 || web-application-activity || 0 || ET WEB_SERVER TIEHTTP User-Agent || url,www.torry.net/authorsmore.php?id=4292 || url,doc.emergingthreats.net/2011759
1 || 2011760 || 6 || bad-unknown || 0 || ET DELETED Likely FAKEAV scanner page encountered - i1000000.gif || url,doc.emergingthreats.net/2011760
1 || 2011761 || 2 || attempted-dos || 0 || ET DOS Possible MySQL ALTER DATABASE Denial Of Service Attempt || url,securitytracker.com/alerts/2010/Jun/1024160.html || url,dev.mysql.com/doc/refman/5.1/en/alter-database.html || cve,2010-2008 || url,doc.emergingthreats.net/2011761
1 || 2011763 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible Cisco PIX/ASA HTTP Web Interface HTTP Response Splitting Attempt || url,www.secureworks.com/ctu/advisories/SWRX-2010-001/ || url,tools.cisco.com/security/center/viewAlert.x?alertId=20737 || cve,2008-7257 || url,doc.emergingthreats.net/2011763
1 || 2011764 || 4 || attempted-user || 0 || ET WEB_CLIENT Possible Microsoft Internet Explorer mshtml.dll Timer ID Memory Pointer Information Disclosure Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=20815 || url,reversemode.com/index.php?option=com_content&task=view&id=68&Itemid=1 || url,doc.emergingthreats.net/2011764
1 || 2011765 || 3 || bad-unknown || 0 || ET POLICY eval(function(p a c k e d) JavaScript from nginx Detected - Likely Hostile || url,doc.emergingthreats.net/2011765
1 || 2011766 || 3 || attempted-recon || 0 || ET SCAN Modified Sipvicious User-Agent Detected (sundayddr) || url,honeynet.org.au/?q=sunday_scanner || url,code.google.com/p/sipvicious/ || url,blog.sipvicious.org/ || url,doc.emergingthreats.net/2011766
1 || 2011767 || 3 || attempted-dos || 0 || ET TROJAN Avzhan DDOS Bot Inbound Hardcoded Malformed GET Request Denial Of Service Attack Detected || url,asert.arbornetworks.com/2010/09/another-family-of-ddos-bots-avzhan/
1 || 2011768 || 6 || web-application-attack || 0 || ET WEB_SERVER PHP tags in HTTP POST || url,isc.sans.edu/diary.html?storyid=9478
1 || 2011769 || 5 || trojan-activity || 0 || ET TROJAN Shiz/Rohimafo Binary Download Request || url,www.symantec.com/business/security_response/writeup.jsp?docid=2010-041308-3301-99&tabid=2 || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab || url,doc.emergingthreats.net/2010793
1 || 2011791 || 4 || trojan-activity || 0 || ET TROJAN Shiz/Rohimafo Checkin || url,www.symantec.com/business/security_response/writeup.jsp?docid=2010-041308-3301-99&tabid=2 || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab || url,doc.emergingthreats.net/2010791
1 || 2011792 || 5 || trojan-activity || 0 || ET DELETED Shiz/Rohimafo Proxy Registration || url,www.symantec.com/business/security_response/writeup.jsp?docid=2010-041308-3301-99&tabid=2 || url,asert.arbornetworks.com/2010/09/shiz-and-rohimafo-malware-cousins/ || url,threatexpert.com/report.aspx?md5=3614d4f6527d512b61c27c4e213347a6 || url,threatexpert.com/report.aspx?md5=0bb4662b54f02c989edc520314fc20ea || url,threatexpert.com/report.aspx?md5=a671eb9979505119f4106a990c4ef7ab
1 || 2011794 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter DELETE FROM SQL Injection Attempt || bugtraq,41377
1 || 2011795 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Driveby Bredolab - client requesting java exploit
1 || 2011796 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Driveby Bredolab - landing page
1 || 2011797 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Driveby Bredolab - client exploited by acrobat
1 || 2011798 || 3 || trojan-activity || 0 || ET TROJAN carberp check in
1 || 2011799 || 7 || trojan-activity || 0 || ET TROJAN Carberp checkin task || url,www.trustdefender.com/blog/2010/10/06/carberp-%E2%80%93-a-new-trojan-in-the-making/ || url,www.honeynet.org/node/578 || url,www.symantec.com/security_response/writeup.jsp?docid=2010-101313-5632-99&tabid=2 || url,www.eset.com/threat-center/encyclopedia/threats/win32trojandownloadercarberpb || url,www.threatexpert.com/report.aspx?md5=31a4bc4e9a431d91dc0b368f4a76ee85 || url,www.threatexpert.com/report.aspx?md5=1d0d38dd63551a30eda664611ed4958b || url,www.threatexpert.com/report.aspx?md5=6f89b98729483839283d04b82055dc44 || url,www.threatexpert.com/report.aspx?md5=07d3fbb124ff39bd5c1045599f719e36
1 || 2011800 || 8 || trojan-activity || 0 || ET POLICY Abnormal User-Agent No space after colon - Likely Hostile
1 || 2011801 || 2 || web-application-attack || 0 || ET ACTIVEX AoA Audio Extractor ActiveX Control Buffer Overflow Attempt || url,exploit-db.com/exploits/14599/ || url,packetstormsecurity.org/1010-exploits/aoaae-rop.txt
1 || 2011802 || 3 || bad-unknown || 0 || ET DNS DNS Lookup for localhost.DOMAIN.TLD
1 || 2011803 || 5 || shellcode-detect || 0 || ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/
1 || 2011804 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible UDP x86 JMP to CALL Shellcode Detected || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/
1 || 2011806 || 4 || web-application-attack || 0 || ET WEB_SERVER ScriptResource.axd access without t (time) parameter - possible ASP padding-oracle exploit || url,netifera.com/research/ || url,www.microsoft.com/technet/security/advisory/2416728.mspx
1 || 2011807 || 6 || web-application-attack || 0 || ET WEB_SERVER WebResource.axd access without t (time) parameter - possible ASP padding-oracle exploit || url,netifera.com/research/ || url,www.microsoft.com/technet/security/advisory/2416728.mspx
1 || 2011808 || 3 || attempted-recon || 0 || ET SCAN Inspathx Path Disclosure Scanner User-Agent Detected || url,code.google.com/p/inspathx/ || url,www.darknet.org.uk/2010/09/inspathx-tool-for-finding-path-disclosure-vulnerabilities/
1 || 2011809 || 5 || attempted-recon || 0 || ET SCAN Inspathx Path Disclosure Scan || url,code.google.com/p/inspathx/ || url,www.darknet.org.uk/2010/09/inspathx-tool-for-finding-path-disclosure-vulnerabilities/
1 || 2011810 || 1 || bad-unknown || 0 || ET DELETED MALVERTISING redirect to eleonore exploit kit
1 || 2011811 || 3 || trojan-activity || 0 || ET DELETED ZeuS http client library detected
1 || 2011812 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SEO Exploit Kit - Landing Page
1 || 2011813 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS SEO Exploit Kit - client exploited
1 || 2011814 || 3 || bad-unknown || 0 || ET DELETED SEO Exploit Kit - client exploited by SMB
1 || 2011815 || 2 || bad-unknown || 0 || ET DELETED SEO Exploit Kit - client exploited by Acrobat
1 || 2011816 || 16 || trojan-activity || 0 || ET DELETED Zeus POST Request to CnC || url,www.secureworks.com/research/threats/zeus/?threat=zeus || url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html
1 || 2011817 || 3 || trojan-activity || 0 || ET DELETED Zeus GET Request to CnC
1 || 2011818 || 4 || trojan-activity || 0 || ET DELETED Zeus http client library detected
1 || 2011819 || 1 || bad-unknown || 0 || ET POLICY Zero Content-Length HTTP POST with data (outbound)
1 || 2011820 || 3 || trojan-activity || 0 || ET TROJAN Fake AV CnC Checkin cycle_report || url,www.threatexpert.com/report.aspx?md5=fa078834dd3b4c6604d12823a6f9f17e
1 || 2011821 || 1 || denial-of-service || 0 || ET CURRENT_EVENTS User-Agent used in known DDoS Attacks Detected outbound || url,www.linuxquestions.org/questions/linux-security-4/massive-ddos-need-advice-help-795298/
1 || 2011822 || 1 || denial-of-service || 0 || ET CURRENT_EVENTS User-Agent used in known DDoS Attacks Detected inbound || url,www.linuxquestions.org/questions/linux-security-4/massive-ddos-need-advice-help-795298/
1 || 2011823 || 1 || denial-of-service || 0 || ET CURRENT_EVENTS User-Agent used in known DDoS Attacks Detected outbound 2 || url,www.linuxquestions.org/questions/linux-security-4/massive-ddos-need-advice-help-795298/
1 || 2011824 || 2 || denial-of-service || 0 || ET CURRENT_EVENTS User-Agent used in known DDoS Attacks Detected inbound 2 || url,www.linuxquestions.org/questions/linux-security-4/massive-ddos-need-advice-help-795298/
1 || 2011825 || 9 || trojan-activity || 0 || ET TROJAN MUROFET/Licat Trojan || url,extraexploit.blogspot.com/2010/10/some-domains-for-licatmurofettrojanzbot.html
1 || 2011826 || 2 || web-application-attack || 0 || ET DELETED Pre Projects E-Smart Cart login.asp Arbitrary SQL Command Injection Attempt || url,juniper-federal.org/security/auto/vulnerabilities/vuln37418.html || url,exploit-db.com/exploits/14376
1 || 2011827 || 4 || trojan-activity || 0 || ET TROJAN Xilcter/Zeus related malware dropper reporting in
1 || 2011828 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 724CMS section.php Module Parameter Local File inclusion Attempt || url,packetstormsecurity.org/1005-exploits/724cms459-lfi.txt
1 || 2011829 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyOWNspace getfeed.php file Parameter Local File Inclusion Attempt(1) || url,inj3ct0r.com/exploits/12674
1 || 2011830 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MyOWNspace getfeed.php file Parameter Local File Inclusion Attempt(2) || url,inj3ct0r.com/exploits/12674
1 || 2011831 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMS Board site_path Parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/1010-exploits/cmsboard-rfi.txt
1 || 2011832 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter SELECT FROM SQL Injection Attempt || url,inj3ct0r.com/exploits/14205
1 || 2011833 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter DELETE FROM SQL Injection Attempt || url,inj3ct0r.com/exploits/14205
1 || 2011834 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter UNION SELECT SQL Injection Attempt || url,inj3ct0r.com/exploits/14205
1 || 2011835 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter UPDATE SET SQL Injection Attempt || url,inj3ct0r.com/exploits/14205
1 || 2011836 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter INSERT INTO SQL Injection Attempt || url,inj3ct0r.com/exploits/14205
1 || 2011837 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS A6MamboHelpDesk Admin.a6mambohelpdesk.php Remote File inclusion Attempt || bugtraq,19198 || cve,CVE-2006-3930
1 || 2011838 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.com/1010-exploits/phpfusionmguser-sql.txt
1 || 2011839 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.com/1010-exploits/phpfusionmguser-sql.txt
1 || 2011840 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.com/1010-exploits/phpfusionmguser-sql.txt
1 || 2011841 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.com/1010-exploits/phpfusionmguser-sql.txt
1 || 2011842 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.com/1010-exploits/phpfusionmguser-sql.txt
1 || 2011843 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BaconMap updatelist.php filepath Local File Inclusion Attempt || url,packetstormsecurity.com/1010-exploits/baconmap10-lfi.txt
1 || 2011844 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rwcards mosConfig_absolute_path Remote File Inclusion Attempt || url,packetstormsecurity.com/1010-exploits/joomlarwcards-rfi.txt
1 || 2011845 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Lantern CMS intPassedLocationID Parameter Cross Site Scripting Attempt || bugtraq,43865
1 || 2011846 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OrangeHRM uri Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/15232
1 || 2011847 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jomestate Parameter Remote File Inclusion Attempt || url,inj3ct0r.com/exploits/12835
1 || 2011848 || 5 || trojan-activity || 0 || ET TROJAN Win32/Comotor.A!dll Reporting 1 || url,threatexpert.com/report.aspx?md5=5e1c680e70e423dd02e31ab9d689e40b || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FComotor.A!dll&ThreatID=-2147346593
1 || 2011849 || 4 || trojan-activity || 0 || ET TROJAN Win32/Comotor.A!dll Reporting 2 || url,threatexpert.com/report.aspx?md5=5e1c680e70e423dd02e31ab9d689e40b || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FComotor.A!dll&ThreatID=-2147346593
1 || 2011850 || 4 || trojan-activity || 0 || ET TROJAN Carberp file download
1 || 2011851 || 7 || trojan-activity || 0 || ET TROJAN Carberp CnC Reply no tasks
1 || 2011852 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W-Agora search.php bn Parameter Cross Site Scripting Attempt || bugtraq,44370
1 || 2011853 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS W-Agora search.php bn Parameter Local File Inclusion Attempt || bugtraq,44370
1 || 2011854 || 3 || not-suspicious || 0 || ET POLICY Java JAR file download
1 || 2011855 || 2 || bad-unknown || 0 || ET POLICY Java JAR Download Attempt || url,blogs.technet.com/b/mmpc/archive/2010/10/18/have-you-checked-the-java.aspx
1 || 2011856 || 3 || trojan-activity || 0 || ET MALWARE HTML.Psyme.Gen Reporting || url,threatexpert.com/report.aspx?md5=de1adb1df396863e7e3967271e7db734
1 || 2011857 || 6 || trojan-activity || 0 || ET TROJAN SpyEye C&C Check-in URI || url,www.symantec.com/connect/blogs/spyeye-bot-versus-zeus-bot || url,krebsonsecurity.com/2010/10/spyeye-v-zeus-rivalry-ends-in-quiet-merger/
1 || 2011858 || 12 || trojan-activity || 0 || ET TROJAN Likely Hostile HTTP Header GET structure
1 || 2011860 || 2 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS Oracle Fusion Middleware BPEL Console Cross Site Scripting || bid,43954 || cve,2010-3581
1 || 2011861 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Bredolab CnC URL Detected || url,blog.fireeye.com/.a/6a00d835018afd53ef013488839529970c-pi
1 || 2011862 || 4 || trojan-activity || 0 || ET TROJAN Feodo Banking Trojan Account Details Post || url,blog.fireeye.com/research/2010/10/feodosoff-a-new-botnet-on-the-rise.html#more
1 || 2011863 || 5 || trojan-activity || 0 || ET DELETED Feodo Banking Trojan Receiving Configuration File || url,blog.fireeye.com/research/2010/10/feodosoff-a-new-botnet-on-the-rise.html
1 || 2011864 || 2 || attempted-user || 0 || ET WEB_CLIENT Possible Oracle Java APPLET Tag Children Property Memory Corruption Attempt || url,code.google.com/p/skylined/issues/detail?id=18 || url,www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
1 || 2011865 || 3 || bad-unknown || 0 || ET WEB_CLIENT Embedded Executable File in PDF - This Program Cannot Be Run in DOS Mode
1 || 2011866 || 4 || bad-unknown || 0 || ET WEB_CLIENT Suspicious Embedded Shockwave Flash In PDF
1 || 2011867 || 2 || attempted-user || 0 || ET ACTIVEX Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution Attempt || url,www.exploit-db.com/trend-micro-internet-security-pro-2010-activex-extsetowner-remote-code-execution/
1 || 2011868 || 3 || bad-unknown || 0 || ET WEB_CLIENT Possible Javascript obfuscation using app.setTimeOut in PDF in Order to Run Code || url,www.h-online.com/security/features/CSI-Internet-PDF-timebomb-1038864.html?page=4 || url,www.vicheck.ca/md5query.php?hash=6932d141916cd95e3acaa3952c7596e4
1 || 2011869 || 2 || web-application-attack || 0 || ET ACTIVEX Softek Barcode Reader Toolkit ActiveX Control Buffer Overflow Attempt || url,exploit-db.com/exploits/15071
1 || 2011870 || 2 || attempted-user || 0 || ET ACTIVEX Softek Barcode Reader Toolkit ActiveX Control Format String Function Call || url,exploit-db.com/exploits/15071/
1 || 2011871 || 1 || policy-violation || 0 || ET POLICY SubmitToTDWTF.asmx DailyWTF Potential Source Code Leakage || url,thedailywtf.com/Articles/Submit-WTF-Code-Directly-From-Your-IDE.aspx || url,code.google.com/p/submittotdwtf/source/browse/trunk/
1 || 2011872 || 3 || trojan-activity || 0 || ET MALWARE User-Agent (Gbot)
1 || 2011873 || 4 || trojan-activity || 0 || ET DELETED Suspicious HTTP GET to JPG with query string
1 || 2011874 || 3 || policy-violation || 0 || ET POLICY NSPlayer User-Agent Windows Media Player streaming detected || url,msdn.microsoft.com/en-us/library/cc234851
1 || 2011875 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/15309/
1 || 2011876 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/15309/
1 || 2011877 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/15309/
1 || 2011878 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/15309/
1 || 2011879 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/15309/
1 || 2011880 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpBazar picturelib.php Remote File inclusion Attempt || cve,CVE-2010-2315 || url,exploit-db.com/exploits/12855/
1 || 2011881 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Open Web Analytics mw_plugin.php IP Parameter Remote File inclusion Attempt || url,exploit-db.com/exploits/11903/
1 || 2011882 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Open Web Analytics owa_action Parameter Local File inclusion Attempt || url,exploit-db.com/exploits/11903/
1 || 2011883 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Open Web Analytics owa_do Parameter Local File inclusion Attempt || url,exploit-db.com/exploits/11903/
1 || 2011884 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iGaming CMS loadplugin.php load Parameter Local File inclusion Attempt || url,packetstormsecurity.org/1010-exploits/igamingcms-lfi.txt
1 || 2011886 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Webspell wCMS-Clanscript staticID Parameter SQL Injection Attempt || url,exploit-db.com/exploits/15152/
1 || 2011887 || 1 || attempted-recon || 0 || ET SCAN Medusa User-Agent || url,www.foofus.net/~jmk/medusa/medusa.html
1 || 2011889 || 5 || attempted-user || 0 || ET DELETED HP Data Protector Media Operations SignInName Parameter Overflow || url,elotrolad0.blogspot.com/2010/10/hp-data-protector-media-operations-611_23.html || url,securitytracker.com/id?1024634
1 || 2011890 || 7 || trojan-activity || 0 || ET DELETED Potential TDSS HTTP Library GET
1 || 2011891 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Possible Microsoft Internet Explorer CSS Tags Remote Code Execution Attempt || bid,44536 || cve,2010-3962
1 || 2011892 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Microsoft IE CSS Clip Attribute Memory Corruption (POC SPECIFIC) || url,extraexploit.blogspot.com/2010/11/cve-2010-3962-yet-another-internet.html || url,www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks || url,blog.fireeye.com/research/2010/11/ie-0-day-hupigon-joins-the-party.html || url,www.offensive-security.com/0day/ie-0day.txt || url,www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms10_xxx_ie_css_clip.rb
1 || 2011893 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Firefox Interleaving document.write and appendChild Overflow (POC SPECIFIC) || url,bugzilla.mozilla.org/show_bug.cgi?id=607222 || url,blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
1 || 2011894 || 16 || trojan-activity || 0 || ET TROJAN TDSS/TDL/Alureon MBR rootkit Checkin
1 || 2011895 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Driveby leads to exploits aaitsol1/networks.php
1 || 2011896 || 2 || bad-unknown || 0 || ET DELETED ZBot sp107fb/photo.exe
1 || 2011897 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS vb exploits / trojan vietshow
1 || 2011898 || 1 || bad-unknown || 0 || ET DELETED Rogue antivirus downloader x/l.php?id=RdxUVjSVVKicADPtx=6666os=5.1n=1
1 || 2011899 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Trojan perflogger ~duydati/inst_PCvw.exe
1 || 2011900 || 1 || bad-unknown || 0 || ET DELETED Trojandropper dunik!rts xxx/download7/21/install_flash_player.exe
1 || 2011901 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Hacked server to exploits ~rio1/admin/login.php
1 || 2011902 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Phishing ~mbscom/moneybookers/app/login/login.html
1 || 2011903 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS iframe Phoenix Exploit & ZBot vt073pd/photo.exe
1 || 2011904 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS fast flux rogue antivirus download.php?id=2004
1 || 2011905 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS exploit kit x/index.php?s=dexc
1 || 2011906 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS exploit kit x/load/svchost.exe
1 || 2011907 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS exploit kit x/l.php?s=dexc
1 || 2011908 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS exploit kit x/exe.php?x=mdac
1 || 2011909 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS trojan renos Flash.HD.exe
1 || 2011910 || 6 || attempted-user || 0 || ET WEB_CLIENT Possible Adobe Reader 9.4 this.printSeps Memory Corruption Attempt || bid,44638 || cve,2010-4091
1 || 2011911 || 2 || bad-unknown || 0 || ET DNS Hiloti DNS CnC Channel Successful Install Message || url,sign.kaffenews.com/?p=104 || url,blog.fortinet.com/hiloti-the-botmaster-of-disguise/
1 || 2011912 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Fake AV Checkin
1 || 2011914 || 1 || attempted-recon || 0 || ET SCAN DirBuster Scan in Progress || url,www.owasp.org/index.php/Category%3aOWASP_DirBuster_Project
1 || 2011915 || 1 || attempted-recon || 0 || ET SCAN DotDotPwn User-Agent || url,dotdotpwn.sectester.net
1 || 2011916 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SEO/Malvertising Executable Landing exe2.php
1 || 2011917 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV Gemini - JavaScript Redirection To Scanning Page
1 || 2011918 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV Gemini - JavaScript Redirection To FakeAV Binary
1 || 2011919 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FAKEAV Gemini - packupdate*.exe download
1 || 2011920 || 4 || bad-unknown || 0 || ET DELETED FAKEAV CryptMEN - 302 Redirect
1 || 2011921 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV CryptMEN - Landing Page Download Contains .hdd_icon
1 || 2011922 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS FAKEAV CryptMEN - Random Named DeObfuscation JavaScript File Download
1 || 2011923 || 6 || trojan-activity || 0 || ET DELETED FAKEAV CryptMEN inst.exe Payload Download
1 || 2011924 || 2 || web-application-attack || 0 || ET SCAN Havij SQL Injection Tool User-Agent Outbound || url,itsecteam.com/en/projects/project1.htm
1 || 2011925 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Rogue AV Downloader concat URI || url,malwareurl.com
1 || 2011926 || 5 || trojan-activity || 0 || ET TROJAN X-Tag Zeus Mitmo user agent || url,eternal-todo.com/blog/thoughts-facts-zeus-mitmo
1 || 2011927 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SiteloomCMS mailform_1 variable Cross Site Scripting Attempt || url,packetstormsecurity.org/1008-exploits/siteloomcms-xss.txt
1 || 2011928 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TFTgallery adminlangfile Parameter Local File inclusion Attempt || url,exploit-db.com/exploits/15345/
1 || 2011929 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_banners banners.class.php Remote File inclusion Attempt || url,packetstormsecurity.org/1010-exploits/joomlabanners-rfi.txt
1 || 2011930 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php SELECT FROM SQL Injection Attempt || url,inj3ct0r.com/exploits/14090
1 || 2011931 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php DELETE FROM SQL Injection Attempt || url,inj3ct0r.com/exploits/14090
1 || 2011932 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php UNION SELECT SQL Injection Attempt || url,inj3ct0r.com/exploits/14090
1 || 2011933 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php INSERT INTO SQL Injection Attempt || url,inj3ct0r.com/exploits/14090
1 || 2011934 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php UPDATE SET SQL Injection Attempt || url,inj3ct0r.com/exploits/14090
1 || 2011935 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component joomlaXplorer admin.joomlaxplorer.php File Inclusion Attempt || url,packetstormsecurity.org/1011-exploits/joomlaxplorer-rfi.txt
1 || 2011936 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dolphin BxDolGzip.php file Disclosure Attempt || url,secunia.com/advisories/42108 || url,exploit-db.com/exploits/15400/
1 || 2011938 || 5 || trojan-activity || 0 || ET MALWARE CryptMEN HTTP library purporting to be MSIE to PHP HTTP 1.0
1 || 2011939 || 7 || trojan-activity || 0 || ET MALWARE CryptMEN HTTP library purporting to be MSIE to PHP HTTP 1.1
1 || 2011940 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PossibleFreeNAS exec_raw.php Arbitrary Command Execution Attempt || bid,44974
1 || 2011941 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Open Source Support Ticket System module.php Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/95646/osticket-lfi.txt
1 || 2011942 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Vodpod Video Gallery Plugin gid Cross-Site Scripting Attempt || url,secunia.com/advisories/42195
1 || 2011943 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GeekLog filemgt SELECT FROM SQL Injection Attempt || url,securityreason.com/exploitalert/9145
1 || 2011944 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GeekLog filemgt DELETE FROM SQL Injection Attempt || url,securityreason.com/exploitalert/9145
1 || 2011945 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GeekLog filemgt UNION SELECT SQL Injection Attempt || url,securityreason.com/exploitalert/9145
1 || 2011946 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GeekLog filemgt INSERT INTO SQL Injection Attempt || url,securityreason.com/exploitalert/9145
1 || 2011947 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GeekLog filemgt UPDATE SET SQL Injection Attempt || url,securityreason.com/exploitalert/9145
1 || 2011948 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AWCM window_top.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15510/
1 || 2011949 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AWCM common.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15510/
1 || 2011950 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AWCM header.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15510/
1 || 2011951 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY SEO Client Exploited By SMB/JavaWebStart
1 || 2011952 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY SEO Client Exploited By PDF
1 || 2011953 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Client Requesting Malicious jjar.jar
1 || 2011954 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Client Requesting Malicious loadjjar.php
1 || 2011955 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Client Requesting Malicious lib.pdf
1 || 2011956 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Client Requesting Malicious loadpeers.php
1 || 2011957 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Landing Page Encountered
1 || 2011958 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Obfuscated JavaScript desttable
1 || 2011959 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SEO Obfuscated JavaScript srctable
1 || 2011960 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING SEO iframe redirect to drive by
1 || 2011961 || 4 || bad-unknown || 0 || ET DELETED MALVERTISING SEO iframe redirect to drive by 2
1 || 2011962 || 1 || bad-unknown || 0 || ET DELETED FAKEAV client requesting fake scanner page
1 || 2011966 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan downloader (AS8514) || url,www.malwareurl.com/listing.php?domain=1001jimm.ru
1 || 2011967 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan Zbot (AS9121) || url,www.malwareurl.com/listing.php?domain=19eylulmusikicemiyeti.com
1 || 2011968 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan Banker (AS33182) || url,www.malwareurl.com/listing.php?domain=allmobilefashion.com
1 || 2011969 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Ponmocup C2 Post-infection Checkin
1 || 2011970 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS SWF served from /tmp/ 
1 || 2011972 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS PDF served from /tmp/ could be Phoenix Exploit Kit
1 || 2011973 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS JAR served from /tmp/ could be Phoenix Exploit Kit
1 || 2011974 || 3 || attempted-recon || 0 || ET SCAN Metasploit WMAP GET len 0 and type
1 || 2011975 || 2 || attempted-recon || 0 || ET SCAN RatProxy in-use
1 || 2011976 || 1 || attempted-dos || 0 || ET SCADA RealWin SCADA System Buffer Overflow || url,www.exploit-db.com/exploits/15337/
1 || 2011978 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING Alureon JavaScript IFRAME Redirect
1 || 2011979 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS FedEX Spam Inbound
1 || 2011980 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Ircbrute Trojan || url,www.malwareurl.com/listing.php?domain=egyboys.net
1 || 2011981 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Eleonore Exploit Pack / Trojan Brebolab || url,www.malwareurl.com/listing.php?domain=media-download-kb572810.biz
1 || 2011982 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Trojan Ransom.AM || url,www.malwareurl.com/listing.php?domain=newpornmov.info
1 || 2011983 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Fast Flux Trojan || url,www.malwareurl.com/listing.php?domain=mediafilesonline.net
1 || 2011984 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Fast Flux Rogue Antivirus MalvRem || url,www.malwareurl.com/listing.php?domain=giga-protectiona.com || url,www.malwareurl.com/listing.php?domain=protectsystemf.com || url,www.malwareurl.com/listing.php?domain=1cnetantispy.com || url,www.malwareurl.com/listing.php?domain=3gb-scanner.com
1 || 2011985 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Fast Flux Rogue Antivirus avdistr || url,www.malwareurl.com/listing.php?domain=giga-protectiona.com || url,www.malwareurl.com/listing.php?domain=protectsystemf.com || url,www.malwareurl.com/listing.php?domain=1cnetantispy.com || url,www.malwareurl.com/listing.php?domain=3gb-scanner.com
1 || 2011986 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Fast Flux Rogue Antivirus RunAV || url,www.malwareurl.com/listing.php?domain=giga-protectiona.com || url,www.malwareurl.com/listing.php?domain=protectsystemf.com || url,www.malwareurl.com/listing.php?domain=1cnetantispy.com || url,www.malwareurl.com/listing.php?domain=3gb-scanner.com
1 || 2011987 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Softbiz Article Directory Script sbiz_id Parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/14910/
1 || 2011988 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Phoenix-style Exploit Kit Java Request with semicolon in URI
1 || 2011989 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Fast Flux Trojan (adobe-flash.v.) || url,www.malwareurl.com/listing.php?domain=realmultimediaonline.com
1 || 2011990 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Rogue AV (installer.xxxx.exe) || url,www.malwareurl.com/listing.php?domain=scripttoscan.co.cc
1 || 2011991 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FAKEAV Gemini systempack exe download
1 || 2011992 || 3 || trojan-activity || 0 || ET DELETED Possible ProFTPD Backdoor Initiate Attempt || url,xorl.wordpress.com/2010/12/02/news-proftpd-owned-and-backdoored/ || url, sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org || url,slashdot.org/story/10/12/02/131214/ProFTPDorg-Compromised-Backdoor-Distributed
1 || 2011993 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS ProFTPD Backdoor outbound Request Sent || url,slashdot.org/story/10/12/02/131214/ProFTPDorg-Compromised-Backdoor-Distributed || url,xorl.wordpress.com/2010/12/02/news-proftpd-owned-and-backdoored/ || url, sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org
1 || 2011994 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS ProFTPD Backdoor Inbound Backdoor Open Request (ACIDBITCHEZ) || url,slashdot.org/story/10/12/02/131214/ProFTPDorg-Compromised-Backdoor-Distributed || url,xorl.wordpress.com/2010/12/02/news-proftpd-owned-and-backdoored/ || url, sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org
1 || 2011995 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS invoice.scr download most likely a TROJAN
1 || 2011996 || 11 || trojan-activity || 0 || ET TROJAN Darkness DDoS Bot Checkin || url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20101205 || url,ef.kaffenews.com/?p=833 || url,www.threatexpert.com/report.aspx?md5=55edeb8742f0c38aaa3d984eb4205c68 || url,www.threatexpert.com/report.aspx?md5=60c84bb1ca03f80ca385f16946322440 || url,www.threatexpert.com/report.aspx?md5=7fcebf5bd67cede35d08bedd683e3524 || url,www.threatexpert.com/report.aspx?md5=778113cc4e758ed65de0123bb79cbd1f
1 || 2011999 || 6 || trojan-activity || 0 || ET TROJAN Trojan.Spy.YEK MAC and IP POST || url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20101115
1 || 2012000 || 3 || trojan-activity || 0 || ET MALWARE ASKTOOLBAR.DLL Reporting || url,threatexpert.com/report.aspx?md5=3f6413475b1466964498c8450de4062f
1 || 2012001 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS digiSHOP cart.php SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/15405/
1 || 2012002 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS digiSHOP cart.php DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/15405/
1 || 2012003 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS digiSHOP cart.php UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/15405/
1 || 2012004 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS digiSHOP cart.php INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/15405/
1 || 2012005 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS digiSHOP cart.php UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/15405/
1 || 2012006 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MassMirror Uploader example_1.php Remote File Inclusion attempt || url,exploit-db.com/exploits/15441/
1 || 2012007 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCow skin_file Parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/1011-exploits/phpcow-rfilfi.txt
1 || 2012008 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpCow skin_file Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/1011-exploits/phpcow-rfilfi.txt
1 || 2012009 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress FeedList Plugin i Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/42197/ || url,johnleitch.net/Vulnerabilities/WordPress.Feed.List.2.61.01.Reflected.Cross-site.Scripting/56
1 || 2012010 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zen Cart loader_file Parameter Local File Inclusion Attempt || url,secunia.com/advisories/42101/
1 || 2012011 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde IMP fetchmailprefs.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/94299/hordeimp-xss.txt
1 || 2012012 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS The Uploader download_launch.php Remote File Disclosure Attempt || url,exploit-db.com/exploits/13966/
1 || 2012013 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Component com_smf smf.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/view/95510/mambosmf-rfi.txt
1 || 2012014 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Jimtawl Component task Parameter Local File Inclusion Attempt || url,expbase.com/WebApps/13388.html || url,secunia.com/advisories/42324/
1 || 2012015 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebRCSdiff viewver.php File Inclusion Attempt || url,expbase.com/WebApps/13387.html || url,xforce.iss.net/xforce/xfdb/63343
1 || 2012016 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter SELECT FROM SQL Injection Attempt || url,expbase.com/WebApps/13391.html || url,secunia.com/advisories/42330/
1 || 2012017 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter DELETE FROM SQL Injection Attempt || url,expbase.com/WebApps/13391.html || url,secunia.com/advisories/42330/
1 || 2012018 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter UNION SELECT SQL Injection Attempt || url,expbase.com/WebApps/13391.html || url,secunia.com/advisories/42330/
1 || 2012019 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter INSERT INTO SQL Injection Attempt || url,expbase.com/WebApps/13391.html || url,secunia.com/advisories/42330/
1 || 2012020 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter UPDATE SET SQL Injection Attempt || url,expbase.com/WebApps/13391.html || url,secunia.com/advisories/42330/
1 || 2012021 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jSchool Advanced id_gallery Parameter SQL Injection Attempt || url,exploit-db.com/exploits/15595/ || url,secunia.com/advisories/42334/
1 || 2012022 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Community Builder Enhenced Component Local File Inclusion Attempt || url,exploit-db.com/exploits/15222/
1 || 2012023 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ZyXEL P-660R-T1 HomeCurrent_Date Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/42344/ || url,archives.neohapsis.com/archives/bugtraq/2010-11/0190.html
1 || 2012024 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Gbook MX newlangsel Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/10986/
1 || 2012025 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Seo Panel file Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/95644/seopanel-disclose.txt
1 || 2012026 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/15526/
1 || 2012027 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/15526/
1 || 2012028 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/15526/
1 || 2012029 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/15526/
1 || 2012030 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/15526/
1 || 2012031 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Abtp Portal Project skel_null.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15711/
1 || 2012032 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Abtp Portal Project skel_null.php Local File Inclusion Attempt || url,exploit-db.com/exploits/15711/
1 || 2012033 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS N-13 News default_login_language Parameter Local File Inclusion Attempt || url,secunia.com/advisories/39144/ || url,1337db.com/exploits/11446
1 || 2012034 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia artid Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/15006/
1 || 2012035 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia artid Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/15006/
1 || 2012036 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia artid Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/15006/
1 || 2012037 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia artid Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/15006/
1 || 2012038 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eNdonesia artid Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/15006/
1 || 2012039 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Car Portal car Parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/15135/
1 || 2012040 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Contenido idart Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/42440/
1 || 2012041 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of String.fromCharCode % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012042 || 4 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of String.fromCharCode %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012043 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of charCodeAt % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012044 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of charCodeAt %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012045 || 4 || attempted-admin || 0 || ET EXPLOIT VMware Tools Update OS Command Injection Attempt || url,www.exploit-db.com/exploits/15717/ || cve,2010-4297
1 || 2012046 || 3 || web-application-attack || 0 || ET DELETED Android Use-After-Free Remote Code Execution on Webkit || url,exploit-db.com/exploits/15548/
1 || 2012048 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Outbound Low Orbit Ion Cannon LOIC Tool Internal User May Be Participating in DDOS || url,www.isc.sans.org/diary.html?storyid=10051
1 || 2012049 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Inbound Low Orbit Ion Cannon LOIC DDOS Tool desu string || url,www.isc.sans.org/diary.html?storyid=10051
1 || 2012050 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Outbound Low Orbit Ion Cannon LOIC Tool Internal User May Be Participating in DDOS desu string || url,www.isc.sans.org/diary.html?storyid=10051
1 || 2012052 || 1 || misc-attack || 0 || ET WEB_CLIENT Winzip 15.0 WZFLDVW.OCX IconIndex Property Denial of Service || url,www.exploit-db.com/exploits/15695/
1 || 2012053 || 1 || misc-attack || 0 || ET WEB_CLIENT Winzip 15.0 WZFLDVW.OCX Text Property Denial of Service || url,www.exploit-db.com/exploits/15694/
1 || 2012054 || 3 || attempted-admin || 0 || ET SMTP Potential Exim HeaderX with run exploit attempt || url,www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html || url,eclists.org/fulldisclosure/2010/Dec/221
1 || 2012055 || 2 || attempted-recon || 0 || ET EXPLOIT JDownloader Webinterface Source Code Disclosure || url,packetstormsecurity.org/files/view/96126/jdownloader-disclose.txt
1 || 2012056 || 2 || attempted-dos || 0 || ET WEB_CLIENT Flash Player Flash6.ocx AllowScriptAccess Denial of Service || url,www.exploit-db.com/exploits/15698/
1 || 2012057 || 2 || attempted-recon || 0 || ET EXPLOIT VMware 2 Web Server Directory Traversal || url,www.exploit-db.com/exploits/15617/
1 || 2012058 || 1 || misc-attack || 0 || ET EXPLOIT HP LaserJet PLJ Interface Directory Traversal || url,www.exploit-db.com/exploits/15631/ || bugtraq,44882 || cve,2010-4107
1 || 2012059 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of document.write % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012060 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of document.write %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012061 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of arguments.callee % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012062 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of arguments.callee %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012063 || 1 || attempted-user || 0 || ET NETBIOS Microsoft SRV2.SYS SMB Negotiate ProcessID Function Table Dereference || url,www.exploit-db.com/exploits/14674/ || url,www.microsoft.com/technet/security/bulletin/ms09-050.mspx || cve,2009-3103
1 || 2012064 || 4 || attempted-user || 0 || ET WEB_CLIENT Foxit PDF Reader Title Stack Overflow || url,www.exploit-db.com/exploits/15532/
1 || 2012065 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aigaion ID Parameter UNION SELECT SQL Injection Attempt || url,secunia.com/advisories/42463/ || url,securityreason.com/securityalert/7955
1 || 2012066 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aigaion ID Parameter INSERT INTO SQL Injection Attempt || url,secunia.com/advisories/42463/ || url,securityreason.com/securityalert/7955
1 || 2012068 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Profi Einzelgebots Auktions System auktion_text.php Blind SQL Injection Attempt || url,exploit-db.com/exploits/12005/
1 || 2012069 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MantisBT db_type Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/15736/ || url,secunia.com/advisories/42597/
1 || 2012070 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MantisBT db_type Parameter Cross Site Scripting Attempt || url,exploit-db.com/exploits/15735/ || url,secunia.com/advisories/42597/
1 || 2012071 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Google Urchin session.cgi Local File Inclusion Attempt || url,exploit-db.com/exploits/15737/
1 || 2012072 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Safe Search Plugin v1 Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/42544
1 || 2012073 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aigaion ID Parameter SELECT FROM SQL Injection Attempt || url,secunia.com/advisories/42463/ || url,securityreason.com/securityalert/7955
1 || 2012074 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Aigaion ID Parameter DELETE FROM SQL Injection Attempt || url,secunia.com/advisories/42463/ || url,securityreason.com/securityalert/7955
1 || 2012075 || 2 || attempted-user || 0 || ET WEB_CLIENT Possible Internet Explorer CSS Parser Remote Code Execution Attempt || url,seclists.org/fulldisclosure/2010/Dec/110 || url,www.breakingpointsystems.com/community/blog/ie-vulnerability/ || url,seclists.org/fulldisclosure/2010/Dec/110 || url,www.breakingpointsystems.com/community/blog/ie-vulnerability/ || url,www.microsoft.com/technet/security/advisory/2488013.mspx || bid,45246 || cve,2010-3971
1 || 2012076 || 2 || trojan-activity || 0 || ET TROJAN Win32.Krap.ar Infection URL Request || url,www.threatexpert.com/report.aspx?md5=df29b9866397fd311a5259c5d4bc00dd
1 || 2012077 || 2 || attempted-recon || 0 || ET SCAN Goatzapszu Header from unknown Scanning Tool
1 || 2012078 || 5 || policy-violation || 0 || ET POLICY Windows-Based OpenSSL Tunnel Outbound || url,www.stunnel.org/download/binaries.html
1 || 2012079 || 4 || policy-violation || 0 || ET POLICY Windows-Based OpenSSL Tunnel Connection Outbound 2 || url,www.stunnel.org/download/binaries.html
1 || 2012080 || 4 || policy-violation || 0 || ET POLICY Windows-Based OpenSSL Tunnel Connection Outbound 3 || url,www.stunnel.org/download/binaries.html
1 || 2012081 || 4 || trojan-activity || 0 || ET DELETED Possible Bozvanovna Zeus Campaign Config File URL || url,www.abuse.ch/?p=2986
1 || 2012082 || 3 || trojan-activity || 0 || ET DELETED Possible Bozvanovna Zeus Campaign Binary File URL || url,www.abuse.ch/?p=2986
1 || 2012083 || 1 || trojan-activity || 0 || ET DELETED Possible Bozvanovna Zeus Campaign SSL Certificate || url,www.abuse.ch/?p=2986
1 || 2012084 || 2 || attempted-user || 0 || ET NETBIOS Microsoft Windows SMB Client Race Condition Remote Code Execution || url,www.exploit-db.com/exploits/12258/ || cve,2010-0017 || bid,38100 || url,www.microsoft.com/technet/security/Bulletin/MS10-006.mspx
1 || 2012085 || 2 || not-suspicious || 0 || ET WEB_CLIENT Oracle Java 6 Object Tag launchjnlp docbase Parameters Flowbits Set
1 || 2012086 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset TCP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/
1 || 2012087 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset UDP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/
1 || 2012088 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset TCP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/
1 || 2012089 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset TCP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/
1 || 2012090 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset TCP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/
1 || 2012091 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset UDP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/
1 || 2012092 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset TCP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/
1 || 2012093 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible Call with No Offset UDP Shellcode || url,www.networkforensics.com/2010/05/16/network-detection-of-x86-buffer-overflow-shellcode/
1 || 2012094 || 2 || attempted-user || 0 || ET NETBIOS SMB Trans2 Query_Fs_Attribute_Info SrvSmbQueryFsInformation Pool Buffer Overflow || url,www.exploit-db.com/exploits/14607/ || url,seclists.org/fulldisclosure/2010/Aug/122 || cve,2010-2550 || bid,42224 || url,www.microsoft.com/technet/security/Bulletin/MS10-054.mspx
1 || 2012096 || 1 || attempted-user || 0 || ET SCADA DATAC RealWin SCADA Server Buffer Overflow || url,www.securityfocus.com/bid/31418 || cve,2008-4322 || url,secunia.com/advisories/32055
1 || 2012099 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component Billy Portfolio catid Parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/15721/
1 || 2012100 || 4 || attempted-user || 0 || ET WEB_CLIENT Oracle Java 6 Object Tag launchjnlp docbase Parameters Buffer Overflow || url,www.exploit-db.com/exploits/15241/ || cve,2010-3552 || bid,44023
1 || 2012101 || 2 || attempted-user || 0 || ET EXPLOIT Oracle Virtual Server Agent Command Injection Attempt || url,exploit-db.com/exploits/15244/
1 || 2012102 || 4 || attempted-user || 0 || ET ACTIVEX Image Viewer CP Gold Image2PDF Buffer Overflow || url,www.exploit-db.com/exploits/15658/
1 || 2012103 || 5 || web-application-attack || 0 || ET EXPLOIT D-Link bsc_wlan.php Security Bypass || url,packetstormsecurity.org/files/view/96100/dlinkwlan-bypass.txt
1 || 2012104 || 4 || trojan-activity || 0 || ET MALWARE User-Agent (AdVantage) || url,www.siteadvisor.com/sites/config.poweredbyadvantage.com
1 || 2012105 || 3 || trojan-activity || 0 || ET MALWARE AdVantage Malware URL Infection Report || url,www.siteadvisor.com/sites/config.poweredbyadvantage.com
1 || 2012106 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of arguments.callee %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012107 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of document.write %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012108 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of charCodeAt %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012109 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of String.fromCharCode %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012110 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible UTF-8 %u90 NOP SLED || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.windowsecurity.com/articles/Obfuscated-Shellcode-Part1.html
1 || 2012111 || 4 || shellcode-detect || 0 || ET SHELLCODE Possible UTF-16 %u9090 NOP SLED || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.windowsecurity.com/articles/Obfuscated-Shellcode-Part1.html
1 || 2012112 || 4 || shellcode-detect || 0 || ET SHELLCODE Possible Encoded %90 NOP SLED || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.windowsecurity.com/articles/Obfuscated-Shellcode-Part1.html
1 || 2012113 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan.BackDoor-DRV.gen.c Reporting-1 || url,threatexpert.com/report.aspx?md5=d5ff6df296c068fcc0ddd303984fa6b9 || url,support.clean-mx.de/clean-mx/viruses.php?domain=wyunion.com&sort=first desc
1 || 2012114 || 3 || trojan-activity || 0 || ET TROJAN Trojan.BackDoor-DRV.gen.c Reporting-2 || url,threatexpert.com/report.aspx?md5=d5ff6df296c068fcc0ddd303984fa6b9 || url,support.clean-mx.de/clean-mx/viruses.php?domain=wyunion.com&sort=first desc
1 || 2012115 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query for a Suspicious Malware Related Numerical .in Domain || url,sign.kaffenews.com/?p=104 || url,www.isc.sans.org/diary.html?storyid=10165
1 || 2012116 || 4 || attempted-recon || 0 || ET WEB_SERVER DD-WRT Information Disclosure Attempt || url,www.exploit-db.com/exploits/15842/
1 || 2012117 || 2 || successful-recon-limited || 0 || ET WEB_SERVER Successful DD-WRT Information Disclosure || url,www.exploit-db.com/exploits/15842/
1 || 2012118 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS http string in hex Likely Obfuscated Exploit Redirect
1 || 2012119 || 3 || bad-unknown || 0 || ET WEB_CLIENT Possible Hex Obfuscation Usage On Webpage || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,cansecwest.com/slides07/csw07-nazario.pdf
1 || 2012120 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Usage of Actionscript ByteArray writeByte Function to Build Shellcode || url,blog.fireeye.com/research/2009/07/actionscript_heap_spray.html
1 || 2012121 || 1 || attempted-user || 0 || ET DELETED Adobe Reader and Acrobat U3D File Invalid Array Index Remote Code Execution Attempt || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=827 || url,www.adobe.com/support/security/bulletins/apsb09-15.html || bid,36638 || cve,2009-2990
1 || 2012122 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-1 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012122
1 || 2012123 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-2 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012123
1 || 2012124 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-3 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012124
1 || 2012125 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-4 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012125
1 || 2012126 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-5 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012126
1 || 2012127 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-6 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012127
1 || 2012128 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-7 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012128
1 || 2012129 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MaticMarket modulename Parameter Local File Inclusion Attempt-8 || url,exploit-db.com/exploits/15783/ || url,doc.emergingthreats.net/2012129
1 || 2012130 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS myBloggie mybloggie_root_path Parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/view/96805/mybloggie216-rfi.txt || url,doc.emergingthreats.net/2012130
1 || 2012131 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Seyret Video com_seyret Component Blind SQL Injection Attempt || url,exploit-db.com/exploits/14172/ || url,doc.emergingthreats.net/2012131
1 || 2012132 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS p2pshare.org Malware Related Activity
1 || 2012133 || 4 || attempted-user || 0 || ET ACTIVEX FathFTP 1.8 EnumFiles Method ActiveX Buffer Overflow || url,www.exploit-db.com/exploits/14552/
1 || 2012134 || 4 || attempted-user || 0 || ET ACTIVEX SigPlus Pro 3.74 ActiveX LCDWriteString Method Remote Buffer Overflow || cve,2010-2931 || url,www.exploit-db.com/exploits/14514/
1 || 2012135 || 3 || attempted-user || 0 || ET SMTP IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow Attempt || url,www.exploit-db.com/exploits/15005/ || cve,2010-3407
1 || 2012136 || 9 || trojan-activity || 0 || ET TROJAN Waledac 2.0/Storm Worm 3.0 GET request detected
1 || 2012137 || 5 || trojan-activity || 0 || ET TROJAN Storm/Waledac 3.0 Checkin 1
1 || 2012139 || 8 || trojan-activity || 0 || ET TROJAN Storm/Waledac 3.0 Checkin 2
1 || 2012140 || 5 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan Command and Control Communication || url,www.isc.sans.org/diary.html?storyid=10186
1 || 2012141 || 2 || policy-violation || 0 || ET POLICY Protocol 41 IPv6 encapsulation potential 6in4 IPv6 tunnel active || url,en.wikipedia.org/wiki/6in4
1 || 2012142 || 2 || not-suspicious || 0 || ET WEB_CLIENT AVI RIFF Chunk Access Flowbit Set
1 || 2012143 || 3 || attempted-user || 0 || ET WEB_CLIENT Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow || cve,2010-0480 || url,www.exploit-db.com/moaub-5-microsoft-mpeg-layer-3-audio-stack-based-overflow/ || url,www.exploit-db.com/exploits/14895/ || url,www.microsoft.com/technet/security/Bulletin/MS10-026.mspx
1 || 2012144 || 3 || bad-unknown || 0 || ET DELETED Possible Malware Related Numerical .co Domain Lookup || url,sign.kaffenews.com/?p=104 || url,www.isc.sans.org/diary.html?storyid=10165
1 || 2012145 || 4 || attempted-user || 0 || ET ACTIVEX Netcraft Toolbar Remote Code Execution || url,www.exploit-db.com/exploits/15600
1 || 2012146 || 8 || attempted-user || 0 || ET ACTIVEX ImageShack Toolbar Remote Code Execution || url,www.exploit-db.com/exploits/15601
1 || 2012147 || 7 || attempted-user || 0 || ET ACTIVEX Advanced File Vault Activex Heap Spray Attempt || url,www.exploit-db.com/exploits/14580/
1 || 2012148 || 6 || attempted-user || 0 || ET ACTIVEX dBpowerAMP Audio Player 2 FileExists Method ActiveX Buffer Overflow || url,www.exploit-db.com/exploits/14586/
1 || 2012149 || 4 || attempted-admin || 0 || ET WEB_CLIENT MS10-090 IE CSS Exploit Metasploit POC Specific Unicoded || cve,CVE-2010-3971 || url,breakingpointsystems.com/community/blog/ie-vulnerability/ || bid,45246
1 || 2012150 || 2 || attempted-dos || 0 || ET WEB_SERVER PHP Large Subnormal Double Precision Floating Point Number PHP DoS in URI || url,bugs.php.net/bug.php?id=53632
1 || 2012151 || 1 || attempted-dos || 0 || ET WEB_SERVER PHP Large Subnormal Double Precision Floating Point Number PHP DoS Inbound || url,bugs.php.net/bug.php?id=53632
1 || 2012152 || 2 || not-suspicious || 0 || ET WEB_CLIENT DXF Extension File Detection Access Flowbit Set
1 || 2012153 || 3 || attempted-user || 0 || ET WEB_CLIENT Microsoft Office Visio DXF File Processing Remote Code Execution || url,www.exploit-db.com/moaub-8-microsoft-office-visio-dxf-file-stack-overflow || url,www.exploit-db.com/exploits/14944/ || cve,2010-1681 || url,www.microsoft.com/technet/security/bulletin/ms10-028.mspx || bid,39836
1 || 2012154 || 2 || attempted-user || 0 || ET EXPLOIT Wireshark ENTTEC DMX Data Processing Code Execution Attempt 1 || url,www.exploit-db.com/exploits/15898/ || bid,45634
1 || 2012155 || 2 || attempted-user || 0 || ET EXPLOIT Wireshark ENTTEC DMX Data Processing Code Execution Attempt 2 || url,www.exploit-db.com/exploits/15898/ || bid,45634
1 || 2012156 || 1 || attempted-user || 0 || ET WEB_CLIENT Possible Adobe Reader 9.4 doc.printSeps Memory Corruption Attempt || bid,44638 || cve,2010-4091
1 || 2012157 || 2 || attempted-user || 0 || ET ACTIVEX Possible Microsoft WMI Administration Tools WEBSingleView.ocx ActiveX Buffer Overflow Attempt Function Call || url,xcon.xfocus.net/XCon2010_ChenXie_EN.pdf || url,wooyun.org/bug.php?action=view&id=1006
1 || 2012158 || 3 || attempted-user || 0 || ET ACTIVEX Possible Microsoft WMI Administration Tools WEBSingleView.ocx ActiveX Buffer Overflow Attempt || url,xcon.xfocus.net/XCon2010_ChenXie_EN.pdf || url,wooyun.org/bug.php?action=view&id=1006 || bid,45546 || cve,CVE-2010-3973
1 || 2012159 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Informacion General informacion_general.php SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97188/phpig-sql.txt
1 || 2012160 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Informacion General informacion_general.php DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97188/phpig-sql.txt
1 || 2012161 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Informacion General informacion_general.php UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/97188/phpig-sql.txt
1 || 2012162 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Informacion General informacion_general.php INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/97188/phpig-sql.txt
1 || 2012163 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Informacion General informacion_general.php UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/97188/phpig-sql.txt
1 || 2012164 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WORDPRESS Plugin Accept Signups email Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/96928/wpsignups-xss.txt
1 || 2012165 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Concrete DIR_FILES_BLOCK_TYPES_CORE Parameter Remote File Inclusion Attempt || bugtraq,45669
1 || 2012166 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_xmovie file Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/96996/xmovie-fli.txt
1 || 2012167 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ndCMS editor.aspx index Parameter SQL Injection Attempt || url,exploit-db.com/exploits/15124/
1 || 2012168 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tiki Wiki CMS Groupware language Parameter Local File Inclusion Attempt || url,johnleitch.net/Vulnerabilities/Tiki.Wiki.CMS.Groupware.5.2.Local.File.Inclusion/46
1 || 2012169 || 9 || bad-unknown || 0 || ET TROJAN Potential Blackhole Exploit Pack Binary Load Request || url,krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/
1 || 2012170 || 2 || policy-violation || 0 || ET GAMES Blizzard Web Downloader Install Detected
1 || 2012171 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.org Domain || url,isc.sans.edu/diary.html?storyid=3266 || url,isc.sans.edu/diary.html?storyid=5710 || url,google.com/safebrowsing/diagnostic?site=3322.org/ || url,www.mywot.com/en/scorecard/3322.org
1 || 2012172 || 5 || trojan-activity || 0 || ET MALWARE User-Agent (mrgud)
1 || 2012173 || 2 || bad-unknown || 0 || ET WEB_CLIENT eval String.fromCharCode String Which May Be Malicious
1 || 2012174 || 8 || attempted-admin || 0 || ET EXPLOIT Microsoft Windows Common Control Library Heap Buffer Overflow || bugtraq,43717 || url,www.microsoft.com/technet/security/bulletin/MS10-081.mspx
1 || 2012176 || 1 || misc-activity || 0 || ET MALWARE Lookup of Malware Domain twothousands.cm Likely Infection
1 || 2012177 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS p2pshares.org Related Malware
1 || 2012178 || 4 || trojan-activity || 0 || ET TROJAN Carberp CnC request POST /set/task.html
1 || 2012179 || 6 || attempted-user || 0 || ET WEB_CLIENT Adobe Reader and Acrobat U3D File Invalid Array Index Remote Code Execution Attempt || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=827 || url,www.adobe.com/support/security/bulletins/apsb09-15.html || bid,36638 || cve,2009-2990
1 || 2012180 || 3 || bad-unknown || 0 || ET USER_AGENTS Suspicious User Agent no space
1 || 2012181 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nucleus action.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15907/
1 || 2012182 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nucleus media.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15907/
1 || 2012183 || 3 || attempted-recon || 0 || ET DELETED Possible Open SIP Relay scanner Fake Eyebeam User-Agent Detected || url,honeynet.org.au/?q=open_sip_relay_scanner
1 || 2012184 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nucleus server.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15907/
1 || 2012185 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nucleus PLUGINADMIN.php Remote File Inclusion Attempt || url,exploit-db.com/exploits/15907/
1 || 2012186 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS axdcms aXconf Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/15938/
1 || 2012187 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bizdir.cgi f_srch Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/96613/bizdir510-xss.txt
1 || 2012189 || 1 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpscripte24 Vor und Ruckwarts Auktions System Blind SQL Injection Attempt || url,exploit-db.com/exploits/12026/
1 || 2012190 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zimplit CMS client Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/96466/zimplit-xss.txt
1 || 2012191 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zimplit CMS file Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/96466/zimplit-xss.txt
1 || 2012192 || 3 || attempted-user || 0 || ET ACTIVEX NewV SmartClient NewvCommon.ocx DelFile Method Arbitrary File Deletion Attempt || url,packetstormsecurity.org/files/view/97394/newvcommon-insecure.txt
1 || 2012193 || 2 || web-application-attack || 0 || ET EXPLOIT Lexmark Printer RDYMSG Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/97265/lexmark-xss.txt
1 || 2012194 || 3 || attempted-user || 0 || ET ACTIVEX Real Networks RealPlayer SP RecordClip Method Remote Code Execution Attempt || bid,44443 || cve,2010-3749
1 || 2012195 || 3 || misc-activity || 0 || ET DELETED Nginx Serving EXE/DLL File Often Malware Related
1 || 2012196 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible Unescape Encoded Content With Split String Obfuscation || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012197 || 4 || shellcode-detect || 0 || ET SHELLCODE Possible Unescape Encoded Content With Split String Obfuscation 2 || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012198 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Worm W32.Svich or Other Infection Request for setting.ini || url,www.threatexpert.com/report.aspx?md5=fcb828c0b735ea8d560a45b3bdd29b94 || url,www.threatexpert.com/report.aspx?md5=36d9a446d6311f9a4c19865e2b62f15d
1 || 2012199 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Worm W32.Svich or Other Infection Request for setting.xls || url,www.threatexpert.com/report.aspx?md5=fb789b067c2809c25fb36abb677cdfcd
1 || 2012200 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Worm W32.Svich or Other Infection Request for setting.doc || url,www.threatexpert.com/report.aspx?md5=fb789b067c2809c25fb36abb677cdfcd
1 || 2012201 || 3 || trojan-activity || 0 || ET WORM Possible Worm Sohanad.Z or Other Infection Request for setting.nql || url,www.threatexpert.com/report.aspx?md5=a70aad8f27957702febfa162556dc5b5
1 || 2012202 || 2 || trojan-activity || 0 || ET DELETED DNS Lookup of Known BlackEnergy DDOS Botnet CnC Server greenter.ru || url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20110116 || url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20100913
1 || 2012204 || 3 || attempted-recon || 0 || ET SCAN Modified Sipvicious Sundayddr Scanner (sipsscuser) || url,code.google.com/p/sipvicious/ || url,blog.sipvicious.org/ || url,honeynet.org.au/?q=sunday_scanner
1 || 2012205 || 2 || misc-activity || 0 || ET WEB_CLIENT Possible Malicious String.fromCharCode with charCodeAt String
1 || 2012206 || 2 || attempted-user || 0 || ET ACTIVEX Novell iPrint ActiveX GetDriverSettings Remote Code Execution Attempt || url,www.zerodayinitiative.com/advisories/ZDI-10-256/ || url,www.vupen.com/english/advisories/2010/3023 || bid,44966 || cve,2010-4321
1 || 2012207 || 4 || misc-attack || 0 || ET DELETED Possible Twitter Worm Attack || url,threatpost.com/en_us/blogs/twitter-worm-uses-google-url-shortener-spread-scareware-012011
1 || 2012208 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS FAKEAV CryptMEN pack.exe Payload Download
1 || 2012209 || 2 || trojan-activity || 0 || ET DELETED m28sx twitter worm redirect access || url,isc.sans.edu/diary.html?storyid=10297
1 || 2012210 || 2 || trojan-activity || 0 || ET DELETED DNS Lookup of Twitter m28sx Worm || url,isc.sans.edu/diary.html?storyid=10297
1 || 2012211 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/96808/tunngavikcms-sql.txt
1 || 2012212 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/96808/tunngavikcms-sql.txt
1 || 2012213 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/96808/tunngavikcms-sql.txt
1 || 2012214 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/96808/tunngavikcms-sql.txt
1 || 2012215 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tunngavik CMS id Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/96808/tunngavikcms-sql.txt
1 || 2012216 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS B-Cumulus tagcloud.swf Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/97618/bcumulus-xss.txt
1 || 2012217 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LetoDMS lang Parameter Local File Inclusion Attempt || bugtraq,37828
1 || 2012218 || 3 || web-application-attack || 0 || ET ACTIVEX Possible UserManager SelectServer method Buffer Overflow Attempt || url,exploit-db.com/exploits/16002/
1 || 2012219 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BetMore Site Suite mainx_a.php bid Paramter Blind SQL Injection Attempt || url,exploit-db.com/exploits/15999/
1 || 2012220 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS B-Cumulus tagcloud-ru.swf Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/97618/bcumulus-xss.txt
1 || 2012221 || 2 || trojan-activity || 0 || ET USER_AGENTS Malware Related msndown || url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=17fdf0cb5970b71b81b1a5406e017ac1
1 || 2012222 || 2 || trojan-activity || 0 || ET TROJAN Winsoft.E Checkin 1 || url,www.threatexpert.com/report.aspx?md5=d773d063d8cf35166831af0dae13a4b7 || url,xml.ssdsandbox.net/index.php/935021734dd64921defd1eb266c3fb39
1 || 2012223 || 2 || trojan-activity || 0 || ET TROJAN Winsoft.E Checkin 2 || url,www.threatexpert.com/report.aspx?md5=d773d063d8cf35166831af0dae13a4b7 || url,xml.ssdsandbox.net/index.php/935021734dd64921defd1eb266c3fb39
1 || 2012224 || 2 || trojan-activity || 0 || ET TROJAN Winsoft.E Checkin 3 || url,www.threatexpert.com/report.aspx?md5=d773d063d8cf35166831af0dae13a4b7 || url,xml.ssdsandbox.net/index.php/935021734dd64921defd1eb266c3fb39
1 || 2012225 || 4 || trojan-activity || 0 || ET TROJAN Spy Banker Outbound Communication Attempt || url,www.threatexpert.com/report.aspx?md5=58b3c37b61d27cdc0a55321f4c12ef04
1 || 2012226 || 4 || trojan-activity || 0 || ET TROJAN Win32/Banbra Banking Trojan Communication || url,www.threatexpert.com/report.aspx?md5=7ce03717d6879444d8e45b7cf6470c67
1 || 2012227 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FAKEAV Gemini softupdate*.exe download
1 || 2012228 || 5 || misc-activity || 0 || ET MALWARE Suspicious Russian Content-Language Ru Which May Be Malware Related
1 || 2012229 || 7 || misc-activity || 0 || ET MALWARE Suspicious Chinese Content-Language zh-cn Which May be Malware Related
1 || 2012230 || 4 || web-application-attack || 0 || ET WEB_SERVER Likely Malicious Request for /proc/self/environ
1 || 2012231 || 2 || attempted-user || 0 || ET ACTIVEX Oracle Document Capture Insecure Read Method File Access Attempt || cve,2010-3595
1 || 2012232 || 2 || attempted-user || 0 || ET ACTIVEX Oracle Document Capture File Deletion Attempt || cve,2010-3591
1 || 2012233 || 3 || attempted-user || 0 || ET ACTIVEX Oracle Document Capture File Overwrite Attempt || cve,2010-3591
1 || 2012234 || 3 || attempted-user || 0 || ET ACTIVEX Oracle Document Capture File Overwrite or Buffer Overflow Attempt || cve,2010-3599
1 || 2012235 || 3 || trojan-activity || 0 || ET DELETED UPS Spam Inbound Variant 4
1 || 2012236 || 2 || trojan-activity || 0 || ET TROJAN x0Proto Init
1 || 2012237 || 2 || trojan-activity || 0 || ET TROJAN x0Proto Client Info
1 || 2012238 || 2 || trojan-activity || 0 || ET TROJAN x0Proto Pong
1 || 2012239 || 2 || trojan-activity || 0 || ET TROJAN x0Proto Ping
1 || 2012240 || 2 || trojan-activity || 0 || ET TROJAN x0Proto Download Cmd
1 || 2012241 || 2 || bad-unknown || 0 || ET WEB_CLIENT Possible % Encoded Iframe Tag || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.guardian.co.uk/technology/2008/apr/03/security.google
1 || 2012242 || 2 || bad-unknown || 0 || ET WEB_CLIENT Possible %u UTF-8 Encoded Iframe Tag || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.guardian.co.uk/technology/2008/apr/03/security.google
1 || 2012243 || 2 || bad-unknown || 0 || ET WEB_CLIENT Possible %u UTF-16 Encoded Iframe Tag || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.guardian.co.uk/technology/2008/apr/03/security.google
1 || 2012244 || 2 || bad-unknown || 0 || ET WEB_CLIENT Possible # Encoded Iframe Tag || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.guardian.co.uk/technology/2008/apr/03/security.google
1 || 2012245 || 2 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of document.write # Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012246 || 3 || trojan-activity || 0 || ET USER_AGENTS Unknown Trojan Checkin UA Detected iamx
1 || 2012247 || 3 || policy-violation || 0 || ET P2P BTWebClient UA uTorrent in use
1 || 2012248 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS MUROFET/Licat Trojan Checkin Forum || url,extraexploit.blogspot.com/2010/10/some-domains-for-licatmurofettrojanzbot.html || url,www.threatexpert.com/report.aspx?md5=531e84b0894a7496479d186712acd7d2
1 || 2012249 || 4 || trojan-activity || 0 || ET USER_AGENTS Suspicious Win32 User Agent
1 || 2012250 || 3 || trojan-activity || 0 || ET TROJAN Unknown Web Backdoor Keep-Alive
1 || 2012251 || 8 || policy-violation || 0 || ET MOBILE_MALWARE Google Android Device HTTP Request
1 || 2012252 || 3 || shellcode-detect || 0 || ET SHELLCODE Common 0a0a0a0a Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2012253 || 2 || shellcode-detect || 0 || ET SHELLCODE Common %0a%0a%0a%0a Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2012254 || 3 || shellcode-detect || 0 || ET SHELLCODE Common %u0a0a%u0a0a UTF-16 Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2012255 || 3 || shellcode-detect || 0 || ET SHELLCODE Common %u0a%u0a%u0a%u0a UTF-8 Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2012256 || 2 || shellcode-detect || 0 || ET SHELLCODE Common 0c0c0c0c Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2012257 || 3 || shellcode-detect || 0 || ET SHELLCODE Common %0c%0c%0c%0c Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2012258 || 3 || shellcode-detect || 0 || ET SHELLCODE Common %u0c0c%u0c0c UTF-16 Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2012259 || 3 || shellcode-detect || 0 || ET SHELLCODE Common %u0c%u0c%u0c%u0c UTF-8 Heap Spray String || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2012260 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of parseInt % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,/www.w3schools.com/jsref/jsref_parseInt.asp
1 || 2012261 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of parseInt %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,/www.w3schools.com/jsref/jsref_parseInt.asp
1 || 2012262 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of parseInt %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,/www.w3schools.com/jsref/jsref_parseInt.asp
1 || 2012263 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of Script Tag % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012264 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of Script Tag %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012265 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of Script Tag %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012266 || 4 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of unescape % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012267 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of unescape %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012268 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of unescape %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012269 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of substr % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012270 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of substr %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012271 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of substr %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012272 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of eval % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012273 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of eval %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012274 || 3 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of eval %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012275 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Post Express Inbound SPAM (possible Spyeye) || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out
1 || 2012276 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS USPS Inbound SPAM
1 || 2012278 || 5 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent (Our_Agent)
1 || 2012279 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SpyEye HTTP Library Checkin || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out
1 || 2012280 || 2 || trojan-activity || 0 || ET DELETED SpyEye Post_Express_Label infection activity to document.doc || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out
1 || 2012281 || 2 || trojan-activity || 0 || ET DELETED SpyEye Post_Express_Label infection activity multi-stage download request || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out
1 || 2012282 || 4 || trojan-activity || 0 || ET DELETED SpyEye Post_Express_Label infection activity multi-stage download confirmed success || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out
1 || 2012283 || 4 || trojan-activity || 0 || ET DELETED SpyEye Post_Express_Label infection check-in || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out
1 || 2012284 || 3 || trojan-activity || 0 || ET TROJAN SpyEye Post_Express_Label ftpgrabber check-in || url,nakedsecurity.sophos.com/2011/02/01/outbreak-post-express-service-malware-attack-spammed-out
1 || 2012285 || 4 || trojan-activity || 0 || ET DELETED Trojan/Win32.CodecPack Reporting
1 || 2012286 || 4 || attempted-recon || 0 || ET WEB_SERVER Automated Site Scanning for backupdata
1 || 2012287 || 3 || attempted-recon || 0 || ET WEB_SERVER Automated Site Scanning for backup_data
1 || 2012288 || 4 || trojan-activity || 0 || ET TROJAN Spy.Win32.Agent.bijs Reporting 2 || url,threatexpert.com/report.aspx?md5=846ac24b003c6d468a833bff58db5f5c
1 || 2012289 || 4 || trojan-activity || 0 || ET TROJAN Win32 Troxen Reporting || url,threatexpert.com/report.aspx?md5=664a5147e6258f10893c3fd375f16ce4 || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3aWin32/Troxen!rts
1 || 2012290 || 4 || trojan-activity || 0 || ET TROJAN Spy.Win32.Agent.bijs Reporting 1 || url,threatexpert.com/report.aspx?md5=846ac24b003c6d468a833bff58db5f5c
1 || 2012291 || 2 || attempted-user || 0 || ET DELETED Base64 Encoded FTP Commands (21 > o&echo user 1 1 >> o &echo get)
1 || 2012292 || 3 || attempted-user || 0 || ET DELETED Base64 Encoded FTP Commands Upload (21 > o&echo user 1 1 >> o &echo get)
1 || 2012295 || 3 || trojan-activity || 0 || ET USER_AGENTS suspicious user-agent (REKOM)
1 || 2012296 || 2 || attempted-recon || 0 || ET VOIP Modified Sipvicious Asterisk PBX User-Agent || url,blog.sipvicious.org/2010/11/distributed-sip-scanning-during.html
1 || 2012297 || 2 || attempted-recon || 0 || ET VOIP Possible Inbound VOIP Scan/Misuse With User-Agent Zoiper || url,blog.sipvicious.org/2010/12/11-million-euro-loss-in-voip-fraud-and.html
1 || 2012298 || 3 || trojan-activity || 0 || ET MALWARE User-Agent (0xa10xa1HttpClient)
1 || 2012299 || 3 || trojan-activity || 0 || ET TROJAN W32 Bamital or Backdoor.Win32.Shiz CnC Communication || url,www.threatexpert.com/report.aspx?md5=fbcdfecc73c4389e8d3ed7e2e573b6f1
1 || 2012300 || 3 || trojan-activity || 0 || ET TROJAN Win32.Banker.AAD CnC Communication || url,www.threatexpert.com/report.aspx?md5=8556aec7ff96824e2da9d1b948ed7029
1 || 2012301 || 3 || trojan-activity || 0 || ET TROJAN Potential Trojan dropper Wlock.A (AS1680) || url,www.malwareurl.com/listing.php?domain=pworldxxx.info
1 || 2012302 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Potential Fake AV Scan (AS31252) || url,www.malwareurl.com/listing.php?domain=scan.dpowerprotection.com
1 || 2012303 || 4 || trojan-activity || 0 || ET TROJAN Night Dragon CnC Beacon Outbound || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf
1 || 2012304 || 6 || trojan-activity || 0 || ET TROJAN Night Dragon CnC Beacon Inbound || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-Night-dragon.pdf
1 || 2012305 || 5 || trojan-activity || 0 || ET TROJAN Night Dragon CnC Traffic Inbound 2 || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-Night-dragon.pdf
1 || 2012306 || 6 || trojan-activity || 0 || ET TROJAN Night Dragon CnC Traffic Outbound 2 || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-Night-dragon.pdf
1 || 2012307 || 1 || trojan-activity || 0 || ET TROJAN Night Dragon CMD Shell || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-Night-dragon.pdf
1 || 2012308 || 2 || trojan-activity || 0 || ET TROJAN Night Dragon Dropper Download Command || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-Night-dragon.pdf
1 || 2012309 || 1 || trojan-activity || 0 || ET TROJAN Night Dragon Server Auth to Bot || url,www.mcafee.com/us/resources/white-papers/wp-global-energy-cyberattacks-Night-dragon.pdf
1 || 2012310 || 5 || trojan-activity || 0 || ET TROJAN Si25f_302 User-Agent
1 || 2012311 || 4 || trojan-activity || 0 || ET DELETED W32.SillyP2P Checkin || url,www.securehomenetwork.blogspot.com/2011/02/anonleaks-continues-relationship-with.html || url,www.threatexpert.com/report.aspx?md5=a7e1388c38c1fed12785bc335f95b15d
1 || 2012312 || 5 || trojan-activity || 0 || ET TROJAN Generic Trojan with /? and Indy Library User-Agent
1 || 2012313 || 5 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent Moxilla
1 || 2012314 || 3 || trojan-activity || 0 || ET TROJAN Rootkit TDSS/Alureon Checkin 2 || url,contagiodump.blogspot.com/2011/02/tdss-tdl-4-alureon-32-bit-and-64-bit.html
1 || 2012315 || 2 || trojan-activity || 0 || ET USER_AGENTS Fake Opera 8.11 UA related to Trojan Activity
1 || 2012316 || 3 || trojan-activity || 0 || ET DELETED Suspicious Win32 User Agent
1 || 2012317 || 2 || attempted-admin || 0 || ET NETBIOS Microsoft Windows Server 2003 Active Directory Pre-Auth BROWSER ELECTION Heap Overflow Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=22457 || bid,46360
1 || 2012318 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FAKEAV download (AntiSpyWareSetup.exe)
1 || 2012319 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS IRS Inbound SMTP Malware
1 || 2012320 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS IRS Inbound SPAM
1 || 2012321 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.cx.cc domain
1 || 2012322 || 7 || trojan-activity || 0 || ET TROJAN Possible TDSS User-Agent CMD || url,www.kernelmode.info/forum/viewtopic.php?f=16&t=19 || url,www.securelist.com/en/analysis/204792180/TDL4_Top_Bot
1 || 2012323 || 3 || bad-unknown || 0 || ET DELETED Malicious Advertizing URL in.cgi/antibot_hash
1 || 2012324 || 3 || bad-unknown || 0 || ET EXPLOIT Unknown Exploit Pack URL Detected
1 || 2012325 || 4 || bad-unknown || 0 || ET WEB_CLIENT Obfuscated Javascript // ptth
1 || 2012326 || 5 || bad-unknown || 0 || ET WEB_CLIENT Obfuscated Javascript // ptth (escaped)
1 || 2012327 || 3 || misc-activity || 0 || ET MALWARE All Numerical .cn Domain Likely Malware Related
1 || 2012328 || 5 || misc-activity || 0 || ET MALWARE All Numerical .ru Domain Lookup Likely Malware Related
1 || 2012329 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS IRS Inbound SPAM variant 3
1 || 2012330 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain
1 || 2012331 || 3 || policy-violation || 0 || ET POLICY Apple iDisk Sync Unencrypted
1 || 2012332 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Fast Flux Trojan Rogue Antivirus || url,www.malwareurl.com/listing.php?domain=microantivirus5.com
1 || 2012333 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neosploit Toolkit download || url,www.malwareurl.com/listing.php?domain=piadraspgdw.com || url,labs.m86security.com/2011/01/shedding-light-on-the-neosploit-exploit-kit
1 || 2012334 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Froxlor customer_ftp.php id Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/16051/
1 || 2012335 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coupon Script bus parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/16034/
1 || 2012336 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CultBooking lang parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/16028/
1 || 2012337 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CultBooking lang Parameter Cross Site Scripting Attempt || url,exploit-db.com/exploits/16028/
1 || 2012338 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-fusion Team Structure Infusion team_id Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97588/phpfusiontsi-sql.txt
1 || 2012339 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-fusion Team Structure Infusion team_id Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97588/phpfusiontsi-sql.txt
1 || 2012340 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-fusion Team Structure Infusion team_id Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/97588/phpfusiontsi-sql.txt
1 || 2012341 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-fusion Team Structure Infusion team_id Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/97588/phpfusiontsi-sql.txt
1 || 2012342 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-fusion Team Structure Infusion team_id Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/97588/phpfusiontsi-sql.txt
1 || 2012343 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WeBid active_auctions.php lan Parameter Local File inclusion Attempt || url,johnleitch.net/Vulnerabilities/WeBid.0.8.5P1.Local.File.Inclusion/63
1 || 2012344 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Madirish Webmail basedir Parameter Remote File inclusion Attempt || url,exploit-db.com/exploits/12369/
1 || 2012345 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Frontend-User-Access controller Parameter Local File Inclusion Attempt || url,secunia.com/advisories/43137/ || url,securityhome.eu/exploits/exploit.php?eid=17879866924d479451d88fa8.02873909
1 || 2012346 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMB Services id Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/16087/
1 || 2012347 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMB Services id Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/16087/
1 || 2012348 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Services id Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/16087/
1 || 2012349 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMB Services id Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/16087/
1 || 2012350 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PMB Services id Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/16087/
1 || 2012351 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Emerson Network AllResults.aspx Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/98029/enp-xss.txt
1 || 2012352 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Classified ads software cid parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/16062/
1 || 2012353 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Audio showfile Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/97834/WordPressAudio0.5.1-xss.txt
1 || 2012354 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dokeos and Chamilo open_document.php file Parameter File Disclosure Attempt || bugtraq,46173
1 || 2012355 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Moodle PHPCOVERAGE_HOME Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/98053/Moodle2.0.1-xss.txt
1 || 2012356 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Featured Content param Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/97826/WordPressFeaturedContent0.0.1-xss.txt
1 || 2012357 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla XGallery com_xgallery Component Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/96864/joomlaxgallery-lfi.txt
1 || 2012358 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHPCMS modelid Parameter SQL Injection Attempt || bugtraq,45933
1 || 2012359 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS T-Content Management System id_novedad Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/98190/tcms-sql.txt
1 || 2012360 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS T-Content Management System id_novedad Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/98190/tcms-sql.txt
1 || 2012361 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS T-Content Management System id_novedad Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/98190/tcms-sql.txt
1 || 2012362 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS T-Content Management System id_novedad Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/98190/tcms-sql.txt
1 || 2012363 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS T-Content Management System id_novedad Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/98190/tcms-sql.txt
1 || 2012364 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bexfront sid Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97294/phpbexfront-sql.txt
1 || 2012365 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bexfront sid Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97294/phpbexfront-sql.txt
1 || 2012366 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bexfront sid Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/97294/phpbexfront-sql.txt
1 || 2012367 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bexfront sid Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/97294/phpbexfront-sql.txt
1 || 2012368 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Bexfront sid Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/97294/phpbexfront-sql.txt
1 || 2012369 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla swMenuPro ImageManager.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/view/95505/joomlaswmenupro-rfi.txt
1 || 2012370 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Boonex Dolphin explain Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/98408/Dolphin7.0.4-xss.txt || bugtraq,46337
1 || 2012371 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Boonex Dolphin relocate Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/98408/Dolphin7.0.4-xss.txt || bugtraq,46337
1 || 2012372 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ColdUserGroup LibraryID Parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/14935/
1 || 2012373 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde type Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/98424/horde-lfi.txt
1 || 2012374 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/16202/
1 || 2012375 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/16202/
1 || 2012376 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/16202/
1 || 2012377 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/16202/
1 || 2012378 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Woltlab Burning Board katid Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/16202/
1 || 2012379 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TelebidAuctionScript aid Parameter Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/82724/telebidauction-sql.txt
1 || 2012380 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Podcast Generator themes.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/98143/podcastgenerator-xss.txt
1 || 2012381 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ITechBids productid Parameter Blind SQL Injection Attempt || url,exploit-db.com/exploits/9497
1 || 2012382 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery output Parameter Remote Command Execution Attempt || url,packetstormsecurity.org/files/view/98347/cpg15x-exec.txt
1 || 2012383 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Coppermine Photo Gallery retva Parameter Remote Command Execution Attempt || url,packetstormsecurity.org/files/view/98347/cpg15x-exec.txt
1 || 2012384 || 3 || trojan-activity || 0 || ET INFO Suspicious Purported MSIE 7 with terse HTTP Headers GET to PHP
1 || 2012385 || 3 || trojan-activity || 0 || ET DELETED Likely Infected HTTP POST to PHP with User-Agent of HTTP Client
1 || 2012386 || 2 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent VCTestClient
1 || 2012387 || 2 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent PrivacyInfoUpdate
1 || 2012388 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS USPS SPAM Inbound possible spyeye trojan || url,www.virustotal.com/file-scan/report.html?id=ed1766eb13cc7f41243dd722baab9973560c999c1489763c0704debebe8f4cb1-1298551066
1 || 2012389 || 3 || trojan-activity || 0 || ET TROJAN Java Exploit Kit Success Check-in Executable Download Likely
1 || 2012390 || 2 || trojan-activity || 0 || ET P2P Libtorrent User-Agent
1 || 2012391 || 3 || trojan-activity || 0 || ET TROJAN Tatanga Checkin || url,securityblog.s21sec.com/2011/02/tatanga-new-banking-trojan-with-mitb.html || url,www.sophos.com/security/analyses/viruses-and-spyware/trojtatangac.html || url,support.clean-mx.de/clean-mx/view_joebox.php?md5=4b5eb54de32f86819c638878ac2c7985&id=740958 || url,www.malware-control.com/statics-pages/06198e9b72e1bb0c256769c5754ed821.php
1 || 2012392 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Potential Fast Flux Rogue Antivirus (Setup_245.exe) || url,www.malwareurl.com/listing.php?domain=antivirus-live21.com
1 || 2012393 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Attempt || bid,45123 || cve,2010-4367
1 || 2012394 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf Cross Site Scripting Attempt || bid,46471 || cve,2011-1038
1 || 2012395 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf Cross Site Scripting Attempt || bid,46471 || cve,2011-1038
1 || 2012396 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclipse IDE Help Component Cross Site Scripting Attempt || bid,44883 || cve,2010-4647
1 || 2012397 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Eclipse IDE Help Component Cross Site Scripting Attempt || bid,44883 || cve,2010-4647
1 || 2012398 || 4 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of replace Javascript Function % Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012399 || 4 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of replace Javascript Function %u UTF-8 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012400 || 4 || bad-unknown || 0 || ET WEB_CLIENT Hex Obfuscation of replace Javascript Function %u UTF-16 Encoding || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012401 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby Download Secondary Request
1 || 2012402 || 7 || trojan-activity || 0 || ET DELETED Facebook URL Redirect Vulnerability || url,lists.grok.org.uk/pipermail/full-disclosure/2011-February/079577.html
1 || 2012403 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Potential Rogue Antivirus FakePAV || url,www.malwareurl.com/listing.php?domain=76.76.102.214
1 || 2012404 || 2 || bad-unknown || 0 || ET WEB_CLIENT Likely Hostile Eval CRYPT.obfuscate Usage || url,research.zscaler.com/2010/05/malicious-hidden-iframes-using-publicly.html
1 || 2012405 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Potential FakePAV Checkin || url,www.threatexpert.com/report.aspx?md5=f5dd61e29eff89a93c591fba7ea14d92
1 || 2012406 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Potential Cewolf DOS attempt || url,lists.grok.org.uk/pipermail/full-disclosure/2011-February/079547.html
1 || 2012407 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Potential Wordpress local file disclosure vulnerability || url,lists.grok.org.uk/pipermail/full-disclosure/2011-February/079568.html
1 || 2012408 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Potential Wordpress local file disclosure vulnerability || url,lists.grok.org.uk/pipermail/full-disclosure/2011-February/079568.html
1 || 2012409 || 3 || trojan-activity || 0 || ET DELETED Unknown Malware Keepalive
1 || 2012410 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE DroidDream Android Trojan info upload || url,androguard.blogspot.com/2011/03/droiddream.html || url,blog.aegislab.com/index.php?op=ViewArticle&articleId=79&blogId=1 || url,blog.mylookout.com/2011/03/android-malware-droiddream-how-it-works/ || url,countermeasures.trendmicro.eu/google-android-rooted-backdoored-infected/
1 || 2012411 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress updateAJAX.php post_id Parameter Cross Site Scripting Attempt || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html
1 || 2012412 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt  updateAJAX.php post_id SELECT || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html
1 || 2012413 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id UNION SELECT || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html
1 || 2012414 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id INSERT || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html
1 || 2012415 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id DELETE || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html
1 || 2012416 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id ASCII || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html
1 || 2012417 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IWantOneButton Wordpress SQL Injection Attempt updateAJAX.php post_id UPDATE || url,exploit-db.com/exploits/16236/ || url,htbridge.ch/advisory/sql_injection_in_iwantonebutton_wordpress_plugin.html
1 || 2012418 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PhreeBooks js_include.php form Parameter Cross Site Scripting Attempt 1 || url,packetstormsecurity.org/files/view/98756/PhreeBooksR30RC4-xss.txt || url,exploit-db.com/exploits/16249/
1 || 2012419 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PhreeBooks js_include.php form Parameter Cross Site Scripting Attempt 2 || url,packetstormsecurity.org/files/view/98756/PhreeBooksR30RC4-xss.txt || url,exploit-db.com/exploits/16249/
1 || 2012420 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SOPHIA CMS SQL Injection Attempt dsp_page.cfm pageid SELECT || url,exploit-db.com/exploits/16225/ || url,securelist.com/en/advisories/43460 || url,secunia.com/advisories/43460
1 || 2012421 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SOPHIA CMS SQL Injection Attempt -- dsp_page.cfm pageid UNION SELECT || url,exploit-db.com/exploits/16225/ || url,securelist.com/en/advisories/43460 || url,secunia.com/advisories/43460
1 || 2012422 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SOPHIA CMS SQL Injection Attempt -- dsp_page.cfm pageid INSERT || url,exploit-db.com/exploits/16225/ || url,securelist.com/en/advisories/43460 || url,secunia.com/advisories/43460
1 || 2012423 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SOPHIA CMS SQL Injection Attempt -- dsp_page.cfm pageid DELETE || url,exploit-db.com/exploits/16225/ || url,securelist.com/en/advisories/43460 || url,secunia.com/advisories/43460
1 || 2012424 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SOPHIA CMS SQL Injection Attempt -- dsp_page.cfm pageid ASCII || url,exploit-db.com/exploits/16225/ || url,securelist.com/en/advisories/43460 || url,secunia.com/advisories/43460
1 || 2012425 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SOPHIA CMS SQL Injection Attempt -- dsp_page.cfm pageid UPDATE || url,exploit-db.com/exploits/16225/ || url,securelist.com/en/advisories/43460 || url,secunia.com/advisories/43460
1 || 2012426 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress XCloner Plugin cloner.cron.php config Parameter Local File Inclusion Attempt || bugtraq,46582 || url,exploit-db.com/exploits/16246/
1 || 2012427 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla XCloner Component cloner.cron.php config Parameter Local File Inclusion Attempt || bugtraq,46582 || url,exploit-db.com/exploits/16246/
1 || 2012428 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress XCloner Plugin index2.php option Parameter Cross Site Scripting Attempt || bugtraq,46582 || url,exploit-db.com/exploits/16246/
1 || 2012429 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress XCloner Plugin index2.php mosmsg Parameter Cross Site Scripting Attempt || bugtraq,46582 || url,exploit-db.com/exploits/16246/
1 || 2012430 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla XCloner Component index2.php mosmsg Parameter Cross Site Scripting Attempt || bugtraq,46582 || url,exploit-db.com/exploits/16246/
1 || 2012431 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WP Forum Server wordpress plugin SQL Injection Attempt -- feed.php topic SELECT || url,exploit-db.com/exploits/16235/
1 || 2012432 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WP Forum Server wordpress plugin SQL Injection Attempt -- feed.php topic UNION SELECT || url,exploit-db.com/exploits/16235/
1 || 2012433 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WP Forum Server wordpress plugin SQL Injection Attempt -- feed.php topic INSERT || url,exploit-db.com/exploits/16235/
1 || 2012434 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WP Forum Server wordpress plugin SQL Injection Attempt -- feed.php topic DELETE || url,exploit-db.com/exploits/16235/
1 || 2012435 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WP Forum Server wordpress plugin SQL Injection Attempt -- feed.php topic ASCII || url,exploit-db.com/exploits/16235/
1 || 2012436 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WP Forum Server wordpress plugin SQL Injection Attempt -- feed.php topic UPDATE || url,exploit-db.com/exploits/16235/
1 || 2012437 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Zotpress citation Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/98746/WordPressZotpress2.6-xss.txt
1 || 2012438 || 5 || trojan-activity || 0 || ET TROJAN TrojanDownloader Win32/Harnig.gen-P Reporting || url,threatexpert.com/report.aspx?md5=40d1819b9c3c85e1f3b7723c7a9118ad
1 || 2012439 || 4 || trojan-activity || 0 || ET TROJAN Win32.Vilsel.akd Reporting || url,threatexpert.com/report.aspx?md5=2d6cede13913b17bc2ea7c7f70ce5fa8
1 || 2012440 || 4 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Agent.bqkb Reporting || url,threatexpert.com/report.aspx?md5=de85ae919d48325189bead995e8052e7 || url,support.clean-mx.de/clean-mx/viruses.php?ip=210.163.9.69&sort=first desc
1 || 2012441 || 4 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Banload Reporting || url,threatexpert.com/report.aspx?md5=43b0ddf87c66418053ee055501193abf || url,scumware.org/report/89.108.68.81
1 || 2012442 || 2 || trojan-activity || 0 || ET DELETED UPS Inbound bad attachment v.4
1 || 2012443 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS UPS Inbound bad attachment v.5
1 || 2012444 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS UPS Inbound bad attachment v.6
1 || 2012445 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Post Express Inbound bad attachment
1 || 2012446 || 2 || trojan-activity || 0 || ET TROJAN Possible Eleonore Exploit pack download || url,www.malwareurl.com/listing.php?domain=ultranichehost.com
1 || 2012447 || 2 || trojan-activity || 0 || ET TROJAN Possible Fast Flux Rogue Antivirus || url,www.malwareurl.com/listing.php?domain=spyremover-k3.com
1 || 2012448 || 2 || trojan-activity || 0 || ET TROJAN Downloader Win32.Agent.FakeAV.AVG 1 || url,support.clean-mx.de/clean-mx/view_joebox.php?md5=96742442435325983fefb385174a57be&id=765408
1 || 2012449 || 2 || trojan-activity || 0 || ET TROJAN Downloader Win32.Agent.FakeAV.AVG 2 || url,support.clean-mx.de/clean-mx/view_joebox.php?md5=96742442435325983fefb385174a57be&id=765408
1 || 2012450 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan HongTouTou Command and Control Communication || url,blog.netqin.com/en/?p=451
1 || 2012451 || 5 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan MSO.PJApps checkin 1 || url,virus.netqin.com/en/android/MSO.PJApps.A
1 || 2012452 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan MSO.PJApps checkin 2 || url,virus.netqin.com/en/android/MSO.PJApps.A/
1 || 2012453 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan DroidDream Command and Control Communication || url,blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/
1 || 2012454 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan Fake10086 checkin 1 || url,blog.aegislab.com/index.php?op=ViewArticle&articleId=81&blogId=1
1 || 2012455 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android Trojan Fake10086 checkin 2 || url,blog.aegislab.com/index.php?op=ViewArticle&articleId=81&blogId=1
1 || 2012456 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JKDDOS download 500.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry
1 || 2012457 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JKDDOS download ddos.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry
1 || 2012458 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JKDDOS download desyms.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry
1 || 2012459 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JKDDOS download 1691.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry
1 || 2012460 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JKDDOS download wm.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry
1 || 2012461 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JKDDOS download cl.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry
1 || 2012466 || 3 || trojan-activity || 0 || ET DELETED Possible JKDDOS download b.exe || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry
1 || 2012467 || 2 || policy-violation || 0 || ET P2P Ocelot BitTorrent Server in Use
1 || 2012468 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu SELECT || url,securityreason.com/wlb_show/WLB-2011020009
1 || 2012469 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu UNION SELECT || url,securityreason.com/wlb_show/WLB-2011020009
1 || 2012470 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu INSERT || url,securityreason.com/wlb_show/WLB-2011020009
1 || 2012471 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu DELETE || url,securityreason.com/wlb_show/WLB-2011020009
1 || 2012472 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu ASCII || url,securityreason.com/wlb_show/WLB-2011020009
1 || 2012473 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS All In One Control Panel SQL Injection Attempt -- cp_menu_data_file.php menu UPDATE || url,securityreason.com/wlb_show/WLB-2011020009
1 || 2012474 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RecordPress rp-menu.php sess_user Parameter Cross Site Scripting Attempt || bugtraq,46798 || url,exploit-db.com/exploits/16950/
1 || 2012475 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RecordPress header.php titledesc Parameter Cross Site Scripting Attempt || bugtraq,46798 || url,exploit-db.com/exploits/16950/
1 || 2012476 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin folder.php type Parameter Cross Site Scripting Attempt || url,htbridge.ch/advisory/xss_in_1_flash_gallery_wordpress_plugin.html || url,packetstormsecurity.org/files/view/99086/1flashgal-sqlxss.txt
1 || 2012477 || 7 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id SELECT || url,htbridge.ch/advisory/sql_injection_in_1_flash_gallery_wordpress_plugin.html
1 || 2012478 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id UNION SELECT || url,htbridge.ch/advisory/sql_injection_in_1_flash_gallery_wordpress_plugin.html
1 || 2012479 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id INSERT || url,htbridge.ch/advisory/sql_injection_in_1_flash_gallery_wordpress_plugin.html
1 || 2012480 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id DELETE || url,htbridge.ch/advisory/sql_injection_in_1_flash_gallery_wordpress_plugin.html
1 || 2012481 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id ASCII || url,htbridge.ch/advisory/sql_injection_in_1_flash_gallery_wordpress_plugin.html
1 || 2012482 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Flash Gallery wordpress plugin SQL Injection Attempt -- massedit_album.php gall_id UPDATE || url,htbridge.ch/advisory/sql_injection_in_1_flash_gallery_wordpress_plugin.html
1 || 2012483 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wikiwig spell-check-savedicts.php to_p_dict Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/43709
1 || 2012484 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wikiwig spell-check-savedicts.php to_r_list Parameter Cross Site Scripting Attempt || url,secunia.com/advisories/43709
1 || 2012485 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf SELECT || url,exploit-db.com/exploits/16954/
1 || 2012486 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf UNION SELECT || url,exploit-db.com/exploits/16954/
1 || 2012487 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf INSERT || url,exploit-db.com/exploits/16954/
1 || 2012488 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf DELETE || url,exploit-db.com/exploits/16954/
1 || 2012489 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf ASCII || url,exploit-db.com/exploits/16954/
1 || 2012490 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Keynect Ecommerce SQL Injection Attempt -- products.php ctf UPDATE || url,exploit-db.com/exploits/16954/
1 || 2012491 || 6 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Presto)
1 || 2012492 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DHL Spam Inbound
1 || 2012493 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DHL Spam Inbound
1 || 2012494 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV InstallInternetDefender Download
1 || 2012495 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV campaign related JavaScript eval document obfuscation
1 || 2012496 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sahana Agasti AccessController.php approot Parameter Remote File Inclusion Attempt || bugtraq,45656 || url,exploit-db.com/exploits/15896/ || url,xforce.iss.net/xforce/xfdb/64442
1 || 2012497 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Sahana Agasti dao.php approot Parameter Remote File Inclusion Attempt || bugtraq,45656 || url,exploit-db.com/exploits/15896/ || url,xforce.iss.net/xforce/xfdb/64442
1 || 2012498 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Constructr CMS SQL Injection Attempt -- constructrXmlOutput.content.xml.php page_id SELECT || bugtraq,46842 || url,packetstormsecurity.org/files/99204 || url,exploit-db.com/exploits/16963/
1 || 2012499 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Constructr CMS SQL Injection Attempt -- constructrXmlOutput.content.xml.php page_id UNION SELECT || bugtraq,46842 || url,packetstormsecurity.org/files/99204 || url,exploit-db.com/exploits/16963/
1 || 2012500 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Constructr CMS SQL Injection Attempt -- constructrXmlOutput.content.xml.php page_id INSERT || bugtraq,46842 || url,packetstormsecurity.org/files/99204 || url,exploit-db.com/exploits/16963/
1 || 2012501 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Constructr CMS Injection Attempt -- constructrXmlOutput.content.xml.php page_id DELETE || bugtraq,46842 || url,packetstormsecurity.org/files/99204 || url,exploit-db.com/exploits/16963/
1 || 2012502 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Constructr CMS SQL Injection Attempt -- constructrXmlOutput.content.xml.php page_id ASCII || bugtraq,46842 || url,packetstormsecurity.org/files/99204 || url,exploit-db.com/exploits/16963/
1 || 2012503 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Compressed Adobe Flash File Embedded in XLS FILE Caution - Could be Exploit || url,blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html || url,bugix-security.blogspot.com/2011/03/cve-2011-0609-adobe-flash-player.html || bid,46860 || cve,2011-0609
1 || 2012504 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Excel with Embedded .emf object downloaded
1 || 2012505 || 4 || trojan-activity || 0 || ET TROJAN Monkif Checkin
1 || 2012506 || 5 || trojan-activity || 0 || ET TROJAN Driveby Exploit Attempt Often to Install Monkif
1 || 2012507 || 5 || trojan-activity || 0 || ET TROJAN Monkif CnC response in fake JPEG || url,2009.brucon.org/material/Julia_Wolf_Brucon_final.pdf || url,research.zscaler.com/2010/03/trojan-monkif-is-still-active-and.html || url,blogs.mcafee.com/mcafee-labs/monkif-botnet-hides-commands-in-jpegs
1 || 2012508 || 2 || policy-violation || 0 || ET POLICY Akamai NetSession Interface PUTing data || url,www.akamai.com/html/misc/akamai_client/netsession_interface_faq.html
1 || 2012509 || 2 || attempted-user || 0 || ET WEB_CLIENT Android Webkit removeChild Use-After-Free Remote Code Execution Attempt || bid,40642 || cve,2010-1119
1 || 2012510 || 2 || bad-unknown || 0 || ET SHELLCODE UTF-8/16 Encoded Shellcode || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html
1 || 2012511 || 2 || attempted-user || 0 || ET WEB_CLIENT Opera Window.Open document.cloneNode Null Pointer Deference Attempt || url,www.exploit-db.com/exploits/16979/
1 || 2012512 || 2 || trojan-activity || 0 || ET TROJAN Hiloti loader installed successfully response
1 || 2012513 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Hiloti loader installed successfully request
1 || 2012514 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Hiloti loader requesting payload URL
1 || 2012515 || 5 || trojan-activity || 0 || ET DELETED Hiloti loader receiving payload URL
1 || 2012516 || 2 || trojan-activity || 0 || ET DELETED Fake Google Toolbar User-Agent
1 || 2012517 || 2 || trojan-activity || 0 || ET TROJAN Win32/Rimecud.B Activity || url,www.threatexpert.com/report.aspx?md5=01dd7102b9d36ec8556eed2909b74f52
1 || 2012518 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RetroGuard Obfuscated JAR likely part of hostile exploit kit || url,www.retrologic.com
1 || 2012519 || 4 || attempted-user || 0 || ET DELETED Microsoft Publisher Array Indexing Memory Corruption SET || cve,2010-3995 || url,www.microsoft.com/technet/security/bulletin/MS10-103.mspx
1 || 2012520 || 7 || protocol-command-decode || 0 || ET WEB_CLIENT Microsoft OLE Compound File Magic Bytes Flowbit Set
1 || 2012521 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Generic Win32 Banker Trojan CheckIn || url,www.xandora.net/xangui/malware/view/18e5c43b3d430526e90799e7cc2c3ec8 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy%3AWin32%2FBancos.ZY
1 || 2012522 || 1 || policy-violation || 0 || ET POLICY DNS Query For XXX Adult Site Top Level Domain || url,mashable.com/2011/03/19/xxx-tld-porn/ || url,mashable.com/2010/06/24/dot-xxx-porn-domain/
1 || 2012523 || 8 || trojan-activity || 0 || ET POLICY Executable Download From Russian Content-Language Website
1 || 2012524 || 7 || trojan-activity || 0 || ET POLICY Executable Download From Chinese Content-Language Website
1 || 2012525 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Download of Microsft Office File From Russian Content-Language Website
1 || 2012526 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Download of Microsoft Office File From Chinese Content-Language Website
1 || 2012527 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Download of PDF File From Russian Content-Language Website
1 || 2012528 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Download of PDF File From Chinese Content-Language Website
1 || 2012529 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS WindowsLive Imposter Site WindowsLive.png
1 || 2012530 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS WindowsLive Imposter Site Landing Page
1 || 2012531 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS WindowsLive Imposter Site blt .png
1 || 2012532 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS WindowsLive Imposter Site Payload Download
1 || 2012533 || 4 || trojan-activity || 0 || ET TROJAN Win32/Virut.BN Checkin || url,www.threatexpert.com/report.aspx?md5=199d9ea754f193194e251415a2f6dd46
1 || 2012534 || 2 || shellcode-detect || 0 || ET SHELLCODE Unescape Variable %u Shellcode || url,www.symantec.com/avcenter/reference/evolving.shell.code.pdf
1 || 2012535 || 2 || shellcode-detect || 0 || ET SHELLCODE Unescape Variable Unicode Shellcode || url,www.symantec.com/avcenter/reference/evolving.shell.code.pdf
1 || 2012536 || 3 || trojan-activity || 0 || ET MALWARE Mozilla 3.0 and Indy Library User-Agent Likely Hostile
1 || 2012537 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zbot Trojan || url,www.malwareurl.com/listing.php?domain=umbralinversiones.com
1 || 2012538 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zbot Trojan || url,www.malwareurl.com/listing.php?domain=poleoa.net
1 || 2012539 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Rogue Antivirus || url,www.malwareurl.com/listing.php?domain=umbralinversiones.com
1 || 2012540 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Win32 Backdoor Poison || url,www.malwareurl.com/listing.php?domain=arteencueros.com
1 || 2012541 || 2 || trojan-activity || 0 || ET TROJAN Downloader.small Generic Checkin
1 || 2012542 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.gv.vg domain
1 || 2012543 || 3 || attempted-user || 0 || ET ACTIVEX RealPlayer CDDA URI Overflow Uninitialized Pointer Attempt || bid,44450 || cve,2010-3747
1 || 2012546 || 4 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for addons.mozilla.org
1 || 2012547 || 4 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for Global Trustee
1 || 2012548 || 4 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for login.live.com
1 || 2012549 || 4 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for login.skype.com
1 || 2012550 || 4 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for login.yahoo.com 1
1 || 2012551 || 5 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for login.yahoo.com 2
1 || 2012552 || 4 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for login.yahoo.com 3
1 || 2012553 || 5 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for mail.google.com
1 || 2012554 || 6 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent SSL Certificate for www.google.com
1 || 2012555 || 2 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent (VMozilla) || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32%2fNeeris.BF || url,www.avira.com/en/support-threats-description/tid/6259/tlang/en
1 || 2012556 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Shape Web Solutions imprimir.php SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/99467/shapewebsolutions-sql.txt
1 || 2012557 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Shape Web Solutions imprimir.php DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/99467/shapewebsolutions-sql.txt
1 || 2012558 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Shape Web Solutions imprimir.php UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/99467/shapewebsolutions-sql.txt
1 || 2012559 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Shape Web Solutions imprimir.php INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/99467/shapewebsolutions-sql.txt
1 || 2012560 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Shape Web Solutions imprimir.php UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/99467/shapewebsolutions-sql.txt
1 || 2012561 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfoncier action.class.php script Remote File inclusion Attempt || url,exploit-db.com/exploits/12366
1 || 2012562 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfoncier architecte.class.php script Remote File inclusion Attempt || url,exploit-db.com/exploits/12366
1 || 2012563 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfoncier avis.class.php script Remote File inclusion Attempt || url,exploit-db.com/exploits/12366
1 || 2012564 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfoncier bible.class.php script Remote File inclusion Attempt || url,exploit-db.com/exploits/12366
1 || 2012565 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openfoncier blocnote.class.php script Remote File inclusion Attempt || url,exploit-db.com/exploits/12366
1 || 2012566 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin vbBux vbplaza.php Blind SQL Injection Attempt || url,exploit-db.com/exploits/8784/
1 || 2012567 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS coRED CMS rubID Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/98769/coredcms-sql.txt
1 || 2012568 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS coRED CMS rubID Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/98769/coredcms-sql.txt
1 || 2012569 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS coRED CMS rubID Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/98769/coredcms-sql.txt
1 || 2012570 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS coRED CMS rubID Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/98769/coredcms-sql.txt
1 || 2012571 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jQuery Mega Menu Wordpress Plugin Local File Inclusion Attempt || url,exploit-db.com/exploits/16250
1 || 2012572 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Cache_Lite Class mosConfig_absolute_path Remote File inclusion Attempt || url,exploit-db.com/exploits/16912
1 || 2012573 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RecordPress header.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/99118/recordpress-xsrfxss.txt
1 || 2012574 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RecordPress header.php rp-menu.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/99118/recordpress-xsrfxss.txt
1 || 2012575 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field SELECT || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt
1 || 2012576 || 5 || web-application-attack || 0 || ET DELETED mySeatXT SQL Injection Attempt autocomplete.php field UNION SELECT || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt
1 || 2012577 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field INSERT || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt
1 || 2012578 || 5 || web-application-attack || 0 || ET DELETED mySeatXT SQL Injection Attempt autocomplete.php field DELETE || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt
1 || 2012579 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field ASCII || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt
1 || 2012580 || 4 || web-application-attack || 0 || ET DELETED mySeatXT SQL Injection Attempt autocomplete.php field UPDATE || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt
1 || 2012581 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Lazyest Gallery Plugin image Parameter Cross Site Scripting Attempt || url,htbridge.ch/advisory/xss_in_lazyest_gallery_wordpress_plugin.html || url,secunia.com/advisories/43661/
1 || 2012582 || 4 || web-application-attack || 0 || ET DELETED Interleave basicstats.php AjaxHandler Parameter Cross Site Scripting Attempt || bugtraq,46771 || url,xforce.iss.net/xforce/xfdb/65942 || url,packetstorm.linuxsecurity.com/1103-exploits/Interleave5.5.0.2-xss.txt
1 || 2012583 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ardeaCore PHP Framework appMVCPath Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/15840/ || url,securityreason.com/wlb_show/WLB-2011010005
1 || 2012584 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ardeaCore PHP Framework CURRENT_BLOG_PATH Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/15840/ || url,securityreason.com/wlb_show/WLB-2011010005
1 || 2012585 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS coRED CMS rubID Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/98769/coredcms-sql.txt
1 || 2012586 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent I mLuo
1 || 2012587 || 4 || trojan-activity || 0 || ET TROJAN VirTool-Win32-VBInject.gen-FA Reporting || url,threatexpert.com/report.aspx?md5=85a9f25c9b6614a8ad16dd7f3363a247
1 || 2012588 || 4 || web-application-attack || 0 || ET DELETED RiskTool.Win32.WFPDisabler Reporting || url,threatexpert.com/report.aspx?md5=c81be1cf10d9578803dab8c1bc62ccfa
1 || 2012589 || 4 || trojan-activity || 0 || ET DELETED Trojan-Dropper.Win32.Mudrop.asj Reporting || url,threatexpert.com/report.aspx?md5=0398af3218eb6f21195d701a0b001445
1 || 2012590 || 5 || trojan-activity || 0 || ET TROJAN Best Spyware Scanner FaveAV Download
1 || 2012591 || 5 || bad-unknown || 0 || ET DELETED EICAR test file with MZ header double-stacking AV evasion technique || url,isc.sans.edu/diary/Strange+Shockwave+File+with+Surprising+Attachments/10612 || url,www.eicar.org/anti_virus_test_file.htm
1 || 2012592 || 5 || trojan-activity || 0 || ET TROJAN PWS-Banker.gen.b Reporting || url,threatexpert.com/report.aspx?md5=e3fdf31ce57b3807352971a62f85c55b
1 || 2012593 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.ce.ms domain
1 || 2012595 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field SELECT || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt
1 || 2012596 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field UNION SELECT || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt
1 || 2012597 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field INSERT || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt
1 || 2012598 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field DELETE || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt
1 || 2012599 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field ASCII || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt
1 || 2012600 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS mySeatXT SQL Injection Attempt autocomplete.php field UPDATE || url,packetstormsecurity.org/files/view/98636/mySeatXT0.164-SQL.txt
1 || 2012601 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Lazyest Gallery Plugin image Parameter Cross Site Scripting Attempt || url,htbridge.ch/advisory/xss_in_lazyest_gallery_wordpress_plugin.html || url,secunia.com/advisories/43661/
1 || 2012603 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Interleave basicstats.php AjaxHandler Parameter Cross Site Scripting Attempt || bugtraq,46771 || url,xforce.iss.net/xforce/xfdb/65942 || url,packetstorm.linuxsecurity.com/1103-exploits/Interleave5.5.0.2-xss.txt
1 || 2012604 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ardeaCore PHP Framework appMVCPath Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/15840/ || url,securityreason.com/wlb_show/WLB-2011010005
1 || 2012605 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ardeaCore PHP Framework CURRENT_BLOG_PATH Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/15840/ || url,securityreason.com/wlb_show/WLB-2011010005
1 || 2012606 || 3 || web-application-attack || 0 || ET SCAN Havij SQL Injection Tool User-Agent Inbound || url,itsecteam.com/en/projects/project1.htm
1 || 2012607 || 4 || trojan-activity || 0 || ET USER_AGENTS Lowercase User-Agent header purporting to be MSIE
1 || 2012608 || 7 || trojan-activity || 0 || ET DELETED Java Exploit Attempt applet via file URI || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452
1 || 2012609 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Phoenix Java Exploit Attempt Request for .class from octal host || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452
1 || 2012610 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Java Exploit io.exe download served
1 || 2012611 || 5 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent Sample
1 || 2012612 || 11 || trojan-activity || 0 || ET TROJAN Hiloti Style GET to PHP with invalid terse MSIE headers
1 || 2012613 || 5 || trojan-activity || 0 || ET DELETED SpyeEye Trojan Request file=grabbers
1 || 2012614 || 5 || web-application-attack || 0 || ET CURRENT_EVENTS Internal WebServer Compromised By Lizamoon Mass SQL-Injection Attacks || url,malwaresurvival.net/tag/lizamoon-com/
1 || 2012615 || 2 || trojan-activity || 0 || ET MALWARE Unknown Malware PUTLINK Command Message
1 || 2012616 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Slugin.A PatchTimeCheck.dat Request
1 || 2012617 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Malware PatchPathNewS3.dat Request
1 || 2012618 || 2 || trojan-activity || 0 || ET DELETED .dll Request Without User-Agent Likely Malware
1 || 2012619 || 6 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent Mozilla/3.0
1 || 2012620 || 9 || trojan-activity || 0 || ET TROJAN Unknown Fake antivirus check-in
1 || 2012621 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Adobe Flash SWF File Embedded in XLS FILE Caution - Could be Exploit || url,blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html || url,bugix-security.blogspot.com/2011/03/cve-2011-0609-adobe-flash-player.html || bid,46860 || cve,2011-0609
1 || 2012622 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Adobe Flash Unicode SWF File Embedded in Office File Caution - Could be Hostile || url,blogs.adobe.com/asset/2011/03/background-on-apsa11-01-patch-schedule.html || url,bugix-security.blogspot.com/2011/03/cve-2011-0609-adobe-flash-player.html || bid,46860 || cve,2011-0609 || url,www.adobe.com/support/security/advisories/apsa11-02.html || cve,2011-0611
1 || 2012624 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Lizamoon Related Compromised site served to local client
1 || 2012625 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Potential Lizamoon Client Request /ur.php
1 || 2012626 || 4 || trojan-activity || 0 || ET TROJAN Unknown Dropper Checkin with NSISDL/1.2 User-Agent
1 || 2012627 || 2 || trojan-activity || 0 || ET TROJAN FakeAV Check-in purporting to be MSIE with invalid terse HTTP headers
1 || 2012628 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Java Exploit Attempt Request for .id from octal host || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452
1 || 2012629 || 4 || trojan-activity || 0 || ET USER_AGENTS Unknown Trojan User-Agent IE6 on Windows XP
1 || 2012630 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Paypal Phishing victim POSTing data
1 || 2012631 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Chinese Bootkit Checkin || url,www.securelist.com/en/blog/434/The_Chinese_bootkit
1 || 2012632 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Potential Paypal Phishing Form Attachment
1 || 2012633 || 3 || trojan-activity || 0 || ET DELETED Content-Type image/jpeg with DOS MZ header set likely 2nd stage download
1 || 2012634 || 3 || trojan-activity || 0 || ET DELETED Content-Type image/jpeg with Win32 MZ header set likely 2nd stage download
1 || 2012635 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Potential ACH Transaction Phishing Attachment
1 || 2012636 || 3 || attempted-user || 0 || ET ACTIVEX RealNetworks RealGames StubbyUtil.ProcessMgr.1 InstallerDlg.dll Remote Command Execution Attempt || url,www.exploit-db.com/exploits/17105/ || bid,47133
1 || 2012637 || 4 || attempted-user || 0 || ET ACTIVEX RealNetworks RealGames StubbyUtil.ProcessMgr.1 InstallerDlg.dll Remote Command Execution Attempt || url,www.exploit-db.com/exploits/17105/ || bid,47133
1 || 2012638 || 4 || attempted-user || 0 || ET ACTIVEX RealNetworks RealGames StubbyUtil.ShellCtl.1 InstallerDlg.dll Remote Command Execution Attempt || url,www.exploit-db.com/exploits/17105/ || bid,47133
1 || 2012639 || 4 || attempted-user || 0 || ET ACTIVEX RealNetworks RealGames StubbyUtil.ShellCtl.1 InstallerDlg.dll Remote Command Execution Attempt || url,www.exploit-db.com/exploits/17105/ || bid,47133
1 || 2012640 || 4 || attempted-user || 0 || ET ACTIVEX RealNetworks RealGames StubbyUtil.ShellCtl.1 InstallerDlg.dll Remote Command Execution Attempt || url,www.exploit-db.com/exploits/17105/ || bid,47133
1 || 2012641 || 3 || attempted-user || 0 || ET ACTIVEX Sun Java Runtime New Plugin Docbase Buffer Overflow Attempt || bid,44023 || cve,2010-3552
1 || 2012642 || 7 || trojan-activity || 0 || ET MALWARE Lowercase mozilla/2.0 User-Agent Likely Malware || url,www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FCycbot.B
1 || 2012643 || 2 || trojan-activity || 0 || ET TROJAN Trojan-Clicker.Win32.Agent.qqf Checkin || url,www.threatexpert.com/report.aspx?md5=f468778836fd27a2ccca88c99f6dd3e9
1 || 2012644 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Java Exploit Attempt Request for hostile binary
1 || 2012645 || 4 || trojan-activity || 0 || ET TROJAN GET to Google with specific HTTP lib likely Cycbot/Bifrose/Kryptic checking Internet connection 
1 || 2012646 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious JAR olig
1 || 2012647 || 3 || policy-violation || 0 || ET POLICY Dropbox.com Offsite File Backup in Use || url,www.dropbox.com || url,dereknewton.com/2011/04/dropbox-authentication-static-host-ids/
1 || 2012648 || 3 || policy-violation || 0 || ET POLICY Dropbox Client Broadcasting
1 || 2012649 || 4 || misc-activity || 0 || ET MALWARE All Numerical .ru Domain HTTP Request Likely Malware Related
1 || 2012650 || 6 || misc-activity || 0 || ET CURRENT_EVENTS HTTP Request to a Malware Related Numerical .cn Domain
1 || 2012651 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke Surveys pollID parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/100119/phpnukesurveys-sql.txt
1 || 2012652 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke Surveys pollID parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/100119/phpnukesurveys-sql.txt
1 || 2012653 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke Surveys pollID parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/100119/phpnukesurveys-sql.txt
1 || 2012654 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke Surveys pollID parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/100119/phpnukesurveys-sql.txt
1 || 2012655 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-Nuke Surveys pollID parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/100119/phpnukesurveys-sql.txt
1 || 2012656 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eyeOS callback parameter Cross Site Scripting Attempt || url,secunia.com/advisories/43818
1 || 2012657 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eyeOS file Parameter Local File Inclusion Attempt || url,secunia.com/advisories/43818
1 || 2012658 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OrangeHRM recruitcode parameter Cross Site Script Attempt || bugtraq,47046
1 || 2012659 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_doqment Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/99278/joomladoqment-rfilfisql.txt
1 || 2012660 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Portel patron Parameter Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/80053/portel-sql.txt
1 || 2012661 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin cChatBox messageid Parameter SELECT FROM SQL Injection Attempt || bugtraq,46635
1 || 2012662 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin cChatBox messageid Parameter DELETE FROM SQL Injection Attempt || bugtraq,46635
1 || 2012663 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin cChatBox messageid Parameter UNION SELECT SQL Injection Attempt || bugtraq,46635
1 || 2012664 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin cChatBox messageid Parameter INSERT INTO SQL Injection Attempt || bugtraq,46635
1 || 2012665 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin cChatBox messageid Parameter UPDATE SET SQL Injection Attempt || bugtraq,46635
1 || 2012666 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla component smartformer Remote File Inclusion Attempt || url,packetstormsecurity.org/files/view/95477/joomlasmartformer-rfi.txt
1 || 2012667 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component Media Mall Factory Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/88439/joomlamediamallfactory-bsql.txt
1 || 2012668 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LoCal Calendar System LIBDIR Parameter Local File Inclusion Attempt || url,secunia.com/advisories/22484
1 || 2012669 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClanSphere 'CKEditorFuncNum' parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/99698/ClanSphere2010.3CKEditor-xss.txt
1 || 2012670 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PhotoSmash action Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/99089/photosmash-xss.txt
1 || 2012672 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andy PHP Knowledgebase SQL Injection Attempt pdfgen.php pdfa SELECT || url,exploit-db.com/exploits/17061/ || url,vupen.com/english/advisories/2011/0823
1 || 2012673 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andy PHP Knowledgebase SQL Injection Attempt pdfgen.php pdfa UNION SELECT || url,exploit-db.com/exploits/17061/ || url,vupen.com/english/advisories/2011/0823
1 || 2012674 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andy PHP Knowledgebase SQL Injection Attempt pdfgen.php pdfa INSERT || url,exploit-db.com/exploits/17061/ || url,vupen.com/english/advisories/2011/0823
1 || 2012675 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andy PHP Knowledgebase SQL Injection Attempt pdfgen.php pdfa DELETE || url,exploit-db.com/exploits/17061/ || url,vupen.com/english/advisories/2011/0823
1 || 2012676 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andy PHP Knowledgebase SQL Injection Attempt pdfgen.php pdfa ASCII || url,exploit-db.com/exploits/17061/ || url,vupen.com/english/advisories/2011/0823
1 || 2012677 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andy PHP Knowledgebase SQL Injection Attempt pdfgen.php pdfa UPDATE || url,exploit-db.com/exploits/17061/ || url,vupen.com/english/advisories/2011/0823
1 || 2012678 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webEdition CMS openBrowser.php Cross Site Scripting Attempt || bugtraq,47047 || url,packetstormsecurity.org/files/99790 || url,exploit-db.com/exploits/17054/
1 || 2012679 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webEdition CMS edit_shop_editorFrameset.php Cross Site Scripting Attempt || bugtraq,47047 || url,packetstormsecurity.org/files/99790 || url,exploit-db.com/exploits/17054/
1 || 2012680 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webEdition CMS we_transaction Parameter Cross Site Scripting Attempt || bugtraq,47047 || url,packetstormsecurity.org/files/99790 || url,exploit-db.com/exploits/17054/
1 || 2012681 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS webEdition CMS shop_artikelid Parameter Cross Site Scripting Attempt || bugtraq,47047 || url,packetstormsecurity.org/files/99790 || url,exploit-db.com/exploits/17054/
1 || 2012682 || 6 || attempted-admin || 0 || ET EXPLOIT HP OpenView NNM snmpviewer.exe CGI Stack Buffer Overflow 1 || cve,CVE-2010-1552 || bugtraq,40068
1 || 2012683 || 5 || attempted-admin || 0 || ET EXPLOIT HP OpenView NNM snmpviewer.exe CGI Stack Buffer Overflow 2 || cve,CVE-2010-1552 || bugtraq,40068
1 || 2012684 || 8 || trojan-activity || 0 || ET WEB_CLIENT Office File With Embedded Executable
1 || 2012685 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Win32/CazinoSilver Download VegasVIP_setup.exe || url,ddanchev.blogspot.com/2011/04/dont-play-poker-on-infected-table-part.html
1 || 2012686 || 4 || trojan-activity || 0 || ET TROJAN SpyEye Checkin version 1.3.25 or later
1 || 2012687 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Pack Binary Load Request
1 || 2012688 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Potential Blackhole Exploit Pack landing || url,krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/
1 || 2012689 || 5 || attempted-recon || 0 || ET POLICY LoJack asset recovery/tracking - not malicious || url,www.absolute.com/en/lojackforlaptops/home.aspx
1 || 2012690 || 1 || successful-admin || 0 || ET ATTACK_RESPONSE Windows 7 CMD Shell from Local System
1 || 2012691 || 2 || policy-violation || 0 || ET POLICY Internal Host visiting Showmyipaddress.com - Possible Trojan
1 || 2012692 || 6 || trojan-activity || 0 || ET POLICY Microsoft user-agent automated process response to automated request
1 || 2012693 || 3 || trojan-activity || 0 || ET MALWARE overtls.com adware request
1 || 2012694 || 3 || policy-violation || 0 || ET POLICY request to .xxx TLD || url,en.wikipedia.org/wiki/.xxx
1 || 2012695 || 2 || trojan-activity || 0 || ET USER_AGENTS suspicious User Agent (Lotto)
1 || 2012696 || 3 || trojan-activity || 0 || ET TROJAN FakeAV InstallInternetProtection Download
1 || 2012697 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla virtuemart Blind SQL Injection Attempt || url,exploit-db.com/exploits/17132
1 || 2012698 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eGroupware loaddetails.php script SELECT FROM SQL Injection Attempt || url,securityreason.com/wlb_show/WLB-2011040052
1 || 2012699 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eGroupware loaddetails.php script DELETE FROM SQL Injection Attempt || url,securityreason.com/wlb_show/WLB-2011040052
1 || 2012700 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eGroupware loaddetails.php script UNION SELECT SQL Injection Attempt || url,securityreason.com/wlb_show/WLB-2011040052
1 || 2012701 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eGroupware loaddetails.php script INSERT INTO SQL Injection Attempt || url,securityreason.com/wlb_show/WLB-2011040052
1 || 2012702 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS eGroupware loaddetails.php script UPDATE SET SQL Injection Attempt || url,securityreason.com/wlb_show/WLB-2011040052
1 || 2012703 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla mod_virtuemart_latestprod module Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100324
1 || 2012704 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla mod_virtuemart_featureprod module Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100325
1 || 2012705 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress WP Publication file Parameter Local File Inclusion Attempt || url,secunia.com/advisories/43067 || url,securelist.com/en/advisories/43067
1 || 2012706 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vtiger CRM service parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/100183/vtigerCRM5.2.1-XSS.txt
1 || 2012707 || 4 || trojan-activity || 0 || ET TROJAN Suspicious double Server Header
1 || 2012708 || 2 || web-application-attack || 0 || ET WEB_SERVER HTTP 414 Request URI Too Large
1 || 2012709 || 5 || protocol-command-decode || 0 || ET POLICY MS Remote Desktop Administrator Login Request || cve,CAN-2001-0540
1 || 2012710 || 1 || protocol-command-decode || 0 || ET POLICY MS Terminal Server Root login || cve,2001-0540
1 || 2012711 || 1 || protocol-command-decode || 0 || ET POLICY MS Remote Desktop POS User Login Request || cve,2001-0540
1 || 2012712 || 1 || protocol-command-decode || 0 || ET POLICY MS Remote Desktop Service User Login Request || cve,CAN-2001-0540
1 || 2012713 || 3 || trojan-activity || 0 || ET TROJAN Internet Protection FakeAV checkin || url,www.threatexpert.com/report.aspx?md5=7710686d03cd3174b6f644434750b22b
1 || 2012714 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV BestAntivirus2011 Download
1 || 2012715 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS I-Escorts Directory country_id parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/10809
1 || 2012716 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS I-Escorts Directory country_id parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/10809
1 || 2012717 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS I-Escorts Directory country_id parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/10809
1 || 2012718 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS I-Escorts Directory country_id parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/10809
1 || 2012719 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS I-Escorts Directory country_id parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/10809
1 || 2012720 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simploo CMS x parameter Remote PHP Code Execution Attempt || url,exploit-db.com/exploits/16016
1 || 2012721 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LightNEasy File Manager language Parameter Local File Inclusion Attempt || url,secunia.com/advisories/39517
1 || 2012722 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress SocialGrid Plugin default_services Cross-Site Scripting Vulnerability || url,secunia.com/advisories/44256 || url,htbridge.ch/advisory/xss_in_socialgrid_wordpress_plugin.html
1 || 2012723 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo component com_zoom Blind SQL Injection Vulnerability || url,packetstormsecurity.org/files/view/80992/mambozoom-sql.txt
1 || 2012724 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CitusCMS filePath Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100525/cituscms-rfi.txt
1 || 2012725 || 9 || trojan-activity || 0 || ET TROJAN Win32/FakeSysdef Rogue AV Checkin || url,www.threatexpert.com/report.aspx?md5=f0f750e8f195dcfc8623679ff2df1267 || url,www.threatexpert.com/report.aspx?md5=e186e530ebf0aec07f0cd2afd706633c || url,www.threatexpert.com/report.aspx?md5=294a729bb6a8fc266990b4c94eb86359
1 || 2012726 || 4 || attempted-recon || 0 || ET SCAN OpenVAS User-Agent Inbound || url,openvas.org
1 || 2012727 || 3 || trojan-activity || 0 || ET TROJAN BestAntivirus2011 Fake AV reporting
1 || 2012728 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Known Hostile Domain citi-bank.ru Lookup
1 || 2012729 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Known Hostile Domain .ntkrnlpa.info Lookup
1 || 2012730 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Known Hostile Domain ilo.brenz.pl Lookup
1 || 2012731 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Likely Redirector to Exploit Page /in/rdrct/rckt/?
1 || 2012732 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown .ru Exploit Redirect Page
1 || 2012734 || 4 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent String (AskPartnerCobranding)
1 || 2012735 || 7 || policy-violation || 0 || ET POLICY Babylon User-Agent (Translation App Observed in PPI MALWARE) || md5,54e482d6c0344935115d04b411afdb27 || md5,54dfd618401a573996b2b32bdd21b2d4 || md5,546888f8a18ed849058a5325015c29ef || url,www.babylon.com
1 || 2012736 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan-GameThief.Win32.OnLineGames.bnye Checkin || url,www.threatexpert.com/report.aspx?md5=014945cf93ffc94833f7a3efd92fe263
1 || 2012737 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.cw.cm domain
1 || 2012738 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.8866.org || url,isc.sans.edu/diary.html?storyid=6739 || url,google.com/safebrowsing/diagnostic?site=8866.org/ || url,www.mywot.com/en/scorecard/8866.org
1 || 2012739 || 2 || trojan-activity || 0 || ET WORM Rimecud Worm checkin || url,www.threatexpert.com/report.aspx?md5=9623efa133415d19c941ef92a4f921fc
1 || 2012740 || 3 || trojan-activity || 0 || ET USER_AGENTS Backdoor.Win32.Vertexbot.A User-Agent (VERTEXNET) || url,www.symantec.com/business/security_response/writeup.jsp?docid=2011-032315-2902-99&tabid=2
1 || 2012741 || 4 || web-application-attack || 0 || ET ACTIVEX Gesytec ElonFmt ActiveX Component GetItem1 member Buffer Overflow Attempt || url,exploit-db.com/exploits/17196
1 || 2012742 || 2 || attempted-user || 0 || ET ACTIVEX Gesytec ElonFmt ActiveX Component Format String Function Call || url,exploit-db.com/exploits/17196
1 || 2012743 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SaurusCMS captcha_image.php script Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100461/sauruscms-rfi.txt
1 || 2012744 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Publishing Technology id Parameter Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/100822/publishingtechnology-sql.txt
1 || 2012745 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpRS id parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/96760/phprsmk-sql.txt
1 || 2012746 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpRS id parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/96760/phprsmk-sql.txt
1 || 2012747 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpRS id parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/96760/phprsmk-sql.txt
1 || 2012748 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpRS id parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/96760/phprsmk-sql.txt
1 || 2012749 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpRS id parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/96760/phprsmk-sql.txt
1 || 2012750 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OrangeHRM path Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/100823/OrangeHRM2.6.3-lfi.txt
1 || 2012751 || 2 || trojan-activity || 0 || ET USER_AGENTS suspicious user agent string (changhuatong)
1 || 2012752 || 2 || trojan-activity || 0 || ET DELETED Vertex Trojan UA (VERTEXNET)
1 || 2012753 || 6 || trojan-activity || 0 || ET MALWARE Possible FakeAV Binary Download
1 || 2012754 || 2 || attempted-recon || 0 || ET SCAN Possible SQLMAP Scan || url,sqlmap.sourceforge.net || url,www.darknet.org.uk/2011/04/sqlmap-0-9-released-automatic-blind-sql-injection-tool/
1 || 2012755 || 4 || attempted-recon || 0 || ET SCAN Possible SQLMAP Scan || url,sqlmap.sourceforge.net || url,www.darknet.org.uk/2011/04/sqlmap-0-9-released-automatic-blind-sql-injection-tool/
1 || 2012756 || 2 || attempted-user || 0 || ET WEB_CLIENT Windows Help and Support Center XSS Attempt || cve,2010-1885
1 || 2012757 || 5 || trojan-activity || 0 || ET USER_AGENTS suspicious user agent string (CholTBAgent)
1 || 2012758 || 4 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
1 || 2012760 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Communications Manager xmldirectorylist.jsp SQL Injection Attempt || url,www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml || bid,47607 || cve,2011-1609
1 || 2012761 || 2 || trojan-activity || 0 || ET USER_AGENTS Suspicious user agent (mdms)
1 || 2012762 || 2 || trojan-activity || 0 || ET USER_AGENTS Suspicious user agent (asd)
1 || 2012763 || 9 || bad-unknown || 0 || ET DELETED Suspicious IAT Checking for Debugger || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012764 || 5 || misc-activity || 0 || ET DELETED Suspicious IAT NtQueryInformationProcess Possibly Checking for Debugger || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012765 || 7 || misc-activity || 0 || ET DELETED Suspicious IAT GetStartupInfo || url, sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012766 || 5 || misc-activity || 0 || ET DELETED Suspicious IAT GetComputerName || url, sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012767 || 11 || misc-activity || 0 || ET TROJAN Suspicious IAT HttpAddRequestHeader - Can Be Used For HTTP CnC || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012768 || 7 || misc-activity || 0 || ET TROJAN Suspicious IAT ZwProtectVirtualMemory - Undocumented API Which Can be Used for Rootkit Functionality || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012769 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT ZwSetSystemInformation - Undocumented API Which Can be Used for Rootkit Functionality || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012770 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT ZwWriteVirtualMemory - Undocumented API Which Can be Used for CnC Functionality || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012771 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT SetSfcFileException - Undocumented API Which Can be Used for Disabling Windows File Protections || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012772 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT NtQueueApcThread - Undocumented API Which Can be Used for Thread Injection/Downloading || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012773 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT NtResumeThread - Undocumented API Which Can be Used to Resume Thread Injection || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012774 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT NoExecuteAddFileOptOutList - Undocumented API to Add Executable to DEP Exception List || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012775 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT ModifyExecuteProtectionSupport - Undocumented API to Modify DEP || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012776 || 2 || misc-activity || 0 || ET DELETED Suspicious IAT LdrLoadDll - Undocumented Low Level API to Load DLL || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012777 || 5 || misc-activity || 0 || ET POLICY Suspicious IAT EnableExecuteProtectionSupport - Undocumented API to Modify DEP || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012778 || 3 || misc-activity || 0 || ET DELETED Suspicious IAT NamedPipe - May Indicate Reverse Shell/Backdoor Functionality || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012779 || 4 || misc-activity || 0 || ET DELETED Suspicious IAT FTP File Interaction || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012780 || 6 || misc-activity || 0 || ET POLICY Suspicious IAT SetKeyboardState - Can Be Used for Keylogging || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012781 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Hiloti DNS Checkin Message explorer_exe || url,blog.fortinet.com/hiloti-the-botmaster-of-disguise/
1 || 2012782 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS SuperFairy.D StartUpdata.ini Missing File HTTP Request || url,www.fortiguard.com/encyclopedia/virus/symbos_superfairy.d!tr.html
1 || 2012783 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS SuperFairy.D BackgroundUpdata.ini Missing File HTTP Request || url,www.fortiguard.com/encyclopedia/virus/symbos_superfairy.d!tr.html
1 || 2012784 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS SuperFairy.D active.txt Missing File HTTP Request || url,www.fortiguard.com/encyclopedia/virus/symbos_superfairy.d!tr.html
1 || 2012785 || 3 || trojan-activity || 0 || ET DELETED Egypack/1.0 User-Agent Likely Malware || url,www.vbulletin.com/forum/showthread.php/338741-vBulletin-Footer-SQL-Injection-Hack
1 || 2012786 || 1 || bad-unknown || 0 || ET TROJAN DNS Query for Possible FakeAV Domain
1 || 2012787 || 4 || attempted-user || 0 || ET SCADA ICONICS WebHMI ActiveX Stack Overflow || url,www.security-assessment.com/files/documents/advisory/ICONICS_WebHMI.pdf || url,www.exploit-db.com/exploits/17240/
1 || 2012788 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97186/klink-sql.txt
1 || 2012789 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/97186/klink-sql.txt
1 || 2012790 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/97186/klink-sql.txt
1 || 2012791 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/97186/klink-sql.txt
1 || 2012792 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS KLINK txtCodiInfo parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/97186/klink-sql.txt
1 || 2012793 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS E-Xoopport Samsara Sections module secid Parameter Blind SQL Injection Exploit || url,exploit-db.com/exploits/15004
1 || 2012794 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ClanSphere CurrentFolder Parameter Local File Inclusion Attempt || bugtraq,47636
1 || 2012795 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Golem Gaming Portal root_path Parameter Remote File inclusion Attempt || url,securityreason.com/exploitalert/7180
1 || 2012796 || 3 || bad-unknown || 0 || ET DELETED Malicious SEO landing in.cgi with URI HTTP_REFERER
1 || 2012797 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebAuction lang parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101056/WebAuction0.3.6-XSS.txt
1 || 2012799 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Ponmocup C2 Sending Data to Controller 1 || url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/ || url,community.websense.com/forums/p/10728/23862.aspx || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443 || url,www9.dyndns-server.com%3a8080/pub/botnet-links.html
1 || 2012800 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Ponmocup C2 Sending Data to Controller 2 || url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/ || url,community.websense.com/forums/p/10728/23862.aspx || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443
1 || 2012801 || 5 || trojan-activity || 0 || ET TROJAN Spoofed MSIE 7 User-Agent Likely Ponmocup || url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/ || url,community.websense.com/forums/p/10728/23862.aspx || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443
1 || 2012802 || 4 || trojan-activity || 0 || ET MALWARE Spoofed MSIE 8 User-Agent Likely Ponmocup || url,malwaresurvival.net/2011/04/21/media-site-pimping-malware/ || url,community.websense.com/forums/p/10728/23862.aspx || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?ThreatID=146443
1 || 2012803 || 5 || trojan-activity || 0 || ET TROJAN Delf Alms backdoor checkin
1 || 2012804 || 5 || trojan-activity || 0 || ET MALWARE Possible Windows executable sent ASCII-hex-encoded || url,www.xanalysis.blogspot.com/2008/11/cve-2008-2992-adobe-pdf-exploitation.html || url,www.threatexpert.com/report.aspx?md5=513077916da4e86827a6000b40db95d5
1 || 2012805 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Automne upload-controler.php Arbitrary File Upload Vulnerability || url,securelist.com/en/advisories/43589
1 || 2012806 || 4 || attempted-user || 0 || ET WEB_CLIENT QuickTime Remote Exploit (exploit specific) || url,www.1337day.com/exploits/16077
1 || 2012807 || 4 || attempted-user || 0 || ET DELETED Possible g01pack Exploit Pack Malicious JAR File Request || url,blog.tllod.com/2010/11/03/statistics-dont-lie-or-do-they/ || url,community.websense.com/blogs/securitylabs/archive/2011/04/19/Mass-Injections-Leading-to-g01pack-Exploit-Kit.aspx
1 || 2012808 || 2 || attempted-recon || 0 || ET WEB_SPECIFIC_APPS WordPress DB XML dump attempted access || url,seclists.org/fulldisclosure/2011/May/322
1 || 2012809 || 3 || successful-recon-largescale || 0 || ET WEB_SPECIFIC_APPS WordPress DB XML dump successful leakage || url,seclists.org/fulldisclosure/2011/May/322
1 || 2012810 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.tk domain
1 || 2012811 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to a .tk domain - Likely Hostile
1 || 2012812 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Known Malicious Facebook Javascript || url,blog.trendmicro.com/dubious-javascript-code-found-in-facebook-application/
1 || 2012813 || 2 || bad-unknown || 0 || ET WEB_CLIENT PDF With Adobe Audition Session File Handling Buffer Overflow Flowbit Set || url,exploit-db.com/exploits/17278/ || url,securitytracker.com/id/1025530
1 || 2012814 || 3 || attempted-user || 0 || ET WEB_CLIENT PDF With Adobe Audition Session File Handling Memory Corruption Attempt || url,exploit-db.com/exploits/17278/ || url,securitytracker.com/id/1025530
1 || 2012815 || 3 || bad-unknown || 0 || ET DELETED FAKEAV Scanner Landing Page (Initializing Virus Protection System...)
1 || 2012816 || 8 || bad-unknown || 0 || ET TROJAN EXE Using Suspicious IAT ZwUnmapViewOfSection Possible Malware Process Hollowing || url,blog.spiderlabs.com/2011/05/analyzing-malware-hollow-processes.html || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012817 || 4 || bad-unknown || 0 || ET DELETED EXE Using Suspicious IAT NtUnmapViewOfSection Possible Malware Process Hollowing || url,blog.spiderlabs.com/2011/05/analyzing-malware-hollow-processes.html || url,sans.org/reading_room/whitepapers/malicious/rss/_33649
1 || 2012818 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager Blind SQL Injection Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0960
1 || 2012819 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager advancedfind.do Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0959
1 || 2012820 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager deviceInstanceName Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0959
1 || 2012821 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0959
1 || 2012822 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon_wrapper.jsp Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0959
1 || 2012823 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager clusterName Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0959
1 || 2012824 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cisco Common Services Framework Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0962
1 || 2012825 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CiscoWorks Help Servlet Reflective XSS Attempt || url,www.exploit-db.com/exploits/17304/ || cve,2011-0961
1 || 2012826 || 1 || bad-unknown || 0 || ET DNS DNS Query to a Suspicious *.vv.cc domain
1 || 2012827 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.vv.cc domain
1 || 2012828 || 2 || trojan-activity || 0 || ET TROJAN Win32/Rimecud download || url,www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Rimecud.A
1 || 2012829 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_hello SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/101251/joomlahelo-sql.txt
1 || 2012830 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_hello DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/101251/joomlahelo-sql.txt
1 || 2012831 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_hello UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/101251/joomlahelo-sql.txt
1 || 2012832 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_hello INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/101251/joomlahelo-sql.txt
1 || 2012833 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_hello UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/101251/joomlahelo-sql.txt
1 || 2012834 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ChillyCMS mod Parameter Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/89665/chillycms-sql.txt || url,exploit-db.com/exploits/12643
1 || 2012835 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS f-fileman direkt Parameter Directory Traversal Vulnerability || url,packetstormsecurity.org/files/view/101212/ffileman-traversal.txt
1 || 2012836 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Slooze Web Photo Album file Parameter Command Execution Attempt || url,1337day.com/exploits/12148
1 || 2012837 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_mgm Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/94593/joomlamgm-rfi.txt || url,securityreason.com/wlb_show/WLB-2010100045
1 || 2012838 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Plugin Is-human type Parameter Remote Code Execution Attempt || url,exploit-db.com/exploits/17299
1 || 2012839 || 4 || trojan-activity || 0 || ET TROJAN Trojan-Downloader.Win32.Small Checkin || url,threatexpert.com/report.aspx?md5=48432bdd116dccb684c8cef84579b963
1 || 2012841 || 5 || attempted-user || 0 || ET TROJAN Incognito Exploit Kit Checkin || url,blog.fireeye.com/research/2011/03/the-rise-of-incognito.html
1 || 2012842 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Xyligan Checkin || url,www.threatexpert.com/report.aspx?md5=bfbc0b106a440c111a42936906d36643 || url,www.threatexpert.com/report.aspx?md5=2190a2c0a3775bc9c60629ec2eb6f3b9
1 || 2012843 || 3 || policy-violation || 0 || ET POLICY Cleartext WordPress Login
1 || 2012844 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes.B/E CnC Checkin Request || url,blog.fortinet.com/symbosyxes-or-downloading-customized-malware/
1 || 2012845 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes CnC Checkin Request || url,blog.fortinet.com/symbosyxes-or-downloading-customized-malware/
1 || 2012846 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes CnC Checkin Request 2 || url,blog.fortinet.com/symbosyxes-or-downloading-customized-malware/
1 || 2012847 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes.F CnC Checkin Request 3 || url,blog.fortinet.com/symbosyxes-or-downloading-customized-malware/
1 || 2012848 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Possible Mobile Malware POST of IMEI International Mobile Equipment Identity in URI || url,www.met.police.uk/mobilephone/imei.htm
1 || 2012849 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Possible Mobile Malware POST of IMSI International Mobile Subscriber Identity in URI || url,www.learntelecom.com/telephony/gsm/international-mobile-subscriber-identity-imsi
1 || 2012850 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS.Flexispy.a Commercial Spying App Sending User Information to Server || url,www.fortiguard.com/encyclopedia/virus/symbos_flexispy.a!tr.spy.html
1 || 2012851 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes.I PropertyFile.jsp CnC Server Communication || url,www.fortiguard.com/encyclopedia/virus/symbos_yxes.i!worm.html
1 || 2012852 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes.I TipFile.jsp CnC Server Communication || url,www.fortiguard.com/encyclopedia/virus/symbos_yxes.i!worm.html
1 || 2012853 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes.I NumberFile.jsp CnC Server Communication || url,www.fortiguard.com/encyclopedia/virus/symbos_yxes.i!worm.html
1 || 2012854 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Merogo User Agent || url,www.fortiguard.com/encyclopedia/virus/symbos_merogo.b!tr.html
1 || 2012855 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SPR/MobileSpy Mobile Spyware Sending Geographic Location Logs To Remote Server || url,www.fortiguard.com/encyclopedia/virus/spy_mobilespy!iphoneos.html
1 || 2012856 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SPR/MobileSpy Mobile Spyware Sending Call Logs to Remote Server || url,www.fortiguard.com/encyclopedia/virus/spy_mobilespy!iphoneos.html
1 || 2012857 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SPR/MobileSpy Mobile Spyware Sending SMS Logs to Remote Server || url,www.fortiguard.com/encyclopedia/virus/spy_mobilespy!iphoneos.html
1 || 2012858 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS.Sagasi.a Worm Sending Data to Server || url,www.fortiguard.com/encyclopedia/virus/symbos_sagasi.a!tr.html
1 || 2012859 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS.Sagasi.a Worm Sending Data to Server || url,www.fortiguard.com/encyclopedia/virus/symbos_sagasi.a!tr.html
1 || 2012860 || 4 || bad-unknown || 0 || ET USER_AGENTS Suspicious User-Agent SimpleClient 1.0 || url,www.fortiguard.com/encyclopedia/virus/symbos_sagasi.a!tr.html
1 || 2012861 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS.Sagasi.a User Agent LARK/1.3.0 || url,www.fortiguard.com/encyclopedia/virus/symbos_sagasi.a!tr.html
1 || 2012862 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SslCrypt Server Communication || url,www.fortiguard.com/encyclopedia/virus/adware_sslcrypt!symbos.html
1 || 2012863 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SslCrypt Server Communication || url,www.fortiguard.com/encyclopedia/virus/adware_sslcrypt!symbos.html
1 || 2012864 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SslCrypt Server Communication || url,www.fortiguard.com/encyclopedia/virus/adware_sslcrypt!symbos.html
1 || 2012865 || 10 || trojan-activity || 0 || ET TROJAN Vinself Backdoor Checkin || url,blog.fireeye.com/research/2010/11/winself-a-new-backdoor-in-town.html
1 || 2012866 || 2 || attempted-admin || 0 || ET EXPLOIT RXS-3211 IP Camera Password Information Disclosure Attempt || bid,47976
1 || 2012867 || 3 || trojan-activity || 0 || ET TROJAN Clicker.Win32.AutoIt.ai Checkin || url,www.threatexpert.com/report.aspx?md5=39d0dbe4f6923ed36864ae339f558963
1 || 2012868 || 3 || policy-violation || 0 || ET POLICY HTTP Outbound Request containing a password
1 || 2012869 || 2 || policy-violation || 0 || ET POLICY HTTP Outbound Request containing a pass field
1 || 2012870 || 2 || policy-violation || 0 || ET POLICY HTTP Outbound Request contains pw
1 || 2012871 || 4 || trojan-activity || 0 || ET TROJAN Gozi posting form data
1 || 2012872 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TCExam tce_xml_user_results.php script SELECT FROM SQL Injection Attempt || url,autosectools.com/Advisory/TCExam-11.1.029-SQL-Injection-201
1 || 2012873 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TCExam tce_xml_user_results.php script DELETE FROM SQL Injection Attempt || url,autosectools.com/Advisory/TCExam-11.1.029-SQL-Injection-201
1 || 2012874 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TCExam tce_xml_user_results.php script UNION SELECT SQL Injection Attempt || url,autosectools.com/Advisory/TCExam-11.1.029-SQL-Injection-201
1 || 2012875 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TCExam tce_xml_user_results.php script INSERT INTO SQL Injection Attempt || url,autosectools.com/Advisory/TCExam-11.1.029-SQL-Injection-201
1 || 2012876 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TCExam tce_xml_user_results.php script UPDATE SET SQL Injection Attempt || url,autosectools.com/Advisory/TCExam-11.1.029-SQL-Injection-201
1 || 2012877 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 HANDLERS_DIRECTORY Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100565/e1070725-xssrfi.txt
1 || 2012878 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 IMAGES_DIRECTORY Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100565/e1070725-xssrfi.txt
1 || 2012879 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 imgp Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100565/e1070725-xssrfi.txt
1 || 2012880 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 trackback_url Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100565/e1070725-xssrfi.txt
1 || 2012881 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS e107 permLink Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/100565/e1070725-xssrfi.txt
1 || 2012882 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Poison.AU checkin || url,www.threatexpert.com/report.aspx?md5=4b8adc7612e984d12b77f197c59827a2
1 || 2012883 || 6 || bad-unknown || 0 || ET DELETED MALVERTISING Malicious Advertizing URL in.cgi
1 || 2012884 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Java Exploit Attempt applet via file URI param || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452
1 || 2012885 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains password= in cleartext
1 || 2012886 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains passwd= in cleartext
1 || 2012887 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains pass= in cleartext
1 || 2012888 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains pwd= in cleartext
1 || 2012889 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains pw= in cleartext
1 || 2012890 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains passphrase= in cleartext
1 || 2012891 || 3 || policy-violation || 0 || ET POLICY Http Client Body contains pword= in cleartext
1 || 2012892 || 2 || trojan-activity || 0 || ET TROJAN JKDDOS Bot CnC Phone Home Message || url,asert.arbornetworks.com/2011/03/jkddos-ddos-bot-with-an-interest-in-the-mining-industry/ || url,www.threatexpert.com/report.aspx?md5=d6b3baae9fb476f0cf3196e556cab348
1 || 2012893 || 2 || trojan-activity || 0 || ET USER_AGENTS Known Skunkx DDOS Bot User-Agent Cyberdog || url,asert.arbornetworks.com/2011/03/skunkx-ddos-bot-analysis/
1 || 2012894 || 4 || trojan-activity || 0 || ET TROJAN Dropper.Win32.Agent.bpxo Checkin || url,www.threatexpert.com/report.aspx?md5=02e447b347a90680e03c8b7d843a8e46 || url,www.antivirus365.org/PCAntivirus/37128.html
1 || 2012895 || 2 || trojan-activity || 0 || ET TROJAN Dropper.Win32.Agent.ahju Checkin || url,www.threatexpert.com/report.aspx?md5=48ad09c574a4bd3bb24d007005382e63 || url,www.threatexpert.com/report.aspx?md5=a264690a775a4e1b3d91c2dbcd850ce9
1 || 2012896 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.ae.am domain
1 || 2012897 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.noc.su domain
1 || 2012898 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.be.ma domain
1 || 2012899 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.qc.cx domain
1 || 2012900 || 2 || bad-unknown || 0 || ET DNS DNS Query for a Suspicious *.ae.am domain
1 || 2012901 || 2 || bad-unknown || 0 || ET DNS DNS Query for a Suspicious *.noc.su domain
1 || 2012902 || 3 || bad-unknown || 0 || ET DNS DNS Query for a Suspicious *.be.ma domain
1 || 2012903 || 2 || bad-unknown || 0 || ET DNS DNS Query for a Suspicious *.qc.cx domain
1 || 2012904 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/SuperFairy.D Bookmarked Connection to Server || url,www.fortiguard.com/encyclopedia/virus/symbos_superfairy.d!tr.html
1 || 2012905 || 2 || attempted-user || 0 || ET ACTIVEX Magneto ICMP ActiveX ICMPSendEchoRequest Remote Code Execution Attempt || url,www.exploit-db.com/exploits/17328/
1 || 2012906 || 3 || misc-activity || 0 || ET WEB_CLIENT Download of PDF With Uncompressed Flash Content flowbit set || url,www.symantec.com/connect/blogs/analysis-zero-day-exploit-adobe-flash-and-reader || url,blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/
1 || 2012907 || 3 || misc-activity || 0 || ET WEB_CLIENT Download of PDF With Compressed Flash Content || url,www.symantec.com/connect/blogs/analysis-zero-day-exploit-adobe-flash-and-reader || url,blog.zynamics.com/2010/06/09/analyzing-the-currently-exploited-0-day-for-adobe-reader-and-adobe-flash/
1 || 2012908 || 3 || bad-unknown || 0 || ET TROJAN Backdoor Win32/Begman.A Checkin || url,support.clean-mx.de/clean-mx/view_joebox.php?md5=2eb07de0ccaed89cd099fe61e6ae689e&id=766255/ || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FBegman.A || url,www.virustotal.com/file-scan/report.html?id=0bb86bf59dd554f98194b23a16b96f873ddab8cbe11de627415ff81facd84f48-1299508248 || url,anubis.iseclab.org/?action=result&task_id=138559df2a6ed04a401366a9c60e2e1cf&format=txt
1 || 2012909 || 3 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent Fragment (WORKED)
1 || 2012910 || 6 || trojan-activity || 0 || ET DELETED CPL Trojan Downloader Request
1 || 2012911 || 2 || policy-violation || 0 || ET POLICY URL Contains password Parameter
1 || 2012912 || 2 || policy-violation || 0 || ET POLICY URL Contains passwd Parameter
1 || 2012913 || 2 || policy-violation || 0 || ET POLICY URL Contains pass Parameter
1 || 2012914 || 2 || policy-violation || 0 || ET POLICY URL Contains pwd Parameter
1 || 2012915 || 2 || policy-violation || 0 || ET POLICY URL Contains pw Parameter
1 || 2012916 || 3 || policy-violation || 0 || ET POLICY URL Contains passphrase Parameter
1 || 2012917 || 2 || policy-violation || 0 || ET POLICY URL Contains pword Parameter
1 || 2012918 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible TDSS Trojan GET with xxxx_ string
1 || 2012919 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nagios Expand Parameter XSS Attempt || bid,48087
1 || 2012921 || 2 || trojan-activity || 0 || ET TROJAN Possible TDSS Base64 Encoded Command 1
1 || 2012922 || 2 || trojan-activity || 0 || ET TROJAN Possible TDSS Base64 Encoded Command 2
1 || 2012923 || 2 || trojan-activity || 0 || ET TROJAN Possible TDSS Base64 Encoded Command 3
1 || 2012924 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Smspacem CnC Communication Attempt || url,www.fortiguard.com/encyclopedia/virus/android_smspacem.a!tr.html
1 || 2012925 || 2 || shellcode-detect || 0 || ET SHELLCODE Javascript Split String Unicode Heap Spray Attempt
1 || 2012926 || 3 || attempted-dos || 0 || ET WEB_SERVER Apache APR apr_fnmatch Stack Overflow Denial of Service || cve,2011-0419 || url,cxib.net/stuff/apr_fnmatch.txt || url,bugzilla.redhat.com/show_bug.cgi?id=703390
1 || 2012927 || 4 || bad-unknown || 0 || ET DELETED DYNAMIC_DNS HTTP Request to a *.dyndns.* domain
1 || 2012928 || 7 || bad-unknown || 0 || ET DELETED DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain
1 || 2012929 || 2 || attempted-user || 0 || ET ACTIVEX Cisco AnyConnect VPN Secure Mobility Client Arbitrary Program Execution Attempt || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=909 || bid,48081 || cve,2011-2039 || cve,2011-2040
1 || 2012930 || 3 || attempted-user || 0 || ET ACTIVEX Cisco AnyConnect VPN Secure Mobility Client Cisco.AnyConnect.VPNWeb.1 Arbitrary Program Execution Attempt || url,labs.idefense.com/intelligence/vulnerabilities/display.php?id=909 || bid,48081 || cve,2011-2039 || cve,2011-2040
1 || 2012931 || 4 || trojan-activity || 0 || ET TROJAN Generic Dropper/Clicker Checkin
1 || 2012932 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Suspicious Email Attachment Possibly Related to Mydoom.L@mm || url,www.symantec.com/security_response/writeup.jsp?docid=2004-071915-0829-99&tabid=2 || url,www.threatexpert.com/report.aspx?md5=28110a8ea5c13859ddf026db5a8a864a
1 || 2012933 || 3 || policy-violation || 0 || ET POLICY Smilebox Software/Adware Checkin || url,www.smilebox.com/privacy-policy.html
1 || 2012934 || 4 || trojan-activity || 0 || ET TROJAN Generic adClicker Checkin
1 || 2012935 || 6 || policy-violation || 0 || ET POLICY Google Music Streaming || url,music.google.com/about
1 || 2012936 || 3 || trojan-activity || 0 || ET SCAN ZmEu Scanner User-Agent Inbound
1 || 2012937 || 2 || trojan-activity || 0 || ET SCAN Internal Dummy Connection User-Agent Inbound
1 || 2012938 || 2 || denial-of-service || 0 || ET DOS IBM Tivoli Endpoint Buffer Overflow Attempt || url, zerodayinitiative.com/advisories/ZDI-11-169/
1 || 2012939 || 7 || trojan-activity || 0 || ET TROJAN Kazy/Kryptor/Cycbot Trojan Checkin
1 || 2012940 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Eleonore Exploit Pack exemple.com Request
1 || 2012941 || 7 || attempted-user || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit Newplayer.pdf || cve,2009-4324 || url,www.m86security.com/labs/i/Phoenix-Exploit-Kit-2-0,trace.1427~.asp
1 || 2012942 || 7 || attempted-user || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit Printf.pdf || cve,2008-2992 || url,www.m86security.com/labs/i/Phoenix-Exploit-Kit-2-0,trace.1427~.asp
1 || 2012943 || 7 || attempted-user || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit Geticon.pdf || url,www.m86security.com/labs/i/Phoenix-Exploit-Kit-2-0,trace.1427~.asp
1 || 2012944 || 7 || attempted-user || 0 || ET CURRENT_EVENTS Phoenix Exploit Kit All.pdf || url,www.m86security.com/labs/i/Phoenix-Exploit-Kit-2-0,trace.1427~.asp
1 || 2012945 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS nvisionix Roaming System sessions.php script Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/101786/nvisionix-lfi.txt
1 || 2012946 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress inline-gallery do parameter Cross Site Scripting Attempt || bugtraq,46781
1 || 2012947 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WebC.be Fichier_a_telecharger Parameter Local File Disclosure Attempt || url,1337day.com/exploits/16237
1 || 2012948 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_jmsfileseller view Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/17338
1 || 2012949 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Opencadastre soustab.php script Local File Inclusion Vulnerability || url,hack0wn.com/view.php?xroot=1440.0&cat=exploits
1 || 2012950 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openscrutin droit.class.php path_om  Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/88613/openscrutin-rfilfi.txt
1 || 2012951 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openscrutin collectivite.class.php path_om Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/88613/openscrutin-rfilfi.txt
1 || 2012952 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openscrutin utilisateur.class.php path_om Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/88613/openscrutin-rfilfi.txt
1 || 2012953 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openscrutin courrier.class.php path_om Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/88613/openscrutin-rfilfi.txt
1 || 2012954 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openscrutin profil.class.php path_om Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/88613/openscrutin-rfilfi.txt
1 || 2012955 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.co.tv domain
1 || 2012956 || 2 || bad-unknown || 0 || ET DNS DNS Query for a Suspicious *.co.tv domain
1 || 2012957 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.ZZSlash/Redosdru.E checkin || url,www.threatexpert.com/report.aspx?md5=3b0299d72c853f56a1595c855776f89f || url,www.threatexpert.com/report.aspx?md5=adc3a35d1244c9129be6edd6ccfaec5b
1 || 2012958 || 5 || trojan-activity || 0 || ET DELETED MacDefender OS X Fake AV Scareware || url,blog.spiderlabs.com/2011/06/analysis-and-evolution-of-macdefender-os-x-fake-av-scareware.html
1 || 2012959 || 3 || trojan-activity || 0 || ET TROJAN MacShield User-Agent Likely Malware || url,blog.spiderlabs.com/2011/06/analysis-and-evolution-of-macdefender-os-x-fake-av-scareware.html
1 || 2012960 || 8 || trojan-activity || 0 || ET TROJAN Trojan.Vaklik.kku Checkin Request || url,threatexpert.com/report.aspx?md5=47a6dd02ee197f82b28cee0ab2b9bd35 || url,threatexpert.com/report.aspx?md5=81d8a235cb5f7345b5796483abe8145f || url,www.threatexpert.com/report.aspx?md5=9688d1d37a7ced200c53ec2b9332a0ad
1 || 2012961 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Vaklik.kku Checkin Response || url,threatexpert.com/report.aspx?md5=81d8a235cb5f7345b5796483abe8145f || url,www.threatexpert.com/report.aspx?md5=9688d1d37a7ced200c53ec2b9332a0ad
1 || 2012962 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible 0x0a0a0a0a Heap Spray Attempt
1 || 2012963 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible 0x0b0b0b0b Heap Spray Attempt
1 || 2012964 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible 0x0c0c0c0c Heap Spray Attempt
1 || 2012965 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible 0x0d0d0d0d Heap Spray Attempt
1 || 2012966 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible %0d%0d%0d%0d Heap Spray Attempt || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2012967 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible %u0d%u0d%u0d%u0d UTF-8 Heap Spray Attempt || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2012968 || 3 || shellcode-detect || 0 || ET SHELLCODE Possible %u0d0d%u0d0d UTF-16 Heap Spray Attempt || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2012969 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Vertical Slash Unicode Heap Spray Attempt || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2012970 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible Backslash Unicode Heap Spray Attempt || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2012971 || 2 || trojan-activity || 0 || ET TROJAN W32.Qakbot Update Request || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf || url,www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99
1 || 2012972 || 2 || trojan-activity || 0 || ET TROJAN W32.Qakbot Request for Compromised FTP Sites || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf || url,www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99
1 || 2012973 || 3 || trojan-activity || 0 || ET TROJAN W32.Qakbot Webpage Infection Routine POST || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf || url,www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99
1 || 2012974 || 2 || trojan-activity || 0 || ET TROJAN W32.Qakbot .cb File Extention FTP Upload || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf || url,www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99
1 || 2012975 || 2 || trojan-activity || 0 || ET TROJAN W32.Qakbot Seclog FTP Upload || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_qakbot_in_detail.pdf || url,www.symantec.com/security_response/writeup.jsp?docid=2009-050707-0639-99
1 || 2012976 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS HP Insight Diagnostics Online Edition search.php XSS Attempt || bid,45420 || cve,2010-4111
1 || 2012977 || 2 || attempted-recon || 0 || ET WEB_SPECIFIC_APPS Possible Oracle GlassFish Server Administration Console Authentication Bypass Attempt || url,www.coresecurity.com/content/oracle-glassfish-server-administration-console-authentication-bypass || bid,47818 || cve,2011-1511
1 || 2012978 || 2 || attempted-user || 0 || ET WEB_CLIENT Adobe Audition Malformed Session File Buffer Overflow Attempt || url,www.coresecurity.com/content/Adobe-Audition-malformed-SES-file || bid,47838 || cve,2011-0615
1 || 2012979 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt || url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities || cve,2010-3272
1 || 2012980 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ZOHO ManageEngine ADSelfService Employee Search XSS Attempt || url,www.coresecurity.com/content/zoho-manageengine-vulnerabilities || cve,2010-3274
1 || 2012981 || 3 || trojan-activity || 0 || ET TROJAN Possible FakeAV Binary Download (Security)
1 || 2012982 || 3 || not-suspicious || 0 || ET SMTP Abuseat.org Block Message
1 || 2012986 || 2 || not-suspicious || 0 || ET SMTP Robtex.com Block Message
1 || 2012987 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TEDE Simplificado processaPesquisa.php script SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/101876/tedesimplificado-sql.txt
1 || 2012988 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TEDE Simplificado processaPesquisa.php script DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/101876/tedesimplificado-sql.txt
1 || 2012989 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TEDE Simplificado processaPesquisa.php script UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/101876/tedesimplificado-sql.txt
1 || 2012990 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TEDE Simplificado processaPesquisa.php script INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/101876/tedesimplificado-sql.txt
1 || 2012991 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TEDE Simplificado processaPesquisa.php script UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/101876/tedesimplificado-sql.txt
1 || 2012992 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nakid CMS CKEditorFuncNum parameter Cross Site Scripting Attempt || url,autosectools.com/Advisory/Nakid-CMS-1.0.2-Reflected-Cross-site-Scripting-230
1 || 2012993 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PEAR include_path Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/86292/pear-rfi.txt
1 || 2012994 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PEAR_PHPDIR Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/86292/pear-rfi.txt
1 || 2012995 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS People Joomla Component controller Parameter Local File Inclusion Vulnerability || url,exploit-db.com/exploits/16001
1 || 2012996 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AWStats Totals sort parameter Remote Code Execution Attempt || url,packetstormsecurity.org/files/view/101698/awstatstotals_multisort.rb.txt
1 || 2012997 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible http Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2012998 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible https Local File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2012999 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible ftp Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2013000 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible ftps Local File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2013001 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible php Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2013002 || 5 || web-application-attack || 0 || ET WEB_SERVER PHP Possible file Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2013003 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible data Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2013004 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible glob Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2013005 || 5 || web-application-attack || 0 || ET WEB_SERVER PHP Possible phar Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2013006 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible ssh2 Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2013007 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible rar Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2013008 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible ogg Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2013009 || 4 || web-application-attack || 0 || ET WEB_SERVER PHP Possible expect Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2013010 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Request to malicious info.php drive-by landing
1 || 2013011 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious PHP 302 redirect response with avtor URI and cookie
1 || 2013012 || 4 || bad-unknown || 0 || ET DELETED MALVERTISING SL_*_0000 JavaScript redirect
1 || 2013013 || 3 || policy-violation || 0 || ET POLICY StumbleUpon Submission Detected
1 || 2013014 || 5 || web-application-attack || 0 || ET WEB_SERVER PHP Possible zlib Remote File Inclusion Attempt || cve,2002-0953 || url,diablohorn.wordpress.com/2010/01/16/interesting-local-file-inclusion-method/
1 || 2013015 || 2 || policy-violation || 0 || ET CURRENT_EVENTS HTTP Request to Illegal Drug Sales Site (SilkRoad)
1 || 2013016 || 2 || policy-violation || 0 || ET DNS DNS Query for Illegal Drug Sales Site (SilkRoad)
1 || 2013017 || 4 || trojan-activity || 0 || ET TROJAN Known Malicious User-Agent (x) Win32/Tracur.A or OneStep Adware Related || url,www.symantec.com/security_response/writeup.jsp?docid=2008-112613-5052-99&tabid=2 || url,doc.emergingthreats.net/2009987
1 || 2013018 || 5 || trojan-activity || 0 || ET POLICY HTMLGET User Agent Detected - Often Linux utility based || url,mtc.sri.com/iPhone/
1 || 2013019 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Iphone iKee.B Checkin || url,mtc.sri.com/iPhone/
1 || 2013020 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE DroidKungFu Checkin || url,extraexploit.blogspot.com/2011/06/droidkungfu-just-some-piece-of-code.html || url,www.redmondpie.com/droidkungfu-new-hard-to-detect-android-malware-threat-on-the-loose-steals-user-data-and-more/ || url,www.fortiguard.com/encyclopedia/virus/android_droidkungfu.a!tr.html
1 || 2013021 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Possible Post of Infected Mobile Device Location Information
1 || 2013022 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE DroidKungFu Checkin 2 || url,extraexploit.blogspot.com/2011/06/droidkungfu-just-some-piece-of-code.html || url,www.redmondpie.com/droidkungfu-new-hard-to-detect-android-malware-threat-on-the-loose-steals-user-data-and-more/ || url,www.fortiguard.com/encyclopedia/virus/android_droidkungfu.a!tr.html
1 || 2013023 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE DNS Query for gongfu-android.com DroidKungFu CnC Server || url,extraexploit.blogspot.com/2011/06/droidkungfu-just-some-piece-of-code.html || url,www.redmondpie.com/droidkungfu-new-hard-to-detect-android-malware-threat-on-the-loose-steals-user-data-and-more/ || url,www.fortiguard.com/encyclopedia/virus/android_droidkungfu.a!tr.html
1 || 2013024 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit kit mario.jar
1 || 2013025 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Java/PDF Exploit kit from /Home/games/ initial landing
1 || 2013026 || 2 || trojan-activity || 0 || ET TROJAN Secure-Soft.Stealer Checkin || url,www.threatexpert.com/report.aspx?md5=c86923d90ef91653b0a61eb2fbfae202 || url,www.threatexpert.com/report.aspx?md5=0a52131eebbee1df877767875ab32352
1 || 2013027 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Java/PDF Exploit kit initial landing
1 || 2013028 || 4 || attempted-recon || 0 || ET POLICY curl User-Agent Outbound || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013029 || 2 || attempted-recon || 0 || ET DELETED Java User Agent || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013030 || 3 || attempted-recon || 0 || ET POLICY libwww-perl User-Agent || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013031 || 3 || attempted-recon || 0 || ET POLICY Python-urllib/ Suspicious User Agent || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013032 || 2 || attempted-recon || 0 || ET USER_AGENTS EmailSiphon Suspicious User-Agent Inbound || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013033 || 3 || attempted-recon || 0 || ET USER_AGENTS EmailSiphon Suspicious User-Agent Outbound || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013034 || 4 || trojan-activity || 0 || ET TROJAN WebToolbar.Win32.WhenU.r Reporting || url,threatexpert.com/report.aspx?md5=27867435a1b6b3f35daf13faac6f77b7
1 || 2013035 || 3 || misc-activity || 0 || ET POLICY Java Client HTTP Request
1 || 2013036 || 7 || trojan-activity || 0 || ET TROJAN Java EXE Download by Vulnerable Version - Likely Driveby
1 || 2013037 || 7 || trojan-activity || 0 || ET POLICY Java EXE Download
1 || 2013038 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE DNS Query For Known Mobile Malware Control Server Waplove.cn || url,www.symantec.com/security_response/writeup.jsp?docid=2011-060910-5804-99&tabid=2
1 || 2013039 || 5 || trojan-activity || 0 || ET DELETED Android.Tonclank Sending Device Information || url,www.symantec.com/security_response/writeup.jsp?docid=2011-061012-4545-99&tabid=2
1 || 2013040 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android.Tonclank JAR File Download || url,www.symantec.com/security_response/writeup.jsp?docid=2011-061012-4545-99&tabid=2
1 || 2013042 || 6 || trojan-activity || 0 || ET POLICY Android.Plankton/Tonclank Successful Installation Device Information POST || url,www.csc.ncsu.edu/faculty/jiang/Plankton/ || url,www.symantec.com/security_response/writeup.jsp?docid=2011-060910-5804-99&tabid=2
1 || 2013043 || 4 || trojan-activity || 0 || ET POLICY Android.Plankton/Tonclank Successful Installation Device Information POST Message Body || url,www.csc.ncsu.edu/faculty/jiang/Plankton/ || url,www.symantec.com/security_response/writeup.jsp?docid=2011-060910-5804-99&tabid=2
1 || 2013044 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE Android.Plankton/Tonclank Control Server Responding With JAR Download URL || url,www.csc.ncsu.edu/faculty/jiang/Plankton/ || url,www.symantec.com/security_response/writeup.jsp?docid=2011-060910-5804-99&tabid=2
1 || 2013045 || 2 || trojan-activity || 0 || ET TROJAN DLoader File Download Request Activity || url,www.f-secure.com/v-descs/trojan-downloader_w32_kdv176347.shtml || url,about-threats.trendmicro.com/malware.aspx?language=us&name=TROJ_VBKRYPT.CB || url,www.threatexpert.com/report.aspx?md5=3310259795b787210dd6825e7b6d6d28 || url,www.threatexpert.com/report.aspx?md5=12554e7f2e78daf26e73a2f92d01e7a7 || url,www.threatexpert.com/report.aspx?md5=7af2097d75869aa5aa656cd6e523c8b3
1 || 2013046 || 3 || trojan-activity || 0 || ET TROJAN DLoader PWS Module Data Upload Activity || url,www.f-secure.com/v-descs/trojan-downloader_w32_kdv176347.shtml || url,about-threats.trendmicro.com/malware.aspx?language=us&name=TROJ_VBKRYPT.CB || url,www.threatexpert.com/report.aspx?md5=3310259795b787210dd6825e7b6d6d28 || url,www.threatexpert.com/report.aspx?md5=12554e7f2e78daf26e73a2f92d01e7a7 || url,www.threatexpert.com/report.aspx?md5=7af2097d75869aa5aa656cd6e523c8b3
1 || 2013047 || 4 || trojan-activity || 0 || ET TROJAN DonBot Checkin || url,labs.m86security.com/2011/06/new-bots-old-bots-ii-donbot/
1 || 2013048 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Shipping Invoice Request to JPG.exe Executable
1 || 2013049 || 2 || attempted-recon || 0 || ET WEB_SERVER Binget PHP Library User Agent Inbound || url,www.bin-co.com/php/scripts/load/ || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013050 || 2 || attempted-recon || 0 || ET USER_AGENTS Binget PHP Library User Agent Outbound || url,www.bin-co.com/php/scripts/load/ || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013051 || 2 || attempted-recon || 0 || ET WEB_SERVER pxyscand Suspicious User Agent Inbound || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013052 || 2 || attempted-recon || 0 || ET USER_AGENTS pxyscand/ Suspicious User Agent Outbound || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013053 || 2 || attempted-recon || 0 || ET WEB_SERVER PyCurl Suspicious User Agent Inbound || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013054 || 2 || attempted-recon || 0 || ET USER_AGENTS PyCurl Suspicious User Agent Outbound || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013055 || 2 || attempted-recon || 0 || ET POLICY Peach C++ Library User Agent Inbound || url,www.useragentstring.com/pages/useragentstring.php || url,www.useragentstring.com/Peach1.01_id_12276.php
1 || 2013056 || 4 || attempted-recon || 0 || ET POLICY Peach C++ Library User Agent Outbound || url,www.useragentstring.com/pages/useragentstring.php || url,www.useragentstring.com/Peach1.01_id_12276.php
1 || 2013057 || 3 || attempted-recon || 0 || ET WEB_SERVER Inbound PHP User-Agent || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013058 || 3 || attempted-recon || 0 || ET WEB_SERVER Outbound PHP User-Agent || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013059 || 3 || bad-unknown || 0 || ET POLICY BitCoin
1 || 2013060 || 3 || web-application-attack || 0 || ET DELETED Client Visiting Sidename.js Injected Website - Malware Related || url,blog.armorize.com/2011/06/mass-meshing-injection-sidenamejs.html
1 || 2013061 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Sidename.js Injected Script Served by Local WebServer || url,blog.armorize.com/2011/06/mass-meshing-injection-sidenamejs.html
1 || 2013062 || 2 || trojan-activity || 0 || ET TROJAN MacShield FakeAV CnC Communication || url,blog.trendmicro.com/obfuscated-ip-addresses-and-affiliate-ids-in-mac-fakeav/
1 || 2013063 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE DroidKungFu Checkin 3 || url,extraexploit.blogspot.com/2011/06/droidkungfu-just-some-piece-of-code.html || url,www.redmondpie.com/droidkungfu-new-hard-to-detect-android-malware-threat-on-the-loose-steals-user-data-and-more/ || url,www.fortiguard.com/encyclopedia/virus/android_droidkungfu.a!tr.html || url,blog.fortinet.com/androiddroidkungfu-attacking-from-a-mobile-device/
1 || 2013064 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Tracur.Q HTTP Communication || url,xml.ssdsandbox.net/view/d2afc3be7357f96834ec684ab329d7e2
1 || 2013065 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CVE-2011-2110 Flash Exploit Attempt || url,www.shadowserver.org/wiki/pmwiki.php/Calendar/20110617
1 || 2013066 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Java Exploit Attempt applet via file URI setAttribute || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452
1 || 2013067 || 2 || trojan-activity || 0 || ET DELETED Win32/Fynloski Backdoor Keepalive Message || url,www.threatexpert.com/report.aspx?md5=baca8170608c189e2911dc4e430c7719
1 || 2013068 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible GRANT TO SQL Injection Attempt || url,beginner-sql-tutorial.com/sql-grant-revoke-privileges-roles.htm
1 || 2013069 || 3 || attempted-user || 0 || ET WEB_CLIENT Adobe Shockwave rcsL Chunk Remote Code Execution Attempt || url,www.abysssec.com/blog/2010/10/adobe-shockwave-player-rcsl-chunk-memory-corruption-0day/ || bid,42682 || cve,2010-2873
1 || 2013070 || 3 || attempted-user || 0 || ET WEB_CLIENT Adobe Shockwave Director tSAC Chunk memory corruption Attempt || url,www.exploit-db.com/moaub-22-adobe-shockwave-director-tsac-chunk-memory-corruption/
1 || 2013071 || 4 || trojan-activity || 0 || ET TROJAN Dropper.MSIL.Agent.ate Checkin || url,threatexpert.com/report.aspx?md5=4860e53b7e71cd57956e10ef48342b5f
1 || 2013072 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.HongTouTou Checkin || url,www.fortiguard.com/encyclopedia/virus/android_hongtoutou.a!tr.html
1 || 2013073 || 4 || trojan-activity || 0 || ET TROJAN Win32.Meredrop Checkin || url,www.virustotal.com/file-scan/report.html?id=14c8e9f054d6f7ff4d59b71b65933d73027fe39a2a62729257712170e36f32c5-1308250070
1 || 2013075 || 9 || bad-unknown || 0 || ET CURRENT_EVENTS Large DNS Query possible covert channel
1 || 2013076 || 7 || trojan-activity || 0 || ET TROJAN Zeus Bot GET to Google checking Internet connectivity || url,www.secureworks.com/research/threats/zeus/?threat=zeus || url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html
1 || 2013077 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Pack HCP overflow Media Player lt 10
1 || 2013078 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.YzhcSms CnC Keepalive Message || url,www.fortiguard.com/encyclopedia/virus/android_yzhcsms.a!tr.html
1 || 2013079 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.YzhcSms URL for Possible File Download || url,www.fortiguard.com/encyclopedia/virus/android_yzhcsms.a!tr.html
1 || 2013080 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP link Directory sbcat_id Parameter SELECT FROM SQL Injection Attempt || bugtraq,46048
1 || 2013081 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP link Directory sbcat_id Parameter DELETE FROM SQL Injection Attempt || bugtraq,46048
1 || 2013082 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP link Directory sbcat_id Parameter UNION SELECT SQL Injection Attempt || bugtraq,46048
1 || 2013083 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP link Directory sbcat_id Parameter INSERT INTO SQL Injection Attempt || bugtraq,46048
1 || 2013084 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP link Directory sbcat_id Parameter UPDATE SET SQL Injection Attempt || bugtraq,46048
1 || 2013085 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BLOG CMS nsextt parameter Cross Site Scripting Vulnerability || url,seclists.org/bugtraq/2011/Jun/59
1 || 2013086 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin sortorder parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/102001/xperience-xss.txt
1 || 2013087 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS impressCMS FCKeditor root_path Parameter Remote File inclusion Attempt || url,1337day.com/exploits/16001
1 || 2013088 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS impressCMS tinymce root_path Parameter Remote File inclusion Attempt || url,1337day.com/exploits/16001
1 || 2013089 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS impressCMS dhtmltextarea root_path Parameter Remote File inclusion Attempt || url,1337day.com/exploits/16001
1 || 2013090 || 10 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Fynloski.A/DarkRat Checkin Outbound || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fFynloski.A&ThreatID=-2147327112 || url,www.contextis.com/research/blog/darkcometrat/ || url,www.eff.org/deeplinks/2012/08/syrian-malware-post || md5,a2f58a4215441276706f18519dae9102
1 || 2013091 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Fynloski.A Checkin Inbound || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fFynloski.A&ThreatID=-2147327112 || url,www.contextis.com/research/blog/darkcometrat/
1 || 2013092 || 4 || trojan-activity || 0 || ET TROJAN VBKrypt.cmtp Login to Server || url,vil.nai.com/vil/content/v_377875.htm
1 || 2013093 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Clickfraud Framework Request
1 || 2013094 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS Phoenix/Fiesta URI Requested Contains /? and hex
1 || 2013095 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nagios Expand Parameter Cross Site Scripting Attempt || bid,48087 || cve,2011-2179
1 || 2013096 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-*.com domain
1 || 2013097 || 7 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns.* domain
1 || 2013098 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Driveby Exploit Kit Browser Progress Checkin - Binary Likely Previously Downloaded
1 || 2013099 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive useredit script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt
1 || 2013100 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive roleedit script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt
1 || 2013101 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive userlist script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt
1 || 2013102 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive deleteArtifact script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt
1 || 2013103 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive addLegacyArtifactPath script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt
1 || 2013104 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive deleteNetworkProxy script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt
1 || 2013105 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive addRepository script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc xss.txt
1 || 2013106 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive confirmDeleteRepository script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc xss.txt
1 || 2013107 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive editAppearance script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt
1 || 2013108 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive addLegacyArtifactPath.action Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt
1 || 2013109 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive addNetworkProxy script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt
1 || 2013110 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive networkProxies script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt
1 || 2013111 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive legacyArtifactPath script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt
1 || 2013112 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Archive configureAppearance script Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/101797/apachearchivapoc-xss.txt
1 || 2013113 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CVE-2011-2110 Flash Exploit Campaign Log.txt Request || cve,2011-2110 || url,blog.fireeye.com/research/2011/06/old-wine-in-a-new-bottle.html
1 || 2013114 || 2 || trojan-activity || 0 || ET TROJAN Win32.Vilsel Checkin || url,www.malware-control.com/statics-pages/5de2e2f56e5277cfe3d44299ab496648.php || url,www.malware-control.com/statics-pages/87290c3019b7dbac0d7d2e15f03572ba.php
1 || 2013115 || 3 || attempted-recon || 0 || ET WEB_SERVER Muieblackcat scanner
1 || 2013116 || 5 || attempted-recon || 0 || ET SCAN Potential muieblackcat scanner double-URI and HTTP library
1 || 2013117 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Tomcat Sort Paramter Cross Site Scripting Attempt || bid,45015 || cve,2010-4172
1 || 2013118 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Apache Tomcat Orderby Paramter Cross Site Scripting Attempt || bid,45015 || cve,2010-4172
1 || 2013119 || 2 || attempted-user || 0 || ET ACTIVEX Easewe FTP OCX ActiveX Control EaseWeFtp.ocx Remote Code Execution Attempt || bid,48393
1 || 2013120 || 1 || denial-of-service || 0 || ET SCADA Siemens FactoryLink 8 CSService Logging  Buffer Overflow Vulnerability || url,packetstormsecurity.org/files/view/102579/factorylink_csservice.rb.txt
1 || 2013121 || 3 || trojan-activity || 0 || ET DELETED Win32.VB.OWR Checkin || url,www.threatexpert.com/report.aspx?md5=7684532e7e1d717427f6842e9d5ecd56 || url,anubis.iseclab.org/?action=result&task_id=1ac5dbffd86ddd7f49da78a66fbeb6c37&format=txt
1 || 2013122 || 5 || trojan-activity || 0 || ET TROJAN Vilsel.ayjv Checkin (aid)
1 || 2013123 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.co.be domain
1 || 2013124 || 3 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .co.be Domain
1 || 2013125 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SoftMP3 search Parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/17209
1 || 2013126 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SoftMP3 search Parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/17209
1 || 2013127 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SoftMP3 search Parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/17209
1 || 2013128 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SoftMP3 search Parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/17209
1 || 2013129 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SoftMP3 search Parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/17209
1 || 2013130 || 2 || attempted-user || 0 || ET ACTIVEX Black Ice Cover Page SDK DownloadImageFileURL Method Exploit || url,exploit-db.com/exploits/17415/ || cve,2008-2683
1 || 2013131 || 2 || attempted-user || 0 || ET ACTIVEX Black Ice Fax Voice SDK GetItemQueue Method Remote Code Execution Exploit || url,exploit-db.com/exploits/17416
1 || 2013132 || 2 || attempted-user || 0 || ET ACTIVEX Black Ice Fax Voice SDK GetFirstItem Method Remote Code Execution Exploit || url,exploit-db.com/exploits/17416
1 || 2013133 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin vBTube vidid Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/102238/vbtube129-xss.txt
1 || 2013134 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS vBulletin vBTube uname Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/102238/vbtube129-xss.txt
1 || 2013135 || 1 || trojan-activity || 0 || ET TROJAN FakeAV FakeAlert.Rena.n Checkin Flowbit set
1 || 2013136 || 6 || trojan-activity || 0 || ET TROJAN FakeAV FakeAlertRena.n Checkin Response from Server
1 || 2013137 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible CVE-2011-2110 Flash Exploit Attempt Embedded in Web Page || url,stopmalvertising.com/malware-reports/all-ur-swf-bel0ng-2-us-analysis-of-cve-2011-2110.html || bid,48268 || cve,2011-2110
1 || 2013138 || 8 || trojan-activity || 0 || ET MOBILE_MALWARE XML Style POST Of IMEI International Mobile Equipment Identity || url,www.met.police.uk/mobilephone/imei.htm
1 || 2013139 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE XML Style POST Of IMSI International Mobile Subscriber Identity || url,www.learntelecom.com/telephony/gsm/international-mobile-subscriber-identity-imsi
1 || 2013140 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes CnC Checkin Message || url,blog.fortinet.com/symbosyxes-goes-version-2/
1 || 2013141 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes Plugucsrv.sisx File Download || url,blog.fortinet.com/symbosyxes-goes-version-2/
1 || 2013142 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes Jump.jsp CnC Checkin Message || url,blog.fortinet.com/symbosyxes-goes-version-2/
1 || 2013143 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/Yxes KernelPara.jsp CnC Checkin Message || url,blog.fortinet.com/symbosyxes-goes-version-2/
1 || 2013144 || 2 || attempted-user || 0 || ET WEB_CLIENT Mozilla Firefox nsTreeSelection Element invalidateSelection Remote Code Execution Attempt || bid,41853 || cve,2010-2753
1 || 2013145 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible %41%41%41%41 Heap Spray Attempt
1 || 2013146 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible %u41%u41%u41%u41 UTF-8 Heap Spray Attempt
1 || 2013147 || 2 || shellcode-detect || 0 || ET SHELLCODE Possible %u4141%u4141 UTF-16 Heap Spray Attempt
1 || 2013148 || 3 || shellcode-detect || 0 || ET SHELLCODE JavaScript Redefinition of a HeapLib Object - Likely Malicious Heap Spray Attempt
1 || 2013149 || 2 || trojan-activity || 0 || ET MALWARE RogueAntiSpyware.AntiVirusPro Checkin || url,www.threatexpert.com/report.aspx?md5=8d1b47452307259f1e191e16ed23cd35
1 || 2013150 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ZyXEL ZyWALL LoginPassword/HiddenPassword Cross Site Scripting Attempt || cve,2011-2466
1 || 2013152 || 2 || attempted-user || 0 || ET WEB_CLIENT Adobe Acrobat Util.printf Buffer Overflow Attempt || url,www.coresecurity.com/content/adobe-reader-buffer-overflow || bid,30035 || cve,2008-2992
1 || 2013153 || 2 || attempted-user || 0 || ET WEB_CLIENT Adobe Acrobat Reader FlateDecode Stream Predictor Exploit Attempt || url,www.fortiguard.com/analysis/pdfanalysis.html || bid,36600 || cve,2009-3459
1 || 2013154 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Gbod.dv Checkin
1 || 2013155 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress plugin Flash Album Gallery pid Parameter SELECT FROM SQL Injection Attempt || url,htbridge.ch/advisory/sql_injection_in_grand_flash_album_gallery_wordpress_plugin.html
1 || 2013156 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress plugin Flash Album Gallery pid Parameter DELETE FROM SQL Injection Attempt || url,htbridge.ch/advisory/sql_injection_in_grand_flash_album_gallery_wordpress_plugin.html
1 || 2013157 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress plugin Flash Album Gallery pid Parameter UNION SELECT SQL Injection Attempt || url,htbridge.ch/advisory/sql_injection_in_grand_flash_album_gallery_wordpress_plugin.html
1 || 2013158 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress plugin Flash Album Gallery pid Parameter INSERT INTO SQL Injection Attempt || url,htbridge.ch/advisory/sql_injection_in_grand_flash_album_gallery_wordpress_plugin.html
1 || 2013159 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress plugin Flash Album Gallery pid Parameter UPDATE SET SQL Injection Attempt || url,htbridge.ch/advisory/sql_injection_in_grand_flash_album_gallery_wordpress_plugin.html
1 || 2013160 || 2 || attempted-user || 0 || ET ACTIVEX CygniCon CyViewer ActiveX Control SaveData Insecure Method Vulnerability || bugtraq,48483
1 || 2013161 || 2 || attempted-user || 0 || ET ACTIVEX Ubisoft CoGSManager ActiveX Initialize method Buffer Overflow Vulnerability || url,secunia.com/advisories/45044
1 || 2013162 || 2 || attempted-user || 0 || ET ACTIVEX Ubisoft CoGSManager ActiveX RunCore method Buffer Overflow Vulnerability || url,secunia.com/advisories/45044
1 || 2013163 || 2 || attempted-user || 0 || ET ACTIVEX LEADTOOLS Imaging LEADSmtp ActiveX SaveMessage Method Vulnerability || bugtraq,48408
1 || 2013164 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Webcat web_id Parameter Blind SQL Injection Vulnerability || url,exploit-db.com/exploits/17444
1 || 2013165 || 2 || attempted-admin || 0 || ET EXPLOIT 2Wire Password Reset Vulnerability via GET || url,www.seguridad.unam.mx/doc/?ap=articulo&id=196 || url,packetstormsecurity.org/files/view/102614/2wire-reset.rb.txt
1 || 2013166 || 2 || attempted-admin || 0 || ET EXPLOIT 2Wire Password Reset Vulnerability via POST || url,www.seguridad.unam.mx/doc/?ap=articulo&id=196 || url,packetstormsecurity.org/files/view/102614/2wire-reset.rb.txt
1 || 2013167 || 4 || misc-activity || 0 || ET EXPLOIT FreeBSD OpenSSH 3.5p1 possible vulnerable server || url,packetstormsecurity.org/files/view/102683/ssh_preauth_freebsd.txt || url,seclists.org/2011/Jul/6
1 || 2013168 || 5 || trojan-activity || 0 || ET TROJAN Generic Bot Checkin || url,www.threatexpert.com/report.aspx?md5=be3aed34928cb826030b462279a1c453
1 || 2013169 || 2 || trojan-activity || 0 || ET TROJAN Gozi Communication 2
1 || 2013170 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.cu.cc domain
1 || 2013171 || 2 || web-application-attack || 0 || ET SCAN DominoHunter Security Scan in Progress || url,packetstormsecurity.org/files/31653/DominoHunter-0.92.zip.html
1 || 2013172 || 2 || bad-unknown || 0 || ET DNS DNS Query for a Suspicious *.cu.cc domain
1 || 2013173 || 3 || attempted-recon || 0 || ET USER_AGENTS Atomic_Email_Hunter User-Agent Inbound || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013174 || 3 || attempted-recon || 0 || ET USER_AGENTS Atomic_Email_Hunter User-Agent Outbound || url,www.useragentstring.com/pages/useragentstring.php
1 || 2013175 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Likely EgyPack Exploit kit landing page (EGYPACK_CRYPT) || url,www.kahusecurity.com/2011/new-exploit-kit-egypack/ || url,www.vbulletin.com/forum/forum/vbulletin-3-8/vbulletin-3-8-questions-problems-and-troubleshooting/346989-vbulletin-footer-sql-injection-hack || url,blog.webroot.com/2013/03/29/a-peek-inside-the-egypack-web-malware-exploitation-kit/
1 || 2013176 || 6 || trojan-activity || 0 || ET TROJAN EgyPack Exploit Kit Post-Infection Request || url,www.kahusecurity.com/2011/new-exploit-kit-egypack/ || url,www.vbulletin.com/forum/forum/vbulletin-3-8/vbulletin-3-8-questions-problems-and-troubleshooting/346989-vbulletin-footer-sql-injection-hack || url,blog.webroot.com/2013/03/29/a-peek-inside-the-egypack-web-malware-exploitation-kit/
1 || 2013178 || 3 || trojan-activity || 0 || ET TROJAN Long Fake wget 3.0 User-Agent Detected
1 || 2013179 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Ponmocup C2 Malware Update before fake JPEG download || url,www9.dyndns-server.com%3a8080/pub/botnet-links.html
1 || 2013180 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Ponmocup C2 Malware Update after fake JPEG download || url,www9.dyndns-server.com%3a8080/pub/botnet-links.html
1 || 2013181 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Ponmocup Redirection from infected Website to Trojan-Downloader || url,www9.dyndns-server.com%3a8080/pub/botnet-links.html
1 || 2013182 || 1 || trojan-activity || 0 || ET TROJAN Sidetab or Related Trojan Checkin
1 || 2013183 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Known Facebook Iframe Phishing Attempt || url,www.f-secure.com/weblog/archives/00002196.html
1 || 2013184 || 5 || trojan-activity || 0 || ET TROJAN Artro Downloader User-Agent Detected || url,www.securelist.com/en/analysis/204792172/The_Advertising_Botnet
1 || 2013185 || 6 || trojan-activity || 0 || ET TROJAN Trojan-Banker.Win32.Agent Checkin || url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=1bcc87209703cf73c80f9772935e47b0 || url,www.threatexpert.com/report.aspx?md5=c8b3d2bc407b0260b40b7f97e504faa5
1 || 2013186 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS Win32.Renos/Artro Trojan Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=TROJANDOWNLOADER%3aWIN32/RENOS.MJ || url,www.securelist.com/en/analysis/204792172/The_Advertising_Botnet || url,www.threatexpert.com/report.aspx?md5=01ca25570659c2e1b8b887a3229ef421
1 || 2013187 || 1 || misc-activity || 0 || ET CURRENT_EVENTS Backdoor Win32/IRCbot.FJ Cnc connection dns lookup || url,www.exposedbotnets.com/2011/02/minervacdmonorgbotnet-hosted-in.html || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fIRCbot.FJ || url,www.threatexpert.com/report.aspx?md5=13e43c44681ba9acb8fd42217bd3dbd2 || url,www.bfk.de/bfk_dnslogger_en.html?query=minerva.cdmon.org
1 || 2013188 || 5 || attempted-admin || 0 || ET EXPLOIT VSFTPD Backdoor User Login Smiley
1 || 2013189 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Dropper HTTP POST Check-in || url,www.mywot.com/en/forum/13816-clickjacking-scam-spreading-on-facebook
1 || 2013190 || 3 || trojan-activity || 0 || ET POLICY Likely PCTools.com Installer User-Agent (Installer Ping)
1 || 2013191 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS Client Visiting cssminibar.js Injected Website Malware Related || url,blog.armorize.com/2011/06/mass-meshing-injection-sidenamejs.html
1 || 2013192 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS cssminibar.js Injected Script Served by Local WebServer || url,blog.armorize.com/2011/06/mass-meshing-injection-sidenamejs.html
1 || 2013193 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.CruseWin Retriving XML File from Hard Coded CnC || url,www.fortiguard.com/encyclopedia/virus/android_crusewin.a!tr.html
1 || 2013194 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android.CruseWin XML Configuration File Sent From CnC Server || url,www.fortiguard.com/encyclopedia/virus/android_crusewin.a!tr.html
1 || 2013195 || 2 || trojan-activity || 0 || ET MALWARE Win32.EZula Adware Reporting Sucessful Install || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FEzula.F
1 || 2013196 || 2 || trojan-activity || 0 || ET TROJAN Win32.Genome Initial Checkin
1 || 2013197 || 2 || trojan-activity || 0 || ET TROJAN Win32.Genome Download.php HTTP Request on Off Port
1 || 2013198 || 2 || trojan-activity || 0 || ET TROJAN Trojan/Hacktool.Sniffer Initial Checkin
1 || 2013199 || 4 || trojan-activity || 0 || ET TROJAN Trojan/Hacktool.Sniffer Sucessful Install Message
1 || 2013200 || 2 || trojan-activity || 0 || ET MALWARE Unknown Malware patchlist.xml Request
1 || 2013201 || 6 || trojan-activity || 0 || ET TROJAN Win32/Rodecap CnC Checkin
1 || 2013202 || 2 || trojan-activity || 0 || ET TROJAN Win32/Fosniw MacTryCnt CnC Style Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FFosniw.B
1 || 2013203 || 2 || trojan-activity || 0 || ET TROJAN Win32/Fosniw CnC Checkin Style 2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FFosniw.B
1 || 2013204 || 3 || trojan-activity || 0 || ET DELETED Unknown Generic Trojan Checkin
1 || 2013205 || 3 || trojan-activity || 0 || ET DELETED Win32.Hooker Checkin Message
1 || 2013206 || 3 || trojan-activity || 0 || ET TROJAN Unknown Trojan POST datan.php
1 || 2013207 || 5 || trojan-activity || 0 || ET TROJAN Trojan Internet Connectivity Check
1 || 2013208 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Mobile Malware Posting Device Phone Number
1 || 2013209 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.Walkinwat Sending Data to CnC Server || url,us.norton.com/security_response/writeup.jsp?docid=2011-033008-4831-99&tabid=2 || url,blog.avast.com/2011/03/21/android-is-calling-walk-and-text-and-be-malicious/
1 || 2013210 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.Bgserv POST of Data to CnC Server || url,us.norton.com/security_response/writeup.jsp?docid=2011-031005-2918-99&tabid=2
1 || 2013211 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Esion CnC Checkin || url,us.norton.com/security_response/writeup.jsp?docid=2011-052510-1535-99&tabid=2
1 || 2013212 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Meciv Checkin || url,us.norton.com/security_response/writeup.jsp?docid=2011-070516-5325-99&tabid=2 || url,www.secureworks.com/research/threats/sindigoo/
1 || 2013213 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.3322.org
1 || 2013214 || 2 || trojan-activity || 0 || ET TROJAN GhOst Remote Access Trojan Encrypted Session To CnC Server || url,www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network || url,www.symantec.com/connect/blogs/inside-back-door-attack
1 || 2013215 || 3 || trojan-activity || 0 || ET DELETED W32/Alworo CnC Checkin || url,us.norton.com/security_response/writeup.jsp?docid=2011-062909-5644-99&tabid=2
1 || 2013217 || 2 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP Via myip.ozymo.com
1 || 2013218 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Specfix Checkin || url,us.norton.com/security_response/writeup.jsp?docid=2011-062203-3150-99&tabid=2
1 || 2013219 || 3 || trojan-activity || 0 || ET DELETED Android.Ggtracker Ggtrack.org Checkin || url,us.norton.com/security_response/writeup.jsp?docid=2011-062208-5013-99&tabid=2
1 || 2013220 || 4 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.8866.org || url,www.mywot.com/en/scorecard/8866.org
1 || 2013221 || 2 || trojan-activity || 0 || ET TROJAN Win32/Sefnit Initial Checkin
1 || 2013222 || 3 || shellcode-detect || 0 || ET SHELLCODE Excessive Use of HeapLib Objects Likely Malicious Heap Spray Attempt
1 || 2013224 || 9 || trojan-activity || 0 || ET POLICY Suspicious User-Agent Containing .exe
1 || 2013225 || 3 || trojan-activity || 0 || ET TROJAN W32/IRCBrute Checkin 2 || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~DwnLdr-IRB/detailed-analysis.aspx
1 || 2013226 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Immophp secteur parameter Cross Site Scripting Attempt || bugtraq,48341
1 || 2013227 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Immophp annonce parameter SELECT FROM SQL Injection Attempt || bugtraq,48341
1 || 2013228 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Immophp annonce parameter DELETE FROM SQL Injection Attempt || bugtraq,48341
1 || 2013229 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Immophp annonce parameter UNION SELECT SQL Injection Attempt || bugtraq,48341
1 || 2013230 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Immophp annonce parameter INSERT INTO SQL Injection Attempt || bugtraq,48341
1 || 2013231 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Immophp annonce parameter UPDATE SET SQL Injection Attempt || bugtraq,48341
1 || 2013232 || 2 || attempted-user || 0 || ET ACTIVEX IDrive Online Backup ActiveX control SaveToFile Insecure Method || url,htbridge.ch/advisory/idrive_online_backup_activex_control_insecure_method.html
1 || 2013233 || 3 || attempted-user || 0 || ET ACTIVEX Chilkat Crypt ActiveX Control SaveDecrypted Insecure Method Vulnerability || bugtraq,48585
1 || 2013234 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ActivDesk cid Parameter Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/102537/activdesk-sqlxss.txt
1 || 2013236 || 2 || trojan-activity || 0 || ET TROJAN Palevo (OUTBOUND) || url,threatexpert.com/report.aspx?md5=5f1296995c7ccba13c0c0655baf03a3a
1 || 2013237 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Obfuscated Javascript Often Used in Drivebys
1 || 2013238 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE Android/GoldDream Infected Device Registration || url,www.fortiguard.com/encyclopedia/virus/android_golddream.a!tr.spy.html
1 || 2013240 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/GoldDream Task Information Retrieval || url,www.fortiguard.com/encyclopedia/virus/android_golddream.a!tr.spy.html
1 || 2013241 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/GoldDream Uploading Watch Files || url,www.fortiguard.com/encyclopedia/virus/android_golddream.a!tr.spy.html
1 || 2013242 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Suspicious *.cu.cc domain
1 || 2013243 || 2 || trojan-activity || 0 || ET MALWARE SweetIM Install in Progress
1 || 2013244 || 2 || misc-activity || 0 || ET CURRENT_EVENTS Known Injected Credit Card Fraud Malvertisement Script || url,blogs.paretologic.com/malwarediaries/index.php/2011/07/06/stolen-credit-cards-site-injected-with-malware/
1 || 2013245 || 3 || trojan-activity || 0 || ET TROJAN Ruskill/Palevo Download Command || url,www.threatexpert.com/report.aspx?md5=2d69d8d243499ab53b840c64f68cc830 || url,sebdraven.tumblr.com/post/6769853139/palevo-analysises
1 || 2013246 || 2 || trojan-activity || 0 || ET TROJAN Ruskill/Palevo CnC PONG || url,ore.carnivore.it/malware/hash/d4dc8459a34ea14d856e529d3a9e0362 || url,sebdraven.tumblr.com/post/6769853139/palevo-analysises
1 || 2013247 || 5 || trojan-activity || 0 || ET TROJAN Ruskill/Palevo KCIK IRC Command || url,ore.carnivore.it/malware/hash/d4dc8459a34ea14d856e529d3a9e0362 || url,sebdraven.tumblr.com/post/6769853139/palevo-analysises
1 || 2013248 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a *.uni.cc domain
1 || 2013249 || 3 || attempted-recon || 0 || ET SCAN Vega Web Application Scan || url,www.subgraph.com/products.html || url,www.darknet.org.uk/2011/07/vega-open-source-cross-platform-web-application-security-assessment-platform/
1 || 2013250 || 3 || attempted-user || 0 || ET WEB_CLIENT Microsoft Word RTF pFragments Stack Buffer Overflow Attempt || url,labs.m86security.com/2011/07/resurrection-of-cve-2010-3333-in-the-wild/ || bid,44652 || cve,2010-3333
1 || 2013251 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Known in Wild Microsoft Internet Explorer Time Element Uninitialized Memory Remote Code Execution Attempt || url,labs.m86security.com/2011/06/0-day-exploit-used-in-a-targeted-attack-cve-2011-1255/ || bid,48206 || cve,2011-1255
1 || 2013252 || 3 || attempted-user || 0 || ET WEB_CLIENT Microsoft Internet Explorer Time Element Uninitialized Memory Remote Code Execution Attempt || url,labs.m86security.com/2011/06/0-day-exploit-used-in-a-targeted-attack-cve-2011-1255/ || bid,48206 || cve,2011-1255
1 || 2013253 || 4 || policy-violation || 0 || ET POLICY Yandexbot Request Inbound
1 || 2013254 || 2 || trojan-activity || 0 || ET TROJAN Yandexbot Request Outbound
1 || 2013255 || 4 || trojan-activity || 0 || ET POLICY Majestic12 User-Agent Request Inbound
1 || 2013256 || 3 || trojan-activity || 0 || ET TROJAN Majestic12 User-Agent Request Outbound
1 || 2013258 || 7 || trojan-activity || 0 || ET USER_AGENTS Avzhan DDoS Bot User-Agent MyIE || url,asert.arbornetworks.com/2010/09/another-family-of-ddos-bots-avzhan/ || url,blog.fireeye.com/research/2010/10/avzhan-botnet-the-story-of-evolution.html
1 || 2013259 || 3 || trojan-activity || 0 || ET TROJAN Guagua Trojan Update Checkin
1 || 2013260 || 3 || trojan-activity || 0 || ET TROJAN Win32/Nekill Checkin || url,blog.emergingthreatspro.com/2011/07/bot-of-day-nekilla.html
1 || 2013261 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/CommDN Downloading Second Stage Malware Binary || url,www.fortiguard.com/encyclopedia/virus/symbos_commdn.a!tr.html
1 || 2013263 || 3 || attempted-recon || 0 || ET SCAN Nessus FTP Scan detected (ftp_anonymous.nasl) || url,www.nessus.org/plugins/index.php?view=single&id=10079 || url,osvdb.org/show/osvdb/69
1 || 2013264 || 2 || attempted-recon || 0 || ET SCAN Nessus FTP Scan detected (ftp_writeable_directories.nasl) || url,www.nessus.org/plugins/index.php?view=single&id=19782 || url,osvdb.org/show/osvdb/76
1 || 2013265 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/SymGam CnC Checkin || url,www.fortiguard.com/encyclopedia/virus/symbos_symgam.a!tr.html
1 || 2013266 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE SymbOS/SymGam Receiving SMS Message Template from CnC Server || url,www.fortiguard.com/encyclopedia/virus/symbos_symgam.a!tr.html
1 || 2013267 || 4 || shellcode-detect || 0 || ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0a0a0a0a || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2013268 || 4 || shellcode-detect || 0 || ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0b0b0b0b || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2013269 || 2 || shellcode-detect || 0 || ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0c0c0c0c || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2013270 || 2 || shellcode-detect || 0 || ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 0d0d0d0d || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2013271 || 2 || shellcode-detect || 0 || ET SHELLCODE Hex Obfuscated JavaScript NOP SLED || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2013272 || 3 || shellcode-detect || 0 || ET SHELLCODE Unescape Hex Obfuscated Content
1 || 2013273 || 2 || shellcode-detect || 0 || ET SHELLCODE Hex Obfuscated JavaScript Heap Spray 41414141 || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2013274 || 2 || shellcode-detect || 0 || ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0a0a0a0a || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2013275 || 2 || shellcode-detect || 0 || ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0b0b0b0b || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2013276 || 2 || shellcode-detect || 0 || ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0c0c0c0c || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2013277 || 2 || shellcode-detect || 0 || ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 0d0d0d0d || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2013278 || 2 || shellcode-detect || 0 || ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript NOP SLED || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2013279 || 2 || shellcode-detect || 0 || ET SHELLCODE Double BackSlash Hex Obfuscated JavaScript Heap Spray 41414141 || url,www.darkreading.com/security/vulnerabilities/221901428/index.html
1 || 2013280 || 2 || attempted-user || 0 || ET WEB_CLIENT Microsoft Word RTF pFragments Stack Overflow Attempt || url,labs.m86security.com/2011/07/resurrection-of-cve-2010-3333-in-the-wild/ || bid,44652 || cve,2010-3333
1 || 2013281 || 2 || attempted-user || 0 || ET WEB_CLIENT Adobe Authplay.dll NewClass Memory Corruption Attempt || url,www.exploit-db.com/adobe-acrobat-newclass-invalid-pointer-vulnerability/ || bid,40586 || cve,2010-1297
1 || 2013282 || 2 || attempted-user || 0 || ET WEB_CLIENT Adobe Flash Player Button Remote Code Execution Attempt || bid,44504 || cve,2010-3654
1 || 2013283 || 3 || trojan-activity || 0 || ET TROJAN DarkComet-RAT init connection || url,www.darkcomet-rat.com || url,anubis.iseclab.org/?action=result&task_id=1a7326f61fef1ecb4ed4fbf3de3f3b8cb&format=txt
1 || 2013284 || 3 || trojan-activity || 0 || ET TROJAN DarkComet-RAT server join acknowledgement || url,www.darkcomet-rat.com || url,anubis.iseclab.org/?action=result&task_id=1a7326f61fef1ecb4ed4fbf3de3f3b8cb&format=txt
1 || 2013285 || 2 || trojan-activity || 0 || ET TROJAN DarkComet-RAT Client Keepalive || url,www.darkcomet-rat.com
1 || 2013286 || 2 || trojan-activity || 0 || ET TROJAN Win32.Jadtre Retrieving Cfg File
1 || 2013287 || 5 || trojan-activity || 0 || ET TROJAN Papras Banking Trojan Checkin || url,www.threatexpert.com/report.aspx?md5=85d82c840f4b90fcb6d5311f501374ca
1 || 2013288 || 3 || web-application-attack || 0 || ET EXPLOIT HP OpenView Network Node Manager Toolbar.exe CGI Buffer Overflow Attempt || url,exploit-db.com/exploits/17536/
1 || 2013289 || 6 || attempted-recon || 0 || ET POLICY MOBILE Apple device leaking UDID from SpringBoard || url,www.innerfence.com/howto/find-iphone-unique-device-identifier-udid || url,support.apple.com/kb/HT4061
1 || 2013290 || 2 || attempted-recon || 0 || ET POLICY MOBILE Apple device leaking UDID from SpringBoard via GET || url,www.innerfence.com/howto/find-iphone-unique-device-identifier-udid || url,support.apple.com/kb/HT4061
1 || 2013291 || 2 || trojan-activity || 0 || ET TROJAN Win32/Cycbot Pay-Per-Install Executable Download || url,www.eset.com/about/blog/blog/article/cycbot-ready-to-ride/
1 || 2013292 || 2 || trojan-activity || 0 || ET TROJAN Win32/Cycbot Initial Checkin to CnC || url,www.eset.com/about/blog/blog/article/cycbot-ready-to-ride/
1 || 2013293 || 2 || trojan-activity || 0 || ET TROJAN Win32/Glupteba CnC Checkin || url,blog.eset.com/2011/03/02/tdl4-and-glubteba-piggyback-piggybugs
1 || 2013294 || 2 || policy-violation || 0 || ET POLICY Self Signed SSL Certificate (Persona Not Validated)
1 || 2013295 || 2 || policy-violation || 0 || ET POLICY Self Signed SSL Certificate (Snake Oil CA)
1 || 2013296 || 3 || policy-violation || 0 || ET POLICY Free SSL Certificate Provider (StartCom Class 1 Primary Intermediate Server CA)
1 || 2013297 || 3 || policy-violation || 0 || ET POLICY Free SSL Certificate (StartCom Free Certificate Member)
1 || 2013298 || 2 || bad-unknown || 0 || ET POLICY Nessus Server SSL certificate detected
1 || 2013299 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HippoSms Method Request to CnC || url,www.fortiguard.com/encyclopedia/virus/android_hipposms.a!tr.html
1 || 2013303 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nuke Evolution Xtreme pid Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/101249/nukeevolution-sql.txt
1 || 2013304 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nuke Evolution Xtreme pid Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/101249/nukeevolution-sql.txt
1 || 2013305 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nuke Evolution Xtreme pid Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/101249/nukeevolution-sql.txt
1 || 2013306 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nuke Evolution Xtreme pid Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/101249/nukeevolution-sql.txt
1 || 2013307 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nuke Evolution Xtreme pid Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/101249/nukeevolution-sql.txt
1 || 2013308 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress PHP Speedy Plugin page Parameter Remote File inclusion Attempt || url,secunia.com/advisories/43652
1 || 2013309 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress PHP Speedy Plugin page Parameter Local File Inclusion Attempt || url,secunia.com/advisories/43652
1 || 2013310 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress PHP Speedy Plugin title parameter Cross Site Scripting Attempt || url,secunia.com/advisories/43652
1 || 2013311 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.dlinkddns.com domain
1 || 2013312 || 3 || bad-unknown || 0 || ET TROJAN Possible Ponmocup Driveby Download || url,www9.dyndns-server.com%3a8080/pub/botnet/r-cgi_malware_analyse.txt
1 || 2013313 || 7 || trojan-activity || 0 || ET TROJAN Obfuscated Javascript Often Used in the Blackhole Exploit Kit 3
1 || 2013314 || 5 || trojan-activity || 0 || ET TROJAN Phoenix Landing Page Obfuscated Javascript 2
1 || 2013315 || 10 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (Agent and 5 or 6 digits)
1 || 2013316 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE Android.AdSms Retrieving XML File from CnC Server || url,www.fortiguard.com/encyclopedia/virus/android_adsms.a!tr.html
1 || 2013317 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE Android.AdSms XML File From CnC Server || url,www.fortiguard.com/encyclopedia/virus/android_adsms.a!tr.html
1 || 2013318 || 1 || trojan-activity || 0 || ET TROJAN Google Warning Infected Local User
1 || 2013319 || 2 || shellcode-detect || 0 || ET SHELLCODE Unicode UTF-8 Heap Spray Attempt
1 || 2013320 || 2 || shellcode-detect || 0 || ET SHELLCODE Unicode UTF-16 Heap Spray Attempt
1 || 2013321 || 2 || attempted-user || 0 || ET WEB_CLIENT Internet Explorer toStaticHTML HTML Sanitizing Information Disclosure Attempt || bid,48199 || cve,2011-1252
1 || 2013322 || 2 || attempted-user || 0 || ET WEB_CLIENT Microsoft Visio 2003 mfc71enu.dll DLL Loading Arbitrary Code Execution Attempt || url,tools.cisco.com/security/center/viewAlert.x?alertId=23601 || url,www.microsoft.com/technet/security/bulletin/MS11-055.mspx || bid,42681 || cve,2010-3148
1 || 2013323 || 3 || trojan-activity || 0 || ET DELETED Dictcn Trojan Downloader Update Check to CnC
1 || 2013324 || 3 || trojan-activity || 0 || ET DELETED Dictcn Trojan Downloader Receiving XML Format Update File From CnC Server
1 || 2013325 || 3 || trojan-activity || 0 || ET DELETED Dictcn Trojan Downloader Receiving XML Format Node ID File From CnC Server
1 || 2013326 || 4 || trojan-activity || 0 || ET DELETED Dictcn Trojan Downloader Node Server Type
1 || 2013327 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android.Zitmo Forwarding SMS Message to CnC Server || url,blog.fortinet.com/zitmo-hits-android/
1 || 2013328 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query for Known Hostile Domain gooqlepics com || url,blog.armorize.com/2011/07/willysycom-mass-injection-ongoing.html
1 || 2013329 || 3 || trojan-activity || 0 || ET TROJAN Ruskill CnC Download Command 1
1 || 2013330 || 1 || trojan-activity || 0 || ET TROJAN Ruskill CnC Download Command 2
1 || 2013331 || 1 || trojan-activity || 0 || ET TROJAN Ruskill Reporting on Local Scans
1 || 2013332 || 4 || trojan-activity || 0 || ET TROJAN FakeAV Landing Page || url,www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=23514
1 || 2013333 || 4 || trojan-activity || 0 || ET MALWARE Zugo.com SearchToolbar User-Agent (SearchToolbar) || url,www.zugo.com/faq/ || url,plus.google.com/109412257237874861202/posts/FXL1y8qG7YF
1 || 2013334 || 4 || not-suspicious || 0 || ET DELETED SSL MiTM Vulnerable or EOL iOS 3.x device || url,support.apple.com/kb/HT1222 || url,support.apple.com/kb/HT4824 || url,en.wikipedia.org/wiki/IOS_version_history
1 || 2013335 || 5 || not-suspicious || 0 || ET DELETED SSL MiTM Vulnerable or EOL iOS 4.x device || url,support.apple.com/kb/HT1222 || url,support.apple.com/kb/HT4824 || url,en.wikipedia.org/wiki/IOS_version_history
1 || 2013336 || 4 || not-suspicious || 0 || ET POLICY SSL MiTM Vulnerable iOS 4.x CDMA iPhone device || url,support.apple.com/kb/HT1222 || url,support.apple.com/kb/HT4825 || url,en.wikipedia.org/wiki/IOS_version_history
1 || 2013337 || 5 || trojan-activity || 0 || ET TROJAN PoisonIvy.E Keepalive to CnC || url,www.threatexpert.com/report.aspx?md5=fc414168a5b4ca074ea6e03f770659ef
1 || 2013338 || 2 || trojan-activity || 0 || ET TROJAN Bifrose Client Checkin
1 || 2013339 || 5 || trojan-activity || 0 || ET TROJAN Win32.FakeAV.Rean Checkin || url,www.threatexpert.com/report.aspx?md5=0a998a070beb287524f9be6dd650c959
1 || 2013340 || 2 || trojan-activity || 0 || ET TROJAN FakeAV/Application JPDesk/Delf checkin || url,www.threatexpert.com/report.aspx?md5=08f116cf4feff245dca581244e4f509c
1 || 2013341 || 3 || trojan-activity || 0 || ET DELETED Trojan Dropper User-Agent Firefox/3.6.3
1 || 2013342 || 4 || trojan-activity || 0 || ET TROJAN Win32/Sisproc Variant POST to CnC Server || url,www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=04dc87d4dcf12f9c05a22ab9890a6323 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FSisproc&ThreatID=-2147342628
1 || 2013343 || 3 || trojan-activity || 0 || ET DELETED Backdoor W32/Phanta Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FPopureb.A || url,www.threatexpert.com/report.aspx?md5=0012a0b60572dfa4f42a4325507841d8
1 || 2013344 || 4 || trojan-activity || 0 || ET TROJAN Unknown Trojan Checkin to CnC Server
1 || 2013345 || 2 || trojan-activity || 0 || ET TROJAN Win32.Pamesg/ArchSMS.HL CnC Checkin || url,www.threatexpert.com/report.aspx?md5= 00068992bc003713058a17d50d9e3e14
1 || 2013346 || 3 || trojan-activity || 0 || ET TROJAN Unknown Trojan File Stealer FTP File Upload
1 || 2013348 || 8 || trojan-activity || 0 || ET TROJAN Zeus Bot Request to CnC 2
1 || 2013349 || 4 || trojan-activity || 0 || ET TROJAN Connectivity Check of Unknown Origin 1
1 || 2013350 || 3 || trojan-activity || 0 || ET TROJAN Connectivity Check of Unknown Origin 2
1 || 2013351 || 3 || trojan-activity || 0 || ET TROJAN Connectivity Check of Unknown Origin 3
1 || 2013352 || 3 || trojan-activity || 0 || ET TROJAN Executable Download Purporting to be JavaScript likely 2nd stage Infection
1 || 2013353 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - flickr.com.*  || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29
1 || 2013354 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - picasa.com.*  || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29
1 || 2013355 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - blogger.com.*  || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29
1 || 2013356 || 2 || web-application-attack || 0 || ET DELETED Wordpress possible Malicious DNS-Requests - wordpress.com.*  || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29
1 || 2013357 || 1 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - wordpress.com.*  || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29
1 || 2013358 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - img.youtube.com.*  || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29
1 || 2013359 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - upload.wikimedia.com.*  || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29
1 || 2013360 || 1 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress possible Malicious DNS-Requests - photobucket.com.*  || url,markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/ || url,www.us-cert.gov/current/index.html#wordpress_themes_vulnerability || url,blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SucuriSecurity+%28Sucuri+Security%29
1 || 2013361 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS HTran/SensLiceld.A Checkin 1 || url,www.secureworks.com/research/threats/htran/ || url,www.symantec.com/connect/blogs/truth-behind-shady-rat || url,www.symantec.com/security_response/writeup.jsp?docid=2010-120716-4344-99&tabid=2 || url,www.securelist.com/en/descriptions/10120120/Trojan-Spy.Win32.Agent.bptu
1 || 2013362 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS HTran/SensLiceld.A Checkin 2 (unicode) || url,www.secureworks.com/research/threats/htran/ || url,www.symantec.com/connect/blogs/truth-behind-shady-rat || url,www.symantec.com/security_response/writeup.jsp?docid=2010-120716-4344-99&tabid=2 || url,www.securelist.com/en/descriptions/10120120/Trojan-Spy.Win32.Agent.bptu
1 || 2013363 || 4 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Request tkr
1 || 2013364 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS windows_security_update Fake AV download
1 || 2013365 || 2 || web-application-attack || 0 || ET WEB_SERVER PUT Website Defacement Attempt
1 || 2013366 || 2 || trojan-activity || 0 || ET TROJAN FakeAV Checkin
1 || 2013367 || 4 || trojan-activity || 0 || ET TROJAN KeyloggerOnline Keylogger Checkin (kill) || url,threatexpert.com/report.aspx?md5=06b783d348a4f9d72bf743c8262778ef
1 || 2013368 || 3 || trojan-activity || 0 || ET TROJAN KeyloggerOnline Keylogger Checkin (sleep) || url,threatexpert.com/report.aspx?md5=06b783d348a4f9d72bf743c8262778ef
1 || 2013369 || 3 || trojan-activity || 0 || ET TROJAN KeyloggerOnline Keylogger Checkin (go https) || url,threatexpert.com/report.aspx?md5=06b783d348a4f9d72bf743c8262778ef
1 || 2013370 || 3 || trojan-activity || 0 || ET DELETED Unknown Trojan Checkin 1
1 || 2013371 || 3 || trojan-activity || 0 || ET DELETED Unknown Trojan Checkin 2
1 || 2013372 || 3 || trojan-activity || 0 || ET TROJAN Win32/Oliga Fake User Agent
1 || 2013373 || 2 || trojan-activity || 0 || ET TROJAN FakeAV oms.php Data Post
1 || 2013374 || 2 || trojan-activity || 0 || ET TROJAN FakeAV User-Agent XML
1 || 2013375 || 2 || trojan-activity || 0 || ET TROJAN W32/Nolja Trojan Downloader Initial Checkin
1 || 2013376 || 2 || trojan-activity || 0 || ET TROJAN W32/Nolja Trojan User-Agent (FileNolja)
1 || 2013377 || 2 || trojan-activity || 0 || ET TROJAN W32/Alunik User Agent Detected
1 || 2013378 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.de.ms domain
1 || 2013379 || 3 || trojan-activity || 0 || ET TROJAN Downbot/Shady Rat Remote Shell Connection || url,www.symantec.com/connect/blogs/truth-behind-shady-rat
1 || 2013380 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Malicious 1px iframe related to Mass Wordpress Injections
1 || 2013381 || 2 || trojan-activity || 0 || ET TROJAN W32/Sality Executable Pack Digital Signature ASCII Marker || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/sality_peer_to_peer_viral_network.pdf
1 || 2013382 || 3 || trojan-activity || 0 || ET TROJAN Fakealert.Rena CnC Checkin 2 || url,www.malware-control.com/statics-pages/24b9c5f59a4706689d4f9bb5f510ec35.php
1 || 2013383 || 3 || trojan-activity || 0 || ET TROJAN Fakealert.Rena CnC Checkin 1
1 || 2013384 || 3 || trojan-activity || 0 || ET TROJAN W32/Siscos CnC Checkin
1 || 2013385 || 3 || trojan-activity || 0 || ET TROJAN Accept-encode HTTP header with UA indicating infected host
1 || 2013386 || 2 || trojan-activity || 0 || ET TROJAN W32/FakeAlert Fake Security Tool Checkin || url,threatexpert.com/reports.aspx?find=03abdc31d0f864c7b69b09d6481d3ff7
1 || 2013387 || 4 || trojan-activity || 0 || ET POLICY User Agent Ryeol HTTP Client Class
1 || 2013388 || 4 || trojan-activity || 0 || ET MALWARE Adrevmedia Related Media Manager Spyware Checkin
1 || 2013389 || 2 || trojan-activity || 0 || ET MALWARE Adware/CommonName Reporting
1 || 2013390 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User Agent 3653Client
1 || 2013391 || 3 || trojan-activity || 0 || ET TROJAN Ufasoft bitcoin Related User-Agent
1 || 2013392 || 2 || trojan-activity || 0 || ET TROJAN W32/Hupigon.B User Agent TSDownload
1 || 2013393 || 4 || trojan-activity || 0 || ET DELETED Suspicious User-Agent FSD - Possible FakeAV Related
1 || 2013394 || 2 || trojan-activity || 0 || ET TROJAN W32/SpeedRunner User-Agent SRRemove
1 || 2013395 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent _updater_agent
1 || 2013396 || 2 || trojan-activity || 0 || ET TROJAN W32/Skintrim CnC Checkin
1 || 2013397 || 3 || trojan-activity || 0 || ET TROJAN W32/Pandex Trojan Dropper Initial Checkin
1 || 2013398 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32/Momibot Checkin || url,hypersecurity.blogspot.com/2011/08/uncovering-win32momibot-communication.html
1 || 2013399 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32/Momibot Ping Checkin || url,hypersecurity.blogspot.com/2011/08/uncovering-win32momibot-communication.html
1 || 2013400 || 7 || policy-violation || 0 || ET POLICY Request to Suspicious Games at pcgame.gamedia.cn
1 || 2013401 || 2 || trojan-activity || 0 || ET TROJAN Win32/Winshow User Agent
1 || 2013402 || 3 || trojan-activity || 0 || ET DELETED Win32/TrojanDropper.Agent Checkin
1 || 2013403 || 7 || trojan-activity || 0 || ET DELETED Suspicious User-Agent (TheWorld) || url,www.virustotal.com/file-scan/report.html?id=70e502c9b8752da6dc0ff2a41c6975d59090482d2c0758387aca1b5702f96988-1305238279
1 || 2013404 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User Agent ksdl_1_0
1 || 2013405 || 3 || trojan-activity || 0 || ET MALWARE W32/Baigoo User Agent
1 || 2013406 || 5 || not-suspicious || 0 || ET POLICY SSL MiTM Vulnerable or EOL iOS 3.x device || url,support.apple.com/kb/HT1222 || url,support.apple.com/kb/HT4824 || url,en.wikipedia.org/wiki/IOS_version_history || url,github.com/jan0/isslfix || cve,CVE-2011-0228
1 || 2013407 || 5 || not-suspicious || 0 || ET POLICY SSL MiTM Vulnerable or EOL iOS 4.x device || url,support.apple.com/kb/HT1222 || url,support.apple.com/kb/HT4824 || url,en.wikipedia.org/wiki/IOS_version_history || url,github.com/jan0/isslfix || cve,CVE-2011-0228
1 || 2013408 || 6 || not-suspicious || 0 || ET POLICY SSL MiTM Vulnerable iOS 4.x CDMA iPhone device || url,support.apple.com/kb/HT1222 || url,support.apple.com/kb/HT4825 || url,en.wikipedia.org/wiki/IOS_version_history || url,github.com/jan0/isslfix || cve,CVE-2011-0228
1 || 2013409 || 3 || bad-unknown || 0 || ET POLICY Outbound MSSQL Connection to Non-Standard Port - Likely Malware
1 || 2013410 || 4 || bad-unknown || 0 || ET POLICY Outbound MSSQL Connection to Standard port (1433)
1 || 2013411 || 1 || trojan-activity || 0 || ET TROJAN Bancos.DV MSSQL CnC Connection Outbound
1 || 2013412 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.co.com.au domain
1 || 2013413 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV Landing Page Checking firewall status
1 || 2013414 || 10 || bad-unknown || 0 || ET POLICY Executable served from Amazon S3 || url,blog.trendmicro.com/cybercriminals-using-amazon-web-services-aws-to-host-malware/ || url,www.securelist.com/en/blog/208188099/Financial_data_stealing_Malware_now_on_Amazon_Web_Services_Cloud
1 || 2013415 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.cz.tf domain
1 || 2013416 || 8 || attempted-recon || 0 || ET SCAN libwww-perl GET to // with specific HTTP header ordering without libwww-perl User-Agent
1 || 2013417 || 2 || attempted-user || 0 || ET WEB_CLIENT Mozilla Firefox mChannel Object Dangling Pointer Use-After-Free Memory Corruption Attempt || url,www.mozilla.org/security/announce/2011/mfsa2011-13.html || bid,47635 || cve,2011-0065
1 || 2013418 || 5 || trojan-activity || 0 || ET DELETED Mitglieder Proxy Trojan CnC || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Win32%2fMitglieder
1 || 2013419 || 4 || trojan-activity || 0 || ET TROJAN FakeAV FakeAlert.Rena or similar Checkin Flowbit Set 2
1 || 2013420 || 4 || trojan-activity || 0 || ET TROJAN FakeAV FakeAlertRena.n Checkin NO Response from Server
1 || 2013422 || 2 || trojan-activity || 0 || ET MALWARE HTTP Connection to go2000.cn - Common Malware Checkin Server || url,www.mywot.com/en/scorecard/go2000.cn
1 || 2013423 || 7 || trojan-activity || 0 || ET TROJAN User-Agent in Referrer Field - Likely Malware
1 || 2013424 || 3 || trojan-activity || 0 || ET TROJAN W32/UFR POST to CnC
1 || 2013425 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress eShop plugin eshoptemplate parameter Cross Site Scripting Attempt || url,secunia.com/advisories/45553
1 || 2013426 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress eShop plugin action parameter Cross Site Scripting Attempt || url,secunia.com/advisories/45553
1 || 2013427 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress eShop plugin viewemail parameter Cross Site Scripting Attempt || url,secunia.com/advisories/45553
1 || 2013428 || 2 || attempted-user || 0 || ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 1 || url,packetstormsecurity.org/files/view/103964/teechart_pro.rb.txt
1 || 2013429 || 2 || attempted-user || 0 || ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 2 || url,packetstormsecurity.org/files/view/103964/teechart_pro.rb.txt
1 || 2013430 || 2 || attempted-user || 0 || ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 3 || url,packetstormsecurity.org/files/view/103964/teechart_pro.rb.txt
1 || 2013431 || 2 || attempted-user || 0 || ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 4 || url,packetstormsecurity.org/files/view/103964/teechart_pro.rb.txt
1 || 2013432 || 2 || attempted-user || 0 || ET ACTIVEX TeeChart Professional ActiveX Control integer overflow Vulnerability 5 || url,packetstormsecurity.org/files/view/103964/teechart_pro.rb.txt
1 || 2013433 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla jfeedback Component controller parameter Local File Inclusion Attempt || url,xforce.iss.net/xforce/xfdb/57654
1 || 2013434 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tiki Wiki CMS ajax parameter XSS Vulnerability || url,packetstormsecurity.org/files/view/103179/tikiwiki7-xss.txt
1 || 2013435 || 3 || trojan-activity || 0 || ET TROJAN Win32.Shiz.fxm/Agent-TBT Checkin
1 || 2013436 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Redirection to driveby Page Home index.php
1 || 2013437 || 5 || bad-unknown || 0 || ET DELETED Executable served from Amazon S3 || url,blog.trendmicro.com/cybercriminals-using-amazon-web-services-aws-to-host-malware/ || url,www.securelist.com/en/blog/208188099/Financial_data_stealing_Malware_now_on_Amazon_Web_Services_Cloud
1 || 2013438 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.uni.cc domain
1 || 2013439 || 9 || trojan-activity || 0 || ET TROJAN Dirt Jumper/Russkill3 Checkin || url,www.threatexpert.com/report.aspx?md5=905ffd2089d6bd50f8f1fed04b27013e || url,asert.arbornetworks.com/2011/08/dirt-jumper-caught/ || url,www.deependresearch.org/2011/10/dirt-jumper-ddos-bot-new-versions-new.html
1 || 2013440 || 6 || trojan-activity || 0 || ET TROJAN W32/DirtJumper CnC Server Providing DDOS Targets || url,asert.arbornetworks.com/2011/08/dirt-jumper-caught/
1 || 2013441 || 9 || trojan-activity || 0 || ET TROJAN EXE Download When Server Claims To Send Audio File - Must Be Win32
1 || 2013442 || 3 || trojan-activity || 0 || ET DELETED EXE Download When Server Claims To Send Audio File - DOS Mode
1 || 2013443 || 4 || trojan-activity || 0 || ET TROJAN W32/Mnless Checkin
1 || 2013444 || 3 || trojan-activity || 0 || ET TROJAN Win32/Onescan FraudWare User-Agent
1 || 2013445 || 3 || trojan-activity || 0 || ET TROJAN W32/NetShare User-Agent
1 || 2013446 || 2 || trojan-activity || 0 || ET TROJAN Win32/TrojanDownloader.Chekafe.D User-Agent my_check_data On Off HTTP Port
1 || 2013447 || 3 || trojan-activity || 0 || ET TROJAN Win32/TrojanDownloader.Chekafe.D Initial Checkin
1 || 2013448 || 6 || trojan-activity || 0 || ET MALWARE SurfSideKick Activity (iinfo)
1 || 2013449 || 3 || trojan-activity || 0 || ET DELETED W32/Rbot User-Agent (tiehttp)
1 || 2013450 || 3 || trojan-activity || 0 || ET TROJAN Troxen Downloader Checkin || url,www.threatexpert.com/report.aspx?md5=c936b15a8f7a3732bc16ee36693831ec
1 || 2013451 || 3 || trojan-activity || 0 || ET TROJAN NgrBot IRC CnC Channel Join || url,stopmalvertising.com/rootkits/analysis-of-ngrbot.html
1 || 2013452 || 3 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent (go-diva) || url,pcthreat.com/parasitebyid-8835en.html
1 || 2013453 || 2 || policy-violation || 0 || ET POLICY CNET Custom Installer Possible Bundled Bloatware || url,www.extremetech.com/computing/93504-download-com-wraps-downloads-in-bloatware-lies-about-motivations
1 || 2013454 || 3 || policy-violation || 0 || ET POLICY CNET TechTracker Software Manager request || url,www.cnet.com/techtracker-free/
1 || 2013455 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (GUIDTracker) || url,threatexpert.com/report.aspx?md5=7a8807f4de0999dba66a8749b2366def
1 || 2013456 || 5 || trojan-activity || 0 || ET TROJAN Win32/VB.HV Checkin || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FVB.HV
1 || 2013457 || 4 || trojan-activity || 0 || ET POLICY BitCoin User-Agent Likely Bitcoin Miner || url,isc.sans.edu/diary.html?storyid=11059
1 || 2013458 || 2 || policy-violation || 0 || ET POLICY Facebook Like Button Clicked (1) || url,developers.facebook.com/docs/reference/plugins/like/ || url,news.cnet.com/8301-1023_3-20094866-93/facebooks-like-button-illegal-in-german-state/
1 || 2013459 || 2 || policy-violation || 0 || ET POLICY Facebook Like Button Clicked (2) || url,developers.facebook.com/docs/reference/plugins/like/ || url,news.cnet.com/8301-1023_3-20094866-93/facebooks-like-button-illegal-in-german-state/
1 || 2013460 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.c0m.li domain
1 || 2013461 || 3 || trojan-activity || 0 || ET TROJAN Win32/Wizpop Initial Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FWizpop&ThreatID=159818
1 || 2013462 || 2 || web-application-attack || 0 || ET DOS Skype FindCountriesByNamePattern property Buffer Overflow Attempt || url,garage4hackers.com/f43/skype-5-x-activex-crash-poc-981.html
1 || 2013463 || 2 || attempted-user || 0 || ET DOS Skype FindCountriesByNamePattern property Buffer Overflow Attempt Format String Function Call || url,garage4hackers.com/f43/skype-5-x-activex-crash-poc-981.html
1 || 2013464 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress UnGallery pic Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/99004/RhinOS3.0r1113-lfi.txt
1 || 2013465 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EasySiteEdit langval Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/104292/easysiteedit-rfi.txt
1 || 2013466 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DiY-CMS lang Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/93285/diycms-rfi.txt
1 || 2013467 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Community component userid parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/103680/joomlacommunity-sql.txt
1 || 2013468 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Community component userid parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/12644
1 || 2013469 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Community component userid parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/12644
1 || 2013470 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Community component userid parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/12644
1 || 2013471 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Community component userid parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/12644
1 || 2013472 || 4 || attempted-dos || 0 || ET SCAN Kingcope KillApache.pl Apache mod_deflate DoS attempt || url,seclists.org/fulldisclosure/2011/Aug/175
1 || 2013473 || 5 || attempted-dos || 0 || ET SCAN Apache mod_deflate DoS via many multiple byte Range values || url,seclists.org/fulldisclosure/2011/Aug/175
1 || 2013474 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY ACH - Redirection
1 || 2013475 || 2 || bad-unknown || 0 || ET POLICY SUSPICIOUS *.doc.exe in HTTP URL
1 || 2013476 || 2 || bad-unknown || 0 || ET POLICY SUSPICIOUS *.pdf.exe in HTTP URL
1 || 2013477 || 9 || bad-unknown || 0 || ET POLICY SUSPICIOUS *.doc.exe in HTTP HEADER
1 || 2013478 || 8 || bad-unknown || 0 || ET POLICY SUSPICIOUS *.pdf.exe in HTTP HEADER
1 || 2013479 || 3 || misc-activity || 0 || ET SCAN Behavioral Unusually fast Terminal Server Traffic, Potential Scan or Infection (Outbound) || url,threatpost.com/en_us/blogs/new-worm-morto-using-rdp-infect-windows-pcs-082811
1 || 2013480 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain qfsl.net || url,www.f-secure.com/weblog/archives/00002227.html
1 || 2013481 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain jaifr.com || url,www.f-secure.com/weblog/archives/00002227.html
1 || 2013482 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain jaifr.net || url,www.f-secure.com/weblog/archives/00002227.html
1 || 2013483 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain jifr.co.cc || url,www.f-secure.com/weblog/archives/00002227.html
1 || 2013484 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Phoenix Java MIDI Exploit Received By Vulnerable Client
1 || 2013485 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Phoenix Java MIDI Exploit Received
1 || 2013486 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Phoenix landing page JAVASMB
1 || 2013487 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Generic Java Exploit Attempt Request for Java to decimal host || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452
1 || 2013488 || 3 || trojan-activity || 0 || ET TROJAN Zeus Bot GET to Bing checking Internet connectivity || url,www.secureworks.com/research/threats/zeus/?threat=zeus || url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html
1 || 2013489 || 3 || bad-unknown || 0 || ET TROJAN Best Pack Exploit Pack Binary Load Request || url,www.kahusecurity.com/2011/best-pack/
1 || 2013490 || 2 || unknown || 0 || ET POLICY NetBIOS nbtstat Type Query Outbound
1 || 2013491 || 2 || unknown || 0 || ET POLICY NetBIOS nbtstat Type Query Inbound
1 || 2013492 || 4 || attempted-recon || 0 || ET SCAN McAfee/Foundstone Scanner Web Scan || url,www.mcafee.com/us/products/vulnerability-manager.aspx
1 || 2013493 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain qfsl.co.be || url,contagiodump.blogspot.com/2011/08/aug-28-morto-tsclient-rdp-worm-with.html
1 || 2013494 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain qfsl.co.cc || url,contagiodump.blogspot.com/2011/08/aug-28-morto-tsclient-rdp-worm-with.html
1 || 2013495 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain jifr.info || url,contagiodump.blogspot.com/2011/08/aug-28-morto-tsclient-rdp-worm-with.html
1 || 2013496 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS query for Morto RDP worm related domain jifr.co.be || url,contagiodump.blogspot.com/2011/08/aug-28-morto-tsclient-rdp-worm-with.html
1 || 2013497 || 2 || protocol-command-decode || 0 || ET TROJAN MS Terminal Server User A Login, possible Morto inbound || cve,CAN-2001-0540
1 || 2013498 || 2 || policy-violation || 0 || ET POLICY Netflix Streaming Player Access || url,netflix.com
1 || 2013499 || 3 || policy-violation || 0 || ET POLICY IncrediMail Install Callback || url,www.incredimail.com
1 || 2013500 || 2 || misc-activity || 0 || ET CURRENT_EVENTS Known Fraudulent DigiNotar SSL Certificate for google.com || url,www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
1 || 2013501 || 2 || misc-activity || 0 || ET DELETED Known Fraudulent DigiNotar SSL Certificate for google.com 2 || url,www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
1 || 2013502 || 4 || trojan-activity || 0 || ET TROJAN Win32/Wizpop Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FWizpop&ThreatID=159818
1 || 2013503 || 3 || policy-violation || 0 || ET POLICY OS X Software Update Request Outbound || url,www.apple.com/softwareupdate/
1 || 2013504 || 5 || not-suspicious || 0 || ET POLICY GNU/Linux APT User-Agent Outbound likely related to package management || url,help.ubuntu.com/community/AptGet/Howto
1 || 2013505 || 3 || policy-violation || 0 || ET POLICY GNU/Linux YUM User-Agent Outbound likely related to package management || url,www.phy.duke.edu/~rgb/General/yum_HOWTO/yum_HOWTO/
1 || 2013506 || 1 || trojan-activity || 0 || ET TROJAN W32/Badlib Connectivity Check To Department of Defense Intelligence Information Systems || url,blog.eset.com/2011/08/03/win32delf-qcztrust-me-i%E2%80%99m-your-anti-virus || url,www.eset.com/about/blog/blog/article/win32delf-qcz-additional-details
1 || 2013507 || 2 || trojan-activity || 0 || ET TROJAN Win32/Dynamer Trojan Dropper User-Agent VB Http || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FDynamer!dtc
1 || 2013508 || 3 || trojan-activity || 0 || ET TROJAN Downloader User-Agent HTTPGET
1 || 2013509 || 2 || trojan-activity || 0 || ET TROJAN W32/Lalus Trojan Downloader Checkin
1 || 2013510 || 2 || trojan-activity || 0 || ET TROJAN W32/Lalus Trojan Downloader User Agent (Message Center)
1 || 2013511 || 2 || trojan-activity || 0 || ET TROJAN Win32/CazinoSilver User-Agent (DMFR)
1 || 2013512 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (MadeByLc)
1 || 2013513 || 2 || trojan-activity || 0 || ET TROJAN W32/Bancos Reporting
1 || 2013514 || 2 || trojan-activity || 0 || ET TROJAN Potential DNS Command and Control via TXT queries || url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-September/015625.html
1 || 2013515 || 3 || trojan-activity || 0 || ET TROJAN Potential DNS Command and Control via TXT queries || url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-September/015625.html
1 || 2013516 || 1 || trojan-activity || 0 || ET TROJAN TR/Spy.Gen checkin via dns ANY query || url,anubis.iseclab.org/?action=result&task_id=1623d5fd288be7024e56c5bd38359c33c || url,mwanalysis.org/?page=report&analysisid=430235&password=wwgcvyheon || url,www.threatexpert.com/report.aspx?md5=2519bdb5459bc9f59f59cd7ccb147d23
1 || 2013517 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Morto Worm Rar Download || url,contagiodump.blogspot.com/2011/08/aug-28-morto-tsclient-rdp-worm-with.html
1 || 2013518 || 2 || trojan-activity || 0 || ET TROJAN Driveby Loader Request List.php
1 || 2013519 || 2 || trojan-activity || 0 || ET TROJAN Driveby Loader Request sn.php
1 || 2013520 || 4 || trojan-activity || 0 || ET DELETED Unknown Loader *.jpg?t=0.* in http_uri
1 || 2013521 || 4 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 0
1 || 2013522 || 4 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 1
1 || 2013523 || 4 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 2
1 || 2013524 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 3
1 || 2013525 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 4
1 || 2013526 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 5
1 || 2013527 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 6
1 || 2013528 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 7
1 || 2013529 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 8
1 || 2013530 || 3 || trojan-activity || 0 || ET TROJAN Spyeye Data Exfiltration 9
1 || 2013531 || 2 || protocol-command-decode || 0 || ET TROJAN MS Terminal Server User A Login, possible Morto Outbound || cve,CAN-2001-0540
1 || 2013532 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Fynloski.A Command Request || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fFynloski.A&ThreatID=-2147327112 || url,home.mcafee.com/virusinfo/virusprofile.aspx?key=570863
1 || 2013533 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Fynloski.A Command Response || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fFynloski.A&ThreatID=-2147327112 || url,home.mcafee.com/virusinfo/virusprofile.aspx?key=570863
1 || 2013534 || 7 || trojan-activity || 0 || ET TROJAN VirTool.Win32/VBInject.gen!DM Checkin || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=VirTool%3aWin32/VBInject.gen!DM
1 || 2013535 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.tc domain
1 || 2013536 || 2 || trojan-activity || 0 || ET TROJAN BKDR_BTMINE.MNR BitCoin Miner Retrieving Server IP Addresses || url,about-threats.trendmicro.com/malware.aspx?language=us&name=BKDR_BTMINE.MNR
1 || 2013537 || 2 || trojan-activity || 0 || ET TROJAN BKDR_BTMINE.MNR BitCoin Miner Retrieving New IP Addresses From Server || url,about-threats.trendmicro.com/malware.aspx?language=us&name=BKDR_BTMINE.MNR
1 || 2013538 || 2 || trojan-activity || 0 || ET TROJAN BKDR_BTMINE.MNR BitCoin Miner Retrieving New Malware From Server || url,about-threats.trendmicro.com/malware.aspx?language=us&name=BKDR_BTMINE.MNR
1 || 2013539 || 2 || trojan-activity || 0 || ET TROJAN BKDR_BTMINE.MNR BitCoin Miner Server Checkin || url,about-threats.trendmicro.com/malware.aspx?language=us&name=BKDR_BTMINE.MNR
1 || 2013540 || 5 || trojan-activity || 0 || ET MALWARE Win32/Adware.Kraddare.FJ Checkin
1 || 2013541 || 3 || trojan-activity || 0 || ET DELETED Win32/Daemonize Trojan Proxy Initial Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanProxy%3AWin32%2FDaemonize.A&ThreatID=-2147464655
1 || 2013542 || 2 || trojan-activity || 0 || ET USER_AGENTS Win32/OnLineGames User-Agent (Revolution Win32) || url,threatexpert.com/report.aspx?md5=1431f4ab4bbe3ad1087eb14cf4d7dff9
1 || 2013543 || 3 || trojan-activity || 0 || ET TROJAN W32/iGrabber Info Stealer FTP Upload
1 || 2013544 || 2 || trojan-activity || 0 || ET TROJAN TROJ_VB.FJP Generic Dowbnloader Connectivity Check to Google
1 || 2013545 || 3 || trojan-activity || 0 || ET DELETED Helpexpress Spyware User-Agent HXLogOnly
1 || 2013546 || 2 || trojan-activity || 0 || ET TROJAN W32/Gagolino Banking Trojan Reporting to CnC
1 || 2013547 || 2 || trojan-activity || 0 || ET TROJAN Win32.Unknown.UDP.edsm CnC traffic || url,xml.ssdsandbox.net/view/11c0df38d31121885a76500140780cef
1 || 2013548 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Exploit Pack HCP exploit
1 || 2013549 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Exploit Pack HCP exploit 2
1 || 2013550 || 5 || bad-unknown || 0 || ET TROJAN Potential Blackhole Exploit Pack Binary Load Request 2 || url,krebsonsecurity.com/2010/10/java-a-gift-to-exploit-pack-makers/
1 || 2013551 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Driveby Generic Java Exploit Attempt || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452
1 || 2013552 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Driveby Generic Java Exploit Attempt 2 || url,fhoguin.com/2011/03/oracle-java-unsigned-applet-applet2classloader-remote-code-execution-vulnerability-zdi-11-084-explained/ || cve,CVE-2010-4452
1 || 2013553 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole landing page with malicious Java applet
1 || 2013554 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole MapYandex.class malicious jar
1 || 2013555 || 5 || trojan-activity || 0 || ET TROJAN Fivfrom Downloader (Unitrix)
1 || 2013556 || 2 || trojan-activity || 0 || ET TROJAN UBar Trojan/Adware Checkin 1 || url,www.threatexpert.com/report.aspx?md5=81a119f7f47663c03053e76146f54fe9
1 || 2013557 || 2 || trojan-activity || 0 || ET TROJAN UBar Trojan/Adware Checkin 2
1 || 2013558 || 2 || trojan-activity || 0 || ET TROJAN UBar Trojan/Adware Checkin 3
1 || 2013559 || 4 || trojan-activity || 0 || ET TROJAN Delphi Trojan Downloader User-Agent (JEDI-VCL)
1 || 2013560 || 3 || trojan-activity || 0 || ET TROJAN Potentially Unwanted Program Storm3-607.exe Download Reporting
1 || 2013561 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (windsoft)
1 || 2013562 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openads row Parameter Remote File inclusion Attempt
1 || 2013563 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bug_actiongroup_ext_page.php script Local File Inclusion Attempt
1 || 2013564 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS bug_actiongroup_page.php script Local File Inclusion Attempt
1 || 2013565 || 2 || web-application-attack || 0 || ET ACTIVEX Tom Sawyer Software Possible Memory Corruption Attempt
1 || 2013566 || 2 || attempted-user || 0 || ET ACTIVEX Tom Sawyer Possible Memory Corruption Attempt Format String Function Call
1 || 2013567 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pranian Group e107 page Parameter Cross Site Scripting Vulnerability Attempt
1 || 2013568 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OneFileCMS p parameter Cross Site Scripting Attempt
1 || 2013569 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS University Of Vermont intro Parameter Remote File inclusion Attempt
1 || 2013651 || 2 || trojan-activity || 0 || ET DELETED Driveby Download Secondary Request 4
1 || 2013652 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Landing Reporting Successful Java Compromise
1 || 2013653 || 2 || trojan-activity || 0 || ET TROJAN Shady RAT Get File Command || url,www.symantec.com/connect/blogs/truth-behind-shady-rat
1 || 2013654 || 2 || trojan-activity || 0 || ET TROJAN Shady RAT Put File Command || url,www.symantec.com/connect/blogs/truth-behind-shady-rat
1 || 2013655 || 2 || trojan-activity || 0 || ET TROJAN Shady RAT Retrieve and Execute Command || url,www.symantec.com/connect/blogs/truth-behind-shady-rat
1 || 2013656 || 2 || trojan-activity || 0 || ET TROJAN Shady RAT Relay Command || url,www.symantec.com/connect/blogs/truth-behind-shady-rat
1 || 2013657 || 2 || trojan-activity || 0 || ET TROJAN Shady RAT Send Status Result || url,www.symantec.com/connect/blogs/truth-behind-shady-rat
1 || 2013658 || 2 || bad-unknown || 0 || ET MALWARE Zugo Toolbar Spyware/Adware download request || url,zugo.com/privacy-policy/
1 || 2013659 || 4 || policy-violation || 0 || ET POLICY Self Signed SSL Certificate (SomeOrganizationalUnit)
1 || 2013660 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Landing Response Malicious JavaScript
1 || 2013661 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit kit worms.jar
1 || 2013662 || 1 || web-application-attack || 0 || ET CURRENT_EVENTS Crimepack Java exploit attempt(2)
1 || 2013663 || 2 || trojan-activity || 0 || ET TROJAN Unknown Exploit Pack Binary Load Request (server_privileges.php)
1 || 2013664 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?b Download Secondary Request
1 || 2013665 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?n Download Secondary Request
1 || 2013666 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?page Download Secondary Request
1 || 2013667 || 3 || trojan-activity || 0 || ET DELETED Likely Blackhole Exploit Kit Driveby ?v Download Secondary Request
1 || 2013668 || 2 || trojan-activity || 0 || ET TROJAN Win32.Riberow.A (listdir) || url,www.threatexpert.com/report.aspx?md5=c55fe941b80b3e5e77be8728642d138e
1 || 2013669 || 2 || trojan-activity || 0 || ET TROJAN Win32.Riberow.A (mkdir) || url,www.threatexpert.com/report.aspx?md5=c55fe941b80b3e5e77be8728642d138e
1 || 2013670 || 2 || trojan-activity || 0 || ET TROJAN Win32.Riberow.A (fsize) || url,www.threatexpert.com/report.aspx?md5=c55fe941b80b3e5e77be8728642d138e
1 || 2013671 || 2 || trojan-activity || 0 || ET TROJAN Win32.Riberow.A (touch) || url,www.threatexpert.com/report.aspx?md5=c55fe941b80b3e5e77be8728642d138e
1 || 2013672 || 3 || trojan-activity || 0 || ET TROJAN Win32.Riberow.A (postit3) || url,www.threatexpert.com/report.aspx?md5=c55fe941b80b3e5e77be8728642d138e
1 || 2013673 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Tune Library Plugin letter parameter SELECT FROM SQL Injection Attempt || bugtraq,49553
1 || 2013674 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Tune Library Plugin letter parameter DELETE FROM SQL Injection Attempt || bugtraq,49553
1 || 2013675 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Tune Library Plugin letter parameter UNION SELECT SQL Injection Attempt || bugtraq,49553
1 || 2013676 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Tune Library Plugin letter parameter INSERT INTO SQL Injection Attempt || bugtraq,49553
1 || 2013677 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Tune Library Plugin letter parameter UPDATE SET SQL Injection Attempt || bugtraq,49553
1 || 2013678 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component com_jr_questionnaire Directory Traversal Attempt || url,packetstormsecurity.org/files/view/102784/joomlajrqn-traversal.txt
1 || 2013679 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BbZL.PhP lien_2 Parameter Remote File Inclusion Attempt || url,exploit-db.com/exploits/17495
1 || 2013680 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla EZ Realty id Parameter Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/104017/joomlarealestate-sql.txt
1 || 2013681 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS American Bankers Association Cross Site Scripting Attempt || url,packetstormsecurity.org/files/view/103855/aba-xss.txt
1 || 2013682 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simplis CMS download_file Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/99797/simpliscms-disclose.txt
1 || 2013683 || 2 || trojan-activity || 0 || ET TROJAN Win32.Parite Checkin SQL Database || url,www.threatexpert.com/report.aspx?md5=19441bc629e6c1dcb54cb5febdf9a22d
1 || 2013684 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.dtdns.net domain
1 || 2013685 || 2 || trojan-activity || 0 || ET TROJAN ZeroAccess/Max++ Rootkit C&C Activity 1 || url,resources.infosecinstitute.com/step-by-step-tutorial-on-reverse-engineering-malware-the-zeroaccessmaxsmiscer-crimeware-rootkit/ || url,www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99&tabid=2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3aWin32%2fSirefef.B
1 || 2013686 || 2 || trojan-activity || 0 || ET TROJAN ZeroAccess/Max++ Rootkit C&C Activity 2 || url,resources.infosecinstitute.com/step-by-step-tutorial-on-reverse-engineering-malware-the-zeroaccessmaxsmiscer-crimeware-rootkit/ || url,www.symantec.com/security_response/writeup.jsp?docid=2011-071314-0410-99&tabid=2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3aWin32%2fSirefef.B
1 || 2013687 || 4 || trojan-activity || 0 || ET TROJAN Shylock Module Data POST || url,anubis.iseclab.org/index.php?action=result&task_id=86c6da9437e65c94990ddd85d87299f1 || url,www.threatexpert.com/report.aspx?md5=4fda5e7e8e682870e993f97ad26ba6b2
1 || 2013688 || 2 || trojan-activity || 0 || ET TROJAN Shylock Module Server Response || url,anubis.iseclab.org/index.php?action=result&task_id=86c6da9437e65c94990ddd85d87299f1 || url,www.threatexpert.com/report.aspx?md5=4fda5e7e8e682870e993f97ad26ba6b2
1 || 2013690 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Kit reporting Java and PDF state
1 || 2013691 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Java requesting malicious JAR
1 || 2013692 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Java requesting malicious EXE
1 || 2013693 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Kit request for pdf_err__Error__Unspecified
1 || 2013694 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Netisend.A Posting Information to CnC || url,www.fortiguard.com/latest/mobile/2959807
1 || 2013695 || 4 || trojan-activity || 0 || ET DELETED Unknown Java Exploit Kit cc exploit progress status cookie
1 || 2013696 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit x.jar?o=
1 || 2013697 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit lo.class
1 || 2013698 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit lo2.jar
1 || 2013699 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit applet landing
1 || 2013700 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole landing page with malicious Java applet
1 || 2013701 || 2 || trojan-activity || 0 || ET TROJAN Agent-TMF Checkin
1 || 2013702 || 3 || trojan-activity || 0 || ET TROJAN Trojan Downloader User-Agent (NOPE) || url,support.clean-mx.de/clean-mx/view_joebox.php?md5=b0b7c391d084974b2666c1c57b349b62&id=711369 || url,www.virustotal.com/file-scan/report.html?id=54dcad20b326a409c09f1b059925ba4ba260ef58297cda1421ffca79942a96a5-1305296734
1 || 2013703 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious Self Signed SSL Certificate to 'My Company Ltd' could be SSL C&C
1 || 2013704 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo N-Myndir SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/104706/mambonmyndir-sql.txt
1 || 2013705 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo N-Myndir DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/104706/mambonmyndir-sql.txt
1 || 2013706 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo N-Myndir UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/104706/mambonmyndir-sql.txt
1 || 2013707 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo N-Myndir INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/104706/mambonmyndir-sql.txt
1 || 2013708 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo N-Myndir UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/104706/mambonmyndir-sql.txt
1 || 2013709 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Annonces Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/105224/wpannonces-rfi.txt
1 || 2013710 || 5 || trojan-activity || 0 || ET POLICY FreeRide Games Some AVs report as TrojWare.Win32.Trojan.Agent.Gen || url,forums.comodo.com/av-false-positivenegative-detection-reporting/trojwarewin32trojanagentgen-t55152.0.html
1 || 2013711 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TinyWebGallery workaround_dir parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/104631/tinywebgallery-lfishellsql.txt
1 || 2013712 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TinyWebGallery install_path parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/104631/tinywebgallery-lfishellsql.txt
1 || 2013713 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joostina CMS users component Blind SQL Injection Attempt || url,packetstormsecurity.org/files/view/100853/joostinausers-sql.txt
1 || 2013714 || 3 || trojan-activity || 0 || ET DELETED Win32/Spy.Lpxenur Checkin
1 || 2013715 || 4 || policy-violation || 0 || ET POLICY BingBar ToolBar User-Agent (BingBar)
1 || 2013716 || 3 || trojan-activity || 0 || ET DELETED W32/Parite CnC Checkin
1 || 2013717 || 2 || trojan-activity || 0 || ET USER_AGENTS Trojan Downloader User-Agent BGroom
1 || 2013718 || 2 || trojan-activity || 0 || ET USER_AGENTS Trojan Downloader User-Agent (Tiny)
1 || 2013719 || 3 || trojan-activity || 0 || ET POLICY GridinSoft.com Software Version Check
1 || 2013720 || 3 || trojan-activity || 0 || ET TROJAN Win32/Wapomi.AD Variant Checkin
1 || 2013721 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (WindowsNT) With No Separating Space
1 || 2013722 || 2 || trojan-activity || 0 || ET DELETED W32/OpenCapture CnC Checkin
1 || 2013723 || 2 || trojan-activity || 0 || ET TROJAN Win32/Daemonize Trojan Proxy Initial Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanProxy%3AWin32%2FDaemonize.A&ThreatID=-2147464655
1 || 2013724 || 2 || trojan-activity || 0 || ET TROJAN W32/OnlineGames User-Agent (LockXLS)
1 || 2013725 || 2 || trojan-activity || 0 || ET TROJAN Win32/OnLineGames User-Agent (Revolution Win32)
1 || 2013727 || 1 || trojan-activity || 0 || ET DELETED W32/iGrabber Info Stealer FTP Upload
1 || 2013728 || 2 || trojan-activity || 0 || ET TROJAN Win32/OnLineGames GetMyIP Style Checkin
1 || 2013729 || 2 || trojan-activity || 0 || ET MALWARE Adware/Helpexpress User Agent HXLogOnly
1 || 2013730 || 3 || attempted-user || 0 || ET SCADA PcVue Activex Control Insecure method (AddPage) || url,exploit-db.com/exploits/17896
1 || 2013731 || 3 || attempted-user || 0 || ET SCADA PcVue Activex Control Insecure method (DeletePage) || url,exploit-db.com/exploits/17896
1 || 2013732 || 3 || attempted-user || 0 || ET SCADA PcVue Activex Control Insecure method (SaveObject) || url,exploit-db.com/exploits/17896
1 || 2013733 || 3 || attempted-user || 0 || ET SCADA PcVue Activex Control Insecure method (LoadObject) || url,exploit-db.com/exploits/17896
1 || 2013734 || 3 || attempted-user || 0 || ET SCADA PcVue Activex Control Insecure method (GetExtendedColor) || url,exploit-db.com/exploits/17896
1 || 2013735 || 3 || attempted-user || 0 || ET SCADA Sunway ForceControl Activex Control Vulnerability || bugtraq,49747
1 || 2013736 || 4 || attempted-user || 0 || ET SCADA Sunway ForceControl Activex Control Remote Code Execution Vulnerability 2 || bugtraq,49747
1 || 2013737 || 4 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (GenericHttp/VER_STR_COMMA)
1 || 2013738 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla RokQuickCart view Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/96804/joomlarokquickcart-lfi.txt
1 || 2013739 || 13 || trojan-activity || 0 || ET TROJAN Zeus P2P CnC || url,www.abuse.ch/?p=3499
1 || 2013740 || 9 || trojan-activity || 0 || ET TROJAN Zeus/Aeausuc P2P Variant Retrieving Peers List || url,www.abuse.ch/?p=3499
1 || 2013741 || 6 || trojan-activity || 0 || ET TROJAN Trojan-Dropper.Win32.StartPage.dvm or Mebromi Bios Rootkit CnC Count Checkin || url,www.threatexpert.com/report.aspx?md5=7d2eb4b364e15e90cec1ddd7dcb97f64 || url,blog.webroot.com/2011/09/13/mebromi-the-first-bios-rootkit-in-the-wild/ || url,threatexpert.com/report.aspx?md5=b3106dbfb3ab114755af311883f33697%20
1 || 2013742 || 3 || attempted-user || 0 || ET WEB_CLIENT Google Chrome Multiple Iframe PDF File Handling Memory Corruption Attempt || bid,49933 || cve,2011-2841
1 || 2013743 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain
1 || 2013744 || 8 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a no-ip Domain
1 || 2013745 || 5 || bad-unknown || 0 || ET TROJAN Double HTTP/1.1 Header Outbound - Likely Infected or Hostile Traffic
1 || 2013746 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Exploit Pack HCP exploit 3
1 || 2013747 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Aldibot.A User-Agent (Aldi Bot) || url,www.asert.arbornetworks.com/2011/10/ddos-aldi-bot || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fAbot.gen!A
1 || 2013748 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Aldibot.A Checkin || url,www.asert.arbornetworks.com/2011/10/ddos-aldi-bot/ || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fAbot.gen!A
1 || 2013749 || 5 || policy-violation || 0 || ET POLICY VMware User-Agent Outbound || url,www.vmware.com
1 || 2013750 || 3 || attempted-user || 0 || ET ACTIVEX DivX Plus Web Player DivXPlaybackModule File URL Buffer Overflow Attempt || url,www.dl.packetstormsecurity.net/1109-advisories/sa45550.txt
1 || 2013751 || 3 || trojan-activity || 0 || ET TROJAN Possible German Governmental Backdoor/R2D2.A 1 || url,ccc.de/en/updates/2011/staatstrojaner
1 || 2013752 || 3 || trojan-activity || 0 || ET TROJAN Possible German Governmental Backdoor/R2D2.A 2 || url,ccc.de/en/updates/2011/staatstrojaner
1 || 2013753 || 4 || trojan-activity || 0 || ET TROJAN Bundestrojaner (W32/R2D2 BTrojan) Inbound SRV-2 || url,www.ccc.de/de/updates/2011/staatstrojaner || url,www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf || url,www.f-secure.com/weblog/archives/00002249.html || url,www.heise.de/newsticker/meldung/CCC-knackt-Staatstrojaner-1357670.html || url,www.virustotal.com/file-scan/report.html?id=be36ce1e79ba6f97038a6f9198057abecf84b38f0ebb7aaa897fd5cf385d702f-1318152545 || url,www.ccc.de/en/updates/2011/staatstrojaner
1 || 2013754 || 4 || trojan-activity || 0 || ET TROJAN Bundestrojaner (W32/R2D2 BTrojan) Outbound SRV-2 || url,www.ccc.de/de/updates/2011/staatstrojaner || url,www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf || url,www.f-secure.com/weblog/archives/00002249.html || url,www.heise.de/newsticker/meldung/CCC-knackt-Staatstrojaner-1357670.html || url,www.virustotal.com/file-scan/report.html?id=be36ce1e79ba6f97038a6f9198057abecf84b38f0ebb7aaa897fd5cf385d702f-1318152545 || url,www.ccc.de/en/updates/2011/staatstrojaner
1 || 2013755 || 4 || trojan-activity || 0 || ET TROJAN Bundestrojaner (W32/R2D2 BTrojan) Inbound SRV-1 || url,www.ccc.de/de/updates/2011/staatstrojaner || url,www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf || url,www.f-secure.com/weblog/archives/00002249.html || url,www.heise.de/newsticker/meldung/CCC-knackt-Staatstrojaner-1357670.html || url,www.virustotal.com/file scan/report.html?id=be36ce1e79ba6f97038a6f9198057abecf84b38f0ebb7aaa897fd5cf385d702f-1318152545 || url,www.ccc.de/en/updates/2011/staatstrojaner
1 || 2013756 || 4 || trojan-activity || 0 || ET TROJAN Bundestrojaner (W32/R2D2 BTrojan) Outbound SRV-1 || url,www.ccc.de/de/updates/2011/staatstrojaner || url,www.ccc.de/system/uploads/76/original/staatstrojaner-report23.pdf || url,www.f-secure.com/weblog/archives/00002249.html || url,www.heise.de/newsticker/meldung/CCC-knackt-Staatstrojaner-1357670.html || url,www.virustotal.com/file-scan/report.html?id=be36ce1e79ba6f97038a6f9198057abecf84b38f0ebb7aaa897fd5cf385d702f-1318152545 || url,www.ccc.de/en/updates/2011/staatstrojaner
1 || 2013757 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iBrowser Plugin dir Parameter Cross Site Scripting Attempt-1 || url,packetstormsecurity.org/files/105196
1 || 2013758 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Zingiri webshop plugin Remote File inclusion Attempt || url,packetstormsecurity.org/files/view/105237/wpzingiri-rfi.txt
1 || 2013759 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo AHS Shop component SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt
1 || 2013760 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo AHS Shop component DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt
1 || 2013761 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo AHS Shop component UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt
1 || 2013762 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo AHS Shop component INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt
1 || 2013763 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo AHS Shop component UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/view/104695/mamboahsshopf-sql.txt
1 || 2013764 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Redirect Component view Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/view/96608/joomlaredirect-lfi.txt
1 || 2013765 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS iBrowser Plugin dir Parameter Cross Site Scripting Attempt-2 || url,packetstormsecurity.org/files/105196
1 || 2013766 || 5 || trojan-activity || 0 || ET TROJAN Win32.Swisyn Reporting || url,precisesecurity.com/worms/trojan-win32-swisyn-algm
1 || 2013767 || 3 || trojan-activity || 0 || ET TROJAN W32/Einstein CnC Checkin || url,www.cyberesi.com/2011/10/06/trojan-matryoshka-and-trojan-einstein/
1 || 2013768 || 4 || trojan-activity || 0 || ET TROJAN Win32.Dropper.Wlock Checkin || url,www.threatexpert.com/report.aspx?md5=881e21645e5ffe1ffb959835f8fdf71d
1 || 2013769 || 1 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Prosti Checkin || url,www.threatexpert.com/report.aspx?md5=5113c6dbd644874482f3a26650970600
1 || 2013770 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS USPS Spam/Trojan Executable Download || url,www.virustotal.com/file-scan/report.html?id=41866ac1950b620bd13fb3d6063e3781eaa3bbccb3089b13073abe752d0a6ffa-1318350235
1 || 2013771 || 4 || trojan-activity || 0 || ET TROJAN Win32.Cerberus RAT Checkin Outbound || url,www.threatexpert.com/report.aspx?md5=76e084e9420bfaa31c0f0bf000f1c301
1 || 2013772 || 2 || trojan-activity || 0 || ET TROJAN Win32.Cerberus RAT Checkin Response || url,www.threatexpert.com/report.aspx?md5=76e084e9420bfaa31c0f0bf000f1c301
1 || 2013773 || 2 || trojan-activity || 0 || ET TROJAN Win32.Cerberus RAT Client pong || url,www.threatexpert.com/report.aspx?md5=76e084e9420bfaa31c0f0bf000f1c301
1 || 2013774 || 2 || trojan-activity || 0 || ET TROJAN Win32.Cerberus RAT Server ping || url,www.threatexpert.com/report.aspx?md5=76e084e9420bfaa31c0f0bf000f1c301
1 || 2013775 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Saturn Exploit Kit binary download request
1 || 2013776 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Saturn Exploit Kit probable Java exploit request
1 || 2013777 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Saturn Exploit Kit probable Java MIDI exploit request
1 || 2013778 || 2 || web-application-attack || 0 || ET SCAN NMAP SQL Spider Scan || url,nmap.org/nsedoc/scripts/sql-injection.html
1 || 2013779 || 4 || attempted-recon || 0 || ET SCAN Positive Technologies XSpider Security Scanner User-Agent (PTX) || url,www.securitylab.ru/forum/forum16/topic26800/
1 || 2013780 || 2 || trojan-activity || 0 || ET TROJAN Suspicious HTTP Request for gift.exe
1 || 2013781 || 4 || trojan-activity || 0 || ET TROJAN Win32.Scar.dvov Searchstar.co.kr related Checkin || url,www.threatexpert.com/report.aspx?md5=07ed70b6e7775a510d725c9f032c70d8
1 || 2013782 || 3 || trojan-activity || 0 || ET DELETED W32.Duqu User-Agent || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
1 || 2013783 || 5 || policy-violation || 0 || ET TROJAN W32.Duqu UA and Filename Requested || url,www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
1 || 2013784 || 6 || not-suspicious || 0 || ET POLICY Windows Mobile 7.0 User-Agent detected
1 || 2013785 || 3 || trojan-activity || 0 || ET TROJAN Zentom FakeAV Checkin
1 || 2013786 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 2
1 || 2013787 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 2
1 || 2013788 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole Exploit Kit Driveby ?doit Download Secondary Request
1 || 2013789 || 3 || trojan-activity || 0 || ET DELETED Win32.PEx.C.91139756616/Win32.Zwangi-BU Checkin || url,threatcenter.crdf.fr/?More&ID=49889&D=CRDF.Win32.Win32.PEx.C.91139756616 || md5,2c969afbe71f35571d11e30f1e854b29 || url,www.pcsafedoctor.com/Adware/remove-AdWare.Win32.Zwangi.bu.html
1 || 2013790 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Cnzz.cn Related Dropper Checkin
1 || 2013791 || 2 || attempted-recon || 0 || ET SCAN Apache mod_proxy Reverse Proxy Exposure 1 || url,www.contextis.com/research/blog/reverseproxybypass/ || url,mail-archives.apache.org/mod_mbox/httpd-announce/201110.mbox/%3C20111005141541.GA7696@redhat.com%3E
1 || 2013792 || 3 || attempted-recon || 0 || ET SCAN Apache mod_proxy Reverse Proxy Exposure 2 || url,www.contextis.com/research/blog/reverseproxybypass/ || url,mail-archives.apache.org/mod_mbox/httpd-announce/201110.mbox/%3C20111005141541.GA7696@redhat.com%3E
1 || 2013793 || 1 || trojan-activity || 0 || ET TROJAN Dropper.Win32.Npkon Client Checkin || url,www.threatexpert.com/report.aspx?md5=a7f4a7d08fa650a5f09a00519b944b0b
1 || 2013794 || 1 || trojan-activity || 0 || ET TROJAN Dropper.Win32.Npkon Server Responce || url,www.threatexpert.com/report.aspx?md5=a7f4a7d08fa650a5f09a00519b944b0b
1 || 2013795 || 9 || trojan-activity || 0 || ET TROJAN Bifrose/Cycbot Checkin
1 || 2013796 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Bifrose Second Stage Obfuscated Binary Download Claiming to Be JPEG
1 || 2013797 || 4 || trojan-activity || 0 || ET MALWARE Win32/Adware.Winggo.AB Checkin || url,www.threatexpert.com/report.aspx?md5=2700d3fcdd4b8a7c22788db1658d9163 || url,www.threatcenter.crdf.fr/?More&ID=46606&D=CRDF.Malware.Win32.PEx.Delphi.307674628
1 || 2013798 || 3 || trojan-activity || 0 || ET TROJAN Win32.PEx.Delphi.1151005043 Post-infection Checkin || url,www.threatexpert.com/report.aspx?md5=b58485c9a221e8bd5b4725e7e19988b0 || url,www.threatcenter.crdf.fr/?More&ID=49992&D=CRDF.Malware.Win32.PEx.Delphi.1151005043
1 || 2013799 || 3 || trojan-activity || 0 || ET TROJAN Win32.Trojan.SuspectCRC FakeAV Checkin || url,www.threatexpert.com/report.aspx?md5=54c9d51661a05151e5143f4e80cbed86
1 || 2013800 || 2 || not-suspicious || 0 || ET POLICY OutGoing Chromoting Session || url,xinn.org/Chromoting.html
1 || 2013801 || 3 || not-suspicious || 0 || ET POLICY Incoming Chromoting Session || url,xinn.org/Chromoting.html
1 || 2013802 || 3 || trojan-activity || 0 || ET TROJAN Cycbot POST || url,www.threatexpert.com/report.aspx?md5=1f04bd1b4eceb42e6d5859b6330fc7d7 || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Cycbot-O/detailed-analysis.aspx
1 || 2013803 || 5 || trojan-activity || 0 || ET DELETED Unknown checkin
1 || 2013804 || 4 || misc-attack || 0 || ET DELETED Possible Redirection to Unknown Exploit Pack || url,www.kahusecurity.com/2011/malware-infection-from-new-exploit-pack/
1 || 2013805 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious Self Signed SSL Certificate CN of common Possible SSL CnC
1 || 2013806 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious Self Signed SSL Certificate with admin@common Possible SSL CnC
1 || 2013807 || 3 || trojan-activity || 0 || ET TROJAN Jorik FakeAV GET
1 || 2013808 || 3 || trojan-activity || 0 || ET TROJAN Dooptroop Dropper Checkin
1 || 2013809 || 3 || attempted-user || 0 || ET ACTIVEX Oracle AutoVue Activex Insecure method (SaveViewStateToFile) || url,exploit-db.com/exploits/18016
1 || 2013810 || 3 || attempted-user || 0 || ET ACTIVEX Oracle AutoVue Activex Insecure method (SaveViewStateToFile) Format String Function Call || url,exploit-db.com/exploits/18016
1 || 2013811 || 4 || attempted-user || 0 || ET ACTIVEX Oracle AutoVue Activex Insecure method (Export3DBom) || url,packetstormsecurity.org/files/106064/9sg_autovueii.tgz
1 || 2013812 || 3 || attempted-user || 0 || ET ACTIVEX Oracle AutoVue Activex Insecure method (Export3DBom) Format String Function Call || url,packetstormsecurity.org/files/106064/9sg_autovueii.tgz
1 || 2013813 || 3 || attempted-user || 0 || ET ACTIVEX Oracle AutoVue Activex Insecure method (ExportEdaBom) || url,packetstormsecurity.org/files/106065/9sg_autovueiii.tgz
1 || 2013814 || 3 || attempted-user || 0 || ET ACTIVEX Oracle AutoVue Activex Insecure method (ExportEdaBom) Format String Function Call || url,packetstormsecurity.org/files/106065/9sg_autovueiii.tgz
1 || 2013815 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHool mainnav Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/106073/sportsphool-rfi.txt
1 || 2013816 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla YJ Contact Local File Inclusion Vulnerability || url,/packetstormsecurity.org/files/106222/joomlayjcontact-lfi.txt
1 || 2013817 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Easy Stats plugin homep Parameter Remote File inclusion Attempt || url,secunia.com/advisories/46069 || url,spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos
1 || 2013818 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WHMCompleteSolution templatefile Parameter Local File Inclusion Attempt || url,dl.packetstormsecurity.net/1110-exploits/whmcompletesolution-disclose.txt
1 || 2013819 || 4 || trojan-activity || 0 || ET TROJAN Tatanga/Win32.Kexject.A Checkin || url,securityblog.s21sec.com/2011/02/tatanga-new-banking-trojan-with-mitb.html
1 || 2013821 || 2 || trojan-activity || 0 || ET TROJAN Trojan.Kryptik/proscan.co.kr Checkin || url,www.threatexpert.com/report.aspx?md5=bf156b649cb5da6603a5f665a7d8f13b
1 || 2013822 || 3 || trojan-activity || 0 || ET DELETED Trojan.Kryptik/proscan.co.kr Checkin 2 || url,www.threatexpert.com/report.aspx?md5=bf156b649cb5da6603a5f665a7d8f13b
1 || 2013823 || 2 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a Suspicious *.myftp.biz Domain
1 || 2013824 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.myftp.biz Domain
1 || 2013826 || 3 || trojan-activity || 0 || ET TROJAN SecurityDefender exe Download Likely FakeAV Install
1 || 2013827 || 6 || trojan-activity || 0 || ET TROJAN AntiVirus exe Download Likely FakeAV Install
1 || 2013828 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.eu.tf domain
1 || 2013829 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.int.tf domain
1 || 2013830 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.edu.tf domain
1 || 2013831 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.us.tf domain
1 || 2013832 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.ca.tf domain
1 || 2013833 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.bg.tf domain
1 || 2013834 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.ru.tf domain
1 || 2013835 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.pl.tf domain
1 || 2013836 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a *.cz.tf domain
1 || 2013837 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.de.tf domain
1 || 2013838 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.at.tf domain
1 || 2013839 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.ch.tf domain
1 || 2013840 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.sg.tf domain
1 || 2013841 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.nl.ai domain
1 || 2013842 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.xe.cx domain
1 || 2013843 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to a Suspicious *.orge.pl Domain
1 || 2013844 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.orge.pl Domain
1 || 2013845 || 2 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a Suspicious *.ez-dns.com Domain
1 || 2013846 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.ez-dns.com Domain
1 || 2013847 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .net.tf Domain
1 || 2013848 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .eu.tf Domain
1 || 2013849 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .int.tf Domain
1 || 2013850 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .edu.tf Domain
1 || 2013851 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .us.tf Domain
1 || 2013852 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .ca.tf Domain
1 || 2013853 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .bg.tf Domain
1 || 2013854 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .ru.tf Domain
1 || 2013855 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .pl.tf Domain
1 || 2013856 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .cz.tf Domain
1 || 2013857 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .de.tf Domain
1 || 2013858 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .at.tf Domain
1 || 2013859 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .ch.tf Domain
1 || 2013860 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .sg.tf Domain
1 || 2013861 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .nl.ai Domain
1 || 2013862 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .xe.cx Domain
1 || 2013863 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a Suspicious *.dyndns-web.com Domain
1 || 2013864 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns-web.com Domain
1 || 2013865 || 6 || trojan-activity || 0 || ET TROJAN Kazy/Kryptor/Cycbot Trojan Checkin 2
1 || 2013866 || 6 || trojan-activity || 0 || ET DELETED Kazy/Kryptor/Cycbot Trojan Checkin 3
1 || 2013867 || 3 || policy-violation || 0 || ET POLICY Bomgar Remote Assistance Tool Download || url,www.bomgar.com
1 || 2013868 || 4 || trojan-activity || 0 || ET TROJAN Win32/Sefbov.E Reporting || url,threatexpert.com/report.aspx?md5=f50d954f1fd38c6eb10e7e399caab480
1 || 2013869 || 6 || policy-violation || 0 || ET P2P Torrent Client User-Agent (Solid Core/0.82) || url,sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=4a9f376e8d01cb5f7990576ed927869b
1 || 2013870 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla component Simple File Lister sflDir Parameter directory traversal attempt || url,exploit-db.com/exploits/17736
1 || 2013871 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBSng str Parameter Cross Site Scripting Attempt || bugtraq,50468
1 || 2013872 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mole Group Vacation Estate Listing Script Blind SQL Injection Attempt || url,exploit-db.com/exploits/7626
1 || 2013873 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla techfolio component SELECT FROM SQL Injection Attempt || url,1337day.com/exploits/17138
1 || 2013874 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla techfolio component DELETE FROM SQL Injection Attempt || url,1337day.com/exploits/17138
1 || 2013875 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla techfolio component UNION SELECT SQL Injection Attempt || url,1337day.com/exploits/17138
1 || 2013876 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla techfolio component INSERT INTO SQL Injection Attempt || url,1337day.com/exploits/17138
1 || 2013877 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla techfolio component UPDATE SET SQL Injection Attempt || url,1337day.com/exploits/17138
1 || 2013878 || 4 || attempted-user || 0 || ET SCADA PROMOTIC ActiveX Control Insecure method (SaveCfg) || url,aluigi.altervista.org/adv/promotic_1-adv.txt
1 || 2013879 || 2 || attempted-user || 0 || ET SCADA PROMOTIC ActiveX Control Insecure method (AddTrend) || url,aluigi.altervista.org/adv/promotic_1-adv.txt
1 || 2013880 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (FULLSTUFF) || url,threatexpert.com/reports.aspx?find=mrb.mail.ru
1 || 2013881 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (NateFinder)
1 || 2013882 || 5 || trojan-activity || 0 || ET POLICY Norton Update User-Agent (Install Stub) || url,threatexpert.com/reports.aspx?find=stats.norton.com
1 || 2013883 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (webfile) || url,threatexpert.com/reports.aspx?find=upsh.playmusic.co.kr
1 || 2013884 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (DARecover) || url,threatexpert.com/reports.aspx?find=clients.mydealassistant.com
1 || 2013885 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS 1024 CMS filename Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/18000
1 || 2013886 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress disclosure policy plugin Remote File Inclusion Attempt || url,exploit-db.com/exploits/17865
1 || 2013887 || 3 || trojan-activity || 0 || ET TROJAN W32/Fullstuff Initial Checkin
1 || 2013888 || 5 || trojan-activity || 0 || ET POLICY Cnet App Download and Checkin
1 || 2013889 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent (MediaLabsSiteInstaller)
1 || 2013890 || 2 || trojan-activity || 0 || ET TROJAN W32/Koobface Variant Initial Checkin
1 || 2013891 || 1 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Svlk Client Checkin || url,www.threatexpert.com/report.aspx?md5=c929e8c75901c7e50685df0445a38bd0
1 || 2013892 || 1 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Svlk Server Reply || url,www.threatexpert.com/report.aspx?md5=c929e8c75901c7e50685df0445a38bd0
1 || 2013893 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Svlk Client Ping || url,www.threatexpert.com/report.aspx?md5=c929e8c75901c7e50685df0445a38bd0
1 || 2013894 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Excessive DNS Responses with 1 or more RR's (100+ in 10 seconds) to google.com.br possible Cache Poisoning Attempt || url,www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_attacks_in_Brazil || url,www.zdnet.com/blog/security/massive-dns-poisoning-attack-in-brazil-serving-exploits-and-malware/9780
1 || 2013895 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS google.com.br DNS Poisoning redirecting to exploit kit 1 || url,www.zdnet.com/blog/security/massive-dns-poisoning-attack-in-brazil-serving-exploits-and-malware/9780 || url,www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_attacks_in_Brazil
1 || 2013896 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS google.com.br DNS Poisoning redirecting to exploit kit 2 || url,www.zdnet.com/blog/security/massive-dns-poisoning-attack-in-brazil-serving-exploits-and-malware/9780 || url,www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_attacks_in_Brazil
1 || 2013897 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS google.com.br DNS Poisoning redirecting to exploit kit 3 || url,www.zdnet.com/blog/security/massive-dns-poisoning-attack-in-brazil-serving-exploits-and-malware/9780 || url,www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_attacks_in_Brazil
1 || 2013898 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS google.com.br DNS Poisoning redirecting to exploit kit 4 || url,www.zdnet.com/blog/security/massive-dns-poisoning-attack-in-brazil-serving-exploits-and-malware/9780 || url,www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_attacks_in_Brazil
1 || 2013899 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS google.com.br DNS Poisoning redirecting to exploit kit 5 || url,www.zdnet.com/blog/security/massive-dns-poisoning-attack-in-brazil-serving-exploits-and-malware/9780 || url,www.securelist.com/en/blog/208193214/Massive_DNS_poisoning_attacks_in_Brazil
1 || 2013900 || 2 || trojan-activity || 0 || ET TROJAN W32/Yaq Checkin
1 || 2013901 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User Agent GeneralDownloadApplication
1 || 2013902 || 3 || trojan-activity || 0 || ET TROJAN Win32.BlackControl Retrieving IP Information
1 || 2013903 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User Agent GetFile
1 || 2013904 || 2 || trojan-activity || 0 || ET TROJAN W32/Rimecud User Agent beat
1 || 2013905 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User Agent banderas
1 || 2013906 || 4 || trojan-activity || 0 || ET DELETED Ghost Click DNSChanger DNS Request (UDP) || url,www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf
1 || 2013907 || 3 || trojan-activity || 0 || ET TROJAN ZAccess/Sirefef/MAX++/Jorik/Smadow Checkin
1 || 2013908 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS ZeuS estatements mailing campaign landing page
1 || 2013909 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS ZeuS estatements fake transaction page flash warning
1 || 2013910 || 3 || policy-violation || 0 || ET GAMES Second Life setup download || url,en.wikifur.com/wiki/Second_Life || url,wiki.secondlife.com/wiki/Furry
1 || 2013911 || 9 || trojan-activity || 0 || ET TROJAN P2P Zeus or ZeroAccess Request To CnC || url,www.abuse.ch/?p=3499 || url,www.kindsight.net/sites/default/files/Kindsight_Malware_Analysis-ZeroAcess-Botnet-final.pdf
1 || 2013912 || 4 || trojan-activity || 0 || ET TROJAN P2P Zeus Response From CnC || url,www.abuse.ch/?p=3499
1 || 2013913 || 3 || trojan-activity || 0 || ET TROJAN Request for utu.dat Likely Ponmocup checkin || url,www.threatexpert.com/report.aspx?md5=6fd8cdee653c0fde769e6c48d65e28bd
1 || 2013914 || 4 || policy-violation || 0 || ET POLICY APT User-Agent to BackTrack Repository || url,www.backtrack-linux.org
1 || 2013916 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito Exploit Kit Java request to showthread.php?t= || url,research.zscaler.com/2012/01/popularity-of-exploit-kits-leading-to.html
1 || 2013917 || 4 || trojan-activity || 0 || ET TROJAN Win32/Dofoil.L Checkin || url,www.threatexpert.com/report.aspx?md5=47f2b8fcc2873f4dfd573b0e8a77aaa9 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FDofoil.L&ThreatID=-2147317615
1 || 2013918 || 3 || attempted-user || 0 || ET EXPLOIT Possible BSNL Router DNS Change Attempt || url,www.hackersbay.in/2011/02/pwning-routersbsnl.html
1 || 2013919 || 2 || not-suspicious || 0 || ET POLICY external cPanel login
1 || 2013920 || 2 || not-suspicious || 0 || ET POLICY external cPanel password change
1 || 2013921 || 2 || web-application-attack || 0 || ET WEB_SERVER DNS changer cPanel attempt
1 || 2013922 || 1 || trojan-activity || 0 || ET TROJAN PoisonIvy.Emp Keepalive to CnC || url,www.mcafee.com/threat-intelligence/malware/default.aspx?id=541210
1 || 2013923 || 1 || trojan-activity || 0 || ET TROJAN PoisonIvy.Eu2 Keepalive to CnC
1 || 2013924 || 1 || trojan-activity || 0 || ET TROJAN PoisonIvy.Eu3 Keepalive to CnC
1 || 2013925 || 1 || trojan-activity || 0 || ET TROJAN PoisonIvy.Eu4 Keepalive to CnC
1 || 2013926 || 6 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (POST)
1 || 2013927 || 3 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (HEAD)
1 || 2013928 || 3 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (PROPFIND)
1 || 2013929 || 3 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (OPTIONS)
1 || 2013930 || 2 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (PUT)
1 || 2013931 || 2 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (DELETE)
1 || 2013932 || 2 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (TRACE)
1 || 2013933 || 3 || bad-unknown || 0 || ET POLICY HTTP traffic on port 443 (CONNECT)
1 || 2013934 || 5 || trojan-activity || 0 || ET TROJAN Win32.Fareit.A/Pony Downloader Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS%3aWin32%2fFareit.A || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS%3aWin32%2fFareit || url,www.threatexpert.com/report.aspx?md5=99fab94fd824737393f5184685e8edf2 || url,www.threatexpert.com/report.aspx?md5=9544c681ae5c4fe3fdbd4d5c6c90e38e || url,www.threatexpert.com/report.aspx?md5=d50c39753ba88daa00bc40848f174168 || url,www.threatexpert.com/report.aspx?md5=bf422f3aa215d896f55bbe2ebcd25d17
1 || 2013935 || 2 || trojan-activity || 0 || ET TROJAN Win32.Zbot.chas/Unruy.H Covert DNS CnC Channel TXT Response
1 || 2013936 || 5 || bad-unknown || 0 || ET POLICY SSH banner detected on TCP 443 likely proxy evasion
1 || 2013937 || 4 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (system() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar
1 || 2013938 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (passthru() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar
1 || 2013939 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (shell_exec() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar
1 || 2013940 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (proc_open() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar
1 || 2013941 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (popen() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar
1 || 2013942 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (python_eval() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar
1 || 2013943 || 4 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (pcntl_exec() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar
1 || 2013944 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (perl->system() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar
1 || 2013945 || 3 || web-application-activity || 0 || ET WEB_SERVER Weevely PHP backdoor detected (exec() function used) || url,bechtsoudis.com/security/put-weevely-on-the-your-nids-radar
1 || 2013946 || 4 || trojan-activity || 0 || ET TROJAN FakeAV.EGZ Checkin 1 || url,www.virustotal.com/file-scan/report.html?id=458ec5d5b3c1c02b6c64b360f82bcbf529f580c2d646b2ae161fc7dd2ea9927d-1321069787
1 || 2013947 || 4 || trojan-activity || 0 || ET TROJAN FakeAV.EGZ Checkin 2
1 || 2013948 || 4 || trojan-activity || 0 || ET TROJAN PWS.TIBIA Checkin or Data Post
1 || 2013949 || 4 || trojan-activity || 0 || ET TROJAN PWS.TIBIA Checkin or Data Post 2
1 || 2013950 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole obfuscated Javascript padded charcodes 25
1 || 2013951 || 3 || trojan-activity || 0 || ET TROJAN Win32/Rimecud.A User-Agent (needit) || url,www.threatexpert.com/report.aspx?md5=1b1fff82c72277aff808291d53df7fd8 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FRimecud.A
1 || 2013952 || 3 || trojan-activity || 0 || ET TROJAN TR/Rimecud.aksa User-Agent (indy) || url,www.threatexpert.com/report.aspx?md5=1536a7072981ce5140efe6b9c193bb7e || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FRimecud.A
1 || 2013953 || 3 || trojan-activity || 0 || ET TROJAN Win32/Rimecud.A User-Agent (counters) || url,www.threatexpert.com/report.aspx?md5=60ce66bd10fcac3c97151612c8a4d343 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FRimecud.A
1 || 2013954 || 2 || trojan-activity || 0 || ET TROJAN Win32/Rimecud.A User-Agent (giftz) || url,www.threatexpert.com/report.aspx?md5=0f726e84bae5a8d1f166bbf6d09d821b || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FRimecud.A
1 || 2013955 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Jupiter Exploit Kit Landing Page with Malicious Java Applets
1 || 2013956 || 2 || trojan-activity || 0 || ET TROJAN W32/SmartPops Adware Outbound Off-Port MSSQL Communication
1 || 2013959 || 2 || trojan-activity || 0 || ET TROJAN Win32.Sality User-Agent (DEBUT.TMP)
1 || 2013960 || 6 || attempted-user || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Delivering PDF Exploit to Client || url,isc.sans.org/diary/Updates+on+ZeroAccess+and+BlackHole+front+/12079
1 || 2013961 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Delivering Java Exploit to Client || url,isc.sans.org/diary/Updates+on+ZeroAccess+and+BlackHole+front+/12079
1 || 2013962 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Delivering Executable to Client || url,isc.sans.org/diary/Updates+on+ZeroAccess+and+BlackHole+front+/12079
1 || 2013963 || 3 || trojan-activity || 0 || ET TROJAN Win32.Sality User-Agent (Internet Explorer 5.01)
1 || 2013964 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Mozilla / 4.0 CNC traffic
1 || 2013965 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/SndApp.B Sending Device Information || url,www.fortiguard.com/latest/mobile/3302891
1 || 2013966 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Ozotshielder.A Checkin || url,www.fortiguard.com/latest/mobile/3302951
1 || 2013967 || 3 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent (adlib) || url,blog.trendmicro.com/connections-between-droiddreamlight-and-droidkungfu/
1 || 2013968 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/KungFu Package Delete Command || url,blog.trendmicro.com/connections-between-droiddreamlight-and-droidkungfu/
1 || 2013969 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a .noip.cn domain
1 || 2013970 || 1 || bad-unknown || 0 || ET DNS Query for Suspicious .noip.cn Domain
1 || 2013971 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query for Suspicious .dyndns-at-home.com Domain
1 || 2013972 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Initial Blackhole Landing Loading... Wait Please || url,isc.sans.org/diary/Updates+on+ZeroAccess+and+BlackHole+front+/12079
1 || 2013974 || 3 || trojan-activity || 0 || ET POLICY Suspicious Invalid HTTP Accept Header of ?
1 || 2013975 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Neosploit Java Exploit Kit request to /? plus hex 32
1 || 2013976 || 10 || trojan-activity || 0 || ET TROJAN Zeus POST Request to CnC - URL agnostic || url,www.secureworks.com/research/threats/zeus/?threat=zeus || url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html
1 || 2013977 || 1 || trojan-activity || 0 || ET TROJAN TDSS DNS Based Internet Connectivity Check
1 || 2013978 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Lilupophilupop Injected Script Being Served to Client
1 || 2013979 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Lilupophilupop Injected Script Being Served from Local Server
1 || 2013980 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Tinderbox.mozilla.org showbuilds.cgi Cross Site Scripting Attempt || url,packetstorm.codar.com.br/1111-exploits/tinderbox-xss.txt
1 || 2013981 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Orbis editor-body.php script Cross Site Scripting Attempt || url,autosectools.com/Advisory/Orbis-1.0.2-Reflected-Cross-site-Scripting-4
1 || 2013982 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web File Browser file Parameter Local File Inclusion Attempt || url,exploit-db.com/exploits/18070/
1 || 2013983 || 5 || trojan-activity || 0 || ET MALWARE Adware-Win32/EoRezo Reporting || url,threatexpert.com/report.aspx?md5=b5708efc8b478274df4b03d8b7dbbb26
1 || 2013984 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zabbix popup.php  SELECT FROM SQL Injection Vulnerability || url,1337day.com/exploits/17081
1 || 2013985 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zabbix popup.php DELETE FROM SQL Injection Vulnerability || url,1337day.com/exploits/17081
1 || 2013986 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zabbix popup.php UNION SELECT SQL Injection Vulnerability || url,1337day.com/exploits/17081
1 || 2013987 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zabbix popup.php UPDATE SET SQL Injection Vulnerability || url,1337day.com/exploits/17081
1 || 2013988 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zabbix popup.php INSERT INTO  SQL Injection Vulnerability || url,1337day.com/exploits/17081
1 || 2013989 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla component img Local File Inclusion Attempt || url,packetstormsecurity.org/files/95683/joomlaimg-lfi.txt
1 || 2013990 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit hostile PDF qwe123
1 || 2013991 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole hostile PDF v1
1 || 2013992 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole hostile PDF v2
1 || 2013993 || 2 || web-application-activity || 0 || ET WEB_SPECIFIC_APPS Cacti Input Validation Attack 2 || url,www.cacti.net || url,www.idefense.com/application/poi/display?id=265&type=vulnerabilities || url,www.idefense.com/application/poi/display?id=266&type=vulnerabilities
1 || 2013994 || 4 || trojan-activity || 0 || ET DELETED LDPinch Loader Binary Request
1 || 2013995 || 2 || bad-unknown || 0 || ET WEB_CLIENT PDF With Embedded U3D || url,www.adobe.com/support/security/advisories/apsa11-04.html
1 || 2013996 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Adobe PDF Universal 3D file corrupted download 1 || url,www.adobe.com/support/security/advisories/apsa11-04.html
1 || 2013997 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Adobe PDF Universal 3D file corrupted download 2 || url,www.adobe.com/support/security/advisories/apsa11-04.html
1 || 2013998 || 3 || trojan-activity || 0 || ET TROJAN W32/Jorik DDOS Instructions From CnC Server
1 || 2013999 || 2 || trojan-activity || 0 || ET MALWARE W32/Adware.Ibryte User-Agent (ic Windows NT 5.1 MSIE 6.0 Firefox/ Def)
1 || 2014001 || 4 || trojan-activity || 0 || ET USER_AGENTS W32/Kazy User-Agent (Windows NT 5.1 \; v.) space infront of semi-colon
1 || 2014002 || 7 || trojan-activity || 0 || ET TROJAN Fake Variation of Mozilla 4.0 - Likely Trojan
1 || 2014003 || 3 || trojan-activity || 0 || ET TROJAN VBKrypt.dytr Checkin || url,www.threatexpert.com/report.aspx?md5=090986b0e303779bde1ddad3c65a9d78
1 || 2014004 || 4 || trojan-activity || 0 || ET MALWARE Win32/SWInformer.B Checkin || url,www.threatexpert.com/report.aspx?md5=0f90568d86557d62f7d4e1c0f7167431
1 || 2014005 || 3 || trojan-activity || 0 || ET DELETED DNS Query for Sykipot C&C www.prettylikeher.com || cve,CVE-2011-2462 || url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html
1 || 2014006 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Sykipot Checkin || cve,CVE-2011-2462 || url,blog.9bplus.com/analyzing-cve-2011-2462 || url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html
1 || 2014007 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Sykipot Put || cve,CVE-2011-2462 || url,blog.9bplus.com/analyzing-cve-2011-2462 || url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html
1 || 2014008 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Sykipot Get Config Request || cve,CVE-2011-2462 || url,contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html || url,blog.9bplus.com/analyzing-cve-2011-2462
1 || 2014009 || 3 || trojan-activity || 0 || ET TROJAN Smokeloader getgrab Command
1 || 2014010 || 3 || trojan-activity || 0 || ET TROJAN Smokeloader getproxy Command
1 || 2014011 || 3 || trojan-activity || 0 || ET TROJAN Smokeloader getsock Command
1 || 2014012 || 3 || trojan-activity || 0 || ET TROJAN Smokeloader getload Command || url,sophosnews.files.wordpress.com/2013/07/sophosszappanosplugxrevisitedintroducingsmoaler-rev1.pdf || url,symantec.com/security_response/writeup.jsp?docid=2011-100515-1838-99&tabid=2
1 || 2014014 || 6 || trojan-activity || 0 || ET TROJAN Zeus Checkin Header Pattern
1 || 2014015 || 7 || trojan-activity || 0 || ET DELETED TROJAN LDPinch Loader Binary Request
1 || 2014017 || 2 || web-application-activity || 0 || ET WEB_SERVER JBoss jmx-console Probe || cve,2010-0738
1 || 2014018 || 2 || web-application-activity || 0 || ET WEB_SERVER JBoss jmx-console Access Control Bypass Attempt || cve,2010-0738
1 || 2014019 || 4 || trojan-activity || 0 || ET DELETED Kargany Loader Obfuscated Payload Download
1 || 2014020 || 4 || attempted-recon || 0 || ET WEB_SERVER Wordpress Login Bruteforcing Detected
1 || 2014021 || 2 || trojan-activity || 0 || ET TROJAN Gootkit Checkin User-Agent 2
1 || 2014022 || 2 || web-application-attack || 0 || ET SCAN Gootkit Scanner User-Agent Inbound
1 || 2014023 || 2 || web-application-attack || 0 || ET TROJAN Gootkit Scanner User-Agent Outbound
1 || 2014024 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Probable Scalaxy exploit kit secondary request
1 || 2014025 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Probable Scalaxy exploit kit Java or PDF exploit request
1 || 2014026 || 1 || trojan-activity || 0 || ET DELETED Scalaxy exploit kit binary download request
1 || 2014027 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Obfuscated Base64 in Javascript probably Scalaxy exploit kit
1 || 2014028 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Likely CryptMEN FakeAV Download vclean
1 || 2014029 || 3 || trojan-activity || 0 || ET TROJAN Agent.UGP!tr/Cryptor/Graftor Dropper Requesting exe
1 || 2014030 || 2 || trojan-activity || 0 || ET POLICY Rebate Informer User-Agent (REBATEINF) || url,www.rebategiant.com
1 || 2014031 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested com.class
1 || 2014032 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested org.class
1 || 2014033 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested edu.class
1 || 2014034 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested net.class
1 || 2014035 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole PDF Exploit Request /fdp2.php || md5,8a33d1d36d097ca13136832aa10ae5ca || cve,CVE-2011-0611
1 || 2014036 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Generic Java Exploit Obfuscated With Allatori
1 || 2014037 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.osa.pl domain
1 || 2014038 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING OpenX BrowserDetect.init Download
1 || 2014039 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING Alureon Malicious IFRAME
1 || 2014040 || 3 || trojan-activity || 0 || ET TROJAN Win32.PowerPointer checkin
1 || 2014041 || 5 || trojan-activity || 0 || ET WORM AirOS .css Worm Outbound Propagation Sweep || url,seclists.org/fulldisclosure/2011/Dec/419 || url,www.root.cz/clanky/virus-v-bezdratovych-routerech-skynet/
1 || 2014042 || 4 || trojan-activity || 0 || ET WORM AirOS admin.cgi/css Exploit Attempt || url,seclists.org/fulldisclosure/2011/Dec/419 || url,www.root.cz/clanky/virus-v-bezdratovych-routerech-skynet/
1 || 2014044 || 5 || trojan-activity || 0 || ET TROJAN SpyEye Checkin version 1.3.25 or later 2
1 || 2014045 || 3 || attempted-dos || 0 || ET WEB_SERVER Generic Web Server Hashing Collision Attack || cve,2011-3414 || url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html || url,technet.microsoft.com/en-us/security/advisory/2659883 || url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx
1 || 2014046 || 3 || attempted-dos || 0 || ET WEB_SERVER Generic Web Server Hashing Collision Attack 2 || cve,2011-3414 || url,events.ccc.de/congress/2011/Fahrplan/events/4680.en.html || url,technet.microsoft.com/en-us/security/advisory/2659883 || url,blogs.technet.com/b/srd/archive/2011/12/29/asp-net-security-update-is-live.aspx
1 || 2014047 || 3 || bad-unknown || 0 || ET TROJAN Double HTTP/1.1 Header Inbound - Likely Hostile Traffic
1 || 2014048 || 6 || attempted-user || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Java Rhino Script Engine Remote Code Execution Attempt || url,blog.eset.com/2011/12/15/spam-campaign-uses-blackhole-exploit-kit-to-install-spyeye || bid,50218 || cve,2011-3544
1 || 2014049 || 2 || not-suspicious || 0 || ET POLICY Bluecoat Proxy in use
1 || 2014050 || 3 || trojan-activity || 0 || ET DELETED Blackhole Rhino Java Exploit request to /content/v1.jar || md5,8a33d1d36d097ca13136832aa10ae5ca || cve,CVE-2011-0611
1 || 2014051 || 1 || trojan-activity || 0 || ET DELETED Blackhole Acrobat 8/9.3 PDF exploit download request 3 || md5,8a33d1d36d097ca13136832aa10ae5ca || cve,CVE-2011-0611
1 || 2014052 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 3 || md5,8a33d1d36d097ca13136832aa10ae5ca || cve,CVE-2011-0611
1 || 2014053 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Likely Flash exploit download request score.swf || cve,CVE-2011-0611
1 || 2014054 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS User-Agent used in Injection Attempts || url,lists.emergingthreats.net/pipermail/emerging-sigs/2011-December/016882.html
1 || 2014055 || 1 || trojan-activity || 0 || ET TROJAN Win32/Hilgild!gen.A CnC Communication || md5,d8edad03f5524369e60c69a7483f8365
1 || 2014056 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.Eu5 Keepalive to CnC || md5,d8edad03f5524369e60c69a7483f8365
1 || 2014057 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.Eu5 Keepalive from CnC || md5,d8edad03f5524369e60c69a7483f8365
1 || 2014058 || 3 || trojan-activity || 0 || ET DELETED Unknown Loader EXE Payload Request
1 || 2014059 || 7 || trojan-activity || 0 || ET POLICY Spyware.Agent.elbb lava.cn Game Exe Download || url,securelist.com/en/descriptions/17601150/Trojan-Dropper.Win32.Agent.elbb?print_mode=1 || md5,c2b4f8abc742bf048f3856525c1b2800 || md5,4937dc6e111996dbe331327e7e9a4a12 || url,www.amada.abuse.ch/?search=download.lava.cn
1 || 2014060 || 4 || trojan-activity || 0 || ET MALWARE Tool.InstallToolbar.24 Reporting || url,virustotal.com/file-scan/report.html?id=1439d4061659a8534435352274b72dc2fe03c3deeb84e32fc90d40380c35cab1-1322189076
1 || 2014061 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_dshop Component SELECT FROM SQL Injection Attempt || bugtraq,51116
1 || 2014062 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_dshop Component DELETE FROM SQL Injection Attempt || bugtraq,51116
1 || 2014063 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_dshop Component UNION SELECT SQL Injection Attempt || bugtraq,51116
1 || 2014064 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_dshop Component INSERT INTO SQL Injection Attempt || bugtraq,51116
1 || 2014065 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_dshop Component UPDATE SET SQL Injection Attempt || bugtraq,51116
1 || 2014066 || 4 || trojan-activity || 0 || ET TROJAN Trojan-Clicker.Win32.VB.gnf Reporting || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanClicker%3AWin32%2FVB.GE
1 || 2014067 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Booking Calendar page_info_message parameter Cross-Site Scripting Vulnerability  || url,packetstormsecurity.org/files/107995
1 || 2014068 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Plone and Zope cmd Parameter Remote Command Execution Attempt || url,exploit-db.com/exploits/18262
1 || 2014069 || 4 || trojan-activity || 0 || ET MALWARE Win32-Adware.Hotclip.A Reporting || url,spydig.com/spyware-info/Win32-Adware-Hotclip-A.html
1 || 2014070 || 4 || trojan-activity || 0 || ET TROJAN Trojan Downloader.Bancos Reporting || url,symantec.com/security_response/writeup.jsp?docid=2006-061110-0512-99
1 || 2014071 || 4 || trojan-activity || 0 || ET MALWARE Adware.Gen5 Reporting || url,threatexpert.com/report.aspx?md5=90410d783f6321c8684ccb9ff0613a51
1 || 2014072 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Pet Listing Script type_id Parameter Cross Site Scripting Attempt || url,packetstorm.foofus.com/1112-exploits/petlisting-xss.txt
1 || 2014073 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress The-Welcomizer plugin page parameter Cross Site Scripting Attempt || url,dl.packetstormsecurity.net/1112-exploits/wpthewelcomizer-xss.txt
1 || 2014074 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jbShop e107 CMS plugin item_id parameter SELECT FROM SQL Injection Attempt || url,exploit-db.com/exploits/18056/
1 || 2014075 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jbShop e107 CMS plugin item_id parameter DELETE FROM SQL Injection Attempt || url,exploit-db.com/exploits/18056/
1 || 2014076 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jbShop e107 CMS plugin item_id parameter UNION SELECT SQL Injection Attempt || url,exploit-db.com/exploits/18056/
1 || 2014077 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jbShop e107 CMS plugin item_id parameter INSERT INTO SQL Injection Attempt || url,exploit-db.com/exploits/18056/
1 || 2014078 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS jbShop e107 CMS plugin item_id parameter UPDATE SET SQL Injection Attempt || url,exploit-db.com/exploits/18056/
1 || 2014079 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Zorder zorder Parameter UNION SELECT SQL Injection Vulnerability || url,dl.packetstormsecurity.net/1111-exploits/zorder-sql.txt
1 || 2014080 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Zorder zorder Parameter UPDATE SET SQL Injection Vulnerability || url,dl.packetstormsecurity.net/1111-exploits/zorder-sql.txt
1 || 2014081 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Zorder zorder Parameter INSERT INTO SQL Injection Vulnerability || url,dl.packetstormsecurity.net/1111-exploits/zorder-sql.txt
1 || 2014082 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SourceBans ajaxargs Parameter Local File Inclusion Attempt || url,dl.packetstormsecurity.net/1112-exploits/sourcebans-lfisql.txt
1 || 2014083 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Generic.pak!cobra Reporting || url,securelist.com/en/descriptions/24405309/Trojan.Win32.FakeAV.dlbc
1 || 2014084 || 5 || trojan-activity || 0 || ET TROJAN TROJAN Win32.OnlineGames.Bft Reporting || url,threatexpert.com/report.aspx?md5=e488fca95cb923a0ecd329642c076e0d || url,www.thespywaredetector.com/spywareinfo.aspx?ID=1874131
1 || 2014085 || 5 || trojan-activity || 0 || ET TROJAN TROJAN Win32-WebSec Reporting || url,threatexpert.com/report.aspx?md5=971e560b80e335ab88ef518b416d415a
1 || 2014086 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Planex Mini-300PU & Mini100s Cross-site Scripting Attempt || url,exploit-db.com/exploits/17114
1 || 2014087 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Zorder zorder Parameter SELECT FROM SQL Injection Vulnerability || url,dl.packetstormsecurity.net/1111-exploits/zorder-sql.txt
1 || 2014088 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mambo Zorder zorder Parameter DELETE FROM SQL Injection Vulnerability || url,dl.packetstormsecurity.net/1111-exploits/zorder-sql.txt
1 || 2014090 || 6 || trojan-activity || 0 || ET TROJAN Suspicious user agent (V32)
1 || 2014091 || 2 || not-suspicious || 0 || ET POLICY Dyndns Client IP Check
1 || 2014092 || 2 || not-suspicious || 0 || ET POLICY Dyndns Client User-Agent
1 || 2014093 || 3 || trojan-activity || 0 || ET TROJAN Downloader.Win32.Nurech Checkin UA
1 || 2014094 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole-like Java Exploit request to .jar?t=
1 || 2014095 || 4 || policy-violation || 0 || ET POLICY Kindle Fire Browser User-Agent Outbound || url,www.amazon.com/gp/product/B0051VVOB2%23silk
1 || 2014096 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Document.write Long Backslash UTF-16 Encoded Content - Exploit Kit Behavior Flowbit Set || url,www.kahusecurity.com/2011/elaborate-black-hole-infection/
1 || 2014097 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Excessive new Array With Newline - Exploit Kit Behavior Flowbit Set || url,www.kahusecurity.com/2011/elaborate-black-hole-infection/
1 || 2014098 || 4 || bad-unknown || 0 || ET DELETED Excessive JavaScript replace /g - Exploit Kit Behavior Flowbit Set
1 || 2014099 || 3 || trojan-activity || 0 || ET TROJAN Exploit Kit Delivering Office File to Client
1 || 2014100 || 3 || attempted-user || 0 || ET WEB_SERVER ASP.NET Forms Authentication Bypass || cve,2011-3416
1 || 2014101 || 2 || trojan-activity || 0 || ET TROJAN Blackshades Payload Download Command
1 || 2014102 || 3 || not-suspicious || 0 || ET POLICY FACEBOOK user id in http_client_body, lookup with fb.com/profile.php?id=
1 || 2014103 || 2 || web-application-activity || 0 || ET WEB_SERVER Unusually Fast HTTP Requests With Referrer Url Matching DoS Tool || url,community.qualys.com/blogs/securitylabs/2012/01/05/slow-read
1 || 2014104 || 2 || trojan-activity || 0 || ET DELETED Zeus POST Request to CnC - content-type variation
1 || 2014105 || 4 || trojan-activity || 0 || ET TROJAN Zeus Bot GET to Google checking Internet connectivity using proxy || url,www.secureworks.com/research/threats/zeus/?threat=zeus || url,lists.emergingthreats.net/pipermail/emerging-sigs/2010-October/009807.html
1 || 2014106 || 3 || trojan-activity || 0 || ET DELETED Zeus POST Request to CnC - content-type variation
1 || 2014107 || 3 || trojan-activity || 0 || ET TROJAN Zeus POST Request to CnC - cookie variation || url,zeustracker.abuse.ch/monitor.php?search=209.59.216.103
1 || 2014108 || 1 || trojan-activity || 0 || ET TROJAN PoisonIvy.Eu6 Keepalive to CnC
1 || 2014109 || 2 || trojan-activity || 0 || ET DELETED Backdoor.Win32.Gh0st.QQ Checkin || url,www.threatexpert.com/report.aspx?md5=899feda736be77a39d05f0a5002048f0
1 || 2014110 || 4 || trojan-activity || 0 || ET DELETED Backdoor.Win32.Gh0st.QQ Checkin 2 || url,www.threatexpert.com/report.aspx?md5=899feda736be77a39d05f0a5002048f0
1 || 2014111 || 6 || trojan-activity || 0 || ET TROJAN Win32.UFRStealer.A issuing MKD command FTP || url,www.threatexpert.com/report.aspx?md5=a251ef38f048d695eae52626e57d617d
1 || 2014112 || 3 || trojan-activity || 0 || ET TROJAN W32.Menti/TrojanClicker.Agent.NII Checkin || url,blog.eset.com/2012/03/17/drive-by-ftp-a-new-view-of-cve-2011-3544
1 || 2014113 || 4 || trojan-activity || 0 || ET TROJAN Win32-Dynamer.dtc Reporting || url,microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Dynamer!dtc || md5,989ba48e0a9e39b4b6fc5c6bf400c41b
1 || 2014114 || 4 || trojan-activity || 0 || ET TROJAN Delf/Troxen/Zema Reporting 1 || md5,3d18363a20882bd74ae7e0f68d3ed8ef
1 || 2014115 || 3 || trojan-activity || 0 || ET TROJAN Delf/Troxen/Zema Reporting 2 || md5,3d18363a20882bd74ae7e0f68d3ed8ef
1 || 2014116 || 2 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent build - possibly Delf/Troxen/Zema || md5,3d18363a20882bd74ae7e0f68d3ed8ef
1 || 2014117 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Dropper.Win32.Dapato Checkin || url,www.threatexpert.com/report.aspx?md5=8eaf3b7b72a9af5a85d01b674653ccac || url,camas.comodo.com/cgi-bin/submit?file=31c027c13105e23af64b1b02882fb2b8300fdf7f511bb4c63c71f9b09c75dd6c
1 || 2014118 || 2 || successful-admin || 0 || ET TROJAN Cythosia V2 DDoS WebPanel Hosted Locally || url,blog.webroot.com/2012/01/09/a-peek-inside-the-cythosia-v2-ddos-bot/
1 || 2014119 || 3 || trojan-activity || 0 || ET TROJAN W32/Lici Initial Checkin || md5,2f4d35e797249e837159ff60b827c601
1 || 2014120 || 3 || trojan-activity || 0 || ET MALWARE Win32/Eorezo-B Adware Checkin || md5,6631bb8d95906decc7e6f7c51f6469e6
1 || 2014121 || 2 || trojan-activity || 0 || ET TROJAN Win32/Nuclear Checkin || md5,bd4af162f583899eeb6ce574863b4db6
1 || 2014122 || 3 || trojan-activity || 0 || ET MALWARE W32/OpenCandy Adware Checkin
1 || 2014123 || 2 || policy-violation || 0 || ET POLICY Softango.com Installer Checking For Update
1 || 2014124 || 3 || policy-violation || 0 || ET POLICY Softango.com Installer POSTing Data
1 || 2014125 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Help and Control Panel Exploit Request || url,jsunpack.jeek.org/?report=2b1d42ba5b47676db4864855ac239a73fb8217ff
1 || 2014126 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole Likely Flash Exploit Request /field.swf
1 || 2014127 || 1 || not-suspicious || 0 || ET POLICY Splashtop Remote Control Checkin || url,www.splashtop.com
1 || 2014128 || 1 || not-suspicious || 0 || ET POLICY Splashtop Remote Control Session Start Request || url,www.splashtop.com
1 || 2014129 || 1 || not-suspicious || 0 || ET POLICY Splashtop Remote Control Session Keepalive || url,www.splashtop.com
1 || 2014131 || 3 || trojan-activity || 0 || ET TROJAN W32/Ramnit Initial CnC Connection || url,contagiodump.blogspot.com/2012/01/blackhole-ramnit-samples-and-analysis.html
1 || 2014133 || 4 || trojan-activity || 0 || ET TROJAN W32/Jiwerks.A Checkin || md5,0e47c711d9edee337575b6dbef850514
1 || 2014135 || 3 || trojan-activity || 0 || ET TROJAN Zeus/Reveton checkin to /images.rar || md5,2697e2b81ba1c90fcd32e24715fcf40a
1 || 2014136 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Version Check with hidden applet
1 || 2014137 || 3 || trojan-activity || 0 || ET MALWARE Common Adware Library ISX User Agent Detected || url,www.dateiliste.com/d3files/tools/mphider/isxdl.htm
1 || 2014138 || 2 || trojan-activity || 0 || ET DELETED DRIVEBY Generic Java Rhino Scripting Engine Exploit Previously Requested class.class
1 || 2014139 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Query to Known CnC Domain msnsolution.nicaze.net || md5,89332c92d0360095e2dda8385d400258
1 || 2014140 || 5 || attempted-dos || 0 || ET WEB_SERVER LOIC Javascript DDoS Inbound || url,isc.sans.org/diary/Javascript+DDoS+Tool+Analysis/12442 || url,www.wired.com/threatlevel/2012/01/anons-rickroll-botnet
1 || 2014141 || 4 || attempted-dos || 0 || ET CURRENT_EVENTS LOIC Javascript DDoS Outbound || url,isc.sans.org/diary/Javascript+DDoS+Tool+Analysis/12442 || url,www.wired.com/threatlevel/2012/01/anons-rickroll-botnet
1 || 2014142 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Driveby Delivered Malicious PDF
1 || 2014143 || 1 || trojan-activity || 0 || ET DELETED PoisonIvy.Esf Keepalive to CnC || md5,e6ca06e9b000933567a8604300094a85
1 || 2014144 || 1 || trojan-activity || 0 || ET DELETED PoisonIvy.Eks Keepalive to CnC || md5,9a494e7a48436e6defcb44dd6f053b33
1 || 2014145 || 1 || trojan-activity || 0 || ET TROJAN PoisonIvy.Ehy Keepalive to CnC || md5,d2311b7208d563ac59c9114f5d422441
1 || 2014146 || 1 || trojan-activity || 0 || ET TROJAN Win32/Spy.Banker Reporting Via SMTP
1 || 2014147 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Sakura Exploit Kit Landing Page Request || url,xylibox.blogspot.com/2012/01/sakura-exploit-pack-10.html
1 || 2014148 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Sakura Exploit Kit Binary Load Request
1 || 2014149 || 4 || trojan-activity || 0 || ET INFO Possible URL List or Clickfraud URLs Delivered To Client
1 || 2014150 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Suspicious executable download possible Trojan NgrBot
1 || 2014151 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Known Malicious Link Leading to Exploit Kits (t.php?id=is1)
1 || 2014152 || 3 || trojan-activity || 0 || ET TROJAN Gozi Checkin to CnC
1 || 2014153 || 3 || attempted-dos || 0 || ET CURRENT_EVENTS High Orbit Ion Cannon (HOIC) Attack Inbound Generic Detection Double Spaced UA || url,blog.spiderlabs.com/2012/01/hoic-ddos-analysis-and-detection.html
1 || 2014154 || 4 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY PDF Containing Subform with JavaScript
1 || 2014155 || 5 || attempted-user || 0 || ET CURRENT_EVENTS JavaScript Obfuscation JSXX Script || cve,2012-0003 || url,eromang.zataz.com/2012/10/22/gong-da-gondad-exploit-pack-evolutions/
1 || 2014156 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Microsoft Windows Media component specific exploit || cve,2012-0003
1 || 2014157 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 4
1 || 2014158 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 4
1 || 2014159 || 2 || trojan-activity || 0 || ET DELETED Blackhole Rhino Java Exploit request to /content/rino.jar || cve,CVE-2011-0611
1 || 2014160 || 2 || trojan-activity || 0 || ET DELETED Blackhole OBE Java Exploit request to /content/obe.jar || cve,CVE-2010-0840 || cve,CVE-2010-0842
1 || 2014161 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/FakeTimer.A Reporting to CnC || url,about-threats.trendmicro.com/Malware.aspx?language=uk&name=ANDROIDOS_FAKETIMER.A || url,anubis.iseclab.org/?action=result&task_id=1ba82b938005acea4ddefc8eff1f4db06 || md5,cf9ba4996531d40402efe268c7efda91 || md5,537f190d3d469ad1f178024940affcb5
1 || 2014162 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/SndApps.SM Sending Information to CnC || url,about-threats.trendmicro.com/Malware.aspx?language=uk&name=ANDROIDOS_SNDAPPS.SM
1 || 2014163 || 8 || trojan-activity || 0 || ET TROJAN Bifrose/Cycbot Checkin 2 || md5,8c4f90bb59c05269c6c6990ec434eab6
1 || 2014164 || 2 || trojan-activity || 0 || ET TROJAN W32/DelfInject.A CnC Checkin 2 || md5,d8c2f31493692895c45d620723e9a8c3
1 || 2014165 || 3 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent MyAgrent || md5,75c2f3168eca26e10bd5b2f3f0e2a8c5
1 || 2014166 || 2 || trojan-activity || 0 || ET TROJAN W32/Mentory CnC Server Providing Update Details || md5,6724bb601611dcc0140960c59c7b3393
1 || 2014167 || 2 || trojan-activity || 0 || ET TROJAN W32/Mentory CnC Server Providing File Info Details || md5,6724bb601611dcc0140960c59c7b3393
1 || 2014168 || 3 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY Unknown Landing Page Received
1 || 2014169 || 1 || trojan-activity || 0 || ET POLICY DNS Query for .su TLD (Soviet Union) Often Malware Related || url,www.abuse.ch/?p=3581
1 || 2014170 || 2 || trojan-activity || 0 || ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related || url,www.abuse.ch/?p=3581
1 || 2014171 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Styx Exploit Kit Landing
1 || 2014172 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS TROJAN ClickCounter Connectivity Check
1 || 2014173 || 3 || trojan-activity || 0 || ET TROJAN Win32/Cryptrun.B Connectivity check || url,blog.9bplus.com/kim-jong-il-pdf-malware
1 || 2014174 || 4 || trojan-activity || 0 || ET TROJAN Win32/Cryptrun.B/MSUpdater C&C traffic 1 || url,blog.9bplus.com/kim-jong-il-pdf-malware || url,www.seculert.com/reports/MSUpdaterTrojanWhitepaper.pdf || url,research.zscaler.com/2012/01/msupdater-trojan-and-link-to-targeted.html || url,blog.seculert.com/2012/01/msupdater-trojan-and-conference-invite.html
1 || 2014175 || 3 || trojan-activity || 0 || ET TROJAN Win32.MSUpdater C&C traffic GET || url,www.seculert.com/reports/MSUpdaterTrojanWhitepaper.pdf || url,research.zscaler.com/2012/01/msupdater-trojan-and-link-to-targeted.html || url,blog.seculert.com/2012/01/msupdater-trojan-and-conference-invite.html
1 || 2014176 || 3 || trojan-activity || 0 || ET DELETED Incognito/Sakura exploit kit landing page with obfuscated URLs
1 || 2014177 || 5 || trojan-activity || 0 || ET DELETED Incognito/Sakura exploit kit binary download request
1 || 2014178 || 2 || trojan-activity || 0 || ET DELETED Unknown Malware Checkin Possibly ZeuS || url,anubis.iseclab.org/?action=result&task_id=1c19710e150ee00941148dee842a02976
1 || 2014179 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla mod_currencyconverter from Cross Site Scripting Attempt || url,packetstormsecurity.org/files/109337/Joomla-Currency-Converter-Cross-Site-Scripting.html
1 || 2014180 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SAPID get_infochannel.inc.php Remote File inclusion Attempt || url,packetstormsecurity.org/files/108488/sapidstable-rfi.txt
1 || 2014181 || 5 || trojan-activity || 0 || ET DELETED Malicious file BaiduPlayer1.0.21.25.exe download
1 || 2014182 || 3 || trojan-activity || 0 || ET DELETED Malicious getpvstat.php file Reporting
1 || 2014183 || 4 || trojan-activity || 0 || ET MALWARE Malicious ad_track.php file Reporting
1 || 2014184 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBBY nouvelles.php id Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/109169/IBBY-SQL-Injection.html
1 || 2014185 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBBY nouvelles.php id Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/109169/IBBY-SQL-Injection.html
1 || 2014186 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBBY nouvelles.php id Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/109169/IBBY-SQL-Injection.html
1 || 2014187 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBBY nouvelles.php id Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/109169/IBBY-SQL-Injection.html
1 || 2014188 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS IBBY nouvelles.php id Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/109169/IBBY-SQL-Injection.html
1 || 2014189 || 3 || trojan-activity || 0 || ET DELETED Likely Blackhole Exploit Kit Driveby ?id Download Secondary Request
1 || 2014190 || 2 || trojan-activity || 0 || ET MALWARE W32/OpenTrio User-Agent (Open3)
1 || 2014191 || 4 || trojan-activity || 0 || ET TROJAN W32/118GotYourNo Reporting to CnC
1 || 2014192 || 3 || trojan-activity || 0 || ET MALWARE W32/MediaGet Checkin
1 || 2014193 || 2 || trojan-activity || 0 || ET TROJAN W32/VPEYE Trojan Downloader User-Agent (VP-EYE Downloader)
1 || 2014194 || 4 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit JavaScript colon string splitting
1 || 2014195 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 5
1 || 2014196 || 3 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /content/rin.jar
1 || 2014197 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Yang Pack Exploit Kit Landing Page Known JavaScript Function Detected || url,www.kahusecurity.com/2012/chinese-exploit-packs/
1 || 2014198 || 6 || trojan-activity || 0 || ET TROJAN ZeuS - ICE-IX cid= in cookie
1 || 2014199 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Kit Exploiting IEPeers || url,www.kahusecurity.com/2011/cve-2011-2140-caught-in-the-wild/ || cve,2010-0806
1 || 2014200 || 4 || trojan-activity || 0 || ET TROJAN Dapato/Cleaman Checkin || md5,1d26f4c1cfedd3d34b5067726a0460b0d || md5,45b3b6fcb666c93e305dba35832e1d42 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FCleaman.G
1 || 2014201 || 3 || misc-activity || 0 || ET POLICY Outbound HTTP Connection From Cisco IOS Device
1 || 2014202 || 2 || misc-activity || 0 || ET POLICY File Being Uploaded to SendSpace File Hosting Site
1 || 2014203 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CUTE-IE.html CutePack Exploit Kit Landing Page Request || url,www.kahusecurity.com/2012/chinese-exploit-packs/
1 || 2014204 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS CutePack Exploit Kit JavaScript Variable Detected || url,www.kahusecurity.com/2012/chinese-exploit-packs/
1 || 2014205 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS CUTE-IE.html CutePack Exploit Kit Iframe for Landing Page Detected || url,www.kahusecurity.com/2012/chinese-exploit-packs/
1 || 2014206 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS CutePack Exploit Kit Landing Page Detected || url,www.kahusecurity.com/2012/chinese-exploit-packs/
1 || 2014207 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Likely MS12-004 midiOutPlayNextPolyEvent Heap Overflow Midi Filename Requested baby.mid || cve,2012-0003
1 || 2014208 || 2 || trojan-activity || 0 || ET TROJAN TLD4 Purple Haze Variant Initial CnC Request for Ad Servers || url,contagiodump.blogspot.com/2012/02/purple-haze-bootkit.html
1 || 2014209 || 3 || trojan-activity || 0 || ET TROJAN Sykipot SSL Certificate serial number detected || url,labs.alienvault.com/labs/index.php/2011/are-the-sykipots-authors-obsessed-with-next-generation-us-drones/
1 || 2014210 || 1 || trojan-activity || 0 || ET TROJAN Sykipot SSL Certificate subject emailAddress detected || url,labs.alienvault.com/labs/index.php/2011/are-the-sykipots-authors-obsessed-with-next-generation-us-drones/
1 || 2014211 || 2 || trojan-activity || 0 || ET TROJAN MSUpdater alt checkin to CnC || url,research.zscaler.com/2012/01/msupdater-trojan-and-link-to-targeted.html || url,blog.seculert.com/2012/01/msupdater-trojan-and-conference-invite.html
1 || 2014212 || 3 || trojan-activity || 0 || ET TROJAN MSUpdater POST checkin to CnC || url,research.zscaler.com/2012/01/msupdater-trojan-and-link-to-targeted.html || url,blog.seculert.com/2012/01/msupdater-trojan-and-conference-invite.html
1 || 2014213 || 2 || trojan-activity || 0 || ET TROJAN MSUpdater Connectivity Check to Google || url,research.zscaler.com/2012/01/msupdater-trojan-and-link-to-targeted.html || url,blog.seculert.com/2012/01/msupdater-trojan-and-conference-invite.html
1 || 2014214 || 2 || trojan-activity || 0 || ET DELETED MSUpdater post-auth checkin || url,research.zscaler.com/2012/01/msupdater-trojan-and-link-to-targeted.html || url,blog.seculert.com/2012/01/msupdater-trojan-and-conference-invite.html
1 || 2014215 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Plankton.P Commands Request to CnC Server || url,about-threats.trendmicro.com/Malware.aspx?language=uk&name=ANDROIDOS_PLANKTON.P
1 || 2014216 || 2 || trojan-activity || 0 || ET TROJAN Delf/Troxen/Zema controller responding to client
1 || 2014217 || 3 || trojan-activity || 0 || ET TROJAN Delf/Troxen/Zema controller delivering clickfraud instructions
1 || 2014218 || 5 || trojan-activity || 0 || ET TROJAN Zeus POST Request to CnC sk1 and bn1 post parameters
1 || 2014219 || 4 || trojan-activity || 0 || ET TROJAN TSPY_SPCESEND.A Checkin || url,blog.trendmicro.com/malware-uses-sendspace-to-store-stolen-documents/
1 || 2014220 || 7 || trojan-activity || 0 || ET DELETED TDS Sutra Exploit Kit Redirect Received
1 || 2014221 || 3 || trojan-activity || 0 || ET DELETED Unknown HTTP CnC Checkin
1 || 2014222 || 2 || trojan-activity || 0 || ET TROJAN QDIGIT Trojan Protocol detected || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf
1 || 2014223 || 4 || trojan-activity || 0 || ET TROJAN UPDATE Protocol Trojan Communication detected on http ports || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf
1 || 2014224 || 4 || trojan-activity || 0 || ET TROJAN UPDATE Protocol Trojan Communication detected on non-http ports || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf
1 || 2014225 || 2 || trojan-activity || 0 || ET TROJAN LURK Trojan Communication Protocol detected || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf
1 || 2014226 || 2 || trojan-activity || 0 || ET TROJAN IP2B Trojan Communication Protocol detected || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf
1 || 2014227 || 2 || trojan-activity || 0 || ET TROJAN BB Trojan Communication Protocol detected || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf
1 || 2014228 || 7 || trojan-activity || 0 || ET TROJAN Backdoor Win32.Idicaf/Atraps || url,www.commandfive.com/papers/C5_APT_C2InTheFifthDomain.pdf
1 || 2014229 || 3 || trojan-activity || 0 || ET TROJAN NfLog Checkin || url,contagiodump.blogspot.com/2012/02/feb-9-cve-2011-1980-msoffice-dll.html
1 || 2014230 || 5 || trojan-activity || 0 || ET TROJAN Karagany/Kazy Obfuscated Payload Download || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FKaragany.I || url,www.virustotal.com/file/6c7ae03b8b660826f0c58bbec4208bf03e704201131b3b5c5709e5837bfdd218/analysis/1334672726/
1 || 2014231 || 3 || trojan-activity || 0 || ET TROJAN UPDATE Protocol Trojan Communication detected on non-http ports 2
1 || 2014232 || 3 || trojan-activity || 0 || ET TROJAN UPDATE Protocol Trojan Communication detected on http ports 2
1 || 2014233 || 3 || network-scan || 0 || ET POLICY ASafaWeb Scan User-Agent (asafaweb.com) || url,asafaweb.com
1 || 2014234 || 10 || trojan-activity || 0 || ET TROJAN Fareit/Pony Downloader Checkin 3 || md5,dcc2c110e509fa777ab1460f665bd137 || url,www.threatexpert.com/report.aspx?md5=9544c681ae5c4fe3fdbd4d5c6c90e38e || url,www.threatexpert.com/report.aspx?md5=d50c39753ba88daa00bc40848f174168 || url,www.threatexpert.com/report.aspx?md5=bf422f3aa215d896f55bbe2ebcd25d17
1 || 2014235 || 12 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - info.exe
1 || 2014236 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - contacts.exe
1 || 2014237 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - calc.exe
1 || 2014238 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - about.exe
1 || 2014239 || 3 || trojan-activity || 0 || ET TROJAN W32.Duptwux/Ganelp FTP Username - onthelinux
1 || 2014240 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Win32/Cridex.B Self Signed SSL Certificate (root@ks310208.kimsufi.com)
1 || 2014241 || 7 || bad-unknown || 0 || ET DELETED DRIVEBY Generic - Java Exploit Obfuscated With Allatori
1 || 2014242 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Trojan Stream request /stream?
1 || 2014243 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Java Rhino Scripting Engine Exploit Downloaded
1 || 2014244 || 1 || bad-unknown || 0 || ET DELETED Blackhole Java applet with obfuscated URL 2
1 || 2014245 || 3 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request similar to /content/jav.jar
1 || 2014246 || 3 || trojan-activity || 0 || ET DELETED Sefnit Checkin 3
1 || 2014247 || 2 || trojan-activity || 0 || ET TROJAN Sefnit Checkin 4
1 || 2014248 || 2 || trojan-activity || 0 || ET TROJAN Sefnit Checkin 5
1 || 2014249 || 4 || trojan-activity || 0 || ET MALWARE W32/GameplayLabs.Adware Installer Checkin
1 || 2014250 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jreactions mosConfig_absolute_path Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/95431/Joomla-Jreactions-Remote-File-Inclusion.html
1 || 2014251 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Grady Levkov id Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/109814/Grady-Levkov-Cross-Site-Scripting.html
1 || 2014252 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Membership Site Manager Script key Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/108687/PHP-Membership-Site-Manager-Script-Cross-Site-Scripting.html
1 || 2014253 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfile file.php id Parameter SELECT FROM SQL Injection Attempt || url,packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html
1 || 2014254 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfile file.php id Parameter DELETE FROM SQL Injection Attempt || url,packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html
1 || 2014255 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfile file.php id Parameter UNION SELECT SQL Injection Attempt || url,packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html
1 || 2014256 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfile file.php id Parameter INSERT INTO SQL Injection Attempt || url,packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html
1 || 2014257 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pfile file.php id Parameter UPDATE SET SQL Injection Attempt || url,packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html
1 || 2014258 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_visa controller Local File Inclusion Attempt || url,packetstormsecurity.org/files/109214/Joomla-Visa-SQL-Injection-Local-File-Inclusion.html
1 || 2014259 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_eventcal mosConfig_absolute_path Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/94983/Joomla-Eventcal-Remote-File-Inclusion.html
1 || 2014260 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Horde 3.3.12 Backdoor Attempt || cve,2012-0209
1 || 2014261 || 2 || trojan-activity || 0 || ET MALWARE W32/PlaySushi User-Agent || md5,039815a7cb0b7ee52b753a9b79006f97
1 || 2014262 || 4 || trojan-activity || 0 || ET MALWARE AdWare.Win32.Sushi.au Checkin || md5,3aad2075e00d5169299a0a8889afa30b || url,www.securelist.com/en/descriptions/24412036/not-a-virus%3aAdWare.Win32.Sushi.au
1 || 2014263 || 2 || trojan-activity || 0 || ET TROJAN W32/Pasta.IK Checkin || md5,1a13d56365e864aba54967d4745ab660
1 || 2014264 || 6 || policy-violation || 0 || ET POLICY IP Geo Location Request || md5,0e2c46dc89dceb14e7add66cbfe8a2f8
1 || 2014265 || 4 || policy-violation || 0 || ET POLICY IP geo location service response || md5,0e2c46dc89dceb14e7add66cbfe8a2f8
1 || 2014266 || 4 || trojan-activity || 0 || ET TROJAN Trojan.Win32.NfLog Checkin (TTip) || url,contagiodump.blogspot.com/2012/02/feb-9-cve-2011-1980-msoffice-dll.html
1 || 2014267 || 1 || trojan-activity || 0 || ET TROJAN Query for Known Hostile *test.3322.org.cn Domain || url,www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-advanced-persistent-threat-malware_33814 || md5,e4afcee06ddaf093982f80dafbf9c447
1 || 2014268 || 1 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.RShot Checkin || md5,c0aadd5594d340d8a4909d172017e5d0
1 || 2014269 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.RShot HTTP Checkin || md5,c0aadd5594d340d8a4909d172017e5d0
1 || 2014270 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.RShot Ping Outbound || md5,c0aadd5594d340d8a4909d172017e5d0
1 || 2014271 || 1 || trojan-activity || 0 || ET TROJAN Win32/Cutwail.BE Checkin 1 || md5,3d766c4d53188eb8173a5dc3cfc4e317 || md5,289f457083e8f59520b31a7ea13d16ec
1 || 2014272 || 1 || trojan-activity || 0 || ET TROJAN Win32/Cutwail.BE Checkin 2 || md5,3d766c4d53188eb8173a5dc3cfc4e317 || md5,289f457083e8f59520b31a7ea13d16ec
1 || 2014273 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32/DarkComet Second Stage Download Request || url,blog.trendmicro.com/darkcomet-surfaced-in-the-targeted-attacks-in-syrian-conflict/
1 || 2014274 || 1 || attempted-admin || 0 || ET CURRENT_EVENTS Blackhole Tax Landing Page with JavaScript Attack
1 || 2014275 || 4 || trojan-activity || 0 || ET TROJAN W32/Rovnix Activity || url,blog.eset.com/2012/02/22/rovnix-reloaded-new-step-of-evolution
1 || 2014276 || 4 || trojan-activity || 0 || ET TROJAN W32/Rovnix Downloading Config File From CnC || url,blog.eset.com/2012/02/22/rovnix-reloaded-new-step-of-evolution
1 || 2014277 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query for try2check.me Carder Tool || url,cert.xmco.fr/blog/index.php?post/2012/02/23/Try2check.me%2C-le-maillon-fort
1 || 2014278 || 2 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /content/jav2.jar
1 || 2014279 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 6
1 || 2014280 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Acrobat 1-7 PDF exploit download request 6
1 || 2014281 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Java Applet with Obfuscated URL 2
1 || 2014282 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Download Secondary Request ?pagpag
1 || 2014283 || 3 || trojan-activity || 0 || ET TROJAN Trustezeb Checkin to CnC || url,www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=417
1 || 2014284 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Exploit Pack HCP exploit 4
1 || 2014285 || 4 || bad-unknown || 0 || ET DNS DNS Query for Suspicious .ch.vu Domain || url,google.com/safebrowsing/diagnostic?site=ch.vu
1 || 2014288 || 2 || trojan-activity || 0 || ET TROJAN Java Archive sent when remote host claims to send an image
1 || 2014289 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a 3322.org.cn Domain
1 || 2014290 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.PEx.942728546 Checkin || md5,25e9e3652e567e70fba00c53738bdf74 || url,threatcenter.crdf.fr/?More&ID=74977&D=CRDF.Backdoor.Win32.PEx.942728546
1 || 2014291 || 4 || trojan-activity || 0 || ET TROJAN W32/Backdoor.Kbot Config Retrieval || md5,b8ee86e57261fd3fb422a2b20a3c3e09
1 || 2014292 || 2 || trojan-activity || 0 || ET POLICY External IP Lookup
1 || 2014293 || 3 || trojan-activity || 0 || ET TROJAN Smart Fortress FakeAV/Kryptik.ABNC Checkin || md5,1ddfc3f3a804f0844c5fdf49dc10562a6 || url,support.kaspersky.com/viruses/rogue/description?qid=208286259
1 || 2014294 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS High Probability Blackhole Landing with catch qq
1 || 2014295 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Java Atomic Exploit Downloaded
1 || 2014296 || 2 || web-application-attack || 0 || ET WEB_SERVER eval/base64_decode Exploit Attempt Inbound
1 || 2014297 || 25 || bad-unknown || 0 || ET POLICY Vulnerable Java Version 1.7.x Detected || url,javatester.org/version.html
1 || 2014298 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole obfuscated Javascript 171 charcodes >= 48
1 || 2014299 || 2 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /content/viewer.jar
1 || 2014300 || 1 || trojan-activity || 0 || ET TROJAN Win32/Kryptik.ABUD Checkin || md5,00b714468f1bc2254559dd8fd84186f1
1 || 2014301 || 9 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - readme.exe
1 || 2014302 || 2 || trojan-activity || 0 || ET TROJAN Suspicious HTTP Referrer C Drive Path || md5,8ef81f2555725f7eeae00b3e31229e0e
1 || 2014303 || 2 || trojan-activity || 0 || ET TROJAN W32/Koobface Variant Checkin Attempt || md5,62aa9e798746e586fb1f03459a970104
1 || 2014304 || 3 || misc-activity || 0 || ET POLICY External IP Lookup Attempt To Wipmania || md5,b318988249cd8e8629b4ef8a52760b65
1 || 2014305 || 3 || trojan-activity || 0 || ET TROJAN W32/TCYWin.Downloader User-Agent || md5,4cfe5674d9f33804572ae0d14f0c941b
1 || 2014306 || 3 || trojan-activity || 0 || ET TROJAN W32/Backdoor.BlackMonay Checkin || md5,4a203e37caa2e04671388341419bda69
1 || 2014307 || 4 || trojan-activity || 0 || ET TROJAN W32/SelfStarterInternet.InfoStealer Checkin || md5,67c748f3ecc0278f1f94596f86edc509
1 || 2014308 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Obfuscated Content Using Dadongs JSXX 0.41 VIP Obfuscation Script || url,www.kahusecurity.com/2012/chinese-pack-using-dadongs-jsxx-vip-script/
1 || 2014309 || 3 || trojan-activity || 0 || ET TROJAN W32/LockScreen Scareware Geolocation Request || url,www.abuse.ch/?p=3610 || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_police_trojan.pdf
1 || 2014310 || 5 || trojan-activity || 0 || ET TROJAN RegSubsDat Checkin || url,www.secureworks.com/research/threats/sindigoo/
1 || 2014312 || 2 || trojan-activity || 0 || ET TROJAN W32/NSIS.TrojanDownloader Second Stage Download Instructions from Server || md5,3ce5da32903b52394cff2517df51f599
1 || 2014313 || 8 || not-suspicious || 0 || ET POLICY Executable Download From DropBox
1 || 2014314 || 7 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY Incognito Payload Download /load/*exe
1 || 2014315 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Incognito libtiff PDF Exploit Requested
1 || 2014316 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Incognito libtiff PDF Exploit Recieved
1 || 2014317 || 2 || trojan-activity || 0 || ET TROJAN ZeuS Clickfraud List Delivered To Client
1 || 2014318 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Clickpayz redirection to *.clickpayz.com
1 || 2014319 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Dadong Java Exploit Requested
1 || 2014320 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ButorWiki service Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/109852/ButorWiki-Cross-Site-Scripting.html
1 || 2014321 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS b2evolution inc_path Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/100798/b2evolution-4.0.5-Remote-File-Inclusion.html
1 || 2014322 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS b2evolution skins_path Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/100798/b2evolution-4.0.5-Remote-File-Inclusion.html
1 || 2014323 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_bch controller Local File Inclusion Attempt || url,packetstormsecurity.org/files/109025/Joomla-BCH-Local-File-Inclusion.html
1 || 2014324 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Fork-CMS js.php module parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.html
1 || 2014325 || 3 || attempted-user || 0 || ET ACTIVEX ASUS Net4Switch ipswcom.dll ActiveX Stack Buffer Overflow || url,packetstormsecurity.org/files/110296/ASUS-Net4Switch-ipswcom.dll-ActiveX-Stack-Buffer-Overflow.html
1 || 2014326 || 2 || attempted-user || 0 || ET ACTIVEX ASUS Net4Switch ActiveX CxDbgPrint Format String Function Call Attempt || url,packetstormsecurity.org/files/110296/ASUS-Net4Switch-ipswcom.dll-ActiveX-Stack-Buffer-Overflow.html
1 || 2014327 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS starCMS q parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/110376/starCMS-Cross-Site-Scripting.html
1 || 2014328 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_boss controller Local File Inclusion Attempt || url,packetstormsecurity.org/files/108905/Joomla-Boss-Local-File-Inclusion.html
1 || 2014329 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Snipsnap search Cross Site Scripting Attempt || url,packetstormsecurity.org/files/109543/Snipsnap-Cross-Site-Scripting.html
1 || 2014330 || 3 || trojan-activity || 0 || ET TROJAN Kelihos/Hlux GET jucheck.exe from CnC || url,www.abuse.ch/?p=3658
1 || 2014331 || 1 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Genome.aetqe Checkin || md5,700b7a81d1460a652e5f9f06fc54dcd6
1 || 2014332 || 1 || policy-violation || 0 || ET POLICY Coral Web Proxy/Content Distribution Net Use || url,en.wikipedia.org/wiki/Coral_Content_Distribution_Network
1 || 2014333 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS OSX/Flashback Checkin via Twitter Hashtag Pepbyfadxeoa || url,blog.intego.com/flashback-mac-malware-uses-twitter-as-command-and-control-center/
1 || 2014334 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Compromised Wordpress Redirect || url,community.websense.com/blogs/securitylabs/archive/2012/03/02/mass-injection-of-wordpress-sites.aspx
1 || 2014335 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Adobe Flash Player Malformed MP4 Remote Code Execution Attempt || url,contagiodump.blogspot.com/2012/03/mar-2-cve-2012-0754-irans-oil-and.html || bid,52034 || cve,2012-0754
1 || 2014336 || 3 || trojan-activity || 0 || ET TROJAN Yayih.A Checkin || url,contagiodump.blogspot.com/2012/03/mar-2-cve-2012-0754-irans-oil-and.html
1 || 2014337 || 2 || attempted-user || 0 || ET CURRENT_EVENTS RougeAV Wordpress Injection Campaign Compromised Page Served to Local Client || url,community.websense.com/blogs/securitylabs/archive/2012/03/05/mass-injection-of-wordpress-sites.aspx
1 || 2014338 || 3 || successful-admin || 0 || ET CURRENT_EVENTS RougeAV Wordpress Injection Campaign Compromised Page Served From Local Compromised Server || url,community.websense.com/blogs/securitylabs/archive/2012/03/05/mass-injection-of-wordpress-sites.aspx
1 || 2014339 || 2 || trojan-activity || 0 || ET MALWARE W32/GameVance Adware Checkin || md5,2609c78efbc325d1834e49553a9a9f89 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3aWin32/GameVance
1 || 2014340 || 4 || trojan-activity || 0 || ET MALWARE W32/GameVance Adware User Agent || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3aWin32/GameVance
1 || 2014341 || 2 || trojan-activity || 0 || ET POLICY Installshield One Click Install User-Agent Toys File || md5,22d3165c0e80ba50bc6a42a2e82b2874
1 || 2014342 || 4 || trojan-activity || 0 || ET POLICY Snadboy.com Products User-Agent || md5,26a813eadbf11a1dfc2e63dc7dc87480
1 || 2014343 || 2 || bad-unknown || 0 || ET TROJAN SMTP Subject Line Contains C Path and EXE Possible Trojan Reporting Execution Path/Binary Name || md5,24e937b9f3fd6a04dde46a2bc75d4b18
1 || 2014344 || 2 || trojan-activity || 0 || ET TROJAN W32/Coced.PasswordStealer User-Agent 5.0 || md5,24e937b9f3fd6a04dde46a2bc75d4b18
1 || 2014345 || 3 || trojan-activity || 0 || ET POLICY Suspicious User Agent UpdateSoft || md5,254efc77c18eb2f427d2a3920e07c2e8
1 || 2014346 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS INBOUND Blackhole Java Exploit request similar to /content/jav.jar
1 || 2014347 || 5 || trojan-activity || 0 || ET TROJAN Peed Checkin || md5,142ff7d3d931ecfa9a06229842ceefc4 || md5,df690cbf6e33e9ee53fdcfc456dc4c1f
1 || 2014348 || 2 || trojan-activity || 0 || ET TROJAN RevProxy ClientHello || md5,5d6f186f10acf5f21a3498601465cf40
1 || 2014349 || 2 || trojan-activity || 0 || ET DELETED RevProxy ServerRespone || md5,5d6f186f10acf5f21a3498601465cf40
1 || 2014350 || 2 || trojan-activity || 0 || ET DELETED RevProxy ClientPing || md5,5d6f186f10acf5f21a3498601465cf40
1 || 2014351 || 3 || trojan-activity || 0 || ET DELETED RevProxy CnC List Request || md5,5d6f186f10acf5f21a3498601465cf40
1 || 2014352 || 3 || attempted-admin || 0 || ET WEB_SERVER Possible SQL Injection Attempt char() Danmec related
1 || 2014353 || 3 || trojan-activity || 0 || ET MALWARE W32/MediaGet.Adware Installer Download || url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=860182 || md5,39c1769c39f61dd2ec009de8374352c6
1 || 2014355 || 2 || trojan-activity || 0 || ET MALWARE W32/SoftonicDownloader.Adware User Agent || md5,1047b186bb2822dbb5907cd743069261
1 || 2014356 || 4 || trojan-activity || 0 || ET TROJAN W32/ProxyChanger.InfoStealer Checkin || url,67c9799940dce6b9af2e6f98f52afdf7
1 || 2014357 || 4 || trojan-activity || 0 || ET TROJAN W32/Kazy Checkin || md5,bb129d433271951abb0e5262060a4583
1 || 2014358 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Riern.K Checkin Off Port
1 || 2014359 || 7 || trojan-activity || 0 || ET POLICY DNSWatch.info IP Check
1 || 2014360 || 4 || trojan-activity || 0 || ET TROJAN Win32/Protux.B POST checkin || md5,53105ecf3cf6040039e16abb382fb836
1 || 2014361 || 2 || trojan-activity || 0 || ET TROJAN Win32/Protux.B Download Update || md5,53105ecf3cf6040039e16abb382fb836
1 || 2014362 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Likely Scalaxy Exploit Kit URL template download
1 || 2014363 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Lookup of Algorithm Generated Zeus CnC Domain (DGA)
1 || 2014364 || 2 || trojan-activity || 0 || ET TROJAN W32.Blocker Checkin || md5,1d8841128e63ed7e26200d4ed3bc8e05
1 || 2014365 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Graybird Checkin || md5,0fd68129ecbf68ad1290a41429ee3e73 || md5,11353f5bdbccdd59d241644701e858e6
1 || 2014366 || 4 || trojan-activity || 0 || ET TROJAN Suspicious User-Agent Post
1 || 2014367 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Banload Trojan Downloader Dropped Binary || md5,31bb4e0d67a5af96d5b5691966e25d73
1 || 2014368 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole qwe123 PDF
1 || 2014369 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Landing with prototype catch
1 || 2014370 || 3 || trojan-activity || 0 || ET TROJAN W32/GamesForum.InfoStealer Reporting to CnC
1 || 2014371 || 6 || trojan-activity || 0 || ET DELETED Possible Kelihos .eu CnC Domain Generation Algorithm (DGA) Lookup Detected
1 || 2014372 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Kelihos .eu CnC Domain Generation Algorithm (DGA) Lookup NXDOMAIN Response
1 || 2014373 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zeus .ru CnC Domain Generation Algorithm (DGA) Lookup NXDOMAIN Response
1 || 2014374 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zeus .info CnC Domain Generation Algorithm (DGA) Lookup NXDOMAIN Response
1 || 2014375 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zeus .biz CnC Domain Generation Algorithm (DGA) Lookup NXDOMAIN Response
1 || 2014376 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Zeus .ru CnC Domain Generation Algorithm (DGA) Lookup Detected
1 || 2014377 || 2 || bad-unknown || 0 || ET DELETED Cutwail Landing Page WAIT PLEASE
1 || 2014378 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole/Cutwail Redirection Page 1
1 || 2014379 || 2 || bad-unknown || 0 || ET POLICY HTTP GET invalid method case outbound || url,www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
1 || 2014381 || 2 || bad-unknown || 0 || ET POLICY HTTP HEAD invalid method case outbound || url,www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
1 || 2014383 || 2 || attempted-admin || 0 || ET EXPLOIT Microsoft RDP Server targetParams Exploit Attempt || url,msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002
1 || 2014384 || 8 || attempted-dos || 0 || ET DOS Microsoft Remote Desktop (RDP) Syn then Reset 30 Second DoS Attempt || cve,2012-0152
1 || 2014385 || 5 || not-suspicious || 0 || ET DOS Microsoft Remote Desktop (RDP) Syn/Ack Outbound Flowbit Set || cve,2012-0152
1 || 2014386 || 2 || not-suspicious || 0 || ET DOS Microsoft Remote Desktop (RDP) Session Established Flowbit Set || cve,2012-0152
1 || 2014387 || 1 || trojan-activity || 0 || ET TROJAN Generic Dropper User-Agent (XXXwww)
1 || 2014388 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_phocadownload folder Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/100406/Joomla-Phocadownload-Remote-File-Inclusion.html
1 || 2014389 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_adsmanager mosConfig_absolute_path Remote File inclusion Attempt || url,packetstorm.foofus.com/1012-exploits/joomlaadsmanager-rfi.txt
1 || 2014390 || 2 || attempted-user || 0 || ET ACTIVEX EdrawSoft Office Viewer Component ActiveX FtpUploadFile Stack Buffer Overflow || url,packetstormsecurity.org/files/109298/EdrawSoft-Office-Viewer-Component-ActiveX-5.6-Buffer-Overflow.html
1 || 2014391 || 2 || attempted-user || 0 || ET ACTIVEX EdrawSoft Office Viewer Component ActiveX FtpUploadFile Format String Function Call Attempt || url,packetstormsecurity.org/files/109298/EdrawSoft-Office-Viewer-Component-ActiveX-5.6-Buffer-Overflow.html
1 || 2014392 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_fundhelp controller Local File Inclusion Attempt || url,packetstormsecurity.org/files/109023/Joomla-Fundhelp-Local-File-Inclusion.html
1 || 2014393 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rule controller Local File Inclusion Attempt || url,packetstormsecurity.org/files/109026/Joomla-Rule-Local-File-Inclusion.html
1 || 2014394 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_kp controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/108917/Joomla-KP-Local-File-Inclusion.html
1 || 2014395 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Address Book from Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/110667/PHP-Address-Book-6.2.12-SQL-Injection-Cross-Site-Scripting.html
1 || 2014396 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Volusion Chat ID Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/110811/Volusion-Chat-Cross-Site-Scripting.html
1 || 2014397 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS EJBCA issuer Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/110683/EJBCA-4.0.7-Cross-Site-Scripting-User-Enumeration.html
1 || 2014398 || 3 || trojan-activity || 0 || ET TROJAN Generic.KD.291903/Win32.TrojanClicker.Agent.NII Nconfirm Checkin || url,blog.eset.com/2012/03/17/drive-by-ftp-a-new-view-of-cve-2011-3544
1 || 2014399 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Spy.Win32.Zbot.djrm Checkin || md5,b895249cce7d2c27cb9c480feb36560c || md5,f70a5f52d4c0071963602c25b62865cb
1 || 2014400 || 3 || trojan-activity || 0 || ET MALWARE W32/LoudMo.Adware Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FLoudmo || md5,fc06c613e83f0d3271beba4fdcda987f
1 || 2014401 || 2 || trojan-activity || 0 || ET WORM W32/Rimecud /qvod/ff.txt Checkin || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FRimecud || md5,f97e1c4aefbd2595fcfeb0f482c47517 || md5,f96a29bcf6cba870efd8f7dd9344c39e || md5,fae8675502d909d6b546c111625bcfba
1 || 2014402 || 2 || trojan-activity || 0 || ET WORM W32/Rimecud wg.txt Checkin || md5,a89f7289d5cce821a194542e90026082 || md5,fd56ce176889d4fbe588760a1da6462b || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FRimecud
1 || 2014403 || 2 || trojan-activity || 0 || ET MALWARE W32/PaPaPaEdge.Adware/Gambling Poker-Edge Checkin || md5,f9d226bf9807c72432050f7dcb396b06
1 || 2014404 || 3 || trojan-activity || 0 || ET DELETED W32/Bifrose.Backdoor Checkin Attempt via Facebook || md5,61661202e320dd91e4f7e4a10616eefc
1 || 2014405 || 10 || trojan-activity || 0 || ET TROJAN Cridex.B/Feodo Checkin || md5,7ed139b53e24e4385c4c59cd2aa0e5f7 || url,labs.m86security.com/2012/03/the-cridex-trojan-targets-137-financial-organizations-in-one-go/ || url,blog.fireeye.com/research/2010/10/feodosoff-a-new-botnet-on-the-rise.html || url,about-threats.trendmicro.com/Malware.aspx?language=us&name=WORM_CRIDEX.IC
1 || 2014406 || 2 || policy-violation || 0 || ET MOBILE_MALWARE iOS Keylogger iKeyMonitor access || url,moreinfo.thebigboss.org/moreinfo/depiction.php?file=ikeymonitorDp
1 || 2014407 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY EgyPack Exploit Kit Cookie Set || url,www.kahusecurity.com/2011/new-exploit-kit-egypack/ || url,www.vbulletin.com/forum/forum/vbulletin-3-8/vbulletin-3-8-questions-problems-and-troubleshooting/346989-vbulletin-footer-sql-injection-hack || url,blog.webroot.com/2013/03/29/a-peek-inside-the-egypack-web-malware-exploitation-kit/
1 || 2014408 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY EgyPack Exploit Kit Cookie Present || url,www.kahusecurity.com/2011/new-exploit-kit-egypack/ || url,www.vbulletin.com/forum/forum/vbulletin-3-8/vbulletin-3-8-questions-problems-and-troubleshooting/346989-vbulletin-footer-sql-injection-hack || url,blog.webroot.com/2013/03/29/a-peek-inside-the-egypack-web-malware-exploitation-kit/
1 || 2014409 || 3 || trojan-activity || 0 || ET TROJAN FakeAV.dfze/FakeAV!IK Checkin || md5,fe1e735ec10fb8836691fe2f2ac7ea44
1 || 2014410 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Ixeshe || url,blog.spiderlabs.com/2012/03/dirty-rat.html
1 || 2014411 || 10 || trojan-activity || 0 || ET TROJAN Fareit/Pony Downloader Checkin 2 || md5,99FAB94FD824737393F5184685E8EDF2 || url,www.threatexpert.com/report.aspx?md5=9544c681ae5c4fe3fdbd4d5c6c90e38e || url,www.threatexpert.com/report.aspx?md5=d50c39753ba88daa00bc40848f174168 || url,www.threatexpert.com/report.aspx?md5=bf422f3aa215d896f55bbe2ebcd25d17
1 || 2014412 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole client=done Cookie Set
1 || 2014413 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole client=done Cookie Present
1 || 2014414 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole Landing Page applet param window.document
1 || 2014415 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit JavaScript dotted quad hostile applet || url,community.websense.com/blogs/securitylabs/pages/black-hole-exploit-kit.aspx
1 || 2014416 || 3 || attempted-user || 0 || ET ACTIVEX Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx Access 1 || url,retrogod.altervista.org/9sg_linksys_playerpt.htm
1 || 2014417 || 3 || attempted-user || 0 || ET ACTIVEX Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT ActiveX Control PlayerPT.ocx Access 2 || url,retrogod.altervista.org/9sg_linksys_playerpt.htm
1 || 2014418 || 4 || attempted-user || 0 || ET ACTIVEX 2X ApplicationServer TuxSystem Class ActiveX Control ImportSettings Remote File Overwrite Attempt || url,www.exploit-db.com/exploits/18625/
1 || 2014419 || 3 || attempted-user || 0 || ET ACTIVEX 2X ApplicationServer TuxSystem Class ActiveX Control ImportSettings Function Call Attempt || url,www.exploit-db.com/exploits/18625/
1 || 2014420 || 2 || attempted-user || 0 || ET ACTIVEX 2X ApplicationServer TuxSystem Class ActiveX Control ExportSettings Remote File Overwrite Attempt || url,www.exploit-db.com/exploits/18625/
1 || 2014421 || 2 || attempted-user || 0 || ET ACTIVEX 2X ApplicationServer TuxSystem Class ActiveX Control ExportSettings Function Call Attempt || url,www.exploit-db.com/exploits/18625/
1 || 2014422 || 3 || attempted-user || 0 || ET ACTIVEX 2X Client for RDP ClientSystem Class ActiveX Control InstallClient Download and Execute || url,www.exploit-db.com/exploits/18624/
1 || 2014423 || 2 || attempted-user || 0 || ET ACTIVEX 2X Client for RDP ClientSystem Class ActiveX Control InstallClient Function Call Attempt || url,www.exploit-db.com/exploits/18624/
1 || 2014424 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS VTiger CRM module_name parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/111075/Vtiger-5.1.0-Local-File-Inclusion.html
1 || 2014425 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OneFileCMS f parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/110906/OneFileCMS-1.1.5-Local-File-Inclusion.html
1 || 2014426 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WikyBlog which Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/110863/WikyBlog-1.7.3RC2-Cross-Site-Scripting.html
1 || 2014427 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Greenpeace.fr filter_dpt Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/110989/Greenpeace.fr-Cross-Site-Scripting.html
1 || 2014428 || 6 || trojan-activity || 0 || ET TROJAN SpyEye Checkin version 1.3.25 or later 3
1 || 2014429 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Java Rhino Exploit Attempt - evilcode.class || cve,2011-3544
1 || 2014430 || 13 || attempted-dos || 0 || ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt Negative INT || url,www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020-vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html
1 || 2014431 || 15 || attempted-dos || 0 || ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt || url,www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020-vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html
1 || 2014432 || 9 || attempted-dos || 0 || ET DELETED Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt 2 byte || url,www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020-vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html
1 || 2014433 || 10 || attempted-dos || 0 || ET DELETED Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt 3 byte || url,www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020-vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html
1 || 2014434 || 10 || attempted-dos || 0 || ET DELETED Microsoft Remote Desktop Protocol (RDP) maxChannelIds DoS Attempt 4 byte || url,www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020-vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html
1 || 2014435 || 11 || trojan-activity || 0 || ET TROJAN Infostealer.Banprox Proxy.pac Download || md5,3baae632d2476cbd3646c5e1b245d9be || md5,ace343a70fbd26e79358db4c27de73db
1 || 2014436 || 3 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /Pol.jar
1 || 2014437 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV Landing Page - Initializing Protection System
1 || 2014438 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Unknown - news=1 in http_cookie
1 || 2014439 || 4 || trojan-activity || 0 || ET TROJAN IRC Bot Download http Command || md5,fa6ae89b101a0367cc98798c7333e3a4
1 || 2014440 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Payload Download - scandsk.exe
1 || 2014441 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Landing Page Requested - /Home/index.php
1 || 2014442 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Landing Page Requested - *.php?*=16HexCharacters in http_uri
1 || 2014443 || 5 || bad-unknown || 0 || ET DELETED DRIVEBY Blackhole - Landing Page Recieved - applet and flowbit
1 || 2014444 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Page redirecting to driveby
1 || 2014445 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Dynamic DNS Exploit Pack Payload
1 || 2014446 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Dynamic DNS Exploit Pack Landing Page /de/sN
1 || 2014447 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Dynamic Dns Exploit Pack Java exploit
1 || 2014448 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WEB-PHP Wordpress enable-latex plugin url Remote File inclusion Attempt || url,packetstormsecurity.org/files/107260/WordPress-Enable-Latex-Remote-File-Inclusion.html
1 || 2014449 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Event Calendar PHP cal_year Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/111161/Event-Calendar-PHP-Cross-Site-Scripting.html
1 || 2014450 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Mini Mail Dashboard Widget abspath Remote File inclusion Attempt || url,packetstormsecurity.org/files/105238/WordPress-Mini-Mail-Dashboard-Widget-1.36-Remote-File-Inclusion.html
1 || 2014451 || 2 || attempted-user || 0 || ET ACTIVEX  Dell Webcam CrazyTalk ActiveX Control BackImage Access Potential Buffer Overflow Attempt || url,packetstormsecurity.org/files/111077/Dell-Webcam-CrazyTalk-ActiveX-BackImage-Vulnerability.html
1 || 2014452 || 5 || attempted-user || 0 || ET ACTIVEX Dell Webcam CrazyTalk ActiveX Control BackImage Access Potential  Buffer Overflow Attempt 2 || url,packetstormsecurity.org/files/111077/Dell-Webcam-CrazyTalk-ActiveX-BackImage-Vulnerability.html
1 || 2014453 || 4 || attempted-user || 0 || ET ACTIVEX Quest InTrust Annotation Objects ActiveX Control Add Access Potential Remote Code Execution || url,www.exploit-db.com/exploits/18674/
1 || 2014454 || 4 || attempted-user || 0 || ET ACTIVEX Quest InTrust Annotation Objects ActiveX Control Add Access Potential Remote Code Execution 2 || url,www.exploit-db.com/exploits/18674/
1 || 2014455 || 3 || attempted-user || 0 || ET ACTIVEX TRENDnet TV-IP121WN UltraMJCam ActiveX Control OpenFileDlg Access Potential Remote Stack Buffer Overflow || url,www.exploit-db.com/exploits/18675/
1 || 2014456 || 4 || attempted-user || 0 || ET ACTIVEX TRENDnet TV-IP121WN UltraMJCam ActiveX Control OpenFileDlg Access Potential Remote Stack Buffer Overflow 2 || url,www.exploit-db.com/exploits/18675/
1 || 2014457 || 4 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit JAR from //Home/ || url,community.websense.com/blogs/securitylabs/pages/black-hole-exploit-kit.aspx
1 || 2014458 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Italian Spam Campaign || md5,c64504b68d34b18a370f5e77bd0b0337
1 || 2014459 || 2 || policy-violation || 0 || ET P2P QVOD P2P Sharing Traffic detected (tcp)
1 || 2014460 || 5 || trojan-activity || 0 || ET DELETED Zeus CnC Checkin POST to Config.php || url,blog.fireeye.com/research/2012/04/zeus-takeover-leaves-undead-remains.html#more
1 || 2014461 || 7 || bad-unknown || 0 || ET EXPLOIT Java Atomic Reference Exploit Attempt Metasploit Specific || cve,CVE-2012-0507 || url,www.metasploit.com/modules/exploit/multi/browser/java_atomicreferencearray
1 || 2014462 || 3 || trojan-activity || 0 || ET TROJAN LuckyCat/TROJ_WIMMIE Checkin || url,blog.trendmicro.com/luckycat-redux-inside-an-apt-campaign/ || url,trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_luckycat_redux.pdf
1 || 2014463 || 3 || attempted-user || 0 || ET WEB_CLIENT Internet Explorer CTableRowCellsCollectionCacheItem.GetNext Memory Use-After-Free Attempt || url,dvlabs.tippingpoint.com/blog/2012/03/15/pwn2own-2012-challenge-writeup || url,technet.microsoft.com/en-us/security/bulletin/MS10-002 || bid,37894 || cve,2010-0248
1 || 2014464 || 2 || trojan-activity || 0 || ET TROJAN DwnLdr-JMZ Downloading Binary || url,sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~DwnLdr-JMZ/detailed-analysis.aspx
1 || 2014465 || 2 || trojan-activity || 0 || ET TROJAN DwnLdr-JMZ Downloading Binary 2 || url,sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~DwnLdr-JMZ/detailed-analysis.aspx
1 || 2014466 || 4 || trojan-activity || 0 || ET TROJAN Win32.Datamaikon Checkin
1 || 2014467 || 4 || trojan-activity || 0 || ET TROJAN Win32.Datamaikon Checkin NewAgent || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FDatamaikon.gen!A&ThreatID=-2147312276 || md5,77d68770fcdc6052bd8d761d14a14f5a
1 || 2014468 || 3 || trojan-activity || 0 || ET TROJAN Win32.Datamaikon Checkin myAgent || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FDatamaikon.gen!A&ThreatID=-2147312276 || md5,a51933ee0f2ade7df98feb7207a2ffaf
1 || 2014470 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole PDF served from iframe || url,community.websense.com/blogs/securitylabs/pages/black-hole-exploit-kit.aspx
1 || 2014471 || 6 || trojan-activity || 0 || ET POLICY DRIVEBY Generic - EXE Download by Java
1 || 2014472 || 6 || trojan-activity || 0 || ET INFO JAVA - Java Archive Download
1 || 2014473 || 4 || trojan-activity || 0 || ET INFO JAVA - Java Archive Download By Vulnerable Client
1 || 2014474 || 6 || trojan-activity || 0 || ET INFO JAVA - Java Class Download
1 || 2014475 || 6 || trojan-activity || 0 || ET INFO JAVA - Java Class Download By Vulnerable Client
1 || 2014476 || 2 || trojan-activity || 0 || ET TROJAN HTTP Request to Zaletelly CnC Domain zaletellyxx.be || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32/Gamarue.F
1 || 2014477 || 2 || trojan-activity || 0 || ET TROJAN HTTP Request to Zaletelly CnC Domain atserverxx.info || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3aWin32/Gamarue.F
1 || 2014478 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.3d-game.com Domain
1 || 2014479 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.3d-game.com Domain
1 || 2014480 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.4irc.com Domain
1 || 2014481 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.4irc.com Domain
1 || 2014482 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.b0ne.com Domain
1 || 2014483 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.b0ne.com Domain
1 || 2014484 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.bbsindex.com Domain
1 || 2014485 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.bbsindex.com Domain
1 || 2014486 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.chatnook.com Domain
1 || 2014487 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.chatnook.com Domain
1 || 2014488 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.darktech.org Domain
1 || 2014489 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.darktech.org Domain
1 || 2014490 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.deaftone.com Domain
1 || 2014491 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.deaftone.com Domain
1 || 2014492 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.dtdns.net Domain
1 || 2014493 || 6 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.dtdns.net Domain
1 || 2014494 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.effers.com Domain
1 || 2014495 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.effers.com Domain
1 || 2014496 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.etowns.net Domain
1 || 2014497 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.etowns.net Domain
1 || 2014498 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.etowns.org Domain
1 || 2014499 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.etowns.org Domain
1 || 2014500 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.flnet.org Domain
1 || 2014501 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.flnet.org Domain
1 || 2014502 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.gotgeeks.com Domain
1 || 2014503 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.gotgeeks.com Domain
1 || 2014504 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.scieron.com Domain
1 || 2014505 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.scieron.com Domain
1 || 2014506 || 5 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.slyip.com Domain
1 || 2014507 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.slyip.com Domain
1 || 2014508 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to a *.slyip.net Dynamic DNS Domain
1 || 2014509 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.slyip.net Domain
1 || 2014510 || 5 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to a *.suroot.com Domain
1 || 2014511 || 4 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a *.suroot.com Domain
1 || 2014513 || 1 || trojan-activity || 0 || ET TROJAN DNS Request for Zaletelly CnC Domain || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~MDrop-EAB/detailed-analysis.aspx
1 || 2014514 || 7 || misc-activity || 0 || ET INFO EXE - OSX Executable Download - Multi Arch w/Intel
1 || 2014515 || 4 || misc-activity || 0 || ET INFO EXE - OSX Executable Download - Multi Arch w/PowerPC
1 || 2014516 || 4 || misc-activity || 0 || ET INFO EXE - OSX Executable Download - Intel Arch
1 || 2014517 || 4 || misc-activity || 0 || ET INFO EXE - OSX Executable Download - PowerPC Arch
1 || 2014518 || 5 || misc-activity || 0 || ET INFO EXE - OSX Disk Image Download
1 || 2014519 || 6 || misc-activity || 0 || ET INFO EXE - Served Inline HTTP
1 || 2014520 || 6 || misc-activity || 0 || ET INFO EXE - Served Attached HTTP
1 || 2014521 || 6 || bad-unknown || 0 || ET DELETED Possible Blackhole Landing to 8 chr folder plus index.html
1 || 2014522 || 4 || trojan-activity || 0 || ET TROJAN OSX/Flashback.K/I reporting successful infection || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml || url,vms.drweb.com/virus/?i=1816029
1 || 2014523 || 3 || trojan-activity || 0 || ET TROJAN OSX/Flashback.K/I reporting successful infection 2 || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml || url,vms.drweb.com/virus/?i=1816029
1 || 2014524 || 4 || trojan-activity || 0 || ET TROJAN OSX/Flashback.K/I reporting failed infection || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml || url,vms.drweb.com/virus/?i=1816029
1 || 2014525 || 4 || trojan-activity || 0 || ET TROJAN OSX/Flashback.K first execution checkin || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml || url,vms.drweb.com/virus/?i=1816029
1 || 2014526 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Exploit Kit Delivering JAR Archive to Client
1 || 2014527 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Exploit Kit Delivering Compressed Flash Content to Client
1 || 2014528 || 2 || trojan-activity || 0 || ET TROJAN W32/Taidoor.Backdoor Command Request CnC Checkin || url,www.symantec.com/connect/blogs/trojantaidoor-takes-aim-policy-think-tanks
1 || 2014529 || 2 || trojan-activity || 0 || ET TROJAN W32/Taidoor.Backdoor CnC Checkin With Default Substitute MAC Address Field || url,www.symantec.com/connect/blogs/trojantaidoor-takes-aim-policy-think-tanks
1 || 2014530 || 3 || successful-user || 0 || ET TROJAN Metasploit Meterpreter stdapi_* Command Request
1 || 2014531 || 4 || successful-user || 0 || ET TROJAN Metasploit Meterpreter core_channel_* Command Request
1 || 2014532 || 3 || successful-user || 0 || ET TROJAN Metasploit Meterpreter stdapi_* Command Response
1 || 2014533 || 4 || successful-user || 0 || ET TROJAN Metasploit Meterpreter core_channel_* Command Response
1 || 2014534 || 4 || trojan-activity || 0 || ET TROJAN OSX/Flashback.K/I User-Agent || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml || url,vms.drweb.com/virus/?i=1816029 || url,f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
1 || 2014535 || 3 || bad-unknown || 0 || ET MALWARE BitCoinPlus Embedded site forcing visitors to mine BitCoins || url,www.bitcoinplus.com/miner/embeddable || url,www.bitcoinplus.com/miner/whatsthis
1 || 2014536 || 2 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /Klot.jar
1 || 2014537 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Initial Blackhole Landing .prototype.q catch with split
1 || 2014538 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Initial Blackhole Landing Loading... Please Wait
1 || 2014539 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Malicious TDS /indigo?
1 || 2014540 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing for Loading prototype catch
1 || 2014541 || 5 || attempted-recon || 0 || ET SCAN FHScan core User-Agent Detect || url,www.tarasco.org/security/FHScan_Fast_HTTP_Vulnerability_Scanner/index.html
1 || 2014542 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - redirect received
1 || 2014543 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - request in.cgi
1 || 2014544 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - cookie set
1 || 2014545 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
1 || 2014546 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - HTTP header redirecting to a SutraTDS
1 || 2014547 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - redirect received
1 || 2014548 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - cookie set
1 || 2014549 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
1 || 2014550 || 2 || attempted-user || 0 || ET ACTIVEX Possible IBM Tivoli Provisioning Manager Express Isig.isigCtl.1 ActiveX RunAndUploadFile Method Overflow || url,packetstormsecurity.org/files/111680/IBM-Tivoli-Provisioning-Manager-Express-Overflow.html
1 || 2014551 || 2 || attempted-user || 0 || ET ACTIVEX Possible IBM Tivoli Provisioning Manager Express Isig.isigCtl.1 ActiveX RunAndUploadFile Method Overflow 2 || url,packetstormsecurity.org/files/111680/IBM-Tivoli-Provisioning-Manager-Express-Overflow.html
1 || 2014552 || 2 || attempted-user || 0 || ET ACTIVEX Possible Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal Remote Registry Dump Vulnerability || url,exploit-db.com/exploits/17557/
1 || 2014553 || 2 || attempted-user || 0 || ET ACTIVEX Possible Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal Remote Registry Dump Vulnerability 2 || url,exploit-db.com/exploits/17557/
1 || 2014554 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Pretty Link plugin url Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/107551/WordPress-Pretty-Link-1.5.2-Cross-Site-Scripting.html
1 || 2014555 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress flash-album-gallery plugin i Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/107424/WordPress-Flash-Album-Gallery-Cross-Site-Scripting.html
1 || 2014556 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS wordpress thecartpress plugin loop parameter Local File Inclusion Attempt || url,1337day.com/exploits/18018
1 || 2014557 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_bulkenquery controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/108913/Joomla-Bulkenquery-Local-File-Inclusion.html
1 || 2014558 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_br controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/108948/Joomla-BR-Local-File-Inclusion.html
1 || 2014559 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Free PHP photo gallery script path parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/92079/Free-PHP-Photo-Gallery-Script-Remote-File-Inclusion.html
1 || 2014560 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS - Modified Metasploit Jar
1 || 2014561 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS landing page with malicious Java applet
1 || 2014562 || 3 || trojan-activity || 0 || ET TROJAN Pony Downloader HTTP Library MSIE 5 Win98
1 || 2014563 || 3 || trojan-activity || 0 || ET TROJAN Pony Downloader check-in response STATUS-IMPORT-OK
1 || 2014564 || 2 || trojan-activity || 0 || ET TROJAN OS X Backdoor Checkin || url,www.securelist.com/en/blog/208193467/SabPub_Mac_OS_X_Backdoor_Java_Exploits_Targeted_Attacks_and_Possible_APT_link
1 || 2014565 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS JavaScript Determining OS MAC and Serving Java Archive File || url,blog.trendmicro.com/another-tibetan-themed-malware-email-campaign-targeting-windows-and-macs/ || cve,2011-3544
1 || 2014566 || 2 || trojan-activity || 0 || ET TROJAN W32/UltimateDefender.FakeAV Checkin || md5,cec40236236466a1acb33aca3220eebe
1 || 2014567 || 5 || trojan-activity || 0 || ET INFO EXE Download With Content Type Specified As Empty || md5,d51218653323e48672023806f6ace26b
1 || 2014568 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unkown exploit kit jar download
1 || 2014569 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Unkown exploit kit version check
1 || 2014570 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS HTTP Request to a known malware domain (regicsgf.net) || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Coswid-C/detailed-analysis.aspx
1 || 2014571 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS HTTP Request to a a known malware domain (sektori.org) || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Coswid-C/detailed-analysis.aspx
1 || 2014572 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query for a known malware domain (regicsgf.net) || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Coswid-C/detailed-analysis.aspx
1 || 2014573 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query for a known malware domain (sektori.org) || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Coswid-C/detailed-analysis.aspx
1 || 2014574 || 4 || policy-violation || 0 || ET POLICY CNET TechTracker User-Agent (CNET TechTracker) || url,www.cnet.com/techtracker-free/
1 || 2014575 || 4 || trojan-activity || 0 || ET INFO Potential Malicious PDF (EmbeddedFiles) improper case || url,blog.didierstevens.com/2009/07/01/embedding-and-hiding-files-in-pdf-documents/
1 || 2014576 || 2 || policy-violation || 0 || ET POLICY eBook Generator User-Agent (EBook) || url,malwr.com/analysis/a04b28e21adc70837eb7de811556ff4e/ || url,www.ebookgenerator.com/
1 || 2014577 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS ET CURRENT_EVENTS Italian Spam Campaign ZIP with EXE Containing Many Underscores
1 || 2014578 || 3 || trojan-activity || 0 || ET TROJAN Win32.Winwebsec.B Checkin || md5,9c9109cea5845272d6abd1b5523c8de7
1 || 2014579 || 3 || trojan-activity || 0 || ET TROJAN Likely Infected HTTP POST to PHP with User-Agent of HTTP Client
1 || 2014581 || 3 || trojan-activity || 0 || ET TROJAN Hoax.Win32.BadJoke/DownLoader1.57593 Checkin || url,malwr.com/analysis/5ee02601d265a9a88f03a5465a99b190/
1 || 2014583 || 3 || trojan-activity || 0 || ET TROJAN Adware/FakeAV.Kraddare Checkin UA || url,www.scumware.org/report/update.best-pc.co.kr
1 || 2014584 || 5 || bad-unknown || 0 || ET MALWARE Win32/Pdfjsc.XD Related Checkin (microsoft_predator_client header field) || url,www.fourteenforty.jp/products/yarai/CVE2011-0609/ || url,www.kahusecurity.com/2011/apec-spearphish-2/ || md5,3d91d9df315ffeb9bb1c774452b3114b
1 || 2014585 || 2 || attempted-user || 0 || ET ACTIVEX Possible Edraw Diagram Component 5 ActiveX LicenseName Access Potential buffer overflow DOS || url,exploit-db.com/exploits/18461/
1 || 2014586 || 2 || attempted-user || 0 || ET ACTIVEX Possible Edraw Diagram Component 5 ActiveX LicenseName Access Potential buffer overflow DOS 2 || url,exploit-db.com/exploits/18461/
1 || 2014587 || 3 || attempted-user || 0 || ET ACTIVEX Possible Quest vWorkspace Broker Client ActiveX Control SaveMiniLaunchFile Remote File Creation/Overwrite || url,exploit-db.com/exploits/18704/
1 || 2014588 || 2 || attempted-user || 0 || ET ACTIVEX Quest vWorkspace Broker Client ActiveX Control SaveMiniLaunchFile Remote File Creation/Overwrite 2 || url,exploit-db.com/exploits/18704/
1 || 2014589 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress yousaytoo-auto-publishing plugin submit Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/108470/wpystap-xss.txt
1 || 2014590 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_pinboard option Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/94991/Joomla-Pinboard-Remote-File-Inclusion.html
1 || 2014591 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress whois search domain Parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/108271/WordPress-Whois-Search-Cross-Site-Scripting.html
1 || 2014592 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Facebook-Page-Promoter-Lightbox settings-updated Cross Site Scripting Attempt || url,packetstormsecurity.org/files/108238/WordPress-Facebook-Page-Promoter-Lightbox-Cross-Site-Scripting.html
1 || 2014593 || 3 || attempted-user || 0 || ET ACTIVEX Possible Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution || url,securityfocus.com/archive/1/520353
1 || 2014594 || 4 || attempted-user || 0 || ET ACTIVEX Possible Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution 2 || url,securityfocus.com/archive/1/520353
1 || 2014595 || 4 || trojan-activity || 0 || ET DELETED Win32 Jadtre/Wapomi/Nimnul/Viking.AY ICMP ping
1 || 2014596 || 5 || trojan-activity || 0 || ET TROJAN FlashBack Mac OSX malware Checkin || url,blog.intego.com/flashback-mac-trojan-horse-infections-increasing-with-new-variant/
1 || 2014597 || 2 || trojan-activity || 0 || ET TROJAN Mac Flashback Checkin 1
1 || 2014598 || 6 || trojan-activity || 0 || ET TROJAN Mac Flashback Checkin 2
1 || 2014599 || 5 || trojan-activity || 0 || ET TROJAN Mac Flashback Checkin 3
1 || 2014600 || 5 || trojan-activity || 0 || ET TROJAN Win32/Nitol.A Checkin
1 || 2014601 || 4 || trojan-activity || 0 || ET TROJAN Win32/Nitol.B Checkin
1 || 2014604 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Yakes.pwo Checkin || md5,d40927e8c4b59a1c2af4f981ef295321
1 || 2014605 || 6 || trojan-activity || 0 || ET MALWARE W32/GameVance Adware Server Reponse To Client Checkin
1 || 2014606 || 4 || trojan-activity || 0 || ET MALWARE W32/GameVance User-Agent (aw v3)
1 || 2014607 || 9 || attempted-user || 0 || ET CURRENT_EVENTS Nikjju Mass Injection Compromised Site Served To Local Client
1 || 2014608 || 8 || attempted-user || 0 || ET CURRENT_EVENTS Nikjju Mass Injection Internal WebServer Compromised
1 || 2014609 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito Exploit Kit Java request to images.php?t=
1 || 2014610 || 4 || trojan-activity || 0 || ET TROJAN W32/Downvision.A Initial Checkin || url,www.fortiguard.com/av/VID3309956
1 || 2014611 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS TDS Sutra - cookie set RULEZ
1 || 2014612 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS TDS Sutra - cookie is set RULEZ
1 || 2014613 || 2 || web-application-activity || 0 || ET CURRENT_EVENTS Jembot PHP Webshell (file upload) || url,lab.onsec.ru/2012/04/find-new-web-bot-jembot.html?m=1
1 || 2014614 || 2 || web-application-activity || 0 || ET CURRENT_EVENTS Jembot PHP Webshell (system command) || url,lab.onsec.ru/2012/04/find-new-web-bot-jembot.html?m=1
1 || 2014615 || 3 || web-application-activity || 0 || ET CURRENT_EVENTS Jembot PHP Webshell (hell.php) || url,lab.onsec.ru/2012/04/find-new-web-bot-jembot.html?m=1
1 || 2014616 || 5 || trojan-activity || 0 || ET TROJAN Win32/Usteal.B Checkin || url,www.threatexpert.com/report.aspx?md5=3155b146bee46723acc5637617e3703a || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy%3AWin32%2FUsteal.B&ThreatID=-2147320862
1 || 2014617 || 2 || misc-activity || 0 || ET POLICY Cisco IOS Self Signed Certificate Served to External Host
1 || 2014618 || 2 || trojan-activity || 0 || ET TROJAN W32/Sogu Remote Access Trojan Social Media Embedded CnC Channel || url,blogs.norman.com/2012/security-research/trojan-moves-its-configuration-to-twitter-linkedin-msdn-and-baidu
1 || 2014619 || 2 || attempted-user || 0 || ET ACTIVEX Possible McAfee SaaS MyCioScan ShowReport Method Call Remote Command Execution || url,packetstormsecurity.org/files/108767/McAfee-SaaS-MyCioScan-ShowReport-Remote-Command-Execution.html
1 || 2014620 || 2 || attempted-user || 0 || ET ACTIVEX Possible McAfee SaaS MyCioScan ShowReport Method Call Remote Command Execution 2 || url,packetstormsecurity.org/files/108767/McAfee-SaaS-MyCioScan-ShowReport-Remote-Command-Execution.html
1 || 2014621 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DokuWiki target parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/111939/DocuWiki-2012-01-25-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
1 || 2014622 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress 1-jquery-photo-gallery-slideshow-flash plugin page Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/107423/WordPress-1-JQuery-Photo-Gallery-Slideshow-Flash-Cross-Site-Scripting.html
1 || 2014623 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DirectNews rootpath parameter Remote File inclusion Attempt || url,1337day.com/exploits/15795
1 || 2014624 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DirectNews uploadBigFiles.php Remote File inclusion Attempt || url,1337day.com/exploits/15795
1 || 2014625 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DirectNews remote.php Remote File inclusion Attempt || url,1337day.com/exploits/15795
1 || 2014626 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DirectNews class.panier_article.php Remote File inclusion Attempt || url,1337day.com/exploits/15795
1 || 2014627 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DirectNews menu_layers.php Remote File inclusion Attempt || url,1337day.com/exploits/15795
1 || 2014628 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DirectNews lib.panier.php Remote File inclusion Attempt || url,1337day.com/exploits/15795
1 || 2014629 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Blackhole Landing to 8 chr folder plus js.js
1 || 2014630 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.Es11 Keepalive to CnC || md5,4a17e9bd99f496c518ddfaaef93384b0
1 || 2014631 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FakeAV Security Shield payment page request
1 || 2014633 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMyAdmin setup.php Remote File inclusion Attempt || url,blog.spiderlabs.com/2012/04/honeypot-alert-phpmyadmin-setupphp-rfi-attacks-detected.html || url,phpmyadmin.net/home_page/security/PMASA-2010-4.php || cve,CVE-2010-3055
1 || 2014634 || 1 || trojan-activity || 0 || ET TROJAN Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Session_Id length greater than Client_Hello Length) || md5,a01d75158cf4618677f494f9626b1c4c
1 || 2014635 || 1 || trojan-activity || 0 || ET TROJAN Possible Variant.Kazy.53640 Malformed Client Hello SSL 3.0 (Cipher_Suite length greater than Client_Hello Length) || md5,a01d75158cf4618677f494f9626b1c4c
1 || 2014636 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32/Poison.BI || md5,3e008471eaa5e788c41c2a0dff3d1a89
1 || 2014637 || 3 || trojan-activity || 0 || ET TROJAN Maljava Dropper for Windows || url,www.symantec.com/connect/blogs/both-mac-and-windows-are-targeted-once
1 || 2014638 || 4 || trojan-activity || 0 || ET TROJAN Maljava Dropper for OS X || url,www.symantec.com/connect/blogs/both-mac-and-windows-are-targeted-once
1 || 2014639 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito Exploit Kit PDF request to images.php?t=81118
1 || 2014640 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito Exploit Kit payload request to images.php?t=N
1 || 2014641 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito Exploit Kit landing page request to images.php?t=4xxxxxxx
1 || 2014642 || 3 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /Edu.jar
1 || 2014643 || 7 || trojan-activity || 0 || ET TROJAN ConstructorWin32/Agent.V || md5,3305ad96bcfd3a406dc9daa31e538902
1 || 2014644 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole - Landing Page Recieved - applet PluginDetect and 10hexchar title
1 || 2014645 || 2 || attempted-admin || 0 || ET CURRENT_EVENTS RuggedCom Banner with MAC || url,www.exploit-db.com/exploits/18779/ || url,arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars
1 || 2014646 || 3 || attempted-admin || 0 || ET CURRENT_EVENTS RuggedCom factory account backdoor || url,www.exploit-db.com/exploits/18779/ || url,arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars
1 || 2014647 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP Volunteer Management id parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112219/PHP-Volunteer-Management-1.0.2-Cross-Site-Scripting-SQL-Injection.html
1 || 2014648 || 4 || attempted-user || 0 || ET ACTIVEX Tracker Software pdfSaver ActiveX StoreInRegistry Method Access Potential Buffer Overflow || url,exploit-db.com/exploits/18427/
1 || 2014649 || 6 || attempted-user || 0 || ET ACTIVEX Tracker Software pdfSaver ActiveX StoreInRegistry Method Access Potential Buffer Overflow 2 || url,exploit-db.com/exploits/18427/
1 || 2014650 || 4 || attempted-user || 0 || ET ACTIVEX Tracker Software pdfSaver ActiveX InitFromRegistry Method Access Potential Buffer Overflow || url,exploit-db.com/exploits/18427/
1 || 2014651 || 2 || attempted-user || 0 || ET ACTIVEX Tracker Software pdfSaver ActiveX InitFromRegistry Method Access Potential Buffer Overflow 2 || url,exploit-db.com/exploits/18427/
1 || 2014652 || 3 || attempted-user || 0 || ET ACTIVEX Quest Explain Plan Display ActiveX Control SaveToFile Insecure Method Access || url,secunia.com/advisories/48681/
1 || 2014653 || 3 || attempted-user || 0 || ET ACTIVEX Quest Explain Plan Display ActiveX Control SaveToFile Insecure Method Access 2 || url,secunia.com/advisories/48681/
1 || 2014654 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_videogallery controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/112161/Joomla-Video-Gallery-Local-File-Inclusion-SQL-Injection.html
1 || 2014655 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_some controller Parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/108906/Joomla-Some-Local-File-Inclusion.html
1 || 2014656 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Skysa Official submit parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/107342/WordPress-Skysa-Official-1.01-1.02-1.03-Cross-Site-Scripting.html
1 || 2014657 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Unkown exploit kit pdf download
1 || 2014658 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Unkown exploit kit payload download
1 || 2014659 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Obfuscated Please wait Message || url,isc.sans.edu/diary.html?storyid=13051
1 || 2014660 || 3 || trojan-activity || 0 || ET TROJAN Win32/Ponmocup.A Checkin || md5,97a1acc085849c0b9af19adcf44607a7
1 || 2014661 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing for prototype catch substr
1 || 2014662 || 1 || attempted-dos || 0 || ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds Integer indef DoS Attempt || url,www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020 vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html
1 || 2014663 || 1 || attempted-dos || 0 || ET DOS Microsoft Remote Desktop Protocol (RDP) maxChannelIds Negative Integer indef DoS Attempt || url, www.msdn.microsoft.com/en-us/library/cc240836.aspx || cve,2012-0002 || url,technet.microsoft.com/en-us/security/bulletin/ms12-020 || url,stratsec.blogspot.com.au/2012/03/ms12-020 vulnerability-for-breakfast.html || url,aluigi.org/adv/termdd_1-adv.txt || url,blog.binaryninjas.org/?p=58 || url,luca.ntop.org/Teaching/Appunti/asn1.html
1 || 2014664 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole - Jar File Naming Algorithm
1 || 2014665 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic - Redirection to Kit - BrowserDetect with var stopit
1 || 2014666 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole - Injected Page Leading To Driveby
1 || 2014667 || 2 || trojan-activity || 0 || ET MALWARE W32/Dialer.Adultchat Checkin || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FDluca.AN&ThreatID=-2147365813 || md5,fd2c949dc20b651a53326a3d571641ec
1 || 2014669 || 4 || trojan-activity || 0 || ET DELETED SpyEyeV1.3.48 Data Post to CnC - lol.php || url,blogs.mcafee.com/mcafee-labs/latest-spyeye-botnet-active-and-cheaper
1 || 2014700 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Backdoor.BAT.Agent.W User Botnet || md5,fc7059ec1e3e86fd0a664c3747f09725
1 || 2014701 || 9 || policy-violation || 0 || ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 6 or 7 set - Likely Kazy || md5,a56ec0f9bd46f921f65e4f6e598e5ed0 || url,www.emergingthreatspro.com/bot-of-the-day/kazy-part-deux-revenge-of-the-clear-plastic-tarp/ || url,vrt-blog.snort.org/2008/08/checking-multiple-bits-in-flag-field_29.html
1 || 2014702 || 7 || policy-violation || 0 || ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set - Likely Kazy || md5,a56ec0f9bd46f921f65e4f6e598e5ed0 || url,www.emergingthreatspro.com/bot-of-the-day/kazy-part-deux-revenge-of-the-clear-plastic-tarp/ || url,vrt-blog.snort.org/2008/08/checking-multiple-bits-in-flag-field_29.html
1 || 2014703 || 7 || policy-violation || 0 || ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Reserved Bit Set - Likely Kazy || md5,a56ec0f9bd46f921f65e4f6e598e5ed0 || url,www.emergingthreatspro.com/bot-of-the-day/kazy-part-deux-revenge-of-the-clear-plastic-tarp/ || url,vrt-blog.snort.org/2008/08/checking-multiple-bits-in-flag-field_29.html
1 || 2014704 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PHP-CGI query string parameter vulnerability || cve,2012-1823 || url,eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ || url,varanoid.com/research-alerts/us-cert/vu520827-php-cgi-query-string-parameter-vulnerability/
1 || 2014705 || 3 || trojan-activity || 1 || ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack exploit request
1 || 2014706 || 2 || trojan-activity || 1 || ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack payload request (exploit successful!)
1 || 2014707 || 3 || trojan-activity || 1 || ET CURRENT_EVENTS Bleeding Life 2 GPLed Exploit Pack payload download
1 || 2014708 || 3 || attempted-user || 0 || ET ACTIVEX Possible McAfee Virtual Technician MVT.MVTControl.6300 ActiveX Control GetObject method Remote Code Execution || url,exploit-db.com/exploits/18805/
1 || 2014709 || 3 || attempted-user || 0 || ET ACTIVEX Possible McAfee Virtual Technician MVT.MVTControl.6300 ActiveX Control GetObject method Remote Code Execution 2 || url,exploit-db.com/exploits/18805/
1 || 2014710 || 3 || attempted-user || 0 || ET ACTIVEX Possible Samsung NET-i Viewer Active-X SEH Overwrite || url,packetstormsecurity.org/files/112363/Samsung-NET-i Viewer-Active-X-SEH-Overwrite.html
1 || 2014711 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS maxxweb Cms kategorie parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112289/Maxxweb-CMS-Cross-Site-Scripting.html
1 || 2014712 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress WPsc-MijnPress plugin rwflush parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112324/WordPress-WPsc-MijnPress-Cross-Site-Scripting.html
1 || 2014713 || 3 || attempted-user || 0 || ET ACTIVEX Possible WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow || url,exploit-db.com/exploits/16604/
1 || 2014714 || 3 || attempted-user || 0 || ET ACTIVEX Possible WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow 2 || url,exploit-db.com/exploits/16604/
1 || 2014715 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_obsuggest controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/103598/Joomla-obSuggest-Local-File-Inclusion.html
1 || 2014716 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_joomtouch controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/104112/Joomla-JoomTouch-1.0.2-Local-File-Inclusion.html
1 || 2014717 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress WP Custom Pages url parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/100047/WordPress-WP-Custom-Pages-0.5.0.1-Local-File-Inclusion.html
1 || 2014718 || 3 || policy-violation || 0 || ET GAMES Nintendo Wii User-Agent || url,www.useragentstring.com/pages/Opera/
1 || 2014719 || 2 || trojan-activity || 0 || ET TROJAN W32/Simbot.Backdoor Checkin || md5,a4edc9d31bc0ad763b3424e9306f4d7c
1 || 2014720 || 2 || trojan-activity || 0 || ET TROJAN W32/Downloader/Agent.dxh.1 Reporting to CnC || md5,ded49b8c92d7ab6725649f04f30df8ce
1 || 2014721 || 2 || trojan-activity || 0 || ET TROJAN Boatz Checkin || url,blogs.mcafee.com/mcafee-labs/pastebin-shares-botnet-source-code
1 || 2014722 || 4 || trojan-activity || 0 || ET TROJAN Medfos/Midhos Checkin || md5,00da8acc14d0e827dbb1326c023fc720 || md5,8f561f46fb262cac6bb4cacf3e4e78a6 || md5,63491dcc8e897bf442599febe48b824d
1 || 2014723 || 2 || trojan-activity || 0 || ET TROJAN Suspicious lcon http header in response seen with Medfos/Midhos downloader || md5,63491dcc8e897bf442599febe48b824d
1 || 2014724 || 3 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /Cal.jar
1 || 2014725 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Request for Blackhole Exploit Kit Landing Page - src.php?case=
1 || 2014726 || 33 || policy-violation || 0 || ET POLICY Outdated Windows Flash Version IE || url,www.adobe.com/software/flash/about/
1 || 2014727 || 26 || policy-violation || 0 || ET POLICY Outdated Mac Flash Version
1 || 2014728 || 4 || trojan-activity || 0 || ET TROJAN Smoke Loader Checkin r=gate || md5,fafada188ce47a1459f4fcea487f06b5
1 || 2014729 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FakeAV Landing Page - Viruses were found
1 || 2014730 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS Potential FAKEAV Download a-f0-9 x16 download
1 || 2014731 || 2 || trojan-activity || 0 || ET TROJAN Snap Bot Checkin || md5,a45a1ccf6842b032b7f2ef2f2255c81c || md5,e070ce714e343052d19a7e3213ee2a9a || url,ddanchev.blogspot.com/2011/05/peek-inside-new-ddos-bot-snap.html
1 || 2014732 || 4 || trojan-activity || 0 || ET TROJAN Snap Bot Receiving Download Command || md5,a45a1ccf6842b032b7f2ef2f2255c81c || md5,e070ce714e343052d19a7e3213ee2a9a || url,ddanchev.blogspot.com/2011/05/peek-inside-new-ddos-bot-snap.html
1 || 2014733 || 5 || trojan-activity || 0 || ET TROJAN Snap Bot Receiving DDoS Command || md5,a45a1ccf6842b032b7f2ef2f2255c81c || md5,e070ce714e343052d19a7e3213ee2a9a || url,ddanchev.blogspot.com/2011/05/peek-inside-new-ddos-bot-snap.html
1 || 2014734 || 2 || policy-violation || 0 || ET P2P BitTorrent - Torrent File Downloaded
1 || 2014735 || 3 || trojan-activity || 0 || ET MALWARE Malicious file bitdefender_isecurity.exe download || md5,283ae10839fff3e183193efde3e633eb
1 || 2014736 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Andromeda Streaming MP3 Server andromeda.php Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112549/Andromeda-Streaming-MP3-Server-1.9.3.6-Cross-Site-Scripting.html
1 || 2014737 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdSave Method Access Buffer Overflow || url,secunia.com/advisories/45511
1 || 2014738 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdSave Method Access Buffer Overflow 2 || url,secunia.com/advisories/45511
1 || 2014739 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdExport Method Access Buffer Overflow || url,secunia.com/advisories/45511
1 || 2014740 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdExport Method Access Buffer Overflow 2 || url,secunia.com/advisories/45511
1 || 2014741 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdImport Method Access Buffer Overflow || url,secunia.com/advisories/45511
1 || 2014742 || 3 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdImport Method Access Buffer Overflow 2 || url,secunia.com/advisories/45511
1 || 2014743 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdOpen Method Access Buffer Overflow || url,secunia.com/advisories/45511
1 || 2014744 || 4 || attempted-user || 0 || ET ACTIVEX Potential ThreeDify Designer ActiveX Control cmdOpen Method Access Buffer Overflow 2 || url,secunia.com/advisories/45511
1 || 2014745 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Try Prototype Catch May 11 2012
1 || 2014746 || 4 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to /Set.jar
1 || 2014747 || 3 || trojan-activity || 0 || ET DELETED Blackhole Try Prototype Catch May 14 2012
1 || 2014748 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit Repeated Exploit Request Pattern || url,blog.spiderlabs.com/2012/05/a-wild-exploit-kit-appears.html || url,malware.dontneedcoffee.com/2012/05/inside-redkit.html || url,malware.dontneedcoffee.com/2012/05/redkit-not-so-red-anymore.html || url,www.malwaredomainlist.com/forums/index.php?topic=4855.msg23470
1 || 2014749 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit Java Exploit request to /24842.jar
1 || 2014750 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito/RedKit Exploit Kit vulnerable Java payload request to /1digit.html
1 || 2014751 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS Nuclear/Safe/CritX/FlashPack - Java Request - 32char hex-ascii
1 || 2014752 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Win32.HLLW.Autoruner USA_Load UA || url,news.drweb.com/show/?i=2440&lng=en&c=5
1 || 2014753 || 5 || bad-unknown || 0 || ET DELETED probable malicious Glazunov Javascript injection
1 || 2014754 || 6 || trojan-activity || 0 || ET TROJAN W32/Mepaow.Backdoor Initial Checkin to Intermediary Pre-CnC || url,home.mcafee.com/virusinfo/virusprofile.aspx?key=1072862 || url,8af17164500aac1c0965b842aca3fed7
1 || 2014755 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS W32/HupigonUser.Backdoor Rabclib UA Checkin || md5,65467e7ff3140f42f4758eca7b76185c
1 || 2014756 || 5 || policy-violation || 0 || ET POLICY Logmein.com/Join.me SSL Remote Control Access
1 || 2014757 || 4 || trojan-activity || 0 || ET TROJAN Win32/Comrerop Checkin to FTP server || md5,6b16290b05afd1a9d638737924f2ab5c
1 || 2014758 || 4 || trojan-activity || 0 || ET TROJAN Trojan.BAT.Qhost - SET || md5,8174d42fd82457592c573fe73bdc0cd5
1 || 2014759 || 3 || trojan-activity || 0 || ET TROJAN Trojan.BAT.Qhost Response from Controller || md5,8174d42fd82457592c573fe73bdc0cd5
1 || 2014760 || 2 || trojan-activity || 0 || ET TROJAN W32/Votwup.Backdoor Checkin || md5,1325e4e44b5bf2f8dfe550dec016da53
1 || 2014761 || 2 || misc-activity || 0 || ET POLICY Internal Host Getting External IP Address - ip2city.asp
1 || 2014762 || 2 || trojan-activity || 0 || ET TROJAN W32/SpyBanker Infection Confirmation Email 2 || md5,f091e8ed0e8f4953ff10ce3bd06dbe54
1 || 2014763 || 5 || attempted-user || 0 || ET ACTIVEX Possible Chilkat Software FTP2 ActiveX Component GetFile Access Remote Code Execution || url,packetstormsecurity.org/files/97160/Chilkat-Software-FTP2-ActiveX-Code-Execution.html
1 || 2014764 || 4 || attempted-user || 0 || ET ACTIVEX Possible Chilkat Software FTP2 ActiveX Component GetFile Access Remote Code Execution 2 || url,packetstormsecurity.org/files/97160/Chilkat-Software-FTP2-ActiveX-Code-Execution.html
1 || 2014765 || 5 || attempted-user || 0 || ET ACTIVEX Possible Windows Live Writer ActiveX BlogThisLink Method Access Denail of Service Attack || url,1337day.com/exploits/17583
1 || 2014766 || 5 || attempted-user || 0 || ET ACTIVEX Possible Windows Live Writer ActiveX BlogThisLink Method Access Denail of Service Attack 2 || url,1337day.com/exploits/17583
1 || 2014767 || 5 || trojan-activity || 0 || ET MALWARE Win32.Bublik.B/Birele/Variant.Kazy.66443 Checkin || md5,48352e3a034a95845864c0f6aad07d39
1 || 2014768 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress WP Survey and Quiz Tool plugin rowcount Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112685/WordPress-WP-Survey-And-Quiz-Tool-2.9.2-Cross-Site-Scripting.html
1 || 2014769 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress CataBlog plugin category Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112710/WordPress-CataBlog-1.6-Cross-Site-Scripting.html
1 || 2014770 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Download Monitor plugin uploader.php Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112707/WordPress-Download-Monitor-3.3.5.4-Cross-Site-Scripting.html
1 || 2014771 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Appointment Booking Pro view parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/103172/Joomla-Appointment-Booking-Pro-Arbitrary-File-Reading.html
1 || 2014772 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_media file parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/99775/Joomla-Media-Local-File-Inclusion.html
1 || 2014773 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page JavaScript Split String Obfuscation of CharCode
1 || 2014774 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Malicious PDF qweqwe= || url,jsunpack.jeek.org/dec/go?report=4d25f4f01ff5cdbee35a23fcd9e047b69d917b47
1 || 2014775 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole PDF Payload Request
1 || 2014776 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole PDF Payload Request With Double Colon
1 || 2014777 || 2 || trojan-activity || 0 || ET TROJAN Kazy/Kryptic Checkin with Opera/9 User-Agent || url,malwr.com/analysis/18c5b31198777f93a629a0357b22f2f8/ || md5,18c5b31198777f93a629a0357b22f2f8 || url,www.virustotal.com/file/94cf780fa829c16cd0b09a462b5419cd1175bac01ba935e906a109d97b4dadaa/
1 || 2014778 || 2 || trojan-activity || 0 || ET TROJAN Bebloh connectivity check || md5,3f9ef604b68da32062ef27e15eb71715 || md5,ccb463b2dadaf362a03c8bbf34dc247e
1 || 2014779 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.2288.org
1 || 2014781 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.3322.net
1 || 2014782 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.6600.org
1 || 2014783 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.7766.org
1 || 2014784 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.8800.org
1 || 2014786 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to 3322.net Domain *.9966.org
1 || 2014787 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.2288.org
1 || 2014788 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.3322.net
1 || 2014789 || 4 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.6600.org
1 || 2014790 || 6 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.7766.org
1 || 2014791 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.8800.org
1 || 2014792 || 5 || misc-activity || 0 || ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.9966.org
1 || 2014793 || 3 || trojan-activity || 0 || ET TROJAN Win32/MultiPasswordRecovery.A cs-crash PWS
1 || 2014794 || 4 || trojan-activity || 0 || ET TROJAN Win32/Thetatic.A Client POST Get CMD Checkin
1 || 2014795 || 2 || trojan-activity || 0 || ET TROJAN Win32/Thetatic.A Client POST CMD result
1 || 2014796 || 5 || trojan-activity || 0 || ET DELETED Win32/Thetatic.A Checkin
1 || 2014797 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS ZeuS Ransomware win_unlock || url,www.f-secure.com/weblog/archives/00002367.html || md5,14a1d23b5a8b4f5c186bc5082ede4596
1 || 2014798 || 2 || bad-unknown || 0 || ET MALWARE PCMightyMax Agent PCMM.Installer
1 || 2014799 || 2 || policy-violation || 0 || ET POLICY OpenVPN Update Check
1 || 2014800 || 2 || trojan-activity || 0 || ET DELETED Blackhole Landing Page getElementByID Qwe - May 22nd 2012 || url,blog.spiderlabs.com/2012/05/catch-me-if-you-can-trojan-banker-zeus-strikes-again-part-2-of-5-1.html
1 || 2014801 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Try App.title Catch - May 22nd 2012 || url,blog.spiderlabs.com/2012/05/catch-me-if-you-can-trojan-banker-zeus-strikes-again-part-2-of-5-1.html
1 || 2014802 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fragus Exploit jar Download
1 || 2014803 || 7 || trojan-activity || 0 || ET TROJAN VBS/Wimmie.A Set || url,www.threatexpert.com/report.aspx?md5=6fd7493e56fdc3b0dd8ecd24aea20da1 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AVBS%2FWimmie.A || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_luckycat_redux.pdf || md5,61474931882dce7b1c67e1f22d26187e
1 || 2014804 || 6 || trojan-activity || 0 || ET TROJAN VBS/Wimmie.A Checkin || url,www.threatexpert.com/report.aspx?md5=6fd7493e56fdc3b0dd8ecd24aea20da1 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AVBS%2FWimmie.A || md5,61474931882dce7b1c67e1f22d26187e || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_luckycat_redux.pdf
1 || 2014805 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown java_ara Bin Download
1 || 2014806 || 5 || attempted-user || 0 || ET ACTIVEX Possible SkinCrafter ActiveX Control InitLicenKeys Method Access Buffer Overflow || url,exploit-db.com/exploits/18892/
1 || 2014807 || 4 || attempted-user || 0 || ET ACTIVEX Possible SkinCrafter ActiveX Control InitLicenKeys Method Access Buffer Overflow 2 || url,exploit-db.com/exploits/18892/
1 || 2014808 || 7 || attempted-user || 0 || ET ACTIVEX Possible IBM Lotus Quickr for Domino ActiveX control Attachment_Times Method Access buffer overflow Attempt || url,secunia.com/advisories/49285/
1 || 2014809 || 4 || attempted-user || 0 || ET ACTIVEX Possible IBM Lotus Quickr for Domino ActiveX control Import_Times Method Access buffer overflow Attempt || url,secunia.com/advisories/49285/
1 || 2014810 || 4 || trojan-activity || 0 || ET MALWARE Malicious pusk.exe download || md5,eae75c0e34d11e6daef216cfc3fbbb04
1 || 2014811 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Dynamic Widgets plugin id parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112706/WordPress-Dynamic-Widgets-1.5.1-Cross-Site-Scripting.html
1 || 2014812 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress LeagueManager plugin group parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112698/WordPress-LeagueManager-3.7-Cross-Site-Scripting.html
1 || 2014813 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress LeagueManager plugin season parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112698/WordPress-LeagueManager-3.7-Cross-Site-Scripting.html
1 || 2014814 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Component JE Story Submit view parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/103214/Joomla-JE-K2-Story-Submit-Local-File-Inclusion.html
1 || 2014815 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_acooldebate controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/102422/Joomla-A-Cool-Debate-1.0.3-Local-File-Inclusion.html
1 || 2014816 || 5 || trojan-activity || 0 || ET TROJAN Rogue.Win32/Winwebsec Install 2 || md5,181999985de5feae6f44f9578915417f
1 || 2014817 || 2 || trojan-activity || 0 || ET USER_AGENTS W32/Renos.Downloader User Agent zeroup || url,www.f-secure.com/v-descs/trojan_w32_renos_h.shtml || md5,35ba53f6aeb6b38c1107018f271189af
1 || 2014818 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible SKyWIper/Win32.Flame UA || url,crysys.hu/skywiper/skywiper.pdf
1 || 2014819 || 3 || misc-activity || 0 || ET INFO Packed Executable Download
1 || 2014820 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Obfuscated Javascript Blob
1 || 2014821 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole RawValue Specific Exploit PDF || cve,2010-0188
1 || 2014822 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible SKyWIper/Win32.Flame POST || url,blog.cuckoobox.org/2012/05/29/cuckoo-in-flame/
1 || 2014823 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Malicious PDF asdvsa
1 || 2014824 || 3 || trojan-activity || 0 || ET DELETED Redkit Java Exploit request to b.class
1 || 2014825 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Script Profile ASD
1 || 2014826 || 5 || trojan-activity || 0 || ET TROJAN Virus.Win32.Sality.aa Checkin || md5,1e0e6717f72b66f6fc83f2ef6c00dcb7
1 || 2014827 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FedEX Spam Inbound
1 || 2014828 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS UPS Spam Inbound
1 || 2014829 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Post Express Spam Inbound
1 || 2014830 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit Java Exploit request to .class file
1 || 2014831 || 3 || attempted-user || 0 || ET ACTIVEX Possible Wireless Manager Sony VAIO SetTmpProfileOption Method Access Buffer Overflow || url,packetstormsecurity.org/files/113131/Wireless-Manager-Sony-VAIO-4.0.0.0-Buffer-Overflows.html
1 || 2014832 || 4 || attempted-user || 0 || ET ACTIVEX Possible Wireless Manager Sony VAIO ConnectToNetwork Method Access Buffer Overflow || url,packetstormsecurity.org/files/113131/Wireless-Manager-Sony-VAIO-4.0.0.0-Buffer-Overflows.html
1 || 2014833 || 4 || attempted-user || 0 || ET ACTIVEX Possible LEADTOOLS ActiveX Raster Twain AppName Method Access Buffer Overflow || url,packetstormsecurity.org/files/93252/LEADTOOLS-ActiveX-Raster-Twain-16.5-Buffer-Overflow.html
1 || 2014834 || 4 || attempted-user || 0 || ET ACTIVEX Possible LEADTOOLS ActiveX Raster Twain AppName Method Access Buffer Overflow 2 || url,packetstormsecurity.org/files/93252/LEADTOOLS-ActiveX-Raster-Twain-16.5-Buffer-Overflow.html
1 || 2014835 || 4 || attempted-user || 0 || ET ACTIVEX Possible SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control Install3rdPartyComponent Method Buffer Overflow || url,packetstormsecurity.org/files/95286/SonicWALL-SSL-VPN-End-Point-Interrogator-Installer-ActiveX-Control.html
1 || 2014836 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS DynPG CMS PathToRoot Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/87907/DynPG-CMS-4.1.0-Remote-File-Inclusion.html
1 || 2014837 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Jotloader component section parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/96812/Joomla-Jotloader-2.2.1-Local-File-Inclusion.html
1 || 2014838 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress PDF and Print Button Joliprint plugin type parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112700/WordPress-PDF-And-Print-Button-Joliprint-1.3.0-Cross-Site-Scripting.html
1 || 2014839 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress PDF and Print Button Joliprint plugin opt parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112700/WordPress-PDF-And-Print-Button-Joliprint-1.3.0-Cross-Site-Scripting.html
1 || 2014840 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Exponent file parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/101230/Exponent-2.0.0-Beta-1.1-Local-File-Inclusion.html
1 || 2014841 || 2 || trojan-activity || 0 || ET TROJAN Possible Feodo/Cridex Traffic Detected
1 || 2014843 || 3 || trojan-activity || 0 || ET TROJAN Blackhole Exploit Kit Request tkr
1 || 2014844 || 2 || bad-unknown || 0 || ET TROJAN Probable Golfhole exploit kit landing page #2
1 || 2014845 || 2 || trojan-activity || 0 || ET TROJAN Probable Golfhole exploit kit binary download #2
1 || 2014846 || 11 || web-application-attack || 0 || ET CURRENT_EVENTS Wordpress timthumb look-alike domain list RFI || url,code.google.com/p/timthumb/issues/detail?id=212
1 || 2014847 || 5 || web-application-attack || 0 || ET CURRENT_EVENTS php with eval/gzinflate/base64_decode possible webshell || url,blog.sucuri.net/2012/05/list-of-domains-hosting-webshells-for-timthumb-attacks.html
1 || 2014848 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS webshell used In timthumb attacks GIF98a 16129xX with PHP || url,blog.sucuri.net/2012/05/list-of-domains-hosting-webshells-for-timthumb-attacks.html
1 || 2014849 || 3 || trojan-activity || 0 || ET TROJAN Flamer WuSetupV module traffic 1 || md5,1f61d280067e2564999cac20e386041c
1 || 2014850 || 5 || trojan-activity || 0 || ET TROJAN Flamer WuSetupV module traffic 2 || md5,1f61d280067e2564999cac20e386041c
1 || 2014851 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura Exploit Kit Version 1.1 Archive Request || url,blog.spiderlabs.com/2012/05/sakura-exploit-kit-11.html
1 || 2014852 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sakura Exploit Kit Version 1.1 document.write Fake 404 - Landing Page || url,blog.spiderlabs.com/2012/05/sakura-exploit-kit-11.html
1 || 2014853 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura Exploit Kit Version 1.1 Applet Value lxxt || url,blog.spiderlabs.com/2012/05/sakura-exploit-kit-11.html
1 || 2014854 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Likely TDS redirecting to exploit kit
1 || 2014855 || 3 || trojan-activity || 0 || ET TROJAN FakeAvCn-A Checkin 1
1 || 2014856 || 2 || trojan-activity || 0 || ET TROJAN FakeAvCn-A Checkin 2
1 || 2014857 || 3 || trojan-activity || 0 || ET TROJAN FakeAvCn-A Checkin 3
1 || 2014858 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Fraudulent Paypal Mailing Server Response June 04 2012
1 || 2014859 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32.Tinba/Zusy Banking Trojan Hardcoded CnC Domain Request - dakotavolandos.com || url,www.symantec.com/security_response/writeup.jsp?docid=2012-060111-3803-99&om_rssid=sr-latestthreats30days
1 || 2014860 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32.Tinba/Zusy Banking Trojan Hardcoded CnC Domain Request - dak1otavola1ndos.com || url,www.symantec.com/security_response/writeup.jsp?docid=2012-060111-3803-99&om_rssid=sr-latestthreats30days
1 || 2014861 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32.Tinba/Zusy Banking Trojan Hardcoded CnC Domain Request - dako22tavol2andos.com || url,www.symantec.com/security_response/writeup.jsp?docid=2012-060111-3803-99&om_rssid=sr-latestthreats30days
1 || 2014862 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32.Tinba/Zusy Banking Trojan Hardcoded CnC Domain Request - d3akotav33olandos.com || url,www.symantec.com/security_response/writeup.jsp?docid=2012-060111-3803-99&om_rssid=sr-latestthreats30days
1 || 2014863 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32.Tinba/Zusy Banking Trojan Hardcoded CnC Domain Request - d4ak4otavolandos.com || url,www.symantec.com/security_response/writeup.jsp?docid=2012-060111-3803-99&om_rssid=sr-latestthreats30days
1 || 2014864 || 1 || trojan-activity || 0 || ET TROJAN W32.Gimemo/Aldibot CnC POST || url,www.evild3ad.com/?p=1693
1 || 2014865 || 3 || bad-unknown || 0 || ET WEB_CLIENT MP4 Embedded in PDF File - Potential Flash Exploit || cve,2012-0754 || url,blog.9bplus.com/observing-the-enemy-cve-2012-0754-pdf-interac
1 || 2014866 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Redirect to driveby sid=mix
1 || 2014867 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to a dns-stuff.com Domain *.dns-stuff.com
1 || 2014868 || 2 || bad-unknown || 0 || ET INFO DYNAMIC_DNS Query to dns-stuff.com Domain *.dns-stuff.com
1 || 2014869 || 3 || attempted-recon || 0 || ET SCAN Arachni Scanner Web Scan || url,arachni-scanner.com || url,github.com/Zapotek/arachni
1 || 2014870 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SN and CN From MS TS Revoked Cert Chain Seen || url,blog.crysys.hu/2012/06/the-flame-malware-wusetupv-exe-certificate-chain/ || url,rmhrisk.wpengine.com/?p=52 || url,msdn.microsoft.com/en-us/library/aa448396.aspx || md5,1f61d280067e2564999cac20e386041c
1 || 2014871 || 2 || trojan-activity || 0 || ET TROJAN Self Signed SSL Certificate (Reaserch)
1 || 2014872 || 2 || trojan-activity || 0 || ET TROJAN Self Signed SSL Certificate (John Doe)
1 || 2014873 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Obfuscated Javascript redirecting to Blackhole June 7 2012
1 || 2014874 || 7 || attempted-user || 0 || ET ACTIVEX Possible NET-i viewer ActiveX Control BackupToAvi Method Access Buffer Overflow || url,secunia.com/advisories/48966/
1 || 2014875 || 6 || attempted-user || 0 || ET ACTIVEX Possible NET-i viewer ActiveX Control BackupToAvi Method Access Buffer Overflow 2 || url,secunia.com/advisories/48966/
1 || 2014876 || 6 || attempted-user || 0 || ET ACTIVEX Possible NET-i viewer ActiveX Control ConnectDDNS Method Access Code Execution Vulnerability || url,secunia.com/advisories/48965/
1 || 2014877 || 6 || attempted-user || 0 || ET ACTIVEX Possible NET-i viewer ActiveX Control ConnectDDNS Method Access Code Execution Vulnerability 2 || url,secunia.com/advisories/48965/
1 || 2014878 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jeauto view parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/96803/Joomla-JE-Auto-Local-File-Inclusion.html
1 || 2014879 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jradio controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/96751/Joomla-JRadio-Local-File-Inclusion.html
1 || 2014880 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress wp-livephp plugin wp-live.php Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/108282/WordPress-LivePHP-Cross-Site-Scripting.html
1 || 2014881 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Mingle Forum groupid parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112696/WordPress-Mingle-Forum-1.0.33-Cross-Site-Scripting.html
1 || 2014882 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_catalogue controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/96190/Joomla-Catalogue-Local-File-Inclusion.html
1 || 2014883 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jvb_bridge Itemid Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/90844/Joomla-JVB-Bridge-Remote-File-Inclusion.html
1 || 2014884 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Request to malicious SutraTDS - lonly= in cookie
1 || 2014885 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SutraTDS (enema) used in Blackhole campaigns
1 || 2014886 || 2 || bad-unknown || 0 || ET WEB_SERVER IIS INDEX_ALLOCATION Auth Bypass Attempt || url,lists.grok.org.uk/pipermail/full-disclosure/2012-June/087269.html
1 || 2014887 || 2 || trojan-activity || 0 || ET TROJAN W32/Bakcorox.A ProxyBot CnC Server Connection || url,contagioexchange.blogspot.co.uk/2012/06/022-crime-win32bakcoroxa-proxy-bot-web.html
1 || 2014888 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Try Prototype Catch June 11 2012
1 || 2014890 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible attempt to enumerate MS SQL Server version || url,support.microsoft.com/kb/321185
1 || 2014891 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Java Exploit Requested - 5 digit jar
1 || 2014892 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Jar File Naming Algorithm
1 || 2014893 || 5 || network-scan || 0 || ET SCAN critical.io Scan || url,critical.io/
1 || 2014894 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Landing Page Received - applet and 5digit jar
1 || 2014895 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Landing Page Received - applet and code
1 || 2014896 || 4 || attempted-user || 0 || ET ACTIVEX Possible IBM Lotus iNotes Upload Module possible ActiveX Control Attachment_Times Method Access Buffer Overflow Attempt || url,secunia.com/advisories/49443/
1 || 2014897 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jmsfileseller view parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/101770/Joomla-JMSFileSeller-Local-File-Inclusion.html
1 || 2014898 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_mscomment controller parameter Local File Inclusion Attempt || url,1337day.com/exploits/12246
1 || 2014899 || 6 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Plugin Tinymce Thumbnail Gallery href parameter Remote File Disclosure Attempt || url,packetstormsecurity.org/files/113417/WordPress-Tinymce-Thumbnail-Gallery-1.0.7-File-Disclosure.html
1 || 2014900 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress 2 Click Social Media Buttons plugin pinterest-url parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112711/WordPress-2-Click-Social-Media-Buttons-0.32.2-Cross-Site-Scripting.html
1 || 2014901 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress 2 Click Social Media Buttons plugin xing-url parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112711/WordPress-2-Click-Social-Media-Buttons-0.32.2-Cross-Site-Scripting.html
1 || 2014902 || 4 || attempted-user || 0 || ET ACTIVEX Possible Camera Stream Client Possible ActiveX Control SetDirectory Method Access Buffer Overflow || url,secunia.com/advisories/48602/
1 || 2014903 || 2 || attempted-user || 0 || ET ACTIVEX Possible Camera Stream Client Possible ActiveX Control SetDirectory Method Access Buffer Overflow 2 || url,secunia.com/advisories/48602/
1 || 2014904 || 5 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Sharebar plugin status parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112690/WordPress-Sharebar-1.2.1-SQL-Injection-Cross-Site-Scripting.html
1 || 2014905 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_ckforms controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/95623/Joomla-CKForms-Local-File-Inclusion.html
1 || 2014906 || 2 || policy-violation || 0 || ET INFO .exe File requested over FTP
1 || 2014907 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Initial Blackhole Landing - UPS Number Loading.. Jun 15 2012
1 || 2014908 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Initial Blackhole Landing - Verizon Balance Due Jun 15 2012
1 || 2014909 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole obfuscated Java EXE Download by Vulnerable Version - Likely Driveby
1 || 2014910 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS MySQL mysql.user Dump (Used in Metasploit Auth-Bypass Module)
1 || 2014911 || 10 || attempted-user || 0 || ET WEB_CLIENT Microsoft Internet Explorer SameID Use-After-Free  || cve,CVE-2012-1875
1 || 2014912 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown - Java Request  - gt 60char hex-ascii
1 || 2014913 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS NuclearPack - JAR Naming Algorithm
1 || 2014914 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS NuclearPack - PDF Naming Algorithm
1 || 2014915 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS NuclearPack - Landing Page Received - applet archive=32CharHex
1 || 2014916 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Landing Page Requested - 8Digit.html
1 || 2014917 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Landing Page Received - applet and flowbit
1 || 2014918 || 3 || trojan-activity || 0 || ET DELETED Blackhole Java Exploit request to Half.jar
1 || 2014919 || 3 || policy-violation || 0 || ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (1) || url,skydrive.live.com
1 || 2014920 || 3 || policy-violation || 0 || ET POLICY Microsoft Online Storage Client Hello TLSv1 Possible SkyDrive (2) || url,skydrive.live.com
1 || 2014921 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Try Prototype Catch Jun 18 2012
1 || 2014922 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Incognito Landing Page Requested .php?showtopic=6digit
1 || 2014923 || 1 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY Incognito Landing Page Received applet and flowbit
1 || 2014924 || 1 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY Incognito Payload Requested /getfile.php by Java Client
1 || 2014926 || 3 || misc-attack || 0 || ET INFO PDF embedded in XDP file (Possibly Malicious) || url,blog.9bplus.com/av-bypass-for-malicious-pdfs-using-xdp
1 || 2014927 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Malicious Jar /eeltff.jar
1 || 2014928 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown - Java Request .jar from dl.dropbox.com
1 || 2014929 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Request to .in FakeAV Campaign June 19 2012 exe or zip || url,isc.sans.edu/diary/+Vulnerabilityqueerprocessbrittleness/13501
1 || 2014930 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Obfuscated Javascript redirecting to badness 21 June 2012
1 || 2014931 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Please wait a moment Jun 20 2012
1 || 2014932 || 2 || bad-unknown || 0 || ET POLICY DynDNS CheckIp External IP Address Server Response
1 || 2014933 || 3 || trojan-activity || 0 || ET TROJAN Win32/Bicololo.Dropper ne_unik CnC Server Response
1 || 2014934 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FoxxySoftware - Landing Page - eval(function(p,a,c,
1 || 2014935 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS FoxxySoftware - Landing Page Received - foxxysoftware
1 || 2014936 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FoxxySoftware - Landing Page Received - applet and 0px
1 || 2014937 || 19 || trojan-activity || 0 || ET DELETED Blackhole - Blackhole Java Exploit request to Trop.jar
1 || 2014938 || 13 || attempted-admin || 0 || ET WEB_CLIENT Potential MSXML2.DOMDocument Uninitialized Memory Corruption CVE-2012-1889 || cve,CVE-2012-1889
1 || 2014939 || 1 || policy-violation || 0 || ET POLICY DNS Query for TOR Hidden Domain .onion Accessible Via TOR || url,en.wikipedia.org/wiki/.onion
1 || 2014940 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole RawValue Exploit PDF || cve,2010-0188
1 || 2014941 || 3 || policy-violation || 0 || ET POLICY TOR .exit Pseudo TLD DNS Query || url,en.wikipedia.org/wiki/.onion
1 || 2014942 || 2 || attempted-user || 0 || ET ACTIVEX Possible Autodesk MapGuide Viewer ActiveX LayersViewWidth Method Access Denial of Service || url,1337day.com/exploits/13938
1 || 2014943 || 2 || attempted-user || 0 || ET ACTIVEX Possible Autodesk MapGuide Viewer ActiveX LayersViewWidth Method Access Denial of Service 2 || url,1337day.com/exploits/13938
1 || 2014944 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WHCMS smarty Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/113912/WHCMS-5.0.3-Remote-File-Inclusion.html
1 || 2014945 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WHCMS banco Parameter Remote File inclusion Attempt || url,packetstormsecurity.org/files/113912/WHCMS-5.0.3-Remote-File-Inclusion.html
1 || 2014946 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WHCMS smarty Parameter Remote File inclusion Attempt 2 || url,packetstormsecurity.org/files/113912/WHCMS-5.0.3-Remote-File-Inclusion.html
1 || 2014947 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Thinkun Remind Plugin dirPath Remote File Disclosure Vulnerability || url,secunia.com/advisories/49461
1 || 2014948 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Simple Download Button Shortcode Plugin Arbitrary File Disclosure Vulnerability || url,secunia.com/advisories/49462
1 || 2014949 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Plugins Wp-ImageZoom file parameter Remote File Disclosure Vulnerability || url,1337day.com/exploits/18685
1 || 2014950 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nagios XI div parameter Cross-Site Scripting Attempt || url,secunia.com/advisories/49544
1 || 2014951 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Nagios XI view parameter Cross-Site Scripting Attempt || url,secunia.com/advisories/49544
1 || 2014952 || 3 || trojan-activity || 0 || ET TROJAN Capfire4 Checkin (register machine) || url,labs.alienvault.com/labs/index.php/2012/capfire4-malware-rat-software-and-cc-service-together/
1 || 2014953 || 3 || trojan-activity || 0 || ET TROJAN Capfire4 Checkin (update machine status) || url,labs.alienvault.com/labs/index.php/2012/capfire4-malware-rat-software-and-cc-service-together/
1 || 2014954 || 9 || policy-violation || 0 || ET INFO Vulnerable iTunes Version 10.6.x
1 || 2014955 || 2 || trojan-activity || 0 || ET TROJAN Backdoor Win32/Hupigon.CK Client Checkin
1 || 2014956 || 1 || trojan-activity || 0 || ET TROJAN Backdoor Win32/Hupigon.CK Server Checkin
1 || 2014957 || 1 || trojan-activity || 0 || ET TROJAN Backdoor Win32/Hupigon.CK Client Idle
1 || 2014958 || 1 || trojan-activity || 0 || ET TROJAN Backdoor Win32/Hupigon.CK Server Idle
1 || 2014959 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Base64 - Java Exploit Requested - /1Digit
1 || 2014960 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Base64 - Landing Page Received - base64encode(GetOs()
1 || 2014961 || 2 || trojan-activity || 0 || ET TROJAN W32/Scar CnC Checkin || md5,b345634df53511c7195d661ac755b320
1 || 2014962 || 2 || trojan-activity || 0 || ET TROJAN W32/Nutiliers.A Downloader CnC Checkin - Request Encrypted Response || md5,7b2bfb9d270a5f446f32502d2ed34d67
1 || 2014963 || 2 || trojan-activity || 0 || ET TROJAN W32/Armageddon CnC Checkin || md5,3f4c5649d66fc5befc0db47930edb9f6
1 || 2014964 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Hacked Website Response '/*km0ae9gr6m*/' Jun 25 2012 || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/
1 || 2014965 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Hacked Website Response '/*qhk6sa6g1c*/' Jun 25 2012 || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/
1 || 2014966 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Generic - PDF with NEW PDF EXPLOIT
1 || 2014967 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - Landing Page Requested - 15Alpha1Digit.php
1 || 2014968 || 8 || trojan-activity || 0 || ET DELETED Unknown - Payload Download - 9Alpha1Digit.exe
1 || 2014969 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown - Java Exploit Requested - 13-14Alpha.jar
1 || 2014970 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Runforestrun Malware Campaign Infected Website || url,www.symantec.com/security_response/writeup.jsp?docid=2012-062103-1655-99 || url,isc.sans.edu/diary/Run+Forest+/13540 || url,isc.sans.edu/diary/Run+Forest+Update+/13561
1 || 2014971 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS JS.Runfore Malware Campaign Request || url,www.symantec.com/security_response/writeup.jsp?docid=2012-062103-1655-99 || url,isc.sans.edu/diary/Run+Forest+/13540 || url,isc.sans.edu/diary/Run+Forest+Update+/13561
1 || 2014972 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS HeapLib JS Library || url,www.blackhat.com/presentations/bh-europe-07/Sotirov/Presentation/bh-eu-07-sotirov-apr19.pdf
1 || 2014973 || 18 || trojan-activity || 0 || ET DELETED Blackhole - Landing Page Requested - /*.php?*=16HexChar
1 || 2014974 || 6 || trojan-activity || 0 || ET DELETED Blackhole - Landing Page Requested - /*.php?*=8HexChar
1 || 2014975 || 4 || trojan-activity || 0 || ET DELETED Blackhole - Landing Page Requested - /Home/index.php
1 || 2014976 || 3 || trojan-activity || 0 || ET DELETED Blackhole - Landing Page Received - catch and flowbit
1 || 2014977 || 7 || trojan-activity || 0 || ET DELETED Blackhole - Landing Page Recieved - applet and flowbit
1 || 2014979 || 2 || trojan-activity || 0 || ET TROJAN Zbot CnC POST /common/versions.php || md5,43d8afa89bd6bf06973af62220d6c158
1 || 2014980 || 3 || trojan-activity || 0 || ET TROJAN Zbot CnC GET /lost.dat || md5,43d8afa89bd6bf06973af62220d6c158
1 || 2014981 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Landing Page Try Renamed Prototype Catch - June 28th 2012 || url,research.zscaler.com/2012/06/cleartripcom-infected-with-blackhole.html
1 || 2014982 || 2 || attempted-recon || 0 || ET CURRENT_EVENTS Googlebot UA POST to /uploadify.php || url,blog.sucuri.net/2012/06/uploadify-uploadify-and-uploadify-the-new-timthumb.html
1 || 2014983 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Scalaxy Jar file
1 || 2014984 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Hacked Website Response /*km0ae9gr6m*/ Jun 25 2012 || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/
1 || 2014985 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Hacked Website Response /*qhk6sa6g1c*/ Jun 25 2012 || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/
1 || 2014986 || 2 || web-application-attack || 0 || ET WEB_SERVER possible IBM Rational Directory Server (RDS) Help system href browser redirect || url,secunia.com/advisories/49627/
1 || 2014987 || 2 || web-application-attack || 0 || ET WEB_SERVER possible IBM Rational Directory Server (RDS) Help system href Cross Site Scripting Attempt || url,secunia.com/advisories/49627/
1 || 2014988 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pliggCMS src parameter Remote File Inclusion Attempt || url,1337day.com/exploits/18854
1 || 2014989 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Download Monitor thumbnail parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112707/WordPress-Download-Monitor-3.3.5.4-Cross-Site-Scripting.html
1 || 2014990 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Download Monitor tags parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112707/WordPress-Download-Monitor-3.3.5.4-Cross-Site-Scripting.html
1 || 2014991 || 3 || attempted-user || 0 || ET ACTIVEX Possible SonciWALL Aventail AuthCredential Format String Exploit 2 || url,packetstormsecurity.org/files/92931/SonciWALL-Aventail-epi.dll-AuthCredential-Format-String-Exploit.html
1 || 2014992 || 3 || attempted-user || 0 || ET ACTIVEX Possible SonciWALL Aventail AuthCredential Format String Exploit || url,packetstormsecurity.org/files/92931/SonciWALL-Aventail-epi.dll-AuthCredential-Format-String-Exploit.html
1 || 2014993 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS AdaptCMS sitepath parameter Remote File Inclusion Vulnerability || url,packetstormsecurity.org/files/91022/AdaptCMS-2.0.0-Beta-Remote-File-Inclusion.html
1 || 2014994 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_profile controller parameter Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/95609/Joomla-Profile-Local-File-Inclusion.html
1 || 2014995 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress jRSS Widget url parameter Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/95638/WordPress-jRSS-Widget-1.1.1-Local-File-Inclusion.html
1 || 2014996 || 3 || attempted-dos || 0 || ET DOS Microsoft Windows 7 ICMPv6 Router Advertisement Flood || url,www.samsclass.info/ipv6/proj/proj8x-124-flood-router.htm
1 || 2014997 || 2 || policy-violation || 0 || ET POLICY Pandora Usage || url,www.pandora.com
1 || 2014998 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Runforestrun Malware Campaign Infected Website Landing Page Obfuscated String JavaScript DGA || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/
1 || 2014999 || 2 || trojan-activity || 0 || ET TROJAN Zbot CnC POST /common/timestamps.php || md5,43d8afa89bd6bf06973af62220d6c158
1 || 2015000 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS NuclearPack Java exploit binary get request
1 || 2015001 || 2 || trojan-activity || 0 || ET DELETED Blackhole - Blackhole Java Exploit request to spn.jar
1 || 2015002 || 6 || trojan-activity || 0 || ET TROJAN Pushbot User-Agent || url,www.cert.pl/news/5587/langswitch_lang/en
1 || 2015003 || 4 || trojan-activity || 0 || ET TROJAN Pushbot server response || url,www.cert.pl/news/5587/langswitch_lang/en
1 || 2015004 || 3 || bad-unknown || 0 || ET INFO Compressed Executable SZDD Compress.exe Format Over HTTP || url,blog.fireeye.com/research/2012/07/inside-customized-threat.html#more || url,www.cabextract.org.uk/libmspack/doc/szdd_kwaj_format.html
1 || 2015005 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL 3
1 || 2015006 || 6 || trojan-activity || 0 || ET DELETED SofosFO exploit kit jar download
1 || 2015007 || 9 || trojan-activity || 0 || ET DELETED SofosFO exploit kit version check
1 || 2015009 || 3 || trojan-activity || 0 || ET DELETED SofosFO exploit kit payload download
1 || 2015010 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack exploit pack /mix/ Java exploit
1 || 2015011 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack exploit pack /mix/ payload
1 || 2015012 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Split String Obfuscation of Eval 1
1 || 2015013 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Split String Obfuscation of Eval 2
1 || 2015014 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Split String Obfuscation of Eval 3
1 || 2015015 || 1 || policy-violation || 0 || ET POLICY Download Request to Hotfile.com
1 || 2015016 || 2 || misc-activity || 0 || ET INFO FTP STOR to External Network
1 || 2015017 || 4 || trojan-activity || 0 || ET MALWARE W32/OnlineGames Checkin || md5,60763078b8860fd59a1d8bea2bf8900b
1 || 2015018 || 2 || trojan-activity || 0 || ET MALWARE W32/OnlineGames User Agent loadMM || md5,60763078b8860fd59a1d8bea2bf8900b
1 || 2015019 || 1 || trojan-activity || 0 || ET TROJAN W32/Icoo CnC Checkin || md5,1d2ddece4cd5cff3658c59e20d40dd8b
1 || 2015020 || 2 || trojan-activity || 0 || ET TROJAN W32/Numnet.Downloader CnC Checkin 1 || md5,fbc732c7cd1bbd84956b1e76b53384da
1 || 2015021 || 2 || trojan-activity || 0 || ET TROJAN W32/Numnet.Downloader CnC Checkin 2 || md5,fbc732c7cd1bbd84956b1e76b53384da
1 || 2015022 || 2 || trojan-activity || 0 || ET TROJAN W32/Zusy Gettime Checkin || md5,a152772516cef409ddd58f90917a3b44
1 || 2015023 || 3 || network-scan || 0 || ET WEB_SERVER IIS 8.3 Filename With Wildcard (Possible File/Dir Bruteforce) || url,soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf
1 || 2015024 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito - Malicious PDF Requested - /getfile.php
1 || 2015025 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Eval Variable Obfuscation 1
1 || 2015026 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Eval Variable Obfuscation 2
1 || 2015027 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Eval Variable Obfuscation 3
1 || 2015028 || 4 || trojan-activity || 0 || ET TROJAN Cridex Post to CnC || url,vrt-blog.snort.org/2012/07/banking-trojan-spread-via-ups-phish.html || url,www.virustotal.com/file/00bf5b6f32b6a8223b8e55055800ef7870f8acaed334cb12484e44489b2ace24/analysis/ || url,www.packetninjas.net
1 || 2015030 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito - Java Exploit Requested - /gotit.php by Java Client
1 || 2015031 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Incognito - Payload Request - /load.php by Java Client
1 || 2015032 || 2 || attempted-user || 0 || ET ACTIVEX Possible IBM Rational ClearQuest Activex Control RegisterSchemaRepoFromFileByDbSet Insecure Method Access || url,11337day.com/exploits/18917
1 || 2015033 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Concrete CMS approveImmediately parameter Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/53268/info
1 || 2015034 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Concrete CMS btask parameter Cross-Site Scripting Attempt || url,www.securityfocus.com/bid/53268/info
1 || 2015035 || 2 || web-application-attack || 0 || ET WEB_SERVER possible SAP Crystal Report Server 2008 path parameter Directory Traversal vulnerability || url,1337day.com/exploits/15332
1 || 2015036 || 2 || attempted-user || 0 || ET ACTIVEX Possible Crystal Reports Viewer Activex Control ServerResourceVersion Insecure Method Access || url,1337day.com/exploits/15098
1 || 2015037 || 2 || attempted-user || 0 || ET ACTIVEX Possible Crystal Reports Viewer Activex Control ServerResourceVersion Insecure Method Access 2 || url,1337day.com/exploits/15098
1 || 2015038 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Count Per Day Plugin page parameter Cross-Site Scripting Attempt || url,secunia.com/advisories/49692/
1 || 2015039 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_wisroyq controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/95508/Joomla-Wisroyq-Local-File-Inclusion.html
1 || 2015040 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_rssreader controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/95430/Joomla-RSSReader-Local-File-Inclusion.html
1 || 2015041 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Custom Contact Forms options-general.php Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112616/WordPress-Custom-Contact-Forms-Cross-Site-Scripting.html
1 || 2015042 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack - 32Char.php by Java Client
1 || 2015043 || 3 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Applet Code Rafa.Rafa 6th July 2012
1 || 2015044 || 3 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Obfuscated Applet Value 6th July 2012
1 || 2015045 || 3 || bad-unknown || 0 || ET INFO Potential Common Malicious JavaScript Loop
1 || 2015046 || 2 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Java Exploit request to /Set1.jar 6th July 2012
1 || 2015047 || 3 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Landing Page Redirect.php Port 8080 Request
1 || 2015048 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS 09 July 2012 Blackhole Landing Page - Please Wait Loading
1 || 2015049 || 3 || trojan-activity || 0 || ET DELETED Request For Blackhole Landing Page Go.php
1 || 2015050 || 4 || trojan-activity || 0 || ET TROJAN Generic - 8Char.JAR Naming Algorithm
1 || 2015051 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 1) || url,stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html
1 || 2015052 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 2) || url,stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html
1 || 2015053 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_s=1 - Landing Page - 10HexChar Title and applet
1 || 2015054 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_s=1 - Landing Page - 100HexChar value and applet
1 || 2015055 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_s=1 - Payload Requested - 32AlphaNum?s=1 Java Request
1 || 2015056 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Landing Page Structure
1 || 2015057 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS c3284d malware network iframe
1 || 2015061 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bdvkpbuldslsapeb.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015062 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain eilqnjkoytyjuchn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015063 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain npxsiiwpxqqiihmo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015064 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qtmyeslmsoxkjbku.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015065 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain adbjjkquyyhyqknf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015066 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ciqmhuwgvfsxdtrw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015067 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mocrafrewsdjztbj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015068 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain otruvbidvikzhlop.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015069 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain yafzvancybuwmnno.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015070 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bhujzorkulhkpwob.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015071 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lohnrnnpvvtxedfl.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015072 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ntvrnrdpyoadopbo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015073 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain wakvnkyzkyietkdr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015074 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain zfyafrjmmajqfvbh.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015075 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jnlkttkruqsdjqlx.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015076 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lsbppxhgckolsnap.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015077 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vznrahwzgntmfcqk.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015078 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xeeypppxswpquvrf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015079 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain inqgvoeohpcsfxmn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015080 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ksgmckchdppqeicu.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015081 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain uyrorwlibbjeasoq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015082 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain wejungvnykczyjam.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015083 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gmvdnpqbblixlgxj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015084 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jrkjelzwleadyxsd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015085 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain sywleisrsstsqoic.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015086 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain venrfhmthwpqlqge.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015087 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fmacqvmqafqwmebl.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015088 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hrpgglxvqwjesffr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015089 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rxbkqfydlnzopqrn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015090 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain tdsorylshsxjeawf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015091 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain elfxqghdubihhsgd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015092 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gqtcxunxhyujqjkf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015094 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain sdxkjaophbtufumx.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015095 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain clkujrjqvexvbmoi.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015096 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fqyyxagzkrpvxtki.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015097 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain owldagkyzrkhqnjo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015098 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rccjvgsgffokiwze.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015099 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain blorcdyiipxcwyxv.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015100 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain dpewaddpoewiycnj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015101 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain nwpykqeizraqthry.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015102 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain pchgijctfprxhnje.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015103 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain zisiiogqigzzqqeq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015104 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain cpittmwbqtjrjpql.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015105 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mvuvchtcxxibeubd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015106 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain oblcasnhxbbocpfj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015107 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xixftoplsduqqorx.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015108 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bpnqmxkpxxgbdnby.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015109 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain kvzstpqmeoxtcwko.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015110 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain nbqypqrjiqxlfvdj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015111 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain whddmvrxufbkkoew.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015112 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ymrhcvphevonympo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015113 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jveqgnmjxkocqifr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015114 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lavvckpordclbduy.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015115 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vhhzcvbegxbjsxke.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015116 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xmwettbvtbhvrjuo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015117 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain iujniiokeyjbmerc.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015118 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain kzxrowftdocgyghs.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015119 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gacdiuwnhonuulpe.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015120 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ifrhgnqeeotnzrmz.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015121 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rmdlgyreitjsjkfq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015122 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain uqspvdwyltgcyhft.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015123 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ezfydrexncoidbus.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015124 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hfveiooumeyrpchg.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015125 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qlihxnncwioxkdls.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015126 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain sqwlonyduvpowdgy.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015127 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain dyjvewshptsboygd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015128 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain febcbuyswmishvpl.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015129 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain plmekaayiholtevt.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015130 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rpckbgrziwbdrmhr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015131 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain cyosongjihugkjbg.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015132 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain eefysywrvkgxuqdf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015133 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain nkrbvqxzfwicmhwb.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015134 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qphhsudsmeftdaht.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015135 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain axtopsbtntqnfdyk.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015136 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ddkudnuklgiwtdyw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015137 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mkwwclogcvgeekws.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015138 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain opldkflyvlkywuec.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015139 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain yvxfekhokspfuwqr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015140 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bdprvpxdejpohqpt.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015141 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ljbvfrsvcevyfhor.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015142 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain noqzuukouyfuyrmd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015143 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xvcewyydwsmdgaju.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015144 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain zatiscwwtipqlycd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015145 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jjgshrjdcynohyuk.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015146 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mouwwvcwwlilnxub.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015147 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vuhaojpwxgsxuitu.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015148 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain yayfefhrwawquwcw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015149 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain iiloishkjwvqldlq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015150 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain knauycqgsdhgbwjo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015151 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain uumwyzhctrwdsrdp.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015152 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain wzbdwenwshfzglwt.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015153 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hiplksflttfkpsxn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015154 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jnfrqmekhoevppvw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015155 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ttqtkmthptxvwiku.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015156 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vygzhvfiuommkqfj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015157 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fhuidtlqttqxgjvn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015158 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain imjosxuhbcdonrco.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015159 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rtvqcdpbqxgwnrcn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015160 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain tykvyflnjhbnqpnr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015161 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ehyewyqydfpidbdp.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015162 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gmokuosvnbkshdtd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015163 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qsbourrdxgxgwepy.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015164 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain sxpskxdgoczvcjgp.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015165 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain dhedppigtpbwrmpc.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015166 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain flthmyjeuhdygshf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015167 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain osflhkaowydftniw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015168 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rxupwhkznihnxzqx.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015169 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bgjzhlasdrwwnenj.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015170 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain elxegvkalqvkyoxc.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015171 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain nrkhysgoltauclop.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015172 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain pwyloytoagndnrex.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015173 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain zenquqdskekaudbe.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015174 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain cldcrgtnuwvgnbfd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015175 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mroeqjdaukskbgua.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015176 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain owekhoeuhmdiehrw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015177 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ydrngsmrdiiyvoiy.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015178 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bkhyiqitpoxewhmt.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015179 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain krtbityuhlewigfe.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015180 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain nvjgyermzsmynaeq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015181 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jwkpdxqbemsmclal.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015182 || 5 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lccwpflcdjrdfjib.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015183 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain uinyjmxfqinkxbda.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015184 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xndfbivuonkxfxrq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015185 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hvpmffxpfnlquqxo.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015186 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain kbgsbqjugdqrgtdw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015187 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain tisubmfvqrgnloxr.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015188 || 4 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vmibswhnpqhqwyih.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015189 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gvujhzvjxwptrtdg.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015190 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain iblpdiqdmmsbnuxb.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015191 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain shxrsvasoncjnxpn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015192 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ummxjwieppswcnrg.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015193 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fuyfrockpfclxccd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015194 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain haqmuqqukywrcxfa.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015195 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qhcplcuugevvyham.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015196 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain tmrtbcienxrbnsjc.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015197 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain dueebwwdllfburag.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015198 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fzsirujgdbvabrjm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015199 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain pghnrmkoeoetfwsm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015200 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rlvqmipovrqbmvqd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015201 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ctjbmgjudwisgshv.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015202 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain eyxejlabqaytqmjx.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015203 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ogmjjmqdhlbyabzg.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015204 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qlbpfyrupyadvjsl.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015205 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain atnwerhvttvbivra.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015206 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain dydderasilekaegh.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015207 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mfqfrnqllqcrayiw.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015208 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain pkglwwwmjxokzzfq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015209 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain yrrnrgliojezjctg.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015210 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bxhzugppnulxghvm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015211 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lfvcngdbzjrzgyby.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015212 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain nkkijjyioljbfysn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015213 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xqwkdyjydkggsppd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015214 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain axmvnmubgwlmqfrp.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015215 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain keabgwmpzqhpmlng.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015216 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mjpflkwqskuqbjnk.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015217 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vqcicnuhtwhxmtjd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015218 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain yvqnltydqtpresfu.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015219 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain iefwvulgninlkoxe.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015220 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ljubdldgqwbarplc.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015221 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain upgghggmbusopaxv.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015222 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain wuvjdexaqtmqkvgk.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015223 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hektxucstnbuncix.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015224 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jiyxdlvawkranmin.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015225 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain tplczomvebjmhsgk.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015226 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain vuaivypissryzhij.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015227 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gdoqznfilmtulxxv.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015228 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain iiewprjomieydnix.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015229 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ropypfmcqjjfdiel.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015230 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain utfenjxpvwtroioi.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015231 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain edtmjcvfnfcbweed.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015232 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hhishrpjdixwtctz.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015233 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain qouubrmdxtgnnjvm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015234 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain stkbtccbckhdkbii.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015235 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain dcyjurmfwhgvyoio.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015236 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fhnpjsnknkuvhazm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015237 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain pozrtgdmhvhvdscn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015238 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain rsoxjlibxohdcyov.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015239 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ccdifvomwhtynpay.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015240 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ehsmldxnregnruez.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015241 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lsvdxjpwykxxvryd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015242 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain oxkjnvhjnvnegtyb.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015243 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xfymtpavzblzbknq.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015244 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain bloxgsfzinxmdspt.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015245 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ksacasnubklrikdl.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015246 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain mxpgggggukxqteoy.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015247 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain wedkgpdcxlrunbmu.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015248 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain yjsovtnpgbwqcbbd.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015249 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain jrfyaswntteouafv.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015250 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain lwtcxuzbdrsnpqfb.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015251 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain veihxoqukuetxqbn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015252 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain xiwlnutkxsqxwjge.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015253 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain hrkusbnevtmyisab.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015254 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain kwyyhhqtwxupnhyu.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015255 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain tdndpphrtyniynvz.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015256 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain wicjgufeimlbmcus.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015257 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain gqortbbbsnksxpmm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015258 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fjgtmicxtlxynlpf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015259 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ppsvcvrcgkllplyn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015260 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ruhctasjmpqbyvhm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015261 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bdvkpbuldslsapeb.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015262 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain eilqnjkoytyjuchn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015263 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain npxsiiwpxqqiihmo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015264 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qtmyeslmsoxkjbku.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015265 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain adbjjkquyyhyqknf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015266 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ciqmhuwgvfsxdtrw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015267 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mocrafrewsdjztbj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015268 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain otruvbidvikzhlop.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015269 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain yafzvancybuwmnno.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015270 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bhujzorkulhkpwob.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015271 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lohnrnnpvvtxedfl.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015272 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ntvrnrdpyoadopbo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015273 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain wakvnkyzkyietkdr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015274 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain zfyafrjmmajqfvbh.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015275 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jnlkttkruqsdjqlx.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015276 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lsbppxhgckolsnap.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015277 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vznrahwzgntmfcqk.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015278 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xeeypppxswpquvrf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015279 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain inqgvoeohpcsfxmn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015280 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ksgmckchdppqeicu.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015281 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain uyrorwlibbjeasoq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015282 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain wejungvnykczyjam.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015283 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gmvdnpqbblixlgxj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015284 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jrkjelzwleadyxsd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015285 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain sywleisrsstsqoic.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015286 || 4 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain venrfhmthwpqlqge.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015287 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fmacqvmqafqwmebl.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015288 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hrpgglxvqwjesffr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015289 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rxbkqfydlnzopqrn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015290 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain tdsorylshsxjeawf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015291 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain elfxqghdubihhsgd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015292 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gqtcxunxhyujqjkf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015293 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qxggipnnfmnihkic.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015294 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain sdxkjaophbtufumx.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015295 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain clkujrjqvexvbmoi.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015296 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fqyyxagzkrpvxtki.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015297 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain owldagkyzrkhqnjo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015298 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rccjvgsgffokiwze.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015299 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain blorcdyiipxcwyxv.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015300 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain dpewaddpoewiycnj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015301 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain nwpykqeizraqthry.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015302 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain pchgijctfprxhnje.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015303 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain zisiiogqigzzqqeq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015304 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain cpittmwbqtjrjpql.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015305 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mvuvchtcxxibeubd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015306 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain oblcasnhxbbocpfj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015307 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xixftoplsduqqorx.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015308 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bpnqmxkpxxgbdnby.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015309 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain kvzstpqmeoxtcwko.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015310 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain nbqypqrjiqxlfvdj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015311 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain whddmvrxufbkkoew.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015312 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ymrhcvphevonympo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015313 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jveqgnmjxkocqifr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015314 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lavvckpordclbduy.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015315 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vhhzcvbegxbjsxke.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015316 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xmwettbvtbhvrjuo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015317 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain iujniiokeyjbmerc.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015318 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain kzxrowftdocgyghs.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015319 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gacdiuwnhonuulpe.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015320 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ifrhgnqeeotnzrmz.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015321 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rmdlgyreitjsjkfq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015322 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain uqspvdwyltgcyhft.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015323 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ezfydrexncoidbus.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015324 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hfveiooumeyrpchg.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015325 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qlihxnncwioxkdls.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015326 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain sqwlonyduvpowdgy.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015327 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain dyjvewshptsboygd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015328 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain febcbuyswmishvpl.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015329 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain plmekaayiholtevt.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015330 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rpckbgrziwbdrmhr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015331 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain cyosongjihugkjbg.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015332 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain eefysywrvkgxuqdf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015333 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain nkrbvqxzfwicmhwb.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015334 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qphhsudsmeftdaht.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015335 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain axtopsbtntqnfdyk.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015336 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ddkudnuklgiwtdyw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015337 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mkwwclogcvgeekws.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015338 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain opldkflyvlkywuec.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015339 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain yvxfekhokspfuwqr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015340 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bdprvpxdejpohqpt.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015341 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ljbvfrsvcevyfhor.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015342 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain noqzuukouyfuyrmd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015343 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xvcewyydwsmdgaju.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015344 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain zatiscwwtipqlycd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015345 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jjgshrjdcynohyuk.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015346 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mouwwvcwwlilnxub.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015347 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vuhaojpwxgsxuitu.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015348 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain yayfefhrwawquwcw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015349 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain iiloishkjwvqldlq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015350 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain knauycqgsdhgbwjo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015351 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain uumwyzhctrwdsrdp.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015352 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain wzbdwenwshfzglwt.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015353 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hiplksflttfkpsxn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015354 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jnfrqmekhoevppvw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015355 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ttqtkmthptxvwiku.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015356 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vygzhvfiuommkqfj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015357 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fhuidtlqttqxgjvn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015358 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain imjosxuhbcdonrco.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015359 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rtvqcdpbqxgwnrcn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015360 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain tykvyflnjhbnqpnr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015361 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ehyewyqydfpidbdp.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015362 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gmokuosvnbkshdtd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015363 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qsbourrdxgxgwepy.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015364 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain sxpskxdgoczvcjgp.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015365 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain dhedppigtpbwrmpc.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015366 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain flthmyjeuhdygshf.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015367 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain osflhkaowydftniw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015368 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rxupwhkznihnxzqx.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015369 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bgjzhlasdrwwnenj.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015370 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain elxegvkalqvkyoxc.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015371 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain nrkhysgoltauclop.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015372 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain pwyloytoagndnrex.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015373 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain zenquqdskekaudbe.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015374 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain cldcrgtnuwvgnbfd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015375 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mroeqjdaukskbgua.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015376 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain owekhoeuhmdiehrw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015377 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ydrngsmrdiiyvoiy.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015378 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bkhyiqitpoxewhmt.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015379 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain krtbityuhlewigfe.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015380 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain nvjgyermzsmynaeq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015381 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jwkpdxqbemsmclal.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015382 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lccwpflcdjrdfjib.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015383 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain uinyjmxfqinkxbda.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015384 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xndfbivuonkxfxrq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015385 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hvpmffxpfnlquqxo.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015386 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain kbgsbqjugdqrgtdw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015387 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain tisubmfvqrgnloxr.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015388 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vmibswhnpqhqwyih.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015389 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gvujhzvjxwptrtdg.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015390 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain iblpdiqdmmsbnuxb.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015391 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain shxrsvasoncjnxpn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015392 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ummxjwieppswcnrg.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015393 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fuyfrockpfclxccd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015394 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain haqmuqqukywrcxfa.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015395 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qhcplcuugevvyham.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015396 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain tmrtbcienxrbnsjc.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015397 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain dueebwwdllfburag.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015398 || 3 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fzsirujgdbvabrjm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015399 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain pghnrmkoeoetfwsm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015400 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rlvqmipovrqbmvqd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015401 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ctjbmgjudwisgshv.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015402 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain eyxejlabqaytqmjx.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015403 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ogmjjmqdhlbyabzg.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015404 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qlbpfyrupyadvjsl.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015405 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain atnwerhvttvbivra.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015406 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain dydderasilekaegh.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015407 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mfqfrnqllqcrayiw.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015408 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain pkglwwwmjxokzzfq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015409 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain yrrnrgliojezjctg.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015410 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bxhzugppnulxghvm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015411 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lfvcngdbzjrzgyby.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015412 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain nkkijjyioljbfysn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015413 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xqwkdyjydkggsppd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015414 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain axmvnmubgwlmqfrp.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015415 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain keabgwmpzqhpmlng.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015416 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mjpflkwqskuqbjnk.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015417 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vqcicnuhtwhxmtjd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015418 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain yvqnltydqtpresfu.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015419 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain iefwvulgninlkoxe.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015420 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ljubdldgqwbarplc.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015421 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain upgghggmbusopaxv.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015422 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain wuvjdexaqtmqkvgk.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015423 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hektxucstnbuncix.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015424 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jiyxdlvawkranmin.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015425 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain tplczomvebjmhsgk.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015426 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain vuaivypissryzhij.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015427 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gdoqznfilmtulxxv.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015428 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain iiewprjomieydnix.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015429 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ropypfmcqjjfdiel.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015430 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain utfenjxpvwtroioi.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015431 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain edtmjcvfnfcbweed.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015432 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hhishrpjdixwtctz.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015433 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain qouubrmdxtgnnjvm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015434 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain stkbtccbckhdkbii.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015435 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain dcyjurmfwhgvyoio.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015436 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain fhnpjsnknkuvhazm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015437 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain pozrtgdmhvhvdscn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015438 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain rsoxjlibxohdcyov.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015439 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ccdifvomwhtynpay.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015440 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ehsmldxnregnruez.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015441 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lsvdxjpwykxxvryd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015442 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain oxkjnvhjnvnegtyb.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015443 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xfymtpavzblzbknq.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015444 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain bloxgsfzinxmdspt.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015445 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain ksacasnubklrikdl.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015446 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain mxpgggggukxqteoy.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015447 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain wedkgpdcxlrunbmu.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015448 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain yjsovtnpgbwqcbbd.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015449 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain jrfyaswntteouafv.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015450 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain lwtcxuzbdrsnpqfb.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015451 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain veihxoqukuetxqbn.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015452 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain xiwlnutkxsqxwjge.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015453 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain hrkusbnevtmyisab.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015454 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain kwyyhhqtwxupnhyu.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015455 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain tdndpphrtyniynvz.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015456 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain wicjgufeimlbmcus.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015457 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Zeus CnC DGA Domain gqortbbbsnksxpmm.ru Pseudo Random Domain || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015458 || 2 || trojan-activity || 0 || ET TROJAN Win32/Pift Checkin 1 || url,kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23873/en_US/McAfee%20Labs%20Threat%20Advisory-W32-Pift.pdf || md5,d3c6af8284276b11c2f693c1195b4735
1 || 2015459 || 2 || trojan-activity || 0 || ET TROJAN Win32/Pift Checkin 2 || url,kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23873/en_US/McAfee%20Labs%20Threat%20Advisory-W32-Pift.pdf || md5,d3c6af8284276b11c2f693c1195b4735
1 || 2015460 || 3 || trojan-activity || 0 || ET TROJAN Win32/Pift DNS TXT CnC Lookup ppift.net || url,kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23873/en_US/McAfee%20Labs%20Threat%20Advisory-W32-Pift.pdf || md5,d3c6af8284276b11c2f693c1195b4735
1 || 2015461 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain fjgtmicxtlxynlpf.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015462 || 2 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ppsvcvrcgkllplyn.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015463 || 3 || bad-unknown || 0 || ET DELETED HTTP Request to a Zeus CnC DGA Domain ruhctasjmpqbyvhm.ru || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015464 || 2 || attempted-user || 0 || ET ACTIVEX Possible AdminStudio Activex Control LaunchProcess Method Access Arbitrary Code Execution || url,packetstormsecurity.org/files/114564/AdminStudio-LaunchHelp.dll-ActiveX-Arbitrary-Code-Execution.html
1 || 2015465 || 3 || attempted-user || 0 || ET ACTIVEX Possible Oracle AutoVue ActiveX SetMarkupMode Method Access Remote Code Execution || url,packetstormsecurity.org/files/114364/Oracle-AutoVue-ActiveX-SetMarkupMode-Remote-Code-Execution.html
1 || 2015466 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Leaflet plugin(leaflet_marker) id parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112699/WordPress-Leaflet-0.0.1-Cross-Site-Scripting.html
1 || 2015467 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Leaflet plugin(leaflet_layer) id parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112699/WordPress-Leaflet-0.0.1-Cross-Site-Scripting.html
1 || 2015468 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_jstore controller parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/94689/Joomla-JStore-Local-File-Inclusion.html
1 || 2015469 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Help Center Live file parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/88998/Help-Center-Live-2.0.6-Local-File-Inclusion.html
1 || 2015470 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpPollScript include_class Parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/81376/phpPollScript-1.3-Remote-File-Inclusion.html
1 || 2015471 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_edir controller parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/95604/Joomla-eDir-Local-File-Inclusion.html
1 || 2015472 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS joomla com_connect controller parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/95590/Joomla-Connect-Local-File-Inclusion.html
1 || 2015473 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress CataBlog plugin category parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112710/WordPress-CataBlog-1.6-Cross-Site-Scripting.html
1 || 2015474 || 2 || trojan-activity || 0 || ET TROJAN ZeroAccess udp traffic detected
1 || 2015475 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole TKR Landing Page /last/index.php
1 || 2015476 || 5 || trojan-activity || 0 || ET DELETED BlackHole Landing Page /upinv.html
1 || 2015477 || 6 || trojan-activity || 0 || ET DELETED Blackhole Eval Split String Obfuscation In Brackets
1 || 2015478 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Unknown TDS /top2.html || url,blog.unmaskparasites.com/2012/07/11/whats-in-your-wp-head/
1 || 2015479 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Unknown TDS /rem2.html || url,blog.unmaskparasites.com/2012/07/11/whats-in-your-wp-head/
1 || 2015480 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Compromised WordPress Server pulling Malicious JS || url,blog.unmaskparasites.com/2012/07/11/whats-in-your-wp-head/
1 || 2015481 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Compromised Wordpress Install Serving Malicious JS || url,blog.unmaskparasites.com/2012/07/11/whats-in-your-wp-head/
1 || 2015482 || 8 || trojan-activity || 0 || ET TROJAN ZeroAccess Outbound udp traffic detected
1 || 2015483 || 3 || bad-unknown || 0 || ET INFO Java .jar request to dotted-quad domain
1 || 2015484 || 2 || attempted-recon || 0 || ET SCAN w3af User-Agent 2
1 || 2015485 || 2 || policy-violation || 0 || ET POLICY TuneIn Internet Radio Usage Detected || url,tunein.com/support/get-started
1 || 2015486 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (1)
1 || 2015487 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (2)
1 || 2015488 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (3)
1 || 2015489 || 2 || trojan-activity || 0 || ET TROJAN W32/OnlineGame.DaGame Variant CnC Checkin
1 || 2015490 || 2 || attempted-user || 0 || ET ACTIVEX Possible beSTORM ActiveX (WinGraphviz.dll) Remote Heap Overflow || url,exploit-db.com/exploits/19861/
1 || 2015491 || 2 || attempted-user || 0 || ET ACTIVEX Possible CA BrightStor ARCserve Backup ActiveX AddColumn Method Access Buffer Overflow || url,packetstormsecurity.org/files/82950/CA-BrightStor-ARCserve-Backup-AddColumn-ActiveX-Buffer-Overflow.html
1 || 2015492 || 3 || attempted-user || 0 || ET ACTIVEX Possible CA BrightStor ARCserve Backup ActiveX AddColumn Method Access Buffer Overflow 2 || url,packetstormsecurity.org/files/82950/CA-BrightStor-ARCserve-Backup-AddColumn-ActiveX-Buffer-Overflow.html
1 || 2015493 || 2 || attempted-user || 0 || ET ACTIVEX Possible CommuniCrypt Mail SMTP ActiveX AddAttachments Method Access Stack Buffer Overflow || url,packetstormsecurity.org/files/89856/CommuniCrypt-Mail-1.16-SMTP-ActiveX-Stack-Buffer-Overflow.html
1 || 2015494 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Plugin PICA Photo Gallery imgname parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/113404/WordPress-PICA-Photo-Gallery-1.0-File-Disclosure.html
1 || 2015495 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Web Edition mod parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/99789/Web-Edition-6.1.0.2-Local-File-Inclusion.html
1 || 2015496 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress church_admin Plugin id parameter Cross-Site Scripting Attempt || url,securityfocus.com/bid/54329
1 || 2015497 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Download Manager cid parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/112708/WordPress-Download-Manager-2.2.2-Cross-Site-Scripting.html
1 || 2015498 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla  com_hello controller parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/114893/Joomla-Hello-Local-File-Inclusion.html
1 || 2015499 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Plugin Newsletter data parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/113413/WordPress-Newsletter-1.5-File-Disclosure.html
1 || 2015500 || 3 || policy-violation || 0 || ET POLICY Geo Location IP info online service (geoiptool.com) || md5,04f02d7fea812ef78d2340015c5d768e
1 || 2015501 || 4 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - Checkin Response || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2
1 || 2015502 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox -ProxyBotCommand - CHECK_ME || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2
1 || 2015503 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - .com.tw/check_version.php || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2
1 || 2015504 || 4 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - POST 1-letter.php || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2
1 || 2015505 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - getiplist.php || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2
1 || 2015506 || 3 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - get_servers.php || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2
1 || 2015508 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - botinfo.php || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2
1 || 2015509 || 3 || trojan-activity || 0 || ET DELETED ProxyBox - HTTP CnC - proxy_info.php || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2
1 || 2015510 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox - ProxyBotCommand - I_AM || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2
1 || 2015511 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox - ProxyBotCommand - FORCE_AUTHENTICATION* || url,www.symantec.com/security_response/writeup.jsp?docid=2012-071005-4515-99&tabid=2
1 || 2015512 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Urlzone/Bebloh/Bublik Checkin /was/vas.php || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fBublik.B || url,www.threatexpert.com/report.aspx?md5=3ccc73f049a1de731baf7ea8915c92a8 || url,www.threatexpert.com/report.aspx?md5=91ce41376a5b33059744cb58758213bb || url,www.threatexpert.com/report.aspx?md5=21880326089f2eab466128974fc70d24
1 || 2015513 || 3 || trojan-activity || 0 || ET EXPLOIT Potential RoaringBeast ProFTPd Exploit Specific config files upload || url,www.exploit-db.com/exploits/18181/ || url,stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html
1 || 2015514 || 2 || trojan-activity || 0 || ET EXPLOIT Potential RoaringBeast ProFTPd Exploit nsswitch.conf Upload || url,www.exploit-db.com/exploits/18181/ || url,stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html
1 || 2015515 || 2 || trojan-activity || 0 || ET EXPLOIT Potential RoaringBeast ProFTPd Exploit Specific (CHMOD 777) || url,www.exploit-db.com/exploits/18181/ || url,stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html
1 || 2015516 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit PluginDetect Rename Saigon
1 || 2015517 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS .HTM being served from WP 1-flash-gallery Upload DIR (likely malicious)
1 || 2015518 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS .PHP being served from WP 1-flash-gallery Upload DIR (likely malicious)
1 || 2015519 || 6 || trojan-activity || 0 || ET DELETED Blackhole Landing Page Split String Obfuscated Math Floor - July 19th 2012
1 || 2015520 || 4 || trojan-activity || 0 || ET DELETED Blackhole Landing Page Applet Structure
1 || 2015521 || 2 || trojan-activity || 0 || ET TROJAN Pakes2 - Server Hello
1 || 2015522 || 2 || trojan-activity || 0 || ET TROJAN Pakes2 - Client Alive
1 || 2015523 || 3 || trojan-activity || 0 || ET TROJAN Pakes2 - Checkin - /test.php
1 || 2015524 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 3) || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/
1 || 2015525 || 4 || trojan-activity || 0 || ET DELETED Blackhole try eval prototype string splitting evasion Jul 24 2012
1 || 2015526 || 3 || bad-unknown || 0 || ET WEB_SERVER Fake Googlebot UA 1 Inbound || url,www.incapsula.com/the-incapsula-blog/item/369-was-that-really-a-google-bot-crawling-my-site || url,support.google.com/webmasters/bin/answer.py?hl=en&answer=1061943
1 || 2015527 || 2 || network-scan || 0 || ET WEB_SERVER Fake Googlebot UA 2 Inbound || url,www.incapsula.com/the-incapsula-blog/item/369-was-that-really-a-google-bot-crawling-my-site || url,support.google.com/webmasters/bin/answer.py?hl=en&answer=1061943
1 || 2015528 || 4 || trojan-activity || 0 || ET TROJAN Win32.Agent2.fher Related User-Agent (Microsoft Internet Updater) || md5,2c832d51e4e72dc3939c224cc282152c
1 || 2015529 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Googlebot User-Agent Outbound (likely malicious)
1 || 2015530 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to RunForestRun DGA Domain 16-alpha.waw.pl || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015531 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to RunForestRun DGA Domain 16-alpha.waw.pl || url,blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/ || url,blog.opendns.com/2012/07/10/opendns-security-team-blackhole-exploit/
1 || 2015532 || 2 || trojan-activity || 0 || ET TROJAN Generic - ProxyJudge Reverse Proxy Scoring Activity
1 || 2015533 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Karagany checkin (sid5 1)
1 || 2015534 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Karagany checkin (sid5 2)
1 || 2015535 || 3 || trojan-activity || 0 || ET TROJAN ZeroAccess HTTP GET request
1 || 2015536 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress featurific-for-wordpress plugin snum parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/107256/WordPress-Featurific-Cross-Site-Scripting.html
1 || 2015537 || 2 || attempted-user || 0 || ET ACTIVEX Possible Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute || url,packetstormsecurity.org/files/82969/Symantec-AppStream-LaunchObj-ActiveX-Control-Arbitrary-File-Download-and-Execute..html
1 || 2015538 || 2 || attempted-user || 0 || ET ACTIVEX Possible WinZip FileView ActiveX CreateNewFolderFromName Method Access Buffer Overflow || url,packetstormsecurity.org/files/83024/WinZip-FileView-WZFILEVIEW.FileViewCtrl.61-ActiveX-Buffer-Overflow.html
1 || 2015539 || 2 || attempted-user || 0 || ET ACTIVEX Possible WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow 2 || url,packetstormsecurity.org/files/83024/WinZip-FileView-WZFILEVIEW.FileViewCtrl.61-ActiveX-Buffer-Overflow.html
1 || 2015540 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_picasa2gallery controller parameter Local File Inclusion vulnerability || url,packetstormsecurity.org/files/90915/Joomla-Picasa2Gallery-1.2.8-Local-File-Inclusion.html
1 || 2015541 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Commentics id parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/113996/Commentics-2.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
1 || 2015542 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress clickdesk-live-support-chat plugin cdwidgetid parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/107255/WordPress-Clickdesk-Live-Support-Chat-Cross-Site-Scripting.html
1 || 2015543 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpProfiles menu Parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/114971/phpProfiles-4.5.4-Beta-XSS-RFI-SQL-Injection.html
1 || 2015544 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpProfiles topic_title parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/114971/phpProfiles-4.5.4-Beta-XSS-RFI-SQL-Injection.html
1 || 2015545 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla PollXT component Itemid parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/94681/Joomla-PollXT-Local-File-Inclusion.html
1 || 2015546 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan Cridex checkin || url,blog.webroot.com/2012/07/13/spamvertised-american-airlines-themed-emails-lead-to-black-hole-exploit-kit/ || url,stopmalvertising.com/rootkits/analysis-of-cridex.html
1 || 2015547 || 3 || trojan-activity || 0 || ET TROJAN Pakes2 - EXE Download Request
1 || 2015548 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack Exploit Kit Landing Page
1 || 2015549 || 5 || trojan-activity || 0 || ET DELETED g01pack Exploit Kit Landing Page 2
1 || 2015550 || 1 || bad-unknown || 0 || ET DNS Query for a Suspicious *.upas.su domain
1 || 2015551 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP Request to a *.upas.su domain
1 || 2015552 || 2 || trojan-activity || 0 || ET SCAN HTExploit Method || url,www.mkit.com.ar/labs/htexploit/download.php
1 || 2015553 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Fake-AV Conditional Redirect (Blackmuscats) || url,blog.sucuri.net/2012/07/blackmuscats-conditional-redirections-to-faveav.html/
1 || 2015554 || 19 || attempted-admin || 0 || ET WEB_CLIENT Potential MSXML2.DOM Document.3.0 Uninitialized Memory Corruption Attempt || cve,CVE-2012-1889
1 || 2015555 || 18 || attempted-admin || 0 || ET WEB_CLIENT Potential MSXML2.DOMDocument.4-6.0 Uninitialized Memory Corruption CVE-2012-1889 || cve,CVE-2012-1889
1 || 2015556 || 20 || attempted-user || 0 || ET WEB_CLIENT Potential MSXML2.DOMDocument ActiveXObject Uninitialized Memory Corruption Attempt || cve,CVE-2012-1889
1 || 2015557 || 6 || attempted-user || 0 || ET WEB_CLIENT Potential MSXML2.FreeThreadedDOMDocument Uninitialized Memory Corruption Attempt || cve,2012-1889
1 || 2015558 || 4 || trojan-activity || 0 || ET DELETED g01pack Exploit Kit Landing Page 3
1 || 2015559 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Cridex Self Signed SSL Certificate (TR, Some-State, Internet Widgits)
1 || 2015560 || 3 || bad-unknown || 0 || ET TROJAN Suspicious Self Signed SSL Certificate to (MyCompany Ltd) likely Shylock CnC
1 || 2015561 || 2 || bad-unknown || 0 || ET INFO PDF Using CCITTFax Filter || url,nakedsecurity.sophos.com/2012/04/05/ccittfax-pdf-malware/ || url,blog.fireeye.com/research/2012/07/analysis-of-a-different-pdf-malware.html#more
1 || 2015562 || 2 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Jorik.Totem.vg HTTP request || md5,cf5df13f8498326f1c6407749b3fe160
1 || 2015563 || 3 || attempted-user || 0 || ET ACTIVEX Possible BarCodeWiz BarcodeWiz.dll ActiveX Control Barcode Method Remote Buffer Overflow Attempt || url,securityfocus.com/bid/54701
1 || 2015564 || 2 || attempted-user || 0 || ET ACTIVEX Possible BarCodeWiz (BARCODEWIZLib.BarCodeWiz) ActiveX Control Buffer Overflow || url,securityfocus.com/bid/54701
1 || 2015565 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ManageEngine Applications Manager attributeToSelect parameter Cross-Site Script Attempt || url,securityfocus.com/bid/54759/
1 || 2015566 || 2 || attempted-user || 0 || ET ACTIVEX Possible AOL ICQ ActiveX Control DownloadAgent Method Access Arbitrary File Download and Execute || url,packetstormsecurity.org/files/83020/America-Online-ICQ-ActiveX-Control-Arbitrary-File-Download-and-Execute..html
1 || 2015567 || 2 || attempted-user || 0 || ET ACTIVEX Possible AOL ICQ ActiveX Control DownloadAgent Method Access Arbitrary File Download and Execute 2 || url,packetstormsecurity.org/files/83020/America-Online-ICQ-ActiveX-Control-Arbitrary-File-Download-and-Execute..html
1 || 2015568 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_jeformcr view parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/94549/Joomla-Jeformcr-Local-File-Inclusion.html
1 || 2015569 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Bsadv controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/94540/Joomla-Basdv-Local-File-Inclusion-Directory-Traversal.html
1 || 2015570 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_mailchimpccnewsletter controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/95332/Joomla-MailChimpCCNewsletter-Local-File-Inclusion.html
1 || 2015571 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS pragmaMx img_url parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/113035/pragmaMx-1.12.1-Cross-Site-Scripting.html
1 || 2015572 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TEMENOS T24 skin parameter Cross-Site Scripting Attempt || url,packetstormsecurity.org/files/115126/Temenos-T24-R07.03-Cross-Site-Scripting.html
1 || 2015573 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Yszz JS/Encryption (Used in KaiXin Exploit Kit) || url,kahusecurity.com/2012/new-chinese-exploit-pack/
1 || 2015574 || 4 || attempted-user || 0 || ET CURRENT_EVENTS DoSWF Flash Encryption (Used in KaiXin Exploit Kit) || url,kahusecurity.com/2012/new-chinese-exploit-pack/
1 || 2015575 || 11 || attempted-user || 0 || ET CURRENT_EVENTS KaiXin Exploit Kit Java Class || url,kahusecurity.com/2012/new-chinese-exploit-pack/
1 || 2015576 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to tor2web.org Domain (.onion proxy) || url,tor2web.org
1 || 2015577 || 3 || trojan-activity || 0 || ET TROJAN W32/Lile.A DoS Outbound || url,symantec.com/security_response/writeup.jsp?docid=2005-101311-0945-99&tabid=2 || md5,d6d0cd7eca2cef5aad66efbd312a7987
1 || 2015578 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Obfuscated Javascript redirecting to badness August 6 2012
1 || 2015579 || 10 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Landing Page Structure
1 || 2015580 || 5 || trojan-activity || 0 || ET DELETED Blackhole Replace JavaScript Large Obfuscated Blob - August 3rd 2012
1 || 2015581 || 1 || trojan-activity || 0 || ET TROJAN Atadommoc.C - HTTP CnC
1 || 2015582 || 5 || trojan-activity || 0 || ET DELETED Blackhole Redirection Page You Will Be Forwarded - 7th August 2012
1 || 2015583 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FoxxySoftware - Comments || url,blog.eset.com/2012/08/07/foxxy-software-outfoxed
1 || 2015584 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS FoxxySoftware - Comments(2) || url,blog.eset.com/2012/08/07/foxxy-software-outfoxed
1 || 2015585 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FoxxySoftware - Hit Counter Access || url,blog.eset.com/2012/08/07/foxxy-software-outfoxed
1 || 2015586 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Redirection Page Try Math.Round Catch - 7th August 2012
1 || 2015587 || 2 || trojan-activity || 0 || ET TROJAN MP-FormGrabber Checkin || url,www.xylibox.com/2012/08/mp-formgrabber.html?spref=tw
1 || 2015588 || 5 || misc-activity || 0 || ET POLICY Suspicious Windows Executable WriteProcessMemory || url,sans.org/reading_room/whitepapers/malicious/rss/_33649 || url,jessekornblum.livejournal.com/284641.html || url,msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
1 || 2015589 || 5 || misc-activity || 0 || ET POLICY Suspicious Windows Executable CreateRemoteThread || url,sans.org/reading_room/whitepapers/malicious/rss_33649 || url,jessekornblum.livejournal.com/284641.html || url,msdn.microsoft.com/en-us/library/windows/desktop/ms682437%28v=vs.85%29.aspx
1 || 2015590 || 7 || trojan-activity || 0 || ET DELETED Blackhole Landing Page Intial Structure - 8th August 2012
1 || 2015591 || 4 || trojan-activity || 0 || ET DELETED Potential Blackhole Zeus Drop - 8th August 2012
1 || 2015592 || 4 || trojan-activity || 0 || ET DELETED Blackhole Specific JavaScript Replace hwehes - 8th August 2012
1 || 2015593 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sutra TDS /simmetry || url,blog.sucuri.net/2012/08/very-good-malware-redirection.html
1 || 2015594 || 2 || trojan-activity || 0 || ET TROJAN FinFisher Malware Connection Initialization || url,community.rapid7.com/community/infosec/blog/2012/08/08/finfisher
1 || 2015595 || 2 || trojan-activity || 0 || ET TROJAN FinFisher Malware Connection Handshake || url,community.rapid7.com/community/infosec/blog/2012/08/08/finfisher
1 || 2015596 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown .rr.nu Malware landing page || url,isc.sans.edu/diary.html?storyid=13864
1 || 2015597 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.gowin7.com || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution
1 || 2015598 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.secuurity.net || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution
1 || 2015599 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.bestcomputeradvisor.com || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution
1 || 2015600 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.dotnetadvisor.info || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution
1 || 2015601 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.dataspotlight.net || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution
1 || 2015602 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.guest-access.net || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution
1 || 2015603 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY SPL - Java Exploit Requested - /spl_data/
1 || 2015604 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY SPL - Java Exploit Requested .jar Naming Pattern
1 || 2015605 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY SPL - Landing Page Received
1 || 2015606 || 2 || attempted-user || 0 || ET ACTIVEX Possible HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution || url,1337day.com/exploits/17395
1 || 2015607 || 2 || attempted-user || 0 || ET ACTIVEX Possible HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution 2 || url,1337day.com/exploits/17395
1 || 2015608 || 2 || attempted-user || 0 || ET ACTIVEX Possible Kazaa Altnet Download Manager ActiveX Control Install Method Access Buffer Overflow || url,packetstormsecurity.org/files/83086/Kazaa-Altnet-Download-Manager-ActiveX-Control-Buffer-Overflow.html
1 || 2015609 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Advanced Text Widget plugin  page parameter Cross-Site Script Attempt || url,packetstormsecurity.org/files/107192/WordPress-Advanced-Text-Widget-Cross-Site-Scripting.html
1 || 2015610 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Lanoba Social plugin action parameter Cross-Site Script Attempt || url,packetstormsecurity.org/files/107191/WordPress-Lanoba-Social-Cross-Site-Scripting.html
1 || 2015611 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla je-media-player view parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/91171/Joomla-JE-Media-Player-Local-File-Inclusion.html
1 || 2015612 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dirLIST show_scaled_image.php Local File Inclusion Attempt || url,packetstormsecurity.org/files/115381/dirLIST-0.3.0-Local-File-Inclusion.html
1 || 2015613 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS dirLIST thumb_gen.php Local File Inclusion Attempt || url,packetstormsecurity.org/files/115381/dirLIST-0.3.0-Local-File-Inclusion.html
1 || 2015614 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS BaglerCMS articleID parameter Cross-Site Script Attempt || url,1337day.com/exploits/18221
1 || 2015615 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress LiveGrounds plugin uid parameter Cross-Site Script Attempt || url,1337day.com/exploits/18932
1 || 2015616 || 3 || trojan-activity || 0 || ET TROJAN DOCHTML C&C http directive in HTML comments || url,blog.accuvantlabs.com/blog/dgrif/anatomy-targeted-attack
1 || 2015617 || 2 || trojan-activity || 0 || ET TROJAN Smardf/Boaxxe GET to cc.php3 || md5,f856b4c526c3e5cee9d47df59295d2e1 || md5,232b4dbed0453e2a952630fb1076248f
1 || 2015618 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Gauss Domain *.datajunction.org || url,www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution
1 || 2015619 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole/Cool jnlp URI Struct
1 || 2015620 || 5 || trojan-activity || 0 || ET DELETED Blackhole Landing Page JavaScript Replace - 13th August 2012
1 || 2015621 || 4 || trojan-activity || 0 || ET DELETED Blackhole Landing Page ChildNodes.Length - August 13th 2012
1 || 2015622 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Landing Page Hwehes String - August 13th 2012
1 || 2015623 || 2 || trojan-activity || 0 || ET TROJAN Urlzone/Bebloh/Bublik Checkin /was/uid.php || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fBublik.B || url,www.threatexpert.com/report.aspx?md5=3ccc73f049a1de731baf7ea8915c92a8 || url,www.threatexpert.com/report.aspx?md5=91ce41376a5b33059744cb58758213bb || url,www.threatexpert.com/report.aspx?md5=21880326089f2eab466128974fc70d24
1 || 2015625 || 2 || web-application-attack || 0 || ET WEB_SERVER Magento XMLRPC-Exploit Attempt || url,www.magentocommerce.com/blog/comments/important-security-update-zend-platform-vulnerability/ || url,www.magentocommerce.com/blog/update-zend-framework-vulnerability-security-update || url,www.exploit-db.com/exploits/19793/
1 || 2015627 || 4 || trojan-activity || 0 || ET DELETED Backdoor.Win32.Gh0st Checkin (6 Byte keyword) || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || url,labs.alienvault.com/labs/index.php/2012/new-macontrol-variant-targeting-uyghur-users-the-windows-version-using-gh0st-rat/ || url,www.infowar-monitor.net/2009/09/tracking-ghostnet-investigating-a-cyber-espionage-network/ || url,blogs.rsa.com/will-gragido/lions-at-the-watering-hole-the-voho-affair/
1 || 2015628 || 4 || trojan-activity || 0 || ET DELETED Backdoor.Win32.Gh0st Checkin (7 Byte keyword) || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || url,labs.alienvault.com/labs/index.php/2012/new-macontrol-variant-targeting-uyghur-users-the-windows-version-using-gh0st-rat/ || url,www.infowar-monitor.net/2009/09/tracking-ghostnet-investigating-a-cyber-espionage-network/ || url,blogs.rsa.com/will-gragido/lions-at-the-watering-hole-the-voho-affair/
1 || 2015629 || 5 || trojan-activity || 0 || ET TROJAN Cridex Response from exfiltrated data upload || url,www.virustotal.com/file/00bf5b6f32b6a8223b8e55055800ef7870f8acaed334cb12484e44489b2ace24/analysis/ || url,www.packetninjas.net
1 || 2015630 || 5 || trojan-activity || 0 || ET DELETED Possible XDocCrypt/Dorifel CnC IP || url,www.fox-it.com/en/blog/xdoccryptdorifel-document-encrypting-and-network-spreading-virus
1 || 2015631 || 6 || trojan-activity || 0 || ET DELETED Possible XDocCrypt/Dorifel Checkin || url,www.fox-it.com/en/blog/xdoccryptdorifel-document-encrypting-and-network-spreading-virus
1 || 2015632 || 4 || trojan-activity || 0 || ET TROJAN Shamoon/Wiper/DistTrack Checkin || url,www.symantec.com/connect/blogs/shamoon-attacks || url,www.securelist.com/en/blog/208193786/Shamoon_the_Wiper_Copycats_at_Work || url,kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23936/en_US/McAfee_Labs_Threat_Advisory_W32_DistTrack.pdf
1 || 2015633 || 2 || misc-activity || 0 || ET INFO DYNAMIC_DNS Query to Abused Domain *.mooo.com
1 || 2015634 || 3 || bad-unknown || 0 || ET INFO DYNAMIC_DNS HTTP Request to Abused Domain *.mooo.com
1 || 2015635 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Briba Checkin || url,labs.alienvault.com/labs/index.php/2012/cve-2012-1535-adobe-flash-being-exploited-in-the-wild/
1 || 2015636 || 4 || attempted-user || 0 || ET ACTIVEX Possible CA eTrust PestPatrol ActiveX Control Buffer Overflow || url,exploit-db.com/exploits/16630/
1 || 2015637 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MindTouch Deki Wiki link.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/115479/MindTouch-Deki-Wiki-10.1.3-Local-File-Inclusion-Remote-File-Inclusion.html
1 || 2015638 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MindTouch Deki Wiki deki_plugin.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/115479/MindTouch-Deki-Wiki-10.1.3-Local-File-Inclusion-Remote-File-Inclusion.html
1 || 2015639 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MindTouch Deki Wiki wgDekiPluginPath parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/115479/MindTouch-Deki-Wiki-10.1.3-Local-File-Inclusion-Remote-File-Inclusion.html
1 || 2015640 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MindTouch Deki Wiki link.php Local File Inclusion Attempt || url,packetstormsecurity.org/files/115479/MindTouch-Deki-Wiki-10.1.3-Local-File-Inclusion-Remote-File-Inclusion.html
1 || 2015641 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MindTouch Deki Wiki deki_plugin.php Local File Inclusion Attempt || url,packetstormsecurity.org/files/115479/MindTouch-Deki-Wiki-10.1.3-Local-File-Inclusion-Remote-File-Inclusion.html
1 || 2015642 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MindTouch Deki Wiki wgDekiPluginPath parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/115479/MindTouch-Deki-Wiki-10.1.3-Local-File-Inclusion-Remote-File-Inclusion.html
1 || 2015643 || 4 || attempted-user || 0 || ET ACTIVEX Possible Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow || url,exploit-db.com/exploits/16609/ || url,kb.cert.org/vuls/id/179281
1 || 2015644 || 3 || attempted-user || 0 || ET ACTIVEX Possible Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow 2 || url,exploit-db.com/exploits/16609/
1 || 2015645 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_g2bridge controller parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/90150/Joomla-G2Bridge-Local-File-Inclusion.html
1 || 2015646 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Kit seen with O1/O2.class /form
1 || 2015647 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Exploit Kit seen with O1/O2.class /search
1 || 2015648 || 7 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit Landing - Aug 21 2012
1 || 2015649 || 3 || trojan-activity || 0 || ET DELETED Fake AV base64 affid initial Landing or owned Check-In, asset owned if /callback/ in URI
1 || 2015651 || 3 || trojan-activity || 0 || ET DELETED Blackhole Javascript 23 Aug 2012 split join split applet
1 || 2015652 || 5 || trojan-activity || 0 || ET DELETED Blackhole Java applet with obfuscated URL 23 Aug 2012
1 || 2015653 || 4 || trojan-activity || 0 || ET TROJAN Rogue.Win32/Winwebsec Install || md5,c527fb441e204baa28a7dcbcd3d91cd1
1 || 2015654 || 5 || bad-unknown || 0 || ET DELETED Blackhole Landing try catch try catch math eval Aug 27 2012
1 || 2015655 || 5 || trojan-activity || 0 || ET DELETED 0day JRE 17 exploit Class 1 || url,blog.sucuri.net/2012/08/java-zero-day-in-the-wild.html
1 || 2015656 || 4 || trojan-activity || 0 || ET DELETED 0day JRE 17 exploit Class 2 || url,blog.sucuri.net/2012/08/java-zero-day-in-the-wild.html
1 || 2015657 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Metasploit Java Payload || url,blog.sucuri.net/2012/08/java-zero-day-in-the-wild.html || url,metasploit.com/modules/exploit/multi/browser/java_jre17_exec
1 || 2015658 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Metasploit Java Exploit || url,blog.sucuri.net/2012/08/java-zero-day-in-the-wild.html || url,metasploit.com/modules/exploit/multi/browser/java_jre17_exec
1 || 2015659 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Blackhole Admin bhadmin.php access Outbound
1 || 2015660 || 2 || attempted-user || 0 || ET CURRENT_EVENTS - Blackhole Admin Login Outbound
1 || 2015661 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Blackhole Admin bhadmin.php access Inbound
1 || 2015662 || 2 || attempted-user || 0 || ET CURRENT_EVENTS - Blackhole Admin Login Inbound
1 || 2015663 || 4 || attempted-user || 0 || ET DELETED NeoSploit - Obfuscated Payload Requested
1 || 2015664 || 3 || attempted-user || 0 || ET DELETED NeoSploit - PDF Exploit Requested
1 || 2015665 || 2 || attempted-user || 0 || ET CURRENT_EVENTS NeoSploit - TDS
1 || 2015666 || 4 || attempted-user || 0 || ET CURRENT_EVENTS NeoSploit - Version Enumerated - Java
1 || 2015667 || 2 || attempted-user || 0 || ET CURRENT_EVENTS NeoSploit - Version Enumerated - null
1 || 2015668 || 6 || attempted-user || 0 || ET CURRENT_EVENTS FlimKit/Other - Landing Page - 100HexChar value and applet
1 || 2015669 || 10 || attempted-user || 0 || ET CURRENT_EVENTS Malicious Redirect n.php h=*&s=* || url,0xicf.wordpress.com/category/security-updates/ || url,support.clean-mx.de/clean-mx viruses.php?domain=rr.nu&sort=first%20desc || url,urlquery.net/report.php?id=111302
1 || 2015670 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown Exploit Kit suspected Blackhole
1 || 2015671 || 9 || not-suspicious || 0 || ET INFO Adobe PDF in HTTP Flowbit Set || cve,CVE-2008-2992 || bugtraq,30035 || secunia,29773
1 || 2015672 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown Exploit Kit redirect
1 || 2015673 || 3 || trojan-activity || 0 || ET TROJAN Trojan.JS.QLP Checkin
1 || 2015674 || 3 || misc-activity || 0 || ET INFO 3XX redirect to data URL
1 || 2015675 || 3 || trojan-activity || 0 || ET INFO SimpleTDS go.php (sid)
1 || 2015676 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit Payload Download Request - Sep 04 2012
1 || 2015677 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura exploit kit binary download request /out.php
1 || 2015678 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura exploit kit exploit download request /view.php
1 || 2015679 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Probable Sakura exploit kit landing page with obfuscated URLs
1 || 2015680 || 9 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Nov 09 2012
1 || 2015681 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit with fast-flux like behavior hostile FQDN - Sep 05 2012
1 || 2015682 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit with fast-flux like behavior static initial landing - Sep 05 2012
1 || 2015683 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit with fast-flux like behavior hostile java archive - Sep 05 2012
1 || 2015684 || 4 || attempted-user || 0 || ET DELETED Blackhole alt URL request Sep 05 2012 bv6rcs3v1ithi.php?w= || url,urlquery.net/report.php?id=158608
1 || 2015686 || 2 || misc-activity || 0 || ET POLICY Signed TLS Certificate with md5WithRSAEncryption || url,www.win.tue.nl/hashclash/rogue-ca/ || url,ietf.org/rfc/rfc3280.txt || url,jensign.com/JavaScience/GetTBSCert/index.html || url,luca.ntop.org/Teaching/Appunti/asn1.html || url,news.netcraft.com/archives/2012/08/31/governments-and-banks-still-using-weak-md5-signed-ssl-certificates.html
1 || 2015687 || 2 || attempted-recon || 0 || ET POLICY Inbound /uploadify.php Access || url,blog.sucuri.net/2012/06/uploadify-uploadify-and-uploadify-the-new-timthumb.html
1 || 2015688 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Possible Remote PHP Code Execution (php.pjpg) || url,exploitsdownload.com/search/Arbitrary%20File%20Upload/27
1 || 2015689 || 2 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY NeoSploit - Java Exploit Requested
1 || 2015690 || 2 || attempted-user || 0 || ET CURRENT_EVENTS NeoSploit - Obfuscated Payload Requested
1 || 2015691 || 2 || attempted-user || 0 || ET CURRENT_EVENTS  NeoSploit - PDF Exploit Requested
1 || 2015692 || 3 || attempted-user || 0 || ET DELETED NeoSploit - TDS
1 || 2015693 || 2 || attempted-user || 0 || ET CURRENT_EVENTS NeoSploit - Version Enumerated - Java
1 || 2015694 || 2 || attempted-user || 0 || ET CURRENT_EVENTS NeoSploit - Version Enumerated - null
1 || 2015695 || 4 || attempted-user || 0 || ET CURRENT_EVENTS DRIVEBY Generic - 8Char.JAR Naming Algorithm
1 || 2015696 || 4 || trojan-activity || 0 || ET DELETED g01pack Exploit Kit Landing Page 4
1 || 2015697 || 3 || trojan-activity || 0 || ET DELETED Blackhole repetitive applet/code tag
1 || 2015698 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SPL Landing Page Requested
1 || 2015699 || 3 || trojan-activity || 0 || ET DELETED Unknown base64-style Java-based Exploit Kit using github as initial director
1 || 2015700 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Blackhole2 - URI Structure
1 || 2015701 || 3 || attempted-user || 0 || ET DELETED Blackhole2 - Landing Page Received
1 || 2015702 || 3 || attempted-recon || 0 || ET SCAN Brutus Scan Outbound
1 || 2015703 || 3 || attempted-recon || 0 || ET WEB_SERVER Brutus Scan Inbound
1 || 2015704 || 6 || attempted-user || 0 || ET CURRENT_EVENTS DoSWF Flash Encryption Banner
1 || 2015705 || 4 || trojan-activity || 0 || ET DELETED g01pack Exploit Kit Landing Page 6
1 || 2015706 || 4 || trojan-activity || 0 || ET DELETED g01pack Exploit Kit Landing Page 5
1 || 2015707 || 2 || misc-activity || 0 || ET INFO JAVA - document.createElement applet
1 || 2015708 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS - Applet Tag In Edwards Packed JavaScript
1 || 2015709 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Blackhole Landing to 7-8 chr folder plus index.htm or index.html
1 || 2015710 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Blackhole2 - Landing Page Received
1 || 2015711 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Internet Explorer execCommand function Use after free Vulnerability 0day || url,eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/ || cve,CVE-2012-4969
1 || 2015712 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Internet Explorer execCommand function Use after free Vulnerability 0day Metasploit || url,eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/ || cve,CVE-2012-4969
1 || 2015713 || 3 || trojan-activity || 0 || ET TROJAN Dapato Checkin 8 || md5,de7c781205d31f58a04d5acd13ff977d
1 || 2015714 || 2 || trojan-activity || 0 || ET TROJAN Mirage Campaign checkin || md5,ce1cdc9c95a6808945f54164b2e4d9d2 || url,secureworks.com/research/threats/the-mirage-campaign/
1 || 2015716 || 4 || attempted-user || 0 || ET DELETED Blackhole2 - Client reporting targeted software versions
1 || 2015717 || 3 || trojan-activity || 0 || ET TROJAN SSL Cert Used In Unknown Exploit Kit (ashburn)
1 || 2015718 || 2 || trojan-activity || 0 || ET TROJAN SSL Cert Used In Unknown Exploit Kit
1 || 2015719 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain palauone.com 09/20/12
1 || 2015720 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain traindiscover.com 09/20/12
1 || 2015721 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain manymanyd.com 09/20/12
1 || 2015722 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain whatandwhyeh.com 09/20/12
1 || 2015723 || 3 || trojan-activity || 0 || ET TROJAN ZeroAccess Checkin || url,sophos.com/en-us/medialibrary/PDFs/technical%20papers/Sophos_ZeroAccess_Botnet.pdf
1 || 2015724 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS pamdql Exploit Kit 09/25/12 Sending Jar
1 || 2015725 || 8 || trojan-activity || 0 || ET DELETED pamdql Exploit Kit 09/25/12 Sending PDF
1 || 2015726 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Access To mm-forms-community upload dir (Outbound) || url,www.exploit-db.com/exploits/18997/ || cve,2012-3574
1 || 2015727 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Access To mm-forms-community upload dir (Inbound) || url,www.exploit-db.com/exploits/18997/ || cve,2012-3574
1 || 2015728 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain bktwenty.com 09/20/12
1 || 2015729 || 2 || bad-unknown || 0 || ET DELETED DNS Query to Unknown CnC DGA Domain adbullion.com 09/20/12
1 || 2015730 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain sleeveblouse.com 09/20/12
1 || 2015731 || 3 || trojan-activity || 0 || ET DELETED g01pack Exploit Kit Landing Page 7
1 || 2015732 || 3 || trojan-activity || 0 || ET DELETED Blackhole2 - Landing Page Received - classid
1 || 2015733 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura exploit kit exploit download request /sarah.php
1 || 2015734 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura exploit kit exploit download request /nano.php
1 || 2015735 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Probable Sakura Java applet with obfuscated URL Sep 21 2012
1 || 2015736 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain defmaybe.com 09/25/12
1 || 2015737 || 5 || attempted-admin || 0 || ET CURRENT_EVENTS PHPMyAdmin BackDoor Access || url,www.phpmyadmin.net/home_page/security/PMASA-2012-5.php
1 || 2015738 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS pamdql obfuscated javascript --- padding
1 || 2015739 || 6 || bad-unknown || 0 || ET DELETED pamdql applet with obfuscated URL
1 || 2015740 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS MALVERTISING - Redirect To Blackhole - Push JavaScript
1 || 2015741 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query to Unknown CnC DGA Domain adbullion.com 09/26/12
1 || 2015742 || 1 || trojan-activity || 0 || ET TROJAN SSL Cert Used In Unknown Exploit Kit
1 || 2015743 || 1 || policy-violation || 0 || ET CURRENT_EVENTS Revoked Adobe Code Signing Certificate Seen || url,www.adobe.com/support/security/advisories/apsa12-01.html
1 || 2015744 || 2 || misc-activity || 0 || ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
1 || 2015745 || 2 || misc-activity || 0 || ET INFO EXE CheckRemoteDebuggerPresent (Used in Malware Anti-Debugging)
1 || 2015747 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible JBoss/JMX InvokerServlet Auth Bypass Attempt || cve,CVE-2007-1036 || url,exploit-db.com/exploits/21080/
1 || 2015748 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Anti-Hacking Tool || md5,93443e59c473b89b5afad940a843982a || url,eff.org/deeplinks/2012/08/syrian-malware-post
1 || 2015749 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible Oracle SQL Injection utl_inaddr call in URI
1 || 2015750 || 4 || trojan-activity || 0 || ET DELETED SofosFO/NeoSploit possible landing page 10/01/12
1 || 2015751 || 4 || trojan-activity || 0 || ET DELETED SofosFO/NeoSploit possible landing page 10/01/12 (2)
1 || 2015752 || 3 || trojan-activity || 0 || ET DELETED Windows EXE with alternate byte XOR 51 - possible SofosFO/NeoSploit download
1 || 2015753 || 3 || trojan-activity || 0 || ET TROJAN Pincav.cjvb Checkin || md5,1e5499640ca31e4b1f113b97a0cae08b
1 || 2015754 || 2 || attempted-recon || 0 || ET SCAN Nessus Netbios Scanning || url,www.tenable.com/products/nessus/nessus-product-overview
1 || 2015755 || 3 || attempted-user || 0 || ET WEB_SERVER Image Content-Type with Obfuscated PHP (Seen with C99 Shell) || url,malwaremustdie.blogspot.jp/2012/10/how-far-phpc99shell-malware-can-go-from.html
1 || 2015756 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Trojan Downloader GetBooks UA
1 || 2015757 || 2 || policy-violation || 0 || ET POLICY AskSearch Toolbar Spyware User-Agent (AskTBar) 2
1 || 2015758 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack Exploit Kit Landing Page (2)
1 || 2015759 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (4)
1 || 2015780 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Zbot UA
1 || 2015781 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Java Exploit Kit 32-32 byte hex initial landing
1 || 2015782 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Other Java Exploit Kit 32-32 byte hex hostile jar
1 || 2015783 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS BegOp Exploit Kit Payload
1 || 2015785 || 4 || bad-unknown || 0 || ET DELETED pamdql obfuscated javascript _222_ padding
1 || 2015786 || 3 || trojan-activity || 0 || ET TROJAN Ransom.Win32.Birele.gsg Checkin || md5,116aaaa5765228d61501322b02a6a3b1 || md5,2e66f39a263cb2e95425847b60ee2a93 || md5,0ea9b34e9d77b5a4ef5170406ed1aaed
1 || 2015787 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole/Cool eot URI Struct
1 || 2015788 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS BegOpEK - Landing Page
1 || 2015789 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS BegOpEK - TDS - icon.php
1 || 2015790 || 2 || attempted-user || 0 || ET WEB_CLIENT Microsoft Rich Text File download - SET || cve,2012-0183
1 || 2015791 || 4 || trojan-activity || 0 || ET POLICY archive.org heritix Crawler User-Agent (Outbound) || md5,9fcbd8ebbbafdb0f64805f2c9a53fb7b || url,crawler.archive.org/index.html
1 || 2015792 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Scalaxy Secondary Landing Page 10/11/12
1 || 2015793 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Scalaxy Java Exploit 10/11/12
1 || 2015794 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PhpTax Possible Remote Code Exec
1 || 2015796 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole/Cool Jar URI Struct
1 || 2015797 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 2 Landing Page (3)
1 || 2015798 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole/Cool EXE URI Struct
1 || 2015799 || 6 || trojan-activity || 0 || ET TROJAN Win32.Fareit.A/Pony Downloader Checkin (2) || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS%3aWin32%2fFareit.A || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=PWS%3aWin32%2fFareit || url,www.threatexpert.com/report.aspx?md5=99fab94fd824737393f5184685e8edf2 || url,www.threatexpert.com/report.aspx?md5=9544c681ae5c4fe3fdbd4d5c6c90e38e || url,www.threatexpert.com/report.aspx?md5=d50c39753ba88daa00bc40848f174168 || url,www.threatexpert.com/report.aspx?md5=bf422f3aa215d896f55bbe2ebcd25d17
1 || 2015800 || 7 || trojan-activity || 0 || ET TROJAN Dorkbot GeoIP Lookup to wipmania
1 || 2015801 || 4 || bad-unknown || 0 || ET DELETED pamdql obfuscated javascript -_-- padding
1 || 2015802 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 2 Landing Page (5)
1 || 2015803 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Blackhole/Cool Landing URI Struct || url,fortknoxnetworks.blogspot.com/2012/10/blackhhole-exploit-kit-v-20-url-pattern.html
1 || 2015804 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole 2 PDF Exploit || url,fortknoxnetworks.blogspot.com/2012/10/blackhhole-exploit-kit-v-20-url-pattern.html
1 || 2015805 || 2 || trojan-activity || 0 || ET TROJAN Mini-Flame v 4.x C2 HTTP request || url,www.securelist.com/en/analysis/204792247/miniFlame_aka_SPE_Elvis_and_his_friends
1 || 2015806 || 2 || trojan-activity || 0 || ET TROJAN Mini-Flame v 5.x C2 HTTP request || url,www.securelist.com/en/analysis/204792247/miniFlame_aka_SPE_Elvis_and_his_friends
1 || 2015807 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Pushdo.s Checkin || md5,58ffe2b79be4e789be80f92b7f96e20c
1 || 2015808 || 3 || trojan-activity || 0 || ET TROJAN Taidoor Checkin
1 || 2015809 || 5 || trojan-activity || 0 || ET WEB_CLIENT Adobe Flash Vuln (CVE-2012-1535 Uncompressed) Exploit Specific
1 || 2015810 || 2 || trojan-activity || 0 || ET WEB_CLIENT Adobe Flash Vuln (CVE-2012-1535 Uncompressed) Exploit Specific
1 || 2015811 || 2 || web-application-activity || 0 || ET WEB_SERVER FaTaLisTiCz_Fx Webshell Detected
1 || 2015812 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO Jar file 10/17/12
1 || 2015813 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Torpig Sinkhole Domain (Possible Infected Host) || url,www.sysenter-honeynet.org/?p=269
1 || 2015814 || 12 || trojan-activity || 0 || ET TROJAN Win32/Fujacks Activity
1 || 2015815 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Font File Download (32-bit Host) Dec 11 2012
1 || 2015816 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Font File Download (64-bit Host) Dec 11 2012
1 || 2015817 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole2 Non-Vulnerable Client Fed Fake Flash Executable || url,research.zscaler.com/2012/10/blackhole-exploit-kit-v2-on-rise.html
1 || 2015818 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack Exploit Kit .homeip. Landing Page
1 || 2015819 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack Exploit Kit .homelinux. Landing Page
1 || 2015820 || 3 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 7 User-Agent
1 || 2015821 || 3 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 8 User-Agent
1 || 2015822 || 3 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 9 User-Agent
1 || 2015823 || 6 || bad-unknown || 0 || ET DELETED Blackhole Java applet with obfuscated URL Oct 19 2012
1 || 2015824 || 6 || trojan-activity || 0 || ET TROJAN GeckaSeka User-Agent
1 || 2015825 || 8 || trojan-activity || 0 || ET TROJAN Zeus/Citadel Control Panel Access (Outbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html
1 || 2015826 || 8 || trojan-activity || 0 || ET TROJAN Zeus/Citadel Control Panel Access (Inbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html
1 || 2015827 || 6 || trojan-activity || 0 || ET TROJAN Citadel API Access Iframer Controller (Outbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html
1 || 2015828 || 7 || trojan-activity || 0 || ET TROJAN Citadel API Access IFramer Controller (Inbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html
1 || 2015829 || 6 || trojan-activity || 0 || ET TROJAN Citadel API Access VNC Controller (Outbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html
1 || 2015830 || 6 || trojan-activity || 0 || ET TROJAN Citadel API Access VNC Controller (Inbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html
1 || 2015831 || 6 || trojan-activity || 0 || ET TROJAN Citadel API Access Bot Controller (Outbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html
1 || 2015832 || 6 || trojan-activity || 0 || ET TROJAN Citadel API Access Bot Controller (Inbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html
1 || 2015833 || 6 || trojan-activity || 0 || ET TROJAN Citadel API Access Video Controller (Outbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html
1 || 2015834 || 7 || trojan-activity || 0 || ET TROJAN Citadel API Access Video Controller (Inbound) || url,xylithreats.free.fr/public/ || url,www.xylibox.com/2012/10/citadel-1351-rain-edition.html
1 || 2015835 || 6 || trojan-activity || 0 || ET TROJAN Smoke Loader C2 Response
1 || 2015836 || 6 || successful-user || 0 || ET CURRENT_EVENTS Blackhole 2.0 Binary Get Request || url,fortknoxnetworks.blogspot.be/2012/10/blackhole-20-binary-get-request.html
1 || 2015837 || 2 || trojan-activity || 0 || ET TROJAN SSL Cert Used In Unknown Exploit Kit
1 || 2015840 || 3 || successful-user || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Landing Page
1 || 2015841 || 3 || successful-user || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Landing Page
1 || 2015842 || 2 || misc-activity || 0 || ET INFO LLNMR query response to wpad
1 || 2015843 || 5 || trojan-activity || 0 || ET DELETED Blackhole request for file containing Java payload URIs (1)
1 || 2015844 || 4 || trojan-activity || 0 || ET DELETED Blackhole file containing obfuscated Java payload URIs
1 || 2015845 || 4 || bad-unknown || 0 || ET DELETED pamdql obfuscated javascript __-_ padding
1 || 2015846 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS NeoSploit Jar with three-letter class names
1 || 2015847 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO/NeoSploit possible second stage landing page
1 || 2015848 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Imposter USPS Domain
1 || 2015849 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Metasploit CVE-2012-1723 Path (Seen in Unknown EK) 10/29/12
1 || 2015850 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Georgian Targeted Attack - Trojan Checkin || md5,d4af87ba30c59d816673df165511e466 || url,dea.gov.ge/uploads/CERT%20DOCS/Cyber%20Espionage.pdf
1 || 2015851 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Georgian Targeted Attack - Client Request || md5,d4af87ba30c59d816673df165511e466 || url,dea.gov.ge/uploads/CERT%20DOCS/Cyber%20Espionage.pdf
1 || 2015852 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Georgian Targeted Attack - Server Response || md5,d4af87ba30c59d816673df165511e466 || url,dea.gov.ge/uploads/CERT%20DOCS/Cyber%20Espionage.pdf
1 || 2015853 || 2 || trojan-activity || 0 || ET TROJAN Georbot requesting update
1 || 2015854 || 2 || trojan-activity || 0 || ET TROJAN Georbot initial checkin
1 || 2015855 || 2 || trojan-activity || 0 || ET TROJAN Georbot checkin
1 || 2015856 || 5 || policy-violation || 0 || ET SNMP Attempt to retrieve Cisco Config via TFTP (CISCO-CONFIG-COPY)
1 || 2015857 || 4 || policy-violation || 0 || ET TFTP Outbound TFTP Data Transfer with Cisco config
1 || 2015858 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Sakura/RedKit obfuscated URL
1 || 2015859 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Metasploit CVE-2012-1723 Attacker.class (Seen in Unknown EK) 11/01/12
1 || 2015860 || 8 || trojan-activity || 0 || ET TROJAN System Progressive Detection FakeAV (INTEL) || md5,76bea2200601172ebc2374e4b418c63a
1 || 2015861 || 7 || trojan-activity || 0 || ET TROJAN System Progressive Detection FakeAV (AMD) || md5,76bea2200601172ebc2374e4b418c63a
1 || 2015862 || 3 || trojan-activity || 0 || ET TROJAN Potentially Unwanted Program RebateInformerSetup.exe Download Reporting || url,www.ripoffreport.com/directory/rebategiant-com.aspx
1 || 2015863 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole request for file containing Java payload URIs (2)
1 || 2015864 || 3 || attempted-user || 0 || ET DELETED Blackhole 2.0 PDF GET request || url,fortknoxnetworks.blogspot.com/2012/11/deeper-into-blackhole-urls-and-dialects.html
1 || 2015865 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Self-Singed SSL Cert Used in Conjunction with Neosploit
1 || 2015866 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sophos PDF Standard Encryption Key Length Buffer Overflow
1 || 2015867 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sophos PDF Standard Encryption Key Length Buffer Overflow
1 || 2015868 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.ADDNEW (DarKDdoser) CnC 1 || url,blog.fireeye.com/research/2012/11/backdooraddnew-darkddoser-and-gh0st-a-match-made-in-heaven.html || md5,691305b05ae75389526aa7c15b319c3b
1 || 2015869 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.ADDNEW (DarKDdoser) CnC 2 || url,blog.fireeye.com/research/2012/11/backdooraddnew-darkddoser-and-gh0st-a-match-made-in-heaven.html || md5,691305b05ae75389526aa7c15b319c3b
1 || 2015870 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.ADDNEW (DarKDdoser) CnC 3 || url,blog.fireeye.com/research/2012/11/backdooraddnew-darkddoser-and-gh0st-a-match-made-in-heaven.html || md5,691305b05ae75389526aa7c15b319c3b
1 || 2015871 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole request for file containing Java payload URIs (3)
1 || 2015872 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole request for Payload
1 || 2015873 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Cool Exploit Kit Requesting Payload
1 || 2015874 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Known Reveton Domain HTTP whatwillber.com
1 || 2015875 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Known Reveton Domain whatwillber.com
1 || 2015876 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO Jar file 09 Nov 12
1 || 2015877 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16/32-hex/a-z.php Landing Page URI
1 || 2015878 || 2 || policy-violation || 0 || ET POLICY Maxmind geoip check to /app/geoip.js
1 || 2015881 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS KaiXin Exploit Kit Landing Page NOP String || url,ondailybasis.com/blog/?p=1610
1 || 2015882 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS KaiXin Exploit Kit Landing Page parseInt Javascript Replace || url,ondailybasis.com/blog/?p=1610
1 || 2015883 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Java Exploit Campaign SetAttribute Java Applet || url,ondailybasis.com/blog/?p=1593
1 || 2015884 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack Landing Page
1 || 2015885 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack - No Java URI - Dot.class
1 || 2015886 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CirtXPack - No Java URI - /a.Test
1 || 2015887 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible exploitation of CVE-2012-5076 by an exploit kit Nov 13 2012
1 || 2015888 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit Kit 32 byte hex with trailing digit java payload request
1 || 2015889 || 9 || trojan-activity || 0 || ET DELETED SofosFO/NeoSploit possible second stage landing page (1)
1 || 2015890 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - Landing Page - FlashExploit
1 || 2015891 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - Landing Page - Title
1 || 2015892 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - PDF Exploit - pdf_new.php
1 || 2015893 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - PDF Exploit - pdf_old.php
1 || 2015894 || 2 || trojan-activity || 0 || ET TROJAN Unknown FakeAV - /get/*.crp
1 || 2015895 || 2 || trojan-activity || 0 || ET TROJAN Unknown_comee.pl - POST with stpfu in http_client_body
1 || 2015896 || 3 || trojan-activity || 0 || ET TROJAN Andromeda Check-in Response
1 || 2015897 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Possible TDS Exploit Kit /flow redirect at .ru domain
1 || 2015898 || 5 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 1 User-Agent
1 || 2015899 || 3 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 2 User-Agent
1 || 2015900 || 4 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 3 User-Agent
1 || 2015901 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) - Landing Page - Java ClassID and 32HexChar.jar
1 || 2015902 || 7 || trojan-activity || 0 || ET TROJAN Win32/Kuluoz.B CnC || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf
1 || 2015903 || 5 || trojan-activity || 0 || ET TROJAN Win32/Kuluoz.B CnC 2 || md5,a88ba0c2b30afba357ebb38df9898f9e || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf
1 || 2015904 || 5 || trojan-activity || 0 || ET TROJAN Win32/Kuluoz.B CnC 3 || md5,a88ba0c2b30afba357ebb38df9898f9e || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf
1 || 2015905 || 2 || attempted-user || 0 || ET CURRENT_EVENTS WSO - WebShell Activity - WSO Title
1 || 2015906 || 2 || attempted-user || 0 || ET CURRENT_EVENTS WSO - WebShell Activity - POST structure
1 || 2015907 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS BoA -Account Phished
1 || 2015908 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS BoA - PII Phished
1 || 2015909 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS - BoA - Creds Phished
1 || 2015910 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Remax - AOL Creds
1 || 2015911 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Remax - Yahoo Creds
1 || 2015912 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Remax - Gmail Creds
1 || 2015913 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Remax - Hotmail Creds
1 || 2015914 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Remax - Other Creds
1 || 2015915 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Landing Pattern (1)
1 || 2015916 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Landing Pattern (2)
1 || 2015917 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - D.K - Title
1 || 2015918 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - Generic - c99shell based header
1 || 2015919 || 3 || attempted-user || 0 || ET WEB_SERVER WebShell - Generic - c99shell based header w/colons
1 || 2015920 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - Generic - c99shell based POST structure w/multipart
1 || 2015921 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Spam Campaign JPG CnC Link || url,blog.fireeye.com/research/2012/11/more-phish.html
1 || 2015922 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Glazunov Java exploit request /9-10-/4-5-digit
1 || 2015923 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Glazunov Java payload request /5-digit
1 || 2015924 || 2 || web-application-activity || 0 || ET WEB_SERVER WebShell - PHP eMailer
1 || 2015925 || 2 || web-application-activity || 0 || ET WEB_SERVER WebShell - Unknown - self-kill
1 || 2015926 || 2 || web-application-activity || 0 || ET WEB_SERVER WebShell - Unknown - .php?x=img&img=
1 || 2015927 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit /h***.htm(l) Landing Page - Set
1 || 2015928 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit Exploit Kit Java Request to Recent jar (1)
1 || 2015929 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit Exploit Kit Java Request to Recent jar (2)
1 || 2015930 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit Exploit Kit Vulnerable Java Payload Request URI (1)
1 || 2015931 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit Exploit Kit vulnerable Java Payload Request to URI (2)
1 || 2015932 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 2 Landing Page (7)
1 || 2015933 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole/Cool txt URI Struct
1 || 2015936 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear Exploit Kit HTTP Off-port Landing Page Request
1 || 2015937 || 7 || misc-activity || 0 || ET WEB_SERVER WebShell - PostMan
1 || 2015938 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Banking PHISH - Login.php?LOB=RBG
1 || 2015939 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack Exploit Kit .blogsite. Landing Page
1 || 2015940 || 2 || attempted-recon || 0 || ET SCAN SFTP/FTP Password Exposure via sftp-config.json || url,blog.sucuri.net/2012/11/psa-sftpftp-password-exposure-via-sftp-config-json.html
1 || 2015941 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Java Exploit - Recent Jar (1)
1 || 2015942 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Java Exploit - Recent Jar (2)
1 || 2015943 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Crimeboss - Java Exploit - Recent Jar (3)
1 || 2015944 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Stats Access
1 || 2015945 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Stats Java On
1 || 2015946 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Setup
1 || 2015947 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Piwik Backdoor Access || url,blog.sucuri.net/2012/11/piwik-org-webserver-hacked-and-backdoor-added-to-piwik.html
1 || 2015948 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Piwik Backdoor Access 2 || url,blog.sucuri.net/2012/11/piwik-org-webserver-hacked-and-backdoor-added-to-piwik.html
1 || 2015949 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Propack Recent Jar (1)
1 || 2015950 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Propack Payload Request
1 || 2015951 || 17 || trojan-activity || 0 || ET CURRENT_EVENTS SibHost Jar Request
1 || 2015952 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS PHISH Generic -SSN - ssn1 ssn2 ssn3
1 || 2015953 || 4 || web-application-attack || 0 || ET WEB_SERVER PIWIK Backdored Version calls home || url,piwik.org/blog/2012/11/security-report-piwik-org-webserver-hacked-for-a-few-hours-on-2012-nov-26th/ || url,forum.piwik.org/read.php?2,97666
1 || 2015954 || 2 || trojan-activity || 0 || ET INFO PDF /FlateDecode and PDF version 1.0
1 || 2015955 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS PDF /FlateDecode and PDF version 1.1 (seen in pamdql EK)
1 || 2015956 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Serenity Exploit Kit Landing Page HTML Header
1 || 2015957 || 7 || trojan-activity || 0 || ET TROJAN Lyposit Ransomware Checkin 1
1 || 2015958 || 3 || trojan-activity || 0 || ET TROJAN Lyposit Ransomware Checkin 2
1 || 2015959 || 2 || attempted-admin || 0 || ET SNMP Samsung Printer SNMP Hardcode RW Community String || url,www.l8security.com/post/36715280176/vu-281284-samsung-printer-snmp-backdoor
1 || 2015960 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack Jar Request
1 || 2015961 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack PDF Request
1 || 2015962 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack Payload Request
1 || 2015963 || 3 || bad-unknown || 0 || ET INFO PHISH Generic - Bank and Routing
1 || 2015964 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Landing URL
1 || 2015965 || 4 || misc-activity || 0 || ET INFO EXE SCardForgetReaderGroupA (Used in Malware Anti-Debugging) || url,www.trusteer.com/blog/evading-malware-researchers-shylock%E2%80%99s-new-trick
1 || 2015968 || 8 || trojan-activity || 0 || ET TROJAN WORM_VOBFUS Checkin 1 || md5,f127ed76dc5e48f69a1070f314488ce2 || url,blog.trendmicro.com/trendlabs-security-intelligence/watch-out-for-worm_vobfus/
1 || 2015969 || 11 || trojan-activity || 0 || ET TROJAN WORM_VOBFUS Requesting exe || md5,f127ed76dc5e48f69a1070f314488ce2 || url,blog.trendmicro.com/trendlabs-security-intelligence/watch-out-for-worm_vobfus/
1 || 2015970 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS Zuponcic EK Payload Request
1 || 2015971 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Zuponcic EK Java Exploit Jar
1 || 2015972 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS PHISH PayPal - Account Phished
1 || 2015973 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS PHISH Gateway POST to gateway-p
1 || 2015974 || 14 || trojan-activity || 0 || ET CURRENT_EVENTS Sibhost Status Check
1 || 2015975 || 5 || attempted-user || 0 || ET EXPLOIT MySQL Stack based buffer overrun Exploit Specific || url,seclists.org/fulldisclosure/2012/Dec/4
1 || 2015976 || 2 || trojan-activity || 0 || ET TROJAN WORM_VOBFUS Checkin Generic || md5,f127ed76dc5e48f69a1070f314488ce2 || url,blog.trendmicro.com/trendlabs-security-intelligence/watch-out-for-worm_vobfus/ || url,blog.dynamoo.com/2012/11/vobfus-sites-to-block.html
1 || 2015977 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS probable malicious Glazunov Javascript injection
1 || 2015978 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Dec 03 2012
1 || 2015979 || 1 || bad-unknown || 0 || ET CURRENT_EVENTS CritXPack - Landing Page
1 || 2015980 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS PHISH Google - Account Phished
1 || 2015981 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Zuponcic Hostile Jar
1 || 2015982 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Zuponcic Hostile JavaScript
1 || 2015983 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS PHISH Bank - York - Creds Phished
1 || 2015984 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS Joomla Component SQLi Attempt
1 || 2015985 || 4 || trojan-activity || 0 || ET TROJAN Win32/Kuluoz.B Request || md5,0282bc929bae27ef95733cfa390b10e0
1 || 2015986 || 5 || protocol-command-decode || 0 || ET SCAN MYSQL MySQL Remote FAST Account Password Cracking || url,www.securityfocus.com/archive/1/524927/30/0/threaded
1 || 2015987 || 2 || attempted-user || 0 || ET EXPLOIT MySQL Heap based buffer overrun Exploit Specific || url,archives.neohapsis.com/archives/fulldisclosure/2012-12/0006.html
1 || 2015988 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS CrimeBoss - Stats Load Fail
1 || 2015989 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS RedKit - Potential Java Exploit Requested - 3 digit jar
1 || 2015990 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS RedKit - Potential Payload Requested - /2Digit.html
1 || 2015991 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Robopak - Landing Page Received
1 || 2015992 || 6 || attempted-user || 0 || ET EXPLOIT MySQL (Linux) Database Privilege Elevation (Exploit Specific) || cve,2012-5613 || url,seclists.org/fulldisclosure/2012/Dec/6
1 || 2015993 || 2 || protocol-command-decode || 0 || ET ATTACK_RESPONSE MySQL User Account Enumeration || url,seclists.org/fulldisclosure/2012/Dec/att-9/
1 || 2015994 || 2 || misc-activity || 0 || ET INFO MySQL Database Query Version OS compile
1 || 2015995 || 4 || attempted-user || 0 || ET EXPLOIT MySQL Server for Windows Remote SYSTEM Level Exploit (Stuxnet Techique DUMP INTO executable) || url,seclists.org/fulldisclosure/2012/Dec/att-13/
1 || 2015996 || 2 || attempted-user || 0 || ET EXPLOIT MySQL Server for Windows Remote SYSTEM Level Exploit (Stuxnet Techique) || url,seclists.org/fulldisclosure/2012/Dec/att-13/
1 || 2015997 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Google Chrome Update/Install || url,www.barracudanetworks.com/blogs/labsblog?bid=3108 || url,www.bluecoat.com/security-blog/2012-12-05/blackhole-kit-doesnt-chrome
1 || 2015998 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack Landing Pattern
1 || 2015999 || 2 || trojan-activity || 0 || ET TROJAN W32/Quarian HTTP Proxy Header || url,vrt-blog.snort.org/2012/12/quarian.html
1 || 2016000 || 2 || trojan-activity || 0 || ET TROJAN Win32/Necurs || md5,871ecf11ddd7ffe294cab82bcaf9c310 || url,blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx
1 || 2016001 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS PDF /XFA and PDF-1.[0-4] Spec Violation (seen in pamdql and other EKs)
1 || 2016002 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ViArt Shop Evaluation admin_header.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/116871/ViArt-Shop-Evaluation-4.1-Remote-File-Inclusion.html
1 || 2016003 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ViArt Shop Evaluation ajax_list_tree.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/116871/ViArt-Shop-Evaluation-4.1-Remote-File-Inclusion.html
1 || 2016004 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS ViArt Shop Evaluation previews_functions.php Remote File Inclusion Attempt || url,packetstormsecurity.org/files/116871/ViArt-Shop-Evaluation-4.1-Remote-File-Inclusion.html
1 || 2016005 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Achievo atknodetype parameter Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/117822/Achievo-1.4.5-XSS-LFI-SQL-Injection.html
1 || 2016006 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PRADO PHP Framework functional_tests.php Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/118348/PRADO-PHP-Framework-3.2.0-File-Read.html
1 || 2016007 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS PRADO PHP Framework functional.php Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/118348/PRADO-PHP-Framework-3.2.0-File-Read.html
1 || 2016008 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Inventory consulta_fact.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/117683/Inventory-1.0-Cross-Site-Scripting.html
1 || 2016009 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Inventory newinventario.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/117683/Inventory-1.0-Cross-Site-Scripting.html
1 || 2016010 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Inventory newtransact.php Cross Site Scripting Attempt || url,packetstormsecurity.org/files/117683/Inventory-1.0-Cross-Site-Scripting.html
1 || 2016011 || 4 || trojan-activity || 0 || ET TROJAN SmokeBot grab data plaintext
1 || 2016012 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack PDF Request (2)
1 || 2016013 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack Jar Request (2)
1 || 2016014 || 2 || trojan-activity || 0 || ET TROJAN Win32/Trojan.Agent.AXMO CnC Beacon || url,contagiodump.blogspot.co.uk/2012/12/osxdockstera-and-win32trojanagentaxmo.html
1 || 2016015 || 3 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Nagios XI Network Monitor - OS Command Injection || url,exchange.nagios.org/directory/Addons/Components/Graph-Explorer-Component/details
1 || 2016016 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Amplification Attack Inbound
1 || 2016017 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Amplification Attack Outbound
1 || 2016018 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Embedded Open Type Font file .eot seeing at Cool Exploit Kit || cve,2011-3402
1 || 2016019 || 5 || trojan-activity || 0 || ET TROJAN Win32.boCheMan-A/Dexter || md5,ccc99c9f07e7be0f408ef3a68a9da298
1 || 2016020 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS FakeScan - Landing Page - Title - Microsoft Antivirus 2013
1 || 2016021 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS FakeScan - Payload Download Received
1 || 2016022 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING FlashPost - Redirection IFRAME
1 || 2016023 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS MALVERTISING FlashPost - POST to *.stats
1 || 2016024 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole - TDS Redirection To Exploit Kit - Loading
1 || 2016025 || 3 || bad-unknown || 0 || ET DELETED Blackhole - TDS Redirection To Exploit Kit - /head/head1.html
1 || 2016026 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS NuclearPack - Landing Page Received - applet and 32HexChar.jar
1 || 2016027 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS g01pack - Landing Page Received - applet and 32AlphaNum.jar
1 || 2016028 || 2 || bad-unknown || 0 || ET EXPLOIT Metasploit -Java Atomic Exploit Downloaded
1 || 2016029 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Kelihos.K Executable Download DGA
1 || 2016030 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS LOIC POST
1 || 2016031 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS LOIC GET
1 || 2016032 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS JCE Joomla Scanner
1 || 2016033 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Simple Slowloris Flooder || url,www.imperva.com/docs/HII_Denial_of_Service_Attacks-Trends_Techniques_and_Technologies.pdf
1 || 2016034 || 3 || trojan-activity || 0 || ET TROJAN Faked Russian Opera UA without Accept - probable downloader
1 || 2016035 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible SibHost PDF Request
1 || 2016036 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simplemachines view parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/117618/SMF-2.0.2-Cross-Site-Scripting.html
1 || 2016037 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress FSML Plugin fsml-admin.js.php Remote File Inclusion Attempt || url,secunia.com/advisories/51346
1 || 2016038 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress FSML Plugin fsml-hideshow.js.php Remote File Inclusion Attempt || url,secunia.com/advisories/51346
1 || 2016039 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Havalite userId parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/118714/Havalite-1.1.7-Cross-Site-Scripting-Shell-Upload.html
1 || 2016040 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SimpleInvoices having parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/118737/SimpleInvoices-2011.1-Cross-Site-Scripting.html
1 || 2016041 || 3 || attempted-user || 0 || ET ACTIVEX Possible NVIDIA Install Application ActiveX Control AddPackages Unicode Buffer Overflow || url,packetstormsecurity.org/files/118648/NVIDIA-Install-Application-2.1002.85.551-Buffer-Overflow.html
1 || 2016042 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Manhali download.php Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/116724/Manhali-1.8-Local-File-Inclusion.html
1 || 2016043 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RIPS code.php Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/111164/RIPS-0.53-Local-File-Inclusion.html
1 || 2016044 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS RIPS function.php Local File Inclusion Vulnerability || url,packetstormsecurity.org/files/111164/RIPS-0.53-Local-File-Inclusion.html
1 || 2016045 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Admidio headline parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/116155/Admidio-2.3.5-Cross-Site-Scripting-SQL-Injection.html
1 || 2016046 || 6 || trojan-activity || 0 || ET DELETED SofosFO/NeoSploit possible second stage landing page (2)
1 || 2016047 || 2 || trojan-activity || 0 || ET TROJAN W32/Prinimalka Get Task CnC Beacon || url,ddos.arbornetworks.com/2012/10/trojan-prinimalka-bits-and-pieces/
1 || 2016048 || 2 || trojan-activity || 0 || ET TROJAN W32/Prinimalka Configuration Update Request || url,ddos.arbornetworks.com/2012/10/trojan-prinimalka-bits-and-pieces/
1 || 2016049 || 2 || trojan-activity || 0 || ET TROJAN W32/Prinimalka Prinimalka.py Script In CnC Beacon || url,ddos.arbornetworks.com/2012/10/trojan-prinimalka-bits-and-pieces/
1 || 2016050 || 3 || trojan-activity || 0 || ET TROJAN W32.Daws/Sanny CnC Initial Beacon || url,blog.fireeye.com/research/2012/12/to-russia-with-apt.html || url,contagiodump.blogspot.co.uk/2012/12/end-of-year-presents-continue.html
1 || 2016051 || 5 || trojan-activity || 0 || ET TROJAN W32.Daws/Sanny CnC POST || url,blog.fireeye.com/research/2012/12/to-russia-with-apt.html || url,contagiodump.blogspot.co.uk/2012/12/end-of-year-presents-continue.html
1 || 2016052 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_gmf EK - Payload Download Requested
1 || 2016053 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_gmf EK - Payload Download Received
1 || 2016054 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_gmf EK - Server Response - Application Error
1 || 2016055 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_gmf EK - pdfx.html
1 || 2016056 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_gmf EK - flsh.html
1 || 2016057 || 8 || trojan-activity || 0 || ET DELETED CoolEK Font File Download Dec 18 2012
1 || 2016058 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - New PDF Exploit - Dec 18 2012
1 || 2016059 || 13 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - Old PDF Exploit - Dec 18 2012
1 || 2016060 || 18 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - Jar - Jun 05 2013
1 || 2016061 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible WordpressPingbackPortScanner detected  || url,seclists.org/bugtraq/2012/Dec/101 || url,github.com/FireFart/WordpressPingbackPortScanner/ || url,www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/
1 || 2016062 || 2 || trojan-activity || 0 || ET TROJAN Linux/Chapro.A Malicious Apache Module CnC Beacon || url,blog.eset.com/2012/12/18/malicious-apache-module-used-for-content-injection-linuxchapro-a
1 || 2016063 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS PHISH PayPal - Account Phished
1 || 2016064 || 5 || attempted-user || 0 || ET DELETED Popads Exploit Kit font request 32hex digit .eot
1 || 2016065 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Embedded Open Type Font file .eot || cve,2011-3402
1 || 2016066 || 3 || trojan-activity || 0 || ET DELETED CoolEK - Landing Page (2)
1 || 2016067 || 3 || trojan-activity || 0 || ET POLICY Possible BitCoin Miner User-Agent (miner) || url,abcpool.co/mining-software-comparison.php
1 || 2016068 || 3 || trojan-activity || 0 || ET POLICY poclbm BitCoin miner || url,abcpool.co/mining-software-comparison.php
1 || 2016069 || 3 || bad-unknown || 0 || ET MALWARE suspicious User-Agent (vb   wininet)
1 || 2016070 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS SofosFO obfuscator string 19 Dec 12 - possible landing
1 || 2016071 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO 20 Dec 12 - .jar file request
1 || 2016072 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO 20 Dec 12 - .pdf file request
1 || 2016073 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO - possible second stage landing page
1 || 2016074 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Skill.gk User-Agent
1 || 2016075 || 3 || trojan-activity || 0 || ET DELETED FakeAV Checkin || md5,527e115876d0892c9a0ddfc96e852a16
1 || 2016076 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Video Lead Form plugin errMsg parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/118466/WordPress-Video-Lead-Form-0.5-Cross-Site-Scripting.html
1 || 2016077 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Amateur Photographer Image Gallery albumid parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/117463/Amateur-Photographers-Image-Gallery-0.9a-XSS-SQL-Injection.html
1 || 2016078 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Amateur Photographer Image Gallery file parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/117463/Amateur-Photographers-Image-Gallery-0.9a-XSS-SQL-Injection.html
1 || 2016079 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS simple machines forum include parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/116709/SMF-2.0.2-Local-File-Inclusion.html
1 || 2016080 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Cloudsafe365 file parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/115972/WordPress-Cloudsafe365-Local-File-Inclusion.html
1 || 2016081 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Zenphoto date parameter Cross Site Scripting Attempt || url,packetstormsecurity.org/files/117067/Zenphoto-1.4.3.2-Cross-Site-Scripting.html
1 || 2016082 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Token Manager Plugin tokenmanageredit page XSS Attempt || url,packetstormsecurity.org/files/116837/Wordpress-Plugin-Token-Manager-Cross-Site-Scripting.html
1 || 2016083 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Token Manager Plugin tokenmanagertypeedit page XSS Attempt || url,packetstormsecurity.org/files/116837/Wordpress-Plugin-Token-Manager-Cross-Site-Scripting.html
1 || 2016084 || 3 || attempted-user || 0 || ET ACTIVEX Possible HP ALM XGO.ocx ActiveX Control SetShapeNodeType method Remote Code Execution || url,packetstormsecurity.org/files/116848/HP-ALM-Remote-Code-Execution.html
1 || 2016085 || 3 || attempted-user || 0 || ET ACTIVEX Possible Cyme ChartFX client server ActiveX Control ShowPropertiesDialog arbitrary code execution || url,packetstormsecurity.org/files/117137/Cyme-ChartFX-Client-Server-Array-Indexing.html
1 || 2016086 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SonicWALL SonicOS searchStr XML Tag Script Insertion Attempt || url,securelist.com/en/advisories/51615 || url,seclists.org/bugtraq/2012/Dec/110
1 || 2016087 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS TROJAN Unk_Banker - Check In
1 || 2016088 || 2 || trojan-activity || 0 || ET TROJAN SmokeLoader - Init 0x
1 || 2016089 || 4 || trojan-activity || 0 || ET TROJAN FakeAV checkin || md5,dd4d18c07e93c34d082dab57a38f1b86 || md5,5a864ccfeee9c0c893cfdc35dd8820a6
1 || 2016090 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Hostile Gate landing seen with pamdql/Sweet Orange /in.php?q=
1 || 2016091 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Hostile Gate landing seen with pamdql/Sweet Orange base64
1 || 2016092 || 3 || trojan-activity || 0 || ET DELETED pamdql/Sweet Orange delivering hostile XOR trojan payload from robots.php
1 || 2016093 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS pamdql/Sweet Orange delivering exploit kit payload
1 || 2016094 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Updtkiller Sending Device Information || url,www.symantec.com/ja/jp/security_response/writeup.jsp?docid=2012-082308-1823-99&tabid=2
1 || 2016095 || 2 || trojan-activity || 0 || ET TROJAN W32/Dexter Infostealer CnC POST || url,contagiodump.blogspot.co.uk/2012/12/dexter-pos-infostealer-samples-and.html
1 || 2016096 || 4 || trojan-activity || 0 || ET DELETED W32/Stabuniq CnC POST || url,contagiodump.blogspot.co.uk/2012/12/dec-2012-trojanstabuniq-samples.html || url,www.symantec.com/connect/blogs/trojanstabuniq-found-financial-institution-servers
1 || 2016097 || 4 || trojan-activity || 0 || ET TROJAN Unknown - Loader - Check .exe Updated
1 || 2016098 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Drupal Mass Injection Campaign Inbound
1 || 2016099 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Drupal Mass Injection Campaign Outbound
1 || 2016100 || 2 || trojan-activity || 0 || ET WEB_SPECIFIC_APPS Request to Wordpress W3TC Plug-in dbcache Directory || url,seclists.org/fulldisclosure/2012/Dec/242
1 || 2016101 || 2 || trojan-activity || 0 || ET TROJAN DNS Reply Sinkhole - Microsoft - 131.253.18.0/24
1 || 2016102 || 2 || trojan-activity || 0 || ET TROJAN DNS Reply Sinkhole - Microsoft - 199.2.137.0/24
1 || 2016103 || 2 || trojan-activity || 0 || ET TROJAN DNS Reply Sinkhole - Microsoft - 207.46.90.0/24
1 || 2016104 || 3 || trojan-activity || 0 || ET TROJAN DNS Reply for unallocated address space - Potentially Malicious 1.1.1.0/24
1 || 2016105 || 3 || trojan-activity || 0 || ET DELETED DNS Reply Sinkhole - zeus.redheberg.com - 95.130.14.32
1 || 2016106 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Landing Page
1 || 2016107 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Topic EK Requesting Jar
1 || 2016108 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Topic EK Requesting PDF
1 || 2016109 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress WP-Property Plugin uploadify.php Arbitrary File Upload Vulnerability || url,www.securityfocus.com/bid/53787/info || url,downloads.securityfocus.com/vulnerabilities/exploits/53787.php
1 || 2016110 || 3 || trojan-activity || 0 || ET TROJAN FakeAV Download antivirus-installer.exe
1 || 2016111 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Java payload request (1)
1 || 2016112 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Java obfuscated binary (1)
1 || 2016113 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit encrypted binary (1)
1 || 2016114 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gpEasy CMS section parameter XSS Attempt || url,1337day.com/exploit/19949
1 || 2016115 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gpEasy CMS index.php file XSS Attempt || url,1337day.com/exploit/19949
1 || 2016116 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS gpEasy CMS key parameter XSS Attempt || url,1337day.com/exploit/19949
1 || 2016117 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Mailing List plugin wpabspath parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/105236/WordPress-Mailing-List-1.3.2-Remote-File-Inclusion.html
1 || 2016118 || 3 || attempted-user || 0 || ET ACTIVEX Possible Advantech Studio ISSymbol ActiveX Control Multiple Buffer Overflow Attempt || url,securityfocus.com/bid/47596
1 || 2016119 || 3 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Symantec Messaging Gateway 9.5.3-3 - Arbitrary file download 2 || url,www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
1 || 2016120 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wiki Web Help configpath parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/116202/Wiki-Web-Help-0.3.11-Remote-File-Inclusion.html
1 || 2016121 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Relocate Upload plugin abspath parameter Remote File Inclusion Attempt || url,packetstormsecurity.org/files/105239/WordPress-Relocate-Upload-0.14-Remote-File-Inclusion.html
1 || 2016122 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS LogAnalyzer asktheoracle.php file XSS Attempt || url,packetstormsecurity.org/files/119015/Loganalyzer-3.6.0-Cross-Site-Scripting.html
1 || 2016123 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Myflash path parameter Local File Inclusion Attempt || url,packetstormsecurity.org/files/118400/WordPress-Myflash-Local-File-Inclusion.html
1 || 2016124 || 2 || trojan-activity || 0 || ET TROJAN W32/Downloader.FakeFlashPlayer Clientregister.php CnC Beacon
1 || 2016125 || 2 || trojan-activity || 0 || ET TROJAN W32/Downloader.FakeFlashPlayer Status.Php CnC Beacon
1 || 2016126 || 2 || trojan-activity || 0 || ET TROJAN W32/Downloader.FakeFlashPlayer Bitensiteler CnC Beacon
1 || 2016127 || 2 || trojan-activity || 0 || ET TROJAN W32/Downloader.FakeFlashPlayer Kelimeid CnC Beacon
1 || 2016128 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit - Landing Page
1 || 2016129 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_gmf/Styx EK - fnts.html 
1 || 2016130 || 3 || trojan-activity || 0 || ET TROJAN Stabuniq Checkin || url,www.symantec.com/connect/blogs/trojanstabuniq-found-financial-institution-servers || url,www.symantec.com/security_response/writeup.jsp?docid=2012-121809-2437-99&tabid=2 || url,contagiodump.blogspot.com/2012/12/dec-2012-trojanstabuniq-samples.html
1 || 2016131 || 3 || trojan-activity || 0 || ET DELETED Stabuniq Observed C&C POST Target /rss.php || url,www.symantec.com/connect/blogs/trojanstabuniq-found-financial-institution-servers || url,www.symantec.com/security_response/writeup.jsp?docid=2012-121809-2437-99&tabid=2 || url,contagiodump.blogspot.com/2012/12/dec-2012-trojanstabuniq-samples.html
1 || 2016132 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Escaped Unicode Char in Window Location CVE-2012-4792 EIP || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/
1 || 2016133 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Escaped Unicode Char in Location CVE-2012-4792 EIP (Exploit Specific replace) || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/
1 || 2016134 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Escaped Unicode Char in Location CVE-2012-4792 EIP % Hex Encode || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/
1 || 2016135 || 2 || attempted-user || 0 || ET CURRENT_EVENTS CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/
1 || 2016136 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Metasploit CVE-2012-4792 EIP in URI IE 8 || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/
1 || 2016137 || 2 || attempted-user || 0 || ET CURRENT_EVENTS CVE-2012-4792 EIP in URI (1) || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/
1 || 2016138 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Possible Exodus Intel IE HTML+TIME EIP Control Technique || cve,2012-4792 || url,blog.exodusintel.com/2013/01/02/happy-new-year-analysis-of-cve-2012-4792/
1 || 2016139 || 3 || trojan-activity || 0 || ET TROJAN TR/Spy.55808.201
1 || 2016140 || 5 || trojan-activity || 0 || ET DELETED Suspicious User Agent (iexplorer)
1 || 2016141 || 3 || trojan-activity || 0 || ET INFO Exectuable Download from dotted-quad Host
1 || 2016142 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Java payload request (2)
1 || 2016143 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Java obfuscated binary (2)
1 || 2016144 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Injected iframe leading to Redkit Jan 02 2013
1 || 2016145 || 2 || protocol-command-decode || 0 || ET INFO PTUNNEL OUTBOUND || url,github.com/madeye/ptunnel || url,cs.uit.no/~daniels/PingTunnel/#protocol
1 || 2016146 || 3 || protocol-command-decode || 0 || ET INFO PTUNNEL INBOUND || url,github.com/madeye/ptunnel || url,cs.uit.no/~daniels/PingTunnel/#protocol
1 || 2016147 || 2 || trojan-activity || 0 || ET TROJAN Request for fake postal receipt from e-mail link
1 || 2016148 || 2 || attempted-user || 0 || ET WEB_SPECIFIC_APPS WordPress Plugin Advanced Custom Fields Remote File Inclusion
1 || 2016151 || 3 || attempted-user || 0 || ET WEB_SERVER WebShell - JSP RAT
1 || 2016152 || 4 || attempted-user || 0 || ET WEB_SERVER WebShell - JSP File Admin
1 || 2016153 || 3 || attempted-user || 0 || ET WEB_SERVER WebShell - JSP File Admin - POST Structure - dir
1 || 2016154 || 1 || policy-violation || 0 || ET CURRENT_EVENTS Possible TURKTRUST Spoofed Google Cert
1 || 2016155 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) - Font Exploit - 32HexChar.eot
1 || 2016156 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mahara query Parameter Cross Site Scripting Attempt || url,securityfocus.com/bid/56718
1 || 2016157 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WHM filtername Parameter Cross Site Scripting Attempt || url,securityfocus.com/bid/57061
1 || 2016158 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Google Doc Embedder plugin file parameter Local File Inclusion Attempt || url,secunia.com/advisories/50832
1 || 2016159 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Simple Machines Forum ssi_function parameter path disclosure vulnerability || url,packetstormsecurity.com/files/119240/Simple-Machines-Forum-2.0.3-Path-Disclosure.html
1 || 2016160 || 3 || attempted-user || 0 || ET ACTIVEX Possible Sony PC Companion Load method Stack-based Unicode Buffer Overload SEH || url,packetstormsecurity.com/files/119022/Sony-PC-Companion-2.1-Load-Unicode-Buffer-Overflow.html
1 || 2016161 || 3 || attempted-user || 0 || ET ACTIVEX Possible Sony PC Companion CheckCompatibility method Stack-based Unicode Buffer Overload || url,packetstormsecurity.com/files/119023/Sony-PC-Companion-2.1-CheckCompatibility-Unicode-Buffer-Overflow.html
1 || 2016162 || 3 || attempted-user || 0 || ET ACTIVEX Possible Sony PC Companion Admin_RemoveDirectory Stack-based Unicode Buffer Overload SEH || url,packetstormsecurity.com/files/119024/Sony-PC-Companion-2.1-Admin_RemoveDirectory-Unicode-Buffer-Overflow.html
1 || 2016163 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SiteGo get_templet.php of green Remote File Inclusion Attempt || url,packetstormsecurity.com/files/116412/SiteGo-Remote-File-Inclusion.html
1 || 2016164 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SiteGo get_templet.php of blue Remote File Inclusion Attempt || url,packetstormsecurity.com/files/116412/SiteGo-Remote-File-Inclusion.html
1 || 2016165 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS cPanel dir Parameter Cross Site Scripting Attempt || url,securityfocus.com/bid/57064
1 || 2016166 || 6 || attempted-user || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit PluginDetect FromCharCode Jan 04 2013
1 || 2016167 || 3 || trojan-activity || 0 || ET TROJAN Poison Ivy.2013Jan04 victim beacon || md5,62f20326e0f08c0786df6886f0427ea7
1 || 2016168 || 4 || trojan-activity || 0 || ET TROJAN Poison Ivy.2013Jan04 server response || md5,62f20326e0f08c0786df6886f0427ea7
1 || 2016169 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS Possible CrimeBoss Generic URL Structure
1 || 2016170 || 2 || attempted-user || 0 || ET CURRENT_EVENTS CVE-2012-4792 EIP in URI (2) || cve,2012-4792 || url,github.com/rapid7/metasploit-framework/commit/6cb9106218bde56fc5e8d72c66fbba9f11c24449 || url,eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/
1 || 2016171 || 2 || trojan-activity || 0 || ET TROJAN ProxyBox - HTTP CnC - proxy_info.php
1 || 2016172 || 8 || bad-unknown || 0 || ET TROJAN Generic -POST To file.php w/Extended ASCII Characters
1 || 2016173 || 8 || bad-unknown || 0 || ET TROJAN Generic -POST To gate.php w/Extended ASCII Characters
1 || 2016174 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY RedKit - Landing Page
1 || 2016175 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Possible CVE-2013-0156 Ruby On Rails XML POST to Disallowed Type YAML || url,groups.google.com/forum/?hl=en&fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ
1 || 2016176 || 3 || web-application-activity || 0 || ET CURRENT_EVENTS Possible CVE-2013-0156 Ruby On Rails XML POST to Disallowed Type SYMBOL || url,groups.google.com/forum/?hl=en&fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ
1 || 2016177 || 2 || trojan-activity || 0 || ET TROJAN FakeAV security_scanner.exe
1 || 2016178 || 2 || misc-attack || 0 || ET SNMP missing community string attempt 1 || bugtraq,2112 || cve,1999-0517
1 || 2016179 || 2 || misc-attack || 0 || ET SNMP missing community string attempt 2 || bugtraq,2112 || cve,1999-0517
1 || 2016180 || 2 || misc-attack || 0 || ET SNMP missing community string attempt 3 || bugtraq,2112 || cve,1999-0517
1 || 2016181 || 2 || misc-attack || 0 || ET SNMP missing community string attempt 4 || bugtraq,2112 || cve,1999-0517
1 || 2016182 || 6 || web-application-attack || 0 || ET WEB_SERVER ColdFusion componentutils access || url,www.adobe.com/support/security/advisories/apsa13-01.html
1 || 2016183 || 4 || web-application-attack || 0 || ET WEB_SERVER ColdFusion adminapi access || url,www.adobe.com/support/security/advisories/apsa13-01.html
1 || 2016184 || 5 || web-application-attack || 0 || ET WEB_SERVER ColdFusion administrator access || url,www.adobe.com/support/security/advisories/apsa13-01.html
1 || 2016185 || 2 || trojan-activity || 0 || ET TROJAN Unknown Ransomware Checkin
1 || 2016186 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Tobfy.Ransomware CnC Request - status.php || url,blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
1 || 2016187 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Tobfy.Ransomware Invalid URI CnC Request -  || url,blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html
1 || 2016188 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Potential Zeus Binary Download - Specific PE Sections Structure || url,ioactive.com/pdfs/ZeusSpyEyeBankingTrojanAnalysis.pdf
1 || 2016189 || 2 || trojan-activity || 0 || ET TROJAN Midhos/Medfos downloader
1 || 2016190 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY SPL - Landing Page Received
1 || 2016191 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS CoolEK - Landing Page Received
1 || 2016192 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Unknown - Please wait...
1 || 2016193 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS DRIVEBY Unknown - Landing Page Requested - /?Digit
1 || 2016194 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress NextGEN Gallery plugin test-head parameter XSS Attempt || url,packetstormsecurity.com/files/119360/WordPress-NextGEN-Gallery-1.9.10-Cross-Site-Scripting.html
1 || 2016195 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Browser Rejector Plugin wppath Remote File Inclusion Attempt || url,secunia.com/advisories/51739/
1 || 2016196 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Dell OpenManage Server Administrator topic parameter XSS Attempt || url,kb.cert.org/vuls/id/950172
1 || 2016197 || 3 || attempted-user || 0 || ET ACTIVEX Possible Honeywell Tema Remote Installer ActiveX DownloadFromURL method Remote Code Execution || url,packetstormsecurity.com/files/119427/Honeywell-Tema-Remote-Installer-ActiveX-Remote-Code-Execution.html
1 || 2016198 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Free Blog Arbitrary File Deletion Attempt || url,packetstormsecurity.com/files/119385/Free-Blog-1.0-Shell-Upload-Arbitrary-File-Deletion.html
1 || 2016199 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Adiscon LogAnalyzer viewid Cross-Site Scripting Attempt || url,secunia.com/advisories/51816/
1 || 2016200 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TinyBrowser tinybrowser.php file Script Execution Attempt || url,securityfocus.com/bid/57230/
1 || 2016201 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TinyBrowser edit.php file Script Execution Attempt || url,securityfocus.com/bid/57230/
1 || 2016202 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS TinyBrowser upload.php file Script Execution Attempt || url,securityfocus.com/bid/57230/
1 || 2016203 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Gallery Plugin filename_1 Parameter Remote File Access Attempt || url,securityfocus.com/bid/57256/
1 || 2016204 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS Possible CVE-2013-0156 Ruby On Rails XML YAML tag with !ruby || url,groups.google.com/forum/?hl=en&fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ
1 || 2016205 || 3 || trojan-activity || 0 || ET TROJAN W32/Zemra.DDoS.Bot Variant CnC Beacon || url,thegoldenmessenger.blogspot.de/2012/09/2-disclosure-of-interesting-botnet-part-1.html || url,thegoldenmessenger.blogspot.de/2012/09/2-disclosure-of-interesting-botnet-part-2.html
1 || 2016206 || 3 || trojan-activity || 0 || ET TROJAN W32/Iyus.H Initial CnC Beacon || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Iyus-H/detailed-analysis.aspx
1 || 2016207 || 3 || trojan-activity || 0 || ET TROJAN W32/Iyus.H work_troy.php CnC Request || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Iyus-H/detailed-analysis.aspx
1 || 2016208 || 3 || trojan-activity || 0 || ET TROJAN W32/Downloader Secondary Download Request - W32/Hupigon.Backdoor Likely Secondary Payload || url,www.f-secure.com/v-descs/backdoor_w32_hupigon.shtml
1 || 2016209 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/CoolPaperLeak Sending Information To CnC || url,www.symantec.com/connect/blogs/androidcoolpaperleak-million-download-baby
1 || 2016210 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request || url,blogs.mcafee.com/mcafee-labs/red-kit-an-emerging-exploit-pack || cve,2010-0188
1 || 2016211 || 5 || trojan-activity || 0 || ET TROJAN W32/Karagany.Downloader CnC Beacon || url,malwaremustdie.blogspot.co.uk/2013/01/once-upon-time-with-cool-exploit-kit.html || url,www.fortiguard.com/latest/av/4057936 || md5,92899c20da4d9db5627af89998aadc58
1 || 2016212 || 3 || web-application-attack || 0 || ET CURRENT_EVENTS BroBot POST
1 || 2016213 || 3 || trojan-activity || 0 || ET DELETED Blackhole Exploit Kit encoded PluginDetect Jan 15 2013
1 || 2016214 || 3 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/nt/th || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation
1 || 2016215 || 3 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/nt/sk || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation
1 || 2016216 || 6 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/dllhost/ac || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation
1 || 2016217 || 3 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/ms/check || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation
1 || 2016218 || 3 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/ms/flush || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation
1 || 2016219 || 3 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/win/wcx || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation
1 || 2016220 || 3 || trojan-activity || 0 || ET TROJAN Red October/Win32.Digitalia Checkin cgi-bin/win/cab || url,www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation
1 || 2016221 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download
1 || 2016222 || 2 || web-application-attack || 0 || ET SCAN GET with HTML tag in start of URI seen with PHPMyAdmin scanning
1 || 2016223 || 8 || trojan-activity || 0 || ET TROJAN Andromeda Checkin || md5,50a538221e015d77cf4794ae78978ce2
1 || 2016224 || 3 || trojan-activity || 0 || ET TROJAN Possible Red October proxy CnC 1
1 || 2016225 || 2 || trojan-activity || 0 || ET TROJAN Possible Red October proxy CnC 2
1 || 2016226 || 2 || trojan-activity || 0 || ET TROJAN Possible Red October proxy CnC 3
1 || 2016227 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Metasploit CVE-2013-0422 Landing Page
1 || 2016228 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Metasploit CVE-2013-0422 Jar
1 || 2016229 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16/32-hex/a-z.php Jar Download
1 || 2016230 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Age Verification plugin redirect_to Parameter URI Redirection || url,securityfocus.com/bid/51357/
1 || 2016231 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Cartweaver 3 Local File Inclusion Attempt || url,packetstormsecurity.com/files/117370/Cartweaver-3-Local-File-Inclusion.html
1 || 2016232 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_bit controller parameter Local File Inclusion Attempt || url,packetstormsecurity.com/files/118943/Joomla-Bit-Local-File-Inclusion.html
1 || 2016233 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_ztautolink controller parameter Local File Inclusion Attempt || url,packetstormsecurity.com/files/118944/Joomla-ZtAutoLink-Local-File-Inclusion.html
1 || 2016234 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Mu Perspectives Cms id parameter Cross-Site Scripting Attempt || url,packetstormsecurity.com/files/116148/Mu-Perspectives-CMS-Cross-Site-Scripting.html
1 || 2016235 || 3 || attempted-user || 0 || ET ACTIVEX Possible KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability 2 || url,packetstormsecurity.com/files/117293/KeyHelp-ActiveX-LaunchTriPane-Remote-Code-Execution.html
1 || 2016236 || 3 || attempted-user || 0 || ET ACTIVEX Possible KeyHelp ActiveX LaunchTriPane Remote Code Execution Vulnerability || url,packetstormsecurity.com/files/117293/KeyHelp-ActiveX-LaunchTriPane-Remote-Code-Execution.html
1 || 2016237 || 3 || attempted-user || 0 || ET ACTIVEX Possible Samsung Kies ActiveX PrepareSync method Buffer overflow || url,packetstormsecurity.com/files/119423/Samsung-Kies-2.5.0.12114_1-Buffer-Overflow.html
1 || 2016238 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Incapsula component Security.php XSS Attempt || url,packetstormsecurity.com/files/119364/Joomla-Incapsula-1.4.6_b-Cross-Site-Scripting.html
1 || 2016239 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla Incapsula component Performance.php file XSS Attempt || url,packetstormsecurity.com/files/119364/Joomla-Incapsula-1.4.6_b-Cross-Site-Scripting.html
1 || 2016240 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Impact Exploit Kit Class Download
1 || 2016241 || 4 || trojan-activity || 0 || ET DELETED SofosFO - Landing Page
1 || 2016242 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Jan 21 2012
1 || 2016243 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Request for FakeAV Binary /two/data.exe Infection Campaign
1 || 2016244 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - Symlink_Sa
1 || 2016245 || 3 || bad-unknown || 0 || ET WEB_SERVER WebShell - Generic - c99shell based header
1 || 2016247 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS StyX Landing Page
1 || 2016248 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS StyX Landing Page
1 || 2016249 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS Redkit Class Request (1)
1 || 2016250 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS Redkit Class Request (2)
1 || 2016251 || 4 || trojan-activity || 0 || ET TROJAN Win32/Emold.C Checkin || url,www.threatexpert.com/report.aspx?md5=49205774f0ff7605c226828e080238f3 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FEmold.C
1 || 2016252 || 3 || trojan-activity || 0 || ET TROJAN Unknown POST of Windows PW Hashes to External Site
1 || 2016253 || 3 || trojan-activity || 0 || ET TROJAN Unknown POST of System Info
1 || 2016254 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Red Dot Exploit Kit Single Character JAR Request || url,malware.dontneedcoffee.com/
1 || 2016255 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Red Dot Exploit Kit Binary Payload Request || url,malware.dontneedcoffee.com/
1 || 2016256 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Gondad Exploit Kit Post Exploitation Request
1 || 2016257 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 1 || md5,56e0e87e64299f5bb91d2183bbff7cfa
1 || 2016258 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 2 || md5,56e0e87e64299f5bb91d2183bbff7cfa
1 || 2016259 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 3 || md5,56e0e87e64299f5bb91d2183bbff7cfa
1 || 2016260 || 4 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 4 || md5,56e0e87e64299f5bb91d2183bbff7cfa
1 || 2016261 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 5 || md5,56e0e87e64299f5bb91d2183bbff7cfa
1 || 2016262 || 4 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 6 || md5,56e0e87e64299f5bb91d2183bbff7cfa
1 || 2016263 || 4 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 7 || md5,56e0e87e64299f5bb91d2183bbff7cfa
1 || 2016264 || 4 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 8 || md5,56e0e87e64299f5bb91d2183bbff7cfa
1 || 2016265 || 4 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 9 || md5,56e0e87e64299f5bb91d2183bbff7cfa
1 || 2016266 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 10 || md5,56e0e87e64299f5bb91d2183bbff7cfa
1 || 2016267 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 11 || md5,56e0e87e64299f5bb91d2183bbff7cfa
1 || 2016268 || 3 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 12 || md5,56e0e87e64299f5bb91d2183bbff7cfa
1 || 2016270 || 2 || trojan-activity || 0 || ET TROJAN Poison Ivy Variant Jan 24 2013 || url,blog.avast.com/2013/01/22/reporters-without-borders-website-misused-in-wateringhole-attack/
1 || 2016271 || 2 || trojan-activity || 0 || ET TROJAN Poison Ivy Variant Jan 24 2013 || url,blog.avast.com/2013/01/22/reporters-without-borders-website-misused-in-wateringhole-attack/
1 || 2016272 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS TDS - in.php
1 || 2016273 || 2 || trojan-activity || 0 || ET TROJAN W32/Bilakip.A Downloader API Ping CnC Beacon || url,about-threats.trendmicro.com/Malware.aspx?id=50100&name=TROJ_DLOADR.BKM&language=au
1 || 2016274 || 2 || trojan-activity || 0 || ET TROJAN W32/Bilakip.A Downloader Viruslist Download For Populating FakeAV || url,about-threats.trendmicro.com/Malware.aspx?id=50100&name=TROJ_DLOADR.BKM&language=au
1 || 2016275 || 9 || trojan-activity || 0 || ET TROJAN Win32/Xtrat.A Checkin || url,threatexpert.com/report.aspx?md5=f45b1b82c849fbbea3374ae7e9200092
1 || 2016276 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS MetaSploit CVE-2012-1723 Class File (seen in live EKs)
1 || 2016277 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS MetaSploit CVE-2012-1723 Class File (seen in live EKs)
1 || 2016278 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - New PDF Exploit - Jan 24 2013
1 || 2016279 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (2)
1 || 2016280 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (3)
1 || 2016281 || 4 || trojan-activity || 0 || ET DELETED Win32/Kelihos.F Checkin 13 || md5,56e0e87e64299f5bb91d2183bbff7cfa
1 || 2016282 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openconstructor CMS result Parameter Cross Site Scripting Attempt || url,packetstormsecurity.com/files/115284/Openconstructor-CMS-3.12.0-Reflected-XSS.html
1 || 2016283 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Openconstructor CMS keyword Parameter Cross Site Scripting Attempt || url,packetstormsecurity.com/files/115284/Openconstructor-CMS-3.12.0-Reflected-XSS.html
1 || 2016284 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CubeCart loc parameter Local File Inclusion Attempt || url,packetstormsecurity.com/files/119082/CubeCart-4.4.6-Local-File-Inclusion.html
1 || 2016285 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS GetSimple CMS path parameter Local File Inclusion Attempt || url,packetstormsecurity.com/files/115302/GetSimple-CMS-3.1.2-Local-File-Inclusion-Path-Disclosure.html
1 || 2016286 || 3 || attempted-user || 0 || ET ACTIVEX Possible Aloaha PDF Crypter activex SaveToFile method arbitrary file overwrite || url,exploit-db.com/exploits/24319/
1 || 2016287 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Banana Dance name Parameter Local File Inclusion Attempt || url,packetstormsecurity.com/files/118964/Banana-Dance-B.2.6-Inclusion-Access-Control-SQL-Injection.html
1 || 2016288 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Joomla com_collector Component Arbitrary File Upload Vulnerability || url,exploit-db.com/exploits/24228/
1 || 2016289 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS web wiz forums ForumID Parameter Cross Site Scripting Attempt || url,packetstormsecurity.com/files/115886/Web-Wiz-Forums-10.03-Cross-Site-Scripting.html
1 || 2016290 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS web wiz forums ThreadPage Parameter Cross Site Scripting Attempt || url,packetstormsecurity.com/files/115886/Web-Wiz-Forums-10.03-Cross-Site-Scripting.html
1 || 2016291 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS phpMiniAdmin db Parameter Cross Site Scripting Attempt || url,cxsecurity.com/issue/WLB-2013010179
1 || 2016292 || 6 || trojan-activity || 0 || ET TROJAN Mashigoom/Tranwos/RevProxy ClickFraud - hello
1 || 2016293 || 2 || trojan-activity || 0 || ET TROJAN RevProxy - ClickFraud - MIDUIDEND
1 || 2016294 || 10 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Jenkins Script Console Usage (Can be Used to Spawn Shell)
1 || 2016295 || 7 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Jenkins Script Console Usage (Metasploit Windows CMD Shell)
1 || 2016296 || 7 || attempted-user || 0 || ET WEB_SPECIFIC_APPS Jenkins Script Console Usage (Metasploit Unix Shell)
1 || 2016297 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious iframe
1 || 2016298 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious iframe
1 || 2016299 || 10 || bad-unknown || 0 || ET CURRENT_EVENTS Redkit Class Request (3)
1 || 2016300 || 4 || trojan-activity || 0 || ET TROJAN Simda.C Checkin || md5,10642e1067aca9f04ca874c02aabda5c
1 || 2016302 || 5 || successful-recon-limited || 0 || ET INFO UPnP Discovery Search Response vulnerable UPnP device 1 || url,community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play || url,upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf || cve,2013-0229
1 || 2016303 || 4 || successful-recon-limited || 0 || ET INFO UPnP Discovery Search Response vulnerable UPnP device 2 || url,community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play || url,upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf || cve,2012-5958 || cve,2012-5959
1 || 2016304 || 2 || successful-recon-limited || 0 || ET INFO UPnP Discovery Search Response vulnerable UPnP device 3 || url,community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play || url,upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf || cve,2012-5958 || cve,2012-5959
1 || 2016305 || 6 || web-application-activity || 0 || ET CURRENT_EVENTS Ruby on Rails CVE-2013-0333 Attempt || url,gist.github.com/4660248
1 || 2016306 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS JDB Exploit Kit Landing URL structure
1 || 2016307 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS JDB Exploit Kit Landing Page
1 || 2016308 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible JDB Exploit Kit Class Request
1 || 2016309 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS JDB Exploit Kit JAR Download
1 || 2016310 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS JDB Exploit Kit Fake Adobe Download
1 || 2016311 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Non-Standard HTML page in Joomla /com_content/ dir (Observed in Recent Pharma Spam)
1 || 2016312 || 2 || trojan-activity || 0 || ET TROJAN W32/DownloaderAgent.fajk Successful Infection CnC Beacon || url,www.securelist.com/en/descriptions/15316120/Trojan.Win32.Agent.fajk
1 || 2016313 || 3 || trojan-activity || 0 || ET TROJAN W32/DownloaderAgent.fajk Second Stage Download List Requested || url,www.securelist.com/en/descriptions/15316120/Trojan.Win32.Agent.fajk
1 || 2016314 || 2 || trojan-activity || 0 || ET TROJAN Linux/SSHDoor.A Reporting Backdoor CnC Beacon || url,blog.eset.com/2013/01/24/linux-sshdoor-a-backdoored-ssh-daemon-that-steals-passwords
1 || 2016315 || 3 || trojan-activity || 0 || ET DELETED Linux/SSHDoor.A User Login CnC Beacon || url,blog.eset.com/2013/01/24/linux-sshdoor-a-backdoored-ssh-daemon-that-steals-passwords
1 || 2016316 || 3 || trojan-activity || 0 || ET TROJAN W32/StartPage.eba Dropper Checkin || url,www.securelist.com/en/descriptions/24621847/Trojan-Dropper.Win32.StartPage.eba
1 || 2016317 || 2 || trojan-activity || 0 || ET TROJAN Suspicious user-agent (f**king)
1 || 2016318 || 6 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Ksapp.A Checkin || md5,e6d9776113b29680aec73ac2d1445946 || md5,13e6ce4aac7e60b10bfde091c09b9d88 || url,anubis.iseclab.org/?action=result&task_id=16b7814b794cd728435e122ca2c2fcdd3 || url,www.fortiguard.com/latest/mobile/4158213 || url,symantec.com/connect/blogs/mdk-largest-mobile-botnet-china
1 || 2016319 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Impact Exploit Kit Landing Page
1 || 2016320 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Kit Java gif download
1 || 2016321 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible g01pack Jar download
1 || 2016322 || 1 || attempted-dos || 0 || ET DOS LibuPnP CVE-2012-5958 ST DeviceType Buffer Overflow || cve,CVE_2012-5958 || cve,CVE-2012-5962
1 || 2016323 || 1 || attempted-dos || 0 || ET DOS LibuPnP CVE-2012-5963 ST UDN Buffer Overflow || cve,CVE-2012-5963
1 || 2016324 || 1 || attempted-dos || 0 || ET DOS LibuPnP CVE-2012-5964 ST URN ServiceType Buffer Overflow || cve,CVE-2012-5964
1 || 2016325 || 1 || attempted-dos || 0 || ET DOS LibuPnP CVE-2012-5965 ST URN DeviceType Buffer Overflow || cve,CVE-2012-5965
1 || 2016326 || 1 || attempted-dos || 0 || ET DOS LibuPnP CVE-2012-5961 ST UDN Buffer Overflow || cve,CVE-2012-5961
1 || 2016327 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS PHISH Generic - POST to myform.php
1 || 2016328 || 1 || trojan-activity || 0 || ET TROJAN ZeuS Post to C&C footer.php
1 || 2016329 || 4 || trojan-activity || 0 || ET TROJAN W32/SecVerif.Downloader Initial Checkin || url,anubis.iseclab.org/?action=result&task_id=19f379c075627c7b44d0a0db154394f63
1 || 2016330 || 3 || trojan-activity || 0 || ET TROJAN W32/SecVerif.Downloader Second Stage Download Request || url,anubis.iseclab.org/?action=result&task_id=19f379c075627c7b44d0a0db154394f63
1 || 2016331 || 1 || trojan-activity || 0 || ET TROJAN W32/Jabberbot.A Trednet XMPP CnC Beacon || url,blog.eset.com/2013/01/30/walking-through-win32jabberbot-a-instant-messaging-cc
1 || 2016333 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible g01pack Landing Page
1 || 2016334 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSClass file Parameter Remote File Access Attempt || url,securityfocus.com/bid/51721/
1 || 2016335 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSClass id parameter data access Attempt 1 || url,securityfocus.com/bid/51721/
1 || 2016336 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS OSClass id parameter data access Attempt 2 || url,securityfocus.com/bid/51721/
1 || 2016337 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Chocolate WP Theme src Cross Site Scripting Attempt || url,securityfocus.com/bid/57541/
1 || 2016338 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress Chocolate WP Theme src Remote File Inclusion Attempt || url,securityfocus.com/bid/57541/
1 || 2016339 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMSQLITE id parameter Cross Site Scripting Attempt || url,securityfocus.com/bid/56132/
1 || 2016340 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS CMSQLITE mediaAdmin.php file Local File Inclusion Attempt || url,securityfocus.com/bid/56132/
1 || 2016341 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Blackhole Java applet with obfuscated URL Feb 04 2012
1 || 2016342 || 2 || trojan-activity || 0 || ET TROJAN W32/Beebus HTTP POST CnC Beacon || url,blog.fireeye.com/research/2013/02/operation-beebus.html
1 || 2016343 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE Android TrojanFakeLookout.A || url,blog.trustgo.com/fakelookout/ || md5,65baecf1fe1ec7b074a5255dc5014beb
1 || 2016344 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Fakelash.A!tr.spy Checkin || md5,7dec1c9174d0f688667f6c34c0fa66c2 || url,blog.fortiguard.com/android-malware-distributed-by-malicious-sms-in-france/
1 || 2016345 || 5 || trojan-activity || 0 || ET MOBILE_MALWARE DroidKungFu Variant
1 || 2016347 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS Styx Exploit Kit Secondary Landing
1 || 2016348 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS WhiteHole Exploit Landing Page
1 || 2016349 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS WhiteHole Exploit Kit Jar Request
1 || 2016350 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS WhiteHole Exploit Kit Payload Download
1 || 2016352 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit Jerk.cgi TDS || url,malwaremustdie.blogspot.co.uk/2013/02/the-infection-of-styx-exploit-kit.html
1 || 2016353 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With Getmyfile.exe Payload || url,malwaremustdie.blogspot.co.uk/2013/02/the-infection-of-styx-exploit-kit.html
1 || 2016354 || 3 || attempted-user || 0 || ET CURRENT_EVENTS WSO WebShell Activity POST structure 2
1 || 2016355 || 2 || trojan-activity || 0 || ET TROJAN W32/ServStart.Variant CnC Beacon
1 || 2016356 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack - Landing Page - Received
1 || 2016357 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack - URI - jpfoff.php
1 || 2016358 || 4 || trojan-activity || 0 || ET TROJAN W32/ZeroAccess Counter.img Checkin || url,malwaremustdie.blogspot.co.uk/2013/02/blackhole-of-closest-version-with.html
1 || 2016359 || 3 || trojan-activity || 0 || ET TROJAN Request for fake postal receipt from e-mail link
1 || 2016360 || 2 || misc-activity || 0 || ET INFO JAVA - ClassID
1 || 2016361 || 2 || misc-activity || 0 || ET INFO JAVA - ClassID
1 || 2016363 || 2 || attempted-dos || 0 || ET DOS Miniupnpd M-SEARCH Buffer Overflow CVE-2013-0229 || url,community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play || url,upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf || cve,CVE-2013-0229
1 || 2016365 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS CritXPack Jar Request (3)
1 || 2016366 || 3 || trojan-activity || 0 || ET TROJAN Umbra/Multibot Loader User-Agent (umbra) || url,malware.dontneedcoffee.com/2013/02/inside-multi-botnet-ver4-c-panel.html
1 || 2016367 || 3 || trojan-activity || 0 || ET TROJAN Umbra/MultiBot Plugin access || url,malware.dontneedcoffee.com/2013/02/inside-multi-botnet-ver4-c-panel.html
1 || 2016368 || 3 || trojan-activity || 0 || ET TROJAN Win32/Toby.N Multilocker Checkin || url,malware.dontneedcoffee.com/2013/02/inside-multi-botnet-ver4-c-panel.html
1 || 2016369 || 4 || trojan-activity || 0 || ET TROJAN Win32/Toby.N Multilocker Request || url,malware.dontneedcoffee.com/2013/02/inside-multi-botnet-ver4-c-panel.html
1 || 2016370 || 3 || trojan-activity || 0 || ET TROJAN Win32/Toby.N Multilocker Image Request || url,malware.dontneedcoffee.com/2013/02/inside-multi-botnet-ver4-c-panel.html
1 || 2016371 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Kit Java jpg download
1 || 2016373 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM EK - Landing Page
1 || 2016374 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM - Java Exploit - jaxws.jar
1 || 2016375 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM - Java Exploit - jre.jar
1 || 2016377 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM - Payload Download
1 || 2016378 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM EK - Java Exploit - fbyte.jar
1 || 2016379 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic - JAR Containing Windows Executable
1 || 2016380 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura Exploit Kit Encrypted Binary (1)
1 || 2016381 || 4 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress WP ecommerce Shop Styling Plugin dompdf RFI Attempt || url,secunia.com/advisories/51707/
1 || 2016382 || 3 || attempted-user || 0 || ET ACTIVEX Possible Ecava IntegraXor save method Remote ActiveX Buffer Overflow || url,1337day.org/exploit/15398
1 || 2016383 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Wordpress Audio Player Plugin playerID parameter XSS attempt in swf || url,packetstormsecurity.com/files/120129/WordPress-Audio-Player-SWF-Cross-Site-Scripting.html
1 || 2016384 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS WordPress CommentLuv Plugin _ajax_nonce Parameter XSS Attempt || url,securityfocus.com/bid/57771/
1 || 2016385 || 3 || trojan-activity || 0 || ET DELETED Android/DNightmare - Task Killer Checkin 1 || url,anubis.iseclab.org/index.php?action=result&task_id=4fdbf09e9bb20824658cfd45b63a309e
1 || 2016386 || 4 || trojan-activity || 0 || ET DELETED Android/DNightmare - Task Killer Checkin 2 || md5,745513a53af2befe3dc00d0341d80ca6
1 || 2016387 || 4 || trojan-activity || 0 || ET DELETED Android/DNightmare -Task Killer Checkin 3 || md5,745513a53af2befe3dc00d0341d80ca6
1 || 2016388 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SiteGo file parameter Local File Inclusion Attempt || url,securityfocus.com/bid/57845/
1 || 2016389 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS SiteGo OpenFolder parameter Local File Inclusion Attempt || url,securityfocus.com/bid/57845/
1 || 2016390 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Glossword gw_admin.php Cross Site Scripting Attempt || url,packetstormsecurity.com/files/120045/Glossword-1.8.12-XSS-CSRF-Shell-Upload-Database-Disclosure.html
1 || 2016391 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Adobe Flash Zero Day LadyBoyle Infection Campaign || md5,3de314089db35af9baaeefc598f09b23 || md5,2568615875525003688839cb8950aeae || url,blog.fireeye.com/research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html || url,www.adobe.com/go/apsb13-04 || cve,2013-0633 || cve,2013-0633
1 || 2016393 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Impact Exploit Kit Landing Page
1 || 2016394 || 5 || trojan-activity || 0 || ET WEB_CLIENT Adobe Flash Uncompressed
1 || 2016395 || 7 || protocol-command-decode || 0 || ET WEB_CLIENT Microsoft OLE Compound File With Flash
1 || 2016396 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Specific Uncompressed Flash CVE-2013-0634
1 || 2016397 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Specific Uncompressed Flash Inside of OLE CVE-2013-0634
1 || 2016398 || 8 || trojan-activity || 0 || ET TROJAN Variant.Graftor.5628 CnC Traffic || md5,81687637b7bf2b90258a5006683e781c || url,www.fireeye.com/blog/technical/cyber-exploits/2013/08/the-sunshop-campaign-continues.html
1 || 2016399 || 3 || trojan-activity || 0 || ET TROJAN W32/FloatingCloud.Banker CnC Beacon || url,www.securelist.com/en/blog/798/God_horses_are_floating_clouds_The_story_of_a_Chinese_banker_Trojan
1 || 2016400 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Flash Action Script Invalid Regex CVE-2013-0634 || cve,2013-0634
1 || 2016401 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Flash Action Script Invalid Regex CVE-2013-0634 || cve,2013-0364
1 || 2016402 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Kit Java png download
1 || 2016403 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload - obfuscated binary base 0
1 || 2016404 || 3 || not-suspicious || 0 || ET INFO MPEG Download Over HTTP (1)
1 || 2016405 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK - PDF Exploit - Feb 12 2013
1 || 2016406 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK landing applet plus class Feb 12 2013
1 || 2016407 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Cool Java Exploit Recent Jar (1)
1 || 2016408 || 13 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (4)
1 || 2016409 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Adobe PDF Zero Day Trojan.666 Payload libarhlp32.dll Second Stage Download POST || url,blog.fireeye.com/research/2013/02/the-number-of-the-beast.html
1 || 2016410 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Adobe PDF Zero Day Trojan.666 Payload libarext32.dll Second Stage Download POST || url,blog.fireeye.com/research/2013/02/the-number-of-the-beast.html
1 || 2016411 || 3 || trojan-activity || 0 || ET TROJAN PDF 0day Communication - agent UA Feb 14 2013 || url,www.joesecurity.org/reports/report-f3b9663a01a73c5eca9d6b2a0519049e.html
1 || 2016412 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS TDS Vdele
1 || 2016413 || 4 || trojan-activity || 0 || ET DNS Reply Sinkhole - sinkhole.cert.pl 148.81.111.111
1 || 2016414 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (5)
1 || 2016415 || 3 || bad-unknown || 0 || ET WEB_SERVER PHP tag in UA || url,blog.spiderlabs.com/2013/02/honeypot-alert-user-agent-field-php-injection-attacks.html
1 || 2016416 || 3 || bad-unknown || 0 || ET WEB_SERVER base64_decode in UA || url,blog.spiderlabs.com/2013/02/honeypot-alert-user-agent-field-php-injection-attacks.html
1 || 2016417 || 2 || trojan-activity || 0 || ET TROJAN W32/Vundo.Downloader Reporting User Website Session Information || url,www.lavasoft.com/mylavasoft/malware-descriptions/blog/trojandownloaderwin32vundojd
1 || 2016418 || 5 || trojan-activity || 0 || ET DNS Reply Sinkhole - Dr. Web || url,virustracker.info
1 || 2016419 || 5 || trojan-activity || 0 || ET DNS Reply Sinkhole - Zinkhole.org
1 || 2016420 || 5 || trojan-activity || 0 || ET DNS Reply Sinkhole - German Company || url,virustracker.info
1 || 2016421 || 5 || trojan-activity || 0 || ET DNS Reply Sinkhole - 1and1 Internet AG || url,virustracker.info
1 || 2016422 || 5 || trojan-activity || 0 || ET DNS Reply Sinkhole - Georgia Tech (1) || url,virustracker.info
1 || 2016423 || 6 || trojan-activity || 0 || ET DNS Reply Sinkhole - Georgia Tech (2) || url,virustracker.info
1 || 2016424 || 5 || trojan-activity || 0 || ET TROJAN Win32/Vundo.OD Checkin || url,www.threatexpert.com/report.aspx?md5=8840a0d9d7f4dba3953ccb68b17b2d6c || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FVundo.OD
1 || 2016425 || 5 || trojan-activity || 0 || ET TROJAN Win32.Zbot.ivgw Downloading EXE || md5,e8e3d22203f9549d6c5f361dfe51f8c6
1 || 2016426 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK landing applet plus class Feb 18 2013
1 || 2016427 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Possible Java Payload Download
1 || 2016428 || 7 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Likseput.B Checkin 2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fLikseput.B
1 || 2016429 || 4 || trojan-activity || 0 || ET TROJAN Shady Rat/HTran style HTTP Header Pattern Request UHCa and Google MSIE UA || url,www.secureworks.com/research/threats/htran/
1 || 2016430 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Downloader.Win32.Agent.vhvw Checkin MINIASP || md5,e4a4e2a3b3adaf3a31e34cd2844a3374 || url,home.mcafee.com/VirusInfo/VirusProfile.aspx?key=1042762#none
1 || 2016431 || 4 || trojan-activity || 0 || ET TROJAN Win32/Tosct.B UA Mandiant APT1 Related || url,www.mandiant.com/apt1 || md5,5bcaa2f4bc7567f6ffd5507a161e221a
1 || 2016432 || 4 || trojan-activity || 0 || ET TROJAN Likseput.B Checkin || md5,95d85aa629a786bb67439a064c4349ec
1 || 2016433 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32/Likseput.A Checkin Windows Vista/7/8 || md5,b5e9ce72771217680efaeecfafe3da3f || url,threatexpert.com/report.aspx?md5=4b6f5e62d7913fc1ab6c71b5b909ecbf
1 || 2016434 || 3 || trojan-activity || 0 || ET TROJAN Win32/COOKIEBAG Cookie APT1 Related || url,www.mandiant.com/apt1
1 || 2016435 || 5 || trojan-activity || 0 || ET TROJAN WEBC2-TABLE Checkin 1 - APT1 Related || md5,7a7a46e8fbc25a624d58e897dee04ffa || md5,110160e9d6e1483192653d4bfdcbb609 || url,www.mandiant.com/apt1
1 || 2016436 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-TABLE Checkin 2 - APT1 Related || md5,7a7a46e8fbc25a624d58e897dee04ffa || md5,110160e9d6e1483192653d4bfdcbb609 || url,www.mandiant.com/apt1
1 || 2016437 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-TABLE Checkin 3 - APT1 Related || md5,7a7a46e8fbc25a624d58e897dee04ffa || md5,110160e9d6e1483192653d4bfdcbb609 || url,www.mandiant.com/apt1
1 || 2016438 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-TABLE Checkin Response - Embedded CnC APT1 Related || url,www.mandiant.com/apt1 || md5,7a7a46e8fbc25a624d58e897dee04ffa || md5,110160e9d6e1483192653d4bfdcbb609
1 || 2016439 || 3 || trojan-activity || 0 || ET TROJAN Win32/Namsoth.A Checkin/NEWSREELS APT1 Related || md5,a2cd1189860b9ba214421aab86ecbc8a || url,www.mandiant.com/apt1
1 || 2016440 || 2 || trojan-activity || 0 || ET TROJAN SEASALT HTTP Checkin || md5,5e0df5b28a349d46ac8cc7d9e5e61a96 || url,www.mandiant.com/apt1
1 || 2016441 || 2 || trojan-activity || 0 || ET TROJAN SEASALT Client Checkin || md5,5e0df5b28a349d46ac8cc7d9e5e61a96 || url,www.mandiant.com/apt1
1 || 2016442 || 2 || trojan-activity || 0 || ET TROJAN SEASALT Server Response || md5,5e0df5b28a349d46ac8cc7d9e5e61a96 || url,www.mandiant.com/apt1
1 || 2016443 || 2 || trojan-activity || 0 || ET TROJAN STARSYPOUND Client Checkin || md5,8442ae37b91f279a9f06de4c60b286a3 || url,www.mandiant.com/apt1
1 || 2016444 || 3 || trojan-activity || 0 || ET TROJAN STARSYPOUND Client Checkin || md5,8442ae37b91f279a9f06de4c60b286a3 || url,www.mandiant.com/apt1
1 || 2016445 || 2 || trojan-activity || 0 || ET TROJAN SWORD Sending Sword Marker || md5,052f5da1734464a985dcd669bff62f93 || url,www.mandiant.com/apt1
1 || 2016446 || 4 || trojan-activity || 0 || ET TROJAN TABMSGSQL/Sluegot.C Checkin || url,www.cyberesi.com/2011/06/15/trojan-letsgo-analysis/ || url,www.mandiant.com/apt1 || md5,052ec04866e4a67f31845d656531830d
1 || 2016447 || 2 || trojan-activity || 0 || ET TROJAN WARP Win32/Barkiofork.A || url,www.mandiant.com/apt1 || md5,7acb0d1df51706536f33bbdb990041d3
1 || 2016448 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-ADSPACE Server Response || url,www.mandiant.com/apt1
1 || 2016449 || 3 || trojan-activity || 0 || ET TROJAN WEBC2-AUSOV Checkin Response - Embedded CnC APT1 Related || url,www.mandiant.com/apt1 || md5,0cf9e999c574ec89595263446978dc9f || md5,0cf9e999c574ec89595263446978dc9f
1 || 2016450 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32/Likseput.A Checkin || url,threatexpert.com/report.aspx?md5=4b6f5e62d7913fc1ab6c71b5b909ecbf
1 || 2016451 || 3 || trojan-activity || 0 || ET TROJAN WEBC2-QBP Checkin Response 1 - Embedded CnC APT1 Related || url,intelreport.mandiant.com || md5,0cf9e999c574ec89595263446978dc9f || md5,fcdaa67e33357f64bc4ce7b57491fc53
1 || 2016452 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-CLOVER Checkin APT1 Related || url,www.mandiant.com/apt1 || md5,29c691978af80dc23c4df96b5f6076bb
1 || 2016453 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-CLOVER Download UA || url,www.mandiant.com/apt1 || md5,29c691978af80dc23c4df96b5f6076bb
1 || 2016454 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-DIV UA || url,www.mandiant.com/apt1 || md5,1e5ec6c06e4f6bb958dcbb9fc636009d
1 || 2016455 || 3 || trojan-activity || 0 || ET TROJAN Possible WEBC2-GREENCAT Response - Embedded CnC APT1 Related || url,www.mandiant.com/apt1 || md5,1014af80798518864d5d3dfa4e1cd079e
1 || 2016456 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-KT3 Intial Connection Beacon APT1 Related || url,www.mandiant.com/apt1 || md5,ec3a2197ca6b63ee1454d99a6ae145ab
1 || 2016457 || 3 || trojan-activity || 0 || ET TROJAN WEBC2-KT3 Intial Connection Beacon Server Response APT1 Related || url,www.mandiant.com/apt1 || md5,ec3a2197ca6b63ee1454d99a6ae145ab
1 || 2016458 || 3 || trojan-activity || 0 || ET TROJAN WEBC2-RAVE UA || url,www.mandiant.com/apt1 || md5,5bcaa2f4bc7567f6ffd5507a161e221a
1 || 2016459 || 5 || trojan-activity || 0 || ET TROJAN Win32/Small.XR Checkin 2 WEBC2-CSON APT1 Related || url,www.threatexpert.com/report.aspx?md5=ba45339da92ca4622b472ac458f4c8f2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FSmall.XR || url,www.mandiant.com/apt1
1 || 2016460 || 6 || trojan-activity || 0 || ET TROJAN WEBC2-CSON Checkin - APT1 Related || url,www.threatexpert.com/report.aspx?md5=ba45339da92ca4622b472ac458f4c8f2 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDownloader%3AWin32%2FSmall.XR || url,intelreport.mandiant.com/ || md5, 8dd6a7fe83bd9682187d956f160ffb47
1 || 2016461 || 4 || trojan-activity || 0 || ET TROJAN Win32.Sluegot.A Checkin WEBC2-YAHOO APT1 Related || url,www.securelist.com/en/descriptions/24052976/Trojan.Win32.Scar.ddxe || md5,0149b7bd7218aab4e257d28469fddb0d || md5,6f9992c486195edcf0bf2f6ee6c3ec74 || url,www.mandiant.com/apt1
1 || 2016462 || 3 || trojan-activity || 0 || ET TROJAN Fake Virtually SSL Cert APT1 || url,www.mandiant.com/apt1
1 || 2016463 || 3 || trojan-activity || 0 || ET TROJAN Fake IBM SSL Cert APT1 || url,www.mandiant.com/apt1
1 || 2016464 || 3 || trojan-activity || 0 || ET TROJAN EMAIL SSL Cert APT1 || url,www.mandiant.com/apt1
1 || 2016465 || 3 || trojan-activity || 0 || ET TROJAN LAME SSL Cert APT1 || url,www.mandiant.com/apt1
1 || 2016466 || 3 || trojan-activity || 0 || ET TROJAN NS SSL Cert APT1 || url,www.mandiant.com/apt1
1 || 2016467 || 3 || trojan-activity || 0 || ET TROJAN SERVER SSL Cert APT1 || url,www.mandiant.com/apt1
1 || 2016468 || 4 || trojan-activity || 0 || ET TROJAN SUR SSL Cert APT1 || url,www.mandiant.com/apt1
1 || 2016469 || 3 || trojan-activity || 0 || ET TROJAN FAKE AOL SSL Cert APT1 || url,www.mandiant.com/apt1
1 || 2016470 || 3 || trojan-activity || 0 || ET TROJAN FAKE YAHOO SSL Cert APT1 || url,www.mandiant.com/apt1
1 || 2016471 || 3 || trojan-activity || 0 || ET TROJAN WEBC2-UGX User-Agent (Windows+NT+5.x) APT1 || url,www.mandiant.com/apt1
1 || 2016472 || 2 || trojan-activity || 0 || ET TROJAN WEBC2-UGX Embedded CnC Response APT1 || md5,ae45648a8fc01b71214482d35cf8da54 || url,www.mandiant.com/apt1
1 || 2016473 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible DNS Data Exfiltration to SSHD Rootkit Last Resort CnC || url,isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
1 || 2016474 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew UGX Backdoor initial connection
1 || 2016475 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew downloader without user-agent string exe download without User Agent
1 || 2016476 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications get system
1 || 2016477 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications html return 1 
1 || 2016478 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications sleep
1 || 2016479 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications sleep2
1 || 2016480 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications sleep3
1 || 2016482 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications sleep5
1 || 2016483 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications download client.png
1 || 2016484 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT crabdance backdoor base64 head 2
1 || 2016485 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT crabdance backdoor base64 head
1 || 2016486 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT backdoor stage 2 download base64 update.gif
1 || 2016487 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT backdoor download logo.png
1 || 2016488 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS - CommentCrew Possible APT c2 communications get command client key
1 || 2016489 || 4 || trojan-activity || 0 || ET TROJAN CBeplay Downloading Design
1 || 2016490 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class Request (1)
1 || 2016491 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class Request (2)
1 || 2016492 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class Request (3)
1 || 2016493 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK/BHEK/Impact EK Java7 Exploit Class Request (3)
1 || 2016494 || 5 || trojan-activity || 0 || ET INFO Serialized Java Applet (Used by some EKs in the Wild)
1 || 2016495 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Kit Java .psd download
1 || 2016496 || 4 || trojan-activity || 0 || ET TROJAN Gimemo Ransomware Checkin
1 || 2016497 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS StyX Landing Page (2)
1 || 2016498 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With Payload || url,malwaremustdie.blogspot.co.uk/2013/02/the-infection-of-styx-exploit-kit.html
1 || 2016499 || 11 || bad-unknown || 0 || ET CURRENT_EVENTS Styx Exploit Kit Payload Download
1 || 2016500 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS Possible Nicepack EK Landing (Anti-VM)
1 || 2016501 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - zecmd - Form
1 || 2016502 || 2 || trojan-activity || 0 || ET INFO Java Serialized Data via vulnerable client
1 || 2016503 || 2 || trojan-activity || 0 || ET INFO Java Serialized Data
1 || 2016504 || 4 || bad-unknown || 0 || ET INFO Serialized Data request
1 || 2016505 || 2 || trojan-activity || 0 || ET INFO file possibly containing Serialized Data file
1 || 2016506 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Exploit Kit Java jpeg download
1 || 2016507 || 5 || trojan-activity || 0 || ET TROJAN W32/Caphaw Requesting Additional Modules From CnC || url,www.welivesecurity.com/2013/02/25/caphaw-attacking-major-european-banks-with-webinject-plugin/
1 || 2016508 || 2 || trojan-activity || 0 || ET TROJAN W32/Caphaw CnC Configuration File Request || url,www.welivesecurity.com/2013/02/25/caphaw-attacking-major-european-banks-with-webinject-plugin/
1 || 2016509 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Zbot.Variant Fake MSIE 6.0 UA
1 || 2016510 || 4 || trojan-activity || 0 || ET INFO Serialized Java Applet (Used by some EKs in the Wild)
1 || 2016511 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Successful Compromise svchost.jpg Beacon - Java  Zeroday || url,blog.fireeye.com/research/2013/02/yaj0-yet-another- java-zero-day-2.html
1 || 2016512 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Smsilence.A Successful Install Report || url,blogs.mcafee.com/mcafee-labs/sms-trojan-targets-south-korean-android-devices
1 || 2016513 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Smsilence.A Sending SMS Messages CnC Beacon || url,blogs.mcafee.com/mcafee-labs/sms-trojan-targets-south-korean-android-devices
1 || 2016514 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Java Exploit - jhan.jar
1 || 2016515 || 4 || trojan-activity || 0 || ET TROJAN Gimemo Activity
1 || 2016516 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - Generic - c99shell based POST structure
1 || 2016519 || 3 || attempted-user || 0 || ET EXPLOIT Metasploit js_property_spray sprayHeap || url,community.rapid7.com/community/metasploit/blog/2013/03/04/new-heap-spray-technique-for-metasploit-browser-exploitation
1 || 2016520 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Probable Sakura exploit kit landing page obfuscated applet tag Mar 1 2013
1 || 2016521 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Java Archive Request (Java-SPLOIT.jar)
1 || 2016522 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Payload Request
1 || 2016523 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Unknown Exploit Kit Exploit Request
1 || 2016524 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole V2 Exploit Kit Landing Page Try Catch Body Specific -  4/3/2013
1 || 2016525 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole V2 Exploit Kit Landing Page Try Catch Body Style 2 Specific -  4/3/2013
1 || 2016526 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole V2 Exploit Kit Landing Page Try Catch False Specific -  4/3/2013
1 || 2016527 || 3 || trojan-activity || 0 || ET TROJAN W32/Asprox php.dll.crp POST CnC Beacon || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf
1 || 2016528 || 3 || trojan-activity || 0 || ET TROJAN W32/Asprox CnC Beacon || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf
1 || 2016529 || 2 || trojan-activity || 0 || ET TROJAN W32/Asprox Passgrub POST CnC Beacon || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf
1 || 2016530 || 2 || trojan-activity || 0 || ET TROJAN W32/Asprox.FakeAV Affiliate Second Stage Download Location Request || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf
1 || 2016531 || 2 || trojan-activity || 0 || ET TROJAN W32/Asprox.FakeAV Affiliate Download Location Response - Likely Pay-Per-Install For W32/Papras.Spy or W32/ZeroAccess || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf
1 || 2016533 || 2 || trojan-activity || 0 || ET TROJAN W32/TrojanSpy.MSIL Fetch Time CnC Beacon || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B
1 || 2016534 || 2 || trojan-activity || 0 || ET TROJAN W32/TrojanSpy.MSIL Get New MAC CnC Beacon || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B
1 || 2016535 || 2 || trojan-activity || 0 || ET TROJAN W32/TrojanSpy.MSIL Set Done Day CnC Beacon || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B
1 || 2016536 || 2 || trojan-activity || 0 || ET TROJAN W32/TrojanSpy.MSIL Fetch Header CnC Beacon || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AMSIL%2FCrime.B
1 || 2016537 || 2 || bad-unknown || 0 || ET INFO GET Minimal HTTP Headers Flowbit Set
1 || 2016538 || 3 || bad-unknown || 0 || ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
1 || 2016539 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Java Download non Jar file
1 || 2016540 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS JAR Download by Java UA with non JAR EXT matches various EKs
1 || 2016541 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Cool landing applet plus class Mar 03 2013
1 || 2016542 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Portal TDS Kit GET || url,ondailybasis.com/blog/?p=1867
1 || 2016543 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Portal TDS Kit GET (2) || url,ondailybasis.com/blog/?p=1867
1 || 2016544 || 4 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal Mar 6 2013
1 || 2016546 || 3 || trojan-activity || 0 || ET MALWARE W32/Eorezo.Adware CnC Beacon || url,www.symantec.com/security_response/writeup.jsp?docid=2012-061213-2441-99
1 || 2016547 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (6)
1 || 2016548 || 3 || trojan-activity || 0 || ET DELETED W32/Ponik.Downloader Randomware Download || url,www.symantec.com/connect/blogs/fake-adobe-flash-update-installs-ransomware-performs-click-fraud || url,www.symantec.com/security_response/writeup.jsp?docid=2012-110915-5758-99
1 || 2016549 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Base64 http argument in applet (Neutrino/Angler)
1 || 2016550 || 5 || trojan-activity || 0 || ET TROJAN Win32/Fareit Checkin 2 || md5,10baa5250610fc2b5b2cdf932f2007c0
1 || 2016551 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Downloading Jar
1 || 2016552 || 2 || trojan-activity || 0 || ET TROJAN W32/Trustezeb.C CnC Beacon || url,www.abuse.ch/?p=5175 || url,www.virusradar.com/Win32_Trustezeb.C/description
1 || 2016553 || 3 || trojan-activity || 0 || ET TROJAN Win32/Urausy.C Checkin || md5,09462f13d7e6aaa0bff2788158343829 || md5,b18f80d665f340af91003226a2b974b6 || md5,1494b8b9f42753a4bc1762d8f3287db6
1 || 2016554 || 7 || trojan-activity || 0 || ET DELETED Possible FiestaEK CVE-2013-0431 Artifact (1) Mar 07 2013
1 || 2016555 || 7 || trojan-activity || 0 || ET DELETED Possible FiestaEK CVE-2013-0431 Artifact (2) Mar 07 2013
1 || 2016556 || 6 || trojan-activity || 0 || ET DELETED Possible FiestaEK CVE-2013-0431 Artifact (3) Mar 07 2013
1 || 2016557 || 6 || trojan-activity || 0 || ET DELETED Possible FiestaEK CVE-2013-0431 Artifact (4) Mar 07 2013
1 || 2016558 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS Possible CrimeBoss Generic URL Structure
1 || 2016559 || 14 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (7)
1 || 2016560 || 10 || attempted-user || 0 || ET CURRENT_EVENTS GonDadEK Plugin Detect March 11 2013 || url,kahusecurity.com/2012/new-chinese-exploit-pack/
1 || 2016561 || 3 || trojan-activity || 0 || ET DELETED W32/Asprox Spam Module CnC Beacon || url,www.welivesecurity.com/2013/03/08/sinkholing-trojan-downloader-zortob-b-reveals-fast-growing-malware-threat/ || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf
1 || 2016562 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Posting Plugin-Detect Data
1 || 2016563 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16-hex/q.php Landing Page/Java exploit URI
1 || 2016564 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16-hex/q.php Jar Download
1 || 2016566 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS SNET EK Downloading Payload
1 || 2016567 || 4 || trojan-activity || 0 || ET TROJAN Win32/Urausy.C Checkin 2 || md5,09462f13d7e6aaa0bff2788158343829 || md5,b18f80d665f340af91003226a2b974b6 || md5,1494b8b9f42753a4bc1762d8f3287db6
1 || 2016568 || 2 || trojan-activity || 0 || ET TROJAN W32/LetsGo.APT Sleep CnC Beacon || url,www.fireeye.com/blog/technical/targeted-attack/2013/03/the-dingo-and-the-baby.html
1 || 2016569 || 3 || bad-unknown || 0 || ET DNS APT_NGO_wuaclt C2 Domain micorsofts.net || url,labs.alienvault.com
1 || 2016570 || 2 || bad-unknown || 0 || ET DNS APT_NGO_wuaclt C2 Domain micorsofts.com || url,labs.alienvault.com
1 || 2016571 || 1 || bad-unknown || 0 || ET DNS APT_NGO_wuaclt C2 Domain hotmal1.com || url,labs.alienvault.com
1 || 2016572 || 2 || trojan-activity || 0 || ET TROJAN APT_NGO_wuaclt C2 Check-in || url,labs.alienvault.com
1 || 2016573 || 2 || trojan-activity || 0 || ET TROJAN APT_NGO_wuaclt || url,labs.alienvault.com
1 || 2016574 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - MySQL Interface - Database List
1 || 2016575 || 3 || bad-unknown || 0 || ET WEB_SERVER WebShell - MySQL Interface - Client Cookie mysql_web_admin*=
1 || 2016576 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - MySQL Interface - Server Set Cookie mysql_web_admin*=
1 || 2016577 || 4 || bad-unknown || 0 || ET WEB_SERVER WebShell - Romanian Webshell
1 || 2016578 || 4 || trojan-activity || 0 || ET TROJAN Dorkbot Loader Payload Request || md5, 3452c20fd0df69ccfdea520a6515208a
1 || 2016579 || 2 || trojan-activity || 0 || ET TROJAN APT_NGO_wuaclt PDF file || url,labs.alienvault.com/labs/index.php/2013/latest-adobe-pdf-exploit-used-to-target-uyghur-and-tibetan-activists/
1 || 2016580 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to DynDNS Pro Dynamic DNS Domain
1 || 2016581 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to ChangeIP Dynamic DNS Domain
1 || 2016582 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to NOIP Dynamic DNS Domain
1 || 2016583 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to DNSDynamic Dynamic DNS Domain
1 || 2016584 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to DtDNS Dynamic DNS Domain
1 || 2016585 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange applet with obfuscated URL March 03 2013
1 || 2016586 || 5 || bad-unknown || 0 || ET CURRENT_EVENTS Query to a *.opengw.net Open VPN Relay Domain || url,www.vpngate.net
1 || 2016587 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit Landing Page URL March 03 2013
1 || 2016588 || 14 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit Jar Naming Pattern March 03 2013
1 || 2016589 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Redkit URI Struct Flowbit
1 || 2016591 || 5 || trojan-activity || 0 || ET DNS Reply Sinkhole - 46.149.18.14 blacklistthisdomain.com
1 || 2016592 || 3 || trojan-activity || 0 || ET TROJAN RevProxy Java  Settings
1 || 2016593 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS RedDotv2 Java Check-in
1 || 2016594 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS RedDotv2 Jar March 18 2013
1 || 2016595 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to cd.am Dynamic DNS Domain
1 || 2016596 || 6 || attempted-admin || 0 || ET WEB_SERVER Possible SQL Injection (varchar2) || url,doc.emergingthreats.net/2008175
1 || 2016597 || 5 || trojan-activity || 0 || ET DELETED CrimeBoss - Java Exploit - m11.jar
1 || 2016598 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss - Java Exploit - jmx.jar
1 || 2016599 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Xtrat Checkin 2 || md5,fea70e818984b82c9a6bbdc5157d4a40 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fXtrat.A
1 || 2016600 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain peocity.com
1 || 2016601 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain rusview.net
1 || 2016602 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain skyruss.net
1 || 2016603 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain commanal.net
1 || 2016604 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain natareport.com
1 || 2016605 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain photogellrey.com
1 || 2016606 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain photogalaxyzone.com
1 || 2016607 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain insdet.com
1 || 2016608 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain creditrept.com
1 || 2016609 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain pollingvoter.org
1 || 2016610 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain dfasonline.com
1 || 2016611 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain hudsoninst.com
1 || 2016612 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain wsurveymaster.com
1 || 2016613 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain nhrasurvey.org
1 || 2016614 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain pdi2012.org
1 || 2016615 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain nceba.org
1 || 2016616 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain linkedin-blog.com
1 || 2016617 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain aafbonus.com
1 || 2016618 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain milstars.org
1 || 2016619 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain vatdex.com
1 || 2016620 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain insightpublicaffairs.org
1 || 2016621 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain applesea.net
1 || 2016622 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain appledmg.net
1 || 2016623 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain appleintouch.net
1 || 2016624 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain seyuieyahooapis.com
1 || 2016625 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain appledns.net
1 || 2016626 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain emailserverctr.com
1 || 2016627 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain dailynewsjustin.com
1 || 2016628 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain hi-tecsolutions.org
1 || 2016629 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain slashdoc.org
1 || 2016630 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain photosmagnum.com
1 || 2016631 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain resume4jobs.net
1 || 2016632 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain searching-job.net
1 || 2016633 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain servagency.com
1 || 2016634 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain gsasmartpay.org
1 || 2016635 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Sykipot Domain tech-att.com
1 || 2016636 || 3 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal -2 Mar 13 2013
1 || 2016637 || 3 || trojan-activity || 0 || ET TROJAN W32/GameThief Initial CnC Beacon
1 || 2016638 || 2 || trojan-activity || 0 || ET TROJAN W32/Depyot.Downloader CnC Beacon || url,www.fireeye.com/blog/technical/targeted-attack/2013/03/internet-explorer-8-exploit-found-in-watering-hole-campaign-targeting-chinese-dissidents.html || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanDownloader%3AWin32%2FDepyot.A&ThreatID=-2147288740
1 || 2016639 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Watering Hole applet name AppletHigh.jar || url,www.fireeye.com/blog/technical/targeted-attack/2013/03/internet-explorer-8-exploit-found-in-watering-hole-campaign-targeting-chinese-dissidents.html
1 || 2016640 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Watering Hole applet name AppletLow.jar || url,www.fireeye.com/blog/technical/targeted-attack/2013/03/internet-explorer-8-exploit-found-in-watering-hole-campaign-targeting-chinese-dissidents.html
1 || 2016641 || 6 || web-application-attack || 0 || ET WEB_SERVER Possible Perl Shell in HTTP POST || url,isc.sans.edu/diary.html?storyid=9478
1 || 2016642 || 6 || web-application-attack || 0 || ET WEB_SERVER Possible Perl Shell in HTTP POST || url,isc.sans.edu/diary.html?storyid=9478
1 || 2016643 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible RedDotv2 applet with 32hex value Landing Page
1 || 2016644 || 2 || trojan-activity || 0 || ET TROJAN Galock Ransomware Check-in || url,twitter.com/kafeine/status/314859973064667136/photo/1
1 || 2016645 || 2 || trojan-activity || 0 || ET TROJAN Galock Ransomware Command || url,twitter.com/kafeine/status/314859973064667136/photo/1
1 || 2016646 || 3 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Acrobat Web Capture [8-9].0 || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html
1 || 2016647 || 3 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Adobe LiveCycle Designer ES 8.2 || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html
1 || 2016648 || 3 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Python PDF Library || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html
1 || 2016649 || 2 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Acrobat Distiller 9.0.0 (Windows) || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html
1 || 2016650 || 2 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Acrobat Distiller 6.0.1 (Windows) || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html
1 || 2016651 || 2 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator pdfeTeX-1.21a || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html
1 || 2016652 || 2 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Adobe Acrobat 9.2.0 || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html
1 || 2016653 || 2 || not-suspicious || 0 || ET INFO Old/Rare PDF Generator Adobe PDF Library 9.0 || url,carnal0wnage.attackresearch.com/2013/03/apt-pdfs-and-metadata-extraction.html
1 || 2016654 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Postal Reciept EXE in Zip
1 || 2016655 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Java obfuscated binary (3)
1 || 2016656 || 2 || trojan-activity || 0 || ET TROJAN [CrowdStrike] ANCHOR PANDA - Adobe Gh0st Beacon || url,blog.crowdstrike.com/whois-anchor-panda/index.html
1 || 2016657 || 3 || trojan-activity || 0 || ET DELETED [CrowdStrike] ANCHOR PANDA - Poison Ivy Keep-Alive - From Controller || url,blog.crowdstrike.com/whois-anchor-panda/index.html
1 || 2016658 || 5 || trojan-activity || 0 || ET DELETED [CrowdStrike] ANCHOR PANDA - Poison Ivy Keep-Alive - From Victim || url,blog.crowdstrike.com/whois-anchor-panda/index.html
1 || 2016659 || 2 || trojan-activity || 0 || ET TROJAN [CrowdStrike] ANCHOR PANDA Torn RAT Beacon Message Header Local || url,blog.crowdstrike.com/whois-anchor-panda/index.html
1 || 2016660 || 2 || trojan-activity || 0 || ET TROJAN [CrowdStrike] ANCHOR PANDA Torn RAT Beacon Message || url,blog.crowdstrike.com/whois-anchor-panda/index.html
1 || 2016661 || 3 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal -4 Mar 22 2013
1 || 2016662 || 3 || policy-violation || 0 || ET P2P Possible Bittorrent Activity - Multiple DNS Queries For tracker hosts
1 || 2016663 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Karagany encrypted binary (1)
1 || 2016664 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (mssql_query)
1 || 2016665 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (mssql_query)
1 || 2016666 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (pgsql_query)
1 || 2016667 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (pgsql_query)
1 || 2016668 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (mysql_query)
1 || 2016669 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (mysql_query)
1 || 2016670 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (SqlException)
1 || 2016671 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (SqlException)
1 || 2016672 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (error in your SQL syntax)
1 || 2016673 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (error in your SQL syntax)
1 || 2016674 || 3 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (ERROR syntax error at or near)
1 || 2016675 || 3 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (ERROR syntax error at or near)
1 || 2016676 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 200 Response (ORA-)
1 || 2016677 || 2 || bad-unknown || 0 || ET WEB_SERVER SQL Errors in HTTP 500 Response (ORA-)
1 || 2016678 || 4 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal -5 Mar 26 2013
1 || 2016679 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - Simple - Title
1 || 2016680 || 5 || bad-unknown || 0 || ET WEB_SERVER WebShell Generic - net user
1 || 2016681 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell Generic - netsh firewall
1 || 2016682 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell Generic - reg HKEY_LOCAL_MACHINE
1 || 2016683 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell Generic - wget http - POST
1 || 2016684 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - JSPCMD - Form
1 || 2016685 || 2 || trojan-activity || 0 || ET TROJAN Win32/Delfinject Check-in || md5,90f8b934c541966aede75094cfef27ed || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=VirTool%3AWin32%2FDelfInject
1 || 2016686 || 4 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal -7 Mar 30 2013
1 || 2016687 || 3 || misc-activity || 0 || ET FTP Outbound Java Anonymous FTP Login
1 || 2016688 || 2 || misc-activity || 0 || ET FTP Outbound Java Downloading jar over FTP
1 || 2016689 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell - MySQL Interface - Auth Prompt
1 || 2016690 || 12 || trojan-activity || 0 || ET TROJAN Kovter Ransomware Check-in || url,www.botnets.fr/index.php/Kovter || md5,82d0e4f8b34d6d39ee4ff59d0816ec05
1 || 2016692 || 4 || bad-unknown || 0 || ET INFO SUSPICIOUS UA starting with Mozilla/7
1 || 2016693 || 4 || bad-unknown || 0 || ET INFO SUSPICIOUS UA starting with Mozilla/8
1 || 2016694 || 4 || bad-unknown || 0 || ET INFO SUSPICIOUS UA starting with Mozilla/9
1 || 2016695 || 2 || bad-unknown || 0 || ET INFO SUSPICIOUS UA starting with Mozilla/0
1 || 2016696 || 13 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS svchost.exe in URI Probable Process Dump/Trojan Download
1 || 2016697 || 13 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS winlogon.exe in URI || md5,fd95cc0bb7d3ea5a0c86d45570df5228 || md5,09330c596a33689a610a1b183a651118
1 || 2016698 || 13 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS services.exe in URI || md5,145c06300d61b3a0ce2c944fe7cdcb96
1 || 2016699 || 13 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS lsass.exe in URI || md5,d929747212309559cb702dd062fb3e5d
1 || 2016700 || 13 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS explorer.exe in URI || md5,de1bc32ad135b14ad3a5cf72566a63ff
1 || 2016701 || 12 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS smss.exe in URI || md5,450dbe96d7f4108474071aca5826fc43
1 || 2016702 || 12 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS csrss.exe in URI || md5,21a069667a6dba38f06765e414e48824
1 || 2016703 || 12 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS rundll32.exe in URI || md5,ea3dec87f79ff97512c637a5c8868a7e
1 || 2016704 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Probable Sakura exploit kit landing page obfuscated applet tag Mar 28 2013
1 || 2016705 || 19 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange applet with obfuscated URL April 01 2013
1 || 2016706 || 19 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO/NeoSploit possible second stage landing page (1)
1 || 2016707 || 4 || trojan-activity || 0 || ET TROJAN Win32/Enchanim Checkin || md5,539d3b15e9c3882ac70bb1ac7f90a837
1 || 2016708 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss Recent Jar (3)
1 || 2016709 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS CrimeBoss Recent Jar (4)
1 || 2016710 || 3 || trojan-activity || 0 || ET TROJAN Zeus User-Agent(z00sAgent) || md5,e94fb19f3a38f9b2a775b925e4c0abe3
1 || 2016711 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DNS Query Targeted Tibetan Android Malware C2 Domain || url,citizenlab.org/2013/04/permission-to-spy-an-analysis-of-android-malware-targeting-tibetans/
1 || 2016712 || 3 || bad-unknown || 0 || ET DELETED Empty HTTP Content Type Server Response - Potential CnC Server
1 || 2016713 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32/BaneChant.APT Winword.pkg Redirect || url,www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html
1 || 2016714 || 2 || bad-unknown || 0 || ET SHELLCODE Possible Backslash Escaped UTF-8 0c0c Heap Spray
1 || 2016715 || 2 || bad-unknown || 0 || ET SHELLCODE Possible Backslash Escaped UTF-16 0c0c Heap Spray
1 || 2016716 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS BHEK q.php iframe inbound || url,blog.sucuri.net/2013/02/web-server-compromise-debian-distro-identify-and-remove-corrupt-apache-modules.html
1 || 2016717 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS BHEK ff.php iframe inbound || url,blog.sucuri.net/2013/02/web-server-compromise-debian-distro-identify-and-remove-corrupt-apache-modules.html
1 || 2016718 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS BHEK q.php iframe outbound || url,blog.sucuri.net/2013/02/web-server-compromise-debian-distro-identify-and-remove-corrupt-apache-modules.html
1 || 2016719 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS BHEK ff.php iframe outbound || url,blog.sucuri.net/2013/02/web-server-compromise-debian-distro-identify-and-remove-corrupt-apache-modules.html
1 || 2016720 || 5 || trojan-activity || 0 || ET DELETED Sakura Jar Download SET
1 || 2016721 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sakura Jar Download
1 || 2016722 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 32-hex/ff.php Landing Page/Java exploit URI
1 || 2016723 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 32-hex/ff.php Jar Download
1 || 2016724 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16-hex/ff.php Landing Page/Java exploit URI
1 || 2016725 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16-hex/ff.php Jar Download
1 || 2016726 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Potential Fiesta Flash Exploit
1 || 2016727 || 2 || trojan-activity || 0 || ET TROJAN W32/BaneChant.APT Data Exfiltration POST to CnC || url,www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html
1 || 2016728 || 2 || trojan-activity || 0 || ET TROJAN W32/BaneChant.APT Initial CnC Beacon || url,www.fireeye.com/blog/technical/malware-research/2013/04/trojan-apt-banechant-in-memory-trojan-that-observes-for-multiple-mouse-clicks.html
1 || 2016729 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS Reversed Applet Observed in Sakura/Blackhole Landing
1 || 2016730 || 13 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal
1 || 2016731 || 4 || trojan-activity || 0 || ET TROJAN Revoyem Ransomware Check-in || url,www.botnets.fr/index.php/Revoyem
1 || 2016732 || 4 || trojan-activity || 0 || ET TROJAN Revoyem Ransomware Activity || url,www.botnets.fr/index.php/Revoyem
1 || 2016733 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura encrypted binary (2)
1 || 2016734 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit applet + obfuscated URL Apr 7 2013
1 || 2016735 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS GonDadEK Java Exploit Requested
1 || 2016736 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS GonDadEK Java Exploit Requested
1 || 2016737 || 11 || attempted-user || 0 || ET CURRENT_EVENTS GonDadEK Kit Jar || url,kahusecurity.com/2012/new-chinese-exploit-pack/
1 || 2016738 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Citadel Infection or Config URL Request || url,malwaremustdie.blogspot.co.uk/2013/04/wireshark-analysis-of-citadel-trojan.html || url,seifreed.es/docs/Citadel%20Trojan%20Report_eng.pdf
1 || 2016739 || 2 || trojan-activity || 0 || ET TROJAN W32/Citadel File.php CnC POST || url,malwaremustdie.blogspot.co.uk/2013/04/wireshark-analysis-of-citadel-trojan.html || url,seifreed.es/docs/Citadel%20Trojan%20Report_eng.pdf
1 || 2016740 || 2 || trojan-activity || 0 || ET TROJAN W32/Citadel Content.php CnC POST || url,malwaremustdie.blogspot.co.uk/2013/04/wireshark-analysis-of-citadel-trojan.html || url,seifreed.es/docs/Citadel%20Trojan%20Report_eng.pdf
1 || 2016741 || 2 || trojan-activity || 0 || ET TROJAN W32/Citadel Pro File.php CnC POST || url,malwaremustdie.blogspot.co.uk/2013/04/wireshark-analysis-of-citadel-trojan.html || url,seifreed.es/docs/Citadel%20Trojan%20Report_eng.pdf
1 || 2016742 || 6 || trojan-activity || 0 || ET TROJAN Possible W32/Citadel Download From CnC Server Self Referenced /files/ attachment || url,malwaremustdie.blogspot.co.uk/2013/04/wireshark-analysis-of-citadel-trojan.html || url,seifreed.es/docs/Citadel%20Trojan%20Report_eng.pdf
1 || 2016743 || 2 || trojan-activity || 0 || ET TROJAN W32/Citadel Conf.bin Download From CnC Server || url,malwaremustdie.blogspot.co.uk/2013/04/wireshark-analysis-of-citadel-trojan.html || url,seifreed.es/docs/Citadel%20Trojan%20Report_eng.pdf
1 || 2016744 || 5 || trojan-activity || 0 || ET POLICY NSISDL Iplookup.php IPCheck
1 || 2016746 || 2 || trojan-activity || 0 || ET TROJAN W32/NSISDL.Downloader CnC Server Response
1 || 2016748 || 2 || trojan-activity || 0 || ET TROJAN RansomCrypt Intial Check-in
1 || 2016749 || 2 || trojan-activity || 0 || ET TROJAN RansomCrypt Getting Template
1 || 2016751 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit/Sakura applet + obfuscated URL Apr 10 2013
1 || 2016752 || 3 || trojan-activity || 0 || ET DELETED W32/Nymaim Checkin || md5,b904ce55532582a6ea516399d8e4b410
1 || 2016753 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Posting Plugin-Detect Data April 12 2013
1 || 2016754 || 2 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via myip.dnsomatic.com - Possible Infection
1 || 2016755 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 2 Landing Page (9)
1 || 2016756 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino EK Plugin-Detect April 12 2013
1 || 2016757 || 5 || trojan-activity || 0 || ET TROJAN W32/Nymaim Checkin (2)
1 || 2016758 || 4 || policy-violation || 0 || ET POLICY Bitcoin Mining Extensions Header
1 || 2016759 || 1 || trojan-activity || 0 || ET TROJAN Win32/Redyms.A Checkin
1 || 2016760 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - PHPShell - Comment
1 || 2016761 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - PHPShell - Haxplorer URI
1 || 2016762 || 2 || attempted-user || 0 || ET WEB_SERVER WebShell - PHPShell - PHPKonsole URI
1 || 2016763 || 6 || network-scan || 0 || ET SCAN Non-Malicious SSH/SSL Scanner on the run || url,pki.net.in.tum.de/node/21 || url,isc.sans.edu/diary/SSH%2bscans%2bfrom%2b188.95.234.6/15532
1 || 2016764 || 14 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO PDF Payload Download
1 || 2016765 || 2 || misc-activity || 0 || ET INFO PDF - Acrobat Enumeration - pdfobject.js
1 || 2016766 || 2 || misc-activity || 0 || ET INFO PDF - Acrobat Enumeration - var PDFObject
1 || 2016767 || 3 || bad-unknown || 0 || ET INFO EXE - SCR in PKZip Compressed Data Download
1 || 2016768 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Dorkbot.AR Join IRC channel || url,microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32/Dorkbot.AR || md5,7e76c7db8706511fc59508af4aef27fa
1 || 2016769 || 2 || trojan-activity || 0 || ET TROJAN Win32/Enchanim Check-in Response || md5,2642999a085443e9055b292c4d405e64 || md5,37066ed52cd7510bf04808c332599f1c || url,www.seculert.com/blog/2013/04/magic-persistent-threat.html
1 || 2016770 || 2 || trojan-activity || 0 || ET TROJAN Win32/Enchanim Process List Dump || md5,2642999a085443e9055b292c4d405e64 || md5,37066ed52cd7510bf04808c332599f1c || url,www.seculert.com/blog/2013/04/magic-persistent-threat.html
1 || 2016771 || 4 || trojan-activity || 0 || ET TROJAN Win32/Enchanim C2 Injection Download || md5,2642999a085443e9055b292c4d405e64 || md5,37066ed52cd7510bf04808c332599f1c || url,www.seculert.com/blog/2013/04/magic-persistent-threat.html
1 || 2016773 || 2 || trojan-activity || 0 || ET TROJAN Mutter Backdoor Checkin || url,fireeye.com/blog/technical/malware-research/2013/04/the-mutter-backdoor-operation-beebus-with-new-targets.html
1 || 2016774 || 2 || misc-activity || 0 || ET INFO Generic HTTP EXE Upload Inbound
1 || 2016775 || 2 || misc-activity || 0 || ET INFO Generic HTTP EXE Upload Outbound
1 || 2016776 || 3 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal Apr 18 2013
1 || 2016777 || 10 || bad-unknown || 0 || ET INFO HTTP Request to a *.pw domain
1 || 2016778 || 3 || bad-unknown || 0 || ET INFO DNS Query to a *.pw domain - Likely Hostile
1 || 2016779 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Fake DHL Kuluoz.B URI
1 || 2016780 || 4 || trojan-activity || 0 || ET MALWARE Adware.Win32/SProtector.A Client Checkin || md5,38f61d046e575971ed83c4f71accd132
1 || 2016781 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura obfuscated javascript Apr 21 2013
1 || 2016782 || 15 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (8)
1 || 2016784 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Fiesta - Payload - flashplayer11
1 || 2016785 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Java Exploit Recievied
1 || 2016786 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Payload Requested
1 || 2016787 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Payload Downloaded
1 || 2016788 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Possible Wordpress Super Cache Plugin PHP Injection mfunc
1 || 2016789 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Possible Wordpress Super Cache Plugin PHP Injection mclude
1 || 2016790 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Possible Wordpress Super Cache Plugin PHP Injection dynamic-cached-content
1 || 2016791 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Landing Page - Received
1 || 2016792 || 3 || attempted-user || 0 || ET WEB_SERVER Plesk Panel Possible HTTP_AUTH_LOGIN SQLi CVE-2012-1557 || cve,CVE-2012-1557
1 || 2016793 || 5 || trojan-activity || 0 || ET TROJAN Linux Backdoor Linux/Cdorked.A Redirect 1 || url,welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/
1 || 2016794 || 4 || attempted-user || 0 || ET CURRENT_EVENTS Possible Linux/Cdorked.A Incoming Command
1 || 2016795 || 4 || trojan-activity || 0 || ET TROJAN ET TROJAN TROJ_NAIKON.A SSL Cert || url,blog.trendmicro.com/trendlabs-security-intelligence/targeted-attack-campaign-hides-behind-ssl-communication/
1 || 2016796 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html
1 || 2016797 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated Click To Run Bypass || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html
1 || 2016798 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java JNLP Requested
1 || 2016799 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Flash Exploit Requested
1 || 2016800 || 6 || misc-activity || 0 || ET TROJAN Medfos Connectivity Check
1 || 2016801 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear landing with obfuscated plugindetect Apr 29 2013
1 || 2016802 || 4 || misc-activity || 0 || ET INFO myobfuscate.com Encoded Script Calling home
1 || 2016803 || 4 || trojan-activity || 0 || ET TROJAN Known Sinkhole Response Header
1 || 2016804 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM - Java Exploit - jreg.jar
1 || 2016805 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK UAC Disable in Uncompressed JAR
1 || 2016806 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Tor2Web .onion Proxy Service SSL Cert (1) || url,uscyberlabs.com/blog/2013/04/30/tor-exploit-pak/
1 || 2016807 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Eval With Base64.decode seen in DOL Watering Hole Attack 05/01/13
1 || 2016808 || 2 || trojan-activity || 0 || ET TROJAN Cookies/Cookiebag Checkin || md5,840BD11343D140916F45223BA05ABACB
1 || 2016809 || 5 || trojan-activity || 0 || ET TROJAN Win32/Urausy.C Checkin 3 || md5,09462f13d7e6aaa0bff2788158343829 || md5,b18f80d665f340af91003226a2b974b6 || md5,1494b8b9f42753a4bc1762d8f3287db6
1 || 2016810 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Tor2Web .onion Proxy Service SSL Cert (2) || url,uscyberlabs.com/blog/2013/04/30/tor-exploit-pak/
1 || 2016811 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS - Possible Redkit 1-4 char JNLP request 
1 || 2016812 || 4 || trojan-activity || 0 || ET TROJAN Greencat SSL Certificate
1 || 2016813 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS - Possible BlackHole request with decryption Base 
1 || 2016814 || 4 || trojan-activity || 0 || ET TROJAN Linux Backdoor Linux/Cdorked.A Redirect 2 || url,welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/
1 || 2016815 || 4 || trojan-activity || 0 || ET TROJAN Linux Backdoor Linux/Cdorked.A Redirect 3 || url,welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/
1 || 2016816 || 3 || trojan-activity || 0 || ET TROJAN Variant.Zusy.45802 Checkin
1 || 2016817 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 2 || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html
1 || 2016818 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 3 || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html
1 || 2016819 || 5 || trojan-activity || 0 || ET TROJAN DEEP PANDA Checkin 1 || url,labs.alienvault.com/labs/index.php/2013/u-s-department-of-labor-website-hacked-and-redirecting-to-malicious-code/ || url,crowdstrike.com/sites/default/files/AdversaryIntelligenceReport_DeepPanda_0.pdf
1 || 2016820 || 2 || trojan-activity || 0 || ET TROJAN DEEP PANDA Checkin 2 || url,labs.alienvault.com/labs/index.php/2013/u-s-department-of-labor-website-hacked-and-redirecting-to-malicious-code/ || url,crowdstrike.com/sites/default/files/AdversaryIntelligenceReport_DeepPanda_0.pdf
1 || 2016821 || 3 || trojan-activity || 0 || ET TROJAN DEEP PANDA Checkin 3 || url,labs.alienvault.com/labs/index.php/2013/u-s-department-of-labor-website-hacked-and-redirecting-to-malicious-code/ || url,crowdstrike.com/sites/default/files/AdversaryIntelligenceReport_DeepPanda_0.pdf
1 || 2016822 || 2 || attempted-user || 0 || ET WEB_CLIENT Possible CVE-2013-1347 IE 0-day used in DOL attack || cve,2013-1347 || url,labs.alienvault.com/labs/index.php/2013/u-s-department-of-labor-website-hacked-and-redirecting-to-malicious-code/ || url,technet.microsoft.com/en-us/security/advisory/2847140
1 || 2016823 || 4 || trojan-activity || 0 || ET TROJAN Suspicious Fake Opera 10 User-Agent || url,dev.opera.com/articles/view/opera-ua-string-changes || url,blog.avast.com/2013/05/03/regents-of-louisiana-spreading-sirefef-malware
1 || 2016824 || 3 || attempted-user || 0 || ET EXPLOIT Metasploit mstime_malloc no-spray || url,community.rapid7.com/community/metasploit/blog/2013/03/04/new-heap-spray-technique-for-metasploit-browser-exploitation
1 || 2016825 || 3 || misc-activity || 0 || ET INFO Suspicious Possible CollectGarbage in base64 1
1 || 2016826 || 3 || misc-activity || 0 || ET INFO Suspicious Possible CollectGarbage in base64 2
1 || 2016827 || 3 || misc-activity || 0 || ET INFO Suspicious Possible CollectGarbage in base64 3
1 || 2016828 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Requsting Payload
1 || 2016829 || 3 || trojan-activity || 0 || ET TROJAN Unknown Checkin
1 || 2016830 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Injection - var j=0
1 || 2016831 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CVE-2013-2423 IVKM PoC Seen in Unknown EK || url,weblog.ikvm.net/CommentView.aspx?guid=acd2dd6d-1028-4996-95df-efa42ac237f0
1 || 2016832 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS HellSpawn EK Requesting Jar
1 || 2016833 || 5 || attempted-user || 0 || ET CURRENT_EVENTS IE HTML+TIME ANIMATECOLOR with eval as seen in unknown EK || url,blog.exodusintel.com/2013/01/02/happy-new-year-analysis-of-cve-2012-4792/
1 || 2016834 || 2 || trojan-activity || 0 || ET DELETED Unknown Trojan POST
1 || 2016835 || 2 || attempted-admin || 0 || ET EXPLOIT Exim/Dovecot Possible MAIL FROM Command Execution || url,redteam-pentesting.de/de/advisories/rt-sa-2013-001/-exim-with-dovecot-typical-misconfiguration-leads-to-remote-command-execution
1 || 2016836 || 3 || web-application-attack || 0 || ET WEB_SERVER ColdFusion password.properties access || url,cxsecurity.com/issue/WLB-2013050065
1 || 2016837 || 6 || trojan-activity || 0 || ET TROJAN Alina Checkin || url,blog.spiderlabs.com/2013/05/alina-shedding-some-light-on-this-malware-family.html
1 || 2016838 || 5 || trojan-activity || 0 || ET TROJAN Alina User-Agent(Alina) || url,blog.spiderlabs.com/2013/05/alina-shedding-some-light-on-this-malware-family.html
1 || 2016839 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit hex.zip Java Downloading Jar
1 || 2016840 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing
1 || 2016841 || 4 || web-application-attack || 0 || ET WEB_SERVER  ColdFusion path disclosure to get the absolute path || url,www.exploit-db.com/exploits/25305/
1 || 2016842 || 2 || web-application-attack || 0 || ET WEB_SERVER ColdFusion scheduletasks access || url,exploit-db.com/exploits/24946/
1 || 2016843 || 2 || web-application-attack || 0 || ET WEB_SERVER ColdFusion scheduleedit access || url,exploit-db.com/exploits/24946/
1 || 2016844 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Downloader.Win32.AutoIt.mj Checkin || url,threatexpert.com/report.aspx?md5=c4e923564c564163620959f23691cc26 || md5,4a77d3575845cf24b72400816d0b95c2
1 || 2016845 || 3 || policy-violation || 0 || ET WEB_SERVER HTTPing Usage Inbound || url,www.vanheusden.com/httping/
1 || 2016846 || 4 || bad-unknown || 0 || ET INFO Possible Firefox Plugin install || url,research.zscaler.com/2012/09/how-to-install-silently-malicious.html
1 || 2016847 || 3 || bad-unknown || 0 || ET INFO Possible Chrome Plugin install || url,blogs.technet.com/b/mmpc/archive/2013/05/10/browser-extension-hijacks-facebook-profiles.aspx
1 || 2016848 || 12 || policy-violation || 0 || ET CURRENT_EVENTS BlackHole Java Exploit Artifact || url,vanheusden.com/httping/
1 || 2016850 || 2 || trojan-activity || 0 || ET TROJAN Possible Linux/Cdorked.A CnC || url,code.google.com/p/malware-lu/wiki/en_malware_cdorked_A || url,welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/
1 || 2016851 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Winwebsec/Zbot/Luder Checkin Response
1 || 2016852 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura obfuscated javascript May 10 2013
1 || 2016853 || 15 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Posting Plugin-Detect Data May 15 2013
1 || 2016854 || 3 || trojan-activity || 0 || ET TROJAN Embedded Android Dalvik Executable File With Fake Windows Executable Header - Possible AV Bypass Attempt || url,research.zscaler.com/2013/03/guess-who-am-i-pe-or-apk.html
1 || 2016855 || 2 || trojan-activity || 0 || ET TROJAN Embedded ZIP/APK File With Fake Windows Executable Header - Possible AV Bypass Attempt || url,research.zscaler.com/2013/03/guess-who-am-i-pe-or-apk.html
1 || 2016856 || 2 || policy-violation || 0 || ET POLICY Android Dalvik Executable File Download || url,source.android.com/tech/dalvik/dex-format.html
1 || 2016857 || 2 || trojan-activity || 0 || ET TROJAN W32/Pushdo CnC Server Fake JPEG Response || url,www.damballa.com/downloads/r_pubs/Damballa_mv20_case_study.pdf
1 || 2016858 || 9 || trojan-activity || 0 || ET TROJAN Generic - POST To .php w/Extended ASCII Characters
1 || 2016859 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_MM - Java Exploit - cee.jar
1 || 2016860 || 18 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing Page May 16 2013
1 || 2016861 || 2 || trojan-activity || 0 || ET TROJAN Hangover Campaign Keylogger Checkin || md5,023d82950ebec016cd4016d7a11be58d || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016862 || 3 || trojan-activity || 0 || ET TROJAN Hangover Campaign Keylogger 2 checkin || md5,0b38f87841ed347cc2a5ffa510a1c8f6 || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016863 || 2 || trojan-activity || 0 || ET TROJAN Trojan.Win32.VB.cefz Checkin || md5,0cace87b377a00df82839c659fc3adea || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016864 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Agent.bjjv Checkin || md5,06ba10a49c8cea32a51f0bbe8f5073f1 || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016865 || 2 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger.acqh User-Agent(EMSFRTCBVD) || md5,0e9e46d068fea834e12b2226cc8969fd || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016866 || 4 || trojan-activity || 0 || ET TROJAN Trojan-Spy.Win32.KeyLogger.acuj Checkin || md5,078d12eb9fc2b1665c0cc3001448b69b || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016867 || 2 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Pushdo.s Checkin
1 || 2016868 || 13 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino Plugin-Detect 2 May 20 2013
1 || 2016869 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Post Exploit Payload Download
1 || 2016870 || 8 || policy-violation || 0 || ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5.
1 || 2016871 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake Internet Explorer Version MSIE 4.
1 || 2016872 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake Internet Explorer Version MSIE 3.
1 || 2016873 || 5 || policy-violation || 0 || ET POLICY Unsupported/Fake Internet Explorer Version MSIE 2.
1 || 2016874 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake Internet Explorer Version MSIE 1.
1 || 2016875 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake FireFox Version 0.
1 || 2016876 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake FireFox Version 1.
1 || 2016877 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake FireFox Version 2.
1 || 2016878 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake Windows NT Version 4.
1 || 2016879 || 4 || policy-violation || 0 || ET POLICY Unsupported/Fake Windows NT Version 5.0
1 || 2016880 || 6 || trojan-activity || 0 || ET INFO Suspicious Windows NT version 0 User-Agent
1 || 2016881 || 4 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(FMBVDFRESCT) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016882 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(DSMBVCTFRE) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016883 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(MBESCVDFRT) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016884 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(TCBFRVDEMS) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016885 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(DEMOMAKE) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016886 || 2 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(DEMO) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016887 || 5 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(UPHTTP) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016888 || 4 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(sendFile) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016889 || 5 || trojan-activity || 0 || ET DELETED TrojanSpy.KeyLogger Hangover Campaign User-Agent(wininetget/0.1) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016890 || 3 || trojan-activity || 0 || ET DELETED TrojanSpy.KeyLogger Hangover Campaign User-Agent(file) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016891 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(vbusers) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016892 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(folderwin) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016893 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(smaal) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016894 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(nento) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016895 || 3 || trojan-activity || 0 || ET TROJAN TrojanSpy.KeyLogger Hangover Campaign User-Agent(bugmaal) || url,blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016896 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Requesting Payload
1 || 2016897 || 7 || trojan-activity || 0 || ET TROJAN Possible Win32/Gapz MSIE 9 on Windows NT 5 || url,windows.microsoft.com/en-us/internet-explorer/products/ie-9/system-requirements
1 || 2016898 || 6 || trojan-activity || 0 || ET INFO Suspicious MSIE 10 on Windows NT 5
1 || 2016899 || 4 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Registering Client || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi/
1 || 2016900 || 5 || trojan-activity || 0 || ET DELETED Trojan.BlackRev Polling for DoS targets || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi/
1 || 2016901 || 5 || trojan-activity || 0 || ET DELETED Trojan.BlackRev Download Executable || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi/
1 || 2016902 || 5 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Download Executable || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi/
1 || 2016903 || 4 || trojan-activity || 0 || ET USER_AGENTS Suspicious User-Agent (DownloadMR) || url,www.virustotal.com/en/file/93236b781e147e3ac983be1374a5f807fabd27ee2b92e6d99e293a6eb070ac2b/analysis/ || md5, 0da0d8e664f44400c19898b4c9e71456
1 || 2016904 || 3 || trojan-activity || 0 || ET USER_AGENTS User-Agent (ChilkatUpload) || url,chilkatsoft.com
1 || 2016905 || 3 || trojan-activity || 0 || ET MALWARE AdWare.MSIL.Solimba.b GET || url,virustotal.com/en/file/93236b781e147e3ac983be1374a5f807fabd27ee2b92e6d99e293a6eb070ac2b/analysis/ || md5, 0da0d8e664f44400c19898b4c9e71456
1 || 2016906 || 3 || trojan-activity || 0 || ET MALWARE AdWare.MSIL.Solimba.b POST || url,virustotal.com/en/file/93236b781e147e3ac983be1374a5f807fabd27ee2b92e6d99e293a6eb070ac2b/analysis/ || md5, 0da0d8e664f44400c19898b4c9e71456
1 || 2016907 || 5 || trojan-activity || 0 || ET TROJAN Trojan-Spy.Win32.Agent.byhm User-Agent (EMSCBVDFRT)
1 || 2016908 || 5 || trojan-activity || 0 || ET TROJAN Trojan.Win32.FresctSpy.A User-Agent (MBVDFRESCT) || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanSpy%3AWin32%2FAgent.CZ
1 || 2016909 || 3 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Registration Rev3 || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi/
1 || 2016910 || 3 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Get Command Rev3 || url,ddos.arbornetworks.com/2013/05/the-revolution-will-be-written-in-delphi/
1 || 2016911 || 3 || trojan-activity || 0 || ET TROJAN W32/Briba CnC POST Beacon || url,www.fireeye.com/blog/technical/cyber-exploits/2013/05/ready-for-summer-the-sunshop-campaign.html || url,citizenlab.org/wp-content/uploads/2012/09/IEXPL0RE_RAT.pdf || url,www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=PWS%3AWin32%2FBriba.A
1 || 2016912 || 4 || trojan-activity || 0 || ET TROJAN W32/KeyLogger.ACQH!tr Checkin || md5,eddce1a6c0cc0eb7b739cb758c516975 || md5,c0d9352ad82598362a426cd38a7ecf0e || url,www.fortiguard.com/av/VID4225990 || url,enterprise.norman.com/resources/files/unveiling_an_indian_cyberattack_infrastructure_appendixes.pdf
1 || 2016913 || 4 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.VB.Alsci/Dragon Eye RAT Checkin (sending user info) || url,www.threatexpert.com/report.aspx?md5=e7d9bc670d69ad8a6ad2784255324eec || url,www.threatexpert.com/report.aspx?md5=37207835e128516fe17af3dacc83a00c
1 || 2016914 || 3 || trojan-activity || 0 || ET TROJAN Trojan.Win32.Antavmu.guw Checkin || md5,2b63ed542eb0e1a4547a2b6e91391dc0 || url,www.securelist.com/en/descriptions/16150989/Trojan.Win32.Antavmu.guw?print_mode=1 || url,www.threatexpert.com/report.aspx?md5=a80f33c94c44556caa2ef46cd5eb863c
1 || 2016915 || 4 || trojan-activity || 0 || ET MALWARE Suspicious User Agent Smart-RTP || url,www.threatexpert.com/report.aspx?md5=a80f33c94c44556caa2ef46cd5eb863c || url,www.drwebhk.com/en/virus_techinfo/Trojan.DownLoader8.25530.html || md5, 2b63ed542eb0e1a4547a2b6e91391dc0
1 || 2016916 || 3 || trojan-activity || 0 || ET MALWARE Suspicious User Agent Custom_56562_HttpClient/VER_STR_COMMA
1 || 2016917 || 2 || trojan-activity || 0 || ET MALWARE Adware pricepeep Adware.Shopper.297 || url,virustotal.com/en/file/1ea487b1507305f17a2cd2ab0dbcfac523419dbc27cde38e27cb5c4a8d3c9caf/analysis/ || url,lists.clean-mx.com/pipermail/viruswatch/20121222/037085.html || md5,0564e603f9ed646553933cb0d271f906
1 || 2016918 || 6 || attempted-admin || 0 || ET WEB_SERVER Possible NGINX Overflow CVE-2013-2028 Exploit Specific || url,www.vnsecurity.net/2013/05/analysis-of-nginx-cve-2013-2028/ || url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nginx_chunked_size.rb
1 || 2016919 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious Redirect URL
1 || 2016920 || 2 || attempted-admin || 0 || ET WEB_SERVER Apache Struts Possible xwork Disable Method Execution || url,struts.apache.org/development/2.x/docs/s2-013.html
1 || 2016921 || 5 || trojan-activity || 0 || ET INFO Suspicious Mozilla UA with no Space after colon
1 || 2016922 || 10 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || url,labs.alienvault.com/labs/index.php/2012/new-macontrol-variant-targeting-uyghur-users-the-windows-version-using-gh0st-rat/ || url,www.infowar-monitor.net/2009/09/tracking-ghostnet-investigating-a-cyber-espionage-network/ || url,blogs.rsa.com/will-gragido/lions-at-the-watering-hole-the-voho-affair/ || url,www.norman.com/about_norman/press_center/news_archive/2012/the_many_faces_of_gh0st_rat/en
1 || 2016923 || 13 || attempted-user || 0 || ET CURRENT_EVENTS KaiXin Exploit Kit Java Class 1 May 24 2013 || url,kahusecurity.com/2012/new-chinese-exploit-pack/
1 || 2016924 || 11 || attempted-user || 0 || ET CURRENT_EVENTS KaiXin Exploit Kit Java Class 2 May 24 2013 || url,kahusecurity.com/2012/new-chinese-exploit-pack/
1 || 2016925 || 2 || attempted-user || 0 || ET CURRENT_EVENTS KaiXin Exploit Landing Page 1 May 24 2013 || url,kahusecurity.com/2012/new-chinese-exploit-pack/
1 || 2016926 || 2 || attempted-user || 0 || ET CURRENT_EVENTS KaiXin Exploit Landing Page 2 May 24 2013 || url,kahusecurity.com/2012/new-chinese-exploit-pack/
1 || 2016927 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS HellSpawn EK Landing 1 May 24 2013
1 || 2016928 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HellSpawn EK Landing 2 May 24 2013
1 || 2016929 || 11 || trojan-activity || 0 || ET CURRENT_EVENTS Possible HellSpawn EK Fake Flash May 24 2013
1 || 2016930 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible HellSpawn EK Java Artifact May 24 2013
1 || 2016931 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK JNLP request
1 || 2016932 || 2 || trojan-activity || 0 || ET TROJAN Spy/Infostealer.Win32.Embed.A Client Traffic || url,contagiodump.blogspot.no/2011/01/jan-6-cve-2010-3333-with-info-theft.html
1 || 2016933 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request to Afraid.org Top 100 Dynamic DNS Domain May 28 2013
1 || 2016934 || 3 || trojan-activity || 0 || ET TROJAN W32/Safe User Agent Fantasia || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-safe-a-targeted-threat.pdf
1 || 2016935 || 2 || web-application-attack || 0 || ET WEB_SERVER SQL Injection Select Sleep Time Delay || url,pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
1 || 2016936 || 2 || web-application-attack || 0 || ET WEB_SERVER SQL Injection Local File Access Attempt Using LOAD_FILE || url,dev.mysql.com/doc/refman/5.1/en/string-functions.html#function_load-file || url,pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
1 || 2016937 || 3 || web-application-attack || 0 || ET WEB_SERVER SQL Injection List Priveleges Attempt || url,pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
1 || 2016938 || 3 || trojan-activity || 0 || ET MALWARE Adware.Ezula Checkin || md5,dede600f1e78fd20e4515bea1f2bdf61
1 || 2016939 || 2 || trojan-activity || 0 || ET TROJAN Variant.Kazy.174106 Checkin || md5,ff7a263e89ff01415294470e1e52c010
1 || 2016940 || 3 || trojan-activity || 0 || ET TROJAN Vobfus Check-in
1 || 2016941 || 5 || trojan-activity || 0 || ET TROJAN W32/PolyCrypt.A Checkin || url,www.threatexpert.com/report.aspx?md5=44be7c6d4109ae5fb0ceb2824facf2dd
1 || 2016942 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Landing Page - Received May 29 2013
1 || 2016943 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Payload Requested
1 || 2016944 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS HTTP connection to net78.net Free Web Hosting (Used by Various Trojans) || url,www.net78.net
1 || 2016945 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura encrypted binary (2)
1 || 2016946 || 3 || trojan-activity || 0 || ET TROJAN Possible Win32.Bicololo Checkin || md5,252c95327ce556a21bdd7e9a322e206c || url,www.virusradar.com/Win32_Bicololo.A/description
1 || 2016947 || 2 || trojan-activity || 0 || ET TROJAN Win32.Bicololo Response 1 || md5,691bd07048b09c73f0a979529a66f6e3
1 || 2016948 || 2 || trojan-activity || 0 || ET TROJAN Win32.Bicololo Response 2 || md5,691bd07048b09c73f0a979529a66f6e3
1 || 2016949 || 3 || trojan-activity || 0 || ET TROJAN Possible Backdoor.Linux.Tsunami Outbound HTTP request || url,malwaremustdie.blogspot.jp/2013/05/story-of-unix-trojan-tsunami-ircbot-w.html
1 || 2016950 || 2 || trojan-activity || 0 || ET TROJAN Possible Win32/Hupigon ip.txt with a Non-Mozilla UA || md5,4d23395fcbab1dabef9afe6af81df558
1 || 2016951 || 5 || trojan-activity || 0 || ET TROJAN Backdoor.Win32.Trup.CX Checkin 1 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Agent.AAE
1 || 2016952 || 7 || bad-unknown || 0 || ET CURRENT_EVENTS Probable Nuclear exploit kit landing page
1 || 2016953 || 3 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL Java Exec In URI
1 || 2016954 || 3 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL AllowStaticMethodAccess in client body
1 || 2016956 || 3 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL AllowStaticMethodAccess in URI || url,struts.apache.org/development/2.x/docs/s2-013.html
1 || 2016957 || 3 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL Java Exec in client body || url,struts.apache.org/development/2.x/docs/s2-013.html
1 || 2016958 || 3 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL Java WriteFile in client_body || url,struts.apache.org/development/2.x/docs/s2-013.html
1 || 2016959 || 3 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL Java WriteFile in URI || url,struts.apache.org/development/2.x/docs/s2-013.html
1 || 2016960 || 10 || trojan-activity || 0 || ET TROJAN System Progressive Detection FakeAV (AuthenticAMD) || md5,16d529fc48250571a9e667fb264c8497
1 || 2016961 || 11 || trojan-activity || 0 || ET TROJAN System Progressive Detection FakeAV (GenuineIntel) || md5,16d529fc48250571a9e667fb264c8497
1 || 2016962 || 2 || trojan-activity || 0 || ET DELETED Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 2 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231
1 || 2016963 || 5 || trojan-activity || 0 || ET TROJAN Trojan.Win32/Mutopy.A Checkin || md5,2a0344bac492c65400eb944ac79ac3c3 || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3AWin32%2FMutopy.A&ThreatID=-2147312217 || url,blog.trendmicro.com/trendlabs-security-intelligence/header-spoofing-hides-malware-communication/
1 || 2016964 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack Reporting Plugin Detect Data June 03 2013
1 || 2016965 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Metasploit Based Unknown EK Jar Download June 03 2013
1 || 2016966 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura obfuscated javascript Jun 1 2013
1 || 2016967 || 2 || trojan-activity || 0 || ET TROJAN W32/Symmi Remote File Injector Initial CnC Beacon || url,www.deependresearch.org/2013/05/under-this-rock-vulnerable.html
1 || 2016968 || 5 || trojan-activity || 0 || ET TROJAN Win32/Travnet.A Checkin || md5,d04a7f30c83290b86cac8d762dcc2df5 || md5,cb9cc50b18a7c91cf4a34c624b90db5d || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AWin32%2FTravnet.A || url,blogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-sensitive-data || url,www.securelist.com/en/downloads/vlpdfs/kaspersky-the-net-traveler-part1-final.pdf
1 || 2016969 || 5 || trojan-activity || 0 || ET TROJAN Possible Win32/Travnet.A Internet Connection Check (microsoft.com) || md5,d04a7f30c83290b86cac8d762dcc2df5 || md5,cb9cc50b18a7c91cf4a34c624b90db5d || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanSpy%3AWin32%2FTravnet.A || url,blogs.mcafee.com/mcafee-labs/travnet-botnet-steals-huge-amount-of-sensitive-data
1 || 2016970 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Karagany encrypted binary (3)
1 || 2016971 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 32-hex/a.php Landing Page/Java exploit URI
1 || 2016972 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 32-hex/a.php Jar Download
1 || 2016973 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16-hex/a.php Landing Page/Java exploit URI
1 || 2016974 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole 16-hex/a.php Jar Download
1 || 2016975 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino EK Landing URI Format
1 || 2016976 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Payload Download (9)
1 || 2016977 || 3 || trojan-activity || 0 || ET WEB_SERVER allow_url_include PHP config option in uri || url,seclists.org/fulldisclosure/2013/Jun/21
1 || 2016978 || 3 || trojan-activity || 0 || ET WEB_SERVER safe_mode PHP config option in uri || url,seclists.org/fulldisclosure/2013/Jun/21
1 || 2016979 || 4 || trojan-activity || 0 || ET WEB_SERVER suhosin.simulation PHP config option in uri || url,seclists.org/fulldisclosure/2013/Jun/21
1 || 2016980 || 5 || trojan-activity || 0 || ET WEB_SERVER disable_functions PHP config option in uri || url,seclists.org/fulldisclosure/2013/Jun/21
1 || 2016981 || 4 || trojan-activity || 0 || ET WEB_SERVER open_basedir PHP config option in uri || url,seclists.org/fulldisclosure/2013/Jun/21
1 || 2016982 || 3 || trojan-activity || 0 || ET WEB_SERVER auto_prepend_file PHP config option in uri || url,seclists.org/fulldisclosure/2013/Jun/21
1 || 2016983 || 2 || trojan-activity || 0 || ET WEB_SERVER Access to /phppath/php Possible Plesk 0-day Exploit June 05 2013 || url,seclists.org/fulldisclosure/2013/Jun/21
1 || 2016984 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Initial Gate from Linked-In Mailing Campaign
1 || 2016985 || 2 || bad-unknown || 0 || ET INFO Executable Served From /tmp/ Directory - Malware Hosting Behaviour
1 || 2016986 || 2 || trojan-activity || 0 || ET TROJAN KeyBoy Backdoor Login || url,community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-tar geted-attacks-against-vietnam-and-india
1 || 2016987 || 2 || trojan-activity || 0 || ET TROJAN KeyBoy Backdoor SysInfo Response header || url,community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-tar geted-attacks-against-vietnam-and-india
1 || 2016988 || 3 || trojan-activity || 0 || ET TROJAN KeyBoy Backdoor File Manager Response Header || url,community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-tar geted-attacks-against-vietnam-and-india
1 || 2016989 || 2 || trojan-activity || 0 || ET TROJAN KeyBoy Backdoor File Download Response Header || url,community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-tar geted-attacks-against-vietnam-and-india
1 || 2016990 || 2 || trojan-activity || 0 || ET TROJAN KeyBoy Backdoor File Upload Response Header || url,community.rapid7.com/community/infosec/blog/2013/06/07/keyboy-tar geted-attacks-against-vietnam-and-india
1 || 2016991 || 4 || trojan-activity || 0 || ET TROJAN Alina Server Response Code || url,blog.spiderlabs.com/2013/05/alina-shedding-some-light-on-this-malware-family.html || md5,7d6ec042a38d108899c8985ed7417e4a
1 || 2016992 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell Generic - *.tar.gz in POST body
1 || 2016993 || 3 || trojan-activity || 0 || ET TROJAN Connection to AnubisNetworks Sinkhole IP (Possible Infected Host)
1 || 2016994 || 2 || trojan-activity || 0 || ET TROJAN Connection to Georgia Tech Sinkhole IP (Possible Infected Host)
1 || 2016995 || 3 || trojan-activity || 0 || ET TROJAN Connection to 1&1 Sinkhole IP (Possible Infected Host)
1 || 2016996 || 2 || trojan-activity || 0 || ET TROJAN Connection to Zinkhole Sinkhole IP (Possible Infected Host)
1 || 2016997 || 2 || trojan-activity || 0 || ET TROJAN Connection to Dr Web Sinkhole IP(Possible Infected Host)
1 || 2016998 || 2 || trojan-activity || 0 || ET TROJAN Connection to Fitsec Sinkhole IP (Possible Infected Host)
1 || 2016999 || 3 || trojan-activity || 0 || ET TROJAN Connection to Microsoft Sinkhole IP (Possbile Infected Host)
1 || 2017000 || 3 || trojan-activity || 0 || ET TROJAN Connection to unallocated address space 1.1.1.0/24
1 || 2017001 || 2 || trojan-activity || 0 || ET TROJAN Connection to a cert.pl Sinkhole IP (Possible Infected Host)
1 || 2017002 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Kuluoz.B Shipping Label Spam Campaign
1 || 2017003 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Kuluoz.B Spam Campaign Shipment_Label.exe in Zip
1 || 2017004 || 4 || trojan-activity || 0 || ET TROJAN Win32/Tobfy.S || md5,ac03c5980e2019992b876798df2df9ab
1 || 2017005 || 5 || attempted-user || 0 || ET CURRENT_EVENTS Possible Microsoft Office PNG overflow attempt invalid tEXt chunk length || cve,2013-1331 || url,blogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx
1 || 2017006 || 5 || attempted-user || 0 || ET EXPLOIT CVE-2013-1331 Microsoft Office PNG Exploit plugin-detect script access || url,blogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx
1 || 2017007 || 6 || attempted-user || 0 || ET EXPLOIT CVE-2013-1331 Microsoft Office PNG Exploit plugin-detect script access || url,blogs.technet.com/b/srd/archive/2013/06/11/ms13-051-get-out-of-my-office.aspx
1 || 2017008 || 5 || attempted-user || 0 || ET EXPLOIT CVE-2013-1331 Microsoft Office PNG Exploit Specific
1 || 2017009 || 5 || trojan-activity || 0 || ET TROJAN KimJongRAT cnc exe pull || url,malware.lu/Pro/RAP003_KimJongRAT-Stealer_Analysis.1.0.pdf
1 || 2017010 || 3 || bad-unknown || 0 || ET WEB_SERVER Possible SQLi xp_cmdshell POST body
1 || 2017011 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Glazunov EK Downloading Jar
1 || 2017012 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible 2012-1533 altjvm (jvm.dll) Requested Over WeBDAV || cve,2012-1533
1 || 2017013 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible 2012-1533 altjvm RCE via JNLP command injection || cve,2012-1533
1 || 2017014 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Landing (Payload Downloaded Via Dropbox)
1 || 2017015 || 6 || policy-violation || 0 || ET POLICY DropBox User Content Access over SSL || url,www.dropbox.com/help/201/en
1 || 2017016 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Jar 1 June 12 2013
1 || 2017017 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Jar 2 June 12 2013
1 || 2017018 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Jar 3 June 12 2013
1 || 2017019 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Dotka Chef EK .cache request
1 || 2017020 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS Dotka Chef EK exploit/payload URI request
1 || 2017021 || 5 || trojan-activity || 0 || ET TROJAN TripleNine RAT Checkin
1 || 2017022 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17 2013 1 || url,www.malwaresigs.com/2013/06/14/slight-change-in-flashpack-uri/
1 || 2017023 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17 2013 2 || url,www.malwaresigs.com/2013/06/14/slight-change-in-flashpack-uri/
1 || 2017024 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack/FlashPack URI Format June 17 2013 3 || url,www.malwaresigs.com/2013/06/14/slight-change-in-flashpack-uri/
1 || 2017025 || 3 || successful-user || 0 || ET ATTACK_RESPONSE Net User Command Response
1 || 2017026 || 2 || trojan-activity || 0 || ET TROJAN Unknown Webserver Backdoor || url,blog.sucuri.net/2013/06/apache-php-injection-to-javascript-files.html
1 || 2017027 || 2 || trojan-activity || 0 || ET TROJAN Unknown Webserver Backdoor Domain (google-analytcs) || url,blog.sucuri.net/2013/06/apache-php-injection-to-javascript-files.html
1 || 2017028 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS MALVERTISING Unknown_InIFRAME - RedTDS URI Structure
1 || 2017029 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_InIFRAME - URI Structure
1 || 2017030 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_InIFRAME - Redirect to /iniframe/ URI
1 || 2017031 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown_InIFRAME - In Referrer
1 || 2017032 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS MALVERTISING Flash - URI - /loading?vkn=
1 || 2017034 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS NailedPack EK Landing June 18 2013 || url,www.basemont.com/june_2013_exploit_kit_2
1 || 2017035 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious Redirect June 18 2013
1 || 2017036 || 3 || trojan-activity || 0 || ET TROJAN Activity related to APT.Seinup Checkin 1 || url,fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html
1 || 2017037 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Javadoc API Redirect CVE-2013-1571 || cve,2013-1571
1 || 2017038 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS RedKit Jar Download June 20 2013
1 || 2017039 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS X20 EK Payload Download
1 || 2017040 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin Exploit Kit Landing URI Struct
1 || 2017041 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.7.x
1 || 2017042 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.6 (Old)
1 || 2017043 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.6 (New)
1 || 2017044 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin Exploit Kit Jar 1.6 (New)
1 || 2017045 || 3 || trojan-activity || 0 || ET TROJAN Possible Drive DDoS Check-in
1 || 2017046 || 3 || trojan-activity || 0 || ET TROJAN Drive Receiving GET DDoS instructions || url,ddos.arbornetworks.com/2013/06/dirtjumpers-ddos-engine-gets-a-tune-up-with-new-drive-variant/
1 || 2017047 || 3 || trojan-activity || 0 || ET TROJAN Drive Receiving POST1 DDoS instructions || url,ddos.arbornetworks.com/2013/06/dirtjumpers-ddos-engine-gets-a-tune-up-with-new-drive-variant/
1 || 2017048 || 3 || trojan-activity || 0 || ET TROJAN Drive Receiving POST2 DDoS instructions || url,ddos.arbornetworks.com/2013/06/dirtjumpers-ddos-engine-gets-a-tune-up-with-new-drive-variant/
1 || 2017049 || 3 || trojan-activity || 0 || ET TROJAN Drive Receiving IP DDoS instructions || url,ddos.arbornetworks.com/2013/06/dirtjumpers-ddos-engine-gets-a-tune-up-with-new-drive-variant/
1 || 2017050 || 4 || trojan-activity || 0 || ET TROJAN Drive Receiving IP2 DDoS instructions || url,ddos.arbornetworks.com/2013/06/dirtjumpers-ddos-engine-gets-a-tune-up-with-new-drive-variant/
1 || 2017051 || 3 || trojan-activity || 0 || ET TROJAN Drive Receiving UDP DDoS instructions || url,ddos.arbornetworks.com/2013/06/dirtjumpers-ddos-engine-gets-a-tune-up-with-new-drive-variant/
1 || 2017052 || 2 || trojan-activity || 0 || ET TROJAN Poison Ivy [victim beacon]
1 || 2017053 || 3 || trojan-activity || 0 || ET TROJAN Poison Ivy [server response]
1 || 2017054 || 2 || bad-unknown || 0 || ET WEB_SERVER WebShell Generic - ELF File Uploaded
1 || 2017055 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS AryaN IRC bot CnC1
1 || 2017056 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS AryaN IRC bot CnC2
1 || 2017057 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS AryaN IRC bot Download and Execute Scheduled file command
1 || 2017058 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS AryaN IRC bot Flood command
1 || 2017059 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS AryaN IRC bot Botkill command
1 || 2017060 || 3 || trojan-activity || 0 || ET EXPLOIT SolusVM 1.13.03 SQL injection
1 || 2017061 || 3 || trojan-activity || 0 || ET EXPLOIT SolusVM 1.13.03 Access to solusvmc-node setuid bin
1 || 2017063 || 3 || trojan-activity || 0 || ET EXPLOIT SolusVM WHMCS CURL Multi-part Boundary Issue || url,localhost.re/p/solusvm-whmcs-module-316-vulnerability
1 || 2017064 || 17 || trojan-activity || 0 || ET CURRENT_EVENTS Cool/BHEK Applet with Alpha-Numeric Encoded HTML entity
1 || 2017065 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Pony Loader default URI struct
1 || 2017066 || 7 || trojan-activity || 0 || ET TROJAN Win32/Comisproc Checkin || url,threatexpert.com/report.aspx?md5=9378ef5f2fb2e71e5eeed20f9f21d8dd || url,microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan%3aWin32/Comisproc&ThreatID=-2147341910 || url,unixfreaxjp.blogspot.com.br/2012/11/ocjp-080-bootkitsoftbankbb.html
1 || 2017067 || 5 || trojan-activity || 0 || ET USER_AGENTS Suspicious user agent (Google page)
1 || 2017068 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino Exploit Kit Redirector To Landing Page || url,malwaremustdie.blogspot.co.uk/2013/06/knockin-on-neutrino-exploit-kits-door.html
1 || 2017069 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino Exploit Kit Clicker.php TDS || url,malwaremustdie.blogspot.co.uk/2013/06/knockin-on-neutrino-exploit-kits-door.html
1 || 2017070 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Applet tag in jjencode as (as seen in Dotka Chef EK)
1 || 2017071 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino Exploit Kit XOR decodeURIComponent
1 || 2017072 || 3 || trojan-activity || 0 || ET DELETED Blackhole/Cool plugindetect in octal Jun 26 2013
1 || 2017073 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Cool Exploit Kit iframe with obfuscated Java version check Jun 26 2013
1 || 2017074 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload || bugtraq,57082 || cve,2012-6081 || url,packetstormsecurity.com/files/122079/moinmoin_twikidraw.rb.txt || url,exploit-db.com/exploits/25304/
1 || 2017075 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange applet structure June 27 2013
1 || 2017076 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Variant Payload Download
1 || 2017077 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Redirect to DotkaChef EK Landing
1 || 2017078 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Lucky7 Java Exploit URI Struct June 28 2013
1 || 2017079 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sibhost Status Check GET Jul 01 2013
1 || 2017080 || 2 || policy-violation || 0 || ET INFO ClearTextAuth - HTTP - http_client_body contains pasa=
1 || 2017081 || 2 || policy-violation || 0 || ET INFO ClearTextAuth - HTTP - http_uri contains pasa=
1 || 2017082 || 2 || policy-violation || 0 || ET INFO ClearTextAuth - HTTP - http_client_body contains pasa form
1 || 2017083 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - GODSpy - GOD Hacker
1 || 2017084 || 3 || trojan-activity || 0 || ET WEB_SERVER WebShell - GODSpy - GODSpy title
1 || 2017085 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - GODSpy - Cookie
1 || 2017086 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - GODSpy - MySQL
1 || 2017087 || 3 || trojan-activity || 0 || ET WEB_SERVER WebShell - GODSpy - Auth Prompt
1 || 2017088 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - GODSPy - Auth Creds
1 || 2017089 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - Pouya - Pouya_Server Shell
1 || 2017090 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - Pouya - URI - raiz
1 || 2017091 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - Pouya - URI - action=
1 || 2017092 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack/FlashPack Jar Download Jul 01 2013 || url,www.malwaresigs.com/2013/06/14/slight-change-in-flashpack-uri/
1 || 2017093 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack/FlashPack EXE Download Jul 01 2013 || url,www.malwaresigs.com/2013/06/14/slight-change-in-flashpack-uri/
1 || 2017094 || 3 || attempted-admin || 0 || ET EXPLOIT IPMI Cipher 0 Authentication mode set || url,www.intel.com/content/dam/www/public/us/en/documents/product-briefs/second-gen-interface-spec-v2.pdf || url,community.rapid7.com/community/metasploit/blog/2013/06/23/a-penetration-testers-guide-to-ipmi
1 || 2017095 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Malvertising Exploit Kit Hostile Jar pipe.class
1 || 2017096 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Malvertising Exploit Kit Hostile Jar app.jar
1 || 2017097 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Malvertising Exploit Kit Hostile Jar cm2.jar
1 || 2017098 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Lucky7 EK Landing Encoded Plugin-Detect
1 || 2017099 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Lucky7 EK IE Exploit
1 || 2017100 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS /Styx EK - /jlnp.html || url,blogs.mcafee.com/mcafee-labs/styx-exploit-kit-takes-advantage-of-vulnerabilities
1 || 2017101 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS /Styx EK - /jovf.html || url,blogs.mcafee.com/mcafee-labs/styx-exploit-kit-takes-advantage-of-vulnerabilities
1 || 2017102 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS /Styx EK - /jorg.html || url,blogs.mcafee.com/mcafee-labs/styx-exploit-kit-takes-advantage-of-vulnerabilities
1 || 2017104 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino EK Landing URI Format July 04 2013
1 || 2017106 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing Applet Jul 05 2013
1 || 2017107 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FlashPlayerSetup.x86.exe pull || url,blog.avast.com/2013/07/03/fake-flash-player-installer
1 || 2017108 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FlashPlayerSetup.x86.exe checkin UA || url,blog.avast.com/2013/07/03/fake-flash-player-installer
1 || 2017109 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FlashPlayerSetup.x86.exe checkin response 2 || url,blog.avast.com/2013/07/03/fake-flash-player-installer
1 || 2017110 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange applet structure Jul 05 2013
1 || 2017111 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS VBulletin Backdoor CMD inbound || url,blog.sucuri.net/2013/07/vbulletin-infections-from-adabeupdate.html
1 || 2017112 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS VBulletin Backdoor C2 URI Structure || url,blog.sucuri.net/2013/07/vbulletin-infections-from-adabeupdate.html
1 || 2017113 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS VBulletin Backdoor C2 Domain  || url,blog.sucuri.net/2013/07/vbulletin-infections-from-adabeupdate.html
1 || 2017114 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Styx iframe with obfuscated Java version check Jul 04 2013
1 || 2017115 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange applet July 08 2013
1 || 2017116 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing with Applet July 08 2013
1 || 2017117 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Cool Exploit Kit Plugin-Detect July 08 2013
1 || 2017118 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sibhost Zip as Applet Archive July 08 2013
1 || 2017119 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CritX/SafePack Java Exploit Payload June 03 2013
1 || 2017122 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Adobe Flash Player update warning enticing clicks to malware payload
1 || 2017123 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Adobe Flash Player malware binary requested
1 || 2017124 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Redirection - Wordpress Injection
1 || 2017125 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Probable FlimKit Redirect July 10 2013
1 || 2017126 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing July 10 2013
1 || 2017127 || 2 || bad-unknown || 0 || ET INFO JJEncode Encoded Script
1 || 2017128 || 5 || trojan-activity || 0 || ET TROJAN Expiro Trojan Check-in
1 || 2017129 || 3 || attempted-user || 0 || ET WEB_CLIENT Potential Interent Explorer Use After Free CVE-2013-3163 || cve,2013-3163 || url,blogs.technet.com/b/srd/archive/2013/07/10/running-in-the-wild-not-for-so-long.aspx
1 || 2017130 || 2 || attempted-user || 0 || ET WEB_CLIENT Potential Interent Explorer Use After Free CVE-2013-3163 2 || cve,2013-3163 || url,blogs.technet.com/b/srd/archive/2013/07/10/running-in-the-wild-not-for-so-long.aspx
1 || 2017131 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Potential Interent Explorer Use After Free CVE-2013-3163 Exploit URI Struct 1 || url,blogs.technet.com/b/srd/archive/2013/07/10/running-in-the-wild-not-for-so-long.aspx
1 || 2017133 || 3 || attempted-user || 0 || ET WEB_CLIENT Microsoft Internet Explorer Use-After-Free CVE-2013-3163 || cve,2013-3163
1 || 2017134 || 4 || trojan-activity || 0 || ET WEB_SERVER WebShell - Generic - GIF Header With HTML Form
1 || 2017135 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS PHISH Remax - function Validate
1 || 2017136 || 3 || trojan-activity || 0 || ET MALWARE Adware.Gamevance.AV Checkin || url,virustotal.com/en/file/21e04ef285d9df2876bab83dd91a8bd78ecdf0d47a8e4693e2ec1924f642bfc8/analysis/ || md5,0134997dff945fbfe62f343bcba782bc
1 || 2017137 || 2 || trojan-activity || 0 || ET TROJAN Cryptmen FakAV page Title
1 || 2017138 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS g01pack - Java JNLP Requested
1 || 2017139 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DotkaChef JJencode Script URI Struct
1 || 2017140 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Blackhole EK Jar Download URI Struct
1 || 2017141 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole EK Plugin-Detect July 12 2013
1 || 2017142 || 2 || attempted-recon || 0 || ET SCAN Arachni Web Scan || url,www.arachni-scanner.com/
1 || 2017143 || 3 || web-application-attack || 0 || ET WEB_SERVER CRLF Injection - Newline Characters in URL || url,www.owasp.org/index.php/CRLF_Injection
1 || 2017146 || 3 || web-application-attack || 0 || ET WEB_SERVER HTTP Request Smuggling Attempt - Double Content-Length Headers || url,www.owasp.org/index.php/HTTP_Request_Smuggling
1 || 2017147 || 2 || web-application-attack || 0 || ET WEB_SERVER HTTP Request Smuggling Attempt - Two Transfer-Encoding Values Specified || url,www.owasp.org/index.php/HTTP_Request_Smuggling
1 || 2017148 || 3 || successful-admin || 0 || ET ATTACK_RESPONSE Non-Local Burp Proxy Error || url,portswigger.net/burp/proxy.html
1 || 2017149 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Redirection - phpBB Injection
1 || 2017150 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS Cool PDF July 15 2013
1 || 2017151 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS Styx PDF July 15 2013
1 || 2017152 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Jar URI Struct
1 || 2017153 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit JNLP URI Struct
1 || 2017154 || 2 || attempted-dos || 0 || ET DOS Squid-3.3.5 DoS
1 || 2017155 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect || url,struts.apache.org/release/2.3.x/docs/s2-016.html
1 || 2017156 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirectAction || url,struts.apache.org/release/2.3.x/docs/s2-016.html
1 || 2017157 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 action || url,struts.apache.org/release/2.3.x/docs/s2-016.html
1 || 2017161 || 1 || attempted-recon || 0 || ET SCAN SipCLI VOIP Scan - TCP || url,www.yasinkaplan.com/SipCli/
1 || 2017162 || 2 || attempted-recon || 0 || ET SCAN SipCLI VOIP Scan || url,www.yasinkaplan.com/SipCli/
1 || 2017163 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE signed-unsigned integer mismatch code-verification bypass || url,sophos.com/2013/07/17/anatomy-of-another-android-hole-chinese-researchers-claim-new-code-verification-bypass/
1 || 2017164 || 4 || trojan-activity || 0 || ET DELETED BlackHole EK Non-standard base64 Key
1 || 2017165 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS JS Browser Based Ransomware || url,blog.malwarebytes.org/intelligence/2013/07/fbi-ransomware-now-targeting-apples-mac-os-x-users/ || url,www.f-secure.com/weblog/archives/00002577.html
1 || 2017166 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sibhost Zip as Applet Archive July 08 2013
1 || 2017167 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS X20 EK Landing July 22 2013
1 || 2017168 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing 07/22/13
1 || 2017169 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing 07/22/13 2
1 || 2017170 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing 07/22/13 3
1 || 2017171 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing 07/22/13 4
1 || 2017172 || 4 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL Java ProcessBuilder URI
1 || 2017173 || 4 || attempted-user || 0 || ET EXPLOIT Apache Struts Possible OGNL Java ProcessBuilder in client body || url,struts.apache.org/development/2.x/docs/s2-013.html
1 || 2017174 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirect || url,struts.apache.org/release/2.3.x/docs/s2-016.html
1 || 2017175 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 redirectAction || url,struts.apache.org/release/2.3.x/docs/s2-016.html
1 || 2017176 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL Command Execution CVE-2013-2251 action || url,struts.apache.org/release/2.3.x/docs/s2-016.html
1 || 2017177 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Rawin - Landing Page Received
1 || 2017178 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Rawin - Java Exploit -dubspace.jar
1 || 2017179 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Payload Download
1 || 2017180 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Payload Download 2
1 || 2017181 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Sibhost/FlimKit/Glazunov Jar with lowercase class names
1 || 2017182 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Possible CritXPack - Landing Page - jnlp_embedded
1 || 2017183 || 3 || trojan-activity || 0 || ET WEB_SERVER WebShell ASPXShell - Title
1 || 2017184 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Inbound) 1
1 || 2017185 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Inbound) 2
1 || 2017186 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Inbound) 3
1 || 2017187 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 1
1 || 2017188 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 2
1 || 2017189 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 3
1 || 2017190 || 5 || trojan-activity || 0 || ET TROJAN Win32/Kelihos.F exe Download 2 || md5,1303188d039076998b170fffe48e4cc0
1 || 2017191 || 3 || trojan-activity || 0 || ET TROJAN Win32/Kelihos.F Checkin || md5,00db349caf2eefc3be5ee30b8b8947a2
1 || 2017192 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response Octal (Outbound)
1 || 2017193 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response Hex (Outbound)
1 || 2017194 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response Octal (Inbound)
1 || 2017195 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response Hex (Inbound)
1 || 2017196 || 4 || trojan-activity || 0 || ET MALWARE Crossrider Spyware Checkin
1 || 2017197 || 3 || bad-unknown || 0 || ET INFO JNLP embedded file
1 || 2017198 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Reversed Embedded JNLP Observed in Sakura/Blackhole Landing
1 || 2017199 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Java UA Requesting Numeric.ext From Base Dir (Observed in Redkit/Sakura)
1 || 2017200 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sakura Jar Download
1 || 2017201 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 (Reversed) || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html
1 || 2017202 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated Click To Run Bypass (Reversed) || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html
1 || 2017203 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 2 (Reversed) || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html
1 || 2017204 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Applet JNLP applet_ssv_validated in Base64 3 (Reversed) || url,immunityproducts.blogspot.fr/2013/04/yet-another-java-security-warning-bypass.html
1 || 2017205 || 2 || attempted-user || 0 || ET EXPLOIT Wscript Shell Run Attempt - Likely Hostile
1 || 2017206 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 1
1 || 2017207 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 2
1 || 2017208 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 3
1 || 2017209 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 4
1 || 2017210 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 5
1 || 2017211 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 6
1 || 2017212 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 1
1 || 2017213 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 2
1 || 2017214 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 3
1 || 2017215 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 4
1 || 2017216 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 5
1 || 2017217 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 6
1 || 2017218 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String (Single Q) 7
1 || 2017219 || 2 || trojan-activity || 0 || ET INFO Obfuscated Eval String 7
1 || 2017220 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 1
1 || 2017221 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 2
1 || 2017222 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 3
1 || 2017223 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 4
1 || 2017224 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 5
1 || 2017225 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 6
1 || 2017226 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 7
1 || 2017227 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 8
1 || 2017228 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 9
1 || 2017229 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 10
1 || 2017230 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 11
1 || 2017231 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 12
1 || 2017232 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Single Q) 13
1 || 2017233 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 1
1 || 2017234 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 2
1 || 2017235 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 3
1 || 2017236 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 4
1 || 2017237 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 5
1 || 2017238 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 6
1 || 2017239 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 7
1 || 2017240 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 8
1 || 2017241 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 9
1 || 2017242 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 10
1 || 2017243 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 11
1 || 2017244 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 12
1 || 2017245 || 2 || bad-unknown || 0 || ET INFO Obfuscated Split String (Double Q) 13
1 || 2017246 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Outbound) 4
1 || 2017247 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS c0896 Hacked Site Response (Inbound) 4
1 || 2017248 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS PluginDetect plus Java version check
1 || 2017249 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS %Hex Encoded Applet (Observed in Sakura)
1 || 2017250 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS %Hex Encoded jnlp_embedded (Observed in Sakura)
1 || 2017251 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS %Hex Encoded applet_ssv_validated (Observed in Sakura)
1 || 2017252 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS %Hex Encoded/base64 1 applet_ssv_validated (Observed in Sakura)
1 || 2017253 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS %Hex Encoded/base64 2 applet_ssv_validated (Observed in Sakura)
1 || 2017254 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS %Hex Encoded/base64 3 applet_ssv_validated (Observed in Sakura)
1 || 2017257 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake FedEX/Pony spam campaign URI Struct 2
1 || 2017258 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Fake FedEX/Pony spam campaign URI Struct
1 || 2017259 || 11 || trojan-activity || 0 || ET TROJAN Generic - POST To .php w/Extended ASCII Characters
1 || 2017260 || 11 || trojan-activity || 0 || ET WEB_SERVER WebShell Generic - ASP File Uploaded
1 || 2017261 || 2 || trojan-activity || 0 || ET TROJAN TrojanDownloader.Win32/Dofoil.U Trojan Checkin
1 || 2017262 || 5 || trojan-activity || 0 || ET TROJAN Comfoo Checkin || url,www.secureworks.com/cyber-threat-intelligence/threats/secrets-of-the-comfoo-masters/
1 || 2017263 || 2 || trojan-activity || 0 || ET TROJAN StealRat Checkin
1 || 2017264 || 2 || trojan-activity || 0 || ET TROJAN CBReplay Checkin
1 || 2017265 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Non-standard base64 Key
1 || 2017266 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino EK Landing URI Format Sep 30 2013
1 || 2017267 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Exploit Download Sep 30 2013
1 || 2017268 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Payload Download Sep 30 2013
1 || 2017269 || 2 || trojan-activity || 0 || ET TROJAN CBReplay.P Ransomware
1 || 2017270 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit Landing Applet With Payload Aug 02 2013 || url,malwaremustdie.blogspot.co.uk/2013/02/the-infection-of-styx-exploit-kit.html
1 || 2017271 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Plugin-Detect with global % replace on unescaped string (Sakura)
1 || 2017272 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin EK Java (Old) /golem.jar
1 || 2017273 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin EK Java 1.7 /caramel.jar
1 || 2017274 || 2 || trojan-activity || 0 || ET TROJAN W32/StealRat.SpamBot Configuration File Request || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-stealrat.pdf
1 || 2017275 || 2 || trojan-activity || 0 || ET TROJAN W32/StealRat.SpamBot CnC Server Configuration File Response || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-stealrat.pdf
1 || 2017276 || 2 || trojan-activity || 0 || ET TROJAN W32/StealRat.SpamBot Email Template Request || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-stealrat.pdf
1 || 2017277 || 4 || attempted-user || 0 || ET WEB_SERVER Possible Apache Struts OGNL in Dynamic Action || cve,2013-2135 || bugtraq,60345 || url,cwiki.apache.org/confluence/display/WW/S2-015
1 || 2017278 || 2 || web-application-attack || 0 || ET WEB_SERVER Possible Apache Struts OGNL Expression Injection || cve,2013-2135 || bugtraq,60345 || url,cwiki.apache.org/confluence/display/WW/S2-015
1 || 2017279 || 3 || trojan-activity || 0 || ET TROJAN Win32.Rovnix.I Checkin || md5,605daaa9662b82c0d5982ad3a742d2e7
1 || 2017280 || 3 || trojan-activity || 0 || ET WEB_SERVER Possible OpenX Backdoor Backdoor Access POST to flowplayer || url,blog.sucuri.net/2013/08/openx-org-compromised-and-downloads-injected-with-a-backdoor.html
1 || 2017281 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Ransom.Win32.Blocker.bjat
1 || 2017282 || 3 || trojan-activity || 0 || ET INFO Microsoft Script Encoder Encoded File
1 || 2017283 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - net user - PRIVMSG Command 
1 || 2017284 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - net localgroup - PRIVMSG Command
1 || 2017285 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - net add PRIVMSG Command 
1 || 2017286 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - netsh - PRIVMSG Command 
1 || 2017287 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - ipconfig - PRIVMSG Command 
1 || 2017288 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot -  reg - PRIVMSG Command 
1 || 2017289 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - The command completed successfully - PRIVMSG Response
1 || 2017290 || 3 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - PRIVMSG Response - Directory Listing
1 || 2017291 || 5 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - PRIVMSG Response - net command output
1 || 2017292 || 4 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - PRIVMSG Response - ipconfig command output
1 || 2017293 || 2 || bad-unknown || 0 || ET WEB_SERVER - EXE File Uploaded - Hex Encoded
1 || 2017294 || 3 || misc-activity || 0 || ET INFO Adobe PKG Download Flowbit Set
1 || 2017295 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Styx iframe with obfuscated Java version check Jul 04 2013
1 || 2017296 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CritX/SafePack/FlashPack Jar Download
1 || 2017297 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CritX/SafePack/FlashPack EXE Download
1 || 2017298 || 3 || attempted-user || 0 || ET WEB_CLIENT Possible Firefox CVE-2013-1690 || cve,2013-1690
1 || 2017299 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS X20 EK Download Aug 07 2013
1 || 2017300 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin -TDS - POST w/Java Version
1 || 2017301 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Trojan Dropper purporting to be missing application page landing
1 || 2017302 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Trojan Dropper purporting to be missing application - findloader
1 || 2017303 || 5 || trojan-activity || 0 || ET TROJAN ATTACKER IRCBot - PRIVMSG Response - Directory Listing *nix
1 || 2017305 || 3 || trojan-activity || 0 || ET TROJAN Win32/Cridex Checkin || md5,94e496decf90c4ba2fb3e7113a081726
1 || 2017306 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS 0f2490 Hacked Site Response (Inbound)
1 || 2017307 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS 0f2490 Hacked Site Response (Outbound)
1 || 2017308 || 3 || trojan-activity || 0 || ET TROJAN W32/PornoAsset.Ransomware CnC Checkin || url,anubis.iseclab.org/?action=result&task_id=19e3b6cbfdf8d6bd429ecc75ed016fb91 || url,blog.avast.com/2013/11/21/ransomware-annoys-its-victims-by-displaying-child-pornography-pictures/#more-20393 || url,blog.avast.com/2013/10/24/what-to-do-if-your-computer-is-attacked-by-ransomware/
1 || 2017309 || 3 || trojan-activity || 0 || ET TROJAN FortDisco Reporting Status || url,www.arbornetworks.com/asert/2013/08/fort-disco-bruteforce-campaign/ || md5,722a1809bd4fd75743083f3577e1e6a4
1 || 2017310 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible FortDisco Wordpress Brute-force Site list download 10+ wp-login.php || url,www.arbornetworks.com/asert/2013/08/fort-disco-bruteforce-campaign/ || md5,722a1809bd4fd75743083f3577e1e6a4
1 || 2017311 || 3 || trojan-activity || 0 || ET TROJAN Possible FortDisco Reporting Hacked Accounts || url,www.arbornetworks.com/asert/2013/08/fort-disco-bruteforce-campaign/
1 || 2017312 || 4 || trojan-activity || 0 || ET TROJAN Win32/Pift DNS TXT CnC Lookup ppidn.net || url,kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23873/en_US/McAfee%20Labs%20Threat%20Advisory-W32-Pift.pdf || md5,d3c6af8284276b11c2f693c1195b4735
1 || 2017313 || 3 || trojan-activity || 0 || ET TROJAN China Chopper Command Struct || url,www.fireeye.com/blog/technical/botnet-activities-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html
1 || 2017314 || 2 || trojan-activity || 0 || ET TROJAN PRISM Backdoor
1 || 2017315 || 2 || trojan-activity || 0 || ET TROJAN Unknown Covert Channel (VERSONEX and Mr.Black)
1 || 2017317 || 2 || trojan-activity || 0 || ET ATTACK_RESPONSE python shell spawn attempt
1 || 2017318 || 3 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS IRC - PRIVMSG *.(exe|tar|tgz|zip)  download command
1 || 2017319 || 6 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and 3 Letter Country Code
1 || 2017321 || 8 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and Possible Windows XP/7
1 || 2017322 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and Win
1 || 2017323 || 4 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS IRC - NICK and -PC
1 || 2017324 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit obfuscated hex-encoded jnlp_embedded Aug 08 2013
1 || 2017325 || 4 || trojan-activity || 0 || ET TROJAN Yayih.A Checkin 2 || md5,832f5e01be536da71d5b3f7e41938cfb || url,fireeye.com/blog/technical/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html
1 || 2017326 || 2 || trojan-activity || 0 || ET TROJAN Yayih.A Checkin 3 || md5,832f5e01be536da71d5b3f7e41938cfb || url,fireeye.com/blog/technical/2013/08/survival-of-the-fittest-new-york-times-attackers-evolve-quickly.html
1 || 2017327 || 2 || attempted-user || 0 || ET WEB_SERVER Joomla Upload File Filter Bypass
1 || 2017328 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK setSecurityManager hex August 14 2013 || url,piratebrowser.com
1 || 2017329 || 2 || policy-violation || 0 || ET POLICY Pirate Browser Download || url,piratebrowser.com
1 || 2017330 || 2 || attempted-admin || 0 || ET WEB_SERVER SQLi - SELECT and sysobject
1 || 2017333 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Styx EK - /jvvn.html
1 || 2017334 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Reassigned Eval Function 1
1 || 2017335 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Reassigned Eval Function 2
1 || 2017336 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Reassigned Eval Function 3
1 || 2017337 || 2 || attempted-user || 0 || ET WEB_SERVER ATTACKER SQLi - SELECT and Schema Columns
1 || 2017340 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Shrift.php Microsoft OpenType Font Exploit Request || cve,2011-3402
1 || 2017341 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole Exploit Kit Microsoft OpenType Font Exploit || cve,2011-3402
1 || 2017342 || 3 || bad-unknown || 0 || ET INFO Iframe For IP Address Site
1 || 2017343 || 2 || trojan-activity || 0 || ET TROJAN W32/Spy.KeyLogger.OCI CnC Checkin || url,www.virusradar.com/en/Win32_Spy.KeyLogger.OCI/description || url,www.virustotal.com/en/file/ec19e12e5dafc7aafaa0f582cd714ee5aa3615b89fe2f36f7851d96ec55e3344/analysis/
1 || 2017344 || 3 || trojan-activity || 0 || ET TROJAN Proxychecker Lookup || url,www.virustotal.com/en/file/ec19e12e5dafc7aafaa0f582cd714ee5aa3615b89fe2f36f7851d96ec55e3344/analysis
1 || 2017345 || 4 || shellcode-detect || 0 || ET SHELLCODE Possible UTF-16 u9090 NOP SLED || url,cansecwest.com/slides07/csw07-nazario.pdf || url,www.sophos.com/security/technical-papers/malware_with_your_mocha.html || url,www.windowsecurity.com/articles/Obfuscated-Shellcode-Part1.html
1 || 2017346 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole/Cool obfuscated plugindetect in charcodes w/o sep Jul 10 2013
1 || 2017347 || 4 || trojan-activity || 0 || ET TROJAN Trojan Related Lame Updater User-Agent
1 || 2017348 || 5 || trojan-activity || 0 || ET USER_AGENTS Trojan.Win32.VBKrypt.cugq Checkin || url,www.securelist.com/en/descriptions/10316591/Trojan.Win32.VBKrypt.cugq || url,www.mcafee.com/threat-intelligence/malware/default.aspx?id=456326 || url,www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-RDK/detailed-analysis.aspx || md5,79e24434a74a985e1c64925fd0ac4b28
1 || 2017349 || 3 || trojan-activity || 0 || ET TROJAN Win32.Troj.Cidox Checkin || md5,0ce7f9dde5c273d7e71c9f1301fe505d
1 || 2017350 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.admin@388 Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
1 || 2017351 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.th3bug Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
1 || 2017352 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.keaidestone Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
1 || 2017353 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.suzuki Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
1 || 2017354 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.happyyongzi Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
1 || 2017355 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.key@123 Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
1 || 2017356 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.gwx@123 Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
1 || 2017357 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.wwwst@Admin Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
1 || 2017358 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.xiaoxiaohuli Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
1 || 2017359 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.smallfish Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
1 || 2017360 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.XGstone Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
1 || 2017361 || 2 || trojan-activity || 0 || ET TROJAN PoisonIvy.fishplay Keepalive to CnC || url,www.fireeye.com/resources/pdfs/fireeye-poison-ivy-report.pdf
1 || 2017362 || 2 || trojan-activity || 0 || ET TROJAN Win32/Napolar.A Getting URL || md5,9a8cee88d7440f25be8404b71cb584de || md5,b70f8d0afa82c222f55f7a18d2ad0b81
1 || 2017363 || 2 || bad-unknown || 0 || ET INFO InetSim Response from External Source Possible SinkHole
1 || 2017364 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole obfuscated base64 key string
1 || 2017365 || 8 || bad-unknown || 0 || ET TROJAN SUSPICIOUS UA (iexplore) || md5,b0e8ce16c42dee20d2c1dfb1b87b3afc
1 || 2017366 || 2 || attempted-user || 0 || ET WEB_SERVER Coldfusion 9 Auth Bypass CVE-2013-0632 || url,www.exploit-db.com/exploits/27755/ || cve,2013-0632
1 || 2017367 || 2 || trojan-activity || 0 || ET TROJAN Possible Win32/Napolar.A URL Response || md5,9a8cee88d7440f25be8404b71cb584de || md5,b70f8d0afa82c222f55f7a18d2ad0b81
1 || 2017368 || 2 || trojan-activity || 0 || ET TROJAN Possible Avatar RootKit Yahoo Group Search || md5,7b6409fc32c70908a9468eaac845bdaa || md5,b647a4af77b2fad3f40c6769c22ebf74 || url,www.welivesecurity.com/2013/08/20/avatar-rootkit-the-continuing-saga/
1 || 2017369 || 2 || trojan-activity || 0 || ET TROJAN Bitcoin variant Checkin || url,blog.avast.com/2013/08/01/malicious-bitcoin-miners-target-czech-republic/ || md5,15cb65409f9b935cfdff72c22c358e34
1 || 2017370 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS AutoIT C&C Check-In 2013-08-23 URL || url,malwr.com/analysis/MWM3NDA2NTdhM2U4NGE0NjgwY2IzN2Y3ZDk4ZTcyMmM/
1 || 2017371 || 10 || trojan-activity || 0 || ET TROJAN Win32/Neurevt.A checkin || md5,c447d364a9dad369ff07dcc14f5fbefb || md5,a0a66dfbdf1ce76782ba20a07a052976
1 || 2017372 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing with Applet Aug 26 2013
1 || 2017373 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CookieBomb Generic JavaScript Format
1 || 2017374 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS CookieBomb Generic PHP Format
1 || 2017375 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS CookieBomb Generic HTML Format
1 || 2017376 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Possible BHEK Landing URI Format
1 || 2017377 || 2 || trojan-activity || 0 || ET TROJAN Win64/Vabushky.A Malicious driver download || url,welivesecurity.com/2013/08/27/the-powerloader-64-bit-update-based-on-leaked-exploits/
1 || 2017378 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool get command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/
1 || 2017379 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool long command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/
1 || 2017380 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool smart command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/
1 || 2017381 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool post1 command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/
1 || 2017382 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool post2 command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/
1 || 2017383 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool byte command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/
1 || 2017384 || 5 || trojan-activity || 0 || ET TROJAN Drive DDoS Tool byte command received key=okokokjjk || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/
1 || 2017385 || 2 || trojan-activity || 0 || ET TROJAN Trojan.Dirtjump Checkin || url,www.arbornetworks.com/asert/2013/08/dirtjumper-drive-shifts-into-a-new-gear/ || md5,50a538221e015d77cf4794ae78978ce2
1 || 2017386 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible APT-12 Related C2 || url,community.rapid7.com/community/infosec/blog/2013/08/26/upcoming-g20-summit-fuels-espionage-operations
1 || 2017387 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Landing Aug 27 2013
1 || 2017388 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sweet Orange Payload Download Aug 28 2013
1 || 2017389 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - ASPyder - Auth Creds
1 || 2017390 || 3 || trojan-activity || 0 || ET WEB_SERVER WebShell - ASPyder - File Browser - Interface
1 || 2017391 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - ASPyder - Auth Prompt
1 || 2017392 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - ASPyder - File Browser - POST Structure
1 || 2017393 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - ASPyder -File Upload - POST Structure
1 || 2017394 || 2 || trojan-activity || 0 || ET WEB_SERVER WebShell - ASPyder - File Upload - Response
1 || 2017395 || 3 || trojan-activity || 0 || ET TROJAN Likely Bot Nick in IRC ([country|so version|CPU])
1 || 2017396 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Landing Aug 29 2013
1 || 2017397 || 2 || bad-unknown || 0 || ET DOS Apple CoreText Exploit Specific string || url,techcrunch.com/2013/08/29/bug-in-apples-coretext-allows-specific-string-of-characters-to-crash-ios-6-os-x-10-8-apps/
1 || 2017398 || 2 || attempted-recon || 0 || ET POLICY Internal Host Retrieving External IP via icanhazip.com - Possible Infection
1 || 2017399 || 7 || trojan-activity || 0 || ET WEB_SERVER WebShell Generic eval of base64_decode
1 || 2017400 || 7 || trojan-activity || 0 || ET WEB_SERVER WebShell Generic eval of gzinflate
1 || 2017401 || 7 || trojan-activity || 0 || ET WEB_SERVER WebShell Generic eval of str_rot13
1 || 2017402 || 7 || trojan-activity || 0 || ET WEB_SERVER WebShell Generic eval of gzuncompress
1 || 2017403 || 7 || trojan-activity || 0 || ET WEB_SERVER WebShell Generic eval of convert_uudecode
1 || 2017404 || 3 || trojan-activity || 0 || ET WORM W32/Njw0rm CnC Beacon || url,www.fireeye.com/blog/technical/malware-research/2013/08/njw0rm-brother-from-the-same-mother.html || md5,4c60493b14c666c56db163203e819272 || md5,b0e1d20accd9a2ed29cdacb803e4a89d
1 || 2017405 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing with Applet Aug 30 2013
1 || 2017406 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin EK Java /victoria.jar
1 || 2017407 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura Landing with Applet Aug 30 2013
1 || 2017408 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS GondadEK Landing Sept 03 2013 || url,www.kahusecurity.com/2013/deobfuscating-the-ck-exploit-kit
1 || 2017409 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible MHTML CVE-2012-0158 Vulnerable CLSID+b64 Office Doc Magic 1 || url,www.antiy.net/wp-content/uploads/The-Latest-APT-Attack-by-Exploiting-CVE2012-0158-Vulnerability.pdf || url,contagiodump.blogspot.com/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html
1 || 2017410 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible MHTML CVE-2012-0158 Vulnerable CLSID+b64 Office Doc Magic 2 || url,www.antiy.net/wp-content/uploads/The-Latest-APT-Attack-by-Exploiting-CVE2012-0158-Vulnerability.pdf || url,contagiodump.blogspot.com/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html
1 || 2017411 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible MHTML CVE-2012-0158 Vulnerable CLSID+b64 Office Doc Magic 3 || url,www.antiy.net/wp-content/uploads/The-Latest-APT-Attack-by-Exploiting-CVE2012-0158-Vulnerability.pdf || url,contagiodump.blogspot.com/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html
1 || 2017412 || 7 || trojan-activity || 0 || ET TROJAN Gh0st_Apple Checkin || url,contagiodump.blogspot.com.br/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html || md5,f4d4076dff760eb92e4ae559c2dc4525
1 || 2017413 || 2 || trojan-activity || 0 || ET TROJAN NJRat-backdoor Checkin || url,contagiodump.blogspot.com.br/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html
1 || 2017414 || 3 || trojan-activity || 0 || ET DELETED Unknown Malware CnC response with exe file || url,contagiodump.blogspot.com.br/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html
1 || 2017415 || 4 || trojan-activity || 0 || ET DELETED Taidoor Checkin || url,contagiodump.blogspot.com.br/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html
1 || 2017416 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Variant PDF Download
1 || 2017417 || 8 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Keep-Alive (INBOUND) || md5,0ae2261385c482d55519be9b0e4afef3 || url,anubis.iseclab.org/?action=result&task_id=1043e1f5f61319b944d51d0d6d7e23f2e || md5,41a0a4c0831dbcbbfd877c7d37b671e0 || url,blog.fireeye.com/research/2012/09/the-story-behind-backdoorlv.html
1 || 2017418 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Keep-Alive (OUTBOUND) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017419 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Checkin || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017420 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (File Manager) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017421 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command Response (File Manager) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017422 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Remote Desktop) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017423 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command Response (Remote Desktop) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017424 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Remote Cam) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017425 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command Response (Remote Cam) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017426 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Remote Shell) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017427 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command Response (Process listing) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017428 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Kill Process) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017429 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Registry) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017430 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Keylogger) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017431 || 3 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command (Get Passwords) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017432 || 2 || trojan-activity || 0 || ET TROJAN Bladabindi/njrat CnC Command Response (Get Passwords) || url,threatgeek.com/2013/07/njrat-detection-rules-using-yara-.html
1 || 2017433 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura EK Landing Sep 06 2013
1 || 2017434 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Bleeding EK Variant Landing Sep 06 2013
1 || 2017435 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Bleeding EK Variant Landing JAR Sep 06 2013
1 || 2017436 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP SERVER SuperGlobal in URI || url,imperva.com/download.asp?id=421
1 || 2017437 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP GET SuperGlobal in URI || url,imperva.com/download.asp?id=421
1 || 2017438 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP POST SuperGlobal in URI || url,imperva.com/download.asp?id=421
1 || 2017439 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP COOKIE SuperGlobal in URI || url,imperva.com/download.asp?id=421
1 || 2017440 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP SESSION SuperGlobal in URI || url,imperva.com/download.asp?id=421
1 || 2017441 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP REQUEST SuperGlobal in URI || url,imperva.com/download.asp?id=421
1 || 2017442 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP ENV SuperGlobal in URI || url,imperva.com/download.asp?id=421
1 || 2017443 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP SERVER SuperGlobal in POST || url,imperva.com/download.asp?id=421
1 || 2017444 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP GET SuperGlobal in POST || url,imperva.com/download.asp?id=421
1 || 2017445 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP POST SuperGlobal in POST || url,imperva.com/download.asp?id=421
1 || 2017446 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP COOKIE SuperGlobal in POST || url,imperva.com/download.asp?id=421
1 || 2017447 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP SESSION SuperGlobal in POST || url,imperva.com/download.asp?id=421
1 || 2017448 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP REQUEST SuperGlobal in POST || url,imperva.com/download.asp?id=421
1 || 2017449 || 2 || bad-unknown || 0 || ET WEB_SERVER PHP ENV SuperGlobal in POST || url,imperva.com/download.asp?id=421
1 || 2017450 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura Sep 10 2013
1 || 2017451 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS FlimKit Landing Page
1 || 2017452 || 3 || trojan-activity || 0 || ET DELETED Blackhole hex and wordlist initial landing and exploit path
1 || 2017453 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Redirection - Forum Injection
1 || 2017454 || 12 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Payload Download Sep 11 2013
1 || 2017455 || 6 || trojan-activity || 0 || ET TROJAN Waledac FACEPUNCH Traffic Detected || url,trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_infiltrating_the_waledac_botnet_v2.pdf
1 || 2017456 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Variant PDF Download Sep 11 2013
1 || 2017457 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Java request to UNI.ME Domain Set 1
1 || 2017458 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Java request to UNI.ME Domain Set 2
1 || 2017459 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Java request to UNI.ME Domain Set 3
1 || 2017460 || 3 || bad-unknown || 0 || ET INFO SUSPICIOUS Java request to UNI.ME Domain Set 4
1 || 2017461 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blackhole obfuscated base64 decoder Sep 12 2013
1 || 2017462 || 2 || trojan-activity || 0 || ET TROJAN ZeroAccess P2P Module v6 Reporting || url,dnsamplificationattacks.blogspot.gr/p/blog-page.html
1 || 2017463 || 2 || attempted-user || 0 || ET WEB_CLIENT MS13-055 CAnchorElement Use-After-Free
1 || 2017464 || 2 || trojan-activity || 0 || ET TROJAN W32/Hesperus.Banker Tr-mail Variant Sending Data To CnC || url,blogs.mcafee.com/mcafee-labs/hesperus-evening-star-shines-as-latest-banker-trojan
1 || 2017465 || 3 || trojan-activity || 0 || ET TROJAN W32/Hesperus.Banker Nlog.php Variant Sending Data To CnC || url,blogs.mcafee.com/mcafee-labs/hesperus-evening-star-shines-as-latest-banker-trojan
1 || 2017466 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/FakeAhnAV.A CnC Beacon || url,blogs.mcafee.com/mcafee-labs/android-fake-av-hosted-in-google-code-targets-south-koreans
1 || 2017467 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Reversed Country Code and 32 hex Jar Sep 16 2013
1 || 2017468 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Fake Microsoft Security Update Applet Sep 16 2013
1 || 2017469 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible SNET EK VBS Download
1 || 2017470 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SNET EK Encoded VBS 1
1 || 2017471 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SNET EK Encoded VBS 2
1 || 2017472 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SNET EK Encoded VBS 3
1 || 2017473 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CoolEK Variant Payload Download Sep 16 2013
1 || 2017474 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Variant Landing Page - Applet Sep 16 2013
1 || 2017475 || 2 || trojan-activity || 0 || ET TROJAN Win32/Dipverdle.A Activity || md5,182ea2f564f6211d37a6c35a4bd99ee6
1 || 2017476 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY SweetOrange - Java Exploit Downloaded
1 || 2017477 || 5 || attempted-user || 0 || ET WEB_CLIENT CVE-2013-3893 Possible IE Memory Corruption Vulnerability with HXDS ASLR Bypass || cve,2013-3893 || url,blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx
1 || 2017478 || 4 || attempted-user || 0 || ET WEB_CLIENT CVE-2013-3893 IE Memory Corruption Vulnerability || cve,2013-3893 || url,blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx
1 || 2017479 || 5 || attempted-user || 0 || ET WEB_CLIENT CVE-2013-3893 IE Memory Corruption Vulnerability || cve,2013-3893 || url,blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx
1 || 2017480 || 5 || attempted-user || 0 || ET WEB_CLIENT CVE-2013-3893 IE Memory Corruption Vulnerability || cve,2013-3893 || url,blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx
1 || 2017481 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole initial landing/gate
1 || 2017482 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Styx - TDS - Redirect To Landing Page
1 || 2017483 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
1 || 2017484 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
1 || 2017485 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
1 || 2017486 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
1 || 2017487 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
1 || 2017488 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Using Office/.Net ROP/ASLR Bypass
1 || 2017489 || 2 || trojan-activity || 0 || ET TROJAN W32/Zzinfor.A Retrieving Instructions From CnC Server || md5,7e37a407a8fb0df3b2835419ad16f500 || md5,422b926dbbe03d0e4555328282c8f32b
1 || 2017490 || 2 || trojan-activity || 0 || ET TROJAN W32/Downloader.Mevade.FBV CnC Beacon || url,blog.trendmicro.com/trendlabs-security-intelligence/us-taiwan-most-affected-by-mevade-malware/ || url,blog.damballa.com/archives/2135
1 || 2017491 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino EK Landing URI Format Sep 19 2013
1 || 2017492 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Java Exploit Download Sep 19 2013
1 || 2017493 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Java Payload Download Sep 19 2013
1 || 2017494 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Possible JavaFX Click To Run Bypass 1 || url,seclists.org/bugtraq/2013/Jul/41
1 || 2017495 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible JavaFX Click To Run Bypass 2 || url,seclists.org/bugtraq/2013/Jul/41
1 || 2017496 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible JavaFX Click To Run Bypass 3 || url,seclists.org/bugtraq/2013/Jul/41
1 || 2017497 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Rawin EK - Java Exploit - bona.jar
1 || 2017498 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Blatantly Evil JS Function
1 || 2017499 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Probably Evil Long Unicode string only string and unescape 1
1 || 2017500 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Probably Evil Long Unicode string only string and unescape 2
1 || 2017501 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Probably Evil Long Unicode string only string and unescape 3
1 || 2017502 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Probably Evil Long Unicode string only string and unescape 3
1 || 2017503 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Used in various watering hole attacks
1 || 2017504 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Generic - *.com.exe HTTP Attachment
1 || 2017505 || 2 || trojan-activity || 0 || ET TROJAN Gh0st Trojan CnC 2
1 || 2017506 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Sakura - Java Exploit Recieved - Atomic
1 || 2017507 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Cushion Redirection || url,malwaremustdie.blogspot.co.uk/2013/09/302-redirector-new-cushion-attempt-to.html
1 || 2017508 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Styx J7u21 click2play bypass
1 || 2017509 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Possible J7u21 click2play bypass
1 || 2017510 || 2 || attempted-user || 0 || ET EXPLOIT Metasploit CVE-2013-3205 Exploit Specific
1 || 2017511 || 2 || trojan-activity || 0 || ET TROJAN DeputyDog callback || url,www.fireeye.com/blog/technical/cyber-exploits/2013/09/operation-deputydog-zero-day-cve-2013-3893-attack-against-japanese-targets.html
1 || 2017512 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Caphaw DriveBy Campaign Statistic.js || url,research.zscaler.com/2013/09/a-new-wave-of-win32caphaw-attacks.html || url,blog.damballa.com/archives/2147
1 || 2017513 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32/Caphaw DriveBy Campaign Ping.html || url,research.zscaler.com/2013/09/a-new-wave-of-win32caphaw-attacks.html || url,blog.damballa.com/archives/2147
1 || 2017515 || 4 || attempted-recon || 0 || ET INFO User-Agent (python-requests) Inbound to Webserver
1 || 2017516 || 3 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr Checkin 1 || md5,d2e799904582f03281060689f5447585
1 || 2017517 || 4 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr Checkin 2 || md5,d2e799904582f03281060689f5447585
1 || 2017518 || 2 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr CnC command (/iam-ready) || url,www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-houdini.html
1 || 2017519 || 2 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr CnC command (is-enum-driver) || url,www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-houdini.html
1 || 2017520 || 3 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr CnC command (is-enum-folder) || url,www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-houdini.html
1 || 2017521 || 2 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr CnC command (is-enum-process) || url,www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-houdini.html
1 || 2017522 || 2 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr CnC command (is-cmd-shell) || url,www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-houdini.html
1 || 2017523 || 5 || trojan-activity || 0 || ET TROJAN Worm.VBS.ayr CnC command response || url,www.fireeye.com/blog/uncategorized/2013/09/now-you-see-me-h-worm-by-houdini.html
1 || 2017524 || 3 || trojan-activity || 0 || ET TROJAN DATA-BROKER BOT Activity || url,krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/ || md5,adcfe50aaaa0928adf2785fefe7307cc
1 || 2017525 || 2 || trojan-activity || 0 || ET TROJAN OSX/Leverage.A Checkin
1 || 2017526 || 3 || trojan-activity || 0 || ET TROJAN Hiloti/Mufanom CnC Response
1 || 2017527 || 3 || trojan-activity || 0 || ET TROJAN W32/Napolar Checkin || url,blog.avast.com/2013/09/25/win3264napolar-new-trojan-shines-on-the-cyber-crime-scene/ || url,www.welivesecurity.com/2013/09/25/win32napolar-a-new-bot-on-the-block/ || md5,2c344add2ee6201f4e2cdf604548408b
1 || 2017528 || 4 || bad-unknown || 0 || ET WEB_SERVER UA WordPress, probable DDOS-Attack || url,thehackernews.com/2013/09/thousands-of-wordpress-blogs.html || url,pastebin.com/NP64hTQr
1 || 2017529 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS LightsOut EK Payload Download || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017530 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK info3i.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017531 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK info3i.php || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017532 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK inden2i.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017533 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK sort.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017534 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK leks.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017535 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK negc.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017536 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK negq.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017537 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK leks.jar || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017538 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK start.jar || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017539 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK stoq.jar || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017540 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK erno_rfq.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017541 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK inden2i.php || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017542 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK gami.html || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017543 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible LightsOut EK gami.jar || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017544 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS LightsOut EK POST Compromise POST || url,blogs.cisco.com/security/watering-hole-attacks-target-energy-sector
1 || 2017545 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing with Applet Sep 30 2013
1 || 2017546 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible FortDisco POP3 Site list download || md5,538a4cedad8791e27088666a4a6bf9c5 || md5,87c21bc9c804cefba6bb4148dbe4c4de || url,www.abuse.ch/?p=5813
1 || 2017547 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CoolEK Jar Download Sep 30 2013 || md5,d58fea2d0f791e65c6aae8e52f7089c1
1 || 2017548 || 4 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 3 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231
1 || 2017549 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake MS Security Update (Jar)
1 || 2017550 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK Landing Oct 1 2013
1 || 2017551 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Obfuscated http 2 digit sep in applet (Seen in HiMan EK)
1 || 2017552 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Cushion Redirection || url,malwaremustdie.blogspot.co.uk/2013/09/302-redirector-new-cushion-attempt-to.html
1 || 2017553 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK Reporting Host/Exploit Info
1 || 2017554 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS BHEK Payload Download (java only alternate method may overlap with 2017454)
1 || 2017555 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DotkaChef EK initial landing from Oct 02 2013 mass-site compromise EK campaign
1 || 2017556 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS BlackHole EK Variant PDF Download
1 || 2017557 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible Java CVE-2013-1488 java.sql.Drivers Service Object in JAR || cve,2013-1488 || url,www.contextis.com/research/blog/java-pwn2own/ || url,www.rapid7.com/db/modules/exploit/multi/browser/java_jre17_driver_manager
1 || 2017558 || 2 || misc-activity || 0 || ET TROJAN Mevade Checkin 
1 || 2017559 || 2 || trojan-activity || 0 || ET TROJAN SSH Connection on 443 - Mevade Banner
1 || 2017560 || 3 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS Possible WHMCS SQLi AES_ENCRYPT at start of value || url,localhost.re/p/whmcs-527-vulnerability
1 || 2017561 || 3 || trojan-activity || 0 || ET MALWARE W32/Wajam.Adware Sucessful Install
1 || 2017562 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing with Applet Oct 4 2013
1 || 2017563 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible Java CVE-2013-2465 Based on PoC || cve,2013-2465 || url,seclists.org/fulldisclosure/2013/Aug/134 || url,malwageddon.blogspot.com/2013/10/unknown-ek-i-wanna-be-billionaire-so.html
1 || 2017564 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Unknown EK Landing || cve,2013-2465 || url,malwageddon.blogspot.com/2013/10/unknown-ek-i-wanna-be-billionaire-so.html || url,seclists.org/fulldisclosure/2013/Aug/134
1 || 2017565 || 4 || bad-unknown || 0 || ET INFO Obfuscated fromCharCode
1 || 2017566 || 5 || bad-unknown || 0 || ET INFO Obfuscated fromCharCode
1 || 2017567 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS FiestaEK js-redirect
1 || 2017568 || 3 || attempted-user || 0 || ET CURRENT_EVENTS Possible Metasploit Java CVE-2013-2465 Class Name Sub Algo || cve,2013-2465 || url,seclists.org/fulldisclosure/2013/Aug/134 || url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_storeimagearray.rb
1 || 2017569 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Landing Page
1 || 2017570 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Exploit Download
1 || 2017571 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Payload Download
1 || 2017572 || 5 || attempted-user || 0 || ET WEB_CLIENT Possible Microsoft Internet Explorer Use-After-Free CVE-2013-3897 || cve,2013-3897
1 || 2017573 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible JBoss/JMX InvokerServlet RCE Using Marshalled Object || url,www.exploit-db.com/exploits/28713/
1 || 2017574 || 3 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible JBoss/JMX EJBInvokerServlet RCE Using Marshalled Object || url,www.exploit-db.com/exploits/28713/
1 || 2017575 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Possible VBulletin Unauthorized Admin Account Creation || url,blog.imperva.com/2013/10/threat-advisory-a-vbulletin-exploit-administrator-injection.html
1 || 2017576 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Styx EK jply.html
1 || 2017577 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Fiesta EK Landing Oct 09 2013
1 || 2017578 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake MS Security Update EK (Payload Download)
1 || 2017579 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS Possible Secondary Indicator of Java Exploit (Artifact Observed mostly in EKs/a few mis-configured apps)
1 || 2017580 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DotkaChef Payload October 09
1 || 2017582 || 3 || trojan-activity || 0 || ET TROJAN CryptoLocker Ransomware check-in 2 || md5,a354873df6dbce59e801380cee39ac17
1 || 2017583 || 4 || trojan-activity || 0 || ET TROJAN CryptoLocker EXE Download
1 || 2017584 || 5 || trojan-activity || 0 || ET TROJAN CryptoLocker Ransomware check-in || md5,6afc848066d274d8632c742340560a67
1 || 2017585 || 3 || trojan-activity || 0 || ET TROJAN Possible W32/KanKan tools.ini Request || url,www.welivesecurity.com/2013/10/11/win32kankan-chinese-drama/
1 || 2017586 || 2 || trojan-activity || 0 || ET TROJAN Possible W32/KanKan Update officeaddinupdate.xml Request || url,www.welivesecurity.com/2013/10/11/win32kankan-chinese-drama/
1 || 2017587 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Opfake.A GetTask CnC Beacon || url,quequero.org/2013/09/android-opfake-malware-analysis/
1 || 2017588 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/Opfake.A Country CnC Beacon || url,quequero.org/2013/09/android-opfake-malware-analysis/
1 || 2017589 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown EK Initial Payload Internet Connectivity Check || url,malwageddon.blogspot.fi/2013/09/unknown-ek-it-aint-no-trick-to-get-rich.html
1 || 2017590 || 3 || attempted-admin || 0 || ET CURRENT_EVENTS D-LINK Router Backdoor via Specific UA || url,www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/
1 || 2017591 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Malvertising Related EK Landing Oct 14 2013 || url,www.malwaresigs.com/2013/10/14/unknown-ek/
1 || 2017592 || 1 || trojan-activity || 0 || ET CURRENT_EVENTS Unknown Malvertising Related EK Redirect Oct 14 2013 || url,malwageddon.blogspot.fi/2013/09/unknown-ek-it-aint-no-trick-to-get-rich.html
1 || 2017593 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino EK Landing URI Format Oct 15 2013
1 || 2017594 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Exploit Download Oct 15 2013
1 || 2017595 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Payload Download Oct 15 2013
1 || 2017596 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino XORed pluginDetect 1
1 || 2017597 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino XORed pluginDetect 2
1 || 2017598 || 5 || trojan-activity || 0 || ET TROJAN Possible Kelihos.F EXE Download Common Structure
1 || 2017599 || 3 || trojan-activity || 0 || ET TROJAN Backdoor.Egobot Checkin || url,symantec.com/connect/blogs/backdooregobot-how-effectively-execute-targeted-campaign
1 || 2017600 || 2 || trojan-activity || 0 || ET TROJAN W32.Nemim Checkin || url,symantec.com/connect/blogs/infostealernemim-how-pervasive-infostealer-continues-evolve
1 || 2017601 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 IE Exploit URI Struct
1 || 2017602 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK - Landing Page - Java ClassID and 32/32 archive Oct 16 2013
1 || 2017603 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Exploit 32-32 byte hex java payload request Oct 16 2013
1 || 2017604 || 2 || successful-admin || 0 || ET WEB_SERVER PHP WebShell Embedded In GIF (OUTBOUND) || url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html
1 || 2017605 || 2 || successful-admin || 0 || ET WEB_SERVER PHP WebShell Embedded In JPG (OUTBOUND) || url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html
1 || 2017606 || 2 || successful-admin || 0 || ET WEB_SERVER PHP WebShell Embedded In PNG (OUTBOUND) || url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html
1 || 2017607 || 2 || successful-admin || 0 || ET WEB_SERVER PHP WebShell Embedded In GIF (INBOUND) || url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html
1 || 2017608 || 2 || successful-admin || 0 || ET WEB_SERVER PHP WebShell Embedded In JPG (INBOUND) || url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html
1 || 2017609 || 3 || successful-admin || 0 || ET WEB_SERVER PHP WebShell Embedded In PNG (INBOUND) || url,blog.spiderlabs.com/2013/10/hiding-webshell-backdoor-code-in-image-files.html
1 || 2017610 || 2 || web-application-attack || 0 || ET DELETED vBulletin Administrator Injection Attempt || url,blog.imperva.com/2013/10/threat-advisory-a-vbulletin-exploit-administrator-injection.html
1 || 2017611 || 2 || web-application-attack || 0 || ET WEB_SPECIFIC_APPS Oracle JSF2 Path Traversal Attempt || url,security.coverity.com/advisory/2013/Oct/two-path-traversal-defects-in-oracles-jsf2-implementation.html || cve,2013-3815
1 || 2017612 || 5 || trojan-activity || 0 || ET DELETED Kelihos p2p traffic detected via byte_test - SET
1 || 2017613 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Magnitude EK (formerly Popads) IE Exploit with IE UA Oct 16 2013
1 || 2017614 || 2 || trojan-activity || 0 || ET DELETED Kelihos p2p traffic detected via byte_test CnC Response
1 || 2017615 || 4 || network-scan || 0 || ET SCAN NETWORK Outgoing Masscan detected || url,blog.erratasec.com/2013/10/that-dlink-bug-masscan.html || url,blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html
1 || 2017616 || 4 || network-scan || 0 || ET SCAN NETWORK Incoming Masscan detected || url,blog.erratasec.com/2013/10/that-dlink-bug-masscan.html || url,blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html
1 || 2017617 || 3 || trojan-activity || 0 || ET TROJAN W32/Onkod.Downloader Executable Download || url,blog.fortinet.com/Avoiding-Heuristic-Detection/
1 || 2017620 || 3 || trojan-activity || 0 || ET TROJAN Kuluoz Activity || md5,c71416a9ec5414fe487167b5bfd921ec
1 || 2017621 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Cutwail Redirect to Magnitude EK || url,www.secureworks.com/resources/blog/research/cutwail-spam-swapping-blackhole-for-magnitude-exploit-kit/
1 || 2017622 || 5 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS WHMCS lt 5.2.8 SQL Injection || url,localhost.re/res/whmcs2.py
1 || 2017623 || 3 || attempted-admin || 0 || ET CURRENT_EVENTS Tenda Router Backdoor 1 || url,www.devttys0.com/2013/10/from-china-with-love/
1 || 2017624 || 3 || attempted-admin || 0 || ET CURRENT_EVENTS Tenda Router Backdoor 2 || url,www.devttys0.com/2013/10/from-china-with-love/
1 || 2017625 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS 81a338 Hacked Site Response (Outbound)
1 || 2017626 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS 81a338 Hacked Site Response (Inbound)
1 || 2017628 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sakura Jar Download Oct 22 2013
1 || 2017629 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS FlashPack Oct 23 2013
1 || 2017630 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK encrypted binary (1)
1 || 2017631 || 2 || attempted-admin || 0 || ET CURRENT_EVENTS Netgear WNDR4700 Auth Bypass || url,securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp
1 || 2017632 || 2 || attempted-admin || 0 || ET CURRENT_EVENTS Netgear WNDR3700 Auth Bypass || url,shadow-file.blogspot.ro/2013/10/complete-persistent-compromise-of.html
1 || 2017633 || 3 || trojan-activity || 0 || ET TROJAN Athena DDoS Bot Checkin || md5,19ca0d830cd7b44e5de1ab85f4e17d82
1 || 2017634 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing Page Oct 25 2013
1 || 2017635 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Landing Page Oct 25 2013
1 || 2017636 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK PDF URI Struct
1 || 2017637 || 2 || bad-unknown || 0 || ET INFO Java File Sent With X-Powered By HTTP Header - Common In Exploit Kits
1 || 2017638 || 2 || attempted-admin || 0 || ET CURRENT_EVENTS Alpha Networks ADSL2/2+ router remote administration password disclosure || url,packetstorm.foofus.com/1208-exploits/asl26555_pass_disclosure.txt
1 || 2017639 || 6 || bad-unknown || 0 || ET INFO JAR Size Under 30K Size - Potentially Hostile
1 || 2017640 || 2 || bad-unknown || 0 || ET WEB_SERVER Possible Encrypted Webshell Download || url,blog.sucuri.net/2013/10/backdoor-evasion-using-encrypted-content.html
1 || 2017641 || 3 || bad-unknown || 0 || ET WEB_SERVER Possible Encrypted Webshell in POST || url,blog.sucuri.net/2013/10/backdoor-evasion-using-encrypted-content.html
1 || 2017642 || 3 || trojan-activity || 0 || ET TROJAN Linux/Ssemgrvd sshd Backdoor HTTP CNC 1
1 || 2017643 || 3 || trojan-activity || 0 || ET TROJAN Linux/Ssemgrvd sshd Backdoor HTTP CNC 2
1 || 2017644 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Host Domain .bit || url,www.normanshark.com/blog/necurs-cc-domains-non-censorable/
1 || 2017645 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS DNS Query Domain .bit || url,www.normanshark.com/blog/necurs-cc-domains-non-censorable/
1 || 2017646 || 4 || trojan-activity || 0 || ET TROJAN possible TRAT proxy component user agent detected || url,www.fireeye.com/blog/technical/malware-research/2013/10/evasive-tactics-terminator-rat.html
1 || 2017647 || 2 || trojan-activity || 0 || ET TROJAN FakeAV Install || md5,d1663e13314a6722db7cb7549b470c64
1 || 2017648 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sweet Orange payload Request
1 || 2017649 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange encrypted payload
1 || 2017650 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO/Grandsoft Plugin-Detect
1 || 2017652 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK Landing URI Format Nov 1 2013
1 || 2017653 || 13 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino Java Exploit/Payload Download Nov 1 2013 || url,pastebin.com/194D8UuK
1 || 2017654 || 4 || trojan-activity || 0 || ET DELETED W32/Badur.Spy User Agent HWMPro || md5,234c47b5b29a2cfcc00900bbc13ea181
1 || 2017655 || 3 || trojan-activity || 0 || ET TROJAN W32/Badur.Spy User Agent lawl || md5,4f5d28c43795b9c4e6257bf26c52bdfe
1 || 2017656 || 3 || trojan-activity || 0 || ET TROJAN W32/InstallMonster.Downloader Checkin || md5,70a6d9cb37e346b4dfd28bd4ea1f8671
1 || 2017657 || 6 || attempted-user || 0 || ET WEB_CLIENT SUSPICIOUS JS Multiple Debug Math.atan2 calls with CollectGarbage || url,blog.exodusintel.com/2013/01/02/happy-new-year-analysis-of-cve-2012-4792/ || url,cyvera.com/cve-2013-3897-analysis-of-yet-another-ie-0-day/
1 || 2017658 || 5 || trojan-activity || 0 || ET TROJAN Unknown Trojan Secondary Download || md5,3a2c3b422a7ec78f88a939d20ed07615
1 || 2017659 || 5 || trojan-activity || 0 || ET TROJAN Unknown Trojan Download || md5,3a2c3b422a7ec78f88a939d20ed07615
1 || 2017660 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Malicious Cookie Set By Flash Malvertising || md5,cce9dcad030c4cba605a8ee65572136a
1 || 2017661 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Redirect to Neutrino goi.php Nov 4 2013
1 || 2017662 || 2 || trojan-activity || 0 || ET TROJAN Known Sinkhole Response Header || md5,723a90462a417337355138cc6aba2290
1 || 2017663 || 2 || web-application-attack || 0 || ET CURRENT_EVENTS Fredcot campaign php5-cgi initial exploit || cve,2012-1823 || url,eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
1 || 2017664 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Fredcot campaign payload download || md5,e69bbd29f2822c1846d569ace710c9d5 || url,permalink.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/20243
1 || 2017665 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Fredcot campaign IRC CnC || md5,e69bbd29f2822c1846d569ace710c9d5 || url,permalink.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/20243
1 || 2017666 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK JAR URI Struct Nov 05 2013
1 || 2017667 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK Payload URI Struct Nov 05 2013
1 || 2017668 || 4 || attempted-user || 0 || ET TROJAN Possible Backdoor.Adwind Download || url,www.symantec.com/security_response/writeup.jsp?docid=2013-070113-1904-99&tabid=3
1 || 2017669 || 5 || misc-activity || 0 || ET INFO Zip File
1 || 2017670 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS Word DOCX with Many ActiveX Objects and Media || url,blogs.mcafee.com/mcafee-labs/mcafee-labs-detects-zero-day-exploit-targeting-microsoft-office-2
1 || 2017671 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CVE-2013-3906 CnC Checkin || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets
1 || 2017672 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS msctcd.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets
1 || 2017673 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS taskmgr.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets
1 || 2017674 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS wsqmocn.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets
1 || 2017675 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS connhost.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets
1 || 2017676 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS lgfxsrvc.exe in URI Probable Process Dump/Trojan Download
1 || 2017677 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS wimhost.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets
1 || 2017678 || 3 || trojan-activity || 0 || ET DELETED SUSPICIOUS lgfxsrvc.exe in URI Probable Process Dump/Trojan Download
1 || 2017679 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS winlog.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets
1 || 2017680 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS waulct.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets
1 || 2017681 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS alg.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets
1 || 2017682 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS mssrs.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets
1 || 2017683 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS winhosts.exe in URI Probable Process Dump/Trojan Download || url,alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets
1 || 2017684 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible SUPERMICRO IPMI login.cgi Name Parameter Buffer Overflow Attempt CVE-2013-3621 || cve,CVE-2013-3621 || url,community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities
1 || 2017685 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible SUPERMICRO IPMI login.cgi PWD Parameter Buffer Overflow Attempt CVE-2013-3621 || cve,CVE-2013-3621 || url,community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities
1 || 2017686 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible SUPERMICRO IPMI close_window.cgi sess_sid Parameter Buffer Overflow Attempt CVE-2013-3623 || cve,CVE-2013-3623 || url,community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities
1 || 2017687 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible SUPERMICRO IPMI close_window.cgi ACT Parameter Buffer Overflow Attempt CVE-2013-3623 || cve,CVE-2013-3623 || url,community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities
1 || 2017688 || 2 || attempted-admin || 0 || ET WEB_SERVER Possible SUPERMICRO IPMI url_redirect.cgi Directory Traversal Attempt || url,community.rapid7.com/community/metasploit/blog/2013/11/06/supermicro-ipmi-firmware-vulnerabilities
1 || 2017689 || 2 || trojan-activity || 0 || ET TROJAN Possible Schneebly Posting ScreenShot || url,www.alienvault.com/open-threat-exchange/blog/microsoft-office-zeroday-used-to-attack-pakistani-targets
1 || 2017690 || 2 || trojan-activity || 0 || ET TROJAN W32/Citadel.Arx Variant CnC Beacon 1 || url,botnetlegalnotice.com/citadel/files/Patel_Decl_Ex20.pdf || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/the-dual-use-exploit-cve-2013-3906-used-in-both-targeted-attacks-and-crimeware-campaigns.html
1 || 2017691 || 2 || trojan-activity || 0 || ET TROJAN W32/Citadel.Arx Varient CnC Beacon 2 || url,botnetlegalnotice.com/citadel/files/Patel_Decl_Ex20.pdf || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/the-dual-use-exploit-cve-2013-3906-used-in-both-targeted-attacks-and-crimeware-campaigns.html
1 || 2017693 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Styx iframe with obfuscated CVE-2013-2551
1 || 2017694 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Magnitude IE EK Payload Nov 8 2013
1 || 2017695 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Angler EK Flash Exploit
1 || 2017696 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS FaceBook IM & Web Driven Facebook Trojan Download || url,pastebin.com/raw.php?i=tdATTg7L
1 || 2017697 || 5 || trojan-activity || 0 || ET TROJAN FaceBook IM & Web Driven Facebook Trojan Posting Data || url,pastebin.com/raw.php?i=tdATTg7L
1 || 2017698 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude Landing Nov 11 2013
1 || 2017699 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Grandsoft/SofosFO EK PDF URI Struct
1 || 2017700 || 3 || trojan-activity || 0 || ET TROJAN Possible Stitur Secondary Download
1 || 2017701 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS webr00t WebShell Access || url,blog.sucuri.net/2013/11/case-study-analyzing-a-wordpress-attack-dissecting-the-webr00t-cgi-shell-part-i.html
1 || 2017702 || 2 || trojan-activity || 0 || ET TROJAN Possible Trojan.APT.9002 POST || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html
1 || 2017703 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Possible Flash/IE Payload
1 || 2017704 || 3 || attempted-user || 0 || ET WEB_CLIENT Possible IE 0day CVE-2013-3918 1 || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html
1 || 2017705 || 3 || attempted-user || 0 || ET WEB_CLIENT Possible IE 0day CVE-2013-3918 2 || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html
1 || 2017706 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Sweet Orange IE Payload Request
1 || 2017707 || 1 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 4 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231
1 || 2017708 || 3 || attempted-user || 0 || ET WEB_CLIENT Possible IE 0day CVE-2013-3918 3 || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html
1 || 2017709 || 3 || attempted-user || 0 || ET WEB_CLIENT Possible IE 0day CVE-2013-3918 4 || url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html
1 || 2017710 || 3 || trojan-activity || 0 || ET TROJAN Bamital checkin
1 || 2017711 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Fake Codec Download
1 || 2017712 || 10 || attempted-admin || 0 || ET EXPLOIT Microsoft Outlook/Crypto API X.509 oid id-pe-authorityInfoAccessSyntax design bug allow blind HTTP requests attempt || cve,2013-3870 || url,www.microsoft.com/technet/security/bulletin/MS13-068.mspx || url,blog.nruns.com/blog/2013/11/12/A-portscan-by-email-Alex
1 || 2017713 || 6 || trojan-activity || 0 || ET TROJAN Taidoor Checkin || url,fireeye.com/blog/technical/cyber-exploits/2013/11/exploit-proliferation-additional-threat-groups-acquire-cve-2013-3906.html || md5,17f9f999e1814b99601446f8ce7eb816
1 || 2017714 || 5 || trojan-activity || 0 || ET TROJAN PlugX Checkin || url,fireeye.com/blog/technical/cyber-exploits/2013/11/exploit-proliferation-additional-threat-groups-acquire-cve-2013-3906.html || md5,17f9f999e1814b99601446f8ce7eb816
1 || 2017715 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Angler EK SilverLight Exploit
1 || 2017716 || 3 || trojan-activity || 0 || ET TROJAN Athena Bot Nick in IRC || url,arbornetworks.com/asert/2013/11/athena-a-ddos-malware-odyssey/ || md5,859c2fec50ba1212dca9f00aa4a64ec4
1 || 2017717 || 3 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Botnet Monitor Request CnC Beacon || url,www.btpro.net/blog/2013/05/black-revolution-botnet-trojan/
1 || 2017718 || 4 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Botnet Login Request CnC Beacon || url,www.btpro.net/blog/2013/05/black-revolution-botnet-trojan/
1 || 2017721 || 3 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev V1.Botnet HTTP Login POST Flood Traffic Outbound || url,www.btpro.net/blog/2013/05/black-revolution-botnet-trojan/
1 || 2017722 || 3 || attempted-dos || 0 || ET DOS Trojan.BlackRev V1.Botnet HTTP Login POST Flood Traffic Inbound || url,www.btpro.net/blog/2013/05/black-revolution-botnet-trojan/
1 || 2017723 || 2 || trojan-activity || 0 || ET TROJAN Trojan.BlackRev Botnet Command Request CnC Beacon || url,www.btpro.net/blog/2013/05/black-revolution-botnet-trojan/
1 || 2017724 || 3 || trojan-activity || 0 || ET TROJAN PWS Win32/Lmir.BMQ checkin || md5,0fe0cf9a2d8c3ccd1c92acbb81ff6343 || url,www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=PWS%3AWin32%2FLmir.BMQ
1 || 2017725 || 5 || trojan-activity || 0 || ET TROJAN Sisproc update || md5,f8b3fb4e5f8f1b3bd643e58f1015f9fc
1 || 2017726 || 4 || trojan-activity || 0 || ET TROJAN Downloader (P2P Zeus dropper UA)
1 || 2017727 || 6 || trojan-activity || 0 || ET TROJAN Possible SSH Linux.Fokirtor backchannel command || url,www.symantec.com/connect/blogs/linux-back-door-uses-covert-communication-protocol
1 || 2017728 || 2 || trojan-activity || 0 || ET TROJAN Trojan.Dropper.Win32.Dapato.braa.AMN CnC traffic || md5,6ef66c2336b2b5aaa697c2d0ab2b66e2
1 || 2017729 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Angler Landing Nov 18 2013
1 || 2017730 || 4 || attempted-user || 0 || ET EXPLOIT JavaX Toolkit Posting Plugin-Detect Data || url,github.com/MrXors/Javax/
1 || 2017731 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Styx EK SilverLight Payload
1 || 2017732 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Styx/Angler SilverLight Exploit
1 || 2017733 || 2 || trojan-activity || 0 || ET DELETED Possible Upatre Downloader SSL certificate
1 || 2017734 || 4 || attempted-admin || 0 || ET WEB_SERVER WEBSHELL pwn.jsp shell || url,nickhumphreyit.blogspot.co.il/2013/10/jboss-42-hacked-by-pwnjsp.html || url,blog.imperva.com/2013/11/threat-advisory-a-jboss-as-exploit-web-shell-code-injection.html
1 || 2017735 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS WhiteLotus EK PluginDetect Nov 20 2013
1 || 2017736 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible WhiteLotus EK 2013-2551 Exploit 1
1 || 2017737 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible WhiteLotus EK 2013-2551 Exploit 2
1 || 2017738 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible WhiteLotus EK 2013-2551 Exploit 3
1 || 2017739 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible WhiteLotus Java Payload
1 || 2017740 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing Page Nov 21 2013
1 || 2017741 || 3 || attempted-user || 0 || ET TROJAN Kryptik Check-in
1 || 2017742 || 2 || trojan-activity || 0 || ET TROJAN Solarbot Check-in
1 || 2017743 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible WhiteLotus IE Payload
1 || 2017744 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS StyX EK Payload Cookie
1 || 2017745 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Fake Media Player malware binary requested
1 || 2017746 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Downloader Win32.Genome.AV || md5,d14314ceb74c8c1a8e1e8ca368d75501
1 || 2017747 || 3 || trojan-activity || 0 || ET TROJAN Trojan-Downloader Win32.Genome.AV server response || md5,d14314ceb74c8c1a8e1e8ca368d75501
1 || 2017748 || 6 || misc-activity || 0 || ET INFO Java Downloading Archive flowbit no alert
1 || 2017749 || 6 || misc-activity || 0 || ET INFO Java Downloading Class flowbit no alert
1 || 2017750 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible PHISH Remax - AOL Creds
1 || 2017751 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible PHISH Remax - Yahoo Creds
1 || 2017752 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible PHISH Remax - GMail Creds
1 || 2017753 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible PHISH Remax - Hotmail Creds
1 || 2017754 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS Possible PHISH Remax - Other Creds
1 || 2017755 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Goon EK Java Payload
1 || 2017756 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Goon EK Jar Download
1 || 2017757 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Lang Runtime in B64 Observed in Goon EK 1
1 || 2017758 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Lang Runtime in B64 Observed in Goon EK 2
1 || 2017759 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Java Lang Runtime in B64 Observed in Goon EK 3
1 || 2017760 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class file Accessing Security Manager
1 || 2017761 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class file Importing Protection Domain
1 || 2017762 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Accessing Importing glassfish
1 || 2017763 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class B64 encoded class
1 || 2017764 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing jmx mbeanserver
1 || 2017765 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing mbeanserver Introspector
1 || 2017766 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing glassfish external statistics impl
1 || 2017767 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing management MBeanServer
1 || 2017768 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Mozilla JS Class Creation
1 || 2017769 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Hex Encoded Class file
1 || 2017770 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing tracing Provider Factory
1 || 2017771 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing Classes used in awt exploits
1 || 2017772 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing Classe used in CVE-2013-2471/2472/2473
1 || 2017773 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS SUSPICIOUS Java Request With Uncompressed JAR/Class Importing Classe used in CVE-2013-2465/2463
1 || 2017774 || 8 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK CVE-2013-2551 URI Struct Nov 26 2013
1 || 2017775 || 7 || trojan-activity || 0 || ET TROJAN Darkness DDoS HTTP Target/EXE
1 || 2017776 || 7 || trojan-activity || 0 || ET TROJAN Darkness DDoS Common Intial Check-in Response wtf || md5,a9af388f5a627aa66c34074ef45db1b7
1 || 2017777 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access takeCameraPicture || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html
1 || 2017778 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access getGalleryImage || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html
1 || 2017779 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access makeCall || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html
1 || 2017780 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access postToSocial || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html
1 || 2017781 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access sendMail || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html
1 || 2017782 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access sendSMS || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html
1 || 2017783 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Android InMobi SDK SideDoor Access registerMicListener || url,www.fireeye.com/blog/technical/vulnerabilities/2013/11/inmobi-another-vulnaggressive-adware-opens-billions-of-javascript-sidedoors-on-android-devices.html
1 || 2017784 || 3 || trojan-activity || 0 || ET TROJAN WORM_VOBFUS Checkin Generic 2 || md5,f127ed76dc5e48f69a1070f314488ce2 || url,blog.trendmicro.com/trendlabs-security-intelligence/watch-out-for-worm_vobfus/ || url,blog.dynamoo.com/2012/11/vobfus-sites-to-block.html
1 || 2017785 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK IE Exploit CVE-2013-2551
1 || 2017786 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SNET EK Activity Nov 27 2013
1 || 2017787 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.KorBanker Fake Banking App Install CnC Beacon || url,www.fireeye.com/blog/technical/targeted-attack/2013/11/dissecting-android-korbanker.html || md5,a68bbfe91fab666daaf2c070db00022f || md5,a68bbfe91fab666daaf2c070db00022f
1 || 2017788 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android.KorBanker Sucessful Fake Banking App Install CnC Server Acknowledgement || url,www.fireeye.com/blog/technical/targeted-attack/2013/11/dissecting-android-korbanker.html || md5,a68bbfe91fab666daaf2c070db00022f || md5,a68bbfe91fab666daaf2c070db00022f
1 || 2017789 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS JJEncode Encoded Script Inside of PDF Likely Evil || md5,6776bda19a3a8ed4c2870c34279dbaa9
1 || 2017790 || 2 || attempted-user || 0 || ET EXPLOIT Adobe PDF CVE-2013-0640 || url,www.exploit-db.com/exploits/29881/
1 || 2017791 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Polling/Check-in/Compromise from fake DHL mailing campaign
1 || 2017792 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Hostile fake DHL mailing campaign
1 || 2017793 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK - Payload Requested
1 || 2017794 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK - Flash Exploit
1 || 2017795 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK - Payload Downloaded - EXE in ZIP Downloaded by Java
1 || 2017796 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK - Landing Page
1 || 2017797 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK - TDS - POST hyt=
1 || 2017798 || 2 || trojan-activity || 0 || ET EXPLOIT Zollard PHP Exploit UA || url,deependresearch.org/2013/12/hey-zollard-leave-my-internet-of-things.html
1 || 2017801 || 3 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS PeopleSoft Portal Command with Default Creds || url,media.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs-and-Business-Applications-Slides.pdf
1 || 2017802 || 3 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS SAP Possible CTC Auth/HTTP Verb Bypass Attempt || url,media.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs-and-Business-Applications-Slides.pdf
1 || 2017803 || 4 || attempted-admin || 0 || ET WEB_SERVER Possible WebLogic Admin Login With Default Creds || url,media.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs-and-Business-Applications-Slides.pdf
1 || 2017804 || 3 || attempted-admin || 0 || ET WEB_SERVER Possible WebLogic Admin Login With Default Creds || url,media.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs-and-Business-Applications-Slides.pdf
1 || 2017805 || 3 || attempted-user || 0 || ET WEB_SERVER Possible WebLogic Monitor Login With Default Creds || url,media.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs-and-Business-Applications-Slides.pdf
1 || 2017806 || 2 || attempted-user || 0 || ET WEB_SERVER Possible WebLogic Operator Login With Default Creds || url,media.blackhat.com/us-13/US-13-Polyakov-Practical-Pentesting-of-ERPs-and-Business-Applications-Slides.pdf
1 || 2017807 || 3 || web-application-attack || 0 || ET WEB_SERVER Possible MySQL SQLi User-Dump Attempt || url,pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
1 || 2017808 || 2 || web-application-attack || 0 || ET WEB_SERVER Possible MySQL SQLi Attempt Information Schema Access || url,pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
1 || 2017809 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK XOR'd Payload
1 || 2017810 || 2 || trojan-activity || 0 || ET EXPLOIT Metasploit Browser Exploit Server Plugin Detect
1 || 2017811 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Magnitude EK (formerly Popads) Java Jar Download
1 || 2017812 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Safe/CritX/FlashPack URI with Windows Plugin-Detect Data
1 || 2017813 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Safe/CritX/FlashPack SilverLight Payload
1 || 2017814 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Safe/CritX/FlashPack URI Struct .php?id=Hex
1 || 2017815 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Safe/CritX/FlashPack Edwards Packed PluginDetect
1 || 2017816 || 4 || trojan-activity || 0 || ET TROJAN Possible Upatre Downloader SSL certificate || url,blogs.technet.com/b/mmpc/archive/2013/10/31/upatre-emerging-up-d-at-er-in-the-wild.aspx
1 || 2017817 || 7 || trojan-activity || 0 || ET CURRENT_EVENTS Sweet Orange Landing Page Dec 09 2013
1 || 2017818 || 2 || trojan-activity || 0 || ET TROJAN Common Zbot EXE filename Dec 09 2013
1 || 2017819 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Styx EK iexp.html
1 || 2017820 || 5 || trojan-activity || 0 || ET WEB_SERVER IIS ISN BackDoor Command GetLog || url,blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module.html
1 || 2017821 || 5 || trojan-activity || 0 || ET WEB_SERVER IIS ISN BackDoor Command Delete Log || url,blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module.html
1 || 2017822 || 5 || trojan-activity || 0 || ET WEB_SERVER IIS ISN BackDoor Command Get Logpath || url,blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module.html
1 || 2017823 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS heapSpray in jjencode || url,www.invincea.com/2013/12/e-k-i-a-adobe-reader-exploit-cve-2013-3346-kernel-ndproxy-sys-zero-day-eop/
1 || 2017824 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Neutrino Landing Page Dec 09 2013
1 || 2017825 || 2 || trojan-activity || 0 || ET EXPLOIT Zollard PHP Exploit UA Outbound || cve,2012-1823 || url,blogs.cisco.com/security/the-internet-of-everything-including-malware/
1 || 2017826 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SPL2 EK Landing Dec 09 2013
1 || 2017827 || 6 || trojan-activity || 0 || ET CURRENT_EVENTS SPL2 EK Dec 09 2013 Java Request
1 || 2017828 || 2 || trojan-activity || 0 || ET WEB_SERVER Perl/Mambo.WebShell Spreader IRC Scanning Message
1 || 2017829 || 2 || trojan-activity || 0 || ET WEB_SERVER Perl/Mambo.WebShell Spreader IRC Open Ports Message
1 || 2017830 || 1 || trojan-activity || 0 || ET WEB_SERVER Perl/Mambo.WebShell Spreader IRC No Open Ports Message
1 || 2017831 || 2 || trojan-activity || 0 || ET WEB_SERVER Mambo.PerlBot Spreader IRC DDOS Attacking Message
1 || 2017832 || 1 || trojan-activity || 0 || ET WEB_SERVER Mambo.PerlBot Spreader IRC DDOS Attack Done Message
1 || 2017833 || 2 || trojan-activity || 0 || ET WEB_SERVER Mambo.PerlBot Spreader IRC DDOS PerlBot Version Message
1 || 2017834 || 2 || trojan-activity || 0 || ET WEB_SERVER Mambo.PerlBot Spreader IRC DDOS Mambo Scanning Message
1 || 2017835 || 3 || trojan-activity || 0 || ET WEB_SERVER Mambo.PerlBot Spreader IRC DDOS Exploited Message
1 || 2017836 || 3 || trojan-activity || 0 || ET TROJAN Possible Zbot Activity Common Download Struct
1 || 2017837 || 3 || trojan-activity || 0 || ET TROJAN Possible Zbot Activity Common Download Struct
1 || 2017838 || 2 || trojan-activity || 0 || ET TROJAN HTTP Connection To Known Sinkhole Domain sinkdns.org
1 || 2017839 || 2 || trojan-activity || 0 || ET TROJAN Vawtrak/NeverQuest Checkin
1 || 2017840 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit - JAR Exploit
1 || 2017841 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit - HTML
1 || 2017842 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS winhost(32|64).exe in URI
1 || 2017843 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SUSPICIOUS pony.exe in URI
1 || 2017844 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Styx Exploit Kit - EOT Exploit
1 || 2017845 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY FakeUpdate - URI - /styles/javaupdate.css
1 || 2017846 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY FakeUpdate - URI - Payload Requested
1 || 2017847 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Browlock Landing Page URI Struct
1 || 2017848 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SPL2 EK SilverLight
1 || 2017849 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible CVE-2013-2551 As seen in SPL2 EK
1 || 2017850 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS SPL2 PluginDetect Data Hash
1 || 2017851 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK Exploit URI Struct
1 || 2017852 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS HiMan EK Secondary Landing
1 || 2017853 || 2 || attempted-admin || 0 || ET WEB_SPECIFIC_APPS Wordpress OptimizePress Arbitratry File Upload || url,blog.sucuri.net/2013/12/wordpress-optimizepress-theme-file-upload-vulnerability.html
1 || 2017854 || 2 || attempted-admin || 0 || ET CURRENT_EVENTS PHP script in OptimizePress Upload Directory Possible WebShell Access || url,blog.sucuri.net/2013/12/wordpress-optimizepress-theme-file-upload-vulnerability.html
1 || 2017855 || 2 || trojan-activity || 0 || ET TROJAN W32/Ke3chang.MovieStar.APT Campaign CnC Beacon || url,www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf || url,www.fireeye.com/blog/technical/malware-research/2013/12/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs.html
1 || 2017856 || 2 || trojan-activity || 0 || ET TROJAN W32/Ke3chang.Snake.APT Campaign CnC Beacon || url,www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf || url,www.fireeye.com/blog/technical/malware-research/2013/12/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs.html
1 || 2017857 || 2 || trojan-activity || 0 || ET TROJAN W32/Ke3chang.MyWeb.APT Campaign CnC Beacon || url,www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf || url,www.fireeye.com/blog/technical/malware-research/2013/12/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs.html
1 || 2017858 || 2 || trojan-activity || 0 || ET TROJAN W32/Ke3chang.BMW.APT Campaign CnC Beacon || url,www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf || url,www.fireeye.com/blog/technical/malware-research/2013/12/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs.html
1 || 2017859 || 2 || trojan-activity || 0 || ET TROJAN W32/Ke3chang.Dream.APT Campaign CnC Beacon 2 || url,www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf || url,www.fireeye.com/blog/technical/malware-research/2013/12/operation-ke3chang-targeted-attacks-against-ministries-of-foreign-affairs.html
1 || 2017860 || 2 || trojan-activity || 0 || ET TROJAN W32/Ke3chang.MyWeb.APT Eourdegh Campaign CnC Beacon || url,www.fireeye.com/resources/pdfs/fireeye-operation-ke3chang.pdf || url,jsunpack.jeek.org/dec/go?report=e5f9dae61673a75db6dcb2475cb6ea8f22f66e9a
1 || 2017861 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Grandsoft/SofosFO EK Java Payload URI Struct
1 || 2017862 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CrimePack PDF Exploit
1 || 2017863 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CrimePack Java Exploit
1 || 2017864 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS CrimePack HCP Exploit
1 || 2017865 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CrimePack Jar 1 Dec 16 2013
1 || 2017866 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS CrimePack Jar 2 Dec 16 2013
1 || 2017867 || 2 || trojan-activity || 0 || ET TROJAN W32/Liftoh.Downloader Feed404 CnC Beacon || url,www.secureworks.com/cyber-threat-intelligence/threats/spam-campaign-delivers-liftoh-downloader/
1 || 2017868 || 2 || trojan-activity || 0 || ET TROJAN W32/Liftoh.Downloader Images CnC Beacon || url,www.secureworks.com/cyber-threat-intelligence/threats/spam-campaign-delivers-liftoh-downloader/
1 || 2017869 || 2 || trojan-activity || 0 || ET TROJAN W32/Liftoh.Downloader Final.html Payload Request || url,www.secureworks.com/cyber-threat-intelligence/threats/spam-campaign-delivers-liftoh-downloader/
1 || 2017870 || 3 || trojan-activity || 0 || ET TROJAN W32/Liftoh.Downloader Get Final Payload Request || url,www.secureworks.com/cyber-threat-intelligence/threats/spam-campaign-delivers-liftoh-downloader/
1 || 2017871 || 4 || trojan-activity || 0 || ET POLICY W32/BitCoinMiner.MultiThreat Subscribe/Authorize Stratum Protocol Message || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html || url,www.btcguild.com/new_protocol.php || url,mining.bitcoin.cz/stratum-mining
1 || 2017872 || 2 || trojan-activity || 0 || ET POLICY W32/BitCoinMiner.MultiThreat Stratum Protocol Mining.Notify Initial Connection Server Response || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html || url,www.btcguild.com/new_protocol.php || url,mining.bitcoin.cz/stratum-mining
1 || 2017873 || 3 || trojan-activity || 0 || ET POLICY W32/BitCoinMiner.MultiThreat Stratum Protocol Mining.Notify Work Server Response || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html || url,www.btcguild.com/new_protocol.php || url,mining.bitcoin.cz/stratum-mining
1 || 2017874 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS W32/BitCoinMiner Fake Flash Player Distribution Campaign - December 2013 || url,blog.malwarebytes.org/fraud-scam/2013/12/fake-flash-player-wants-to-go-mining/ || url,esearch.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html
1 || 2017875 || 2 || attempted-user || 0 || ET WEB_SERVER Coldfusion cfcexplorer Directory Traversal || url,blog.spiderlabs.com/2013/12/the-curious-case-of-the-malicious-iis-module-prologue-method-of-entry-analysis.html
1 || 2017876 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 5 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231
1 || 2017877 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 6 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231
1 || 2017878 || 3 || trojan-activity || 0 || ET POLICY W32/BitCoinMiner.MultiThreat Getblocktemplate Protocol Server Connection || url,en.bitcoin.it/wiki/Getblocktemplate
1 || 2017879 || 3 || trojan-activity || 0 || ET POLICY W32/BitCoinMiner.MultiThreat Getblocktemplate Protocol Server Coinbasetxn Begin Mining Response || url,en.bitcoin.it/wiki/Getblocktemplate
1 || 2017880 || 4 || trojan-activity || 0 || ET MALWARE W32/Linkular.Adware Sucessful Install Beacon || md5,7cc162a2ba136baaa38a9ccf46d97a06
1 || 2017881 || 3 || trojan-activity || 0 || ET MALWARE W32/Linkular.Adware Icons.dat Second Stage Download || md5,7cc162a2ba136baaa38a9ccf46d97a06
1 || 2017882 || 2 || attempted-user || 0 || ET WEB_SERVER Apache Solr Arbitrary XSLT inclusion attack || cve,CVE-2013-6397 || url,www.agarri.fr/kom/archives/2013/11/27/compromising_an_unreachable_solr_server_with_cve-2013-6397/index.html
1 || 2017883 || 3 || trojan-activity || 0 || ET DELETED W32/Ferret DDOS Bot CnC Beacon || md5,c49e3411294521d63c7cc28e08cf8a77 || url,www.arbornetworks.com/asert/2013/12/a-business-of-ferrets/
1 || 2017884 || 5 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - ZIP file with .exe filename inside (Inbound)
1 || 2017885 || 5 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - RAR file with .exe filename inside
1 || 2017886 || 2 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - EXE SMTP Attachment
1 || 2017887 || 2 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - ZIP file with .com filename inside
1 || 2017888 || 2 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - RAR file with .com filename inside
1 || 2017889 || 2 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - ZIP file with .scr filename inside
1 || 2017890 || 2 || bad-unknown || 0 || ET INFO SUSPICIOUS SMTP EXE - RAR file with .scr filename inside
1 || 2017891 || 2 || trojan-activity || 0 || ET TROJAN W32/GMUnpacker.Downloader Download Instructions Response From CnC || md5,43e89125ad40b18d22e01f997da8929a
1 || 2017892 || 2 || trojan-activity || 0 || ET MALWARE GMUnpackerInstaller.A Checkin || md5,43e89125ad40b18d22e01f997da8929a
1 || 2017893 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS DotkaChef Landing URI Struct || url,www.kahusecurity.com/2013/analyzing-dotkachef-exploit-pack/
1 || 2017894 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DotkaChef Payload Dec 20 2013 || url,www.kahusecurity.com/2013/analyzing-dotkachef-exploit-pack/
1 || 2017895 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Kuluoz/Asprox Activity Dec 23 2013 || md5,a3e0f51356d48124fba25485d1871b28 || url,www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-asprox-reborn.pdf
1 || 2017896 || 4 || trojan-activity || 0 || ET EXPLOIT Metasploit Plugin-Detect Posting Data 1 || url,github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer
1 || 2017897 || 4 || trojan-activity || 0 || ET EXPLOIT Metasploit Plugin-Detect Posting Data 2 || url,github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer
1 || 2017898 || 4 || trojan-activity || 0 || ET EXPLOIT Metasploit Plugin-Detect Posting Data 3 || url,github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer
1 || 2017899 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Possible PDF Dictionary Entry with Hex/Ascii replacement
1 || 2017900 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Metasploit 2013-3346
1 || 2017901 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Angler EK Flash Exploit Dec 24 2013
1 || 2017902 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Possible Flash/IE Payload Dec 24 2013
1 || 2017903 || 2 || trojan-activity || 0 || ET TROJAN Win32/Urausy.C Checkin 4 || md5,0032856449dbef5e63b8ed2f7a61fff9
1 || 2017904 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Angler EK Flash Exploit Dec 26 2013
1 || 2017905 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS SofosFO/GrandSoft PDF
1 || 2017906 || 2 || bad-unknown || 0 || ET CURRENT_EVENTS TDS Unknown_.aso - URI - IP.aso
1 || 2017907 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS GoonEK Landing with CVE-2013-2551 Dec 29 2013
1 || 2017908 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS GoonEK encrypted binary (1)
1 || 2017909 || 3 || trojan-activity || 0 || ET INFO suspicious - uncompressed pack200-ed JAR
1 || 2017910 || 3 || trojan-activity || 0 || ET INFO suspicious - gzipped file via JAVA - could be pack200-ed JAR
1 || 2017911 || 2 || trojan-activity || 0 || ET MALWARE W32/InstallRex.Adware Initial CnC Beacon || md5,9abbb5ea3f55b5182687db69af6cba66
1 || 2017912 || 2 || trojan-activity || 0 || ET MALWARE W32/InstallRex.Adware Report CnC Beacon || md5,9abbb5ea3f55b5182687db69af6cba66
1 || 2017913 || 3 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 7 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/PcClient.ZR&ThreatID=-2147325231 || md5,a2469f4913f1607e4207ba0a8768491c
1 || 2017914 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 8 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/PcClient.ZR&ThreatID=-2147325231 || md5,be92836bee1e8abc1d19d1c552e6c115
1 || 2017915 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 9 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/PcClient.ZR&ThreatID=-2147325231 || md5,a88e0e5a2c8fd31161b5e4a31e1307a0
1 || 2017916 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 10 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,a88e0e5a2c8fd31161b5e4a31e1307a0
1 || 2017917 || 5 || trojan-activity || 0 || ET TROJAN W32/Ferret DDOS Bot CnC Beacon 2 || md5,f582667d5ce743436fb24771eb22a0e8 || url,www.arbornetworks.com/asert/2013/12/a-business-of-ferrets/
1 || 2017918 || 2 || attempted-dos || 0 || ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x02 || url,www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks
1 || 2017919 || 2 || attempted-dos || 0 || ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x03 || url,www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks
1 || 2017920 || 2 || attempted-dos || 0 || ET DOS Possible NTP DDoS Multiple MON_LIST Seq 0 Response Spanning Multiple Packets IMPL 0x02 || url,www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks
1 || 2017921 || 2 || attempted-dos || 0 || ET DOS Possible NTP DDoS Multiple MON_LIST Seq 0 Response Spanning Multiple Packets IMPL 0x03 || url,www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks
1 || 2017922 || 3 || trojan-activity || 0 || ET TROJAN Win32.Morix.B checkin || md5,25623fa3a64f6bed301822f8fe6aa9b5
1 || 2017923 || 2 || web-application-attack || 0 || ET EXPLOIT MMCS service (Little Endian) || url,github.com/elvanderb/TCP-32764
1 || 2017924 || 2 || web-application-attack || 0 || ET EXPLOIT MMCS service (Big Endian) || url,github.com/elvanderb/TCP-32764
1 || 2017925 || 3 || policy-violation || 0 || ET POLICY DNS lookup for bridges.torproject.org IP lookup/Tor Usage check || url,www.torproject.org/docs/bridges.html.en || md5,2e3f7f9b3b4c29aceccab693aeccfa5a
1 || 2017926 || 2 || policy-violation || 0 || ET POLICY DNS lookup for check.torproject.org IP lookup/Tor Usage check || md5,e87f0db605517e851d571af2e78c5966
1 || 2017927 || 2 || policy-violation || 0 || ET POLICY check.torproject.org IP lookup/Tor Usage check over HTTP || md5,e87f0db605517e851d571af2e78c5966
1 || 2017928 || 2 || policy-violation || 0 || ET POLICY check.torproject.org IP lookup/Tor Usage check over TLS with SNI
1 || 2017929 || 2 || policy-violation || 0 || ET POLICY bridges.torproject.org over TLS with SNI || url,www.torproject.org/docs/bridges.html.en
1 || 2017930 || 9 || trojan-activity || 0 || ET TROJAN Trojan Generic - POST To gate.php with no referer
1 || 2017931 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS DRIVEBY Redirection - Injection - Modified Edwards Packer Script
1 || 2017933 || 2 || policy-violation || 0 || ET POLICY TraceMyIP IP lookup
1 || 2017934 || 3 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 11 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,a2469f4913f1607e4207ba0a8768491c
1 || 2017935 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 12 SET || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,a2469f4913f1607e4207ba0a8768491c
1 || 2017936 || 3 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 12 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,a2469f4913f1607e4207ba0a8768491c
1 || 2017937 || 3 || trojan-activity || 0 || ET TROJAN Fake/Short Google Search Appliance UA Win32/Ranbyus and Others || url,developers.google.com/search-appliance/documentation/50/help_mini/crawl_headers || md5,98b58bd8a5138a31105e118e755a3773 || md5,c07a6035e9c7fed2467afab1a9dbcf40
1 || 2017938 || 3 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 13 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,6a6ef7b4c7e8300a73b206e32e14ce3c
1 || 2017940 || 2 || trojan-activity || 0 || ET TROJAN Zbot Variant SSL cert for whoismama.ru || md5,cca1713888b0534954234cf31dd5a7d4
1 || 2017941 || 3 || trojan-activity || 0 || ET TROJAN Zbot Variant SSL cert for dewart.ru || md5,6e0a6c4a06a446f70ae1463129711122
1 || 2017942 || 1 || trojan-activity || 0 || ET TROJAN Zbot Variant SSL cert for anlogtewron.ru || md5,c13c3e331f05d61a7204fb4599b07709
1 || 2017943 || 1 || trojan-activity || 0 || ET TROJAN Zbot Variant SSL cert for erjentronem.ru || md5,05ddaa5b6b56123e792fd67bb03376bc
1 || 2017944 || 5 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 14 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,9fae15fa8ab6bb8d78d609bdceafe28e
1 || 2017945 || 2 || trojan-activity || 0 || ET TROJAN Adware.PUQD Checkin || md5,e44962d7dec79c09a767a1d3e8ce02d8 || url,www.virustotal.com/en/file/1a1ff0fc6af6f7922bae906728e1919957998157f3a0cf1f1a0d3292f0eecd85/analysis/
1 || 2017946 || 3 || trojan-activity || 0 || ET TROJAN Agent.BAAB Checkin || md5,406fea6262d8ee05e0ab4247c1083443 || url,www.virustotal.com/en/file/b0baed750f09ff058e5bd28d6443da833496dc1d1ed674ee6b2caf91889f648e/analysis/1389133969/
1 || 2017947 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Styx Kein Landing URI Struct
1 || 2017948 || 2 || trojan-activity || 0 || ET TROJAN LDPinch Checkin Post
1 || 2017949 || 5 || attempted-recon || 0 || ET USER_AGENTS FOCA User-Agent || url,blog.bannasties.com/2013/08/vulnerability-scans/
1 || 2017950 || 3 || attempted-recon || 0 || ET SCAN FOCA uri || url,blog.bannasties.com/2013/08/vulnerability-scans/
1 || 2017951 || 3 || web-application-attack || 0 || ET WEB_SERVER ATTACKER WebShell - PHP Offender - Title
1 || 2017952 || 2 || web-application-attack || 0 || ET WEB_SERVER ATTACKER WebShell - PHP Offender - POST Command
1 || 2017953 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Landing Jan 10 2014
1 || 2017954 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Landing Jan 10 2014 1
1 || 2017955 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Landing Jan 10 2014 2
1 || 2017956 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK Landing Jan 10 2014 3
1 || 2017957 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS GoonEK Landing Jan 10 2014
1 || 2017958 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino EK SilverLight Exploit Jan 11 2014
1 || 2017959 || 2 || trojan-activity || 0 || ET TROJAN W32/Mevade.Variant CnC POST || url,labs.umbrella.com/2013/10/24/mysterious-dga-lets-investigate-sgraph/ || url,www.anubisnetworks.com/unknowndga17-the-mevade-connection/
1 || 2017960 || 2 || policy-violation || 0 || ET POLICY Bitcoin Mining Server Stratum Protocol HTTP Header || url,www.anubisnetworks.com/unknowndga17-the-mevade-connection/
1 || 2017961 || 5 || trojan-activity || 0 || ET DELETED PE EXE or DLL Windows file download disguised as ASCII - SET
1 || 2017962 || 4 || trojan-activity || 0 || ET TROJAN PE EXE or DLL Windows file download disguised as ASCII
1 || 2017963 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino/Fiesta SilverLight Exploit Jan 13 2014 DLL Naming Convention
1 || 2017964 || 2 || trojan-activity || 0 || ET TROJAN Kishop.A checkin || md5,bad7cd3c534c95867f5dbe5c5169a4da
1 || 2017965 || 3 || attempted-dos || 0 || ET DOS Likely NTP DDoS In Progress MON_LIST Response to Non-Ephemeral Port IMPL 0x02 || url,www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-reflection-attacks || url,en.wikipedia.org/wiki/Ephemeral_port
1 || 2017967 || 3 || trojan-activity || 0 || ET TROJAN StartPage jsp checkin || md5,bb7bbb0646e705ab036d73d920983256
1 || 2017968 || 4 || trojan-activity || 0 || ET INFO Suspicious Possible Process Dump in POST body || url,www.securelist.com/en/blog/208214213/The_Icefog_APT_Hits_US_Targets_With_Java_Backdoor
1 || 2017969 || 2 || attempted-admin || 0 || ET CURRENT_EVENTS Netgear N150 passwordrecovered.cgi attempt || url,www.securityfocus.com/archive/1/530743/30/0/threaded
1 || 2017970 || 3 || trojan-activity || 0 || ET TROJAN PWS.Win32/Daceluw.A Checkin || url,xylibox.com/2014/01/trojwowspy-a.html
1 || 2017971 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Neutrino IE/Silverlight Payload Download
1 || 2017972 || 4 || trojan-activity || 0 || ET TROJAN ICEFOG JAVAFOG JAR checkin || url,www.securelist.com/en/blog/208214213/The_Icefog_APT_Hits_US_Targets_With_Java_Backdoor || url,jsunpack.jeek.org/dec/go?report=6b63068d3259f5032a301e0d3f935b4d3f2e2998
1 || 2017973 || 9 || trojan-activity || 0 || ET CURRENT_EVENTS Nuclear EK CVE-2013-3918
1 || 2017974 || 1 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 15 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,edd8c8009fc1ce2991eef6069ae6bf82
1 || 2017975 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible AnglerEK Landing URI Struct
1 || 2017976 || 10 || trojan-activity || 0 || ET CURRENT_EVENTS Possible AnglerEK Java Exploit/Payload Structure Jan 16 2014
1 || 2017977 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Updatre SSL Certificate cardiffpower
1 || 2017978 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate marchsf
1 || 2017979 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate california89
1 || 2017980 || 4 || misc-activity || 0 || ET INFO InformationCardSigninHelper ClassID (Vulnerable ActiveX Control in CVE-2013-3918)
1 || 2017981 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Updatre Compromised SSL Certificate thebostonshaker
1 || 2017982 || 3 || trojan-activity || 0 || ET MALWARE Suspicious User-Agent 100 non-printable char || md5,176638536e926019e3e79370777d5e03
1 || 2017983 || 3 || trojan-activity || 0 || ET TROJAN Java/Jacksbot Check-in || md5,6d93fc6132ae6938013cdd95354bff4e
1 || 2017984 || 5 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK encrypted binary (1) Jan 17 2013
1 || 2017985 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK encrypted binary (2) Jan 17 2013
1 || 2017986 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK encrypted binary (3) Jan 17 2013
1 || 2017987 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Upatre SSL Compromised site appsredeeem
1 || 2017988 || 5 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 16 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,ece8808981043f830bacc4133d68e394
1 || 2017989 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Angler EK encrypted binary (4)
1 || 2017990 || 11 || trojan-activity || 0 || ET TROJAN Cybergate/Rebhip/Spyrat Backdoor Keepalive
1 || 2017991 || 6 || trojan-activity || 0 || ET TROJAN Cybergate/Rebhip/Spyrat Backdoor Keepalive Response
1 || 2017992 || 4 || trojan-activity || 0 || ET TROJAN Win32/OutBrowse.G Variant Checkin || md5,d75055c45e2c5293c3e0fbffb299ea6d || url,www.virustotal.com/en/file/95e0eaaee080f2c167464ed6da7e4b7a27937ac64fd3e1792a1aa84c1aed488e analysis/
1 || 2017993 || 8 || trojan-activity || 0 || ET TROJAN GoonEK Jan 21 2013
1 || 2017994 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS VBSAutorun_VBS_Jenxcus Check-in UA || url,kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/24000/PD24761/en_US/McAfee%20Labs%20Threat%20Advisory-VBSAutorun%20Worm.pdf || url, www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?ThreatId=-2147283579&mstLocPickShow=False#tab=2
1 || 2017995 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 1
1 || 2017996 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 2
1 || 2017997 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS GoonEK Landing Jan 21 2013 SilverLight 3
1 || 2017998 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible IE/SilverLight GoonEK Payload Download
1 || 2017999 || 5 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HeHe.Spy getLastVersion CnC Beacon || url,www.fireeye.com/blog/technical/2014/01/android-hehe-malware-now-disconnects-phone-calls.html
1 || 2018000 || 5 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HeHe.Spy RegisterRequest CnC Beacon || url,www.fireeye.com/blog/technical/2014/01/android-hehe-malware-now-disconnects-phone-calls.html
1 || 2018001 || 4 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HeHe.Spy LoginRequest CnC Beacon || url,www.fireeye.com/blog/technical/2014/01/android-hehe-malware-now-disconnects-phone-calls.html
1 || 2018002 || 5 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HeHe.Spy ReportRequest CnC Beacon || url,www.fireeye.com/blog/technical/2014/01/android-hehe-malware-now-disconnects-phone-calls.html
1 || 2018003 || 3 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HeHe.Spy GetTaskRequest CnC Beacon || url,www.fireeye.com/blog/technical/2014/01/android-hehe-malware-now-disconnects-phone-calls.html
1 || 2018004 || 2 || trojan-activity || 0 || ET MOBILE_MALWARE Android/HeHe.Spy ReportMessageRequest CnC Beacon || url,www.fireeye.com/blog/technical/2014/01/android-hehe-malware-now-disconnects-phone-calls.html
1 || 2018005 || 3 || trojan-activity || 0 || ET TROJAN Possible Upatre Downloader SSL certificate (fake org)
1 || 2018006 || 3 || trojan-activity || 0 || ET CURRENT_EVENTS Possible Browlock Hostname Format US
1 || 2018007 || 3 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 17 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231
1 || 2018008 || 3 || trojan-activity || 0 || ET TROJAN DNS Query Possible Zbot Infection Query for networksecurityx.hopto.org || md5,37782108e8b7f331a6fdeabef9c8a774 || md5,10fa9c6c27e6eb512d12dee8181e182f
1 || 2018009 || 3 || bad-unknown || 0 || ET DELETED SUSPICIOUS HTTP Request to .bit domain || url,normanshark.com/blog/necurs-cc-domains-non-censorable/ || md5,243dda18666ae2a64685e51d82c5ad69
1 || 2018010 || 3 || trojan-activity || 0 || ET TROJAN Suspicious UA (^IE[\d\s]) || md5,209e6701da137084c2f60c90d64505f2
1 || 2018011 || 2 || attempted-user || 0 || ET CURRENT_EVENTS Fiesta EK Landing Jan 24 2013
1 || 2018012 || 2 || policy-violation || 0 || ET P2P Vagaa peer-to-peer (Transfer) || url,en.wikipedia.org/wiki/Vagaa
1 || 2018013 || 3 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 18 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor:Win32/PcClient.ZR&ThreatID=-2147325231 || md5,1f46b1e0a7fe83d24352e98b3ab3fc3f
1 || 2018014 || 1 || policy-violation || 0 || ET POLICY PrimeCoinMiner.Protominer || md5,4cab48eec2b882ec33db2e2a13ecffe6
1 || 2018015 || 2 || trojan-activity || 0 || ET TROJAN Limitless Logger Sending Data over SMTP || md5,243dda18666ae2a64685e51d82c5ad69
1 || 2018016 || 2 || trojan-activity || 0 || ET TROJAN Limitless Logger Sending Data over SMTP 2 || md5,243dda18666ae2a64685e51d82c5ad69
1 || 2018017 || 2 || trojan-activity || 0 || ET TROJAN Predator Logger Sending Data over SMTP || md5,91f885e08d627097fb1116a3d4634b82
1 || 2018018 || 2 || trojan-activity || 0 || ET TROJAN Win32/Antilam.2_0 Sending Data over SMTP || md5,d95845c510ec1f5ad38cb9ccab16c38b
1 || 2018019 || 2 || trojan-activity || 0 || ET TROJAN Win32.WinSpy.pob Sending Data over SMTP || md5,d95845c510ec1f5ad38cb9ccab16c38b
1 || 2018020 || 2 || trojan-activity || 0 || ET TROJAN Win32.WinSpy.pob Sending Data over SMTP 2 || md5,d95845c510ec1f5ad38cb9ccab16c38b
1 || 2018021 || 4 || policy-violation || 0 || ET POLICY myip.ru IP lookup
1 || 2018022 || 4 || trojan-activity || 0 || ET TROJAN Possible Win32/Dimegup.A Downloading Image Common URI Struct || md5,914c58df5d868f7c3438921d682f7fe5
1 || 2018023 || 2 || trojan-activity || 0 || ET TROJAN W32/LockscreenBEI.Scareware Cnc Beacon || md5,04948b6045730d4ec626f79504c7f9ad || md5,9fff65c23fe403d25c08a5cdd3dc775d
1 || 2018024 || 3 || trojan-activity || 0 || ET MALWARE W32/BettrExperience.Adware Initial Checkin || md5,b2651071fbd14bff5fb39bd90f447d27
1 || 2018025 || 3 || trojan-activity || 0 || ET MALWARE W32/BettrExperience.Adware POST Checkin || md5,b2651071fbd14bff5fb39bd90f447d27
1 || 2018026 || 1 || trojan-activity || 0 || ET MALWARE W32/BettrExperience.Adware Update Checkin || md5,b2651071fbd14bff5fb39bd90f447d27
1 || 2018027 || 2 || trojan-activity || 0 || ET TROJAN Win32/Xtrat C2 Response || url,threatexpert.com/report.aspx?md5=f45b1b82c849fbbea3374ae7e9200092
1 || 2018028 || 3 || trojan-activity || 0 || ET TROJAN W32/Madness Checkin || url,www.arbornetworks.com/asert/2014/01/can-i-play-with-madness/ || md5,3e4107ccf956e2fc7af171adf3c18f0a
1 || 2018029 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS ehow/livestrong Malicious Flash 10/11
1 || 2018030 || 2 || trojan-activity || 0 || ET TROJAN Limitless Logger RAT HTTP Activity
1 || 2018031 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Hostile _dsgweed.class JAR exploit
1 || 2018032 || 2 || trojan-activity || 0 || ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 19 || url,www.securelist.com/en/descriptions/10155706/Trojan-GameThief.Win32.Magania.eogz || url,www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FPcClient.ZR&ThreatID=-2147325231 || md5,2b0f0479b14069b378fb454c92086897
1 || 2018033 || 3 || trojan-activity || 0 || ET TROJAN Win32.Genome.boescz Checkin || md5,313535d09865f3629423cd0e9b2903b2 || url,www.virustotal.com/en/file/75c454bbcfc06375ad1e8b45d4167d7830083202f06c6309146e9a4870cddfba/analysis/
1 || 2018034 || 1 || trojan-activity || 0 || ET TROJAN W32/Banker.AALV checkin || md5,74bfd81b345a6ef36be5fcf6964af6e1
1 || 2018035 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS StyX Landing Jan 29 2014
1 || 2018036 || 4 || trojan-activity || 0 || ET TROJAN SolarBot Plugin Download Server Response
1 || 2018037 || 4 || trojan-activity || 0 || ET CURRENT_EVENTS CookieBomb 2.0 In Server Response Jan 29 2014 || url,malwaremustdie.blogspot.jp/2014/01/and-another-detonating-method-of-todays.html
1 || 2018038 || 2 || trojan-activity || 0 || ET TROJAN SolarBot Plugin Download MessageBox
1 || 2018039 || 2 || trojan-activity || 0 || ET TROJAN SolarBot Plugin Download ComputerInfo
1 || 2018040 || 2 || trojan-activity || 0 || ET TROJAN SolarBot Plugin Download WalletSteal
1 || 2018041 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Current Asprox Spam Campaign
1 || 2100110 || 5 || misc-activity || 0 || GPL DELETED netbus getinfo || arachnids,403
1 || 2100116 || 6 || misc-activity || 0 || GPL TROJAN BackOrifice access || arachnids,399
1 || 2100144 || 10 || suspicious-login || 0 || GPL FTP ADMw0rm ftp login attempt || arachnids,01
1 || 2100252 || 9 || attempted-recon || 0 || GPL DNS named iquery attempt || bugtraq,134 || cve,1999-0009 || url,www.rfc-editor.org/rfc/rfc1035.txt
1 || 2100253 || 5 || bad-unknown || 0 || GPL DNS SPOOF query response PTR with TTL of 1 min. and no authority
1 || 2100254 || 5 || bad-unknown || 0 || GPL DNS SPOOF query response with TTL of 1 min. and no authority
1 || 2100255 || 14 || attempted-recon || 0 || GPL DNS zone transfer TCP || arachnids,212 || cve,1999-0532 || nessus,10595
1 || 2100256 || 8 || attempted-recon || 0 || GPL DNS named authors attempt || nessus,10728
1 || 2100257 || 10 || attempted-recon || 0 || GPL DNS named version attempt || arachnids,278 || nessus,10028
1 || 2100258 || 7 || attempted-admin || 0 || GPL DNS EXPLOIT named 8.2->8.2.1 || bugtraq,788 || cve,1999-0833
1 || 2100259 || 8 || attempted-admin || 0 || GPL DNS named overflow ADM || bugtraq,788 || cve,1999-0833
1 || 2100261 || 7 || attempted-admin || 0 || GPL DNS named overflow attempt || url,www.cert.org/advisories/CA-1998-05.html
1 || 2100268 || 5 || attempted-dos || 0 || GPL DOS Jolt attack || cve,1999-0345
1 || 2100270 || 7 || attempted-dos || 0 || GPL MISC Teardrop attack || bugtraq,124 || cve,1999-0015 || nessus,10279 || url,www.cert.org/advisories/CA-1997-28.html
1 || 2100272 || 11 || attempted-dos || 0 || GPL DOS IGMP dos attack || bugtraq,514 || cve,1999-0918 || url,www.microsoft.com/technet/security/bulletin/MS99-034.mspx
1 || 2100281 || 6 || attempted-dos || 0 || GPL MISC Ascend Route || bugtraq,714 || cve,1999-0060
1 || 2100286 || 13 || attempted-admin || 0 || GPL POP3 x86 BSD overflow || bugtraq,133 || cve,1999-0006 || nessus,10196
1 || 2100287 || 8 || attempted-admin || 0 || GPL POP3 x86 BSD overflow 2
1 || 2100288 || 8 || attempted-admin || 0 || GPL POP3 x86 Linux overflow
1 || 2100289 || 11 || attempted-admin || 0 || GPL POP3 x86 SCO overflow || bugtraq,156 || cve,1999-0006
1 || 2100290 || 11 || attempted-admin || 0 || GPL DELETED qpopper overflow || bugtraq,830 || cve,1999-0822 || nessus,10184
1 || 2100291 || 13 || attempted-user || 0 || GPL DELETED Cassandra Overflow || arachnids,274 || bugtraq,1156 || cve,2000-0341
1 || 2100292 || 9 || attempted-admin || 0 || GPL NETBIOS x86 Linux samba overflow || bugtraq,1816 || bugtraq,536 || cve,1999-0182 || cve,1999-0811
1 || 2100293 || 8 || attempted-admin || 0 || GPL IMAP Overflow Attempt
1 || 2100302 || 10 || attempted-admin || 0 || GPL EXPLOIT Redhat 7.0 lprd overflow || bugtraq,1712 || cve,2000-0917
1 || 2100304 || 10 || attempted-admin || 0 || GPL DELETED SCO calserver overflow || bugtraq,2353 || cve,2000-0306
1 || 2100308 || 11 || attempted-user || 0 || GPL FTP NextFTP client overflow || bugtraq,572 || cve,1999-0671
1 || 2100312 || 7 || attempted-admin || 0 || GPL EXPLOIT ntpdx overflow attempt || bugtraq,2540 || cve,2001-0414
1 || 2100315 || 7 || attempted-admin || 0 || GPL EXPLOIT x86 Linux mountd overflow || bugtraq,121 || cve,1999-0002
1 || 2100319 || 6 || attempted-admin || 0 || GPL EXPLOIT bootp x86 linux overflow || cve,1999-0389 || cve,1999-0798 || cve,1999-0799
1 || 2100321 || 7 || attempted-recon || 0 || GPL SCAN Finger Account Enumeration Attempt || nessus,10788
1 || 2100322 || 12 || attempted-recon || 0 || GPL SCAN Finger Search Query || arachnids,375 || cve,1999-0259
1 || 2100323 || 7 || attempted-recon || 0 || GPL SCAN Finger Root Query || arachnids,376
1 || 2100324 || 7 || attempted-recon || 0 || GPL SCAN Finger Null Request || arachnids,377
1 || 2100325 || 6 || attempted-recon || 0 || GPL SCAN Finger Probe 0 Attempt || arachnids,378
1 || 2100326 || 11 || attempted-user || 0 || GPL MISC Finger remote command execution attempt || arachnids,379 || bugtraq,974 || cve,1999-0150
1 || 2100327 || 10 || attempted-user || 0 || GPL MISC Finger remote command pipe execution attempt || arachnids,380 || bugtraq,2220 || cve,1999-0152
1 || 2100328 || 10 || attempted-dos || 0 || GPL MISC Finger bomb attempt || arachnids,381 || cve,1999-0106
1 || 2100329 || 9 || attempted-recon || 0 || GPL SCAN cybercop redirection || arachnids,11
1 || 2100330 || 11 || attempted-recon || 0 || GPL SCAN Finger Redirection Attempt || arachnids,251 || cve,1999-0105 || nessus,10073
1 || 2100331 || 11 || attempted-recon || 0 || GPL SCAN cybercop query || arachnids,132 || cve,1999-0612
1 || 2100332 || 10 || attempted-recon || 0 || GPL SCAN Finger 0 Query || arachnids,131 || arachnids,378 || cve,1999-0197 || nessus,10069
1 || 2100333 || 10 || attempted-recon || 0 || GPL SCAN Finger . query || arachnids,130 || cve,1999-0198 || nessus,10072
1 || 2100334 || 7 || suspicious-filename-detect || 0 || GPL FTP .forward || arachnids,319
1 || 2100335 || 6 || suspicious-filename-detect || 0 || GPL FTP .rhosts || arachnids,328
1 || 2100336 || 11 || bad-unknown || 0 || GPL FTP CWD ~root attempt || arachnids,318 || cve,1999-0082
1 || 2100337 || 13 || attempted-admin || 0 || GPL FTP CEL overflow attempt || arachnids,257 || bugtraq,679 || cve,1999-0789 || nessus,10009
1 || 2100338 || 11 || attempted-user || 0 || GPL FTP SITE EXEC format string || arachnids,453 || bugtraq,1387 || cve,2000-0573
1 || 2100339 || 11 || attempted-user || 0 || GPL FTP OpenBSD x86 ftpd || arachnids,446 || bugtraq,2124 || cve,2001-0053
1 || 2100340 || 9 || attempted-admin || 0 || GPL FTP PWD overflow
1 || 2100341 || 9 || attempted-admin || 0 || GPL FTP XXXXX overflow
1 || 2100342 || 11 || attempted-user || 0 || GPL FTP wu-ftpd 2.6.0 site exec format string overflow Solaris 2.8 || arachnids,451 || bugtraq,1387 || cve,2000-0573
1 || 2100343 || 12 || attempted-admin || 0 || GPL FTP wu-ftpd 2.6.0 site exec format string overflow FreeBSD || arachnids,228 || bugtraq,1387 || cve,2000-0573
1 || 2100344 || 12 || attempted-admin || 0 || GPL FTP wu-ftpd 2.6.0 site exec format string overflow Linux || arachnids,287 || bugtraq,1387 || cve,2000-0573
1 || 2100345 || 13 || attempted-admin || 0 || GPL FTP wu-ftpd 2.6.0 site exec format string overflow generic || arachnids,285 || bugtraq,1387 || cve,2000-0573 || nessus,10452
1 || 2100346 || 11 || attempted-recon || 0 || GPL FTP wu-ftpd 2.6.0 site exec format string check || arachnids,286 || bugtraq,1387 || cve,2000-0573
1 || 2100348 || 9 || attempted-user || 0 || GPL FTP wu-ftpd 2.6.0 || arachnids,440 || bugtraq,1387
1 || 2100349 || 13 || attempted-admin || 0 || GPL FTP MKD overflow || bugtraq,113 || bugtraq,2242 || cve,1999-0368
1 || 2100353 || 7 || suspicious-login || 0 || GPL SCAN adm scan || arachnids,332
1 || 2100354 || 7 || suspicious-login || 0 || GPL FTP iss scan || arachnids,331
1 || 2100355 || 7 || suspicious-login || 0 || GPL FTP pass wh00t || arachnids,324
1 || 2100356 || 7 || suspicious-filename-detect || 0 || GPL FTP passwd retrieval attempt || arachnids,213
1 || 2100357 || 7 || suspicious-login || 0 || GPL FTP piss scan
1 || 2100358 || 7 || suspicious-login || 0 || GPL FTP saint scan || arachnids,330
1 || 2100359 || 7 || suspicious-login || 0 || GPL FTP satan scan || arachnids,329
1 || 2100360 || 9 || bad-unknown || 0 || GPL FTP serv-u directory transversal || bugtraq,2052 || cve,2001-0054
1 || 2100361 || 17 || bad-unknown || 0 || GPL FTP SITE EXEC attempt || arachnids,317 || bugtraq,2241 || cve,1999-0080 || cve,1999-0955
1 || 2100362 || 14 || bad-unknown || 0 || GPL FTP tar parameters || arachnids,134 || bugtraq,2240 || cve,1999-0202 || cve,1999-0997
1 || 2100363 || 8 || misc-activity || 0 || GPL ICMP_INFO IRDP router advertisement || arachnids,173 || bugtraq,578 || cve,1999-0875
1 || 2100364 || 8 || misc-activity || 0 || GPL ICMP_INFO IRDP router selection || arachnids,174 || bugtraq,578 || cve,1999-0875
1 || 2100365 || 9 || misc-activity || 0 || GPL ICMP PING undefined code
1 || 2100366 || 8 || misc-activity || 0 || GPL ICMP_INFO PING *NIX
1 || 2100368 || 7 || misc-activity || 0 || GPL ICMP_INFO PING BSDtype || arachnids,152
1 || 2100369 || 7 || misc-activity || 0 || GPL ICMP_INFO PING BayRS Router || arachnids,438 || arachnids,444
1 || 2100370 || 8 || misc-activity || 0 || GPL ICMP_INFO PING BeOS4.x || arachnids,151
1 || 2100371 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Cisco Type.x || arachnids,153
1 || 2100372 || 8 || misc-activity || 0 || GPL SCAN PING Delphi-Piette Windows || arachnids,155
1 || 2100373 || 7 || misc-activity || 0 || GPL ICMP_INFO PING Flowpoint2200 or Network Management Software || arachnids,156
1 || 2100374 || 8 || misc-activity || 0 || GPL ICMP_INFO PING IP NetMonitor Macintosh || arachnids,157
1 || 2100375 || 7 || misc-activity || 0 || GPL ICMP_INFO PING LINUX/*BSD || arachnids,447
1 || 2100376 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Microsoft Windows || arachnids,159
1 || 2100377 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Network Toolbox 3 Windows || arachnids,161
1 || 2100378 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Ping-O-MeterWindows || arachnids,164
1 || 2100379 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Pinger Windows || arachnids,163
1 || 2100380 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Seer Windows || arachnids,166
1 || 2100381 || 7 || misc-activity || 0 || GPL ICMP_INFO PING Sun Solaris || arachnids,448
1 || 2100382 || 8 || misc-activity || 0 || GPL ICMP_INFO PING Windows || arachnids,169
1 || 2100384 || 6 || misc-activity || 0 || GPL ICMP_INFO PING
1 || 2100385 || 5 || attempted-recon || 0 || GPL ICMP_INFO traceroute || arachnids,118
1 || 2100386 || 6 || misc-activity || 0 || GPL ICMP_INFO Address Mask Reply
1 || 2100387 || 8 || misc-activity || 0 || GPL ICMP Address Mask Reply undefined code
1 || 2100388 || 6 || misc-activity || 0 || GPL ICMP_INFO Address Mask Request
1 || 2100389 || 8 || misc-activity || 0 || GPL ICMP Address Mask Request undefined code
1 || 2100390 || 6 || misc-activity || 0 || GPL ICMP_INFO Alternate Host Address
1 || 2100391 || 9 || misc-activity || 0 || GPL ICMP Alternate Host Address undefined code
1 || 2100392 || 6 || misc-activity || 0 || GPL ICMP Datagram Conversion Error
1 || 2100393 || 9 || misc-activity || 0 || GPL ICMP Datagram Conversion Error undefined code
1 || 2100394 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Destination Host Unknown
1 || 2100395 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Destination Network Unknown
1 || 2100396 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Fragmentation Needed and DF bit was set
1 || 2100397 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Host Precedence Violation
1 || 2100398 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Host Unreachable for Type of Service
1 || 2100399 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Host Unreachable
1 || 2100400 || 8 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Network Unreachable for Type of Service
1 || 2100401 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Network Unreachable
1 || 2100402 || 8 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Port Unreachable
1 || 2100403 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Precedence Cutoff in effect
1 || 2100404 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Protocol Unreachable
1 || 2100405 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Source Host Isolated
1 || 2100406 || 7 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Source Route Failed
1 || 2100407 || 9 || misc-activity || 0 || GPL ICMP Destination Unreachable undefined code
1 || 2100408 || 6 || misc-activity || 0 || GPL ICMP_INFO Echo Reply
1 || 2100409 || 8 || misc-activity || 0 || GPL ICMP Echo Reply undefined code
1 || 2100410 || 6 || misc-activity || 0 || GPL ICMP_INFO Fragment Reassembly Time Exceeded
1 || 2100411 || 6 || misc-activity || 0 || GPL ICMP_INFO IPV6 I-Am-Here
1 || 2100412 || 8 || misc-activity || 0 || GPL ICMP IPV6 I-Am-Here undefined code
1 || 2100413 || 6 || misc-activity || 0 || GPL ICMP_INFO IPV6 Where-Are-You
1 || 2100414 || 8 || misc-activity || 0 || GPL ICMP IPV6 Where-Are-You undefined code
1 || 2100415 || 6 || misc-activity || 0 || GPL ICMP_INFO Information Reply
1 || 2100416 || 8 || misc-activity || 0 || GPL ICMP Information Reply undefined code
1 || 2100417 || 6 || misc-activity || 0 || GPL ICMP_INFO Information Request
1 || 2100418 || 8 || misc-activity || 0 || GPL ICMP Information Request undefined code
1 || 2100419 || 6 || misc-activity || 0 || GPL ICMP_INFO Mobile Host Redirect
1 || 2100420 || 8 || misc-activity || 0 || GPL ICMP Mobile Host Redirect undefined code
1 || 2100421 || 6 || misc-activity || 0 || GPL ICMP_INFO Mobile Registration Reply
1 || 2100422 || 8 || misc-activity || 0 || GPL ICMP Mobile Registration Reply undefined code
1 || 2100423 || 6 || misc-activity || 0 || GPL ICMP_INFO Mobile Registration Request
1 || 2100424 || 8 || misc-activity || 0 || GPL ICMP Mobile Registration Request undefined code
1 || 2100425 || 7 || misc-activity || 0 || GPL ICMP Parameter Problem Bad Length
1 || 2100426 || 8 || misc-activity || 0 || GPL ICMP Parameter Problem Missing a Required Option
1 || 2100427 || 7 || misc-activity || 0 || GPL ICMP Parameter Problem Unspecified Error
1 || 2100428 || 8 || misc-activity || 0 || GPL ICMP Parameter Problem undefined Code
1 || 2100429 || 7 || misc-activity || 0 || GPL ICMP Photuris Reserved
1 || 2100430 || 7 || misc-activity || 0 || GPL ICMP Photuris Unknown Security Parameters Index
1 || 2100431 || 7 || misc-activity || 0 || GPL ICMP Photuris Valid Security Parameters, But Authentication Failed
1 || 2100432 || 7 || misc-activity || 0 || GPL ICMP Photuris Valid Security Parameters, But Decryption Failed
1 || 2100433 || 9 || misc-activity || 0 || GPL ICMP Photuris undefined code!
1 || 2100436 || 7 || misc-activity || 0 || GPL ICMP_INFO Redirect for TOS and Host
1 || 2100437 || 7 || misc-activity || 0 || GPL ICMP_INFO Redirect for TOS and Network
1 || 2100438 || 10 || misc-activity || 0 || GPL ICMP Redirect undefined code
1 || 2100439 || 7 || misc-activity || 0 || GPL ICMP Reserved for Security Type 19
1 || 2100440 || 8 || misc-activity || 0 || GPL ICMP Reserved for Security Type 19 undefined code
1 || 2100441 || 7 || misc-activity || 0 || GPL ICMP_INFO Router Advertisement || arachnids,173
1 || 2100443 || 6 || misc-activity || 0 || GPL ICMP_INFO Router Selection || arachnids,174
1 || 2100445 || 6 || misc-activity || 0 || GPL ICMP_INFO SKIP
1 || 2100446 || 8 || misc-activity || 0 || GPL ICMP SKIP undefined code
1 || 2100448 || 8 || misc-activity || 0 || GPL ICMP Source Quench undefined code
1 || 2100449 || 7 || misc-activity || 0 || GPL MISC Time-To-Live Exceeded in Transit
1 || 2100450 || 9 || misc-activity || 0 || GPL ICMP Time-To-Live Exceeded in Transit undefined code
1 || 2100451 || 6 || misc-activity || 0 || GPL ICMP_INFO Timestamp Reply
1 || 2100452 || 8 || misc-activity || 0 || GPL ICMP Timestamp Reply undefined code
1 || 2100453 || 6 || misc-activity || 0 || GPL ICMP_INFO Timestamp Request
1 || 2100454 || 8 || misc-activity || 0 || GPL ICMP Timestamp Request undefined code
1 || 2100455 || 8 || misc-activity || 0 || GPL ICMP_INFO Traceroute ipopts || arachnids,238
1 || 2100456 || 6 || misc-activity || 0 || GPL ICMP_INFO Traceroute
1 || 2100457 || 8 || misc-activity || 0 || GPL ICMP Traceroute undefined code
1 || 2100458 || 8 || misc-activity || 0 || GPL ICMP_INFO unassigned type 1
1 || 2100459 || 8 || misc-activity || 0 || GPL ICMP unassigned type 1 undefined code
1 || 2100460 || 8 || misc-activity || 0 || GPL ICMP_INFO unassigned type 2
1 || 2100461 || 8 || misc-activity || 0 || GPL ICMP unassigned type 2 undefined code
1 || 2100462 || 8 || misc-activity || 0 || GPL ICMP_INFO unassigned type 7
1 || 2100463 || 8 || misc-activity || 0 || GPL ICMP unassigned type 7 undefined code
1 || 2100465 || 4 || attempted-recon || 0 || GPL SCAN ISS Pinger || arachnids,158
1 || 2100466 || 5 || attempted-recon || 0 || GPL ICMP L3retriever Ping || arachnids,311
1 || 2100467 || 5 || attempted-recon || 0 || GPL SCAN Nemesis v1.1 Echo || arachnids,449
1 || 2100469 || 4 || attempted-recon || 0 || GPL SCAN PING NMAP || arachnids,162
1 || 2100471 || 4 || attempted-recon || 0 || GPL SCAN icmpenum v1.1.1 || arachnids,450
1 || 2100472 || 5 || bad-unknown || 0 || GPL ICMP_INFO redirect host || arachnids,135 || cve,1999-0265
1 || 2100473 || 5 || bad-unknown || 0 || GPL ICMP_INFO redirect net || arachnids,199 || cve,1999-0265
1 || 2100474 || 5 || attempted-recon || 0 || GPL SCAN superscan echo
1 || 2100475 || 4 || attempted-recon || 0 || GPL ICMP_INFO traceroute ipopts || arachnids,238
1 || 2100476 || 5 || attempted-recon || 0 || GPL SCAN webtrends scanner || arachnids,307
1 || 2100477 || 3 || bad-unknown || 0 || GPL ICMP_INFO Source Quench
1 || 2100478 || 4 || attempted-recon || 0 || GPL SCAN Broadscan Smurf Scanner
1 || 2100480 || 6 || misc-activity || 0 || GPL ICMP_INFO PING speedera
1 || 2100481 || 6 || misc-activity || 0 || GPL ICMP_INFO TJPingPro1.1Build 2 Windows || arachnids,167
1 || 2100482 || 6 || misc-activity || 0 || GPL ICMP_INFO PING WhatsupGold Windows || arachnids,168
1 || 2100483 || 6 || misc-activity || 0 || GPL SCAN PING CyberKit 2.2 Windows || arachnids,154
1 || 2100484 || 5 || misc-activity || 0 || GPL SCAN PING Sniffer Pro/NetXRay network scan
1 || 2100485 || 5 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Communication Administratively Prohibited
1 || 2100486 || 5 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Communication with Destination Host is Administratively Prohibited
1 || 2100487 || 5 || misc-activity || 0 || GPL ICMP_INFO Destination Unreachable Communication with Destination Network is Administratively Prohibited
1 || 2100488 || 5 || unknown || 0 || GPL MISC Connection Closed MSG from Port 80
1 || 2100489 || 9 || unknown || 0 || GPL FTP FTP no password || arachnids,322
1 || 2100491 || 10 || bad-unknown || 0 || GPL FTP FTP Bad login
1 || 2100492 || 10 || bad-unknown || 0 || GPL TELNET TELNET login failed
1 || 2100494 || 12 || bad-unknown || 0 || GPL ATTACK_RESPONSE command completed || bugtraq,1806
1 || 2100495 || 10 || bad-unknown || 0 || GPL ATTACK_RESPONSE command error
1 || 2100497 || 14 || bad-unknown || 0 || GPL ATTACK_RESPONSE file copied ok || bugtraq,1806 || cve,2000-0884
1 || 2100498 || 7 || bad-unknown || 0 || GPL ATTACK_RESPONSE id check returned root
1 || 2100499 || 5 || bad-unknown || 0 || GPL ICMP Large ICMP Packet || arachnids,246
1 || 2100502 || 3 || bad-unknown || 0 || GPL MISC source route ssrr || arachnids,422
1 || 2100503 || 8 || bad-unknown || 0 || GPL MISC Source Port 20 to <1024 || arachnids,06
1 || 2100504 || 8 || bad-unknown || 0 || GPL MISC source port 53 to <1024 || arachnids,07
1 || 2100507 || 5 || attempted-admin || 0 || GPL POLICY PCAnywhere Attempted Administrator Login
1 || 2100511 || 6 || unsuccessful-user || 0 || GPL MISC Invalid PCAnywhere Login
1 || 2100512 || 5 || unsuccessful-user || 0 || GPL POLICY PCAnywhere Failed Login || arachnids,240
1 || 2100516 || 7 || attempted-recon || 0 || GPL SNMP SNMP NT UserList || nessus,10546
1 || 2100517 || 2 || attempted-recon || 0 || GPL MISC xdmcp query
1 || 2100518 || 8 || bad-unknown || 0 || GPL TFTP Put || cve,1999-0183
1 || 2100519 || 7 || bad-unknown || 0 || GPL TFTP parent directory || cve,1999-0183 || cve,2002-1209
1 || 2100520 || 6 || bad-unknown || 0 || GPL TFTP root directory || cve,1999-0183
1 || 2100523 || 6 || misc-activity || 0 || GPL MISC ip reserved bit set
1 || 2100524 || 9 || misc-activity || 0 || GPL POLICY tcp port 0 traffic
1 || 2100525 || 10 || misc-activity || 0 || GPL POLICY udp port 0 traffic || bugtraq,576 || cve,1999-0675 || nessus,10074
1 || 2100527 || 9 || bad-unknown || 0 || GPL SCAN same SRC/DST || bugtraq,2666 || cve,1999-0016 || url,www.cert.org/advisories/CA-1997-28.html
1 || 2100528 || 6 || bad-unknown || 0 || GPL SCAN loopback traffic || url,rr.sans.org/firewall/egress.php
1 || 2100529 || 8 || attempted-dos || 0 || GPL NETBIOS DOS RFPoison || arachnids,454
1 || 2100530 || 11 || attempted-recon || 0 || GPL NETBIOS NT NULL session || arachnids,204 || bugtraq,1163 || cve,2000-0347
1 || 2100532 || 14 || protocol-command-decode || 0 || GPL NETBIOS SMB ADMIN$ share access
1 || 2100533 || 17 || protocol-command-decode || 0 || GPL NETBIOS SMB C$ share access
1 || 2100534 || 7 || attempted-recon || 0 || GPL NETBIOS SMB CD.. || arachnids,338
1 || 2100535 || 7 || attempted-recon || 0 || GPL NETBIOS SMB CD... || arachnids,337
1 || 2100536 || 13 || protocol-command-decode || 0 || GPL NETBIOS SMB D$ share access
1 || 2100537 || 17 || protocol-command-decode || 0 || GPL NETBIOS SMB IPC$ share access
1 || 2100538 || 17 || protocol-command-decode || 0 || GPL NETBIOS SMB IPC$ unicode share access
1 || 2100540 || 12 || policy-violation || 0 || GPL CHAT MSN message
1 || 2100541 || 13 || policy-violation || 0 || GPL CHAT ICQ access
1 || 2100543 || 7 || misc-activity || 0 || GPL FTP FTP 'STOR 1MB' possible warez site
1 || 2100544 || 7 || misc-activity || 0 || GPL FTP FTP 'RETR 1MB' possible warez site
1 || 2100545 || 6 || misc-activity || 0 || GPL FTP FTP 'CWD / ' possible warez site
1 || 2100546 || 7 || misc-activity || 0 || GPL FTP FTP 'CWD  ' possible warez site
1 || 2100547 || 10 || misc-activity || 0 || GPL FTP MKD space space possible warez site
1 || 2100548 || 7 || misc-activity || 0 || GPL FTP FTP 'MKD .' possible warez site
1 || 2100553 || 8 || misc-activity || 0 || GPL FTP FTP anonymous login attempt
1 || 2100554 || 9 || misc-activity || 0 || GPL FTP MKD / possible warez site
1 || 2100556 || 6 || policy-violation || 0 || GPL P2P Outbound GNUTella client request
1 || 2100557 || 7 || policy-violation || 0 || GPL P2P GNUTella client request
1 || 2100558 || 6 || misc-activity || 0 || GPL DELETED Outbound GNUTella client request
1 || 2100559 || 7 || misc-activity || 0 || GPL DELETED Inbound GNUTella client request
1 || 2100560 || 7 || misc-activity || 0 || GPL POLICY VNC server response
1 || 2100566 || 5 || misc-activity || 0 || GPL POLICY PCAnywhere server response
1 || 2100567 || 12 || misc-activity || 0 || GPL SMTP SMTP relaying denied || arachnids,249 || url,mail-abuse.org/tsi/ar-fix.html
1 || 2100569 || 15 || attempted-admin || 0 || GPL RPC snmpXdmi overflow attempt TCP || bugtraq,2417 || cve,2001-0236 || url,www.cert.org/advisories/CA-2001-05.html
1 || 2100570 || 11 || attempted-admin || 0 || GPL EXPLOIT EXPLOIT ttdbserv solaris overflow || arachnids,242 || bugtraq,122 || cve,1999-0003 || url,www.cert.org/advisories/CA-2001-27.html
1 || 2100571 || 9 || attempted-admin || 0 || GPL EXPLOIT ttdbserv Solaris overflow || arachnids,242 || bugtraq,122 || cve,1999-0003 || url,www.cert.org/advisories/CA-2001-27.html
1 || 2100574 || 9 || attempted-recon || 0 || GPL RPC mountd TCP export request || arachnids,26
1 || 2100575 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap admind request UDP || arachnids,18
1 || 2100576 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap amountd request UDP || arachnids,19
1 || 2100577 || 14 || rpc-portmap-decode || 0 || GPL RPC portmap bootparam request UDP || arachnids,16 || cve,1999-0647
1 || 2100578 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap cmsd request UDP || arachnids,17
1 || 2100579 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap mountd request UDP || arachnids,13
1 || 2100580 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap nisd request UDP || arachnids,21
1 || 2100581 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap pcnfsd request UDP || arachnids,22
1 || 2100582 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap rexd request UDP || arachnids,23
1 || 2100583 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap rstatd request UDP || arachnids,10
1 || 2100584 || 12 || rpc-portmap-decode || 0 || GPL RPC portmap rusers request UDP || arachnids,133 || cve,1999-0626
1 || 2100585 || 8 || rpc-portmap-decode || 0 || GPL RPC portmap sadmind request UDP || arachnids,20
1 || 2100586 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap selection_svc request UDP || arachnids,25
1 || 2100587 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap status request UDP || arachnids,15
1 || 2100588 || 18 || rpc-portmap-decode || 0 || GPL RPC portmap ttdbserv request UDP || arachnids,24 || bugtraq,122 || bugtraq,3382 || cve,1999-0003 || cve,1999-0687 || cve,1999-1075 || cve,2001-0717 || url,www.cert.org/advisories/CA-2001-05.html
1 || 2100589 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap yppasswd request UDP || arachnids,14
1 || 2100590 || 13 || rpc-portmap-decode || 0 || GPL RPC portmap ypserv request UDP || arachnids,12 || bugtraq,5914 || bugtraq,6016 || cve,2000-1042 || cve,2000-1043 || cve,2002-1232
1 || 2100591 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap ypupdated request TCP || arachnids,125
1 || 2100593 || 19 || rpc-portmap-decode || 0 || GPL RPC portmap snmpXdmi request TCP || bugtraq,2417 || cve,2001-0236 || url,www.cert.org/advisories/CA-2001-05.html
1 || 2100595 || 17 || rpc-portmap-decode || 0 || GPL RPC portmap espd request TCP || bugtraq,2714 || cve,2001-0331
1 || 2100598 || 13 || rpc-portmap-decode || 0 || GPL RPC portmap listing TCP 111 || arachnids,428
1 || 2100600 || 8 || attempted-admin || 0 || GPL EXPLOIT EXPLOIT statdx || arachnids,442
1 || 2100601 || 7 || bad-unknown || 0 || GPL RPC rlogin LinuxNIS
1 || 2100602 || 6 || attempted-user || 0 || GPL MISC rlogin bin || arachnids,384
1 || 2100603 || 6 || bad-unknown || 0 || GPL MISC rlogin echo++ || arachnids,385
1 || 2100604 || 6 || attempted-admin || 0 || GPL EXPLOIT rsh froot || arachnids,387
1 || 2100605 || 7 || unsuccessful-user || 0 || GPL RPC rlogin login failure || arachnids,393
1 || 2100606 || 6 || attempted-admin || 0 || GPL MISC rlogin root || arachnids,389
1 || 2100607 || 6 || attempted-user || 0 || GPL EXPLOIT rsh bin || arachnids,390
1 || 2100608 || 6 || attempted-user || 0 || GPL MISC rsh echo + + || arachnids,388
1 || 2100609 || 6 || attempted-admin || 0 || GPL MISC rsh froot || arachnids,387
1 || 2100610 || 6 || attempted-admin || 0 || GPL MISC rsh root || arachnids,391
1 || 2100611 || 8 || unsuccessful-user || 0 || GPL RPC rlogin login failure || arachnids,392
1 || 2100612 || 7 || attempted-recon || 0 || GPL SCAN rusers query UDP || cve,1999-0626
1 || 2100613 || 7 || attempted-recon || 0 || GPL SCAN myscan || arachnids,439
1 || 2100615 || 10 || attempted-recon || 0 || GPL POLICY SOCKS Proxy attempt || url,help.undernet.org/proxyscan/
1 || 2100616 || 5 || attempted-recon || 0 || GPL MISC ident version request || arachnids,303
1 || 2100617 || 5 || attempted-recon || 0 || GPL SCAN ssh-research-scanner
1 || 2100619 || 7 || attempted-recon || 0 || GPL SCAN cybercop os probe || arachnids,146
1 || 2100623 || 7 || attempted-recon || 0 || GPL SCAN NULL || arachnids,4
1 || 2100624 || 8 || attempted-recon || 0 || GPL SCAN SYN FIN || arachnids,198
1 || 2100625 || 8 || attempted-recon || 0 || GPL SCAN XMAS || arachnids,144
1 || 2100626 || 9 || attempted-recon || 0 || GPL SCAN cybercop os PA12 attempt || arachnids,149
1 || 2100627 || 9 || attempted-recon || 0 || GPL SCAN cybercop os SFU12 probe || arachnids,150
1 || 2100628 || 8 || attempted-recon || 0 || GPL SCAN nmap TCP || arachnids,28
1 || 2100629 || 7 || attempted-recon || 0 || GPL SCAN nmap fingerprint attempt || arachnids,05
1 || 2100631 || 7 || protocol-command-decode || 0 || GPL SMTP ehlo cybercop attempt || arachnids,372
1 || 2100632 || 6 || protocol-command-decode || 0 || GPL SMTP expn cybercop attempt || arachnids,371
1 || 2100637 || 4 || attempted-recon || 0 || GPL SCAN Webtrends Scanner UDP Probe
1 || 2100638 || 6 || shellcode-detect || 0 || GPL SHELLCODE SGI NOOP || arachnids,356
1 || 2100639 || 6 || shellcode-detect || 0 || GPL SHELLCODE SGI NOOP || arachnids,357
1 || 2100640 || 7 || shellcode-detect || 0 || GPL SHELLCODE AIX NOOP
1 || 2100641 || 7 || shellcode-detect || 0 || GPL SHELLCODE Digital UNIX NOOP || arachnids,352
1 || 2100642 || 7 || shellcode-detect || 0 || GPL SHELLCODE HP-UX NOOP || arachnids,358
1 || 2100643 || 8 || shellcode-detect || 0 || GPL SHELLCODE HP-UX NOOP || arachnids,359
1 || 2100644 || 6 || shellcode-detect || 0 || GPL SHELLCODE sparc NOOP || arachnids,345
1 || 2100645 || 6 || shellcode-detect || 0 || GPL SHELLCODE sparc NOOP || arachnids,353
1 || 2100646 || 6 || shellcode-detect || 0 || GPL SHELLCODE sparc NOOP || arachnids,355
1 || 2100647 || 7 || system-call-detect || 0 || GPL SHELLCODE sparc setuid 0 || arachnids,282
1 || 2100649 || 9 || system-call-detect || 0 || GPL SHELLCODE x86 setgid 0 || arachnids,284
1 || 2100650 || 9 || system-call-detect || 0 || GPL SHELLCODE x86 setuid 0 || arachnids,436
1 || 2100651 || 9 || shellcode-detect || 0 || GPL SHELLCODE x86 stealth NOOP || arachnids,291
1 || 2100652 || 10 || shellcode-detect || 0 || GPL SHELLCODE Linux shellcode || arachnids,343
1 || 2100654 || 17 || attempted-admin || 0 || GPL SMTP RCPT TO overflow || bugtraq,2283 || bugtraq,9696 || cve,2001-0260
1 || 2100655 || 9 || attempted-admin || 0 || GPL DELETED sendmail 8.6.9 exploit || arachnids,140 || bugtraq,2311 || cve,1999-0204
1 || 2100659 || 10 || attempted-recon || 0 || GPL SMTP expn decode || arachnids,32 || cve,1999-0096 || nessus,10248
1 || 2100660 || 13 || attempted-recon || 0 || GPL SMTP expn root || arachnids,31 || cve,1999-0531 || nessus,10249
1 || 2100672 || 10 || attempted-recon || 0 || GPL SMTP vrfy decode || arachnids,373 || bugtraq,10248 || cve,1999-0096
1 || 2100673 || 6 || attempted-user || 0 || GPL SQL sp_start_job - program execution
1 || 2100674 || 9 || attempted-user || 0 || GPL DELETED xp_displayparamstmt possible buffer overflow || bugtraq,2030 || cve,2000-1081 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100675 || 10 || attempted-user || 0 || GPL DELETED xp_setsqlsecurity possible buffer overflow || bugtraq,2043 || cve,2000-1088 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100676 || 7 || attempted-user || 0 || GPL EXPLOIT sp_start_job - program execution
1 || 2100677 || 7 || attempted-user || 0 || GPL SQL sp_password password change
1 || 2100678 || 7 || attempted-user || 0 || GPL SQL sp_delete_alert log file deletion
1 || 2100679 || 7 || attempted-user || 0 || GPL EXPLOIT sp_adduser database user creation
1 || 2100680 || 10 || attempted-user || 0 || GPL SQL sa login failed || bugtraq,4797 || cve,2000-1209
1 || 2100681 || 7 || attempted-user || 0 || GPL SQL xp_cmdshell program execution
1 || 2100682 || 11 || attempted-user || 0 || GPL DELETED xp_enumresultset possible buffer overflow || bugtraq,2031 || cve,2000-1082 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100683 || 6 || attempted-user || 0 || GPL SQL sp_password - password change
1 || 2100684 || 6 || attempted-user || 0 || GPL SQL sp_delete_alert log file deletion
1 || 2100685 || 6 || attempted-user || 0 || GPL SQL sp_adduser - database user creation
1 || 2100686 || 11 || attempted-user || 0 || GPL NETBIOS xp_reg* - registry access || bugtraq,5205 || cve,2002-0642 || nessus,10642 || url,www.microsoft.com/technet/security/bulletin/MS02-034
1 || 2100687 || 6 || attempted-user || 0 || GPL EXPLOIT xp_cmdshell - program execution
1 || 2100688 || 11 || unsuccessful-user || 0 || GPL SQL sa login failed || bugtraq,4797 || cve,2000-1209 || nessus,10673
1 || 2100689 || 12 || attempted-user || 0 || GPL NETBIOS xp_reg* registry access || bugtraq,5205 || cve,2002-0642 || nessus,10642 || url,www.microsoft.com/technet/security/bulletin/MS02-034
1 || 2100690 || 10 || attempted-user || 0 || GPL SQL xp_printstatements possible buffer overflow || bugtraq,2041 || cve,2000-1086 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100691 || 7 || shellcode-detect || 0 || GPL SHELLCODE MSSQL shellcode attempt
1 || 2100692 || 7 || shellcode-detect || 0 || GPL SQL shellcode attempt
1 || 2100693 || 7 || shellcode-detect || 0 || GPL SQL MSSQL shellcode attempt 2
1 || 2100694 || 7 || attempted-user || 0 || GPL SQL shellcode attempt
1 || 2100695 || 10 || attempted-user || 0 || GPL EXPLOIT xp_sprintf possible buffer overflow || bugtraq,1204 || url,www.microsoft.com/technet/security/bulletin/MS01-060.mspx
1 || 2100696 || 11 || attempted-user || 0 || GPL DELETED xp_showcolv possible buffer overflow || bugtraq,2038 || cve,2000-1083 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100697 || 11 || attempted-user || 0 || GPL DELETED xp_peekqueue possible buffer overflow || bugtraq,2040 || cve,2000-1085 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100698 || 11 || attempted-user || 0 || GPL DELETED xp_proxiedmetadata possible buffer overflow || bugtraq,2042 || cve,2000-1087 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100699 || 10 || attempted-user || 0 || GPL DELETED xp_printstatements possible buffer overflow || bugtraq,2041 || cve,2000-1086 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100700 || 11 || attempted-user || 0 || GPL DELETED xp_updatecolvbm possible buffer overflow || bugtraq,2039 || cve,2000-1084 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100701 || 10 || attempted-user || 0 || GPL DELETED xp_updatecolvbm possible buffer overflow || bugtraq,2039 || cve,2000-1084 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100702 || 11 || attempted-user || 0 || GPL DELETED xp_displayparamstmt possible buffer overflow || bugtraq,2030 || cve,2000-1081 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100703 || 11 || attempted-user || 0 || GPL DELETED xp_setsqlsecurity possible buffer overflow || bugtraq,2043 || cve,2000-1088 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100704 || 10 || attempted-user || 0 || GPL DELETED xp_sprintf possible buffer overflow || bugtraq,1204 || cve,2001-0542 || url,www.microsoft.com/technet/security/bulletin/MS01-060.mspx
1 || 2100705 || 10 || attempted-user || 0 || GPL DELETED xp_showcolv possible buffer overflow || bugtraq,2038 || cve,2000-1083 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100706 || 10 || attempted-user || 0 || GPL DELETED xp_peekqueue possible buffer overflow || bugtraq,2040 || cve,2000-1085 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100707 || 11 || attempted-user || 0 || GPL DELETED xp_proxiedmetadata possible buffer overflow || bugtraq,2024 || cve,1999-0287 || cve,2000-1087 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100708 || 11 || attempted-user || 0 || GPL DELETED xp_enumresultset possible buffer overflow || bugtraq,2031 || cve,2000-1082 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
1 || 2100716 || 14 || not-suspicious || 0 || GPL TELNET TELNET access || arachnids,08 || cve,1999-0619 || nessus,10280
1 || 2100717 || 9 || bad-unknown || 0 || GPL TELNET Telnet Root not on console || arachnids,365
1 || 2100719 || 8 || suspicious-login || 0 || GPL TELNET root login
1 || 2100721 || 10 || suspicious-filename-detect || 0 || GPL SMTP OUTBOUND bad file attachment
1 || 2100824 || 15 || attempted-recon || 0 || GPL EXPLOIT php.cgi access || arachnids,232 || bugtraq,2250 || bugtraq,712 || cve,1999-0238 || cve,1999-058 || nessus,10178
1 || 2100884 || 17 || web-application-activity || 0 || GPL EXPLOIT formmail access || arachnids,226 || bugtraq,1187 || bugtraq,2079 || cve,1999-0172 || cve,2000-0411 || nessus,10076 || nessus,10782
1 || 2100909 || 7 || web-application-attack || 0 || GPL WEB_SERVER datasource username attempt || bugtraq,550
1 || 2100915 || 7 || attempted-recon || 0 || GPL DELETED evaluate.cfm access || bugtraq,550
1 || 2100919 || 9 || web-application-attack || 0 || GPL WEB_SERVER datasource password attempt || bugtraq,550
1 || 2100920 || 8 || web-application-attack || 0 || GPL WEB_SERVER datasource attempt || bugtraq,550
1 || 2100923 || 8 || web-application-attack || 0 || GPL WEB_SERVER getodbcin attempt || bugtraq,550
1 || 2100937 || 13 || web-application-activity || 0 || GPL WEB_SERVER _vti_rpc access || bugtraq,2144 || cve,2001-0096 || nessus,10585
1 || 2100951 || 13 || web-application-activity || 0 || GPL WEB_SERVER authors.pwd access || bugtraq,989 || cve,1999-0386 || nessus,10078
1 || 2100952 || 9 || web-application-activity || 0 || GPL WEB_SERVER author.exe access
1 || 2100953 || 9 || web-application-activity || 0 || GPL EXPLOIT administrators.pwd access || bugtraq,1205
1 || 2100958 || 12 || web-application-activity || 0 || GPL WEB_SERVER service.cnf access || bugtraq,4078 || nessus,10575
1 || 2100959 || 9 || web-application-activity || 0 || GPL WEB_SERVER service.pwd || bugtraq,1205
1 || 2100961 || 12 || web-application-activity || 0 || GPL WEB_SERVER services.cnf access || bugtraq,4078 || nessus,10575
1 || 2100965 || 12 || web-application-activity || 0 || GPL WEB_SERVER writeto.cnf access || bugtraq,4078 || nessus,10575
1 || 2100971 || 13 || web-application-activity || 0 || GPL WEB_SERVER ISAPI .printer access || arachnids,533 || bugtraq,2674 || cve,2001-0241 || nessus,10661 || url,www.microsoft.com/technet/security/bulletin/MS01-023.mspx
1 || 2100975 || 14 || web-application-attack || 0 || GPL EXPLOIT Alternate Data streams ASP file access attempt || bugtraq,149 || cve,1999-0278 || nessus,10362 || url,support.microsoft.com/default.aspx?scid=kb#-#-EN-US#-#-q188806
1 || 2100977 || 13 || web-application-activity || 0 || GPL EXPLOIT .cnf access || bugtraq,4078 || nessus,10575
1 || 2100981 || 14 || web-application-attack || 0 || GPL EXPLOIT unicode directory traversal attempt || bugtraq,1806 || cve,2000-0884 || nessus,10537
1 || 2100982 || 12 || web-application-attack || 0 || GPL EXPLOIT unicode directory traversal attempt || bugtraq,1806 || cve,2000-0884 || nessus,10537
1 || 2100983 || 19 || web-application-attack || 0 || GPL EXPLOIT unicode directory traversal attempt || bugtraq,1806 || cve,2000-0884 || nessus,10537
1 || 2100987 || 16 || web-application-activity || 0 || GPL EXPLOIT .htr access || bugtraq,1488 || cve,2000-0630 || nessus,10680
1 || 2100988 || 9 || web-application-attack || 0 || GPL WEB_SERVER SAM Attempt || url,www.ciac.org/ciac/bulletins/h-45.shtml
1 || 2100989 || 13 || web-application-activity || 0 || GPL SCAN sensepost.exe command shell attempt || nessus,11003
1 || 2100993 || 13 || web-application-attack || 0 || GPL WEB_SERVER iisadmin access || bugtraq,189 || cve,1999-1538 || nessus,11032
1 || 2100994 || 10 || web-application-attack || 0 || GPL WEB_SERVER /scripts/iisadmin/default.htm access
1 || 2101002 || 10 || web-application-attack || 0 || GPL DELETED cmd.exe access
1 || 2101003 || 11 || web-application-attack || 0 || GPL EXPLOIT cmd? access
1 || 2101008 || 9 || web-application-attack || 0 || GPL ATTACK_RESPONSE del attempt
1 || 2101009 || 8 || web-application-attack || 0 || GPL ATTACK_RESPONSE directory listing || nessus,10573
1 || 2101013 || 11 || web-application-activity || 0 || GPL EXPLOIT fpcount access || bugtraq,2252 || cve,1999-1376
1 || 2101016 || 15 || web-application-activity || 0 || GPL WEB_SERVER global.asa access || cve,2000-0778 || nessus,10491 || nessus,10991
1 || 2101018 || 12 || web-application-attack || 0 || GPL EXPLOIT iisadmpwd attempt || bugtraq,2110 || cve,1999-0407
1 || 2101023 || 13 || web-application-activity || 0 || GPL WEB_SERVER msadcs.dll access || bugtraq,529 || cve,1999-1011 || nessus,10357
1 || 2101046 || 11 || web-application-activity || 0 || GPL EXPLOIT site/iisamples access || nessus,10370
1 || 2101055 || 12 || web-application-attack || 0 || GPL WEB_SERVER Tomcat directory traversal attempt || bugtraq,2518
1 || 2101056 || 10 || web-application-attack || 0 || GPL WEB_SERVER Tomcat view source attempt || bugtraq,2527 || cve,2001-0590
1 || 2101058 || 7 || web-application-attack || 0 || GPL DELETED xp_enumdsn attempt
1 || 2101059 || 7 || web-application-attack || 0 || GPL EXPLOIT xp_filelist attempt
1 || 2101060 || 8 || web-application-attack || 0 || GPL DELETED xp_availablemedia attempt
1 || 2101061 || 7 || web-application-attack || 0 || GPL DELETED xp_cmdshell attempt
1 || 2101069 || 7 || web-application-activity || 0 || GPL DELETED xp_regread attempt
1 || 2101071 || 8 || web-application-attack || 0 || GPL WEB_SERVER .htpasswd access
1 || 2101099 || 9 || web-application-activity || 0 || GPL SCAN cybercop scan || arachnids,374
1 || 2101102 || 10 || web-application-attack || 0 || GPL SCAN nessus 1.X 404 probe || arachnids,301
1 || 2101108 || 13 || attempted-recon || 0 || GPL WEB_SERVER Tomcat server snoop access || bugtraq,1532 || cve,2000-0760
1 || 2101110 || 12 || attempted-recon || 0 || GPL WEB_SERVER apache source.asp file access || bugtraq,1457 || cve,2000-0628 || nessus,10480
1 || 2101111 || 13 || attempted-recon || 0 || GPL EXPLOIT Tomcat server exploit access || bugtraq,1548 || cve,2000-0672 || nessus,10477
1 || 2101118 || 7 || attempted-recon || 0 || GPL WEB_SERVER ls%20-l
1 || 2101122 || 8 || attempted-recon || 0 || GPL WEB_SERVER /etc/passwd
1 || 2101129 || 8 || attempted-recon || 0 || GPL WEB_SERVER .htaccess access
1 || 2101132 || 9 || attempted-recon || 0 || GPL DELETED Netscape Unixware overflow || arachnids,180 || bugtraq,908 || cve,1999-0744
1 || 2101133 || 13 || attempted-recon || 0 || GPL SCAN cybercop os probe || arachnids,145
1 || 2101139 || 8 || attempted-recon || 0 || GPL SCAN whisker HEAD/./ || url,www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html
1 || 2101145 || 10 || attempted-recon || 0 || GPL WEB_SERVER /~root access
1 || 2101156 || 12 || attempted-dos || 0 || GPL WEB_SERVER apache directory disclosure attempt || bugtraq,2503
1 || 2101193 || 13 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS oracle web arbitrary command execution attempt || bugtraq,1053 || cve,2000-0169 || nessus,10348
1 || 2101199 || 13 || web-application-attack || 0 || GPL WEB_SERVER Compaq Insight directory traversal || arachnids,244 || bugtraq,282 || cve,1999-0771
1 || 2101200 || 12 || attempted-recon || 0 || GPL ATTACK_RESPONSE Invalid URL || url,www.microsoft.com/technet/security/bulletin/MS00-063.mspx
1 || 2101201 || 10 || attempted-recon || 0 || GPL WEB_SERVER 403 Forbidden
1 || 2101228 || 8 || attempted-recon || 0 || GPL SCAN nmap XMAS || arachnids,30
1 || 2101229 || 8 || bad-unknown || 0 || GPL FTP CWD ... || bugtraq,9237
1 || 2101236 || 9 || attempted-recon || 0 || GPL WEB_SERVER Tomcat sourcecode view attempt 3
1 || 2101237 || 8 || attempted-recon || 0 || GPL WEB_SERVER Tomcat sourcecode view attempt 2
1 || 2101238 || 7 || attempted-recon || 0 || GPL WEB_SERVER Tomcat sourcecode view attempt 1
1 || 2101239 || 10 || attempted-recon || 0 || GPL NETBIOS RFParalyze Attempt || bugtraq,1163 || cve,2000-0347 || nessus,10392
1 || 2101242 || 13 || web-application-activity || 0 || GPL EXPLOIT ISAPI .ida access || arachnids,552 || bugtraq,1065 || cve,2000-0071
1 || 2101243 || 13 || web-application-attack || 0 || GPL EXPLOIT ISAPI .ida attempt || arachnids,552 || bugtraq,1065 || cve,2000-0071
1 || 2101244 || 16 || web-application-attack || 0 || GPL EXPLOIT ISAPI .idq attempt || arachnids,553 || bugtraq,1065 || bugtraq,968 || cve,2000-0071 || cve,2000-0126 || nessus,10115
1 || 2101245 || 12 || web-application-activity || 0 || GPL EXPLOIT ISAPI .idq access || arachnids,553 || bugtraq,1065 || cve,2000-0071
1 || 2101251 || 9 || bad-unknown || 0 || GPL TELNET Bad Login
1 || 2101256 || 10 || web-application-attack || 0 || GPL EXPLOIT CodeRed v2 root.exe access || url,www.cert.org/advisories/CA-2001-19.html
1 || 2101261 || 12 || attempted-user || 0 || GPL EXPLOIT AIX pdnsd overflow || bugtraq,3237 || bugtraq,590 || cve,1999-0745
1 || 2101262 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap admind request TCP || arachnids,18
1 || 2101263 || 12 || rpc-portmap-decode || 0 || GPL RPC portmap amountd request TCP || arachnids,19
1 || 2101264 || 14 || rpc-portmap-decode || 0 || GPL RPC portmap bootparam request TCP || arachnids,16 || cve,1999-0647
1 || 2101265 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap cmsd request TCP || arachnids,17
1 || 2101267 || 12 || rpc-portmap-decode || 0 || GPL RPC portmap nisd request TCP || arachnids,21
1 || 2101268 || 13 || rpc-portmap-decode || 0 || GPL RPC portmap pcnfsd request TCP || arachnids,22
1 || 2101269 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap rexd request TCP || arachnids,23
1 || 2101270 || 12 || rpc-portmap-decode || 0 || GPL RPC portmap rstatd request TCP || arachnids,10
1 || 2101271 || 15 || rpc-portmap-decode || 0 || GPL RPC portmap rusers request TCP || arachnids,133 || cve,1999-0626
1 || 2101272 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap sadmind request TCP || arachnids,20
1 || 2101273 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap selection_svc request TCP || arachnids,25
1 || 2101274 || 19 || rpc-portmap-decode || 0 || GPL RPC portmap ttdbserv request TCP || arachnids,24 || bugtraq,122 || bugtraq,3382 || cve,1999-0003 || cve,1999-0687 || cve,1999-1075 || cve,2001-0717 || url,www.cert.org/advisories/CA-2001-05.html
1 || 2101275 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap yppasswd request TCP || arachnids,14
1 || 2101276 || 15 || rpc-portmap-decode || 0 || GPL RPC portmap ypserv request TCP || arachnids,12 || bugtraq,5914 || bugtraq,6016 || cve,2000-1042 || cve,2000-1043 || cve,2002-1232
1 || 2101277 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap ypupdated request UDP
1 || 2101279 || 15 || rpc-portmap-decode || 0 || GPL RPC portmap snmpXdmi request UDP || bugtraq,2417 || cve,2001-0236 || url,www.cert.org/advisories/CA-2001-05.html
1 || 2101280 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap listing UDP 111 || arachnids,428
1 || 2101281 || 9 || rpc-portmap-decode || 0 || GPL RPC portmap listing UDP 32771
1 || 2101285 || 10 || web-application-activity || 0 || GPL WEB_SERVER msdac access || nessus,11032
1 || 2101288 || 12 || web-application-activity || 0 || GPL WEB_SERVER /_vti_bin/ access || nessus,11032
1 || 2101289 || 5 || successful-admin || 0 || GPL TFTP GET Admin.dll || url,www.cert.org/advisories/CA-2001-26.html
1 || 2101292 || 10 || bad-unknown || 0 || GPL ATTACK_RESPONSE directory listing
1 || 2101311 || 9 || policy-violation || 0 || GPL INAPPROPRIATE hardcore anal
1 || 2101313 || 11 || policy-violation || 0 || GPL INAPPROPRIATE up skirt
1 || 2101315 || 9 || policy-violation || 0 || GPL INAPPROPRIATE hot young sex
1 || 2101316 || 9 || policy-violation || 0 || GPL INAPPROPRIATE fuck fuck fuck
1 || 2101317 || 9 || policy-violation || 0 || GPL INAPPROPRIATE anal sex
1 || 2101318 || 9 || policy-violation || 0 || GPL INAPPROPRIATE hardcore rape
1 || 2101320 || 9 || policy-violation || 0 || GPL INAPPROPRIATE fuck movies
1 || 2101321 || 9 || misc-activity || 0 || GPL MISC 0 ttl || url,support.microsoft.com/default.aspx?scid=kb#-#-EN-US#-#-q138268 || url,www.isi.edu/in-notes/rfc1122.txt
1 || 2101323 || 7 || misc-attack || 0 || GPL MISC rwhoisd format string attempt || bugtraq,3474 || cve,2001-0838
1 || 2101324 || 7 || shellcode-detect || 0 || GPL SHELLCODE ssh CRC32 overflow /bin/sh || bugtraq,2347 || cve,2001-0144 || cve,2001-0572
1 || 2101326 || 7 || shellcode-detect || 0 || GPL SHELLCODE ssh CRC32 overflow NOOP || bugtraq,2347 || cve,2001-0144 || cve,2001-0572
1 || 2101327 || 8 || shellcode-detect || 0 || GPL EXPLOIT ssh CRC32 overflow || bugtraq,2347 || cve,2001-0144 || cve,2001-0572
1 || 2101328 || 9 || web-application-attack || 0 || GPL WEB_SERVER /bin/ps command attempt
1 || 2101332 || 8 || web-application-attack || 0 || GPL WEB_SERVER /usr/bin/id command attempt
1 || 2101334 || 9 || web-application-attack || 0 || GPL EXPLOIT echo command attempt
1 || 2101340 || 8 || web-application-attack || 0 || GPL EXPLOIT tftp command attempt
1 || 2101349 || 7 || web-application-attack || 0 || GPL WEB_SERVER bin/python access attempt
1 || 2101350 || 10 || web-application-attack || 0 || GPL WEB_SERVER python access attempt
1 || 2101355 || 8 || web-application-attack || 0 || GPL WEB_SERVER /usr/bin/perl execution attempt
1 || 2101368 || 9 || web-application-attack || 0 || GPL WEB_SERVER /bin/ls| command attempt
1 || 2101369 || 8 || web-application-attack || 0 || GPL WEB_SERVER /bin/ls command attempt
1 || 2101370 || 8 || web-application-activity || 0 || GPL WEB_SERVER /etc/inetd.conf access
1 || 2101371 || 7 || web-application-activity || 0 || GPL WEB_SERVER /etc/motd access
1 || 2101372 || 7 || web-application-activity || 0 || GPL DELETED /etc/shadow access
1 || 2101377 || 17 || misc-attack || 0 || GPL FTP wu-ftp bad file completion attempt || bugtraq,3581 || bugtraq,3707 || cve,2001-0550 || cve,2001-0886
1 || 2101378 || 17 || misc-attack || 0 || GPL FTP wu-ftp bad file completion attempt with brace || bugtraq,3581 || bugtraq,3707 || cve,2001-0550 || cve,2001-0886
1 || 2101379 || 13 || attempted-admin || 0 || GPL FTP STAT overflow attempt || bugtraq,3507 || bugtraq,8542 || cve,2001-0325 || cve,2001-1021 || url,labs.defcom.com/adv/2001/def-2001-31.txt
1 || 2101384 || 9 || misc-attack || 0 || GPL MISC UPnP malformed advertisement || bugtraq,3723 || cve,2001-0876 || cve,2001-0877 || url,www.microsoft.com/technet/security/bulletin/MS01-059.mspx
1 || 2101388 || 14 || misc-attack || 0 || GPL MISC UPnP Location overflow || bugtraq,3723 || cve,2001-0876
1 || 2101390 || 6 || shellcode-detect || 0 || GPL SHELLCODE x86 inc ebx NOOP
1 || 2101393 || 13 || misc-attack || 0 || GPL DELETED AIM AddGame attempt || bugtraq,3769 || cve,2002-0005 || url,www.w00w00.org/files/w00aimexp/
1 || 2101398 || 11 || misc-attack || 0 || GPL EXPLOIT CDE dtspcd exploit attempt || bugtraq,3517 || cve,2001-0803 || url,www.cert.org/advisories/CA-2002-01.html
1 || 2101401 || 10 || web-application-attack || 0 || GPL EXPLOIT /msadc/samples/ access || bugtraq,167 || cve,1999-0736 || nessus,1007
1 || 2101402 || 8 || web-application-attack || 0 || GPL EXPLOIT iissamples access || nessus,11032
1 || 2101403 || 11 || web-application-attack || 0 || GPL WEB_SERVER viewcode access || cve,1999-0737 || nessus,10576 || nessus,12048
1 || 2101409 || 11 || misc-attack || 0 || GPL SNMP SNMP community string buffer overflow attempt || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 || url,www.cert.org/advisories/CA-2002-03.html
1 || 2101411 || 12 || attempted-recon || 0 || GPL SNMP public access udp || bugtraq,2112 || bugtraq,4088 || bugtraq,4089 || cve,1999-0517 || cve,2002-0012 || cve,2002-0013
1 || 2101412 || 14 || attempted-recon || 0 || GPL SNMP public access tcp || bugtraq,2112 || bugtraq,4088 || bugtraq,4089 || bugtraq,7212 || cve,1999-0517 || cve,2002-0012 || cve,2002-0013
1 || 2101413 || 11 || attempted-recon || 0 || GPL SNMP private access udp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || bugtraq,7212 || cve,2002-0012 || cve,2002-0013
1 || 2101414 || 12 || attempted-recon || 0 || GPL SNMP private access tcp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1 || 2101415 || 10 || attempted-recon || 0 || GPL SNMP Broadcast request || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1 || 2101416 || 10 || attempted-recon || 0 || GPL SNMP broadcast trap || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1 || 2101417 || 11 || attempted-recon || 0 || GPL SNMP request udp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1 || 2101418 || 13 || attempted-recon || 0 || GPL SNMP request tcp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1 || 2101419 || 10 || attempted-recon || 0 || GPL SNMP trap udp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1 || 2101420 || 12 || attempted-recon || 0 || GPL SNMP trap tcp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013
1 || 2101422 || 11 || misc-attack || 0 || GPL SNMP community string buffer overflow attempt with evasion || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 || url,www.cert.org/advisories/CA-2002-03.html
1 || 2101424 || 8 || shellcode-detect || 0 || GPL SHELLCODE x86 0xEB0C NOOP
1 || 2101427 || 5 || misc-attack || 0 || GPL SNMP PROTOS test-suite-trap-app attempt || url,www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
1 || 2101432 || 7 || policy-violation || 0 || GPL P2P GNUTella client request
1 || 2101435 || 8 || attempted-recon || 0 || GPL DNS named authors attempt || arachnids,480 || nessus,10728
1 || 2101437 || 13 || policy-violation || 0 || GPL POLICY Windows Media download
1 || 2101438 || 14 || policy-violation || 0 || GPL POLICY Windows Media Video download
1 || 2101441 || 5 || successful-admin || 0 || GPL TFTP GET nc.exe
1 || 2101442 || 5 || successful-admin || 0 || GPL TFTP GET shadow
1 || 2101443 || 5 || successful-admin || 0 || GPL TFTP GET passwd
1 || 2101444 || 4 || bad-unknown || 0 || GPL TFTP Get
1 || 2101445 || 7 || suspicious-filename-detect || 0 || GPL FTP FTP file_id.diz access possible warez site
1 || 2101446 || 7 || attempted-recon || 0 || GPL SMTP vrfy root
1 || 2101447 || 14 || protocol-command-decode || 0 || GPL POLICY MS Remote Desktop Request RDP || bugtraq,3099 || cve,2001-0540 || url,www.microsoft.com/technet/security/bulletin/MS01-040.mspx
1 || 2101449 || 9 || misc-activity || 0 || GPL FTP FTP anonymous ftp login attempt
1 || 2101450 || 6 || misc-attack || 0 || GPL SMTP expn *@ || cve,1999-1200
1 || 2101487 || 12 || web-application-activity || 0 || GPL EXPLOIT /iisadmpwd/aexp2.htr access || bugtraq,2110 || bugtraq,4236 || cve,1999-0407 || cve,2002-0421 || nessus,10371
1 || 2101489 || 10 || web-application-attack || 0 || GPL WEB_SERVER /~nobody access || nessus,10484
1 || 2101504 || 7 || misc-activity || 0 || GPL POLICY AFS access || nessus,10441
1 || 2101519 || 11 || web-application-activity || 0 || GPL WEB_SERVER apache ?M=D directory list attempt || bugtraq,3009 || cve,2001-0731
1 || 2101529 || 12 || attempted-admin || 0 || GPL FTP SITE overflow attempt || cve,1999-0838 || cve,2001-0755 || cve,2001-0770
1 || 2101530 || 14 || attempted-admin || 0 || GPL FTP format string attempt || nessus,10452 || bugtraq,1387 || bugtraq,2240 || bugtraq,726 || cve,2000-0573 || cve,1999-0997
1 || 2101538 || 14 || attempted-admin || 0 || GPL MISC AUTHINFO USER overflow attempt || arachnids,274 || bugtraq,1156 || cve,2000-0341
1 || 2101541 || 6 || attempted-recon || 0 || GPL SCAN Finger Version Query
1 || 2101562 || 13 || attempted-admin || 0 || GPL FTP SITE CHOWN overflow attempt || bugtraq,2120 || cve,2001-0065
1 || 2101603 || 13 || web-application-activity || 0 || GPL WEB_SERVER DELETE attempt || nessus,10498
1 || 2101610 || 13 || web-application-attack || 0 || GPL EXPLOIT formmail arbitrary command execution attempt || arachnids,226 || bugtraq,1187 || bugtraq,2079 || cve,1999-0172 || cve,2000-0411 || nessus,10076 || nessus,10782
1 || 2101616 || 9 || attempted-recon || 0 || GPL DNS named version attempt || nessus,10028
1 || 2101620 || 7 || non-standard-protocol || 0 || GPL POLICY TRAFFIC Non-Standard IP protocol
1 || 2101621 || 12 || attempted-admin || 0 || GPL FTP CMD overflow attempt
1 || 2101622 || 7 || misc-attack || 0 || GPL FTP RNFR ././ attempt
1 || 2101623 || 7 || protocol-command-decode || 0 || GPL FTP invalid MODE
1 || 2101624 || 9 || protocol-command-decode || 0 || GPL FTP large PWD command
1 || 2101625 || 8 || protocol-command-decode || 0 || GPL FTP large SYST command
1 || 2101627 || 4 || non-standard-protocol || 0 || GPL MISC Unassigned/Reserved IP protocol || url,www.iana.org/assignments/protocol-numbers
1 || 2101631 || 9 || policy-violation || 0 || GPL CHAT AIM login
1 || 2101632 || 7 || policy-violation || 0 || GPL CHAT AIM send message
1 || 2101633 || 7 || policy-violation || 0 || GPL CHAT AIM receive message
1 || 2101634 || 15 || attempted-admin || 0 || GPL POP3 POP3 PASS overflow attempt || bugtraq,791 || cve,1999-1511 || nessus,10325
1 || 2101635 || 14 || attempted-admin || 0 || GPL POP3 APOP overflow attempt || bugtraq,1652 || cve,2000-0840 || cve,2000-0841 || nessus,10559
1 || 2101638 || 6 || network-scan || 0 || GPL SCAN SSH Version map attempt
1 || 2101639 || 11 || policy-violation || 0 || GPL CHAT IRC DCC file transfer request
1 || 2101640 || 10 || policy-violation || 0 || GPL CHAT IRC DCC chat request
1 || 2101649 || 10 || attempted-recon || 0 || GPL WEB_SERVER perl command attempt || arachnids,219 || cve,1999-0509 || nessus,10173 || url,www.cert.org/advisories/CA-1996-11.html
1 || 2101661 || 5 || web-application-attack || 0 || GPL EXPLOIT cmd32.exe access
1 || 2101662 || 8 || attempted-recon || 0 || GPL WEB_SERVER /~ftp access
1 || 2101666 || 7 || bad-unknown || 0 || GPL ATTACK_RESPONSE index of /cgi-bin/ response || nessus,10039
1 || 2101672 || 12 || denial-of-service || 0 || GPL FTP CWD ~ attempt || bugtraq,2601 || bugtraq,9215 || cve,2001-0421
1 || 2101673 || 4 || system-call-detect || 0 || GPL SQL EXECUTE_SYSTEM attempt
1 || 2101674 || 6 || protocol-command-decode || 0 || GPL SQL connect_data remote version detection attempt
1 || 2101675 || 7 || suspicious-login || 0 || GPL SQL Oracle misparsed login response
1 || 2101698 || 5 || protocol-command-decode || 0 || GPL SQL execute_system attempt
1 || 2101699 || 11 || policy-violation || 0 || GPL P2P Fastrack kazaa/morpheus traffic || url,www.kazaa.com
1 || 2101728 || 9 || denial-of-service || 0 || GPL FTP CWD ~<CR><NEWLINE> attempt || bugtraq,2601 || cve,2001-0421
1 || 2101729 || 10 || policy-violation || 0 || GPL CHAT IRC Channel join
1 || 2101732 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap rwalld request UDP
1 || 2101733 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap rwalld request TCP
1 || 2101734 || 32 || attempted-admin || 0 || GPL FTP USER overflow attempt || bugtraq,10078 || bugtraq,1227 || bugtraq,1504 || bugtraq,1690 || bugtraq,4638 || bugtraq,7307 || bugtraq,8376 || cve,1999-1510 || cve,1999-1514 || cve,1999-1519 || cve,1999-1539 || cve,2000-0479 || cve,2000-0656 || cve,2000-0761 || cve,2000-0943 || cve,2000-1035 || cve,2000-1194 || cve,2001-0256 || cve,2001-0794 || cve,2001-0826 || cve,2002-0126 || cve,2002-1522 || cve,2003-0271 || cve,2004-0286
1 || 2101735 || 8 || web-application-attack || 0 || GPL WEB_CLIENT XMLHttpRequest attempt || bugtraq,4628 || cve,2002-0354
1 || 2101738 || 8 || web-application-attack || 0 || GPL WEB_SERVER global.inc access || bugtraq,4612 || cve,2002-0614
1 || 2101746 || 12 || rpc-portmap-decode || 0 || GPL RPC portmap cachefsd request UDP || bugtraq,4674 || cve,2002-0033 || cve,2002-0084
1 || 2101747 || 12 || rpc-portmap-decode || 0 || GPL RPC portmap cachefsd request TCP || bugtraq,4674 || cve,2002-0033 || cve,2002-0084
1 || 2101748 || 10 || protocol-command-decode || 0 || GPL FTP command overflow attempt || bugtraq,4638 || cve,2002-0606
1 || 2101751 || 8 || misc-attack || 0 || GPL EXPLOIT cachefsd buffer overflow attempt || bugtraq,4631 || cve,2002-0084 || nessus,10951
1 || 2101752 || 6 || misc-attack || 0 || GPL DELETED AIM AddExternalApp attempt || url,www.w00w00.org/files/w00aimexp/
1 || 2101755 || 15 || misc-attack || 0 || GPL IMAP partial body buffer overflow attempt || bugtraq,4713 || cve,2002-0379
1 || 2101759 || 6 || attempted-user || 0 || GPL EXPLOIT xp_cmdshell program execution 445
1 || 2101771 || 7 || protocol-command-decode || 0 || GPL POLICY IPSec PGPNet connection attempt
1 || 2101775 || 4 || protocol-command-decode || 0 || GPL SQL MYSQL root login attempt
1 || 2101776 || 4 || protocol-command-decode || 0 || GPL SQL MYSQL show databases attempt
1 || 2101777 || 11 || attempted-dos || 0 || GPL FTP STAT * dos attempt || bugtraq,4482 || cve,2002-0073 || nessus,10934 || url,www.microsoft.com/technet/security/bulletin/MS02-018.mspx
1 || 2101778 || 11 || attempted-dos || 0 || GPL FTP STAT ? dos attempt || bugtraq,4482 || cve,2002-0073 || nessus,10934 || url,www.microsoft.com/technet/security/bulletin/MS02-018.mspx
1 || 2101779 || 5 || denial-of-service || 0 || GPL FTP CWD .... attempt || bugtraq,4884
1 || 2101780 || 10 || misc-attack || 0 || GPL IMAP EXPLOIT partial body overflow attempt || bugtraq,4713 || cve,2002-0379
1 || 2101792 || 10 || protocol-command-decode || 0 || GPL MISC return code buffer overflow attempt || bugtraq,4900 || cve,2002-0909
1 || 2101808 || 7 || web-application-activity || 0 || GPL EXPLOIT apache chunked encoding memory corruption exploit attempt || bugtraq,5033 || cve,2002-0392
1 || 2101809 || 10 || web-application-attack || 0 || GPL WEB_SERVER Apache Chunked-Encoding worm attempt || bugtraq,4474 || bugtraq,4485 || bugtraq,5033 || cve,2002-0071 || cve,2002-0079 || cve,2002-0392
1 || 2101817 || 8 || web-application-attack || 0 || GPL WEB_SERVER MS Site Server default login attempt || nessus,11018
1 || 2101818 || 5 || web-application-attack || 0 || GPL WEB_SERVER MS Site Server admin attempt || nessus,11018
1 || 2101821 || 9 || system-call-detect || 0 || GPL EXPLOIT LPD dvips remote command execution attempt || bugtraq,3241 || cve,2001-1002 || nessus,11023
1 || 2101833 || 6 || policy-violation || 0 || GPL INAPPROPRIATE naked lesbians
1 || 2101837 || 6 || policy-violation || 0 || GPL INAPPROPRIATE alt.binaries.pictures.tinygirls
1 || 2101838 || 9 || misc-attack || 0 || GPL EXPLOIT SSH server banner overflow || bugtraq,5287 || cve,2002-1059
1 || 2101840 || 9 || attempted-user || 0 || GPL WEB_CLIENT Javascript document.domain attempt || bugtraq,5346 || cve,2002-0815
1 || 2101842 || 16 || attempted-user || 0 || GPL IMAP login buffer overflow attempt || bugtraq,13727 || bugtraq,502 || cve,1999-0005 || cve,1999-1557 || cve,2005-1255 || nessus,10123 || cve,2007-2795 || nessus,10125
1 || 2101844 || 12 || misc-attack || 0 || GPL IMAP authenticate overflow attempt || bugtraq,12995 || bugtraq,130 || cve,1999-0005 || cve,1999-0042 || nessus,10292
1 || 2101845 || 16 || misc-attack || 0 || GPL IMAP list literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
1 || 2101846 || 5 || misc-activity || 0 || GPL POLICY vncviewer Java applet download attempt || nessus,10758
1 || 2101847 || 12 || web-application-activity || 0 || GPL WEB_SERVER webalizer access || bugtraq,3473 || cve,2001-0835 || nessus,10816
1 || 2101852 || 5 || web-application-activity || 0 || GPL WEB_SERVER robots.txt access || nessus,10302
1 || 2101857 || 5 || web-application-activity || 0 || GPL WEB_SERVER robot.txt access || nessus,10302
1 || 2101859 || 7 || default-login-attempt || 0 || GPL POLICY Sun JavaServer default password login attempt || cve,1999-0508 || nessus,10995
1 || 2101860 || 9 || default-login-attempt || 0 || GPL POLICY Linksys router default password login attempt || nessus,10999
1 || 2101861 || 12 || default-login-attempt || 0 || GPL POLICY Linksys router default username and password login attempt || nessus,10999
1 || 2101864 || 9 || attempted-dos || 0 || GPL FTP SITE NEWER attempt || cve,1999-0880 || nessus,10319
1 || 2101866 || 14 || attempted-admin || 0 || GPL POP3 USER overflow attempt || bugtraq,11256 || bugtraq,789 || cve,1999-0494 || nessus,10311
1 || 2101867 || 2 || attempted-recon || 0 || GPL RPC xdmcp info query || nessus,10891
1 || 2101874 || 5 || web-application-activity || 0 || GPL WEB_SERVER Oracle Java Process Manager access || nessus,10851
1 || 2101882 || 11 || bad-unknown || 0 || GPL ATTACK_RESPONSE id check returned userid
1 || 2101883 || 7 || bad-unknown || 0 || GPL ATTACK_RESPONSE id check returned nobody
1 || 2101884 || 8 || bad-unknown || 0 || GPL ATTACK_RESPONSE id check returned web
1 || 2101885 || 7 || bad-unknown || 0 || GPL ATTACK_RESPONSE id check returned http
1 || 2101886 || 7 || bad-unknown || 0 || GPL ATTACK_RESPONSE id check returned apache
1 || 2101888 || 9 || misc-attack || 0 || GPL FTP SITE CPWD overflow attempt || bugtraq,5427 || cve,2002-0826
1 || 2101891 || 9 || misc-attack || 0 || GPL RPC status GHBN format string attack || bugtraq,1480 || cve,2000-0666
1 || 2101892 || 7 || misc-attack || 0 || GPL SNMP null community string attempt || bugtraq,2112 || bugtraq,8974 || cve,1999-0517
1 || 2101893 || 5 || misc-attack || 0 || GPL SNMP missing community string attempt || bugtraq,2112 || cve,1999-0517
1 || 2101894 || 9 || shellcode-detect || 0 || GPL EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1 || 2101895 || 9 || shellcode-detect || 0 || GPL EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1 || 2101896 || 9 || shellcode-detect || 0 || GPL EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1 || 2101897 || 9 || shellcode-detect || 0 || GPL EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1 || 2101898 || 9 || shellcode-detect || 0 || GPL EXPLOIT kadmind buffer overflow attempt 2 || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1 || 2101899 || 9 || shellcode-detect || 0 || GPL EXPLOIT kadmind buffer overflow attempt 3 || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1 || 2101900 || 11 || successful-admin || 0 || GPL EXPLOIT successful kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1 || 2101901 || 11 || successful-admin || 0 || GPL EXPLOIT successful kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073
1 || 2101902 || 10 || misc-attack || 0 || GPL IMAP lsub literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
1 || 2101903 || 9 || misc-attack || 0 || GPL IMAP rename overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
1 || 2101904 || 8 || misc-attack || 0 || GPL IMAP find overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
1 || 2101907 || 11 || attempted-admin || 0 || GPL RPC CMSD UDP CMSD_CREATE buffer overflow attempt || bugtraq,524 || cve,1999-0696
1 || 2101908 || 10 || attempted-admin || 0 || GPL RPC CMSD TCP CMSD_CREATE buffer overflow attempt || bugtraq,524 || cve,1999-0696
1 || 2101909 || 13 || misc-attack || 0 || GPL RPC CMSD TCP CMSD_INSERT buffer overflow attempt || bugtraq,524 || cve,1999-0696 || url,www.cert.org/advisories/CA-99-08-cmsd.html
1 || 2101912 || 10 || attempted-admin || 0 || GPL RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt || bugtraq,0866 || bugtraq,866 || cve,1999-0977
1 || 2101913 || 11 || attempted-admin || 0 || GPL RPC STATD UDP stat mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666
1 || 2101914 || 11 || attempted-admin || 0 || GPL RPC STATD TCP stat mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666
1 || 2101915 || 10 || attempted-admin || 0 || GPL RPC STATD UDP monitor mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666
1 || 2101916 || 10 || attempted-admin || 0 || GPL RPC STATD TCP monitor mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666
1 || 2101917 || 7 || network-scan || 0 || GPL MISC UPnP service discover attempt
1 || 2101918 || 7 || network-scan || 0 || GPL SCAN SolarWinds IP scan attempt
1 || 2101919 || 24 || attempted-admin || 0 || GPL FTP CWD overflow attempt || bugtraq,11069 || bugtraq,1227 || bugtraq,1690 || bugtraq,6869 || bugtraq,7251 || bugtraq,7950 || cve,1999-0219 || cve,1999-1058 || cve,1999-1510 || cve,2000-1035 || cve,2000-1194 || cve,2001-0781 || cve,2002-0126 || cve,2002-0405
1 || 2101920 || 8 || attempted-admin || 0 || GPL FTP SITE NEWER overflow attempt || bugtraq,229 || cve,1999-0800
1 || 2101921 || 7 || attempted-admin || 0 || GPL FTP SITE ZIPCHK overflow attempt || cve,2000-0040
1 || 2101922 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap proxy attempt TCP
1 || 2101923 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap proxy attempt UDP
1 || 2101924 || 8 || attempted-recon || 0 || GPL RPC mountd UDP export request
1 || 2101925 || 7 || attempted-recon || 0 || GPL RPC mountd TCP exportall request || arachnids,26
1 || 2101926 || 8 || attempted-recon || 0 || GPL RPC mountd UDP exportall request
1 || 2101927 || 6 || suspicious-filename-detect || 0 || GPL FTP authorized_keys file transfered
1 || 2101928 || 7 || suspicious-filename-detect || 0 || GPL FTP shadow retrieval attempt
1 || 2101930 || 7 || misc-attack || 0 || GPL DELETED auth literal overflow attempt || cve,1999-0005
1 || 2101934 || 11 || attempted-admin || 0 || GPL DELETED FOLD overflow attempt || bugtraq,283 || cve,1999-0920 || nessus,10130
1 || 2101935 || 6 || misc-attack || 0 || GPL DELETED FOLD arbitrary file attempt
1 || 2101936 || 9 || attempted-admin || 0 || GPL POP3 AUTH overflow attempt || bugtraq,830 || cve,1999-0822 || nessus,10184
1 || 2101937 || 8 || attempted-admin || 0 || GPL POP3 LIST overflow attempt || bugtraq,948 || cve,2000-0096 || nessus,10197
1 || 2101938 || 5 || attempted-admin || 0 || GPL POP3 XTND overflow attempt
1 || 2101939 || 5 || misc-activity || 0 || GPL MISC bootp hardware address length overflow || cve,1999-0798
1 || 2101940 || 4 || misc-activity || 0 || GPL MISC bootp invalid hardware type || cve,1999-0798
1 || 2101941 || 10 || attempted-admin || 0 || GPL TFTP GET filename overflow attempt || bugtraq,5328 || cve,2002-0813
1 || 2101942 || 7 || attempted-admin || 0 || GPL FTP RMDIR overflow attempt || bugtraq,819
1 || 2101945 || 8 || web-application-attack || 0 || GPL WEB_SERVER unicode directory traversal attempt || bugtraq,1806 || cve,2000-0884 || nessus,10537
1 || 2101948 || 8 || attempted-recon || 0 || GPL DNS zone transfer UDP || cve,1999-0532 || nessus,10595
1 || 2101949 || 6 || rpc-portmap-decode || 0 || GPL RPC portmap SET attempt TCP 111
1 || 2101950 || 6 || rpc-portmap-decode || 0 || GPL RPC portmap SET attempt UDP 111
1 || 2101951 || 6 || attempted-recon || 0 || GPL RPC mountd TCP mount request
1 || 2101952 || 6 || attempted-recon || 0 || GPL RPC mountd UDP mount request
1 || 2101957 || 6 || attempted-admin || 0 || GPL RPC sadmind UDP PING || bugtraq,866
1 || 2101958 || 6 || attempted-admin || 0 || GPL RPC sadmind TCP PING || bugtraq,866
1 || 2101959 || 8 || rpc-portmap-decode || 0 || GPL RPC portmap NFS request UDP
1 || 2101960 || 8 || rpc-portmap-decode || 0 || GPL RPC portmap NFS request TCP
1 || 2101961 || 8 || rpc-portmap-decode || 0 || GPL RPC portmap RQUOTA request UDP
1 || 2101962 || 8 || rpc-portmap-decode || 0 || GPL RPC portmap RQUOTA request TCP
1 || 2101963 || 10 || misc-attack || 0 || GPL RPC RQUOTA getquota overflow attempt UDP || bugtraq,864 || cve,1999-0974
1 || 2101964 || 9 || misc-attack || 0 || GPL RPC tooltalk UDP overflow attempt || bugtraq,122 || cve,1999-0003
1 || 2101965 || 9 || misc-attack || 0 || GPL RPC tooltalk TCP overflow attempt || bugtraq,122 || cve,1999-0003
1 || 2101971 || 5 || bad-unknown || 0 || GPL FTP SITE EXEC format string attempt
1 || 2101972 || 18 || attempted-admin || 0 || GPL FTP PASS overflow attempt || bugtraq,10078 || bugtraq,10720 || bugtraq,1690 || bugtraq,3884 || bugtraq,8601 || bugtraq,9285 || cve,1999-1519 || cve,1999-1539 || cve,2000-1035 || cve,2002-0126 || cve,2002-0895
1 || 2101973 || 11 || attempted-admin || 0 || GPL FTP MKD overflow attempt || bugtraq,612 || bugtraq,7278 || bugtraq,9872 || cve,1999-0911 || nessus,12108
1 || 2101974 || 7 || attempted-admin || 0 || GPL FTP REST overflow attempt || bugtraq,2972 || cve,2001-0826
1 || 2101975 || 9 || attempted-admin || 0 || GPL FTP DELE overflow attempt || bugtraq,2972 || cve,2001-0826 || cve,2001-1021
1 || 2101976 || 10 || attempted-admin || 0 || GPL FTP RMD overflow attempt || bugtraq,2972 || cve,2000-0133 || cve,2001-0826 || cve,2001-1021
1 || 2101979 || 6 || web-application-attack || 0 || GPL WEB_SERVER perl post attempt || bugtraq,5520 || cve,2002-1436 || nessus,11158
1 || 2101986 || 7 || policy-violation || 0 || GPL CHAT MSN outbound file transfer request
1 || 2101987 || 8 || misc-activity || 0 || GPL EXPLOIT xfs overflow attempt || bugtraq,6241 || cve,2002-1317 || nessus,11188
1 || 2101988 || 6 || policy-violation || 0 || GPL CHAT MSN outbound file transfer accept
1 || 2101989 || 7 || policy-violation || 0 || GPL CHAT MSN outbound file transfer rejected
1 || 2101990 || 2 || policy-violation || 0 || GPL CHAT MSN user search
1 || 2101991 || 3 || policy-violation || 0 || GPL CHAT MSN login attempt
1 || 2101992 || 10 || protocol-command-decode || 0 || GPL FTP LIST directory traversal attempt || bugtraq,2618 || cve,2001-0680 || cve,2002-1054 || nessus,11112
1 || 2101993 || 5 || misc-attack || 0 || GPL IMAP login literal buffer overflow attempt || bugtraq,6298
1 || 2102003 || 9 || misc-attack || 0 || GPL SQL Slammer Worm propagation attempt || bugtraq,5310 || bugtraq,5311 || cve,2002-0649 || nessus,11214 || url,vil.nai.com/vil/content/v_99992.htm
1 || 2102004 || 8 || misc-attack || 0 || GPL WORM Slammer Worm propagation attempt OUTBOUND || bugtraq,5310 || bugtraq,5311 || cve,2002-0649 || nessus,11214 || url,vil.nai.com/vil/content/v_99992.htm
1 || 2102005 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap kcms_server request UDP || bugtraq,6665 || cve,2003-0027 || url,www.kb.cert.org/vuls/id/850785
1 || 2102006 || 11 || rpc-portmap-decode || 0 || GPL RPC portmap kcms_server request TCP || bugtraq,6665 || cve,2003-0027 || url,www.kb.cert.org/vuls/id/850785
1 || 2102007 || 11 || misc-attack || 0 || GPL RPC kcms_server directory traversal attempt || bugtraq,6665 || cve,2003-0027 || url,www.kb.cert.org/vuls/id/850785
1 || 2102008 || 5 || misc-attack || 0 || GPL MISC CVS invalid user authentication response
1 || 2102009 || 3 || misc-attack || 0 || GPL MISC CVS invalid repository response
1 || 2102010 || 5 || misc-attack || 0 || GPL MISC CVS double free exploit attempt response || bugtraq,6650 || cve,2003-0015
1 || 2102011 || 5 || misc-attack || 0 || GPL MISC CVS invalid directory response || bugtraq,6650 || cve,2003-0015
1 || 2102012 || 3 || misc-attack || 0 || GPL MISC CVS missing cvsroot response
1 || 2102013 || 3 || misc-attack || 0 || GPL MISC CVS invalid module response
1 || 2102014 || 6 || rpc-portmap-decode || 0 || GPL RPC portmap UNSET attempt TCP 111 || bugtraq,1892
1 || 2102015 || 6 || rpc-portmap-decode || 0 || GPL RPC portmap UNSET attempt UDP 111 || bugtraq,1892
1 || 2102016 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap status request TCP || arachnids,15
1 || 2102017 || 13 || rpc-portmap-decode || 0 || GPL RPC portmap espd request UDP || bugtraq,2714 || cve,2001-0331
1 || 2102018 || 5 || attempted-recon || 0 || GPL RPC mountd TCP dump request
1 || 2102019 || 5 || attempted-recon || 0 || GPL RPC mountd UDP dump request
1 || 2102020 || 5 || attempted-recon || 0 || GPL RPC mountd TCP unmount request
1 || 2102021 || 5 || attempted-recon || 0 || GPL RPC mountd UDP unmount request
1 || 2102022 || 5 || attempted-recon || 0 || GPL RPC mountd TCP unmountall request
1 || 2102025 || 10 || rpc-portmap-decode || 0 || GPL RPC yppasswd username overflow attempt UDP || bugtraq,2763 || cve,2001-0779
1 || 2102026 || 10 || rpc-portmap-decode || 0 || GPL RPC yppasswd username overflow attempt TCP || bugtraq,2763 || cve,2001-0779
1 || 2102027 || 7 || rpc-portmap-decode || 0 || GPL RPC yppasswd old password overflow attempt UDP || bugtraq,2763 || cve,2001-0779
1 || 2102028 || 7 || rpc-portmap-decode || 0 || GPL RPC yppasswd old password overflow attempt TCP || bugtraq,2763 || cve,2001-0779
1 || 2102029 || 7 || rpc-portmap-decode || 0 || GPL RPC yppasswd new password overflow attempt UDP || bugtraq,2763 || cve,2001-0779
1 || 2102030 || 8 || rpc-portmap-decode || 0 || GPL RPC yppasswd new password overflow attempt TCP || bugtraq,2763 || cve,2001-0779
1 || 2102031 || 8 || rpc-portmap-decode || 0 || GPL RPC yppasswd user update UDP || bugtraq,2763 || cve,2001-0779
1 || 2102032 || 7 || rpc-portmap-decode || 0 || GPL RPC yppasswd user update TCP || bugtraq,2763 || cve,2001-0779
1 || 2102033 || 9 || rpc-portmap-decode || 0 || GPL RPC ypserv maplist request UDP || bugtraq,5914 || bugtraq,6016 || cve,2002-1232
1 || 2102034 || 8 || rpc-portmap-decode || 0 || GPL DELETED ypserv maplist request TCP || Cve,CAN-2002-1232 || bugtraq,5914 || bugtraq,6016
1 || 2102035 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap network-status-monitor request UDP
1 || 2102036 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap network-status-monitor request TCP
1 || 2102037 || 6 || rpc-portmap-decode || 0 || GPL DELETED network-status-monitor mon-callback request UDP
1 || 2102038 || 6 || rpc-portmap-decode || 0 || GPL DELETED network-status-monitor mon-callback request TCP
1 || 2102039 || 7 || misc-attack || 0 || GPL EXPLOIT bootp hostname format string attempt || bugtraq,4701 || cve,2002-0702 || nessus,11312
1 || 2102040 || 4 || misc-activity || 0 || GPL DELETED xtacacs login attempt
1 || 2102042 || 4 || misc-activity || 0 || GPL DELETED xtacacs accepted login response
1 || 2102043 || 3 || misc-activity || 0 || GPL ATTACK_RESPONSE isakmp login failed
1 || 2102044 || 6 || attempted-admin || 0 || GPL POLICY PPTP Start Control Request attempt
1 || 2102046 || 7 || misc-attack || 0 || GPL IMAP partial body.peek buffer overflow attempt || bugtraq,4713 || cve,2002-0379
1 || 2102047 || 3 || misc-activity || 0 || GPL EXPLOIT rsyncd module list access
1 || 2102048 || 7 || misc-activity || 0 || GPL MISC rsyncd overflow attempt || bugtraq,9153 || cve,2003-0962 || nessus,11943
1 || 2102049 || 5 || misc-activity || 0 || GPL SQL ping attempt || nessus,10674
1 || 2102056 || 6 || web-application-attack || 0 || GPL WEB_SERVER TRACE attempt || bugtraq,9561 || nessus,11213 || url,www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
1 || 2102061 || 6 || web-application-attack || 0 || GPL WEB_SERVER Tomcat null byte directory listing attempt || bugtraq,2518 || bugtraq,6721 || cve,2003-0042
1 || 2102073 || 5 || web-application-activity || 0 || GPL WEB_SERVER globals.pl access || bugtraq,2671 || cve,2001-0330
1 || 2102079 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap nlockmgr request UDP || bugtraq,1372 || cve,2000-0508
1 || 2102080 || 7 || rpc-portmap-decode || 0 || GPL RPC portmap nlockmgr request TCP || bugtraq,1372 || cve,2000-0508
1 || 2102081 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap rpc.xfsmd request UDP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359
1 || 2102082 || 10 || rpc-portmap-decode || 0 || GPL RPC portmap rpc.xfsmd request TCP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359
1 || 2102083 || 9 || rpc-portmap-decode || 0 || GPL RPC rpc.xfsmd xfs_export attempt UDP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359
1 || 2102084 || 9 || rpc-portmap-decode || 0 || GPL RPC rpc.xfsmd xfs_export attempt TCP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359
1 || 2102088 || 6 || misc-attack || 0 || GPL RPC ypupdated arbitrary command attempt UDP
1 || 2102089 || 6 || misc-attack || 0 || GPL DELETED ypupdated arbitrary command attempt TCP
1 || 2102090 || 12 || attempted-admin || 0 || GPL EXPLOIT WEBDAV exploit attempt || bugtraq,7116 || bugtraq,7716 || cve,2003-0109 || nessus,11413 || url,www.microsoft.com/technet/security/bulletin/ms03-007.mspx
1 || 2102091 || 12 || attempted-admin || 0 || GPL WEB_SERVER WEBDAV nessus safe scan attempt || bugtraq,7116 || cve,2003-0109 || nessus,11412 || nessus,11413 || url,www.microsoft.com/technet/security/bulletin/ms03-007.mspx
1 || 2102092 || 6 || rpc-portmap-decode || 0 || GPL EXPLOIT portmap proxy integer overflow attempt UDP || bugtraq,7123 || cve,2003-0028
1 || 2102093 || 6 || rpc-portmap-decode || 0 || GPL RPC portmap proxy integer overflow attempt TCP || bugtraq,7123 || cve,2003-0028
1 || 2102094 || 7 || attempted-admin || 0 || GPL RPC CMSD UDP CMSD_CREATE array buffer overflow attempt || bugtraq,5356 || cve,2002-0391
1 || 2102095 || 7 || attempted-admin || 0 || GPL RPC CMSD TCP CMSD_CREATE array buffer overflow attempt || bugtraq,5356 || cve,2002-0391
1 || 2102101 || 12 || denial-of-service || 0 || GPL NETBIOS SMB SMB_COM_TRANSACTION Max Parameter and Max Count of 0 DOS Attempt || bugtraq,5556 || cve,2002-0724 || nessus,11110 || url,www.corest.com/common/showdoc.php?idx=262 || url,www.microsoft.com/technet/security/bulletin/MS02-045.mspx
1 || 2102102 || 10 || denial-of-service || 0 || GPL NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt || bugtraq,5556 || cve,2002-0724 || url,www.corest.com/common/showdoc.php?idx=262 || url,www.microsoft.com/technet/security/bulletin/MS02-045.mspx || nessus,11110
1 || 2102103 || 10 || attempted-admin || 0 || GPL NETBIOS SMB trans2open buffer overflow attempt || bugtraq,7294 || cve,2003-0201 || url,www.digitaldefense.net/labs/advisories/DDI-1013.txt
1 || 2102104 || 6 || unsuccessful-user || 0 || GPL RPC rexec username too long response || bugtraq,7459
1 || 2102105 || 6 || misc-attack || 0 || GPL IMAP authenticate literal overflow attempt || cve,1999-0042 || nessus,10292
1 || 2102106 || 8 || misc-attack || 0 || GPL IMAP lsub overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
1 || 2102107 || 4 || misc-attack || 0 || GPL IMAP create buffer overflow attempt || bugtraq,7446
1 || 2102108 || 4 || attempted-admin || 0 || GPL POP3 CAPA overflow attempt
1 || 2102109 || 4 || attempted-admin || 0 || GPL POP3 TOP overflow attempt
1 || 2102110 || 4 || attempted-admin || 0 || GPL POP3 STAT overflow attempt
1 || 2102111 || 4 || attempted-admin || 0 || GPL POP3 DELE overflow attempt
1 || 2102112 || 4 || attempted-admin || 0 || GPL POP3 RSET overflow attempt
1 || 2102113 || 4 || attempted-admin || 0 || GPL EXPLOIT rexec username overflow attempt
1 || 2102114 || 4 || attempted-admin || 0 || GPL RPC rexec password overflow attempt
1 || 2102118 || 7 || misc-attack || 0 || GPL IMAP list overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
1 || 2102119 || 6 || misc-attack || 0 || GPL IMAP rename literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
1 || 2102120 || 4 || misc-attack || 0 || GPL IMAP create literal buffer overflow attempt || bugtraq,7446
1 || 2102121 || 10 || misc-attack || 0 || GPL POP3 DELE negative argument attempt || bugtraq,6053 || bugtraq,7445 || cve,2002-1539
1 || 2102122 || 11 || misc-attack || 0 || GPL POP3 UIDL negative argument attempt || bugtraq,6053 || cve,2002-1539 || nessus,11570
1 || 2102123 || 7 || successful-admin || 0 || GPL EXPLOIT Microsoft cmd.exe banner || nessus,11633
1 || 2102124 || 4 || trojan-activity || 0 || GPL POLICY Remote PC Access connection attempt || nessus,11673
1 || 2102125 || 10 || protocol-command-decode || 0 || GPL FTP CWD Root directory transversal attempt || bugtraq,7674 || cve,2003-0392 || nessus,11677
1 || 2102131 || 4 || web-application-activity || 0 || GPL WEB_SERVER IISProtect access || nessus,11661
1 || 2102156 || 4 || web-application-activity || 0 || GPL WEB_SERVER mod_gzip_status access || nessus,11685
1 || 2102157 || 3 || web-application-activity || 0 || GPL DELETED IISProtect globaladmin.asp access || nessus,11661
1 || 2102158 || 9 || bad-unknown || 0 || GPL MISC BGP invalid length || bugtraq,6213 || cve,2002-1350 || url,sf.net/tracker/index.php?func=detail&aid=744523&group_id=53066&atid=469575
1 || 2102159 || 12 || bad-unknown || 0 || GPL MISC BGP invalid type 0 || bugtraq,6213 || cve,2002-1350
1 || 2102174 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg create tree attempt
1 || 2102175 || 10 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode create tree attempt
1 || 2102176 || 6 || attempted-recon || 0 || GPL NETBIOS SMB startup folder access
1 || 2102177 || 5 || attempted-recon || 0 || GPL NETBIOS SMB startup folder unicode access
1 || 2102178 || 17 || misc-attack || 0 || GPL FTP USER format string attempt || bugtraq,7474 || bugtraq,7776 || bugtraq,9262 || bugtraq,9402 || bugtraq,9600 || bugtraq,9800 || cve,2004-0277 || nessus,10041 || nessus,11687
1 || 2102179 || 7 || misc-attack || 0 || GPL FTP PASS format string attempt || bugtraq,7474 || bugtraq,9262 || bugtraq,9800 || cve,2000-0699
1 || 2102180 || 5 || policy-violation || 0 || GPL P2P BitTorrent announce request
1 || 2102181 || 3 || policy-violation || 0 || GPL P2P BitTorrent transfer
1 || 2102184 || 8 || misc-attack || 0 || GPL RPC mountd TCP mount path overflow attempt || bugtraq,8179 || cve,2003-0252 || nessus,11800
1 || 2102185 || 8 || misc-attack || 0 || GPL RPC mountd UDP mount path overflow attempt || bugtraq,8179 || cve,2003-0252 || nessus,11800
1 || 2102186 || 4 || non-standard-protocol || 0 || GPL MISC IP Proto 53 SWIPE || bugtraq,8211 || cve,2003-0567
1 || 2102187 || 4 || non-standard-protocol || 0 || GPL MISC IP Proto 55 IP Mobility || bugtraq,8211 || cve,2003-0567
1 || 2102188 || 4 || non-standard-protocol || 0 || GPL MISC IP Proto 77 Sun ND || bugtraq,8211 || cve,2003-0567
1 || 2102189 || 4 || non-standard-protocol || 0 || GPL MISC IP Proto 103 PIM || bugtraq,8211 || cve,2003-0567
1 || 2102190 || 5 || attempted-dos || 0 || GPL NETBIOS DCERPC invalid bind attempt
1 || 2102191 || 4 || attempted-dos || 0 || GPL NETBIOS SMB DCERPC invalid bind attempt
1 || 2102192 || 12 || protocol-command-decode || 0 || GPL NETBIOS DCERPC ISystemActivator bind attempt || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2102193 || 12 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS DCERPC ISystemActivator bind attempt || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2102230 || 10 || default-login-attempt || 0 || GPL SCAN NetGear router default password login attempt admin/password || nessus,11737
1 || 2102250 || 6 || attempted-admin || 0 || GPL POP3 USER format string attempt || bugtraq,10976 || bugtraq,7667 || cve,2003-0391 || nessus,11742
1 || 2102251 || 16 || attempted-admin || 0 || GPL NETBIOS DCERPC Remote Activation bind attempt || bugtraq,8234 || bugtraq,8458 || cve,2003-0528 || cve,2003-0605 || cve,2003-0715 || nessus,11798 || nessus,11835 || url,www.microsoft.com/technet/security/bulletin/MS03-039.mspx
1 || 2102252 || 15 || attempted-admin || 0 || GPL NETBIOS SMB-DS DCERPC Remote Activation bind attempt || bugtraq,8234 || bugtraq,8458 || cve,2003-0528 || cve,2003-0605 || cve,2003-0715 || nessus,11798 || nessus,11835 || url,www.microsoft.com/technet/security/bulletin/MS03-039.mspx
1 || 2102255 || 5 || misc-attack || 0 || GPL RPC sadmind query with root credentials attempt TCP
1 || 2102256 || 5 || misc-attack || 0 || GPL RPC sadmind query with root credentials attempt UDP
1 || 2102257 || 10 || attempted-admin || 0 || GPL NETBIOS DCERPC Messenger Service buffer overflow attempt || bugtraq,8826 || cve,2003-0717 || nessus,11888 || nessus,11890 || url,www.microsoft.com/technet/security/bulletin/MS03-043.mspx
1 || 2102258 || 10 || attempted-admin || 0 || GPL NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt || bugtraq,8826 || cve,2003-0717 || nessus,11888 || nessus,11890 || url,www.microsoft.com/technet/security/bulletin/MS03-043.mspx
1 || 2102259 || 9 || attempted-admin || 0 || GPL SMTP EXPN overflow attempt || bugtraq,6991 || bugtraq,7230 || cve,2002-1337 || cve,2003-0161
1 || 2102272 || 6 || misc-attack || 0 || GPL FTP LIST integer overflow attempt || bugtraq,8875 || cve,2003-0853 || cve,2003-0854
1 || 2102275 || 3 || suspicious-login || 0 || GPL SMTP AUTH LOGON brute force attempt
1 || 2102308 || 7 || misc-attack || 0 || GPL NETBIOS SMB DCERPC Workstation Service unicode bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx
1 || 2102309 || 7 || misc-attack || 0 || GPL NETBIOS SMB DCERPC Workstation Service bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx
1 || 2102310 || 9 || misc-attack || 0 || GPL NETBIOS SMB-DS DCERPC Workstation Service unicode bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx
1 || 2102311 || 8 || misc-attack || 0 || GPL NETBIOS SMB-DS DCERPC Workstation Service bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx
1 || 2102312 || 3 || shellcode-detect || 0 || GPL SHELLCODE x86 0x71FB7BAB NOOP
1 || 2102313 || 3 || shellcode-detect || 0 || GPL SHELLCODE x86 0x71FB7BAB NOOP unicode
1 || 2102314 || 3 || shellcode-detect || 0 || GPL SHELLCODE x86 0x90 NOOP unicode
1 || 2102315 || 7 || misc-attack || 0 || GPL NETBIOS DCERPC Workstation Service direct service bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx
1 || 2102316 || 7 || misc-attack || 0 || GPL NETBIOS DCERPC Workstation Service direct service access attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx
1 || 2102317 || 5 || misc-attack || 0 || GPL MISC CVS non-relative path error response || bugtraq,9178 || cve,2003-0977
1 || 2102318 || 5 || misc-attack || 0 || GPL EXPLOIT CVS non-relative path access attempt || bugtraq,9178 || cve,2003-0977
1 || 2102329 || 7 || attempted-user || 0 || GPL SQL probe response overflow attempt || bugtraq,9407 || cve,2003-0903 || url,www.microsoft.com/technet/security/bulletin/MS04-003.mspx
1 || 2102330 || 3 || misc-attack || 0 || GPL IMAP auth overflow attempt || bugtraq,8861
1 || 2102332 || 2 || misc-attack || 0 || GPL FTP MKDIR format string attempt || bugtraq,9262
1 || 2102333 || 2 || misc-attack || 0 || GPL FTP RENAME format string attempt || bugtraq,9262
1 || 2102335 || 3 || attempted-dos || 0 || GPL DELETED RMD / attempt || bugtraq,9159
1 || 2102336 || 4 || bad-unknown || 0 || GPL TFTP NULL command attempt || bugtraq,7575
1 || 2102337 || 9 || attempted-admin || 0 || GPL TFTP PUT filename overflow attempt || bugtraq,7819 || bugtraq,8505 || cve,2003-0380
1 || 2102338 || 14 || misc-attack || 0 || GPL FTP LIST buffer overflow attempt || bugtraq,10181 || bugtraq,6869 || bugtraq,7251 || bugtraq,7861 || bugtraq,8486 || bugtraq,9675 || cve,1999-0349 || cve,1999-1510 || cve,2000-0129 || url,www.microsoft.com/technet/security/bulletin/MS99-003.mspx
1 || 2102340 || 8 || attempted-admin || 0 || GPL FTP SITE CHMOD overflow attempt || bugtraq,10181 || bugtraq,9483 || bugtraq,9675 || cve,1999-0838 || nessus,12037
1 || 2102343 || 4 || attempted-admin || 0 || GPL FTP STOR overflow attempt || bugtraq,8668 || cve,2000-0133
1 || 2102344 || 4 || attempted-admin || 0 || GPL FTP XCWD overflow attempt || bugtraq,11542 || bugtraq,8704
1 || 2102348 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS DCERPC print spool bind attempt
1 || 2102349 || 7 || attempted-recon || 0 || GPL NETBIOS SMB-DS DCERPC enumerate printers request attempt
1 || 2102373 || 5 || attempted-admin || 0 || GPL FTP XMKD overflow attempt || bugtraq,7909 || cve,2000-0133 || cve,2001-1021
1 || 2102374 || 7 || attempted-admin || 0 || GPL FTP NLST overflow attempt || bugtraq,10184 || bugtraq,7909 || bugtraq,9675 || cve,1999-1544
1 || 2102376 || 4 || attempted-admin || 0 || GPL EXPLOIT ISAKMP first payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040
1 || 2102377 || 4 || attempted-admin || 0 || GPL EXPLOIT ISAKMP second payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040
1 || 2102379 || 7 || attempted-admin || 0 || GPL EXPLOIT ISAKMP forth payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040
1 || 2102380 || 5 || attempted-admin || 0 || GPL EXPLOIT ISAKMP fifth payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040
1 || 2102382 || 22 || protocol-command-decode || 0 || GPL NETBIOS SMB Session Setup NTMLSSP asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx
1 || 2102383 || 21 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Session Setup NTMLSSP asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx
1 || 2102384 || 11 || attempted-dos || 0 || GPL NETBIOS SMB NTLMSSP invalid mechlistMIC attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12054 || nessus,12065
1 || 2102385 || 12 || attempted-dos || 0 || GPL NETBIOS SMB-DS DCERPC NTLMSSP invalid mechlistMIC attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12054 || nessus,12065
1 || 2102386 || 11 || attempted-dos || 0 || GPL EXPLOIT NTLM ASN.1 vulnerability scan attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12055 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx
1 || 2102389 || 8 || attempted-admin || 0 || GPL FTP RNTO overflow attempt || bugtraq,8315 || cve,2000-0133 || cve,2001-1021 || cve,2003-0466
1 || 2102390 || 5 || attempted-admin || 0 || GPL FTP STOU overflow attempt || bugtraq,8315 || cve,2003-0466
1 || 2102391 || 11 || attempted-admin || 0 || GPL FTP APPE overflow attempt || bugtraq,8315 || bugtraq,8542 || cve,2000-0133 || cve,2003-0466
1 || 2102392 || 8 || attempted-admin || 0 || GPL FTP RETR overflow attempt || bugtraq,8315 || cve,2003-0466 || cve,2004-0287 || cve,2004-0298
1 || 2102401 || 5 || attempted-admin || 0 || GPL NETBIOS SMB Session Setup AndX request username overflow attempt || bugtraq,9752 || url,www.eeye.com/html/Research/Advisories/AD20040226.html
1 || 2102402 || 6 || attempted-admin || 0 || GPL NETBIOS SMB-DS Session Setup AndX request username overflow attempt || bugtraq,9752 || url,www.eeye.com/html/Research/Advisories/AD20040226.html
1 || 2102403 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB Session Setup AndX request unicode username overflow attempt || bugtraq,9752 || url,www.eeye.com/html/Research/Advisories/AD20040226.html
1 || 2102404 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Session Setup AndX request unicode username overflow attempt || bugtraq,9752 || url,www.eeye.com/html/Research/Advisories/AD20040226.html
1 || 2102409 || 2 || attempted-admin || 0 || GPL POP3 APOP USER overflow attempt || bugtraq,9794
1 || 2102413 || 10 || misc-attack || 0 || GPL EXPLOIT ISAKMP delete hash with empty hash attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164
1 || 2102414 || 10 || misc-attack || 0 || GPL EXPLOIT ISAKMP initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164
1 || 2102415 || 10 || misc-attack || 0 || GPL EXPLOIT ISAKMP second payload initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164
1 || 2102416 || 7 || attempted-admin || 0 || GPL FTP invalid MDTM command attempt || bugtraq,9751 || cve,2001-1021 || cve,2004-0330
1 || 2102417 || 2 || string-detect || 0 || GPL FTP format string attempt
1 || 2102424 || 6 || attempted-admin || 0 || GPL MISC NNTP sendsys overflow attempt || bugtraq,9382 || cve,2004-0045
1 || 2102425 || 6 || attempted-admin || 0 || GPL MISC NNTP senduuname overflow attempt || bugtraq,9382 || cve,2004-0045
1 || 2102426 || 6 || attempted-admin || 0 || GPL MISC NNTP version overflow attempt || bugtraq,9382 || cve,2004-0045
1 || 2102427 || 6 || attempted-admin || 0 || GPL MISC NNTP checkgroups overflow attempt || bugtraq,9382 || cve,2004-0045
1 || 2102428 || 6 || attempted-admin || 0 || GPL MISC NNTP ihave overflow attempt || bugtraq,9382 || cve,2004-0045
1 || 2102429 || 6 || attempted-admin || 0 || GPL MISC NNTP sendme overflow attempt || bugtraq,9382 || cve,2004-0045
1 || 2102430 || 6 || attempted-admin || 0 || GPL MISC NNTP newgroup overflow attempt || bugtraq,9382 || cve,2004-0045
1 || 2102431 || 6 || attempted-admin || 0 || GPL MISC Nntp rmgroup overflow attempt || bugtraq,9382 || cve,2004-0045
1 || 2102432 || 4 || attempted-admin || 0 || GPL MISC NNTP article post without path attempt
1 || 2102437 || 9 || attempted-user || 0 || GPL WEB_CLIENT RealPlayer arbitrary javascript command attempt || bugtraq,8453 || bugtraq,9378 || cve,2003-0726
1 || 2102438 || 7 || attempted-user || 0 || GPL DELETED RealPlayer playlist file URL overflow attempt || bugtraq,9579 || cve,2004-0258
1 || 2102439 || 6 || attempted-user || 0 || GPL DELETED RealPlayer playlist http URL overflow attempt || bugtraq,9579 || cve,2004-0258
1 || 2102440 || 7 || attempted-user || 0 || GPL DELETED RealPlayer playlist rtsp URL overflow attempt || bugtraq,9579 || cve,2004-0258
1 || 2102449 || 3 || attempted-admin || 0 || GPL FTP ALLO overflow attempt || bugtraq,9953
1 || 2102450 || 5 || policy-violation || 0 || GPL DELETED Yahoo IM successful logon
1 || 2102451 || 4 || policy-violation || 0 || GPL CHAT Yahoo IM voicechat
1 || 2102452 || 5 || policy-violation || 0 || GPL CHAT Yahoo IM ping
1 || 2102453 || 4 || policy-violation || 0 || GPL CHAT Yahoo IM conference invitation
1 || 2102454 || 4 || policy-violation || 0 || GPL CHAT Yahoo IM conference logon success
1 || 2102455 || 4 || policy-violation || 0 || GPL CHAT Yahoo IM conference message
1 || 2102456 || 5 || policy-violation || 0 || GPL CHAT Yahoo Messenger File Transfer Receive Request
1 || 2102458 || 5 || policy-violation || 0 || GPL CHAT Yahoo IM successful chat join
1 || 2102459 || 5 || policy-violation || 0 || GPL CHAT Yahoo IM conference offer invitation
1 || 2102460 || 5 || policy-violation || 0 || GPL CHAT Yahoo IM conference request
1 || 2102461 || 5 || policy-violation || 0 || GPL CHAT Yahoo IM conference watch
1 || 2102462 || 8 || attempted-admin || 0 || GPL EXPLOIT IGMP IGAP account overflow attempt || bugtraq,9952 || cve,2004-0176 || cve,2004-0367
1 || 2102463 || 8 || attempted-admin || 0 || GPL EXPLOIT IGMP IGAP message overflow attempt || bugtraq,9952 || cve,2004-0176 || cve,2004-0367
1 || 2102464 || 8 || attempted-admin || 0 || GPL EXPLOIT EIGRP prefix length overflow attempt || bugtraq,9952 || cve,2004-0176 || cve,2004-0367
1 || 2102465 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IPC$ share access
1 || 2102466 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IPC$ unicode share access
1 || 2102467 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB D$ unicode share access
1 || 2102468 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS D$ share access
1 || 2102469 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS D$ unicode share access
1 || 2102470 || 12 || protocol-command-decode || 0 || GPL NETBIOS SMB C$ unicode share access
1 || 2102471 || 12 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS C$ share access
1 || 2102472 || 11 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS C$ unicode share access
1 || 2102473 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB ADMIN$ unicode share access
1 || 2102474 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ADMIN$ share access
1 || 2102475 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ADMIN$ unicode share access
1 || 2102476 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg create tree attempt
1 || 2102477 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode create tree attempt
1 || 2102478 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg bind attempt
1 || 2102479 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode bind attempt
1 || 2102480 || 10 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown unicode attempt
1 || 2102481 || 10 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown unicode little endian attempt
1 || 2102482 || 10 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown attempt
1 || 2102483 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown little endian attempt
1 || 2102485 || 8 || attempted-admin || 0 || GPL ACTIVEX Norton antivirus sysmspam.dll load attempt || bugtraq,9916 || cve,2004-0363
1 || 2102486 || 6 || attempted-dos || 0 || GPL EXPLOIT ISAKMP invalid identification payload attempt || bugtraq,10004 || cve,2004-0184
1 || 2102491 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS DCERPC ISystemActivator unicode bind attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2102496 || 9 || misc-attack || 0 || GPL NETBIOS SMB-DS DCEPRC ORPCThis request flood attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2102507 || 8 || protocol-command-decode || 0 || GPL NETBIOS DCERPC LSASS bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2102508 || 8 || attempted-admin || 0 || GPL NETBIOS DCERPC LSASS DsRolerUpgradeDownlevelServer Exploit attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2102509 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB DCERPC LSASS unicode bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2102510 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB DCERPC LSASS bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2102511 || 10 || attempted-admin || 0 || GPL NETBIOS SMB DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2102512 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS DCERPC LSASS bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2102513 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS DCERPC LSASS unicode bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2102514 || 8 || attempted-admin || 0 || GPL NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2102523 || 8 || attempted-dos || 0 || GPL MISC BGP spoofed connection reset attempt || bugtraq,10183 || cve,2004-0230 || url,www.uniras.gov.uk/vuls/2004/236929/index.htm
1 || 2102524 || 8 || protocol-command-decode || 0 || GPL NETBIOS DCERPC LSASS direct bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2102525 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB DCERPC LSASS direct bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2102526 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS DCERPC LSASS direct bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx
1 || 2102546 || 7 || attempted-admin || 0 || GPL FTP MDTM overflow attempt || bugtraq,9751 || cve,2001-1021 || cve,2004-0330 || nessus,12080
1 || 2102547 || 4 || web-application-activity || 0 || GPL MISC HP Web JetAdmin remote file upload attempt || bugtraq,9978
1 || 2102548 || 3 || web-application-activity || 0 || GPL MISC HP Web JetAdmin setinfo access || bugtraq,9972
1 || 2102549 || 2 || web-application-activity || 0 || GPL MISC HP Web JetAdmin file write attempt || bugtraq,9973
1 || 2102552 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache HEAD overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
1 || 2102553 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache PUT overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
1 || 2102554 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache POST overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
1 || 2102555 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache TRACE overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
1 || 2102556 || 6 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache DELETE overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
1 || 2102557 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache LOCK overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
1 || 2102558 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache MKCOL overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
1 || 2102559 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache COPY overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
1 || 2102560 || 5 || attempted-admin || 0 || GPL EXPLOIT Oracle Web Cache MOVE overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126
1 || 2102561 || 5 || string-detect || 0 || GPL MISC rsync backup-dir directory traversal attempt || bugtraq,10247 || cve,2004-0426 || nessus,12230
1 || 2102563 || 6 || attempted-admin || 0 || GPL NETBIOS NS lookup response name overflow attempt || bugtraq,10333 || bugtraq,10334 || cve,2004-0444 || cve,2004-0445 || url,www.eeye.com/html/Research/Advisories/AD20040512A.html
1 || 2102574 || 2 || attempted-admin || 0 || GPL FTP RETR format string attempt || bugtraq,9800
1 || 2102576 || 7 || attempted-user || 0 || GPL SQL dbms_repcat.generate_replication_support buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck93.html
1 || 2102577 || 7 || attempted-user || 0 || GPL WEB_CLIENT local resource redirection attempt || cve,2004-0549 || url,www.kb.cert.org/vuls/id/713878
1 || 2102578 || 4 || attempted-admin || 0 || GPL RPC kerberos principal name overflow UDP || url,web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
1 || 2102579 || 4 || attempted-admin || 0 || GPL RPC kerberos principal name overflow TCP || url,web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt
1 || 2102580 || 12 || attempted-admin || 0 || GPL WEB_CLIENT server negative Content-Length attempt || cve,2004-0492 || url,www.guninski.com/modproxy1.html
1 || 2102583 || 3 || misc-attack || 0 || GPL DELETED CVS Max-dotdot integer overflow attempt || bugtraq,10499 || cve,2004-0417
1 || 2102584 || 5 || attempted-user || 0 || GPL P2P eMule buffer overflow attempt || bugtraq,10039 || nessus,12233
1 || 2102585 || 3 || attempted-recon || 0 || GPL SCAN nessus 2.x 404 probe || nessus,10386
1 || 2102586 || 3 || policy-violation || 0 || GPL P2P eDonkey transfer || url,www.kom.e-technik.tu-darmstadt.de/publications/abstracts/HB02-1.html
1 || 2102587 || 4 || policy-violation || 0 || GPL P2P eDonkey server response || url,www.emule-project.net
1 || 2102589 || 7 || attempted-user || 0 || GPL DELETED Content-Disposition CLSID command attempt || bugtraq,9510 || cve,2004-0420 || url,www.microsoft.com/technet/security/bulletin/ms04-024.mspx
1 || 2102590 || 5 || attempted-admin || 0 || GPL SMTP MAIL FROM overflow attempt || bugtraq,10290 || bugtraq,7506 || cve,2004-0399 || url,www.guninski.com/exim1.html
1 || 2102597 || 5 || web-application-attack || 0 || GPL DELETED Samba SWAT Authorization overflow attempt || bugtraq,10780
1 || 2102598 || 3 || web-application-attack || 0 || GPL DELETED Samba SWAT Authorization port 901 overflow attempt || bugtraq,10780
1 || 2102599 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_grouped_column buffer overflow attempt
1 || 2102600 || 3 || attempted-user || 0 || GPL SQL add_grouped_column ordered sname/oname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html
1 || 2102601 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.drop_master_repgroup buffer overflow attempt
1 || 2102602 || 3 || attempted-user || 0 || GPL SQL drop_master_repgroup ordered gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck87.html
1 || 2102603 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.create_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html
1 || 2102604 || 3 || attempted-user || 0 || GPL SQL create_mview_repgroup ordered fname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html
1 || 2102605 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.compare_old_values buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck91.html
1 || 2102606 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_repobject buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html
1 || 2102607 || 3 || attempted-user || 0 || GPL SQL comment_on_repobject ordered type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html
1 || 2102608 || 4 || attempted-user || 0 || GPL SQL sysdbms_repcat_rgt.check_ddl_text buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
1 || 2102609 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.cancel_statistics buffer overflow attempt
1 || 2102610 || 3 || attempted-user || 0 || GPL SQL cancel_statistics ordered sname/oname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html
1 || 2102612 || 4 || attempted-user || 0 || GPL SQL sys.dbms_repcat_auth.revoke_surrogate_repcat buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
1 || 2102614 || 3 || attempted-user || 0 || GPL SQL time_zone buffer overflow attempt || bugtraq,9587 || url,www.nextgenss.com/advisories/ora_time_zone.txt
1 || 2102615 || 4 || attempted-user || 0 || GPL SQL sys.dbms_repcat_auth.grant_surrogate_repcat buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
1 || 2102616 || 3 || attempted-user || 0 || GPL SQL grant_surrogate_repcat ordered userid buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
1 || 2102617 || 4 || attempted-user || 0 || GPL SQL sys.dbms_repcat.alter_mview_propagation buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html
1 || 2102618 || 3 || attempted-user || 0 || GPL SQL alter_mview_propagation ordered gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html
1 || 2102619 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.alter_master_repobject buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html
1 || 2102621 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_sna_utl.register_flavor_change buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
1 || 2102622 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_utl.drop_an_object buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
1 || 2102623 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_sna_utl.create_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
1 || 2102624 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_admin.unregister_user_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html
1 || 2102625 || 3 || attempted-user || 0 || GPL SQL unregister_user_repgroup ordered privilege_type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html
1 || 2102626 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.send_old_values buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck91.html
1 || 2102627 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.repcat_import_check buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html
1 || 2102628 || 3 || attempted-user || 0 || GPL SQL repcat_import_check ordered gowner/gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html
1 || 2102629 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_admin.register_user_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html
1 || 2102630 || 3 || attempted-user || 0 || GPL SQL register_user_repgroup ordered privilege_type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html
1 || 2102631 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.refresh_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html
1 || 2102632 || 3 || attempted-user || 0 || GPL SQL refresh_mview_repgroup ordered gowner buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html
1 || 2102633 || 4 || attempted-user || 0 || GPL SQL sys.dbms_rectifier_diff.rectify buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
1 || 2102634 || 3 || attempted-user || 0 || GPL SQL rectifier_diff ordered sname1 buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
1 || 2102635 || 4 || attempted-user || 0 || GPL SQL dbms_offline_snapshot.end_load buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html
1 || 2102636 || 3 || attempted-user || 0 || GPL SQL snapshot.end_load ordered gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html
1 || 2102637 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.drop_master_repobject buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html
1 || 2102638 || 3 || attempted-user || 0 || GPL SQL drop_master_repobject ordered type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html
1 || 2102639 || 4 || attempted-user || 0 || GPL SQL dbms_repcat.drop_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html
1 || 2102640 || 3 || attempted-user || 0 || GPL SQL drop_mview_repgroup ordered gowner/gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html
1 || 2102641 || 5 || attempted-user || 0 || GPL SQL dbms_repcat_instantiate.drop_site_instantiation buffer overflow attempt
1 || 2102642 || 3 || attempted-user || 0 || GPL SQL drop_site_instantiate ordered refresh_template_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck629.html
1 || 2102643 || 4 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.ensure_not_published buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck96.html
1 || 2102644 || 4 || attempted-user || 0 || GPL SQL from_tz buffer overflow attempt || url,www.nextgenss.com/advisories/ora_from_tz.txt
1 || 2102645 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_instantiate.instantiate_offline buffer overflow attempt
1 || 2102646 || 3 || attempted-user || 0 || GPL SQL instantiate_offline ordered refresh_template_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck630.html
1 || 2102647 || 4 || attempted-user || 0 || GPL SQL dbms_repcat_instantiate.instantiate_online buffer overflow attempt
1 || 2102648 || 3 || attempted-user || 0 || GPL SQL instantiate_online ordered refresh_template_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck631.html
1 || 2102649 || 3 || attempted-user || 0 || GPL SQL service_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck52.html
1 || 2102650 || 3 || attempted-user || 0 || GPL SQL user name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck62.html
1 || 2102652 || 4 || attempted-user || 0 || GPL SQL dbms_offline_og.begin_load buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html
1 || 2102653 || 3 || attempted-user || 0 || GPL SQL og.begin_load ordered gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html
1 || 2102654 || 4 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS PHPNuke Forum viewtopic SQL insertion attempt || bugtraq,7193
1 || 2102664 || 4 || attempted-admin || 0 || GPL DELETED login format string attempt || bugtraq,10976
1 || 2102665 || 3 || attempted-admin || 0 || GPL IMAP login literal format string attempt || bugtraq,10976
1 || 2102666 || 2 || attempted-admin || 0 || GPL POP3 PASS format string attempt || bugtraq,10976
1 || 2102671 || 6 || attempted-user || 0 || GPL WEB_CLIENT bitmap BitmapOffset integer overflow attempt || bugtraq,9663 || cve,2004-0566
1 || 2102673 || 6 || attempted-user || 0 || GPL WEB_CLIENT libpng tRNS overflow attempt || bugtraq,10872 || cve,2004-0597
1 || 2102674 || 2 || attempted-user || 0 || GPL SQL dbms_repcat.add_delete_resolution buffer overflow attempt
1 || 2102675 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_rgt.instantiate_offline buffer overflow attempt
1 || 2102676 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_rgt.drop_site_instantiation buffer overflow attempt
1 || 2102677 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_rgt.instantiate_online buffer overflow attempt
1 || 2102678 || 3 || attempted-user || 0 || GPL SQL ctx_output.start_log buffer overflow attempt
1 || 2102679 || 3 || attempted-user || 0 || GPL SQL sys.dbms_system.ksdwrt buffer overflow attempt
1 || 2102680 || 3 || attempted-user || 0 || GPL SQL ctxsys.driddlr.subindexpopulate buffer overflow attempt
1 || 2102681 || 3 || attempted-user || 0 || GPL SQL mdsys.sdo_admin.sdo_code_size buffer overflow attempt
1 || 2102682 || 3 || attempted-user || 0 || GPL SQL mdsys.md2.validate_geom buffer overflow attempt
1 || 2102683 || 3 || attempted-user || 0 || GPL SQL mdsys.md2.sdo_code_size buffer overflow attempt
1 || 2102684 || 3 || attempted-user || 0 || GPL SQL sys.ltutil.pushdeferredtxns buffer overflow attempt
1 || 2102685 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_rq.add_column buffer overflow attempt
1 || 2102686 || 3 || attempted-user || 0 || GPL SQL sys.dbms_rectifier_diff.differences buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
1 || 2102687 || 3 || attempted-user || 0 || GPL SQL sys.dbms_internal_repcat.validate buffer overflow attempt
1 || 2102688 || 3 || attempted-user || 0 || GPL SQL sys.dbms_internal_repcat.enable_receiver_trace buffer overflow attempt
1 || 2102689 || 3 || attempted-user || 0 || GPL SQL sys.dbms_internal_repcat.disable_receiver_trace buffer overflow attempt
1 || 2102690 || 3 || attempted-user || 0 || GPL SQL sys.dbms_defer_repcat.enable_propagation_to_dblink buffer overflow attempt
1 || 2102691 || 3 || attempted-user || 0 || GPL SQL sys.dbms_defer_internal_sys.parallel_push_recovery buffer overflow attempt
1 || 2102692 || 3 || attempted-user || 0 || GPL SQL sys.dbms_aqadm_sys.verify_queue_types buffer overflow attempt
1 || 2102693 || 3 || attempted-user || 0 || GPL SQL sys.dbms_aqadm.verify_queue_types_no_queue buffer overflow attempt
1 || 2102694 || 3 || attempted-user || 0 || GPL SQL sys.dbms_aqadm.verify_queue_types_get_nrp buffer overflow attempt
1 || 2102695 || 3 || attempted-user || 0 || GPL SQL sys.dbms_aq_import_internal.aq_table_defn_update buffer overflow attempt
1 || 2102696 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_utl.is_master buffer overflow attempt
1 || 2102697 || 3 || attempted-user || 0 || GPL SQL alter file buffer overflow attempt
1 || 2102698 || 3 || attempted-user || 0 || GPL SQL create file buffer overflow attempt
1 || 2102699 || 2 || attempted-user || 0 || GPL SQL TO_CHAR buffer overflow attempt
1 || 2102700 || 4 || attempted-user || 0 || GPL SQL numtoyminterval buffer overflow attempt
1 || 2102703 || 5 || web-application-attack || 0 || GPL SQL Oracle iSQLPlus login.uix username overflow attempt || bugtraq,10871 || url,www.nextgenss.com/advisories/ora-isqlplus.txt
1 || 2102708 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.begin_flavor_change buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102709 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.begin_instantiation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102710 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.begin_load buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102711 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.end_flavor_change buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102712 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.end_instantiation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102713 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.end_load buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102714 || 3 || attempted-user || 0 || GPL SQL dbms_offline_og.resume_subset_of_masters buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102715 || 3 || attempted-user || 0 || GPL SQL dbms_offline_snapshot.begin_load buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102716 || 3 || attempted-user || 0 || GPL SQL dbms_offline_snapshot.end_load buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102717 || 3 || attempted-user || 0 || GPL SQL dbms_rectifier_diff.differences buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102718 || 2 || attempted-user || 0 || GPL SQL dbms_rectifier_diff.rectify buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102719 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.abort_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102720 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_column_group_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102721 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_columns_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102722 || 2 || attempted-user || 0 || GPL SQL dbms_repcat.add_object_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102723 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102724 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102725 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102726 || 2 || attempted-user || 0 || GPL DELETED dbms_repcat.add_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102727 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102728 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102729 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102730 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102731 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102732 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.add_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102733 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_master_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102734 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_mview_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102735 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102736 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102737 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102738 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102739 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102740 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102741 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102742 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102743 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102744 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102745 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.alter_snapshot_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102746 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_auth.revoke_surrogate_repcat buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102747 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.begin_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102748 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102749 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102750 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_mview_repsites buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102751 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_priority_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102752 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102753 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_repsites buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102754 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102755 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102756 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.comment_on_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102757 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.create_master_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102758 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.create_master_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102759 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.create_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102760 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.define_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102761 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.define_priority_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102762 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.define_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102763 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.do_deferred_repcat_admin buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102764 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_column_group_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102765 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102766 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_columns_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102767 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102768 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_grouped_column buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102769 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_mview_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102770 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_object_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102771 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102772 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102773 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102774 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102775 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102776 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102777 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102778 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102779 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102780 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102781 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102782 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102783 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102784 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.drop_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102785 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.execute_ddl buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102786 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.generate_replication_package buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102787 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_instantiate.instantiate_online buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102788 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.make_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102789 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.obsolete_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102790 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.publish_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102791 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.purge_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102792 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.purge_master_log buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102793 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.purge_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102794 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.refresh_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102795 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.refresh_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102796 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.register_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102797 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.register_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102798 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.register_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102799 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.relocate_masterdef buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102800 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.rename_shadow_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102801 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.resume_master_activity buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102802 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_rgt.check_ddl_text buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102803 || 3 || attempted-user || 0 || GPL SQL dbms_repcat_rgt.drop_site_instantiation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102804 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.send_and_compare_old_values buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102805 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.set_columns buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102806 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.set_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102807 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.specify_new_masters buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102808 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.suspend_master_activity buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102809 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.unregister_mview_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102810 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.unregister_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102811 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.validate_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102812 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.validate_for_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102813 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.abort_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102814 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.add_object_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102815 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.begin_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102816 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.drop_object_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102817 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.add_column_group_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102818 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.add_columns_to_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102819 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.drop_column_group_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102820 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.drop_columns_from_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102821 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.obsolete_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102822 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.publish_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102823 || 2 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla_mas.purge_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102824 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.set_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102825 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.validate_flavor_definition buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102826 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_fla.validate_for_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102827 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.alter_master_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102828 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.comment_on_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102829 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.comment_on_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102830 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.create_master_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102831 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.create_master_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102832 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.do_deferred_repcat_admin buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102833 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.drop_master_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102834 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.generate_replication_package buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102835 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.purge_master_log buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102836 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.relocate_masterdef buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102837 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.rename_shadow_column_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102838 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.resume_master_activity buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102839 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_mas.suspend_master_activity buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102840 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.alter_snapshot_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102841 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.create_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102842 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.drop_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102843 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.drop_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102844 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.refresh_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102845 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.register_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102846 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.repcat_import_check buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102847 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.unregister_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102848 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_utl4.drop_master_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102849 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_utl.drop_an_object buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102850 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.create_mview_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102851 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.create_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102852 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.generate_mview_support buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102853 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.generate_replication_trigger buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102854 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.generate_snapshot_support buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102855 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.remove_master_databases buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102856 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.switch_mview_master buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102857 || 3 || attempted-user || 0 || GPL SQL dbms_repcat.switch_snapshot_master buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102858 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102859 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102860 || 4 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102861 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102862 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102863 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102864 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102865 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102866 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102867 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102868 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.add_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102869 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102870 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102871 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102872 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102874 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102875 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102876 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102877 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102878 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.alter_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102879 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.cancel_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102880 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.comment_on_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102881 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.comment_on_priority_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102882 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.comment_on_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102883 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.comment_on_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102884 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.comment_on_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102885 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.define_priority_group buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102886 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.define_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102887 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_delete_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102888 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_char buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102889 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_date buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102890 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_nchar buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102891 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_number buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102892 || 5 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_nvarchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102893 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_raw buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102894 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102895 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_priority_varchar2 buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102896 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_site_priority_site buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102897 || 4 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_site_priority buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102898 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_unique_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102899 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.drop_update_resolution buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102900 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.purge_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102901 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_conf.register_statistics buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102902 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.alter_snapshot_propagation buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102903 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.create_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102904 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.create_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102905 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.create_snapshot_repschema buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102906 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.drop_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102907 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.drop_snapshot_repobject buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102908 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.drop_snapshot_repschema buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102909 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.generate_snapshot_support buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102910 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.refresh_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102911 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.refresh_snapshot_repschema buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102912 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.register_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102913 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.repcat_import_check buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102914 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.set_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102915 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.switch_snapshot_master buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102916 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.unregister_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102917 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna_utl.switch_snapshot_master buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102918 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_sna.validate_for_local_flavor buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102919 || 3 || attempted-user || 0 || GPL SQL sys.dbms_repcat_untrusted.register_snapshot_repgroup buffer overflow attempt || url,www.appsecinc.com/resources/alerts/oracle/2004-0001/25.html
1 || 2102923 || 4 || unsuccessful-user || 0 || GPL NETBIOS SMB repeated logon failure
1 || 2102924 || 4 || unsuccessful-user || 0 || GPL NETBIOS SMB-DS repeated logon failure
1 || 2102925 || 5 || misc-activity || 0 || GPL WEB_CLIENT web bug 0x0 gif attempt
1 || 2102927 || 5 || attempted-admin || 0 || GPL MISC NNTP XPAT pattern overflow attempt || cve,2004-0574 || url,www.microsoft.com/technet/security/bulletin/MS04-036.mspx
1 || 2102928 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi create tree attempt || bugtraq,11372 || cve,2004-0206
1 || 2102929 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi unicode create tree attempt || bugtraq,11372 || cve,2004-0206
1 || 2102930 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi create tree attempt || bugtraq,11372 || cve,2004-0206
1 || 2102931 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi unicode create tree attempt || bugtraq,11372 || cve,2004-0206
1 || 2102932 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi bind attempt || bugtraq,11372 || cve,2004-0206
1 || 2102933 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi unicode bind attempt || bugtraq,11372 || cve,2004-0206
1 || 2102934 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi bind attempt || bugtraq,11372 || cve,2004-0206
1 || 2102935 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi unicode bind attempt || bugtraq,11372 || cve,2004-0206
1 || 2102936 || 6 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102937 || 6 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW unicode overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102938 || 6 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102939 || 7 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102940 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg bind attempt
1 || 2102941 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode bind attempt
1 || 2102942 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown attempt
1 || 2102943 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown little endian attempt
1 || 2102944 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown unicode attempt
1 || 2102945 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown unicode little endian attempt
1 || 2102946 || 7 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW little endian overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102947 || 6 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102948 || 7 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102949 || 7 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102950 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB too many stacked requests
1 || 2102951 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS too many stacked requests
1 || 2102954 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IPC$ andx share access
1 || 2102955 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IPC$ unicode andx share access
1 || 2102956 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi andx create tree attempt || bugtraq,11372 || cve,2004-0206
1 || 2102957 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi unicode andx create tree attempt || bugtraq,11372 || cve,2004-0206
1 || 2102958 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi andx create tree attempt || bugtraq,11372 || cve,2004-0206
1 || 2102959 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi unicode andx create tree attempt || bugtraq,11372 || cve,2004-0206
1 || 2102960 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi andx bind attempt || bugtraq,11372 || cve,2004-0206
1 || 2102961 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB nddeapi unicode andx bind attempt || bugtraq,11372 || cve,2004-0206
1 || 2102962 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi andx bind attempt || bugtraq,11372 || cve,2004-0206
1 || 2102963 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS nddeapi unicode andx bind attempt || bugtraq,11372 || cve,2004-0206
1 || 2102964 || 5 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW andx overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102965 || 5 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW little endian andx overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102966 || 5 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW unicode andx overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102967 || 5 || attempted-admin || 0 || GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian andx overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102968 || 5 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW andx overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102969 || 5 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian andx overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102970 || 5 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode andx overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102971 || 5 || attempted-admin || 0 || GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian andx overflow attempt || bugtraq,11372 || cve,2004-0206
1 || 2102974 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS D$ andx share access
1 || 2102975 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS D$ unicode andx share access
1 || 2102978 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS C$ andx share access
1 || 2102979 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS C$ unicode andx share access
1 || 2102982 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ADMIN$ andx share access
1 || 2102983 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ADMIN$ unicode andx share access
1 || 2102984 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg andx create tree attempt
1 || 2102985 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode andx create tree attempt
1 || 2102986 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg andx create tree attempt
1 || 2102987 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode andx create tree attempt
1 || 2102988 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg andx bind attempt
1 || 2102989 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode andx bind attempt
1 || 2102990 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg andx bind attempt
1 || 2102991 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode andx bind attempt
1 || 2102992 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown andx attempt
1 || 2102993 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown little endian andx attempt
1 || 2102994 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown unicode andx attempt
1 || 2102995 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB InitiateSystemShutdown unicode little endian andx attempt
1 || 2102996 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown andx attempt
1 || 2102997 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown little endian andx attempt
1 || 2102998 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown unicode andx attempt
1 || 2102999 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS InitiateSystemShutdown unicode little endian andx attempt
1 || 2103000 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB Session Setup NTMLSSP unicode asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx
1 || 2103001 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB Session Setup NTMLSSP andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx
1 || 2103002 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB Session Setup NTMLSSP unicode andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx
1 || 2103003 || 7 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx
1 || 2103004 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx
1 || 2103005 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx
1 || 2103007 || 2 || misc-attack || 0 || GPL IMAP delete overflow attempt || bugtraq,11675
1 || 2103008 || 2 || misc-attack || 0 || GPL IMAP delete literal overflow attempt || bugtraq,11675
1 || 2103017 || 7 || misc-attack || 0 || GPL EXPLOIT WINS overflow attempt || bugtraq,11763 || cve,2004-1080 || url,www.immunitysec.com/downloads/instantanea.pdf || url,www.microsoft.com/technet/security/bulletin/MS04-045.mspx
1 || 2103018 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE oversized Security Descriptor attempt || cve,2004-1154
1 || 2103019 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt || cve,2004-1154
1 || 2103020 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode oversized Security Descriptor attempt || cve,2004-1154
1 || 2103021 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode andx oversized Security Descriptor attempt || cve,2004-1154
1 || 2103022 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE oversized Security Descriptor attempt || cve,2004-1154
1 || 2103023 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt || cve,2004-1154
1 || 2103024 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode oversized Security Descriptor attempt || cve,2004-1154
1 || 2103025 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt || cve,2004-1154
1 || 2103026 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE SACL overflow attempt || cve,2004-1154
1 || 2103027 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt || cve,2004-1154
1 || 2103028 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode SACL overflow attempt || cve,2004-1154
1 || 2103029 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode andx SACL overflow attempt || cve,2004-1154
1 || 2103030 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE SACL overflow attempt || cve,2004-1154
1 || 2103031 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt || cve,2004-1154
1 || 2103032 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode SACL overflow attempt || cve,2004-1154
1 || 2103033 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt || cve,2004-1154
1 || 2103034 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE DACL overflow attempt || cve,2004-1154
1 || 2103035 || 9 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt || cve,2004-1154
1 || 2103036 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode DACL overflow attempt || cve,2004-1154
1 || 2103037 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt || cve,2004-1154
1 || 2103038 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE DACL overflow attempt || cve,2004-1154
1 || 2103039 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt || cve,2004-1154
1 || 2103040 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode DACL overflow attempt || cve,2004-1154
1 || 2103041 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx DACL overflow attempt || cve,2004-1154
1 || 2103042 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt
1 || 2103043 || 8 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt
1 || 2103044 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt
1 || 2103045 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt
1 || 2103046 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt
1 || 2103047 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt
1 || 2103048 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt
1 || 2103049 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt
1 || 2103050 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE invalid SACL ace size dos attempt
1 || 2103051 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE andx invalid SACL ace size dos attempt
1 || 2103052 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode invalid SACL ace size dos attempt
1 || 2103053 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt
1 || 2103054 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE invalid SACL ace size dos attempt
1 || 2103055 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE andx invalid SACL ace size dos attempt
1 || 2103056 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode invalid SACL ace size dos attempt
1 || 2103057 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS NT Trans NT CREATE unicode andx invalid SACL ace size dos attempt
1 || 2103058 || 2 || misc-attack || 0 || GPL IMAP copy literal overflow attempt || bugtraq,1110
1 || 2103059 || 3 || protocol-command-decode || 0 || GPL DELETED TLSv1 Client_Hello via SSLv2 handshake request
1 || 2103061 || 3 || misc-activity || 0 || GPL DELETED distccd command execution attempt || url,distcc.samba.org/security.html
1 || 2103062 || 4 || web-application-activity || 0 || GPL WEB_SPECIFIC_APPS NetScreen SA 5000 delhomepage.cgi access || bugtraq,9791
1 || 2103063 || 4 || misc-activity || 0 || GPL DELETED Vampire 1.2 connection request
1 || 2103064 || 3 || misc-activity || 0 || GPL DELETED Vampire 1.2 connection confirmation
1 || 2103066 || 3 || misc-attack || 0 || GPL IMAP append overflow attempt || bugtraq,11775
1 || 2103067 || 2 || misc-attack || 0 || GPL IMAP examine literal overflow attempt || bugtraq,11775
1 || 2103068 || 2 || misc-attack || 0 || GPL IMAP examine overflow attempt || bugtraq,11775
1 || 2103069 || 2 || misc-attack || 0 || GPL IMAP fetch literal overflow attempt || bugtraq,11775
1 || 2103070 || 3 || misc-attack || 0 || GPL IMAP fetch overflow attempt || bugtraq,11775
1 || 2103071 || 2 || misc-attack || 0 || GPL IMAP status literal overflow attempt || bugtraq,11775
1 || 2103072 || 3 || misc-attack || 0 || GPL IMAP status overflow attempt || bugtraq,11775 || bugtraq,13727 || cve,2005-1256
1 || 2103073 || 2 || misc-attack || 0 || GPL IMAP subscribe literal overflow attempt || bugtraq,11775
1 || 2103074 || 2 || misc-attack || 0 || GPL IMAP subscribe overflow attempt || bugtraq,11775
1 || 2103075 || 2 || misc-attack || 0 || GPL IMAP unsubscribe literal overflow attempt || bugtraq,11775
1 || 2103076 || 2 || misc-attack || 0 || GPL IMAP unsubscribe overflow attempt || bugtraq,11775
1 || 2103077 || 2 || attempted-admin || 0 || GPL FTP RNFR overflow attempt
1 || 2103078 || 3 || attempted-admin || 0 || GPL MISC nntp SEARCH pattern overflow attempt || cve,2004-0574 || url,www.microsoft.com/technet/security/bulletin/MS04-036.mspx
1 || 2103079 || 5 || attempted-user || 0 || GPL WEB_CLIENT Microsoft ANI file parsing overflow || cve,2004-1049
1 || 2103080 || 3 || misc-attack || 0 || GPL GAMES Unreal Tournament secure overflow attempt || bugtraq,10570 || cve,2004-0608
1 || 2103088 || 2 || attempted-user || 0 || GPL WEB_CLIENT winamp .cda file name overflow attempt || bugtraq,11730
1 || 2103089 || 3 || attempted-user || 0 || GPL MISC squid WCCP I_SEE_YOU message overflow attempt || bugtraq,12275 || cve,2005-0095
1 || 2103090 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc create tree attempt
1 || 2103091 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc unicode create tree attempt
1 || 2103092 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc andx create tree attempt
1 || 2103093 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc unicode andx create tree attempt
1 || 2103094 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc create tree attempt
1 || 2103095 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc unicode create tree attempt
1 || 2103096 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc andx create tree attempt
1 || 2103097 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc unicode andx create tree attempt
1 || 2103098 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc bind attempt
1 || 2103099 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc little endian bind attempt
1 || 2103100 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc unicode bind attempt
1 || 2103101 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc unicode little endian bind attempt
1 || 2103102 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc andx bind attempt
1 || 2103103 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc little endian andx bind attempt
1 || 2103104 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc unicode andx bind attempt
1 || 2103105 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB llsrpc unicode little endian andx bind attempt
1 || 2103106 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc bind attempt
1 || 2103107 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc little endian bind attempt
1 || 2103108 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc unicode bind attempt
1 || 2103109 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc unicode little endian bind attempt
1 || 2103110 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc andx bind attempt
1 || 2103111 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc little endian andx bind attempt
1 || 2103112 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc unicode andx bind attempt
1 || 2103113 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS llsrpc unicode little endian andx bind attempt
1 || 2103114 || 5 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103115 || 5 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect little endian overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103116 || 5 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect unicode overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103117 || 5 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect unicode little endian overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103118 || 4 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103119 || 4 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect little endian andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103120 || 4 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect unicode andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103121 || 5 || attempted-admin || 0 || GPL NETBIOS SMB llsrconnect unicode little endian andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103122 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103123 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect little endian overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103124 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect unicode overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103125 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect unicode little endian overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103126 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103127 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect little endian andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103128 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect unicode andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103129 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS llsrconnect unicode little endian andx overflow attempt || url,www.microsoft.com/technet/security/bulletin/ms05-010.mspx
1 || 2103132 || 5 || attempted-user || 0 || GPL WEB_CLIENT PNG large image width download attempt || bugtraq,11523 || cve,2004-0990 || cve,2004-1244 || url,www.microsoft.com/technet/security/bulletin/MS05-009.mspx
1 || 2103133 || 6 || attempted-user || 0 || GPL WEB_CLIENT PNG large image height download attempt || bugtraq,11481 || bugtraq,11523 || cve,2004-0599 || cve,2004-0990 || cve,2004-1244 || url,www.microsoft.com/technet/security/bulletin/MS05-009.mspx
1 || 2103134 || 5 || attempted-user || 0 || GPL WEB_CLIENT PNG large colour depth download attempt || bugtraq,11523 || cve,2004-0990 || cve,2004-1244 || url,www.microsoft.com/technet/security/bulletin/MS05-009.mspx
1 || 2103135 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB Trans2 QUERY_FILE_INFO attempt
1 || 2103136 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB Trans2 QUERY_FILE_INFO andx attempt
1 || 2103137 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Trans2 QUERY_FILE_INFO attempt
1 || 2103138 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Trans2 QUERY_FILE_INFO andx attempt
1 || 2103139 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB Trans2 FIND_FIRST2 attempt
1 || 2103140 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB Trans2 FIND_FIRST2 andx attempt
1 || 2103141 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 attempt
1 || 2103142 || 3 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 andx attempt
1 || 2103143 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB Trans2 FIND_FIRST2 response overflow attempt || cve,2005-0045 || url,www.microsoft.com/technet/security/Bulletin/MS05-011.mspx
1 || 2103144 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB Trans2 FIND_FIRST2 response andx overflow attempt || cve,2005-0045 || url,www.microsoft.com/technet/security/Bulletin/MS05-011.mspx
1 || 2103145 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 response overflow attempt || cve,2005-0045 || url,www.microsoft.com/technet/security/Bulletin/MS05-011.mspx
1 || 2103146 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS Trans2 FIND_FIRST2 response andx overflow attempt || cve,2005-0045 || url,www.microsoft.com/technet/security/Bulletin/MS05-011.mspx
1 || 2103148 || 6 || attempted-user || 0 || GPL ACTIVEX winhelp clsid attempt || bugtraq,4857 || cve,2002-0823 || url,www.ngssoftware.com/advisories/ms-winhlp.txt
1 || 2103149 || 4 || attempted-user || 0 || GPL WEB_CLIENT object type overflow attempt || cve,2003-0344 || url,www.microsoft.com/technet/security/bulletin/MS03-020.mspx
1 || 2103151 || 5 || attempted-recon || 0 || GPL SCAN Finger / execution attempt || cve,1999-0612 || cve,2000-0915
1 || 2103152 || 4 || unsuccessful-user || 0 || GPL SQL sa brute force failed login attempt || bugtraq,4797 || cve,2000-1209 || nessus,10673
1 || 2103153 || 3 || attempted-admin || 0 || GPL DNS TCP inverse query overflow || bugtraq,134 || cve,1999-0009
1 || 2103154 || 3 || attempted-admin || 0 || GPL DNS UDP inverse query overflow || bugtraq,134 || cve,1999-0009
1 || 2103156 || 4 || protocol-command-decode || 0 || GPL NETBIOS DCERPC msqueue bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103157 || 4 || protocol-command-decode || 0 || GPL NETBIOS DCERPC msqueue little endian bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103158 || 6 || attempted-admin || 0 || GPL NETBIOS DCERPC CoGetInstanceFromFile little endian overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103159 || 4 || attempted-admin || 0 || GPL NETBIOS DCERPC CoGetInstanceFromFile overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103160 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103161 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue little endian bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103162 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue unicode bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103163 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue unicode little endian bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103164 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103165 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue little endian andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103166 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue unicode andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103167 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB msqueue unicode little endian andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103168 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103169 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue little endian bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103170 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue unicode bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103171 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue unicode little endian bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103172 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103173 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue little endian andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103174 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue unicode andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103175 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS msqueue unicode little endian andx bind attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103176 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103177 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile little endian overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103178 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103179 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103180 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103181 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile little endian andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103182 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103183 || 4 || attempted-admin || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103184 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103185 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103186 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103187 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103188 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103189 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103190 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103191 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian andx overflow attempt || cve,2003-0995 || url,www.eeye.com/html/Research/Advisories/AD20030910.html || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103192 || 6 || attempted-user || 0 || GPL WEB_CLIENT Windows Media Player directory traversal via Content-Disposition attempt || bugtraq,7517 || cve,2003-0228 || url,www.microsoft.com/technet/security/bulletin/MS03-017.mspx
1 || 2103193 || 5 || web-application-attack || 0 || GPL EXPLOIT .cmd executable file parsing attack || bugtraq,1912 || cve,2000-0886
1 || 2103195 || 5 || attempted-admin || 0 || GPL NETBIOS name query overflow attempt TCP || bugtraq,9624 || cve,2003-0825
1 || 2103196 || 3 || attempted-admin || 0 || GPL NETBIOS name query overflow attempt UDP || bugtraq,9624 || cve,2003-0825
1 || 2103197 || 4 || attempted-admin || 0 || GPL NETBIOS DCERPC ISystemActivator path overflow attempt little endian || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103198 || 3 || attempted-admin || 0 || GPL NETBIOS DCERPC ISystemActivator path overflow attempt big endian || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx
1 || 2103199 || 5 || attempted-admin || 0 || GPL EXPLOIT WINS name query overflow attempt TCP || bugtraq,9624 || cve,2003-0825 || url,www.microsoft.com/technet/security/bulletin/MS04-006.mspx
1 || 2103200 || 4 || attempted-admin || 0 || GPL NETBIOS WINS name query overflow attempt UDP || bugtraq,9624 || cve,2003-0825 || url,www.microsoft.com/technet/security/bulletin/MS04-006.mspx
1 || 2103202 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg bind attempt
1 || 2103203 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg little endian bind attempt
1 || 2103204 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode bind attempt
1 || 2103205 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode little endian bind attempt
1 || 2103206 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg andx bind attempt
1 || 2103207 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg little endian andx bind attempt
1 || 2103208 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode andx bind attempt
1 || 2103209 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB winreg unicode little endian andx bind attempt
1 || 2103210 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg bind attempt
1 || 2103211 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg little endian bind attempt
1 || 2103212 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode bind attempt
1 || 2103213 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode little endian bind attempt
1 || 2103214 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg andx bind attempt
1 || 2103215 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg little endian andx bind attempt
1 || 2103216 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode andx bind attempt
1 || 2103217 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS winreg unicode little endian andx bind attempt
1 || 2103218 || 5 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey overflow attempt || bugtraq,1331 || cve,2000-0377 || url,www.microsoft.com/technet/security/bulletin/MS00-040.mspx
1 || 2103219 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey little endian overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103220 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey unicode overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103221 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey unicode little endian overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103222 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey andx overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103223 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey little endian andx overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103224 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey unicode andx overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103225 || 4 || attempted-admin || 0 || GPL NETBIOS SMB OpenKey unicode little endian andx overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103226 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103227 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey little endian overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103228 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey unicode overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103229 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey unicode little endian overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103230 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey andx overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103231 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey little endian andx overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103232 || 4 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey unicode andx overflow attempt || bugtraq,1331 || cve,2000-0377
1 || 2103233 || 5 || attempted-admin || 0 || GPL NETBIOS SMB-DS OpenKey unicode little endian andx overflow attempt || bugtraq,1331 || cve,2000-0377 || url,www.microsoft.com/technet/security/bulletin/MS00-040.mspx
1 || 2103234 || 3 || attempted-admin || 0 || GPL NETBIOS Messenger message little endian overflow attempt || bugtraq,8826 || cve,2003-0717
1 || 2103235 || 3 || attempted-admin || 0 || GPL NETBIOS Messenger message overflow attempt || bugtraq,8826 || cve,2003-0717
1 || 2103236 || 3 || protocol-command-decode || 0 || GPL NETBIOS DCERPC irot bind attempt
1 || 2103237 || 3 || protocol-command-decode || 0 || GPL NETBIOS DCERPC irot little endian bind attempt
1 || 2103238 || 4 || protocol-command-decode || 0 || GPL NETBIOS DCERPC IrotIsRunning attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103239 || 4 || protocol-command-decode || 0 || GPL NETBIOS DCERPC IrotIsRunning little endian attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103240 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot bind attempt
1 || 2103241 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot little endian bind attempt
1 || 2103242 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot unicode bind attempt
1 || 2103243 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot unicode little endian bind attempt
1 || 2103244 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot andx bind attempt
1 || 2103245 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot little endian andx bind attempt
1 || 2103246 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot unicode andx bind attempt
1 || 2103247 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB irot unicode little endian andx bind attempt
1 || 2103248 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot bind attempt
1 || 2103249 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot little endian bind attempt
1 || 2103250 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot unicode bind attempt
1 || 2103251 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot unicode little endian bind attempt
1 || 2103252 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot andx bind attempt
1 || 2103253 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot little endian andx bind attempt
1 || 2103254 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot unicode andx bind attempt
1 || 2103255 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS irot unicode little endian andx bind attempt
1 || 2103256 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103257 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning little endian attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103258 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning unicode attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103259 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning unicode little endian attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103260 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103261 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning little endian andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103262 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning unicode andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103263 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB IrotIsRunning unicode little endian andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103264 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103265 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning little endian attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103266 || 6 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning unicode attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103267 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning unicode little endian attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103268 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103269 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning little endian andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103270 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning unicode andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103271 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IrotIsRunning unicode little endian andx attempt || bugtraq,6005 || cve,2002-1561 || url,www.microsoft.com/technet/security/bulletin/MS03-010.mspx
1 || 2103272 || 3 || trojan-activity || 0 || GPL WORM mydoom.a backdoor upload/execute attempt
1 || 2103273 || 4 || unsuccessful-user || 0 || GPL SQL sa brute force failed login unicode attempt || bugtraq,4797 || cve,2000-1209 || nessus,10673
1 || 2103274 || 4 || attempted-admin || 0 || GPL EXPLOIT login buffer non-evasive overflow attempt || bugtraq,3681 || cve,2001-0797
1 || 2103275 || 3 || protocol-command-decode || 0 || GPL NETBIOS DCERPC IActivation bind attempt
1 || 2103276 || 3 || protocol-command-decode || 0 || GPL NETBIOS DCERPC IActivation little endian bind attempt
1 || 2103377 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation bind attempt
1 || 2103378 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation little endian bind attempt
1 || 2103379 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation unicode bind attempt
1 || 2103380 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation unicode little endian bind attempt
1 || 2103381 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation andx bind attempt
1 || 2103382 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation little endian andx bind attempt
1 || 2103383 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation unicode andx bind attempt
1 || 2103384 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB IActivation unicode little endian andx bind attempt
1 || 2103385 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation bind attempt
1 || 2103386 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation little endian bind attempt
1 || 2103387 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation unicode bind attempt
1 || 2103388 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation unicode little endian bind attempt
1 || 2103389 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation andx bind attempt
1 || 2103390 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation little endian andx bind attempt
1 || 2103391 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation unicode andx bind attempt
1 || 2103392 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS IActivation unicode little endian andx bind attempt
1 || 2103393 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator bind attempt
1 || 2103394 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator little endian bind attempt
1 || 2103395 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator unicode bind attempt
1 || 2103396 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator unicode little endian bind attempt
1 || 2103397 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator andx bind attempt
1 || 2103398 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator little endian andx bind attempt
1 || 2103399 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator unicode andx bind attempt
1 || 2103400 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB ISystemActivator unicode little endian andx bind attempt
1 || 2103401 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator bind attempt
1 || 2103402 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator little endian bind attempt
1 || 2103403 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator unicode bind attempt
1 || 2103404 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator unicode little endian bind attempt
1 || 2103405 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator andx bind attempt
1 || 2103406 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator little endian andx bind attempt
1 || 2103407 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator unicode andx bind attempt
1 || 2103408 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS ISystemActivator unicode little endian andx bind attempt
1 || 2103409 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation attempt
1 || 2103410 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation little endian attempt
1 || 2103411 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation unicode attempt
1 || 2103412 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation unicode little endian attempt
1 || 2103413 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation andx attempt
1 || 2103414 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation little endian andx attempt
1 || 2103415 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation unicode andx attempt
1 || 2103416 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB RemoteActivation unicode little endian andx attempt
1 || 2103417 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation attempt
1 || 2103418 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation little endian attempt
1 || 2103419 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation unicode attempt
1 || 2103420 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation unicode little endian attempt
1 || 2103421 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation andx attempt
1 || 2103422 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation little endian andx attempt
1 || 2103423 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation unicode andx attempt
1 || 2103424 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS RemoteActivation unicode little endian andx attempt
1 || 2103425 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile attempt
1 || 2103426 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile little endian attempt
1 || 2103427 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode attempt
1 || 2103428 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian attempt
1 || 2103429 || 5 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile andx attempt
1 || 2103430 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile little endian andx attempt
1 || 2103431 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode andx attempt
1 || 2103432 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB CoGetInstanceFromFile unicode little endian andx attempt
1 || 2103433 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile attempt
1 || 2103434 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian attempt
1 || 2103435 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode attempt
1 || 2103436 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian attempt
1 || 2103437 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile andx attempt
1 || 2103438 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile little endian andx attempt
1 || 2103439 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode andx attempt
1 || 2103440 || 4 || protocol-command-decode || 0 || GPL NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian andx attempt
1 || 2103441 || 2 || misc-attack || 0 || GPL FTP PORT bounce attempt
1 || 2103453 || 2 || attempted-recon || 0 || GPL EXPLOIT Arkeia client backup system info probe || bugtraq,12594
1 || 2103460 || 3 || attempted-recon || 0 || GPL FTP REST with numeric argument || bugtraq,7825
1 || 2104469 || 2 || trojan-activity || 0 || ET CURRENT_EVENTS Likely Blackhole eval haha || url,community.websense.com/blogs/securitylabs/pages/black-hole-exploit-kit.aspx
1 || 2200000 || 1 || NOCLASS || 0 || SURICATA IPv4 packet too small
1 || 2200001 || 1 || NOCLASS || 0 || SURICATA IPv4 header size too small
1 || 2200002 || 1 || NOCLASS || 0 || SURICATA IPv4 total length smaller than header size
1 || 2200003 || 1 || NOCLASS || 0 || SURICATA IPv4 truncated packet
1 || 2200004 || 1 || NOCLASS || 0 || SURICATA IPv4 invalid option
1 || 2200005 || 1 || NOCLASS || 0 || SURICATA IPv4 invalid option length
1 || 2200006 || 1 || NOCLASS || 0 || SURICATA IPv4 malformed option
1 || 2200007 || 1 || NOCLASS || 0 || SURICATA IPv4 padding required 
1 || 2200008 || 1 || NOCLASS || 0 || SURICATA IPv4 option end of list required
1 || 2200009 || 1 || NOCLASS || 0 || SURICATA IPv4 duplicated IP option
1 || 2200010 || 1 || NOCLASS || 0 || SURICATA IPv4 unknown IP option
1 || 2200011 || 1 || NOCLASS || 0 || SURICATA IPv4 wrong IP version
1 || 2200012 || 1 || NOCLASS || 0 || SURICATA IPv6 packet too small
1 || 2200013 || 1 || NOCLASS || 0 || SURICATA IPv6 truncated packet
1 || 2200014 || 1 || NOCLASS || 0 || SURICATA IPv6 truncated extension header
1 || 2200015 || 1 || NOCLASS || 0 || SURICATA IPv6 duplicated Fragment extension header
1 || 2200016 || 1 || NOCLASS || 0 || SURICATA IPv6 duplicated Routing extension header
1 || 2200017 || 1 || NOCLASS || 0 || SURICATA IPv6 duplicated Hop-By-Hop Options extension header
1 || 2200018 || 1 || NOCLASS || 0 || SURICATA IPv6 duplicated Destination Options extension header
1 || 2200019 || 1 || NOCLASS || 0 || SURICATA IPv6 duplicated Authentication Header extension header
1 || 2200020 || 1 || NOCLASS || 0 || SURICATA IPv6 duplicate ESP extension header
1 || 2200021 || 1 || NOCLASS || 0 || SURICATA IPv6 invalid option length in header
1 || 2200022 || 1 || NOCLASS || 0 || SURICATA IPv6 wrong IP version
1 || 2200023 || 1 || NOCLASS || 0 || SURICATA ICMPv4 packet too small
1 || 2200024 || 1 || NOCLASS || 0 || SURICATA ICMPv4 unknown type
1 || 2200025 || 1 || NOCLASS || 0 || SURICATA ICMPv4 unknown code
1 || 2200026 || 1 || NOCLASS || 0 || SURICATA ICMPv4 truncated packet
1 || 2200027 || 1 || NOCLASS || 0 || SURICATA ICMPv4 unknown version
1 || 2200028 || 1 || NOCLASS || 0 || SURICATA ICMPv6 packet too small
1 || 2200029 || 1 || NOCLASS || 0 || SURICATA ICMPv6 unknown type
1 || 2200030 || 1 || NOCLASS || 0 || SURICATA ICMPv6 unknown code
1 || 2200031 || 1 || NOCLASS || 0 || SURICATA ICMPv6 truncated packet
1 || 2200032 || 1 || NOCLASS || 0 || SURICATA ICMPv6 unknown version
1 || 2200033 || 1 || NOCLASS || 0 || SURICATA TCP packet too small
1 || 2200034 || 1 || NOCLASS || 0 || SURICATA TCP header length too small
1 || 2200035 || 1 || NOCLASS || 0 || SURICATA TCP invalid option length
1 || 2200036 || 1 || NOCLASS || 0 || SURICATA TCP option invalid length
1 || 2200037 || 1 || NOCLASS || 0 || SURICATA TCP duplicated option
1 || 2200038 || 1 || NOCLASS || 0 || SURICATA UDP packet too small
1 || 2200039 || 1 || NOCLASS || 0 || SURICATA UDP header length too small
1 || 2200040 || 1 || NOCLASS || 0 || SURICATA UDP invalid header length
1 || 2200041 || 1 || NOCLASS || 0 || SURICATA SLL packet too small
1 || 2200042 || 1 || NOCLASS || 0 || SURICATA Ethernet packet too small
1 || 2200043 || 1 || NOCLASS || 0 || SURICATA PPP packet too small
1 || 2200044 || 1 || NOCLASS || 0 || SURICATA PPP VJU packet too small
1 || 2200045 || 1 || NOCLASS || 0 || SURICATA PPP IPv4 packet too small
1 || 2200046 || 1 || NOCLASS || 0 || SURICATA PPP IPv6 too small
1 || 2200047 || 1 || NOCLASS || 0 || SURICATA PPP wrong type
1 || 2200048 || 1 || NOCLASS || 0 || SURICATA PPP unsupported protocol
1 || 2200049 || 1 || NOCLASS || 0 || SURICATA PPPOE packet too small
1 || 2200050 || 1 || NOCLASS || 0 || SURICATA PPPOE wrong code
1 || 2200051 || 1 || NOCLASS || 0 || SURICATA PPPOE malformed tags
1 || 2200052 || 1 || NOCLASS || 0 || SURICATA GRE packet too small
1 || 2200053 || 1 || NOCLASS || 0 || SURICATA GRE wrong version
1 || 2200054 || 1 || NOCLASS || 0 || SURICATA GRE v0 recursion control
1 || 2200055 || 1 || NOCLASS || 0 || SURICATA GRE v0 flags
1 || 2200056 || 1 || NOCLASS || 0 || SURICATA GRE v0 header too big
1 || 2200057 || 1 || NOCLASS || 0 || SURICATA GRE v1 checksum present
1 || 2200058 || 1 || NOCLASS || 0 || SURICATA GRE v1 routing present
1 || 2200059 || 1 || NOCLASS || 0 || SURICATA GRE v1 strict source route
1 || 2200060 || 1 || NOCLASS || 0 || SURICATA GRE v1 recursion control
1 || 2200061 || 1 || NOCLASS || 0 || SURICATA GRE v1 flags
1 || 2200062 || 1 || NOCLASS || 0 || SURICATA GRE v1 no key present
1 || 2200063 || 1 || NOCLASS || 0 || SURICATA GRE v1 wrong protocol
1 || 2200064 || 1 || NOCLASS || 0 || SURICATA GRE v1 malformed Source Route Entry header
1 || 2200065 || 1 || NOCLASS || 0 || SURICATA GRE v1 header too big
1 || 2200066 || 1 || NOCLASS || 0 || SURICATA VLAN header too small 
1 || 2200067 || 1 || NOCLASS || 0 || SURICATA VLAN unknown type
1 || 2200068 || 1 || NOCLASS || 0 || SURICATA IP raw invalid IP version 
1 || 2200069 || 1 || NOCLASS || 0 || SURICATA FRAG IPv4 Packet size too large
1 || 2200070 || 1 || NOCLASS || 0 || SURICATA FRAG IPv4 Fragmentation overlap
1 || 2200071 || 1 || NOCLASS || 0 || SURICATA FRAG IPv6 Packet size too large
1 || 2200072 || 1 || NOCLASS || 0 || SURICATA FRAG IPv6 Fragmentation overlap
1 || 2200073 || 1 || NOCLASS || 0 || SURICATA IPv4 invalid checksum
1 || 2200074 || 1 || NOCLASS || 0 || SURICATA TCPv4 invalid checksum
1 || 2200075 || 1 || NOCLASS || 0 || SURICATA UDPv4 invalid checksum
1 || 2200076 || 1 || NOCLASS || 0 || SURICATA ICMPv4 invalid checksum
1 || 2200077 || 1 || NOCLASS || 0 || SURICATA TCPv6 invalid checksum
1 || 2200078 || 1 || NOCLASS || 0 || SURICATA UDPv6 invalid checksum
1 || 2200079 || 1 || NOCLASS || 0 || SURICATA ICMPv6 invalid checksum
1 || 2200080 || 1 || NOCLASS || 0 || SURICATA IPv6 useless Fragment extension header
1 || 2200081 || 1 || NOCLASS || 0 || SURICATA IPv6 AH reserved field not 0
1 || 2200082 || 1 || NOCLASS || 0 || SURICATA IPv4-in-IPv6 packet too short
1 || 2200083 || 1 || NOCLASS || 0 || SURICATA IPv4-in-IPv6 invalid protocol
1 || 2200084 || 1 || NOCLASS || 0 || SURICATA IPv6-in-IPv6 packet too short
1 || 2200085 || 1 || NOCLASS || 0 || SURICATA IPv6-in-IPv6 invalid protocol
1 || 2210000 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake with ack in wrong dir
1 || 2210001 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake async wrong sequence
1 || 2210002 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake right seq wrong ack evasion
1 || 2210003 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYNACK in wrong direction
1 || 2210004 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYNACK resend with different ack
1 || 2210005 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYNACK resend with different seq
1 || 2210006 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYNACK to server on SYN recv
1 || 2210007 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYNACK with wrong ack
1 || 2210008 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYN resend different seq on SYN recv
1 || 2210009 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake SYN to client on SYN recv
1 || 2210010 || 1 || NOCLASS || 0 || SURICATA STREAM 3way handshake wrong seq wrong ack
1 || 2210011 || 1 || NOCLASS || 0 || SURICATA STREAM 4way handshake SYNACK with wrong ACK
1 || 2210012 || 1 || NOCLASS || 0 || SURICATA STREAM 4way handshake SYNACK with wrong SYN
1 || 2210013 || 1 || NOCLASS || 0 || SURICATA STREAM 4way handshake wrong seq
1 || 2210014 || 1 || NOCLASS || 0 || SURICATA STREAM 4way handshake invalid ack
1 || 2210015 || 1 || NOCLASS || 0 || SURICATA STREAM CLOSEWAIT ACK out of window
1 || 2210016 || 1 || NOCLASS || 0 || SURICATA STREAM CLOSEWAIT FIN out of window
1 || 2210017 || 1 || NOCLASS || 0 || SURICATA STREAM CLOSEWAIT invalid ACK
1 || 2210018 || 1 || NOCLASS || 0 || SURICATA STREAM CLOSING ACK wrong seq
1 || 2210019 || 1 || NOCLASS || 0 || SURICATA STREAM CLOSING invalid ACK
1 || 2210020 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED packet out of window
1 || 2210021 || 2 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED retransmission packet before last ack
1 || 2210022 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYNACK resend
1 || 2210023 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYNACK resend with different ACK
1 || 2210024 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYNACK resend with different seq
1 || 2210025 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYNACK to server
1 || 2210026 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYN resend
1 || 2210027 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYN resend with different seq
1 || 2210028 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED SYN to client
1 || 2210029 || 1 || NOCLASS || 0 || SURICATA STREAM ESTABLISHED invalid ack
1 || 2210030 || 1 || NOCLASS || 0 || SURICATA STREAM FIN invalid ack
1 || 2210031 || 1 || NOCLASS || 0 || SURICATA STREAM FIN1 ack with wrong seq
1 || 2210032 || 1 || NOCLASS || 0 || SURICATA STREAM FIN1 FIN with wrong seq
1 || 2210033 || 1 || NOCLASS || 0 || SURICATA STREAM FIN1 invalid ack
1 || 2210034 || 1 || NOCLASS || 0 || SURICATA STREAM FIN2 ack with wrong seq
1 || 2210035 || 1 || NOCLASS || 0 || SURICATA STREAM FIN2 FIN with wrong seq
1 || 2210036 || 1 || NOCLASS || 0 || SURICATA STREAM FIN2 invalid ack
1 || 2210037 || 1 || NOCLASS || 0 || SURICATA STREAM FIN recv but no session
1 || 2210038 || 1 || NOCLASS || 0 || SURICATA STREAM FIN out of window
1 || 2210039 || 1 || NOCLASS || 0 || SURICATA STREAM Last ACK with wrong seq
1 || 2210040 || 1 || NOCLASS || 0 || SURICATA STREAM Last ACK invalid ACK
1 || 2210041 || 1 || NOCLASS || 0 || SURICATA STREAM RST recv but no session
1 || 2210042 || 1 || NOCLASS || 0 || SURICATA STREAM TIMEWAIT ACK with wrong seq
1 || 2210043 || 1 || NOCLASS || 0 || SURICATA STREAM TIMEWAIT invalid ack
1 || 2210044 || 1 || NOCLASS || 0 || SURICATA STREAM Packet with invalid timestamp
1 || 2210045 || 1 || NOCLASS || 0 || SURICATA STREAM Packet with invalid ack
1 || 2210046 || 1 || NOCLASS || 0 || SURICATA STREAM SHUTDOWN RST invalid ack
1 || 2210047 || 1 || NOCLASS || 0 || SURICATA STREAM reassembly segment before base seq
1 || 2210048 || 1 || NOCLASS || 0 || SURICATA STREAM reassembly sequence GAP -- missing packet(s)
1 || 2210049 || 1 || NOCLASS || 0 || SURICATA STREAM SYN resend
1 || 2220000 || 1 || protocol-command-decode || 0 || SURICATA SMTP invalid reply
1 || 2220001 || 1 || protocol-command-decode || 0 || SURICATA SMTP unable to match reply with request
1 || 2220002 || 1 || protocol-command-decode || 0 || SURICATA SMTP max command line len exceeded
1 || 2220003 || 1 || protocol-command-decode || 0 || SURICATA SMTP max reply line len exceeded
1 || 2220004 || 1 || protocol-command-decode || 0 || SURICATA SMTP invalid pipelined sequence
1 || 2220005 || 1 || protocol-command-decode || 0 || SURICATA SMTP bdat chunk len exceeded
1 || 2220006 || 1 || protocol-command-decode || 0 || SURICATA SMTP no server welcome message
1 || 2220007 || 1 || protocol-command-decode || 0 || SURICATA SMTP tls rejected
1 || 2220008 || 1 || protocol-command-decode || 0 || SURICATA SMTP data command rejected
1 || 2221000 || 1 || protocol-command-decode || 0 || SURICATA HTTP unknown error
1 || 2221001 || 1 || protocol-command-decode || 0 || SURICATA HTTP gzip decompression failed
1 || 2221002 || 1 || protocol-command-decode || 0 || SURICATA HTTP request field missing colon
1 || 2221003 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid request chunk len
1 || 2221004 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid response chunk len
1 || 2221005 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid transfer encoding value in request
1 || 2221006 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid transfer encoding value in response
1 || 2221007 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid content length field in request
1 || 2221008 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid content length field in response
1 || 2221009 || 1 || protocol-command-decode || 0 || SURICATA HTTP status 100-Continue already seen
1 || 2221010 || 1 || protocol-command-decode || 0 || SURICATA HTTP unable to match response to request
1 || 2221011 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid server port in request
1 || 2221012 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid authority port
1 || 2221013 || 1 || protocol-command-decode || 0 || SURICATA HTTP request header invalid
1 || 2221014 || 1 || protocol-command-decode || 0 || SURICATA HTTP missing Host header
1 || 2221015 || 1 || protocol-command-decode || 0 || SURICATA HTTP Host header ambiguous
1 || 2221016 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid request field folding
1 || 2221017 || 1 || protocol-command-decode || 0 || SURICATA HTTP invalid response field folding
1 || 2221018 || 1 || protocol-command-decode || 0 || SURICATA HTTP request field too long
1 || 2221019 || 1 || protocol-command-decode || 0 || SURICATA HTTP response field too long
1 || 2221020 || 1 || protocol-command-decode || 0 || SURICATA HTTP response field missing colon
1 || 2221021 || 1 || protocol-command-decode || 0 || SURICATA HTTP response header invalid
1 || 2221022 || 1 || protocol-command-decode || 0 || SURICATA HTTP multipart generic error
1 || 2221023 || 1 || protocol-command-decode || 0 || SURICATA HTTP multipart no filedata
1 || 2221024 || 1 || protocol-command-decode || 0 || SURICATA HTTP multipart invalid header
1 || 2221026 || 1 || protocol-command-decode || 0 || SURICATA HTTP request server port doesn't match TCP port
1 || 2230000 || 1 || protocol-command-decode || 0 || SURICATA TLS invalid SSLv2 header
1 || 2230001 || 1 || protocol-command-decode || 0 || SURICATA TLS invalid TLS header
1 || 2230002 || 1 || protocol-command-decode || 0 || SURICATA TLS invalid record type
1 || 2230003 || 1 || protocol-command-decode || 0 || SURICATA TLS invalid handshake message
1 || 2230004 || 1 || protocol-command-decode || 0 || SURICATA TLS invalid certificate
1 || 2230005 || 1 || protocol-command-decode || 0 || SURICATA TLS certificate missing element
1 || 2230006 || 1 || protocol-command-decode || 0 || SURICATA TLS certificate unknown element
1 || 2230007 || 1 || protocol-command-decode || 0 || SURICATA TLS certificate invalid length
1 || 2230008 || 1 || protocol-command-decode || 0 || SURICATA TLS certificate invalid string
1 || 2230009 || 1 || protocol-command-decode || 0 || SURICATA TLS error message encountered
1 || 2400000 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 1 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400001 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 2 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400002 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 3 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400003 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 4 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400004 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 5 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400005 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 6 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400006 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 7 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400007 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 8 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400008 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 9 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400009 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 10 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400010 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 11 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400011 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 12 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400012 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 13 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400013 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 14 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400014 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 15 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400015 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 16 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400016 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 17 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400017 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 18 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400018 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 19 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400019 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 20 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400020 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 21 || url,www.spamhaus.org/drop/drop.lasso
1 || 2400021 || 2420 || misc-attack || 0 || ET DROP Spamhaus DROP Listed Traffic Inbound group 22 || url,www.spamhaus.org/drop/drop.lasso
1 || 2402000 || 3237 || misc-attack || 0 || ET DROP Dshield Block Listed Source group 1 || url,feed.dshield.org/block.txt
1 || 2403300 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 1 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403301 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 2 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403302 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 3 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403303 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 4 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403304 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 5 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403305 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 6 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403306 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 7 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403307 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 8 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403308 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 9 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403309 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 10 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403310 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 11 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403311 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 12 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403312 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 13 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403313 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 14 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403314 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 15 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403315 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 16 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403316 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 17 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403317 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 18 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403318 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 19 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403319 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 20 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403320 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 21 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403321 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 22 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403322 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 23 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403323 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 24 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403324 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 25 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403325 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 26 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403326 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 27 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403327 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 28 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2403328 || 710 || misc-attack || 0 || ET CINS Active Threat Intelligence Poor Reputation IP group 29 || url,www.cinsscore.com || url,www.networkcloaking.com/cins
1 || 2404000 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404001 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 2 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404002 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 3 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404003 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 4 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404004 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 5 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404005 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 6 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404006 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 7 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404007 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 8 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404008 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 9 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404009 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 10 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404010 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 11 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404011 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 12 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404012 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 13 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404013 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 14 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404014 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 15 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404015 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 16 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404016 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 17 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404017 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 18 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404018 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 19 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404019 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 20 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404020 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 21 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404021 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 22 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404022 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 23 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404023 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 24 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404024 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 25 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404025 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 26 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404026 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 27 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404027 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 28 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404028 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 29 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404029 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 30 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404030 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 31 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404031 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 32 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404032 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 33 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404033 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 34 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404034 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 35 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404035 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 36 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404036 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 37 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404037 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 38 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404038 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 39 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404039 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 40 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404040 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 41 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404041 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 42 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404042 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 43 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404043 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 44 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404044 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 45 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404045 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 46 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404046 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 47 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404047 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 48 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404048 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server IP group 49 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404049 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server group 50 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2404100 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404101 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 2 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404102 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 3 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404103 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 4 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404104 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 5 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404105 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 6 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404106 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 7 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404107 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 8 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404108 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 9 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404109 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 10 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404110 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 11 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404111 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 12 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404112 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 13 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404113 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 14 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404114 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 15 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404115 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 16 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404116 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 17 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404117 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 18 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404118 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 19 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404119 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 20 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404120 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 21 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404121 || 3351 || trojan-activity || 0 || ET CNC Spyeye Tracker Reported CnC Server group 22 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404122 || 3351 || trojan-activity || 0 || ET CNC Zeus/Spyeye/Palevo Tracker Reported CnC Server group 23 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,spyeyetracker.abuse.ch
1 || 2404150 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404151 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 2 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404152 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 3 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404153 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 4 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404154 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 5 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404155 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 6 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404156 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 7 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404157 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 8 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404158 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 9 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404159 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 10 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404160 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 11 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404161 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 12 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404162 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 13 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404163 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 14 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404164 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 15 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404165 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 16 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404166 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 17 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404167 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 18 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404168 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 19 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404169 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 20 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404170 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 21 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404171 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 22 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404172 || 3351 || trojan-activity || 0 || ET CNC Zeus Tracker Reported CnC Server group 23 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,zeustracker.abuse.ch
1 || 2404200 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch
1 || 2404201 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 2 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch
1 || 2404202 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 3 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch
1 || 2404203 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 4 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch
1 || 2404204 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 5 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch
1 || 2404205 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 6 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch
1 || 2404206 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 7 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch
1 || 2404207 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 8 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch
1 || 2404208 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 9 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch
1 || 2404209 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 10 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch
1 || 2404210 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 11 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch
1 || 2404211 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 12 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch
1 || 2404212 || 3351 || trojan-activity || 0 || ET CNC Palevo Tracker Reported CnC Server group 13 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,palevotracker.abuse.ch
1 || 2405000 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 22 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405001 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 80 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405002 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 81 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405003 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 82 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405004 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 443 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405005 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 1023 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405006 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 1111 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405007 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405008 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 1863 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405009 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 1887 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405010 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 2211 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405011 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 2222 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405012 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405013 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 2525 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405014 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 3211 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405015 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 3305 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405016 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 3333 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405017 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 3463 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405018 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 3921 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405019 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4040 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405020 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405021 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4080 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405022 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4156 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405023 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4242 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405024 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405025 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4367 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405026 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4619 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405027 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 4949 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405028 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 5050 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405029 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 5456 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405030 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 5612 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405031 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 5874 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405032 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 5900 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405033 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 5966 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405034 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6104 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405035 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6138 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405036 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6281 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405037 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405038 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405039 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6661 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405040 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405041 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405042 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405043 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405044 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405045 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405046 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405047 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405048 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405049 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405050 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405051 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405052 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405053 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405054 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 11 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405055 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 12 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405056 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 13 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405057 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405058 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405059 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6678 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405060 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6680 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405061 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6697 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405062 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405063 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6867 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405064 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6900 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405065 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6967 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405066 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 6969 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405067 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405068 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7000 Group 2 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405069 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405070 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7106 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405071 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7486 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405072 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7500 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405073 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7649 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405074 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7771 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405075 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 7999 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405076 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8002 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405077 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8070 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405078 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405079 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8484 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405080 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405081 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8685 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405082 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8754 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405083 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 8782 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405084 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405085 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 9425 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405086 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 9595 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405087 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 9731 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405088 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 9999 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405089 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405090 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405091 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405092 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 17405 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405093 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405094 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 20560 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405095 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 23232 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405096 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 23765 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405097 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405098 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 34345 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405099 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 37894 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405100 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 38294 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405101 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 54321 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405102 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 58914 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2405103 || 3351 || trojan-activity || 0 || ET CNC Shadowserver Reported CnC Server Port 61521 Group 1 || url,doc.emergingthreats.net/bin/view/Main/BotCC || url,www.shadowserver.org
1 || 2406000 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 1 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406002 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 2 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406004 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 3 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406006 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 4 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406008 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 5 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406010 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 6 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406012 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 7 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406014 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 8 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406016 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 9 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406018 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 10 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406020 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 11 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406022 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 12 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406024 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 13 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406026 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 14 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406028 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 15 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406030 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 16 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406032 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 17 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406034 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 18 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406036 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 19 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406038 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 20 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406040 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 21 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406042 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 22 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406044 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 23 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406046 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 24 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406048 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 25 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406050 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 26 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406052 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 27 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406054 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 28 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406056 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 29 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406058 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 30 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406060 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 31 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406062 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 32 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406064 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 33 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406066 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 34 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406068 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 35 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406070 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 36 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406072 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 37 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406074 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 38 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406076 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 39 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406078 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 40 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406080 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 41 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406082 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 42 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406084 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 43 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406086 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 44 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406088 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 45 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406090 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 46 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406092 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 47 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406094 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 48 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406096 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 49 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406098 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 50 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406100 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 51 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406102 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 52 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406104 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 53 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406106 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 54 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406108 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 55 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406110 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 56 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406112 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 57 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406114 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 58 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406116 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 59 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406118 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 60 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406120 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 61 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406122 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 62 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406124 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 63 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406126 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 64 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406128 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 65 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406130 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 66 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406132 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 67 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406134 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 68 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406136 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 69 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406138 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 70 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406140 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 71 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406142 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 72 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406144 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 73 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406146 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 74 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406148 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 75 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406150 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 76 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406152 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 77 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406154 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 78 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406156 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 79 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406158 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 80 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406160 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 81 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406162 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 82 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406164 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 83 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406166 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 84 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406168 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 85 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406170 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 86 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406172 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 87 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406174 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 88 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406176 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 89 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406178 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 90 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406180 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 91 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406182 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 92 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406184 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 93 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406186 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 94 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406188 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 95 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406190 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 96 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406192 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 97 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406194 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 98 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406196 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 99 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406198 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 100 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406200 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 101 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406202 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 102 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406204 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 103 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406206 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 104 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406208 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 105 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406210 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 106 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406212 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 107 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406214 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 108 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406216 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 109 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406218 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 110 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406220 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 111 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406222 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 112 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406224 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 113 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406226 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 114 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406228 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 115 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406230 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 116 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406232 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 117 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406234 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 118 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406236 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 119 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406238 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 120 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406240 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 121 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406242 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 122 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406244 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 123 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406246 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 124 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406248 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 125 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406250 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 126 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406252 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 127 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406254 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 128 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406256 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 129 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406258 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 130 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406260 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 131 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406262 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 132 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406264 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 133 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406266 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 134 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406268 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 135 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406270 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 136 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406272 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 137 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406274 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 138 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406276 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 139 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406278 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 140 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406280 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 141 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406282 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 142 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406284 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 143 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406286 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 144 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406288 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 145 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406290 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 146 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406292 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 147 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406294 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 148 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406296 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 149 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406298 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 150 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406300 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 151 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406302 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 152 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406304 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 153 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406306 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 154 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406308 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 155 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406310 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 156 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406312 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 157 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406314 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 158 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406316 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 159 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406318 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 160 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406320 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 161 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406322 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 162 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406324 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 163 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406326 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 164 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406328 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 165 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406330 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 166 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406332 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 167 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406334 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 168 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406336 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 169 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406338 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 170 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406340 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 171 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406342 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 172 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406344 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 173 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406346 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 174 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406348 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 175 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406350 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 176 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406352 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 177 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406354 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 178 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406356 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 179 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406358 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 180 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406360 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 181 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406362 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 182 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406364 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 183 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406366 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 184 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406368 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 185 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406370 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 186 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406372 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 187 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406374 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 188 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406376 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 189 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406378 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 190 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406380 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 191 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406382 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 192 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406384 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 193 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406386 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 194 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406388 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 195 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406390 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 196 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406392 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 197 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406394 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 198 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406396 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 199 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406398 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 200 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406400 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 201 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406402 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 202 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406404 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 203 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406406 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 204 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406408 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 205 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406410 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 206 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406412 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 207 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406414 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 208 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406416 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 209 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406418 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 210 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406420 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 211 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406422 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 212 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406424 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 213 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406426 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 214 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406428 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 215 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406430 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 216 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406432 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 217 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406434 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 218 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406436 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 219 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406438 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 220 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406440 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 221 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406442 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 222 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406444 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 223 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406446 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 224 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406448 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 225 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406450 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 226 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406452 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 227 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406454 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 228 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406456 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 229 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406458 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 230 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406460 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 231 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406462 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 232 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406464 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 233 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406466 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 234 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406468 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 235 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406470 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 236 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406472 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 237 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406474 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 238 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406476 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 239 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406478 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 240 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406480 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 241 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406482 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 242 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406484 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 243 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406486 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 244 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406488 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 245 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406490 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 246 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406492 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 247 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406494 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 248 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406496 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 249 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406498 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 250 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406500 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 251 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406502 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 252 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406504 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 253 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406506 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 254 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406508 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 255 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406510 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 256 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406512 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 257 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406514 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 258 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406516 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 259 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406518 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 260 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406520 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 261 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406522 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 262 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406524 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 263 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406526 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 264 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406528 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 265 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406530 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 266 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406532 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 267 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406534 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 268 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406536 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 269 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406538 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 270 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406540 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 271 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406542 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 272 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406544 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 273 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406546 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 274 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406548 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 275 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406550 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 276 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406552 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 277 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406554 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 278 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406556 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 279 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406558 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 280 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406560 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 281 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406562 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 282 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406564 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 283 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406566 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 284 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406568 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 285 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406570 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 286 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406572 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 287 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406574 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 288 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406576 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 289 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406578 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 290 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406580 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 291 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406582 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 292 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406584 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 293 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406586 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 294 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406588 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 295 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406590 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 296 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406592 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 297 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406594 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 298 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406596 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 299 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406598 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 300 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406600 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 301 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406602 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 302 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406604 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 303 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406606 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 304 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406608 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 305 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406610 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 306 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406612 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 307 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406614 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 308 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406616 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 309 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406618 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 310 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406620 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 311 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406622 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 312 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406624 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 313 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406626 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 314 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406628 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 315 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406630 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 316 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406632 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 317 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406634 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 318 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406636 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 319 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406638 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 320 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406640 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 321 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406642 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 322 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406644 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 323 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406646 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 324 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406648 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 325 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406650 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 326 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406652 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 327 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406654 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 328 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406656 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 329 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406658 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 330 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406660 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 331 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406662 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 332 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406664 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 333 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406666 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 334 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406668 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 335 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406670 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 336 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406672 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 337 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406674 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 338 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406676 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 339 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406678 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 340 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406680 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 341 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406682 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 342 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406684 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 343 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406686 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 344 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406688 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 345 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406690 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 346 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406692 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 347 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406694 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 348 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406696 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 349 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406698 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 350 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406700 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 351 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406702 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 352 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406704 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 353 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406706 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 354 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406708 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 355 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406710 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 356 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406712 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 357 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406714 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 358 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406716 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 359 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406718 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 360 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406720 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 361 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406722 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 362 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406724 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 363 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406726 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 364 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406728 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 365 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406730 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 366 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406732 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 367 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406734 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 368 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406736 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 369 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406738 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 370 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406740 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 371 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406742 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 372 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406744 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 373 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406746 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 374 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406748 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 375 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406750 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 376 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406752 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 377 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406754 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 378 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406756 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 379 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406758 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 380 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406760 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 381 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406762 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 382 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406764 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 383 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406766 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 384 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406768 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 385 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406770 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 386 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406772 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 387 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406774 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 388 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406776 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 389 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406778 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 390 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406780 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 391 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406782 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 392 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406784 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 393 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406786 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 394 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406788 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 395 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406790 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 396 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406792 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 397 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406794 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 398 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406796 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 399 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406798 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 400 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406800 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 401 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406802 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 402 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406804 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 403 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406806 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 404 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406808 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 405 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406810 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 406 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406812 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 407 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406814 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 408 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406816 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 409 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406818 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 410 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406820 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 411 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406822 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 412 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406824 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 413 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406826 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 414 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406828 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 415 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406830 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 416 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406832 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 417 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406834 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 418 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406836 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 419 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406838 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 420 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406840 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 421 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406842 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 422 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406844 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 423 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406846 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 424 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406848 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 425 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406850 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 426 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406852 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 427 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406854 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 428 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406856 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 429 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406858 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 430 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406860 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 431 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406862 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 432 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406864 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 433 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406866 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 434 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406868 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 435 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406870 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 436 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2406872 || 315 || NOCLASS || 0 || ET RBN Known Russian Business Network IP group 437 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408000 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 1 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408002 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 2 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408004 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 3 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408006 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 4 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408008 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 5 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408010 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 6 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408012 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 7 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408014 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 8 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408016 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 9 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408018 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 10 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408020 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 11 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408022 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 12 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408024 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 13 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408026 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 14 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408028 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 15 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408030 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 16 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408032 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 17 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408034 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 18 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408036 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 19 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408038 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 20 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408040 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 21 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408042 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 22 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408044 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 23 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408046 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 24 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408048 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 25 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408050 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 26 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408052 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 27 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408054 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 28 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408056 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 29 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408058 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 30 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408060 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 31 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408062 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 32 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408064 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 33 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2408066 || 315 || NOCLASS || 0 || ET RBN Known Malvertiser IP group 34 || url,doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
1 || 2500000 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 1 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500002 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 2 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500004 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 3 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500006 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 4 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500008 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 5 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500010 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 6 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500012 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 7 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500014 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 8 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500016 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 9 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500018 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 10 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500020 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 11 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500022 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 12 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500024 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 13 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500026 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 14 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500028 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 15 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500030 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 16 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500032 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 17 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500034 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 18 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500036 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 19 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500038 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 20 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500040 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 21 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500042 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 22 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500044 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 23 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500046 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 24 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500048 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 25 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500050 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 26 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500052 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 27 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500054 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 28 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500056 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 29 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500058 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 30 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500060 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 31 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500062 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 32 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500064 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 33 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500066 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 34 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500068 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 35 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500070 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 36 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500072 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 37 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500074 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 38 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500076 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 39 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500078 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 40 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500080 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 41 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500082 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 42 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500084 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 43 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500086 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 44 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500088 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 45 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500090 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 46 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500092 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 47 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500094 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 48 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500096 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 49 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500098 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 50 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500100 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 51 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500102 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 52 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2500104 || 3131 || misc-attack || 0 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 53 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
1 || 2520000 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 1 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520002 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 2 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520004 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 3 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520006 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 4 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520008 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 5 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520010 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 6 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520012 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 7 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520014 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 8 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520016 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 9 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520018 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 10 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520020 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 11 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520022 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 12 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520024 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 13 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520026 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 14 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520028 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 15 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520030 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 16 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520032 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 17 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520034 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 18 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520036 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 19 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520038 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 20 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520040 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 21 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520042 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 22 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520044 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 23 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520046 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 24 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520048 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 25 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520050 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 26 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520052 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 27 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520054 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 28 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520056 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 29 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520058 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 30 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520060 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 31 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520062 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 32 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520064 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 33 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520066 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 34 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520068 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 35 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520070 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 36 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520072 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 37 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520074 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 38 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520076 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 39 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520078 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 40 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520080 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 41 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520082 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 42 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520084 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 43 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520086 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 44 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520088 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 45 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520090 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 46 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520092 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 47 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520094 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 48 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520096 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 49 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520098 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 50 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520100 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 51 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520102 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 52 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520104 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 53 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520106 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 54 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520108 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 55 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520110 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 56 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520112 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 57 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520114 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 58 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520116 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 59 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520118 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 60 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520120 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 61 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520122 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 62 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520124 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 63 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520126 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 64 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520128 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 65 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520130 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 66 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520132 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 67 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520134 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 68 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520136 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 69 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520138 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 70 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520140 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 71 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520142 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 72 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520144 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 73 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520146 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 74 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520148 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 75 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520150 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 76 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520152 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 77 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520154 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 78 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520156 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 79 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520158 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 80 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520160 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 81 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520162 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 82 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520164 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 83 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520166 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 84 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520168 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 85 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520170 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 86 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520172 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 87 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520174 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 88 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520176 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 89 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520178 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 90 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520180 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 91 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520182 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 92 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520184 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 93 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520186 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 94 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520188 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 95 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2520190 || 1743 || misc-attack || 0 || ET TOR Known Tor Exit Node Traffic group 96 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522000 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 1 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522002 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 2 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522004 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 3 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522006 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 4 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522008 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 5 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522010 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 6 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522012 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 7 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522014 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 8 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522016 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 9 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522018 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 10 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522020 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 11 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522022 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 12 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522024 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 13 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522026 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 14 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522028 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 15 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522030 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 16 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522032 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 17 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522034 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 18 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522036 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 19 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522038 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 20 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522040 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 21 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522042 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 22 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522044 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 23 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522046 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 24 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522048 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 25 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522050 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 26 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522052 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 27 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522054 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 28 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522056 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 29 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522058 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 30 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522060 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 31 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522062 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 32 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522064 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 33 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522066 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 34 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522068 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 35 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522070 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 36 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522072 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 37 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522074 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 38 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522076 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 39 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522078 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 40 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522080 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 41 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522082 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 42 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522084 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 43 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522086 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 44 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522088 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 45 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522090 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 46 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522092 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 47 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522094 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 48 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522096 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 49 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522098 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 50 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522100 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 51 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522102 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 52 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522104 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 53 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522106 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 54 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522108 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 55 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522110 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 56 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522112 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 57 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522114 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 58 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522116 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 59 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522118 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 60 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522120 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 61 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522122 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 62 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522124 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 63 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522126 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 64 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522128 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 65 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522130 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 66 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522132 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 67 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522134 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 68 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522136 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 69 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522138 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 70 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522140 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 71 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522142 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 72 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522144 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 73 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522146 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 74 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522148 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 75 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522150 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 76 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522152 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 77 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522154 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 78 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522156 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 79 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522158 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 80 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522160 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 81 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522162 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 82 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522164 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 83 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522166 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 84 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522168 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 85 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522170 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 86 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522172 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 87 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522174 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 88 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522176 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 89 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522178 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 90 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522180 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 91 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522182 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 92 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522184 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 93 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522186 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 94 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522188 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 95 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522190 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 96 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522192 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 97 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522194 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 98 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522196 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 99 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522198 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 100 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522200 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 101 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522202 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 102 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522204 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 103 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522206 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 104 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522208 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 105 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522210 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 106 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522212 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 107 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522214 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 108 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522216 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 109 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522218 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 110 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522220 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 111 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522222 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 112 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522224 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 113 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522226 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 114 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522228 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 115 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522230 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 116 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522232 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 117 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522234 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 118 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522236 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 119 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522238 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 120 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522240 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 121 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522242 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 122 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522244 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 123 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522246 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 124 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522248 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 125 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522250 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 126 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522252 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 127 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522254 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 128 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522256 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 129 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522258 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 130 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522260 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 131 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522262 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 132 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522264 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 133 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522266 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 134 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522268 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 135 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522270 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 136 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522272 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 137 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522274 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 138 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522276 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 139 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522278 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 140 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522280 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 141 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522282 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 142 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522284 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 143 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522286 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 144 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522288 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 145 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522290 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 146 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522292 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 147 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522294 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 148 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522296 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 149 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522298 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 150 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522300 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 151 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522302 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 152 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522304 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 153 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522306 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 154 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522308 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 155 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522310 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 156 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522312 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 157 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522314 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 158 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522316 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 159 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522318 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 160 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522320 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 161 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522322 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 162 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522324 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 163 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522326 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 164 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522328 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 165 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522330 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 166 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522332 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 167 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522334 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 168 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522336 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 169 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522338 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 170 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522340 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 171 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522342 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 172 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522344 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 173 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522346 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 174 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522348 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 175 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522350 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 176 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522352 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 177 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522354 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 178 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522356 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 179 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522358 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 180 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522360 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 181 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522362 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 182 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522364 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 183 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522366 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 184 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522368 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 185 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522370 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 186 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522372 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 187 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522374 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 188 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522376 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 189 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522378 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 190 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522380 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 191 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522382 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 192 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522384 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 193 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522386 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 194 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522388 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 195 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522390 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 196 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522392 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 197 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522394 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 198 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522396 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 199 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522398 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 200 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522400 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 201 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522402 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 202 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522404 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 203 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522406 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 204 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522408 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 205 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522410 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 206 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522412 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 207 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522414 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 208 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522416 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 209 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522418 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 210 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522420 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 211 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522422 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 212 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522424 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 213 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522426 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 214 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522428 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 215 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522430 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 216 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522432 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 217 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522434 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 218 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522436 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 219 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522438 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 220 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522440 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 221 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522442 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 222 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522444 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 223 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522446 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 224 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522448 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 225 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522450 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 226 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522452 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 227 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522454 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 228 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522456 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 229 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522458 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 230 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522460 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 231 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522462 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 232 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522464 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 233 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522466 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 234 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522468 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 235 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522470 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 236 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522472 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 237 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522474 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 238 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522476 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 239 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522478 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 240 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522480 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 241 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522482 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 242 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522484 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 243 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522486 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 244 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522488 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 245 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522490 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 246 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522492 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 247 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522494 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 248 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522496 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 249 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522498 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 250 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522500 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 251 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522502 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 252 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522504 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 253 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522506 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 254 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522508 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 255 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522510 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 256 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522512 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 257 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522514 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 258 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522516 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 259 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522518 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 260 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522520 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 261 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522522 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 262 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522524 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 263 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522526 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 264 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522528 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 265 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522530 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 266 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522532 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 267 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522534 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 268 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522536 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 269 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522538 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 270 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522540 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 271 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522542 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 272 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522544 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 273 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522546 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 274 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522548 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 275 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522550 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 276 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522552 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 277 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522554 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 278 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522556 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 279 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522558 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 280 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522560 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 281 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522562 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 282 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522564 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 283 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522566 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 284 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522568 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 285 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522570 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 286 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522572 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 287 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522574 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 288 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522576 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 289 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522578 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 290 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522580 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 291 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522582 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 292 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522584 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 293 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522586 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 294 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522588 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 295 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522590 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 296 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522592 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 297 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522594 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 298 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522596 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 299 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522598 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 300 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522600 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 301 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522602 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 302 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522604 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 303 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522606 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 304 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522608 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 305 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522610 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 306 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522612 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 307 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522614 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 308 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522616 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 309 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522618 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 310 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522620 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 311 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522622 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 312 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522624 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 313 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522626 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 314 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522628 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 315 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522630 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 316 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522632 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 317 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522634 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 318 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522636 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 319 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522638 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 320 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522640 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 321 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522642 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 322 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522644 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 323 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522646 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 324 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522648 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 325 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522650 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 326 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522652 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 327 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522654 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 328 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522656 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 329 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522658 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 330 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522660 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 331 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522662 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 332 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522664 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 333 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522666 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 334 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522668 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 335 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522670 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 336 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522672 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 337 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522674 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 338 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522676 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 339 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522678 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 340 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522680 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 341 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522682 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 342 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522684 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 343 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522686 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 344 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522688 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 345 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522690 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 346 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522692 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 347 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522694 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 348 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522696 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 349 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522698 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 350 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522700 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 351 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522702 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 352 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522704 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 353 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522706 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 354 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522708 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 355 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522710 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 356 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522712 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 357 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522714 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 358 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522716 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 359 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522718 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 360 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522720 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 361 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522722 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 362 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522724 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 363 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522726 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 364 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522728 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 365 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522730 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 366 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522732 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 367 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522734 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 368 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522736 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 369 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522738 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 370 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522740 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 371 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522742 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 372 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522744 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 373 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522746 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 374 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522748 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 375 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522750 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 376 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522752 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 377 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522754 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 378 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522756 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 379 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522758 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 380 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522760 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 381 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522762 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 382 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522764 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 383 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522766 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 384 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522768 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 385 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522770 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 386 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522772 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 387 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522774 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 388 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522776 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 389 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522778 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 390 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522780 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 391 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522782 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 392 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522784 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 393 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522786 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 394 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522788 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 395 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522790 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 396 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522792 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 397 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522794 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 398 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522796 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 399 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522798 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 400 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522800 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 401 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522802 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 402 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522804 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 403 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522806 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 404 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522808 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 405 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522810 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 406 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522812 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 407 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522814 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 408 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522816 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 409 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522818 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 410 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522820 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 411 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522822 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 412 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522824 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 413 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522826 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 414 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522828 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 415 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522830 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 416 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522832 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 417 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522834 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 418 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522836 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 419 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522838 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 420 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522840 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 421 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522842 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 422 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522844 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 423 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522846 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 424 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522848 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 425 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522850 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 426 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522852 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 427 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522854 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 428 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522856 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 429 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522858 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 430 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522860 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 431 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522862 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 432 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522864 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 433 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522866 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 434 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522868 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 435 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522870 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 436 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522872 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 437 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522874 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 438 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522876 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 439 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522878 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 440 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522880 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 441 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522882 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 442 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522884 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 443 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522886 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 444 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522888 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 445 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522890 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 446 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522892 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 447 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522894 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 448 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522896 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 449 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522898 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 450 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522900 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 451 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522902 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 452 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522904 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 453 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522906 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 454 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522908 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 455 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522910 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 456 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522912 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 457 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522914 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 458 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522916 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 459 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522918 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 460 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522920 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 461 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522922 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 462 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522924 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 463 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522926 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 464 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522928 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 465 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522930 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 466 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522932 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 467 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522934 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 468 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522936 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 469 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522938 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 470 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522940 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 471 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522942 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 472 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522944 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 473 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522946 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 474 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522948 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 475 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522950 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 476 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522952 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 477 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522954 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 478 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522956 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 479 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522958 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 480 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522960 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 481 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522962 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 482 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522964 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 483 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522966 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 484 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522968 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 485 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522970 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 486 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522972 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 487 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522974 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 488 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522976 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 489 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522978 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 490 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522980 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 491 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522982 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 492 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522984 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 493 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522986 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 494 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522988 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 495 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522990 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 496 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522992 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 497 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522994 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 498 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522996 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 499 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2522998 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 500 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 2523000 || 1743 || misc-attack || 0 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 501 || url,doc.emergingthreats.net/bin/view/Main/TorRules
1 || 100000102 || 2 || attempted-dos || 0 || GPL GAMES Halocon Denial of Service Empty UDP Packet || bugtraq,12281
1 || 100000103 || 2 || attempted-dos || 0 || GPL GAMES Breed Game Server Denial of Service Empty UDP Packet || bugtraq,12262
1 || 100000104 || 2 || attempted-dos || 0 || GPL GAMES Amp II 3D Game Server Denial of Service Empty UDP Packet || bugtraq,12192
1 || 100000119 || 3 || attempted-admin || 0 || GPL WEB_CLIENT Internet Explorer URLMON.DLL Content-Encoding Overflow Attempt || bugtraq,7419 || cve,2003-0113 || url,www.microsoft.com/technet/security/bulletin/MS03-015.mspx
1 || 100000136 || 3 || misc-attack || 0 || GPL DELETED GNU imapd search format string attempt || url,www.osvdb.org/displayvuln.php?osvdb_id=19306 || cve,2005-2878
1 || 100000139 || 3 || web-application-activity || 0 || GPL WEB_SERVER WEB-IIS Remote IIS Server Name spoof attempt loopback IP || cve,2005-2678
1 || 100000149 || 1 || attempted-recon || 0 || GPL EXPLOIT WEB-MISC Jboss % attempt || bugtraq,13985 || cve,2005-2006 || url,www.osvdb.org/displayvuln.php?osvdb_id=17403
1 || 100000152 || 3 || protocol-command-decode || 0 || GPL DELETED MDaemon authentication protocol decode
1 || 100000153 || 4 || attempted-admin || 0 || GPL IMAP MDaemon authentication multiple packet overflow attempt || bugtraq,14317
1 || 100000155 || 3 || attempted-admin || 0 || GPL DELETED MDaemon authentication overflow single packet attempt || bugtraq,14317
1 || 100000158 || 2 || attempted-dos || 0 || GPL VOIP SIP INVITE message flooding
1 || 100000162 || 2 || attempted-dos || 0 || GPL VOIP SIP 401 Unauthorized Flood
1 || 100000163 || 2 || attempted-dos || 0 || GPL VOIP SIP 407 Proxy Authentication Required Flood
1 || 100000166 || 1 || attempted-user || 0 || GPL SQL ORACLE TNS Listener shutdown via iSQLPlus attempt || bugtraq,15032 || url,www.red-database-security.com/advisory/oracle_isqlplus_shutdown.html
1 || 100000167 || 1 || misc-attack || 0 || GPL SMTP SMTP Hydra Activity Detected || url,www.thc.org/releases.php
1 || 100000172 || 4 || attempted-admin || 0 || GPL MISC NNTP Lynx overflow attempt || cve,2005-3120 || bugtraq,15117 || url,www.osvdb.org/displayvuln.php?osvdb_id=20019 || nessus,20035
1 || 100000176 || 1 || attempted-dos || 0 || GPL EXPLOIT EXPLOIT HPUX LPD overflow attempt || cve,2005-3277 || bugtraq,15136
1 || 100000177 || 6 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Linksys apply.cgi overflow attempt || bugtraq,14822 || cve,2005-2799 || nessus,20096 || url,www.osvdb.org/displayvuln.php?osvdb_id=19389
1 || 100000180 || 1 || attempted-dos || 0 || GPL EXPLOIT EXPLOIT SIP UDP spoof attempt || bugtraq,14174 || cve,2005-2182 || url,www.osvdb.org/displayvuln.php?osvdb_id=17838
1 || 100000181 || 2 || attempted-dos || 0 || GPL GAMES FlatFrag game dos exploit || bugtraq,15287 || cve,2005-3492
1 || 100000183 || 3 || web-application-activity || 0 || GPL WEB_SPECIFIC_APPS SAP WAS syscmd access || url,www.cybsec.com/vuln/CYBSEC_Security_Advisory_Multiple_XSS_in_SAP_WAS.pdf
1 || 100000184 || 2 || misc-activity || 0 || GPL EXPLOIT WEB-MISC JBoss JMXInvokerServlet access || url,online.securityfocus.com/archive/1/415707
1 || 100000186 || 3 || successful-recon-limited || 0 || GPL WEB_SERVER WEB-PHP phpinfo access || bugtraq,5789 || cve,2002-1149 || url,www.osvdb.org/displayvuln.php?osvdb_id=3356
1 || 100000196 || 3 || misc-attack || 0 || GPL DELETED Qualcomm WorldMail SELECT dot dot attempt || cve,2005-3189 || bugtraq,15488
1 || 100000197 || 3 || misc-activity || 0 || GPL ICMP undefined code
1 || 100000207 || 3 || misc-attack || 0 || GPL IMAP GNU Mailutils imap4d hex attempt || cve,2005-2878 || bugtraq,14794 || nessus,19605 || url,www.osvdb.org/displayvuln.php?osvdb_id=19306
1 || 100000208 || 1 || policy-violation || 0 || GPL POLICY MISC Tunneling IP over DNS with NSTX || url,nstx.dereference.de/nstx/ || url,slashdot.org/articles/00/09/10/2230242.shtml
1 || 100000222 || 1 || attempted-admin || 0 || GPL TFTP MISC TFTP32 Get Format string attempt || url,www.securityfocus.com/archive/1/422405/30/0/threaded || url,www.critical.lt/?vulnerabilities/200
1 || 100000223 || 1 || misc-attack || 0 || GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt || bugtraq,16213 || cve,2006-0189
1 || 100000227 || 2 || attempted-recon || 0 || GPL SNMP SNMP trap Format String detected || bugtraq,16267 || cve,2006-0250 || url,www.osvdb.org/displayvuln.php?osvdb_id=22493
1 || 100000228 || 3 || attempted-admin || 0 || GPL WEB_CLIENT Winamp PlayList buffer overflow attempt || bugtraq,16410 || cve,2006-0476 || url,www.frsirt.com/english/advisories/2006/0361
1 || 100000229 || 2 || misc-attack || 0 || GPL EXPLOIT MISC Lotus Domino LDAP attack || bugtraq,16523 || cve,2006-0580 || url,lists.immunitysec.com/pipermail/dailydave/2006-February/002896.html
1 || 100000230 || 2 || policy-violation || 0 || GPL CHAT MISC Jabber/Google Talk Outgoing Traffic || url,www.google.com/talk/
1 || 100000231 || 2 || policy-violation || 0 || GPL CHAT Jabber/Google Talk Outgoing Auth || url,www.google.com/talk/
1 || 100000232 || 3 || policy-violation || 0 || GPL CHAT Google Talk Logon || url,www.google.com/talk/
1 || 100000233 || 2 || policy-violation || 0 || GPL CHAT Jabber/Google Talk Outoing Message || url,www.google.com/talk/
1 || 100000234 || 2 || policy-violation || 0 || GPL CHAT Jabber/Google Talk Log Out || url,www.google.com/talk/
1 || 100000235 || 2 || policy-violation || 0 || GPL CHAT Jabber/Google Talk Logon Success || url,www.google.com/talk/
1 || 100000236 || 2 || policy-violation || 0 || GPL CHAT Jabber/Google Talk Incoming Message || url,www.google.com/talk/
1 || 100000284 || 5 || attempted-user || 0 || GPL DELETED RealMedia invalid chunk size heap overflow attempt || bugtraq,17202 || cve,2005-2922 || url,service.real.com/realplayer/security/03162006_player/en/
1 || 100000356 || 6 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS BASE base_qry_common.php remote file include || url,secunia.com/advisories/20300/
1 || 100000357 || 5 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS BASE base_stat_common.php remote file include || url,secunia.com/advisories/20300/
1 || 100000358 || 6 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS BASE base_include.inc.php remote file include || url,secunia.com/advisories/20300/
1 || 100000428 || 1 || web-application-attack || 0 || GPL EXPLOIT WEB-MISC JBoss RMI class download service directory listing attempt || url,marc.theaimsgroup.com/?l=bugtraq&m=111911095424496&w=2
1 || 100000429 || 3 || misc-activity || 0 || GPL WEB_SERVER WEB-MISC JBoss web-console access || url,www.jboss.org/wiki/Wiki.jsp?page=WebConsole
1 || 100000447 || 2 || attempted-user || 0 || GPL WEB_CLIENT Mozilla Firefox DOMNodeRemoved attack attempt || bugtraq,18228 || cve,2006-2779
1 || 100000692 || 3 || misc-activity || 0 || GPL WEB_CLIENT midi file download attempt || bugtraq,18507
1 || 100000693 || 3 || attempted-user || 0 || GPL WEB_CLIENT Winamp midi file header overflow attempt || bugtraq,18507
1 || 100000728 || 6 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog functions.inc remote file include || bugtraq,18740
1 || 100000729 || 5 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog functions.inc remote file include || bugtraq,18740
1 || 100000730 || 5 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog BlackList.Examine.class.php remote file include || bugtraq,18740
1 || 100000731 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog DeleteComment.Action.class.php remote file include || bugtraq,18740
1 || 100000732 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog EditIPofURL.Admin.class.php remote file include || bugtraq,18740
1 || 100000733 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog MTBlackList.Examine.class.php remote file include || bugtraq,18740
1 || 100000734 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog MassDelete.Admin.class.php remote file include || bugtraq,18740
1 || 100000735 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog MailAdmin.Action.class.php remote file include || bugtraq,18740
1 || 100000736 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog MassDelTrackback.Admin.class.php remote file include || bugtraq,18740
1 || 100000737 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog EditHeader.Admin.class.php remote file include || bugtraq,18740
1 || 100000738 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog EditIP.Admin.class.php remote file include || bugtraq,18740
1 || 100000739 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog IPofUrl.Examine.class.php remote file include || bugtraq,18740
1 || 100000740 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog Import.Admin.class.php remote file include || bugtraq,18740
1 || 100000741 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog LogView.Admin.class.php remote file include || bugtraq,18740
1 || 100000742 || 3 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS Geeklog functions.inc remote file include || bugtraq,18740
1 || 100000864 || 5 || web-application-attack || 0 || GPL ACTIVEX WEB-CLIENT tsuserex.dll COM Object Instantiation Vulnerability || url,www.xsec.org/index.php?module=Releases&act=view&type=1&id=14
1 || 100000876 || 3 || policy-violation || 0 || GPL CHAT Google Talk Version Check
1 || 100000877 || 2 || policy-violation || 0 || GPL CHAT Google Talk Startup
1 || 100000892 || 2 || attempted-dos || 0 || GPL VOIP Q.931 Invalid Call Reference Length Buffer Overflow || url,www.ethereal.com/news/item_20050504_01.html || url,www.elook.org/internet/126.html
1 || 100000908 || 2 || web-application-attack || 0 || GPL WEB_SPECIFIC_APPS WEB-PHP phpMyWebmin create_file script remote file include || url,www.securityfocus.com/bid/20281/info