CVE Report

CVE-2024-7029

• "ET WEB_SPECIFIC_APPS AVTECH IP Camera LED Brightness Parameter Command Injection Attempt (CVE-2024-7029)"

CVE-2024-6633

• "ET WEB_SPECIFIC_APPS Fortra FileCatalyst Workflow Insecure HSQLDB Default Credentials"

CVE-2024-6409

• "ET INFO Server Responded with Vulnerable OpenSSH Version (CVE-2024-6409)"

CVE-2024-5806

• "ET EXPLOIT MoveIT Transfer SFTP Authentication Bypass Attempt Inbound M0 (CVE-2024-5806)"

• "ET EXPLOIT MoveIT Transfer SFTP Authentication Bypass Attempt Inbound M1 (CVE-2024-5806)"

CVE-2024-4978

• "ET TROJAN Justice AV Solutions Viewer Backdoor CnC Checkin (CVE-2024-4978)"

CVE-2024-4474

• "ET WEB_SPECIFIC_APPS Zyxel Command Injection Attempt (CVE-2024-4474) M2"

• "ET WEB_SPECIFIC_APPS Zyxel Command Injection Attempt (CVE-2024-4474) M6"

• "ET WEB_SPECIFIC_APPS Zyxel Command Injection Attempt (CVE-2024-4474) M5"

• "ET WEB_SPECIFIC_APPS Zyxel Command Injection Attempt (CVE-2024-4474) M1"

• "ET WEB_SPECIFIC_APPS Zyxel Command Injection Attempt (CVE-2024-4474) M4"

• "ET WEB_SPECIFIC_APPS Zyxel Command Injection Attempt (CVE-2024-4474) M3"

CVE-2024-4358

• "ET EXPLOIT Possible Telerik Auth Bypass Attempt - Account Creation from External Host (CVE-2024-4358)"

CVE-2024-41660

• "ET EXPLOIT OpenBMC slpd-lite Language Tag Length Memory Corruption Attempt (CVE-2024-41660)"

CVE-2024-4040

• "ET WEB_SPECIFIC_APPS CrushFTP Arbitrary File Read Attempt (CVE-2024-4040)"

• "ET WEB_SPECIFIC_APPS CrushFTP working_dir Template Injection Attempt (CVE-2024-4040)"

CVE-2024-38856

• "ET WEB_SPECIFIC_APPS Apache OFBiz Pre-Auth Remote Code Execution Attempt (CVE-2024-38856)"

CVE-2024-36991

• "ET EXPLOIT Splunk Unauthenticated Path Traversal Attempt Inbound (CVE-2024-36991)"

CVE-2024-36104

• "ET WEB_SPECIFIC_APPS Apache OFBiz Directory Traversal Remote Code Execution Attempt (CVE-2024-36104)"

CVE-2024-3400

• "ET WEB_SPECIFIC_APPS Palo Alto GlobalProtect Session Cookie Command Injection Attempt (CVE-2024-3400)"

CVE-2024-3273

• "ET WEB_SPECIFIC_APPS D-Link NAS devices Backdoor Account Access and Command Injection Attempt (CVE-2024-3273)"

CVE-2024-28995

• "ET EXPLOIT Solarwinds Serv-U Directory Traversal Attempt Inbound (CVE-2024-28995)"

CVE-2024-27199

• "ET WEB_SPECIFIC_APPS JetBrains TeamCity Authentication Bypass Attempt (CVE-2024-27199) M2"

• "ET WEB_SPECIFIC_APPS JetBrains TeamCity Authentication Bypass Attempt (CVE-2024-27199) M4"

• "ET WEB_SPECIFIC_APPS JetBrains TeamCity Authentication Bypass Attempt (CVE-2024-27199) - Vulnerability Check"

• "ET WEB_SPECIFIC_APPS JetBrains TeamCity Authentication Bypass Attempt (CVE-2024-27199) M3"

• "ET WEB_SPECIFIC_APPS JetBrains TeamCity Authentication Bypass Attempt (CVE-2024-27199) M1"

CVE-2024-27198

• "ET WEB_SPECIFIC_APPS JetBrains TeamCity Authentication Bypass Attempt (CVE-2024-27198) - Auth Token Creation Attempt"

• "ET WEB_SPECIFIC_APPS JetBrains TeamCity Authentication Bypass Attempt (CVE-2024-27198) - Vulnerability Check"

• "ET WEB_SPECIFIC_APPS JetBrains TeamCity Authentication Bypass Attempt (CVE-2024-27198) - Admin User Creation Attempt"

CVE-2024-26331

• "ET WEB_SPECIFIC_APPS ReCrystallize Server Possible Authentication Bypass Attempt via AdminUsername Cookie (CVE-2024-26331) and Arbitrary File Upload via FileManagement.aspx (CVE-2024-28269)"

• "ET WEB_SPECIFIC_APPS ReCrystallize Server Possible Authentication Bypass Attempt via AdminUsername Cookie (CVE-2024-26331)"

CVE-2024-25600

• "ET EXPLOIT CVE-2024-25600 Bricks Exploitation Attempt"

CVE-2024-24942

• "ET WEB_SPECIFIC_APPS Jetbrains TeamCity SwaggerUI REST API Directory Traversal Attempt (CVE-2024-24942)"

CVE-2024-24919

• "ET WEB_SPECIFIC_APPS Checkpoint Quantum Security Gateway Arbitrary File Read Attempt (CVE-2024-24919)"

CVE-2024-23897

• "ET EXPLOIT Jenkins Unauthenticated RCE Attempt Observed (CVE-2024-23897)"

CVE-2024-23759

• "ET WEB_SPECIFIC_APPS Gambio E-Commerce Suite Deserialization of Untrusted Data (CVE-2024-23759)"

CVE-2024-23692

• "ET EXPLOIT Rejetto HTTP File Server Unauthenticated RCE Attempt (CVE-2024-23692)"

CVE-2024-23108

• "ET EXPLOIT Fortinet FortiSIEM Unauthenticated Command Injection CVE-2024-23108"

CVE-2024-22024

• "ET WEB_SPECIFIC_APPS Ivanti Connect Secure XXE Attempt (CVE-2024-22024)"

CVE-2024-21893

• "ET EXPLOIT Ivanti Connect Secure (9.x,22.x) / Ivanti Policy Secure (9.x,22.x) / Ivanti Neurons for ZTA SSRF Pattern (CVE-2024-21893)"

CVE-2024-21887

• "ET EXPLOIT Ivanti Connect Secure (9.x,22.x) / Ivanti Policy Secure (9.x,22.x) / Ivanti Neurons for ZTA Command Injection via SSRF (CVE-2024-21887)"

CVE-2024-21762

• "ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length (CVE-2024-21762) Vulnerability Scan Attempt"

• "ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length Out of Bounds Write Remote Code Execution Attempt (CVE-2024-21762) - Heap Manipulation"

CVE-2024-20931

• "ET WEB_SPECIFIC_APPS Possible Oracle Weblogic IIOP/T3 JNDI Injection Attack (CVE-2024-20931)"

CVE-2024-20767

• "ET EXPLOIT Adobe ColdFusion Unauthorized File Access (CVE-2024-20767)"

CVE-2024-1800

• "ET EXPLOIT Possible Telerik Deserialization Attempt - POST to Vulnerable Path with Specific Extension (CVE-2024-1800)"

CVE-2024-1709

• "ET WEB_SPECIFIC_APPS ConnectWise ScreenConnect - SetupWizard Auth Bypass Vulnerable Version Detected (CVE-2024-1709 CVE-2024-1708)"

• "ET WEB_SPECIFIC_APPS ConnectWise ScreenConnect - Successful User Creation via SetupWizard with Auth Bypass CWE-288 (CVE-2024-1709)"

• "ET WEB_SPECIFIC_APPS ConnectWise ScreenConnect - Attempted SetupWizard Auth Bypass CWE-288 (CVE-2024-1709)"

• "ET WEB_SPECIFIC_APPS ConnectWise ScreenConnect - Attempted User Creation via SetupWizard with Auth Bypass CWE-288 (CVE-2024-1709)"

• "ET WEB_SPECIFIC_APPS ConnectWise ScreenConnect - Successful SetupWizard Auth Bypass CWE-288 (CVE-2024-1709)"

CVE-2024-0204

• "ET WEB_SPECIFIC_APPS GoAnywhere MFT Authentication Bypass Attempt - GET Request M2 (CVE-2024-0204)"

• "ET WEB_SPECIFIC_APPS GoAnywhere MFT Authentication Bypass Attempt - POST Request M1 (CVE-2024-0204)"

• "ET WEB_SPECIFIC_APPS GoAnywhere MFT Authentication Bypass Attempt - GET Request M1 (CVE-2024-0204)"

• "ET WEB_SPECIFIC_APPS GoAnywhere MFT Authentication Bypass Attempt - POST Request M2 (CVE-2024-0204)"

CVE-2023-7028

• "ET WEB_SPECIFIC_APPS Gitlab Account Takeover Attempt (CVE-2023-7028)"

CVE-2023-5702

• "ET EXPLOIT Viessmann Vitogate 300 Command Injection Attempt (CVE-2023-5702)"

CVE-2023-5631

• "ET WEB_SPECIFIC_APPS Roundcube Webmail XSS Attempt (CVE-2023-5631)"

CVE-2023-5360

• "ET EXPLOIT Suspected WordPress Plugin Royal Elementor RCE (CVE-2023-5360)"

CVE-2023-52251

• "ET WEB_SPECIFIC_APPS Apache Kafka UI Unsanitized Groovy Script Filter Remote Code Execution Attempt (CVE-2023-52251)"

CVE-2023-51765

• "ET EXPLOIT Inbound Smuggling Message from SMTP Smuggling Tool M1"

• "ET EXPLOIT Inbound Setup Message from SMTP Smuggling Tool"

• "ET EXPLOIT Inbound Smuggling Message from SMTP Smuggling Tool M2"

CVE-2023-51467

• "ET WEB_SPECIFIC_APPS Apache OFBiz Authentication Bypass (CVE-2023-51467) M2"

• "ET WEB_SPECIFIC_APPS Apache OFBiz Authentication Bypass Vulnerability Check (CVE-2023-51467)"

• "ET WEB_SPECIFIC_APPS Apache OFBiz Authentication Bypass (CVE-2023-51467) M1"

CVE-2023-50919

• "ET WEB_SPECIFIC_APPS GL.iNet Authentication Bypass/SQL Injection attempt (CVE-2023-50919)"

CVE-2023-50387

• "ET ACTIVEX - DNS Response containing multiple DNSSEC RRSIG Entries (Algorithm 14) - Possible CVE-2023-50387 Activity"

CVE-2023-50164

• "ET WEB_SPECIFIC_APPS Apache Struts2 uploadFileName Directory Traversal Attempt (CVE-2023-50164) M1"

• "ET WEB_SPECIFIC_APPS Apache Struts2 uploadFileName Directory Traversal Attempt (CVE-2023-50164) M2"

• "ET WEB_SPECIFIC_APPS Apache Struts2 Possible uploadFileName Directory Traversal Attempt (CVE-2023-50164) - uploadFileName Parameter M2"

• "ET WEB_SPECIFIC_APPS Apache Struts2 Possible uploadFileName Directory Traversal Attempt (CVE-2023-50164) - uploadFileName Parameter M1"

CVE-2023-4966

• "ET EXPLOIT Citrix ADC and NetScaler Gateway Information Disclosure - Successful Response (CVE-2023-4966)"

• "ET EXPLOIT Citrix ADC and NetScaler Gateway Information Disclosure Attempt (CVE-2023-4966)"

• "ET EXPLOIT Citrix ADC and NetScaler Gateway Information Disclosure Attempt (CVE-2023-4966)"

CVE-2023-49105

• "ET EXPLOIT ownCloud Remote Improper Authentication Attempt (CVE-2023-49105)"

• "ET EXPLOIT Successful ownCloud Remote Improper Authentication Attempt (CVE-2023-49105)"

CVE-2023-49103

• "ET EXPLOIT Successful ownCloud Information Disclosure Attempt (CVE-2023-49103) M2"

• "ET EXPLOIT ownCloud Information Disclosure Attempt (CVE-2023-49103)"

• "ET EXPLOIT Successful ownCloud Information Disclosure Attempt (CVE-2023-49103) M1"

CVE-2023-49070

• "ET WEB_SPECIFIC_APPS Apache OFBiz Authentication Bypass Vulnerability (CVE-2023-49070)"

CVE-2023-47246

• "ET EXPLOIT SysAid Traversal Attack (CVE-2023-47246)"

• "ET EXPLOIT Possible SysAid Traversal Attack (CVE-2023-47246)"

CVE-2023-47218

• "ET WEB_SPECIFIC_APPS QNAP quick.cgi uploaf_firmware_image Command Injection Attempt (CVE-2023-47218)"

CVE-2023-46805

• "ET WEB_SPECIFIC_APPS Ivanti Pulse Secure Authentication Bypass and Command Injection Attempt (CVE-2023-46805, CVE-2024-21887) M2"

• "ET WEB_SPECIFIC_APPS Possible Ivanti Pulse Secure Authentication Bypass and Command Injection Attempt M2 (CVE-2023-46805, CVE-2024-21887)"

• "ET WEB_SPECIFIC_APPS Possible Ivanti Pulse Secure Authentication Bypass and Command Injection Attempt (CVE-2023-46805, CVE-2024-21887) M1"

• "ET WEB_SPECIFIC_APPS Ivanti Pulse Secure Authentication Bypass and Command Injection Attempt (CVE-2023-46805, CVE-2024-21887) M1"

CVE-2023-46747

• "ET INFO F5 BIG-IP - Successful Password Reset Attempt - Observed Post CVE-2023-46747 Activity"

• "ET WEB_SPECIFIC_APPS Possible F5 BIG-IP AJP Request Smuggling Attempt (CVE-2023-46747)"

• "ET EXPLOIT F5 BIG-IP - Unauthenticated RCE via AJP Smuggling Request - User Deletion (CVE-2023-46747)"

• "ET INFO F5 BIG-IP - Password Reset Attempt - Observed Post CVE-2023-46747 Activity"

• "ET EXPLOIT F5 BIG-IP - Unauthenticated RCE via AJP Smuggling Request (CVE-2023-46747)"

• "ET EXPLOIT F5 BIG-IP - Unauthenticated RCE via AJP Smuggling Request - User Creation (CVE-2023-46747)"

CVE-2023-46604

• "ET INFO Apache ActiveMQ Instance - Vulnerable to CVE-2023-46604 - Remote Instance"

• "ET INFO Apache ActiveMQ Instance - Vulnerable to CVE-2023-46604 - Local Instance"

• "ET EXPLOIT Apache ActiveMQ Remote Code Execution Attempt (CVE-2023-46604)"

• "ET INFO Remote Spring Application XML Configuration Containing ProcessBuilder Downloaded"

CVE-2023-4473

• "ET WEB_SPECIFIC_APPS Zyxel Authentication Bypass Attempt (CVE-2023-4473) - Information Leak via show_sysinfo"

• "ET WEB_SPECIFIC_APPS Zyxel Authentication Bypass Attempt (CVE-2023-4473)"

CVE-2023-43770

• "ET EXPLOIT Possible RoundCube Webmail Persistent XSS Attempt (CVE-2023-43770)"

CVE-2023-43208

• "ET EXPLOIT NextGen Mirth Connect <4.4.1 RCE Attempt (CVE-2023-43208)"

CVE-2023-43177

• "ET WEB_SPECIFIC_APPS Possible CrushFTP as2-to Anonymous User Rename Attempt (CVE-2023-43177)"

CVE-2023-42793

• "ET EXPLOIT JetBrains TeamCity Auth Bypass Successful Attempt (CVE-2023-42793)"

• "ET EXPLOIT JetBrains TeamCity Auth Bypass Attempt (CVE-2023-42793)"

CVE-2023-42327

• "ET WEB_SPECIFIC_APPS pfSense CE 2.7.0 Stored Cross Site Script Attempt - getservicesproviders.php connection parameter (CVE-2023-42327)"

CVE-2023-42326

• "ET WEB_SPECIFIC_APPS pfSense CE 2.7.0 gfif Parameter Remote Code Execution Attempt (CVE-2023-42326) M1"

• "ET WEB_SPECIFIC_APPS pfSense CE 2.7.0 gfif Parameter Remote Code Execution Attempt (CVE-2023-42326) M2"

CVE-2023-42325

• "ET WEB_SPECIFIC_APPS pfSense CE 2.7.0 Stored Cross Site Script Attempt - Firewall Logs Dynamic View (CVE-2023-42325)"

CVE-2023-42115

• "ET EXPLOIT Suspected Exim External Auth Overflow (CVE-2023-42115)"

CVE-2023-41763

• "ET WEB_SPECIFIC_APPS Possible Skype for Business SSRF Attempt (CVE-2023-41763)"

CVE-2023-41474

• "ET WEB_SPECIFIC_APPS Ivanti Avalanche Directory Traversal Attempt (CVE-2023-41474)"

CVE-2023-41266

• "ET WEB_SPECIFIC_APPS Possible DoubleQlik RCE via Path Traversal (CVE-2023-41266)"

CVE-2023-41265

• "ET WEB_SPECIFIC_APPS Possible DoubleQlik RCE via HTTP Request Tunneling Payload (CVE-2023-41265)"

CVE-2023-4115

• "ET EXPLOIT Suspected Exim External Auth Overflow (CVE-2023-4115) set"

CVE-2023-40498

• "ET WEB_SPECIFIC_APPS LG Simple Editor Malicious JSP Disguised as BMP Upload Attempt (CVE-2023-40498)"

• "ET WEB_SPECIFIC_APPS LG Simple Editor Rename Malicious BMP to JSP Attempt (CVE-2023-40498)"

CVE-2023-40044

• "ET EXPLOIT WS_FTP .NET Deserialization Exploit Attempt (CVE-2023-40044)"

• "ET FTP Vulnerable WS_FTP Version in FTP Banner Response (CVE-2023-40044)"

CVE-2023-39476

• "ET WEB_SPECIFIC_APPS Inductive Automation remoteSystemID Check (CVE-2023-39476)"

CVE-2023-39143

• "ET WEB_SPECIFIC_APPS PaperCut NG/MF Directory Traversal/File Upload Vulnerability Check (CVE-2023-39143)"

• "ET WEB_SPECIFIC_APPS PaperCut NG/MF Possible Directory Traversal/File Upload Exploit Attempt (CVE-2023-39143)"

CVE-2023-38646

• "ET WEB_SPECIFIC_APPS Metabase Setup-Token Information Disclosure - Required for CVE-2023-38646"

• "ET WEB_SPECIFIC_APPS Metabase Pre-Auth RCE Attempt - CVE-2023-38646"

CVE-2023-38203

• "Adobe Coldfusion CVE-2023-38203 Exploit Attempt"

CVE-2023-36884

• "ET EXPLOIT Possible Storm-0978 CVE-2023-36884 Exploitation Attempt M1"

• "ET EXPLOIT Possible Storm-0978 CVE-2023-36884 Exploitation Attempt M2"

CVE-2023-36851

• "ET EXPLOIT Junos OS - Unauthenticated Arbitrary File Upload Attempt (CVE-2023-36851)"

• "ET EXPLOIT Junos OS - Successful Unauthenticated Arbitrary File Upload Attempt (CVE-2023-36851)"

CVE-2023-36844

• "ET EXPLOIT Junos OS - Unauthenticated PHPRC Environmental Variable Modification M2 (CVE-2023-36844 CVE-2023-36845)"

• "ET EXPLOIT Junos OS - Unauthenticated PHPRC Environmental Variable Modification M1 (CVE-2023-36844 CVE-2023-36845)"

CVE-2023-36025

• "ET TROJAN WebDAV Retrieving .exe from .url M1 (CVE-2023-36025)"

• "ET TROJAN WebDAV Retrieving .zip from .url M2 (CVE-2023-36025)"

• "ET TROJAN WebDAV Retrieving .vbs from .url M1 (CVE-2023-36025)"

• "ET TROJAN WebDAV Retrieving .zip from .url M1 (CVE-2023-36025)"

• "ET TROJAN WebDAV Retrieving .exe from .url M2 (CVE-2023-36025)"

• "ET TROJAN WebDAV Retrieving .vbs from .url M2 (CVE-2023-36025)"

CVE-2023-35636

• "ET EXPLOIT Possible Malicious x-sharing-config-url SMTP header observed (CVE-2023-35636)"

• "ET INFO External SMB ANDX Request for Outlook Calendar Invite File (.ics) - Possible NTLM Hash Leak Attempt"

CVE-2023-3519

• "ET WEB_SPECIFIC_APPS Citrix/Netscaler ADC and NetScaler Gateway RCE Attempt CVE-2023-3519"

CVE-2023-35082

• "ET WEB_SPECIFIC_APPS Possible Ivanti Endpoint Manager Mobile CVE-2023-35082 Check/Exploitation Attempt"

CVE-2023-35078

• "ET WEB_SPECIFIC_APPS Possible Ivanti Endpoint Manager Mobile CVE-2023-35078 Check/Exploitation Attempt"

CVE-2023-34992

• "ET EXPLOIT Fortinet FortiSIEM Unauthenticated Command Injection CVE-2023-34992"

CVE-2023-34960

• "ET WEB_SPECIFIC_APPS Chamilo CMS wsConvertPpt Command Injection Attempt (CVE-2023-34960)"

CVE-2023-34362

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - HTTP POST to /api/v1/folders (CVE-2023-34362)"

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - Folder Request - CVE-2023-34362 Stage 4"

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - Set Session Variables - Guest Account Creation - CVE-2023-34362 Stage 1a"

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - Trigger SQL Injection via guestaccess.aspx - CVE-2023-34362 Stage 2"

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - Payload Trigger Request - CVE-2023-34362 Stage 5b"

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - Set Session Variables - SQLi Payload Creation - CVE-2023-34362 Stage 1b"

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - Successful Folder Request - CVE-2023-34362 Stage 4"

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - Successful API Token Request - CVE-2023-34362 Stage 3"

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - CSRF Token Request on guestaccess.aspx - CVE-2023-34362 Stage 1b"

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - HTTP POST to /guestaccess.aspx (CVE-2023-34362)"

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - Set Session Variables - SQLi Payload Creation - CVE-2023-34362 Stage 5a"

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - HTTP POST to /moveitaspi.dll (CVE-2023-34362)"

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - Successful CSRF Token Request on guestaccess.aspx - CVE-2023-34362 Stage 1b"

• "ET WEB_SPECIFIC_APPS MOVEit File Transfer - API Token Request - CVE-2023-34362 Stage 3"

CVE-2023-33246

• "ET WEB_SPECIFIC_APPS Apache RocketMQ 5.1.0 Arbitrary Code Injection in Broker Config (CVE-2023-33246)"

CVE-2023-32315

• "ET WEB_SPECIFIC_APPS Openfire Authentication Bypass With RCE (CVE-2023-32315)"

CVE-2023-32243

• "ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Successful Password Reset (CVE-2023-32243)"

• "ET WEB_SPECIFIC_APPS WordPress Plugin - Essential Addons for Elementor - Password Reset Attempt (CVE-2023-32243)"

CVE-2023-30258

• "ET WEB_SPECIFIC_APPS MagnusBilling icepay.php democ Parameter Command Inject Attempt (CVE-2023-30258)"

CVE-2023-30013

• "ET WEB_SPECIFIC_APPS TOTOLINK setTracerouteCfg Command Injection Attempt (CVE-2023-30013)"

CVE-2023-29489

• "ET EXPLOIT Suspected cPanel XSS Exploit Activity (CVE-2023-29489)"

CVE-2023-29357

• "Suspicious X-PROOF_TOKEN Header Detected (CVE-2023-29357)"

• "Potential SharePoint JWT Token Bypass Attempt (CVE-2023-29357)"

CVE-2023-2868

• "ET EXPLOIT Possible Barracuda Email Security Gateway Remote Code Execution Attempt (CVE-2023-2868) M1"

• "ET EXPLOIT Possible Barracuda Email Security Gateway Remote Code Execution Attempt (CVE-2023-2868) M2"

CVE-2023-28432

• "ET WEB_SPECIFIC_APPS MinIO Information Disclosure Attempt (CVE-2023-28432)"

• "ET WEB_SPECIFIC_APPS Successful MinIO Information Disclosure Attempt (CVE-2023-28432)"

CVE-2023-27997

• "ET EXPLOIT Fortigate VPN - Request to /remote/info - Possible CVE-2023-27997 Exploit Attempt"

• "ET EXPLOIT Fortigate VPN - Repeated POST Requests to /remote/error (CVE-2023-27997)"

• "ET EXPLOIT Fortigate VPN - Repeated POST Requests to /remote/hostcheck_validate (CVE-2023-27997) M2"

• "ET EXPLOIT Fortigate VPN - Repeated POST Requests to /remote/hostcheck_validate (CVE-2023-27997) M1"

• "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/hostcheck_validate (CVE-2023-27997)"

• "ET EXPLOIT Fortigate VPN - Repeated POST Requests to /remote/logincheck (CVE-2023-27997)"

• "ET EXPLOIT Fortigate VPN - Repeated GET Requests to /remote/logincheck (CVE-2023-27997)"

CVE-2023-27350

• "ET EXPLOIT PaperCut MF/NG SetupCompleted Authentication Bypass (CVE-2023-27350)"

CVE-2023-27076

• "ET EXPLOIT Tenda G103 Command Injection Attempt (CVE-2023-27076)"

CVE-2023-26802

• "ET EXPLOIT DCN DCBI-Netlog-LAB Remote Code Execution Vulnerability Attempt (CVE-2023-26802)"

CVE-2023-26801

• "ET EXPLOIT LB-Link Command Injection Attempt (CVE-2023-26801)"

CVE-2023-26360

• "ET WEB_SPECIFIC_APPS Adobe Coldfusion Local File Inclusion Attempt (CVE-2023-26360, CVE-2023-26359) M2"

• "ET WEB_SPECIFIC_APPS Adobe Coldfusion Local File Inclusion Attempt (CVE-2023-26360, CVE-2023-26359) M1"

• "ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M2"

• "ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M1"

• "ET EXPLOIT Adobe ColdFusion Deserialization of Untrusted Data (CVE-2023-26360) M3"

CVE-2023-26035

• "ET WEB_SPECIFIC_APPS Zoneminder Create Snapshot Command Injection Attempt (CVE-2023-26035)"

CVE-2023-25827

• "ET EXPLOIT OpenTSDB RCE in HTTP Request M1 (CVE-2023-25827)"

• "ET EXPLOIT OpenTSDB RCE in HTTP Request M2 (CVE-2023-25827)"

CVE-2023-25826

• "ET EXPLOIT OpenTSDB RCE in HTTP Request M1 (CVE-2023-25826)"

• "ET EXPLOIT OpenTSDB RCE in HTTP Request M3 (CVE-2023-25826)"

• "ET EXPLOIT OpenTSDB RCE in HTTP Request M2 (CVE-2023-25826)"

CVE-2023-25717

• "ET EXPLOIT Ruckus Wireless Admin Remote Code Execution Attempt (CVE 2023-25717)"

CVE-2023-24749

• "ET EXPLOIT Possible Command Injection via User-Agent (PwnAgent) - CVE-2023-24749, CVE-2022-47208"

CVE-2023-24488

• "ET WEB_SPECIFIC_APPS Possible Citrix Gateway CVE-2023-24488 Exploit Attempt M3"

• "ET WEB_SPECIFIC_APPS Possible Citrix Gateway CVE-2023-24488 Exploit Attempt M1"

• "ET WEB_SPECIFIC_APPS Possible Citrix Gateway CVE-2023-24488 Exploit Attempt M2"

CVE-2023-23752

• "ET WEB_SPECIFIC_APPS Joomla Improper Access Control to Webservice Endpoints (CVE-2023-23752)"

CVE-2023-23397

• "ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M8 (CVE-2023-23397)"

• "ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M6 (CVE-2023-23397)"

• "ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M1 (CVE-2023-23397)"

• "ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M5 (CVE-2023-23397)"

• "ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M2 (CVE-2023-23397)"

• "ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M3 (CVE-2023-23397)"

• "ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M7 (CVE-2023-23397)"

• "ET EXPLOIT Possible Microsoft Outlook Elevation of Privilege Payload Observed M4 (CVE-2023-23397)"

CVE-2023-23333

• "ET WEB_SPECIFIC_APPS Contec SolarView Compact downloader.php Command Injection Attempt (CVE-2023-23333)"

CVE-2023-22527

• "ET EXPLOIT Atlassian Confluence RCE Attempt Observed (CVE-2023-22527) M2"

• "ET EXPLOIT Atlassian Confluence RCE Attempt Observed (CVE-2023-22527) M1"

CVE-2023-22522

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22522 Vulnerable Server Detected M2 Version 4.x-7.x"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22522 Vulnerable Server Detected Version 8.x M1"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22522 Vulnerable Server Detected Version 8.x M2"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22522 Vulnerable Server Detected M1 Version 4.x-7.x"

CVE-2023-22518

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22518 Vulnerable Server Detected M1 Version 1.x-6.x"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22518 Vulnerable Server Detected Version 7.x M2"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22518 Vulnerable Server Detected M2 Version 1.x-6.x"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22518 Vulnerable Server Detected Version 8.x M2"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22518 Vulnerable Server Detected Version 7.x M1"

• "ET EXPLOIT Successful Atlassian Confluence Improper Authentication Validation Exploitation Attempt (CVE-2023-22518)"

• "ET EXPLOIT Possible Atlassian Confluence Improper Authentication Validation Exploitation Attempt set (CVE-2023-22518)"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22518 Vulnerable Server Detected Version 8.x M1"

CVE-2023-22515

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Vulnerable Server Detected M1"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Vulnerable Server Detected M2"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Step 1/2 Success"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Step 2/2 Success"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Step 1/2 Attempt"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Step 2/2 Attempt"

CVE-2023-21932

• "ET EXPLOIT Possible Oracle Opera RCE Attempt (CVE-2023-21932)"

CVE-2023-20887

• "ET EXPLOIT VMware Aria Operations for Networks RCE Attempt (CVE-2023-20887)"

CVE-2023-20273

• "ET EXPLOIT Cisco IOS XE Web UI Command Injection Vulnerability (CVE-2023-20273)"

CVE-2023-20198

• "ET EXPLOIT Cisco IOS XE Web Server Possible Authentication Bypass Attempt (CVE-2023-20198) (Outbound)"

• "ET INFO Cisco IOS XE Web Server Auth From Suspicious Username (cisco_tac_admin) (CVE-2023-20198) (Inbound)"

• "ET INFO Cisco IOS XE Web Server Auth From Suspicious Username (cisco_support) (CVE-2023-20198) (Inbound)"

• "ET INFO Cisco IOS XE Web Server Auth From Suspicious Username (cisco_tac_admin) (CVE-2023-20198) (Outbound)"

• "ET EXPLOIT Cisco IOS XE Web Server Implant Check (CVE-2023-20198) (Outbound) M1"

• "ET INFO Cisco IOS XE Web Server execCLI in SOAP (CVE-2023-20198) (Inbound)"

• "ET INFO Suspicious Cisco Privilege Level 15 in HTTP Header (Outbound)"

• "ET INFO Cisco IOS XE Web Server execCLI in SOAP (CVE-2023-20198) (Outbound)"

• "ET EXPLOIT Cisco IOS XE Web Server Implant Check (CVE-2023-20198) (Inbound) M1"

• "ET EXPLOIT Cisco IOS XE Web Server Possible Authentication Bypass Attempt (CVE-2023-20198) (Inbound)"

• "ET INFO Cisco IOS XE Web Server Auth From Suspicious Username (cisco_support) (CVE-2023-20198) (Outbound)"

• "ET INFO Cisco IOS XE Web Server Config Change in SOAP (CVE-2023-20198) (Inbound)"

• "ET INFO Suspicious Cisco Privilege Level 15 in HTTP Header (Inbound)"

• "ET EXPLOIT Cisco IOS XE Web Server Implant Check (CVE-2023-20198) M3"

• "ET INFO Cisco IOS XE Web Server Config Change in SOAP (CVE-2023-20198) (Outbound)"

CVE-2023-1671

• "ET EXPLOIT Sophos Web Appliance Pre-Auth Command Injection Attempt (CVE-2023-1671)"

CVE-2023-1389

• "ET EXPLOIT TP-Link Archer AX21 Unauthenticated Command Injection Inbound (CVE-2023-1389)"

CVE-2023-0669

• "ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M2"

• "ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M3"

• "ET EXPLOIT Fortra MFT Deserialization Remote Code Execution Attempt (CVE-2023-0669) M1"

CVE-2022-48323

• "ET EXPLOIT Sunlogin Sunflower Simplified 1.0.1.43315 Directory Traversal Attempt (CVE-2022-48323)"

CVE-2022-47966

• "ET EXPLOIT ManageEngine Unauthenticated RCE Attempt M1 (CVE-2022-47966)"

• "ET EXPLOIT ManageEngine Unauthenticated RCE Attempt M10 (CVE-2022-47966)"

• "ET EXPLOIT ManageEngine Unauthenticated RCE Attempt M12 (CVE-2022-47966)"

• "ET EXPLOIT ManageEngine Unauthenticated RCE Attempt M11 (CVE-2022-47966)"

CVE-2022-46169

• "ET EXPLOIT Possible Cacti Unauthenticated RCE Inbound M2 (CVE-2022-46169)"

• "ET EXPLOIT Possible Cacti Unauthenticated RCE Inbound M1 (CVE-2022-46169)"

CVE-2022-44877

• "ET EXPLOIT CentOS Control Web Panel Pre-Auth Remote Code Execution (CVE-2022-44877)"

CVE-2022-44268

• "ET EXPLOIT Possible ImageMagick (7.1.0-49) Arbitrary Remote Leak PNG Upload Attempt (CVE-2022-44268)"

CVE-2022-44267

• "ET EXPLOIT Possible ImageMagick (7.1.0-49) DOS PNG Observed Inbound (CVE-2022-44267)"

• "ET EXPLOIT Possible ImageMagick (7.1.0-49) DOS PNG Upload Attempt (CVE-2022-44267)"

CVE-2022-42889

• "ET EXPLOIT Possible Apache Text4shell RCE Attempt JEXL Path (CVE-2022-42889) (Outbound)"

• "ET EXPLOIT Possible Apache Text4shell RCE Attempt URL Prefix (CVE-2022-42889) (Outbound)"

• "ET EXPLOIT Possible Apache Text4shell RCE Attempt Script Prefix (CVE-2022-42889) (Outbound)"

• "ET EXPLOIT Possible Apache Text4shell RCE Attempt DNS Prefix (CVE-2022-42889) (Outbound)"

• "ET EXPLOIT Possible Apache Text4shell RCE Attempt Script Prefix (CVE-2022-42889) (Inbound)"

• "ET EXPLOIT Possible Apache Text4shell RCE Attempt URL Prefix (CVE-2022-42889) (Inbound)"

• "ET EXPLOIT Possible Apache Text4shell RCE Attempt DNS Prefix (CVE-2022-42889) (Inbound)"

• "ET EXPLOIT Possible Apache Text4shell RCE Attempt JEXL Path (CVE-2022-42889) (Inbound)"

CVE-2022-41352

• "ET EXPLOIT Possible Zimbra Arbitrary File Upload (CVE-2022-41352) M2"

• "ET EXPLOIT Possible Zimbra Arbitrary File Upload (CVE-2022-41352) M5"

• "ET EXPLOIT Possible Zimbra Arbitrary File Upload (CVE-2022-41352) M1"

• "ET EXPLOIT Possible Zimbra Arbitrary File Upload (CVE-2022-41352) M6"

• "ET EXPLOIT Possible Zimbra Arbitrary File Upload (CVE-2022-41352) M8"

• "ET EXPLOIT Possible Zimbra Arbitrary File Upload (CVE-2022-41352) M4"

• "ET EXPLOIT Possible Zimbra Arbitrary File Upload (CVE-2022-41352) M7"

• "ET EXPLOIT Possible Zimbra Arbitrary File Upload (CVE-2022-41352) M3"

CVE-2022-41040

• "ET EXPLOIT Microsoft Exchange Remote Code Execution Attempt (CVE-2022-41040, CVE-2022-41082)"

• "ET EXPLOIT Microsoft Exchange Remote Code Execution Attempt - OWASSRF (CVE-2022-41040, CVE-2022-41082)"

CVE-2022-40684

• "ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - SSH Key Upload (CVE-2022-40684)"

• "ET WEB_SERVER [Cluster25] FortiOS Auth Bypass Attempt (CVE-2022-40684)"

• "ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Administrative Details Leaked (CVE-2022-40684)"

• "ET WEB_SERVER Successful FortiOS Auth Bypass Attempt - Config Leaked (CVE-2022-40684)"

CVE-2022-40259

• "ET EXPLOIT Redfish Exploitation Attempt (CVE-2022-40259)"

CVE-2022-39952

• "ET EXPLOIT Fortinet FortiNAC - Observed POST .zip with Vulnerable Parameter (CVE-2022-39952)"

CVE-2022-36804

• "ET EXPLOIT Atlassian Bitbucket CVE-2022-36804 Exploit Attempt"

CVE-2022-36635

• "ET EXPLOIT ZKBioSecurity SQL Injection Attempt (CVE-2022-36635)"

CVE-2022-3602

• "ET EXPLOIT Possible OpenSSL Punycode Email Address Buffer Overflow Attempt Inbound (CVE-2022-3602)"

• "ET EXPLOIT Possible OpenSSL Punycode Email Address Buffer Overflow Attempt Outbound (CVE-2022-3602)"

CVE-2022-34753

• "ET EXPLOIT Attempted Schneider Electric SpaceLogic C-Bus Home Controller 5200WHC2 Remote Code Execution (CVE-2022-34753)"

CVE-2022-31898

• "ET EXPLOIT GL iNet MTN300n Command Injection Attempt Inbound (CVE-2022-31898)"

CVE-2022-3184

• "ET EXPLOIT Dataprobe iBoot-PDU Pre-Auth Remote Code Execution Attempt via git-update.php (CVE-2022-3184) M2"

• "ET EXPLOIT Dataprobe iBoot-PDU Pre-Auth Remote Code Execution Attempt via git-update.php (CVE-2022-3184) M1"

CVE-2022-31814

• "ET EXPLOIT pfBlockerNG HTTP Host Header Remote Code Execution Attempt (CVE-2022-31814)"

CVE-2022-31656

• "ET EXPLOIT Attempted VMware Authentication Bypass (CVE-2022-31656)"

CVE-2022-30525

• "ET EXPLOIT [Rapid7] Zyxel ZTP setWanPortSt mtu Parameter Exploit Attempt (CVE-2022-30525)"

CVE-2022-30333

• "ET EXPLOIT Possible Zimbra Arbitrary File Upload (CVE-2022-30333) M2"

• "ET EXPLOIT Possible Zimbra Arbitrary File Upload (CVE-2022-30333) M1"

CVE-2022-30190

• "ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190)"

• "ET EXPLOIT Possible Microsoft Support Diagnostic Tool Exploitation Inbound (CVE-2022-30190)"

CVE-2022-29499

• "ET EXPLOIT Attempted Mitel MiVoice Connect Data Validation RCE Inbound (CVE-2022-29499)"

CVE-2022-29303

• "ET EXPLOIT SolarView Compact Command Injection Inbound (CVE-2022-29303)"

CVE-2022-28958

• "ET EXPLOIT D-Link Remote Code Execution Attempt (CVE-2022-28958)"

CVE-2022-2827

• "ET EXPLOIT Redfish API User Enumeration Attempt (CVE-2022-2827)"

CVE-2022-28219

• "ET EXPLOIT Possible ManageEngine ADAudit Plus XXE (CVE-2022-28219)"

CVE-2022-27925

• "ET EXPLOIT Possible Zimbra RCE Attempt Inbound (CVE-2022-27925)"

CVE-2022-27665

• "ET EXPLOIT WS_FTP Reflected XSS Payload Observed M1 (CVE-2022-27665)"

CVE-2022-27643

• "ET EXPLOIT NetGear R6700v3 upnpd Buffer Overflow Inbound (CVE-2022-27643)"

CVE-2022-27255

• "ET EXPLOIT Realtek eCos RSDK/MSDK Stack-based Buffer Overflow Attempt Inbound (CVE-2022-27255)"

CVE-2022-27226

• "ET EXPLOIT iRZ Mobile Router RCE Inbound M1 (CVE-2022-27226)"

CVE-2022-26352

• "ET EXPLOIT dotCMS Arbitrary File Upload Attempt (CVE-2022-26352) M1"

• "ET EXPLOIT dotCMS Arbitrary File Upload Attempt (CVE-2022-26352) M2"

CVE-2022-26318

• "ET EXPLOIT WatchGuard CVE-2022-26318 RCE Attempt M1"

• "ET EXPLOIT Possible WatchGuard CVE-2022-26318 RCE Attempt M3"

• "ET EXPLOIT WatchGuard CVE-2022-26318 RCE Attempt M2"

CVE-2022-26259

• "ET EXPLOIT Xiongmai/HiSilicon DVR - RTSP Buffer Overflow Attempt - CVE-2022-26259"

CVE-2022-26210

• "ET EXPLOIT Totolink - Command Injection Attempt Inbound (CVE-2022-26210)"

CVE-2022-26186

• "ET EXPLOIT Totolink - Command Injection Attempt Inbound (CVE-2022-26186)"

CVE-2022-26134

• "SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt"

• "SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt"

• "SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt"

• "SERVER-WEBAPP Atlassian Confluence OGNL expression injection attempt"

CVE-2022-25237

• "ET EXPLOIT Bonitasoft Successful Default User Login Attempt (Possible Staging for CVE-2022-25237)"

• "ET EXPLOIT Bonitasoft Authorization Bypass and RCE Upload M1 (CVE-2022-25237)"

• "ET WEB_SPECIFIC_APPS Bonitasoft Default User Login Attempt M2 (Possible Staging for CVE-2022-25237)"

• "ET WEB_SPECIFIC_APPS Altenergy Power Control Software Command Injection Attempt (CVE-2022-25237)"

• "ET EXPLOIT Bonitasoft Authorization Bypass M1 (CVE-2022-25237)"

• "ET EXPLOIT Bonitasoft Authorization Bypass and RCE Upload M2 (CVE-2022-25237)"

• "ET WEB_SPECIFIC_APPS Bonitasoft Default User Login Attempt M1 (Possible Staging for CVE-2022-25237)"

• "ET EXPLOIT Bonitasoft Authorization Bypass M2 (CVE-2022-25237)"

CVE-2022-25075

• "ET EXPLOIT Totolink - Command Injection Attempt Inbound (CVE-2022-25075)"

CVE-2022-25064

• "ET EXPLOIT TP-LINK TL-WR840N RCE Inbound (CVE-2022-25064)"

CVE-2022-24990

• "ET EXPLOIT TerraMaster TOS Information Leak Inbound (CVE-2022-24990)"

CVE-2022-24989

• "ET EXPLOIT TerraMaster TOS Unauthenticated Command Injection Inbound M2 (CVE-2022-24989)"

• "ET EXPLOIT TerraMaster TOS Unauthenticated Command Injection Inbound M1 (CVE-2022-24989)"

CVE-2022-24706

• "ET EXPLOIT Default Apache CouchDB Erlang Cookie Observed (CVE-2022-24706)"

CVE-2022-24252

• "ET EXPLOIT Extensis Portfolio Unrestricted File Upload (CVE-2022-24252)"

CVE-2022-24112

• "ET EXPLOIT Apache APISIX Admin API Authentication Bypass (CVE-2022-24112) M2"

• "ET EXPLOIT Apache APISIX Admin API Authentication Bypass (CVE-2022-24112) M1"

CVE-2022-23131

• "ET EXPLOIT Zabbix v5.4.0 - 5.4.8 SSO/SALM Auth Bypass (CVE-2022-23131) M3"

• "ET EXPLOIT Zabbix v5.4.0 - 5.4.8 SSO/SALM Auth Bypass (CVE-2022-23131) M1"

• "ET EXPLOIT Zabbix v5.4.0 - 5.4.8 SSO/SALM Auth Bypass (CVE-2022-23131) M2"

CVE-2022-22965

• "ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 2 Suffix Set Inbound (CVE-2022-22965)"

• "ET EXPLOIT Possible SpringCore RCE/Spring4Shell Inbound (CVE-2022-22965)"

• "ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 1 Pattern Set Inbound (CVE-2022-22965)"

• "ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 4 Prefix Set Inbound (CVE-2022-22965)"

• "ET EXPLOIT SpringShell/Spring4Shell RCE Attempt (CVE-2022-22965)"

• "ET EXPLOIT Possible SpringCore RCE/Spring4Shell Stage 3 Directory Set Inbound (CVE-2022-22965)"

CVE-2022-22963

• "ET EXPLOIT Possible Spring Cloud Connector RCE Inbound (CVE-2022-22963)"

CVE-2022-22954

• "ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)"

• "ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)"

• "ET EXPLOIT Possible VMware Workspace ONE Access RCE via Server-Side Template Injection Inbound (CVE-2022-22954)"

• "ET EXPLOIT VMWare Server-side Template Injection RCE (CVE-2022-22954)"

CVE-2022-22947

• "ET EXPLOIT VMware Spring Cloud Gateway Code Injection (CVE-2022-22947)"

• "ET EXPLOIT VMware Spring Cloud Gateway Code Injection (CVE-2022-22947) (set)"

CVE-2022-22536

• "ET EXPLOIT Possible SAP ICM MPI Desynchronization Scanning Activity (CVE-2022-22536) M1"

• "ET EXPLOIT Possible SAP ICM MPI Desynchronization Scanning Activity (CVE-2022-22536) M2"

CVE-2022-22246

• "ET TROJAN Potential Juniper PHP Local File Inclusion Attempt (CVE-2022-22246)"

CVE-2022-22245

• "ET TROJAN Potential Juniper Path Traversal RCE Attempt (CVE-2022-22245)"

CVE-2022-22244

• "ET TROJAN Potential Juniper XPATH Injection Attempt (CVE-2022-22244)"

CVE-2022-22242

• "ET TROJAN Potential Juniper Reflected XSS Attempt (CVE-2022-22242)"

CVE-2022-22241

• "ET TROJAN Potential Juniper Phar Deserialization RCE Attempt (CVE-2022-22241)"

CVE-2022-21587

• "ET EXPLOIT Possible Oracle E-Business RCE Attempt Inbound M2 (CVE-2022-21587)"

• "ET EXPLOIT Possible Oracle E-Business RCE Attempt Inbound M3 (CVE-2022-21587)"

• "ET EXPLOIT Possible Oracle E-Business RCE Attempt Inbound M1 (CVE-2022-21587)"

• "ET EXPLOIT Possible Oracle E-Business RCE Attempt Inbound M4 (CVE-2022-21587)"

CVE-2022-21449

• "ET EXPLOIT [ConnectWise CRU] Java ECDSA (Psychic) TLS Signature (CVE-2022-21449)"

CVE-2022-1471

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 6.13.x - 6.15.x M2"

• "ET WEB_SPECIFIC_APPS Atlassian Bitbucket CVE-2022-1471 Vulnerable Server Detected Version 7.17.x - 7.21.15"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 7.x M2"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 7.x M1"

• "ET WEB_SPECIFIC_APPS Atlassian Jira CVE-2022-1471 Vulnerable Server Detected Version 9.4 - 9.11.1 M2"

• "ET WEB_SPECIFIC_APPS Atlassian Bitbucket CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.12.0"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 6.13.x - 6.15.x M1"

• "ET WEB_SPECIFIC_APPS Atlassian Jira CVE-2022-1471 Vulnerable Server Detected Version 9.4 - 9.11.1 M1"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.3 M1"

• "ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2022-1471 Vulnerable Server Detected Version 8.0 - 8.3 M2"

CVE-2022-1388

• "ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass Attempt (CVE-2022-1388) M2"

• "ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass (CVE-2022-1388) M1"

• "ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass Attempt (CVE-2022-1388) M3"

• "ET EXPLOIT F5 BIG-IP iControl REST Authentication Bypass Server Response (CVE-2022-1388)"

• "POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt"

• "SERVER-WEBAPP F5 BIG-IP iControl remote code execution attempt"

CVE-2022-1162

• "ET EXPLOIT Gitlab Login Attempt with hard-coded password (CVE-2022-1162)"

• "ET EXPLOIT Gitlab Login Attempt with hard-coded password (CVE-2022-1162)"

CVE-2022-1040

• "ET EXPLOIT Sophos Firewall Authentication Bypass (CVE-2022-1040)"

• "ET EXPLOIT Sophos Firewall Authentication Bypass (CVE-2022-1040) Server Response M2"

• "ET EXPLOIT Sophos Firewall Authentication Bypass (CVE-2022-1040) Server Response M1"

CVE-2022-0778

• "ET EXPLOIT Possible OpenSSL Infinite Loop Inducing Cert Inbound via TCP (CVE-2022-0778)"

• "ET EXPLOIT Possible OpenSSL Infinite Loop Inducing Cert Inbound via UDP (CVE-2022-0778)"

CVE-2022-0543

• "ET EXPLOIT Redis RCE Attempt (CVE-2022-0543) M1"

• "ET EXPLOIT Redis RCE Attempt (CVE-2022-0543) M2"

• "ET EXPLOIT Possible Redis RCE Attempt - Dynamic Importing of liblua (CVE-2022-0543)"

CVE-2021-46442

• "ET EXPLOIT D-Link webupg Remote Code Execution Attempt Inbound (CVE 2021-46441, 2021-46442)"

CVE-2021-46422

• "ET EXPLOIT Telesquare SDT-CW3B1 1.1.0 - OS Command Injection (CVE-2021-46422)"

CVE-2021-45382

• "ET EXPLOIT D-Link - RCE Attempt Inbound (CVE-2021-45382)"

CVE-2021-45105

• "ET EXPLOIT Possible Apache log4j Uncontrolled Recursion Lookup (CVE-2021-45105)"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "POLICY-OTHER Java User-Agent remote class download attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

• "SERVER-OTHER Apache Log4j logging remote code execution attempt"

CVE-2021-44515

• "ET EXPLOIT Zoho ManagedEngine Desktop Central Authentication Bypass - File Upload Attempt (CVE-2021-44515)"

• "ET EXPLOIT Zoho ManagedEngine Desktop Central Authentication Bypass - Administrator Password Reset Attempt (CVE-2021-44515)"

CVE-2021-4436

• "ET WEB_SPECIFIC_APPS Wordpress 3DPrint Lite Plugin Arbitrary File Upload Attempt - PHP webshell Payload (CVE-2021-4436)"

CVE-2021-44228

• "ET EXPLOIT Possible Apache log4j RCE Attempt (tcp corba) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt - HTTP URI Obfuscation (CVE-2021-44228) (Inbound)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Callback Domain (rce .ee)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/13 Obfuscation Observed (tcp) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt - Base64 jndi (tcp) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (tcp) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (http) (Outbound) (CVE-2021-44228)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol (lower UDP Bypass) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M1 (CVE-2021-44228)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol (upper TCP Bypass) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - Nested upper (tcp) (Outbound) (CVE-2021-44228)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Callback Domain (scannermcscanface-edgescan .com)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Security Scanner Domain (log4j .binaryedge .io)"

• "ET EXPLOIT Apache log4j RCE Attempt - Nested upper (udp) (Outbound) (CVE-2021-44228)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol UDP (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - lower/upper UDP Bypass M1 (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (tcp iiop) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (tcp dns) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt (udp corba) (CVE-2021-44228)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Callback Domain (oob .li)"

• "ET EXPLOIT Apache log4j RCE Attempt (udp ldap) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (tcp iiop) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (udp dns) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (http rmi) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (udp rmi) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (udp ldap) (Outbound) (CVE-2021-44228)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Security Scanner Domain (log4j. leakix .net)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt (tcp nds) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - Nested lower (udp) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt (udp corba) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (udp ldaps) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - Nested lower (tcp) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (udp iiop) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (udp dns) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - AWS Access Key Disclosure (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (tcp ldaps) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt - HTTP URI Obfuscation (CVE-2021-44228) (Outbound)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Callback Domain (scanworld .net)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Callback Domain (log .exposedbotnets .ru)"

• "ET EXPLOIT Apache log4j RCE Attempt (tcp rmi) (CVE-2021-44228)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Security Scanner Domain (kryptoslogic-cve-2021-44228 .com)"

• "ET EXPLOIT Apache log4j RCE Attempt (http) (Inbound) (CVE-2021-44228)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol (lower TCP Bypass) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt - Base64 jndi (udp) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt (tcp nis) (CVE-2021-44228)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol (lower UDP Bypass) (CVE-2021-44228)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Security Scanner Domain (log4shell .huntress .com)"

• "ET EXPLOIT Apache log4j RCE Attempt (tcp dns) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/12 Obfuscation Observed M2 (udp) (Outbound) (CVE-2021-44228)"

• "ET POLICY DNS Query for Observed CVE-2021-44228 Security Scanner Domain (dns .cyberwar .nl)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol (upper UDP Bypass) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt (udp nis) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (http dns) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (udp iiop) (CVE-2021-44228)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Security Scanner Domain (canarytokens .com)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (Outbound) (CVE-2021-44228)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Callback Domain (pwn .af)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol (upper TCP Bypass) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt (udp nds) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt (tcp nis) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt (udp nis) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (http ldaps) (Outbound) (CVE-2021-44228)"

• "ET POLICY Serialized Java Object returned via LDAPv3 Response"

• "ET EXPLOIT Apache log4j RCE Attempt (tcp ldap) (Outbound) (CVE-2021-44228)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Callback Domain (notburpcollaborator .net)"

• "ET EXPLOIT Apache log4j RCE Attempt - lower/upper UDP Bypass M1 (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (http ldaps) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt (tcp corba) (CVE-2021-44228)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol (lower UDP Bypass) (CVE-2021-44228)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Callback Domain (service .exfil .site)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol (upper UDP Bypass) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (tcp ldaps) (CVE-2021-44228)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol UDP (CVE-2021-44228)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol (lower TCP Bypass) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt - Base64 jndi (udp) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - Nested upper (tcp) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt (udp nds) (Outbound) (CVE-2021-44228)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol (upper UDP Bypass) (CVE-2021-44228)"

• "ET ATTACK_RESPONSE Possible CVE-2021-44228 Payload via LDAPv3 Response M2"

• "ET EXPLOIT Possible Apache log4j RCE Attempt - Base64 jndi (tcp) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (udp rmi) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (http rmi) (CVE-2021-44228)"

• "ET ATTACK_RESPONSE Possible CVE-2021-44228 Payload via LDAPv3 Response"

• "ET EXPLOIT Apache log4j RCE Attempt (udp ldaps) (CVE-2021-44228)"

• "ET EXPLOIT Apache Obfuscated log4j RCE Attempt (tcp ldap) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt (tcp rmi) (Outbound) (CVE-2021-44228)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol (lower TCP Bypass) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt (tcp nds) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M2 (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - lower/upper UDP Bypass M2 (Outbound) (CVE-2021-44228)"

• "ET ATTACK_RESPONSE DNS Query for Observed CVE-2021-44228 Callback Domain (ceye .io)"

• "ET EXPLOIT Apache log4j RCE Attempt (http dns) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - lower/upper UDP Bypass M2 (CVE-2021-44228)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol TCP (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - Nested lower (udp) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Possible Apache log4j RCE Attempt - 2021/12/13 Obfuscation Observed (tcp) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - Nested lower (tcp) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - lower/upper TCP Bypass M1 (Outbound) (CVE-2021-44228)"

• "ET INFO Possible Apache log4j RCE Attempt - Any Protocol (upper TCP Bypass) (Outbound) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - Nested upper (udp) (CVE-2021-44228)"

• "ET EXPLOIT Apache log4j RCE Attempt - AWS Access Key Disclosure (CVE-2021-44228)"

CVE-2021-44077

• "ET EXPLOIT [CISA AA21-336A] Zoho ManageEngine ServiceDesk Possible Exploitation Activity (CVE-2021-44077)"

CVE-2021-43798

• "ET EXPLOIT Grafana 8.x Path Traversal (CVE-2021-43798)"

CVE-2021-43788

• "ET EXPLOIT NodeBB Path Traversal (CVE-2021-43788)"

CVE-2021-42671

• "ET EXPLOIT Possible Engineers Online Portal System Access Control Bypass (CVE-2021-42671)"

CVE-2021-42669

• "ET EXPLOIT Possible Engineers Online Portal System Webshell Upload (CVE-2021-42669)"

CVE-2021-42013

• "ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M1"

• "ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2"

CVE-2021-41773

• "ET EXPLOIT Apache HTTP Server 2.4.49 - Path Traversal Attempt (CVE-2021-41773) M3"

• "ET EXPLOIT Apache HTTP Server 2.4.49 - Path Traversal Attempt (CVE-2021-41773) M2"

• "ET POLICY Apache HTTP Server 2.4.49 Observed - Vulnerable to CVE-2021-41773"

• "ET EXPLOIT Apache HTTP Server 2.4.49 - Path Traversal Attempt (CVE-2021-41773) M1"

CVE-2021-41653

• "ET EXPLOIT TP-Link TL-WR840N EU v5 RCE Attempt (CVE-2021-41653)"

CVE-2021-41314

• "ET EXPLOIT Netgear Seventh Inferno CVE-2021-41314 (new line injection)"

CVE-2021-41277

• "ET WEB_SPECIFIC_APPS Metabase Local File Inclusion Inbound (CVE-2021-41277)"

CVE-2021-41163

• "ET EXPLOIT Discourse SNS Webhook RCE Inbound (CVE-2021-41163)"

CVE-2021-40870

• "ET EXPLOIT Aviatrix Controller Unrestricted File Upload with Path Traversal Inbound (CVE-2021-40870)"

CVE-2021-40539

• "ET EXPLOIT ManageEngine AdSelfService Plus - Possible Code Execution via openSSLTool (CVE-2021-40539)"

• "ET EXPLOIT ManageEngine AdSelfService Plus - .jsp WebShell Upload Attempt (CVE-2021-40539)"

• "ET EXPLOIT ManageEngine AdSelfService Plus - Arbritrary File Upload Attempt (CVE-2021-40539)"

• "ET EXPLOIT ManageEngine AdSelfService Plus - Authentication Bypass Attempt (CVE-2021-40539)"

CVE-2021-40438

• "ET EXPLOIT Apache HTTP Server SSRF (CVE-2021-40438)"

CVE-2021-4039

• "ET EXPLOIT Zyxel NWA-1100-NH Command Injection Attempt (CVE-2021-4039)"

CVE-2021-39144

• "ET EXPLOIT Possible VMWare NSX Manager Remote Code Execution Exploit Attempt (CVE-2021-39144)"

CVE-2021-38647

• "ET EXPLOIT Microsoft OMI RCE Exploit Attempt (CVE-2021-38647) M1"

CVE-2021-38454

• "ET EXPLOIT Possible Moxa MxView RCE Attempt (CVE-2021-38454)"

CVE-2021-37343

• "ET EXPLOIT Nagios XI Post-Auth Path Traversal (CVE-2021-37343)"

CVE-2021-37164

• "ET EXPLOIT [PwnedPiper] Exploitation Attempt - Large Malformed Translogic Packet (CVE-2021-37164)"

CVE-2021-37161

• "ET EXPLOIT [PwnedPiper] Exploitation Attempt - Small Malformed Translogic Packet (Multiple CVEs)"

CVE-2021-36380

• "ET EXPLOIT Sunhillo SureLine Unauthenticated OS Command Injection Inbound (CVE-2021-36380)"

CVE-2021-36260

• "ET EXPLOIT Hikvision IP Camera RCE Attempt (CVE-2021-36260)"

CVE-2021-35587

• "ET EXPLOIT Possible Oracle Access Manager RCE Attempt (CVE-2021-35587)"

CVE-2021-35464

• "ET EXPLOIT ForgeRock Access Manager RCE (CVE-2021-35464)"

CVE-2021-35395

• "ET EXPLOIT Realtek SDK - Command Injection Inbound (CVE-2021-35395)"

• "ET EXPLOIT Realtek SDK - Command Execution/Backdoor Access Inbound (CVE-2021-35395)"

CVE-2021-35394

• "ET EXPLOIT Realtek SDK - Command Execution/Backdoor Access Inbound (CVE-2021-35394)"

CVE-2021-35393

• "ET EXPLOIT Possible Realtek SDK - formWlanMultipleAP Stack Buffer Overflow Inbound (CVE-2021-35393)"

• "ET EXPLOIT Possible Realtek SDK - formStaticDHCP Stack Buffer Overflow Inbound (CVE-2021-35393)"

• "ET EXPLOIT Possible Realtek SDK - formWlSiteSurvey Stack Buffer Overflow Inbound (CVE-2021-35393)"

• "ET EXPLOIT Possible Realtek SDK - Stack Buffer Overflow via UPnP SUBSCRIBE Callback Header Inbound (CVE-2021-35393)"

CVE-2021-35392

• "ET EXPLOIT Possible Realtek SDK - formRebootCheck/formWsc Stack Buffer Overflow Inbound (CVE-2021-35392)"

CVE-2021-35232

• "ET EXPLOIT SolarWinds Web Help Desk Hard Coded Credentials Request (CVE-2021-35232)"

CVE-2021-35211

• "ET EXPLOIT Possible SolarWinds Serv-U SSH RCE Inbound M2 (CVE-2021-35211)"

• "ET EXPLOIT Possible SolarWinds Serv-U SSH RCE Inbound M1 (CVE-2021-35211)"

CVE-2021-35064

• "ET EXPLOIT Kramer VIAware Remote Code Execution (CVE-2021-35064 CVE-2021-36356)"

CVE-2021-34991

• "ET EXPLOIT UPnP UUID Password Change Exploit Attempt Inbound - XR300 PoC Gadgets (CVE-2021-34991)"

• "ET EXPLOIT UPnP UUID Password Change Exploit Attempt Inbound - R6700V3 PoC Gadgets (CVE-2021-34991)"

CVE-2021-34979

• "ET EXPLOIT Netgear R6260 Mini_httpd Buffer Overflow Attempt - Possible RCE (CVE-2021-34979)"

CVE-2021-34473

• "ET EXPLOIT Possible Microsoft Exchange RCE Inbound M2 (CVE-2021-34473)"

• "ET EXPLOIT Possible Microsoft Exchange RCE Inbound M1 (CVE-2021-34473)"

• "ET EXPLOIT Possible Microsoft Exchange RCE with Python PSRP Client UA Inbound (CVE-2021-34473)"

• "ET EXPLOIT Possible Microsoft Exchange RCE Inbound M3 (CVE-2021-34473)"

• "ET EXPLOIT Possible Microsoft Exchange Mailbox Enumeration Inbound (CVE-2021-34473)"

CVE-2021-34429

• "ET WEB_SPECIFIC_APPS Jetty WEB-INF Information Leak Successful Exploitation (CVE-2021-34429)"

• "ET WEB_SPECIFIC_APPS Jetty WEB-INF Information Leak Attempt Inbound (CVE-2021-34429)"

CVE-2021-34228

• "ET EXPLOIT TOTOLINK Router Cross-site Scripting CVE-2021-34228 (boafrm) M2"

• "ET EXPLOIT TOTOLINK Router Cross-site Scripting CVE-2021-34228 (boafrm) M3"

• "ET EXPLOIT TOTOLINK Router Cross-site Scripting CVE-2021-34228 (boafrm) M1"

• "ET EXPLOIT TOTOLINK Router Cross-site Scripting CVE-2021-34228 (boafrm) M4"

CVE-2021-33766

• "ET EXPLOIT Microsoft Exchange - Successful msExchEcpCanary Disclosure (CVE-2021-33766)"

• "ET EXPLOIT Microsoft Exchange - Information Disclosure flowbit set (CVE-2021-33766)"

CVE-2021-33544

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - factory.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - simple_reclistjs.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - factory.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - simple_reclistjs.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - oem.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - tmpapp.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - language.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - certmngr.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - certmngr.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - testcmd.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - testcmd.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - oem.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - language.cgi RCE via Command Injection Attempt Outbound (CVE-2021-33544)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - tmpapp.cgi RCE via Command Injection Attempt Inbound (CVE-2021-33544)"

CVE-2021-33543

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Outbound (CVE-2021-33543)"

• "ET EXPLOIT UDP Technology Firmware (IP Cam) - Auth Bypass Attempt Inbound (CVE-2021-33543)"

CVE-2021-3317

• "ET EXPLOIT Klog Server Command Injection Inbound (CVE-2021-3317)"

CVE-2021-3297

• "ET EXPLOIT Possible Zyxel Authentication Bypass Inbound (CVE-2021-3297)"

CVE-2021-32706

• "ET EXPLOIT PiHole Web Interface Regex Escape Leading to RCE Inbound M2 (CVE-2021-32706)"

• "ET EXPLOIT PiHole Web Interface Regex Escape Leading to RCE Inbound M1 (CVE-2021-32706)"

CVE-2021-32648

• "ET EXPLOIT OctoberCMS Auth Bypass Inbound M1 trigger_reset (CVE-2021-32648)"

• "ET EXPLOIT OctoberCMS Auth Bypass Inbound M2 set_password (CVE-2021-32648)"

CVE-2021-32305

• "ET EXPLOIT WebSVN 2.6.0 OS Command Injection Inbound (CVE-2021-32305)"

• "ET EXPLOIT Possible Mirai Infection Attempt via OS Command Injection Inbound (CVE-2021-32305)"

• "ET EXPLOIT Possible Mirai Infection Attempt via OS Command Injection Outbound (CVE-2021-32305)"

CVE-2021-31986

• "ET INFO Suspicious POST to Axis OS (smtptest.cgi)"

CVE-2021-31755

• "ET EXPLOIT Trenda Router AC11 RCE Inbound (CVE-2021-31755)"

• "ET EXPLOIT Trenda Router AC11 RCE Outbound (CVE-2021-31755)"

CVE-2021-31643

• "ET EXPLOIT Stored XSS and Webpass IoT devices CVE-2021-31643"

CVE-2021-31474

• "ET EXPLOIT Possible SolarWinds Orion RCE Inbound (CVE-2021-31474)"

CVE-2021-3129

• "ET EXPLOIT Laravel Remote Code Execution (CVE-2021-3129) Inbound - Attempt to clear logs"

• "ET EXPLOIT Laravel Remote Code Execution (CVE-2021-3129) Inbound - Payload Execution Attempt"

• "ET EXPLOIT Laravel Remote Code Execution (CVE-2021-3129) Outbound - Payload Execution Attempt"

• "ET EXPLOIT Laravel Remote Code Execution (CVE-2021-3129) Outbound - Attempt to clear logs"

CVE-2021-31250

• "ET EXPLOIT Stored XSS Vulnerability CVE-2021-31250 M3"

• "ET EXPLOIT Stored XSS Vulnerability CVE-2021-31250 M1"

• "ET EXPLOIT Stored XSS Vulnerability CVE-2021-31250 M2"

• "ET EXPLOIT Stored XSS Vulnerability CVE-2021-31250 M4"

CVE-2021-31207

• "ET EXPLOIT Microsoft Exchange Pre-Auth Path Confusion M1 (CVE-2021-31207)"

• "ET EXPLOIT Microsoft Exchange Pre-Auth Path Confusion M2 (CVE-2021-31207)"

• "ET EXPLOIT Vulnerable Microsoft Exchange Server Response (CVE-2021-31207)"

• "ET EXPLOIT Microsoft Exchange SUID Disclosure via SSRF Inbound M2 (CVE-2021-31207)"

• "ET EXPLOIT Microsoft Exchange SUID Disclosure via SSRF Inbound M1 (CVE-2021-31207)"

CVE-2021-31166

• "ET EXPLOIT Windows HTTP Protocol Stack UAF/RCE (CVE-2021-31166), http.sys DOS (CVE-2022-21907) Inbound"

CVE-2021-3007

• "ET EXPLOIT Possible Zend Framework Exploit (CVE-2021-3007)"

CVE-2021-29003

• "ET EXPLOIT Genexis PLATINUM 4410 Command Injection Inbound (CVE-2021-29003)"

CVE-2021-28482

• "ET EXPLOIT Microsoft Exchange RCE Setup Inbound (CVE-2021-28482)"

CVE-2021-27561

• "ET EXPLOIT Yealink RCE Attempt (CVE-2021-27561)"

CVE-2021-27513

• "ET EXPLOIT Possible EyesOfNetwork Remote File Upload with PHP WebShell Inbound (CVE-2021-27513)"

CVE-2021-27137

• "ET EXPLOIT DD-WRT UPNP Unauthenticated Buffer Overflow (CVE-2021-27137)"

CVE-2021-27065

• "ET EXPLOIT Possible Microsoft Exchange ProxyLogon Activity - OABVirtualDirectory SetObject (CVE-2021-27065)"

CVE-2021-26897

• "ET EXPLOIT Windows DNS Server RCE Attempt Inbound (CVE-2021-26897)"

CVE-2021-26828

• "ET EXPLOIT ScadaBR RCE with JSP Shell Inbound (CVE-2021-26828)"

CVE-2021-26812

• "ET EXPLOIT Jitsi Meet Plugin XSS Attempt (CVE-2021-26812)"

CVE-2021-26086

• "ET EXPLOIT Jira Server/Data Center 8.4.0 Remote File Read Attempt (CVE-2021-26086) M1"

• "ET EXPLOIT Jira Server/Data Center 8.4.0 Remote File Read Attempt (CVE-2021-26086) M2"

CVE-2021-26085

• "ET EXPLOIT Possible Atlassian Confluence Pre-Authorization Arbitrary File Read Attempt (seraph-config.xml) (CVE-2021-26085)"

• "ET EXPLOIT Possible Atlassian Confluence Pre-Authorization Arbitrary File Read Attempt (pom.xml) (CVE-2021-26085)"

• "ET EXPLOIT Possible Atlassian Confluence Pre-Authorization Arbitrary File Read Attempt (pom.properties) (CVE-2021-26085)"

• "ET EXPLOIT Possible Atlassian Confluence Pre-Authorization Arbitrary File Read Attempt (web.xml) (CVE-2021-26085)"

CVE-2021-25646

• "ET WEB_SPECIFIC_APPS Possible Apache Druid RCE Inbound (CVE-2021-25646)"

CVE-2021-25297

• "ET EXPLOIT Nagios XI OS Command Injection (CVE-2021-25297 & CVE-2021-25298)"

CVE-2021-25296

• "ET EXPLOIT Nagios XI OS Command Injection (CVE-2021-25296)"

CVE-2021-23758

• "ET EXPLOIT AjaxPro RCE Attempt (CVE-2021-23758)"

CVE-2021-22991

• "ET EXPLOIT Possible F5 BIG-IP Infoleak and Out-of-Bounds Write Inbound (CVE-2021-22991)"

CVE-2021-22986

• "ET EXPLOIT [NCC/FOX-IT] Possible F5 BIG-IP/BIG-IQ iControl REST RCE Attempt (CVE-2021-22986)"

• "ET EXPLOIT F5 BIG-IP iControl REST Unauthenticated RCE Inbound (CVE-2021-22986)"

CVE-2021-22941

• "ET EXPLOIT Citrix ShareFile Storage Zones Controller RCE Attempt (CVE-2021-22941)"

• "ET EXPLOIT Possible Citrix ShareFile RCE Inbound (CVE-2021-22941)"

CVE-2021-22893

• "ET EXPLOIT [FIREEYE] Suspicious Pulse Secure HTTP Request (CVE-2021-22893) M1"

• "ET EXPLOIT [FIREEYE] Suspicious Pulse Secure HTTP Request (CVE-2021-22893) M3"

• "ET EXPLOIT [FIREEYE] Suspicious Pulse Secure HTTP Request (CVE-2021-22893) M2"

CVE-2021-22652

• "ET EXPLOIT Advantech iView RCE Setup via Config Overwrite Inbound (CVE-2021-22652)"

CVE-2021-22205

• "ET EXPLOIT Possible Gitlab CE/EE Image Parser RCE Inbound (CVE-2021-22205)"

• "ET EXPLOIT GitLab Pre-Auth RCE Detected (CVE-2021-22205)"

CVE-2021-22123

• "ET EXPLOIT Fortinet FortiWeb OS Command Injection Inbound M2 (CVE-2021-22123)"

• "ET EXPLOIT Fortinet FortiWeb OS Command Injection Inbound M1 (CVE-2021-22123)"

CVE-2021-22005

• "ET EXPLOIT VMware vCenter RCE Exploitation Attempt M2 (CVE-2021-22005)"

CVE-2021-21978

• "ET EXPLOIT VMWare View Planner RCE (CVE-2021-21978) Attempt M2"

• "ET EXPLOIT VMWare View Planner RCE (CVE-2021-21978) Attempt M1"

CVE-2021-21975

• "ET EXPLOIT Possible vRealize Operations Manager API SSRF Attempt (CVE-2021-21975)"

CVE-2021-21974

• "ET EXPLOIT VMWare ESXi 6.7.0 OpenSLP Remote Code Execution Attempt - Directory Agent Advertisement Heap Overflow (CVE-2021-21974)"

CVE-2021-21972

• "ET EXPLOIT Inbound VMware vCenter RCE Attempt with Untrusted SSH Key Upload (CVE-2021-21972)"

• "ET EXPLOIT Inbound VMware vCenter RCE Attempt M1 (CVE-2021-21972)"

• "ET EXPLOIT Inbound VMware vCenter RCE Attempt M3 (CVE-2021-21972)"

• "ET EXPLOIT Inbound VMware vCenter RCE Attempt M4 (CVE-2021-21972)"

• "ET EXPLOIT Inbound VMware vCenter RCE Attempt M2 (CVE-2021-21972)"

CVE-2021-21315

• "ET EXPLOIT NodeJS System Information Library Command Injection Attempt (CVE-2021-21315)"

CVE-2021-2109

• "ET EXPLOIT Oracle WebLogic JNDI Injection RCE Attempt (CVE-2021-2109)"

CVE-2021-20837

• "ET EXPLOIT Possible MovableTypePoC RCE Inbound (CVE-2021-20837)"

CVE-2021-20043

• "ET EXPLOIT SonicWall SMA 100 Series - Possible Heap-Based Overflow Activity (CVE-2021-20043)"

CVE-2021-20040

• "ET EXPLOIT SonicWall SMA 100 Series - Unauthenticated File Upload Path Traversal (CVE-2021-20040)"

CVE-2021-20039

• "ET EXPLOIT SonicWall SMA Authenticated Command Injection Attempt CVE-2021-20039"

CVE-2021-20038

• "ET EXPLOIT SonicWall SMA Stack-Based Buffer Overflow CVE-2021-20038 M2"

• "ET EXPLOIT SonicWall SMA Stack-Based Buffer Overflow CVE-2021-20038 M1"

• "ET EXPLOIT Sonicwall Unauthenticated Stack-Based Buffer Overflow (CVE-2021-20038)"

CVE-2021-20016

• "ET EXPLOIT [ConnectWise CRU] Potential Sonicwall SMA User-Level Authentication Bypass (sslvpnclient) (CVE-2021-20016)"

• "ET EXPLOIT [ConnectWise CRU] Potential Sonicwall SMA Authentication Bypass (management) (CVE-2021-20016)"

• "ET EXPLOIT [ConnectWise CRU] Potential Sonicwall SMA User-Level Authentication Bypass (portal) (CVE-2021-20016)"

CVE-2021-1499

• "ET EXPLOIT Cisco HyperFlex HX Data Platform Pre-Auth RCE Inbound (CVE-2021-1499)"

CVE-2021-1498

• "ET EXPLOIT Cisco HyperFlex HX RCE Inbound (CVE-2021-1498)"

• "ET EXPLOIT Cisco HyperFlex HX RCE Outbound (CVE-2021-1498)"

CVE-2021-1497

• "ET EXPLOIT Cisco HyperFlex OS Command Injection M1 (CVE-2021-1497)"

• "ET EXPLOIT Cisco HyperFlex OS Command Injection M2 (CVE-2021-1497)"

CVE-2020-9490

• "ET EXPLOIT Apache2 Memory Corruption Inbound (CVE-2020-9490)"

CVE-2020-9484

• "ET EXPLOIT Attempted Directory Traversal via HTTP Cookie (CVE-2020-9484)"

CVE-2020-9480

• "ET ATTACK_RESPONSE Apache Spark RPC - Unauthenticated RegisterApplication - Successfully Registered (CVE-2020-9480)"

• "ET EXPLOIT Apache Spark RPC - Unauthenticated RegisterApplication Request (CVE-2020-9480)"

• "ET EXPLOIT Apache Spark RPC - Unauthenticated RegisterApplication Request - RCE Attempt (CVE-2020-9480)"

CVE-2020-9465

• "ET EXPLOIT EyesOfNetwork Cookie SQLi (CVE-2020-9465)"

CVE-2020-9054

• "ET EXPLOIT Zyxel NAS RCE Attempt Inbound (CVE-2020-9054) M1"

• "ET EXPLOIT Zyxel NAS RCE Attempt Inbound (CVE-2020-9054) M2"

CVE-2020-9020

• "ET EXPLOIT Possible Vantage Velocity Field Unit RCE Inbound (CVE-2020-9020)"

CVE-2020-8958

• "ET EXPLOIT Guangzhou 1GE ONU OS Command Execution (CVE-2020-8958)"

CVE-2020-8656

• "ET EXPLOIT EyesOfNetwork Generate API Key SQLi (CVE-2020-8656)"

CVE-2020-8654

• "ET EXPLOIT EyesOfNetwork Autodiscover Command Injection (CVE-2020-8654)"

CVE-2020-8518

• "ET WEB_SPECIFIC_APPS Possible CVE-2020-8518 (Horde Groupware RCE)"

CVE-2020-8515

• "ET EXPLOIT Multiple DrayTek Products Pre-authentication Remote RCE Inbound (CVE-2020-8515) M1"

• "ET EXPLOIT Multiple DrayTek Products Pre-authentication Remote RCE Inbound (CVE-2020-8515) M2"

• "ET EXPLOIT Multiple DrayTek Products Pre-authentication Remote RCE Outbound (CVE-2020-8515) M1"

• "ET EXPLOIT Multiple DrayTek Products Pre-authentication Remote RCE Outbound (CVE-2020-8515) M2"

CVE-2020-8466

• "ET EXPLOIT Trend Micro IWSVA Unauthenticated Command Injection Inbound (CVE-2020-8466)"

CVE-2020-8271

• "ET EXPLOIT Citrix SD-WAN Unauthenticated RCE (CVE-2020-8271)"

CVE-2020-8218

• "ET EXPLOIT Possible Pulse Secure VPN RCE Inbound (CVE-2020-8218)"

CVE-2020-8209

• "ET WEB_SPECIFIC_APPS Citrix XenMobile Server Directory Traversal Attempt Inbound (CVE-2020-8209)"

CVE-2020-8195

• "ET EXPLOIT Possible Citrix Information Disclosure Attempt Inbound (CVE-2020-8195)"

CVE-2020-8193

• "ET EXPLOIT Possible Citrix Authentication Bypass Attempt Inbound (CVE-2020-8193)"

CVE-2020-7961

• "ET WEB_SPECIFIC_APPS Liferay Unauthenticated RCE via JSONWS Inbound (CVE-2020-7961)"

• "ET CURRENT_EVENTS 401TRG Liferay RCE (CVE-2020-7961)"

CVE-2020-7247

• "ET EXPLOIT Possible OpenSMTPD RCE Inbound (CVE-2020-7247)"

CVE-2020-6287

• "ET EXPLOIT Possible SAP NetWeaver CVE-2020-6287 Exploit Success"

• "ET USER_AGENTS SAP CVE-2020-6287 PoC UA Observed"

• "ET EXPLOIT Possible SAP NetWeaver CVE-2020-6287 Vulnerable Response"

• "ET EXPLOIT Possible SAP NetWeaver CVE-2020-6287 Probe"

• "ET EXPLOIT Possible SAP NetWeaver CVE-2020-6287 Exploit Attempt"

CVE-2020-6286

• "ET EXPLOIT SAP NetWeaver AS Directory Traversal Attempt Inbound (CVE-2020-6286)"

CVE-2020-6207

• "ET EXPLOIT Suspected SAP EEM SOLMAN RCE (CVE-2020-6207)"

CVE-2020-6008

• "ET WEB_SPECIFIC_APPS LifterLMS Arbitrary File Write Attempt Inbound (CVE-2020-6008)"

CVE-2020-5902

• "ET EXPLOIT F5 TMUI RCE vulnerability CVE-2020-5902 Attempt M1"

• "ET EXPLOIT F5 TMUI RCE vulnerability CVE-2020-5902 Attempt M2"

CVE-2020-5735

• "ET EXPLOIT Amcrest Camera and NVR Buffer Overflow Attempt (CVE-2020-5735)"

CVE-2020-5410

• "ET EXPLOIT VMware Spring Cloud Directory Traversal (CVE-2020-5410)"

CVE-2020-5405

• "ET EXPLOIT VMware Spring Cloud Directory Traversal (CVE-2020-5405)"

CVE-2020-4430

• "ET EXPLOIT IBM Data Risk Manager Arbitrary File Download (CVE-2020-4430)"

CVE-2020-40475

• "ET EXPLOIT Totolink Command Injection Attempt (CVE-2020-40475)"

CVE-2020-4001

• "ET EXPLOIT VMware SD-WAN Orchestrator Authentication Bypass (CVE-2020-4001)"

CVE-2020-4000

• "ET EXPLOIT VMware SD-WAN Orchestrator Path Traversal (CVE-2020-4000)"

CVE-2020-3984

• "ET EXPLOIT VMware SD-WAN Orchestrator SQL Injection (CVE-2020-3984)"

CVE-2020-3956

• "ET EXPLOIT Possible Successful VMware Cloud Director RCE Attempt (CVE-2020-3956)"

• "ET EXPLOIT Possible VMware Cloud Director RCE Attempt (CVE-2020-3956)"

CVE-2020-3657

• "ET EXPLOIT Qualcomm QCMAP Command Injection Attempt Inbound (CVE-2020-3657)"

• "ET EXPLOIT Qualcomm QCMAP Stack-Based Buffer Overflow Attempt Inbound (CVE-2020-3657)"

CVE-2020-36289

• "ET EXPLOIT Atlassian Jira Unauth User Enumeration Attempt (CVE-2020-36289)"

CVE-2020-36197

• "ET EXPLOIT QNAP MusicStation Pre-Auth RCE Inbound (CVE-2020-36197)"

CVE-2020-3580

• "ET EXPLOIT Cisco ASA XSS Attempt (CVE-2020-3580)"

CVE-2020-35729

• "ET WEB_SPECIFIC_APPS Possible KLOG Server RCE Inbound (CVE-2020-35729)"

• "ET WEB_SPECIFIC_APPS KLOG Server RCE Public POC Inbound - Possible Scanning (CVE-2020-35729)"

CVE-2020-35232

• "ET EXPLOIT Possible NSDP (Netgear) Unauthenticated Buffer Overflow (CVE-2020-35232)"

CVE-2020-35231

• "ET EXPLOIT Possible NSDP (Netgear) Remote Authentication Bypass with Factory Reset (CVE-2020-35231)"

CVE-2020-35230

• "ET EXPLOIT Netgear ProSAFE Plus Possible Integer Overflow Attempt Inbound M1 (CVE-2020-35230)"

• "ET EXPLOIT Netgear ProSAFE Plus Possible Integer Overflow Attempt Inbound M2 (CVE-2020-35230)"

CVE-2020-35228

• "ET EXPLOIT Netgear ProSAFE Plus Stored XSS Inbound (CVE-2020-35228)"

CVE-2020-35226

• "ET EXPLOIT Possible NSDP (Netgear) Unauthenticated Write Access to DHCP Config (CVE-2020-35226)"

CVE-2020-35225

• "ET EXPLOIT Possible NSDP (Netgear) Write Command Buffer Overflow Attempt - 0x000a (CVE-2020-35225)"

• "ET EXPLOIT Possible NSDP (Netgear) Write Command Buffer Overflow Attempt - 0x0005 (CVE-2020-35225)"

• "ET EXPLOIT Possible NSDP (Netgear) Write Command Buffer Overflow Attempt - 0x0003 (CVE-2020-35225)"

CVE-2020-3495

• "ET EXPLOIT Possible Cisco Jabber RCE Inbound (CVE-2020-3495)"

CVE-2020-3452

• "ET EXPLOIT Cisco ASA/Firepower Unauthenticated File Read (CVE-2020-3452) M1"

• "ET EXPLOIT Cisco ASA/Firepower Unauthenticated File Read (CVE-2020-3452) M2"

• "ET EXPLOIT Cisco ASA and Firepower Path Traversal Vulnerability M2 (CVE-2020-3452)"

• "ET EXPLOIT Cisco ASA and Firepower Path Traversal Vulnerability M1 (CVE-2020-3452)"

• "ET EXPLOIT Cisco ASA/Firepower Unauthenticated File Read (CVE-2020-3452) M3"

CVE-2020-3161

• "ET EXPLOIT Cisco IP Phones Web Server Vulnerability (CVE-2020-3161)"

CVE-2020-3153

• "ET EXPLOIT Cisco AnyConnect Path Traversal Priv Esc (CVE-2020-3153)"

CVE-2020-29557

• "ET EXPLOIT D-Link DIR-825 R1 Web Interface RCE (CVE-2020-29557)"

CVE-2020-28188

• "ET EXPLOIT Possible TerraMaster TOS RCE Inbound (CVE-2020-28188 CVE-2020-35665)"

• "ET EXPLOIT TerraMaster TOS RCE via OS Command Injection Inbound (CVE-2020-28188)"

CVE-2020-28021

• "ET EXPLOIT Exim New-Line Injection into Spool Header File Inbound - Information Disclosure Attempt (CVE-2020-28021)"

• "ET EXPLOIT Exim New-Line Injection into Spool Header File Inbound M1 (CVE-2020-28021)"

• "ET EXPLOIT Exim New-Line Injection into Spool Header File Inbound M2 (CVE-2020-28021)"

CVE-2020-28020

• "ET EXPLOIT Exim receive_msg Integer Overflow Attempt Inbound M1 (CVE-2020-28020)"

• "ET EXPLOIT Exim receive_msg Integer Overflow Attempt Inbound M2 (CVE-2020-28020)"

CVE-2020-28019

• "ET EXPLOIT Exim Stack Exhaustion via BDAT Error Inbound (CVE-2020-28019)"

CVE-2020-27130

• "ET EXPLOIT Cisco Security Manager Path Traversal - athena (CVE-2020-27130)"

• "ET EXPLOIT Cisco Security Manager Path Traversal - cwhp (CVE-2020-27130)"

CVE-2020-27128

• "ET EXPLOIT Cisco Viptela vManage Directory Traversal (CVE-2020-27128)"

CVE-2020-26919

• "ET EXPLOIT Netgear ProSAFE Plus Unauthenticated RCE Inbound (CVE-2020-26919)"

CVE-2020-26879

• "ET EXPLOIT Ruckus vRIoT Authentication Bypass Attempt Inbound (CVE-2020-26879)"

CVE-2020-26878

• "ET EXPLOIT Ruckus vRIoT Command Injection Attempt Inbound (CVE-2020-26878)"

CVE-2020-26073

• "ET EXPLOIT Cisco SD-WAN vManage Software Directory Traversal (CVE-2020-26073)"

CVE-2020-25858

• "ET EXPLOIT Qualcomm QCMAP NULL Pointer Dereference Attempt Inbound (CVE-2020-25858)"

CVE-2020-2555

• "ET EXPLOIT Oracle Coherence Deserialization RCE (CVE-2020-2555)"

CVE-2020-2551

• "ET POLICY Oracle T3 Response with CVE-2020-2551 Vulnerable Version (12.1.3)"

• "ET EXPLOIT Possible Oracle WebLogic CVE-2020-2551 Scanning"

• "ET POLICY Oracle T3 Response with CVE-2020-2551 Vulnerable Version (12.2.1)"

• "ET POLICY Oracle T3 Response with CVE-2020-2551 Vulnerable Version (10.3.6)"

CVE-2020-24949

• "ET WEB_SPECIFIC_APPS PHP-Fusion Downloads.php Command Injection (CVE-2020-24949)"

CVE-2020-22253

• "ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Auth - Possilbe CVE-2020-22253 Attempt"

• "ET EXPLOIT Xiongmai/HiSilicon DVR - Successful Telnet Opening - Successful CVE-2020-22253 Attempt"

• "ET EXPLOIT Xiongmai/HiSilicon DVR - OpenTelnet Inbound - Possilbe CVE-2020-22253 Attempt"

CVE-2020-2038

• "ET EXPLOIT PAN-OS OS Command Injecton Attempt Inbound (CVE-2020-2038)"

CVE-2020-1947

• "ET EXPLOIT Possible Apache ShardingSphere RCE Attempt (CVE-2020-1947) (PoC Based)"

CVE-2020-1938

• "ET INFO Possible [401TRG] GhostCat LFI Successful Exploit (CVE-2020-1938)"

• "ET EXPLOIT [401TRG] GhostCat LFI Attempt Inbound (CVE-2020-1938)"

• "SERVER-APACHE Apache Tomcat AJP connector arbitrary file access attempt"

CVE-2020-17530

• "ET EXPLOIT Apache Struts RCE Attempt (CVE-2020-17530)"

• "ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Remote Code Execution Inbound (CVE-2020-17530)"

CVE-2020-17519

• "ET WEB_SPECIFIC_APPS Apache Flink Arbitrary File Read Attempt (CVE-2020-17519)"

CVE-2020-17456

• "ET EXPLOIT SEOWON INTECH SLC-130/SLR-120S RCE Inbound M1 (CVE-2020-17456)"

• "ET EXPLOIT SEOWON INTECH SLC-130/SLR-120S RCE Inbound M2 (CVE-2020-17456)"

CVE-2020-17143

• "ET EXPLOIT Possible Microsoft Exchange Server OWA GetWacUrl Information Disclosure Attempt (CVE-2020-17143)"

CVE-2020-17132

• "ET EXPLOIT Microsoft Exchange Server Exploitation Inbound (CVE-2020-17132)"

CVE-2020-16152

• "ET EXPLOIT Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine (LFI) (CVE-2020-16152) M2"

• "ET EXPLOIT Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine (Log Poisoning) (CVE-2020-16152) M1"

CVE-2020-15922

• "ET EXPLOIT Possible Mida eFramework RCE Attempt Inbound (CVE-2020-15922)"

CVE-2020-15906

• "ET EXPLOIT TikiWiki CMS Authentication Bypass (Forced Blank Admin Pass) Attempt Inbound (CVE-2020-15906)"

CVE-2020-15505

• "ET WEB_SPECIFIC_APPS Possible MobileIron MDM RCE Inbound (CVE-2020-15505)"

• "ET EXPLOIT Possible MobileIron RCE Attempt Inbound (CVE-2020-15505)"

CVE-2020-15227

• "ET WEB_SPECIFIC_APPS Nette Command Injection Attempt Inbound (CVE-2020-15227)"

CVE-2020-14882

• "ET WEB_SPECIFIC_APPS Oracle WebLogic RCE Shell Inbound M2 (CVE-2020-14882)"

• "ET WEB_SPECIFIC_APPS Possible Oracle WebLogic RCE Inbound M6 (CVE-2020-14882)"

• "ET WEB_SPECIFIC_APPS Possible Oracle WebLogic RCE Inbound M1 (CVE-2020-14882)"

• "ET WEB_SPECIFIC_APPS Possible Oracle WebLogic RCE Inbound M3 (CVE-2020-14882)"

CVE-2020-14841

• "ET EXPLOIT Oracle WebLogic IIOP JNDI Injection (CVE-2020-14841)"

CVE-2020-1472

• "ET EXPLOIT Possible Zerologon Phase 1/3 - NetrServerReqChallenge with 0x00 Client Challenge (CVE-2020-1472)"

• "ET INFO [401TRG] RPCNetlogon UUID (CVE-2020-1472) (Set)"

• "ET EXPLOIT Zerologon Phase 2/3 - NetrServerAuthenticate2 Request with 0x00 Client Challenge and Sign and Seal Disabled (CVE-2020-1472) M2"

• "ET EXPLOIT Zerologon Phase 2/3 - NetrServerAuthenticate2 Request with 0x00 Client Challenge and Sign and Seal Disabled (CVE-2020-1472) M1"

• "ET EXPLOIT Zerologon Phase 3/3 - Malicious NetrServerPasswordSet2 (CVE-2020-1472)"

• "ET EXPLOIT Possible Zerologon NetrServerAuthenticate with 0x00 Client Credentials (CVE-2020-1472)"

• "ET EXPLOIT Zerologon Phase 2/3 - NetrServerAuthenticate3 Request with 0x00 Client Challenge and Sign and Seal Disabled (CVE-2020-1472) M1"

• "ET EXPLOIT Zerologon Phase 2/3 - NetrServerAuthenticate3 Request with 0x00 Client Challenge and Sign and Seal Disabled (CVE-2020-1472) M2"

• "ET EXPLOIT Zerologon Phase 3/3 - NetrLogonSamLogonWithFlags Request with 0x00 Client Credentials (CVE-2020-1472)"

CVE-2020-14181

• "ET EXPLOIT Possible Jira User Enumeration Attempts (CVE-2020-14181)"

CVE-2020-14092

• "ET EXPLOIT Paypal Pro < 1.1.65 SQLi (CVE-2020-14092)"

CVE-2020-13942

• "ET WEB_SPECIFIC_APPS Possible Apache Unomi OGNL Eval RCE Inbound M2 (CVE-2020-13942)"

• "ET WEB_SPECIFIC_APPS Possible Apache Unomi MVEL Eval RCE Inbound M1 (CVE-2020-13942)"

CVE-2020-13927

• "ET INFO Possible Apache Airflow Experimental API Authentication Bypass Attempt (CVE-2020-13927)"

CVE-2020-13925

• "ET WEB_SPECIFIC_APPS Apache Kylin REST API DiagnosisService Command Injection Inbound (CVE-2020-13925)"

CVE-2020-13921

• "ET WEB_SPECIFIC_APPS Apache SkyWalking GraphQL SQL Injection Inbound (CVE-2020-13921)"

CVE-2020-13782

• "ET EXPLOIT Possible D-Link Command Injection Attempt Inbound (CVE-2020-13782)"

CVE-2020-13699

• "ET EXPLOIT TeamViewer .tvs iFrame Observed (CVE-2020-13699)"

CVE-2020-13693

• "ET EXPLOIT Possible WordPress Plugin BBPress 2.5 - Unauthenticated Priv Esc Attempt (CVE-2020-13693)"

CVE-2020-1350

• "ET EXPLOIT Possible Windows DNS Integer Overflow Attempt M2 (CVE-2020-1350)"

• "ET EXPLOIT Possible Windows DNS Integer Overflow Attempt M1 (CVE-2020-1350)"

CVE-2020-13448

• "ET EXPLOIT Authenticated QuickBox CE 2.5.5/Pro 2.1.8 RCE Attempt Inbound M1 (CVE-2020-13448)"

• "ET EXPLOIT Authenticated QuickBox CE 2.5.5/Pro 2.1.8 RCE Attempt Inbound M2 (CVE-2020-13448)"

CVE-2020-13160

• "ET EXPLOIT AnyDesk UDP Discovery Format String (CVE-2020-13160)"

CVE-2020-1300

• "ET EXPLOIT Potentially Malicious .cab Inbound (CVE-2020-1300)"

CVE-2020-12695

• "ET DOS CallStranger - Attempted UPnP Reflected Amplified TCP with Multiple Callbacks (CVE-2020-12695)"

• "ET SCAN UPnP SUBSCRIBE Inbound - Possible CallStranger Scan (CVE-2020-12695)"

CVE-2020-12688

• "ET EXPLOIT Centreon 20.04 Authenticated RCE (CVE-2020-12688)"

CVE-2020-12146

• "ET EXPLOIT Silver Peak Unity Orchestrator Exploitation Inbound (CVE-2020-12146)"

CVE-2020-12133

• "ET EXPLOIT Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution (CVE-2020-12133)"

CVE-2020-11991

• "ET EXPLOIT Apache Cocoon <= 2.1.x LFI (CVE-2020-11991)"

CVE-2020-11978

• "ET EXPLOIT Possible Apache Airflow DAG Example RCE Attempt - Create DAG (CVE-2020-11978)"

• "ET EXPLOIT Possible Apache Airflow DAG Example RCE Attempt - Unpause (CVE-2020-11978)"

CVE-2020-11651

• "ET EXPLOIT Possible Saltstack Authentication Bypass CVE-2020-11651 M1"

• "ET EXPLOIT Possible SaltStack Authentication Bypass CVE-2020-11651 M2"

CVE-2020-1147

• "ET EXPLOIT .NET Framework Remote Code Execution Injection (CVE-2020-1147)"

CVE-2020-10987

• "ET EXPLOIT Tenda OS Command Injection (CVE-2020-10987) (GET)"

• "ET EXPLOIT Possible Tenda OS Command Injection (CVE-2020-10987) (POST)"

CVE-2020-10546

• "ET EXPLOIT rConfig < 3.9.7 SQLi (CVE-2020-10546)"

CVE-2020-10204

• "ET EXPLOIT Nexus Repository Manager EL Injection to RCE Inbound (CVE-2020-10204)"

CVE-2020-10189

• "ET EXPLOIT Zoho ManageEngine Desktop Central RCE Inbound (CVE-2020-10189)"

CVE-2020-10173

• "ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173)"

CVE-2020-10148

• "ET EXPLOIT Possible SolarWinds Orion API Local File Disclosure (web.config) (CVE-2020-10148)"

• "ET EXPLOIT Possible SolarWinds Orion API Local File Disclosure (SWNetPerfMon.db) (CVE-2020-10148)"

CVE-2020-0688

• "ET WEB_SPECIFIC_APPS Possible Attempted Microsoft Exchange RCE (CVE-2020-0688)"

CVE-2020-0646

• "ET EXPLOIT .NET Framework Remote Code Execution Injection (CVE-2020-0646)"

CVE-2020-0618

• "ET EXPLOIT Possible Microsoft SQL RCE Attempt (CVE-2020-0618)"

CVE-2019-9978

• "ET WEB_CLIENT Attempted RCE in Wordpress Social Warfare Plugin Inbound (CVE-2019-9978)"

CVE-2019-9670

• "ET EXPLOIT Possible Zimbra Autodiscover Servlet XXE (CVE-2019-9670)"

CVE-2019-9621

• "ET EXPLOIT Zimbra <8.8.11 - XML External Entity Injection/SSRF Attempt (CVE-2019-9621)"

CVE-2019-7609

• "ET WEB_SPECIFIC_APPS Kibana Prototype Pollution RCE Inbound (CVE-2019-7609)"

CVE-2019-7481

• "ET EXPLOIT [ConnectWise CRU] Potential Sonicwall SRA SQLi (CVE-2019-7481)"

CVE-2019-7405

• "ET EXPLOIT TP-LINK Archer C5 v4 (CVE-2019-7405)"

CVE-2019-7256

• "ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection Inbound (CVE-2019-7256)"

• "ET EXPLOIT eMerge E3 Command Injection Inbound (CVE-2019-7256)"

• "ET EXPLOIT Linear eMerge E3 Unauthenticated Command Injection Outbound (CVE-2019-7256)"

CVE-2019-7195

• "ET EXPLOIT QNAP Photo Station Path Traversal Attempt Inbound (CVE-2019-7195)"

CVE-2019-6277

• "ET EXPLOIT NETGEAR R7000/R6400 - Command Injection Outbound (CVE-2019-6277)"

• "ET EXPLOIT NETGEAR R7000/R6400 - Command Injection Inbound (CVE-2019-6277)"

CVE-2019-5533

• "ET EXPLOIT VMware VeloCloud Authorization Bypass (CVE-2019-5533)"

CVE-2019-3929

• "ET EXPLOIT Attempted Remote Command Injection Outbound (CVE-2019-3929)"

• "ET EXPLOIT Attempted Remote Command Injection Inbound (CVE-2019-3929)"

CVE-2019-3398

• "ET EXPLOIT Confluence Server Path Traversal Vulnerability (CVE-2019-3398)"

CVE-2019-3396

• "ET WEB_CLIENT Possible Confluence SSTI Exploitation Attempt - Leads to RCE/LFI (CVE-2019-3396)"

CVE-2019-19824

• "ET EXPLOIT TOTOLINK Realtek SDK RCE (CVE-2019-19824)"

CVE-2019-19781

• "ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) M2"

• "ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781) M4"

• "ET EXPLOIT Citrix Application Delivery Controller Arbitrary Code Execution Attempt Scanner Attempt - Server Response (CVE-2019-19781)"

• "ET EXPLOIT Citrix Application Delivery Controller Arbitrary Code Execution Attempt Scanner Attempt (CVE-2019-19781)"

• "ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE-2019-19781)"

• "ET EXPLOIT Citrix App Delivery Controller and Citrix Gateway M1 (CVE-2019-19781)"

CVE-2019-19509

• "ET WEB_SPECIFIC_APPS rConfig ajaxArchiveFiles.php Command Injection Inbound (CVE-2019-19509)"

CVE-2019-19356

• "ET EXPLOIT Netis WF2419 2.2.36123 - Remote Code Execution CVE-2019-19356"

CVE-2019-18935

• "ET EXPLOIT Possible Telerik UI CVE-2019-18935 File Upload Attempt M1"

• "ET EXPLOIT Possible Telerik UI CVE-2019-18935 File Upload Attempt M2"

CVE-2019-18610

• "ET EXPLOIT Sangoma Asterisk Originate AMI RCE (CVE-2019-18610) (PoC Based)"

CVE-2019-1821

• "ET WEB_SPECIFIC_APPS Cisco Prime Infrastruture RCE - CVE-2019-1821"

CVE-2019-17558

• "ET EXPLOIT Apache Solr RCE via Velocity Template M1 (CVE-2019-17558)"

• "ET EXPLOIT Apache Solr RCE via Velocity Template M2 (CVE-2019-17558)"

CVE-2019-17418

• "ET EXPLOIT MetInfo 7.0 SQL Injection (CVE-2019-17418)"

CVE-2019-17270

• "ET EXPLOIT Yachtcontrol Webservers RCE CVE-2019-17270 (Inbound)"

• "ET EXPLOIT Yachtcontrol Webservers RCE CVE-2019-17270 (Outbound)"

CVE-2019-16997

• "ET EXPLOIT MetInfo 7.0 SQL Injection (CVE-2019-16997)"

CVE-2019-16928

• "ET EXPLOIT Possible EXIM DoS (CVE-2019-16928)"

CVE-2019-16920

• "ET EXPLOIT Multiple DLink Routers Remote Code Execution CVE-2019-16920"

CVE-2019-16759

• "ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M3"

• "ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M2"

• "ET WEB_SPECIFIC_APPS vBulletin RCE Inbound (CVE-2019-16759 Bypass)"

• "ET EXPLOIT vBulletin 5.x Unauthenticated Remote Code Execution (CVE-2019-16759) M1"

CVE-2019-16724

• "ET EXPLOIT File Sharing Wizard 1.5.0 - SEH Overflow Inbound (CVE-2019-16724)"

CVE-2019-16663

• "ET WEB_SPECIFIC_APPS rConfig search.crud.php Command Injection (CVE-2019-16663)"

CVE-2019-16662

• "ET EXPLOIT Possible rConfig 3.9.2 Remote Code Execution PoC M1 (CVE-2019-16662)"

CVE-2019-1653

• "ET EXPLOIT Cisco RV320/RV325 RCE (CVE-2019-1653)"

• "ET EXPLOIT Successful Cisco RV320/RV325 Config Disclosure (CVE-2019-1653)"

• "ET EXPLOIT Cisco RV320/RV325 Config Disclosure Attempt Inbound (CVE-2019-1653)"

• "ET EXPLOIT Cisco RV320/RV325 Debug Dump Disclosure Attempt Inbound (CVE-2019-1653)"

• "ET EXPLOIT Successful Cisco RV320/RV325 Debug Dump Disclosure (CVE-2019-1653)"

CVE-2019-1652

• "ET EXPLOIT Cisco RV320/RV325 Command Injection Attempt Inbound (CVE-2019-1652)"

• "ET EXPLOIT Possible Cisco RV320 RCE Attempt (CVE-2019-1652)"

CVE-2019-1622

• "ET EXPLOIT Possible Cisco Data Center Network Manager - Log Retrieval (CVE-2019-1622)"

CVE-2019-1620

• "ET EXPLOIT Possible Cisco Data Center Network Manager - Unauthenticated File Upload (CVE-2019-1620)"

• "ET EXPLOIT Possible Cisco Data Center Network Manager - Authenticated File Upload (CVE-2019-1620)"

CVE-2019-16072

• "ET EXPLOIT Enigma Network Management Systems v65.0.0 CVE-2019-16072 (Inbound)"

• "ET EXPLOIT Enigma Network Management Systems v65.0.0 CVE-2019-16072 (Outbound)"

CVE-2019-16057

• "ET EXPLOIT DLink DNS 320 Remote Code Execution (CVE-2019-16057)"

CVE-2019-15984

• "ET EXPLOIT Cisco Data Center Network Manager SQL Injection Inbound (CVE-2019-15984)"

CVE-2019-15980

• "ET EXPLOIT Cisco Data Center Network Manager Directory Traversal Inbound (CVE-2019-15980)"

CVE-2019-15976

• "ET EXPLOIT Cisco Data Center Network Manager Authentication Bypass Inbound (CVE-2019-15976)"

CVE-2019-15949

• "ET EXPLOIT Nagios XI <= 5.6.5 Privesc (CVE-2019-15949)"

CVE-2019-15846

• "ET EXPLOIT Possible EXIM RCE Inbound (CVE-2019-15846)"

CVE-2019-1579

• "ET EXPLOIT Possible Palo Alto SSL VPN sslmgr Format String Vulnerability (Inbound) (CVE-2019-1579)"

CVE-2019-15107

• "ET WEB_SERVER Webmin RCE CVE-2019-15107"

CVE-2019-14931

• "ET EXPLOIT Mitsubishi Electric smartRTU RCE Outbound (CVE-2019-14931)"

• "ET EXPLOIT Mitsubishi Electric smartRTU RCE Inbound (CVE-2019-14931)"

CVE-2019-13505

• "ET WEB_SPECIFIC_APPS Appointment Hour Booking - WordPress Plugin - Stored XSS (CVE-2019-13505)"

CVE-2019-13450

• "ET EXPLOIT Possible Zoom Client Auto-Join (CVE-2019-13450)"

CVE-2019-12780

• "ET EXPLOIT Belkin Wemo Enabled Crock-Pot Unauthenticated Command Injection Outbound (CVE-2019-12780)"

• "ET EXPLOIT Belkin Wemo Enabled Crock-Pot Unauthenticated Command Injection Inbound (CVE-2019-12780)"

CVE-2019-12725

• "ET EXPLOIT [401TRG] ZeroShell RCE Inbound (CVE-2019-12725)"

CVE-2019-12643

• "ET EXPLOIT Cisco REST API Container for Cisco IOS XE Software Authentication Bypass - Successful Exploit (CVE-2019-12643)"

• "ET EXPLOIT Possible Cisco REST API Container for Cisco IOS XE Software Authentication Bypass Attempt (CVE-2019-12643)"

CVE-2019-118396

• "ET EXPLOIT Technicolor TD5130v2/TD5336 Router RCE CVE-2019-118396/CVE-2017-14127 (Outbound)"

• "ET EXPLOIT Technicolor TD5130v2/TD5336 Router RCE CVE-2019-118396/CVE-2017-14127 (Inbound)"

CVE-2019-11581

• "ET WEB_SPECIFIC_APPS Atlassian JIRA Template Injection RCE (CVE-2019-11581)"

CVE-2019-11580

• "ET WEB_SPECIFIC_APPS Atlassian Crowd Plugin Upload Attempt (CVE-2019-11580)"

CVE-2019-11539

• "ET EXPLOIT Pulse Secure Post-Auth OS Command Injection (CVE-2019-11539)"

CVE-2019-11510

• "ET EXPLOIT Pulse Secure SSL VPN - Arbitrary File Read (CVE-2019-11510)"

CVE-2019-11043

• "ET WEB_SERVER Possible PHP Remote Code Execution CVE-2019-11043 PoC (Inbound)"

CVE-2019-10758

• "ET EXPLOIT Mongo-Express RCE Inbound (CVE-2019-10758)"

CVE-2019-10149

• "ET EXPLOIT Possible Exim 4.87-4.91 RCE Attempt Inbound (CVE-2019-10149)"

CVE-2019-1003001

• "ET EXPLOIT Jenkins Plugin Script RCE Exploit Attempt (CVE-2019-1003001)"

CVE-2019-1003000

• "ET WEB_SPECIFIC_APPS Jenkins RCE CVE-2019-1003000"

CVE-2019-0752

• "ET EXPLOIT IE Scripting Engine Memory Corruption Vulnerability M2 (CVE-2019-0752)"

• "ET EXPLOIT IE Scripting Engine Memory Corruption Vulnerability M1 (CVE-2019-0752)"

CVE-2019-0708

• "ET EXPLOIT [NCC GROUP] Possible Bluekeep Inbound RDP Exploitation Attempt (CVE-2019-0708)"

CVE-2019-0604

• "ET WEB_SPECIFIC_APPS Possible SharePoint RCE Attempt (CVE-2019-0604)"

CVE-2019-0568

• "ET EXPLOIT Microsoft Edge Chakra - InjectJsBuiltInLibraryCode Use-After-Free Inbound (CVE-2019-0568)"

CVE-2019-0567

• "ET EXPLOIT Microsoft Edge Chakra - NewScObjectNoCtor InitProtoType Confusion Inbound (CVE-2019-0567)"

CVE-2019-0193

• "ET EXPLOIT Solr DataImport Handler RCE (CVE-2019-0193)"

CVE-2018-9995

• "ET EXPLOIT HiSilicon DVR - Application Credential Disclosure (CVE-2018-9995)"

CVE-2018-9866

• "ET EXPLOIT SonicWall Global Management System - XMLRPC set_time_zone Command Injection (CVE-2018-9866)"

CVE-2018-9206

• "ET WEB_SERVER jQuery File Upload Attempt"

CVE-2018-8738

• "ET WEB_SPECIFIC_APPS Airties AIR5444TT - Cross-Site Scripting"

CVE-2018-8734

• "SERVER-WEBAPP Nagios XI command injection attempt"

• "SERVER-WEBAPP NagiosXI SQL injection attempt"

• "SERVER-WEBAPP Nagios XI command injection attempt"

• "SERVER-WEBAPP Nagios XI SQL injection attempt"

• "SERVER-WEBAPP Nagios XI database settings modification attempt"

• "SERVER-WEBAPP Nagios XI command injection attempt"

• "SERVER-WEBAPP Nagios XI command injection attempt"

CVE-2018-8617

• "ET EXPLOIT Microsoft Edge Chakra - InlineArrayPush Type Confusion Inbound M2 (CVE-2018-8617)"

• "ET EXPLOIT Microsoft Edge Chakra - InlineArrayPush Type Confusion Inbound M1 (CVE-2018-8617)"

CVE-2018-8495

• "ET WEB_CLIENT Possible Microsoft Edge Remote Command Execution PoC (CVE-2018-8495)"

CVE-2018-8460

• "ET WEB_CLIENT IE Double Free (CVE-2018-8460)"

CVE-2018-8373

• "ET WEB_CLIENT VBscript UAF (CVE-2018-8373)"

CVE-2018-8174

• "ET EXPLOIT CVE-2018-8174 Common Construct B64 M2"

• "ET EXPLOIT CVE-2018-8174 Common Construct B64 M1"

• "ET EXPLOIT CVE-2018-8174 Common Construct B64 M3"

CVE-2018-7841

• "ET EXPLOIT Attempted Remote Command Injection Inbound (CVE-2018-7841)"

• "ET EXPLOIT Attempted Remote Command Injection Outbound (CVE-2018-7841)"

CVE-2018-7602

• "ET WEB_SPECIFIC_APPS Drupal RCE (CVE-2018-7602)"

CVE-2018-7600

• "ET WEB_SPECIFIC_APPS [PT OPEN] Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE Through Registration Form (CVE-2018-7600)"

• "ET WEB_SPECIFIC_APPS Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE Through Registration Form (CVE-2018-7600)"

• "ET WEB_SPECIFIC_APPS [eSentire] Drupalgeddon2 <8.3.9 <8.4.6 <8.5.1 RCE Through Registration Form (CVE-2018-7600)"

CVE-2018-7520

• "ET EXPLOIT Geutebruck Remote Command Execution"

CVE-2018-7445

• "NETBIOS MikroTik RouterOS buffer overflow attempt"

CVE-2018-7171

• "SERVER-WEBAPP TwonkyMedia server directory listing attempt"

CVE-2018-6961

• "ET EXPLOIT VMware NSX SD-WAN Command Injection 2"

• "ET EXPLOIT VMware NSX SD-WAN Command Injection"

CVE-2018-6892

• "ET EXPLOIT CloudMe Sync Buffer Overflow"

• "ET EXPLOIT Possible CloudMe Sync Stack-based Buffer Overflow Inbound (CVE-2018-6892)"

CVE-2018-6789

• "ET EXPLOIT [PT Security] Exim <4.90.1 Base64 Overflow RCE (CVE-2018-6789)"

CVE-2018-5430

• "ET EXPLOIT TIBCO JasperReports Authenticated Arbitrary File Read Attempt (CVE-2018-5430)"

CVE-2018-4987

• "ET WEB_CLIENT PDF With Embedded U3D"

CVE-2018-4961

• "ET WEB_CLIENT Possible Javascript obfuscation using app.setTimeOut in PDF in Order to Run Code"

CVE-2018-4878

• "ET TROJAN [Flashpoint] Possible CVE-2018-4878 Check-in"

CVE-2018-4407

• "ET EXPLOIT Possible CVE-2018-4407 - Apple ICMP DoS PoC"

CVE-2018-3813

• "SERVER-WEBAPP FLIR Breakstream 2300 unauthenticated information disclosure attempt"

CVE-2018-3811

• "ET EXPLOIT Smart Google Code Inserter < 3.5 SQLi (CVE-2018-3811)"

CVE-2018-3810

• "ET EXPLOIT Smart Google Code Inserter < 3.5 Auth Bypass (CVE-2018-3810)"

CVE-2018-2894

• "ET EXPLOIT Oracle WebLogic Unrestricted File Upload (CVE-2018-2894)"

CVE-2018-2893

• "ET WEB_SPECIFIC_APPS Oracle WebLogic Deserialization (CVE-2018-2893)"

CVE-2018-2628

• "ET EXPLOIT Oracle Weblogic Server Deserialization Remote Command Execution"

CVE-2018-2380

• "ET EXPLOIT SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution"

CVE-2018-20377

• "ET EXPLOIT Observed Orange LiveBox Router Information Leakage Attempt (CVE-2018-20377)"

CVE-2018-20250

• "ET EXPLOIT WinRAR WinAce Containing CVE-2018-20250 Inbound - Path Traversal leading to RCE"

CVE-2018-20062

• "ET EXPLOIT Attempted ThinkPHP < 5.2.x RCE Inbound (CVE-2018-20062)"

• "ET EXPLOIT Attempted ThinkPHP < 5.2.x RCE Outbound (CVE-2018-20062)"

CVE-2018-19276

• "ET EXPLOIT OpenMRS Deserialization Vulnerability CVE-2018-19276 M2"

• "ET EXPLOIT OpenMRS Deserialization Vulnerability CVE-2018-19276"

CVE-2018-18809

• "ET EXPLOIT TIBCO JasperReports Directory Traversal Attempt (CVE-2018-18809)"

CVE-2018-17254

• "ET EXPLOIT JCK Editor 6.4.4 SQLi Attempt (CVE-2018-17254)"

CVE-2018-17246

• "ET WEB_SPECIFIC_APPS Kibana Path Traversal Inbound (CVE-2018-17246)"

• "ET WEB_SPECIFIC_APPS Kibana Attempted LFI Exploitation (CVE-2018-17246)"

CVE-2018-17173

• "ET EXPLOIT LG SuperSign EZ CMS 2.5 Remote Code Execution CVE-2018-17173"

• "ET EXPLOIT Possible LG SuperSign EZ CMS 2.5 RCE (CVE-2018-17173)"

CVE-2018-16858

• "ET EXPLOIT LibreOffice pydoc RCE Inbound (CVE-2018-16858)"

CVE-2018-16763

• "ET EXPLOIT Fuel CMS 1.4.1 RCE (CVE-2018-16763)"

CVE-2018-16130

• "ET EXPLOIT Mi TV Integration Remote Code Execution CVE-2018-16130"

CVE-2018-15982

• "ET EXPLOIT Possible Inbound Flash Exploit (CVE-2018-15982)"

CVE-2018-15961

• "ET WEB_CLIENT [Volex] Possible ColdFusion Unauthenticated Upload Attempt (CVE-2018-15961)"

CVE-2018-15957

• "ET EXPLOIT Adobe ColdFusion 11 - LDAP Java Object Deserialization RCE (POST) CVE-2018-15957"

• "ET EXPLOIT Adobe ColdFusion 11 - LDAP Java Object Deserialization RCE (GET) CVE-2018-15957"

CVE-2018-15811

• "ET EXPLOIT DotNetNuke 9.2-9.2.2 Cookie Deserialization Exploit (CVE-2018-15811)"

CVE-2018-15716

• "ET EXPLOIT Nuuo NVR RCE Attempt (CVE-2018-15716)"

CVE-2018-14847

• "ET EXPLOIT Mikrotik Winbox RCE Attempt (CVE-2018-14847)"

CVE-2018-13383

• "ET EXPLOIT FortiOS SSL VPN - Remote Code Execution (CVE-2018-13383)"

CVE-2018-13382

• "ET EXPLOIT FortiOS SSL VPN - Improper Authorization Vulnerability (CVE-2018-13382)"

CVE-2018-13381

• "ET EXPLOIT FortiOS SSL VPN - Pre-Auth Messages Payload Buffer Overflow (CVE-2018-13381)"

CVE-2018-13379

• "ET EXPLOIT Fortinet FortiOS/FortiProxy SSL VPN Web Portal Path Traversal (CVE-2018-13379)"

• "ET EXPLOIT FortiOS SSL VPN - Information Disclosure (CVE-2018-13379)"

CVE-2018-13023

• "ET EXPLOIT Mi Router 3 Remote Code Execution CVE-2018-13023"

CVE-2018-12589

• "ET WEB_CLIENT PolarisOffice Insecure Library Loading"

CVE-2018-12463

• "ET WEB_SPECIFIC_APPS Fortify Software Security Center XML External Entity Injection 2"

• "ET WEB_SPECIFIC_APPS Fortify Software Security Center XML External Entity Injection 1"

• "ET WEB_SPECIFIC_APPS Fortify Software Security Center XML External Entity Injection 3"

• "ET WEB_SPECIFIC_APPS Fortify Software Security Center XML External Entity Injection 4"

CVE-2018-11776

• "ET EXPLOIT Apache Struts getWriter and opensymphony inbound OGNL injection remote code execution attempt"

• "ET EXPLOIT Apache Struts memberAccess and opensymphony inbound OGNL injection remote code execution attempt"

• "ET EXPLOIT Apache Struts RCE CVE-2018-11776 POC M2"

• "ET WEB_SPECIFIC_APPS Apache Struts ognl inbound OGNL injection remote code execution attempt"

• "ET WEB_SPECIFIC_APPS Apache Struts inbound .getClass OGNL injection remote code execution attempt"

• "ET EXPLOIT Apache Struts memberAccess and getWriter inbound OGNL injection remote code execution attempt"

• "ET WEB_SPECIFIC_APPS Apache Struts memberAccess inbound OGNL injection remote code execution attempt"

• "ET WEB_SPECIFIC_APPS Apache Struts inbound .getWriter OGNL injection remote code execution attempt"

• "ET WEB_SPECIFIC_APPS Apache Struts java.lang inbound OGNL injection remote code execution attempt"

• "ET EXPLOIT Apache Struts RCE CVE-2018-11776 POC M1"

CVE-2018-1146

• "SERVER-WEBAPP Belkin N750 F9K1103 wireless router remote telnet enable attempt"

• "SERVER-WEBAPP Belkin N750 F9K1103 wireless router remote telnet enable attempt"

CVE-2018-1144

• "SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt"

• "SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt"

• "SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt"

• "SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt"

CVE-2018-1143

• "SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt"

• "SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt"

• "SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt"

• "SERVER-WEBAPP Belkin N750 F9K1103 wireless router command injection attempt"

CVE-2018-1111

• "ET EXPLOIT DynoRoot DHCP - Client Command Injection"

CVE-2018-10933

• "ET POLICY Potentially Vulnerable LibSSH Server Observed - Possible Authentication Bypass (CVE-2018-10933)"

CVE-2018-10823

• "ET EXPLOIT D-Link DWR Command Injection Inbound (CVE-2018-10823)"

CVE-2018-10561

• "ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561)"

CVE-2018-10173

• "SERVER-WEBAPP Digital Guardian Management Console arbitrary file upload attempt"

• "SERVER-WEBAPP Digital Guardian Management Console arbitrary file upload attempt"

CVE-2018-1000861

• "ET WEB_SPECIFIC_APPS Jenkins Chained Exploits CVE-2018-1000861 and CVE-2019-1003000 M2"

• "ET WEB_SPECIFIC_APPS Jenkins Chained Exploits CVE-2018-1000861 and CVE-2019-1003000 M1"

CVE-2018-1000207

• "ET WEB_SPECIFIC_APPS Modx Revolution RCE (CVE-2018-1000207)"

CVE-2018-1000049

• "ET EXPLOIT Nanopool Claymore Dual Miner Remote Code Execution Linux"

• "ET EXPLOIT Nanopool Claymore Dual Miner Remote Code Execution Windows"

CVE-2018-0833

• "ET EXPLOIT SMB Null Pointer Dereference PoC Inbound (CVE-2018-0833)"

CVE-2018-0296

• "ET EXPLOIT Cisco Adaptive Security Appliance - Path Traversal"

CVE-2018-0171

• "ET EXPLOIT Possible CVE-2018-0171 Exploit (PoC based)"

CVE-2017-9822

• "ET WEB_SPECIFIC_APPS DNN DNNPersonalization Cookie RCE Attempt (CVE-2017-9822)"

CVE-2017-9798

• "ET WEB_SERVER OptionsBleed (CVE-2017-9798)"

CVE-2017-9791

• "ET WEB_SPECIFIC_APPS OGNL Expression Injection (CVE-2017-9791)"

CVE-2017-9324

• "ET WEB_SPECIFIC_APPS OTRS Installation Dialog (after auth) attempt"

CVE-2017-9097

• "SERVER-WEBAPP Anti-Web directory traversal attempt"

• "SERVER-WEBAPP Anti-Web directory traversal attempt"

• "SERVER-WEBAPP Anti-Web directory traversal attempt"

CVE-2017-8917

• "ET WEB_SPECIFIC_APPS Joomla 3.7.0 - Sql Injection (CVE-2017-8917)"

CVE-2017-8759

• "ET CURRENT_EVENTS Possible CVE-2017-8759 Soap File DL Over FTP"

• "ET CURRENT_EVENTS Possible CVE-2017-8759 Soap File DL"

CVE-2017-8514

• "ET EXPLOIT Possible SharePoint XSS (CVE-2017-8514) Inbound"

CVE-2017-7924

• "ET EXPLOIT Possible MicroLogix 1100 PCCC DoS Condition (CVE-2017-7924)"

CVE-2017-7577

• "ET EXPLOIT Xiongmai/HiSilicon DVR - Request for Product Details Possible CVE-2017-7577 Exploit Attempt"

• "ET EXPLOIT Xiongmai/HiSilicon DVR - Request for User Details - Possible CVE-2017-7577 Exploit Attempt"

CVE-2017-7504

• "ET EXPLOIT JBOSS Deserialization Attempt Inbound (CVE-2017-7504)"

CVE-2017-7494

• "ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (NT Create AndX .so) (CVE-2017-7494)"

• "ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (.so file write to share) (CVE-2017-7494)"

• "ET EXPLOIT Samba Arbitrary Module Loading Vulnerability M2 (NT Create AndX .so) (CVE-2017-7494)"

CVE-2017-7398

• "ET EXPLOIT D-LINK DIR-615 Cross-Site Request Forgery (CVE-2017-7398)"

CVE-2017-7285

• "OS-LINUX Linux Kernel Challenge ACK provocation attempt"

CVE-2017-7269

• "ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269)"

CVE-2017-7089

• "ET WEB_CLIENT Apple Safari UXSS (CVE-2017-7089)"

CVE-2017-6884

• "ET EXPLOIT Zyxel Command Injection RCE (CVE-2017-6884)"

CVE-2017-6862

• "ET EXPLOIT NetGear WNR2000v5 Buffer Overflow Attempt Inbound (CVE-2017-6862)"

CVE-2017-6334

• "ET EXPLOIT Possible Netgear DGN2200 RCE (CVE-2017-6334)"

• "SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt"

• "SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt"

• "SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt"

• "SERVER-WEBAPP Netgear DGN2200 dnslookup.cgi command injection attempt"

CVE-2017-6316

• "ET EXPLOIT Citrix NetScaler SD-WAN 9.1.2.26.561201 Devices CVE-2017-6316 (Inbound)"

• "ET EXPLOIT Citrix NetScaler SD-WAN 9.1.2.26.561201 Devices CVE-2017-6316 (Outbound)"

CVE-2017-6079

• "ET EXPLOIT Possible Edgewater Networks Edgemarc Blind Command Injection Attempt (CVE-2017-6079)"

CVE-2017-6077

• "ET EXPLOIT Possible Netgear DGN2200 RCE (CVE-2017-6077)"

CVE-2017-5754

• "ET EXPLOIT Possible MeltDown PoC Download In Progress"

CVE-2017-5715

• "ET EXPLOIT Possible Spectre PoC Download In Progress"

CVE-2017-5689

• "ET EXPLOIT Intel AMT Login Attempt Detected (CVE 2017-5689)"

CVE-2017-5638

• "ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Disposition) M1"

• "ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3"

• "ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M2"

• "ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638)"

CVE-2017-5521

• "ET EXPLOIT Netgear passwordrecovered.cgi attempt"

CVE-2017-5124

• "ET WEB_CLIENT Google Chrome XSS (CVE-2017-5124)"

CVE-2017-3881

• "ET EXPLOIT Cisco Catalyst Remote Code Execution (CVE-2017-3881)"

CVE-2017-3506

• "ET WEB_SPECIFIC_APPS Possible Weblogic RCE Inbound (CVE-2017-3506)"

CVE-2017-3066

• "ET EXPLOIT Adobe Coldfusion BlazeDS Java Object Deserialization Remote Code Execution"

CVE-2017-2962

• "ET INFO PDF Containing Subform with JavaScript"

CVE-2017-2741

• "ET EXPLOIT HP Printer Attempted Path Traversal via PJL"

CVE-2017-2361

• "ET WEB_CLIENT Possible MacOSX HelpViewer 10.12.1 XSS Arbitrary File Execution and Arbitrary File Read (CVE-2017-2361)"

CVE-2017-18368

• "ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE (CVE-2017-18368)"

CVE-2017-18362

• "ET EXPLOIT Kaseya VSA ManagedITSync SQL Injection (CVE-2017-18362)"

CVE-2017-17974

• "SERVER-WEBAPP BA Systems BAS Web information disclosure attempt"

• "SERVER-WEBAPP BA Systems BAS Web information disclosure attempt"

CVE-2017-16602

• "ET EXPLOIT NetGain Systems Enterprise Manager CVE-2017-16602 (Outbound)"

• "ET EXPLOIT NetGain Systems Enterprise Manager CVE-2017-16602 (Inbound)"

CVE-2017-16393

• "ET WEB_CLIENT Adobe Acrobat PDF Reader use after free JavaScript engine (CVE-2017-16393)"

CVE-2017-12754

• "SERVER-WEBAPP Asus RT-AC88U deleteOfflineClients memory corruption attempt"

CVE-2017-12636

• "ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 2"

• "ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 4"

• "ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12636)"

• "ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 3"

CVE-2017-12635

• "ET EXPLOIT Apache CouchDB JSON Remote Privesc Attempt (CVE-2017-12635)"

• "ET WEB_SPECIFIC_APPS Apache CouchDB Remote Code Execution 1"

CVE-2017-12629

• "ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP GET 2)"

• "ET EXPLOIT Possible CVE-2017-12629 XXE Exploit Attempt (URI)"

• "ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP POST)"

• "ET EXPLOIT Possible CVE-2017-12629 RCE Exploit Attempt (HTTP GET 1)"

CVE-2017-12617

• "ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt"

• "ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt"

• "ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt"

• "ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt"

• "ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt"

• "ET WEB_SPECIFIC_APPS Apache Tomcat Possible CVE-2017-12617 JSP Upload Bypass Attempt"

CVE-2017-12615

• "ET EXPLOIT Tomcat File Upload Payload Request (CVE-2017-12615)"

CVE-2017-12611

• "ET EXPLOIT Likely Struts S2-053-CVE-2017-12611 Exploit Attempt M1"

• "ET EXPLOIT Likely Struts S2-053-CVE-2017-12611 Exploit Attempt M2"

CVE-2017-12149

• "ET EXPLOIT Jboss RCE (CVE-2017-12149)"

CVE-2017-11873

• "ET WEB_CLIENT Type Confusion Microsoft Edge (CVE-2017-11873)"

CVE-2017-10271

• "ET CURRENT_EVENTS CoinMiner Malicious Authline Seen After CVE-2017-10271 Exploit"

CVE-2017-1000470

• "SERVER-WEBAPP HTTP request with negative Content-Length attempt"

CVE-2017-1000395

• "ET WEB_SPECIFIC_APPS Jenkins Information Disclosure CVE-2017-1000395"

CVE-2017-1000353

• "ET WEB_SPECIFIC_APPS Possible Jenkins CLI RCE (CVE-2017-1000353)"

CVE-2017-0199

• "ET CURRENT_EVENTS Suspicious FTP RETR to .hta file possible exploit (CVE-2017-0199)"

• "ET TROJAN HTTP Andromeda File Request"

• "ET WEB_CLIENT HTA File containing Wscript.Shell Call - Potential CVE-2017-0199"

• "ET WEB_CLIENT Office Discovery HTA file Likely CVE-2017-0199 Request M2"

• "ET CURRENT_EVENTS SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl"

• "ET EXPLOIT Possible CVE-2017-0199 HTA Inbound M2"

• "ET CURRENT_EVENTS CVE-2017-0199 Common Obfus Stage 2 DL"

• "ET EXPLOIT Possible CVE-2017-0199 HTA Inbound"

• "ET WEB_CLIENT Office Requesting .HTA File Likely CVE-2017-0199 Request"

• "ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)"

CVE-2017-0016

• "ET DOS SMB Tree_Connect Stack Overflow Attempt (CVE-2017-0016)"

• "SERVER-SAMBA Microsoft Windows SMBv2/SMBv3 Buffer Overflow attempt"

CVE-2017-0004

• "ET DOS Microsoft Windows LSASS Remote Memory Corruption (CVE-2017-0004)"

CVE-2016-8523

• "ET EXPLOIT HP Smart Storage Administrator Remote Command Injection"

CVE-2016-7200

• "ET EXPLOIT Possible Microsoft Edge Chakra.dll Type Confusion (CVE-2016-7200 CVE-2016-7201) Observed in SunDown EK 3"

• "ET EXPLOIT Possible Microsoft Edge Chakra.dll Type Confusion (CVE-2016-7200 CVE-2016-7201) B641"

• "ET EXPLOIT Possible Microsoft Edge Chakra.dll Type Confusion (CVE-2016-7200 CVE-2016-7201) Observed in SunDown EK 1"

• "ET EXPLOIT Possible Microsoft Edge Chakra.dll Type Confusion (CVE-2016-7200 CVE-2016-7201) B643"

• "ET EXPLOIT Possible Microsoft Edge Chakra.dll Type Confusion (CVE-2016-7200 CVE-2016-7201) Observed in SunDown EK 2"

• "ET EXPLOIT Possible Microsoft Edge Chakra.dll Type Confusion (CVE-2016-7200 CVE-2016-7201) B642"

CVE-2016-6662

• "ET EXPLOIT Possible MySQL cnf overwrite CVE-2016-6662 Attempt"

• "ET EXPLOIT Possible MySQL CVE-2016-6662 Attempt"

CVE-2016-6563

• "ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution"

CVE-2016-6415

• "ET EXPLOIT Possible Cisco IKEv1 Information Disclosure Vulnerability CVE-2016-6415"

CVE-2016-6366

• "ET EXPLOIT CISCO FIREWALL SNMP Buffer Overflow Extrabacon (CVE-2016-6366)"

CVE-2016-6277

• "SERVER-WEBAPP DD-WRT httpd cgi-bin remote command execution attempt"

CVE-2016-6255

• "ET EXPLOIT MiCasaVerde VeraLite - Remote Code Execution Inbound (CVE-2016-6255)"

• "ET EXPLOIT MiCasaVerde VeraLite - Remote Code Execution Outbound (CVE-2016-6255)"

CVE-2016-5118

• "ET WEB_SERVER Possible CVE-2016-5118 Exploit MVG attempt M2"

• "ET WEB_SERVER Possible CVE-2016-5118 Exploit SVG attempt M1"

• "ET WEB_SERVER Possible CVE-2016-5118 Exploit SVG attempt M2"

• "ET WEB_SERVER Possible CVE-2016-5118 Exploit MVG attempt M1"

CVE-2016-4657

• "ET EXPLOIT Possible iOS Pegasus Safari Exploit (CVE-2016-4657)"

CVE-2016-4437

• "ET EXPLOIT Possible Apache Shiro 1.2.4 Cookie RememberME Deserial RCE (CVE-2016-4437)"

CVE-2016-3718

• "ET WEB_SERVER ImageMagick CVE-2016-3718 SSRF Inbound (mvg + fill + url)"

CVE-2016-3717

• "ET WEB_SERVER ImageMagick CVE-2016-3717 Local File Read Inbound (label: + mvg)"

CVE-2016-3716

• "ET WEB_SERVER ImageMagick CVE-2016-3716 Move File Inbound (msl: + mvg)"

CVE-2016-3715

• "ET WEB_SERVER ImageMagick CVE-2016-3715 File Deletion Inbound (ephermeral:+ mvg)"

CVE-2016-3714

• "ET WEB_SERVER ImageMagick CVE-2016-3714 Inbound (svg)"

• "ET WEB_SERVER ImageMagick CVE-2016-3714 Inbound (mvg)"

CVE-2016-3210

• "ET EXPLOIT CVE-2016-3210 Exploit Observed ITW M1 Nov 30"

• "ET EXPLOIT CVE-2016-3210 Exploit Observed ITW M1 Nov 30"

CVE-2016-3088

• "ET WEB_SPECIFIC_APPS Apache ActiveMQ File Upload RCE (CVE-2016-3088)"

CVE-2016-3074

• "SERVER-OTHER libgd heap-overflow attempt"

• "SERVER-OTHER libgd heap-overflow attempt"

CVE-2016-2510

• "ET EXPLOIT TIBCO Data Virtualization <= 8.3 RCE Attempt (CVE-2016-2510)"

CVE-2016-2388

• "ET WEB_SPECIFIC_APPS Vulnerable SAP NetWeaver Path Observed - Information Disclosure (CVE-2016-2388)"

CVE-2016-2386

• "ET EXPLOIT Possible SAP NetWeaver SQL Injection Attempt Inbound (CVE-2016-2386)"

CVE-2016-2345

• "ET EXPLOIT Dameware DMRC Buffer Overflow Attempt (CVE-2016-2345)"

CVE-2016-2209

• "ET EXPLOIT Possible CVE-2016-2209 Symantec PowerPoint Parsing Buffer Overflow M1"

• "ET EXPLOIT Possible CVE-2016-2209 Symantec PowerPoint Parsing Buffer Overflow M2"

CVE-2016-20017

• "ET EXPLOIT Korenix JetWave formSysCmd Command Injection Attempt (CVE-2016-20017)"

• "ET EXPLOIT D-Link DSL-2750B Command Injection Attempt (CVE-2016-20017)"

CVE-2016-1287

• "ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound 3"

• "ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound 2"

• "ET EXPLOIT Possible CVE-2016-1287 Invalid Fragment Size Inbound"

• "ET EXPLOIT CVE-2016-1287 Public Exploit ShellCode"

• "ET ATTACK_RESPONSE Possible CVE-2016-1287 Inbound Reverse CLI Shellcode"

CVE-2016-10174

• "ET EXPLOIT NETGEAR WNR2000v5 hidden_lang_avi Stack Overflow (CVE-2016-10174)"

CVE-2016-10108

• "SERVER-WEBAPP Western Digital MyCloud command injection attempt"

• "SERVER-WEBAPP Western Digital MyCloud command injection attempt"

• "SERVER-WEBAPP Western Digital MyCloud command injection attempt"

• "SERVER-WEBAPP Western Digital MyCloud command injection attempt"

CVE-2016-10033

• "ET WEB_SPECIFIC_APPS Wordpress Host Header Injection (CVE-2016-10033) M2"

• "ET WEB_SPECIFIC_APPS Wordpress Host Header Injection (CVE-2016-10033) M3"

• "ET EXPLOIT Possible CVE-2016-10033 PHPMailer RCE Attempt"

CVE-2016-0777

• "ET EXPLOIT Possible CVE-2016-0777 Server Advertises Suspicious Roaming Support"

• "ET EXPLOIT Possible CVE-2016-0777 Client Sent Roaming Resume Request"

CVE-2016-0189

• "ET CURRENT_EVENTS CVE-2016-0189 Exploit"

• "ET CURRENT_EVENTS SunDown EK CVE-2016-0189 Sep 22 2016 (b643)"

• "ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit"

• "ET EXPLOIT CVE-2016-0189 Common Construct M1"

• "ET CURRENT_EVENTS CVE-2016-0189 Exploit as Observed in Sundown/RIG EK (b642)"

• "ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2"

• "ET CURRENT_EVENTS CVE-2016-0189 Exploit as Observed in Sundown/RIG EK (b643)"

• "ET CURRENT_EVENTS CVE-2016-0189 Exploit as Observed in Sundown/RIG EK (b646)"

• "ET CURRENT_EVENTS CVE-2016-0189 Exploit as Observed in Sundown/RIG EK (b644)"

• "ET EXPLOIT CVE-2016-0189 Common Construct M2"

• "ET CURRENT_EVENTS CVE-2016-0189 Exploit HFS Actor"

• "ET CURRENT_EVENTS CVE-2016-0189 Exploit as Observed in Sundown/RIG EK (b641)"

• "ET CURRENT_EVENTS CVE-2016-0189 Exploit as Observed in Sundown/RIG EK (b645)"

CVE-2016-0063

• "ET WEB_CLIENT Internet Explorer Memory Corruption Vulnerability (CVE-2016-0063)"

CVE-2016-0061

• "ET EXPLOIT MS16-009 IE MSHTML Form Element Type Confusion (CVE-2016-0061)"

CVE-2015-7759

• "PROTOCOL-ICMP Destination Unreachable Fragmentation Needed and DF bit was set"

CVE-2015-7547

• "ET EXPLOIT Possible 2015-7547 Malformed Server response"

• "ET EXPLOIT Possible CVE-2015-7547 Large Response to A/AAAA query"

• "ET EXPLOIT Possible CVE-2015-7547 Long Response to A lookup"

• "ET EXPLOIT Possible CVE-2015-7547 Long Response to AAAA lookup"

• "ET EXPLOIT Possible CVE-2015-7547 Malformed Server Response A/AAAA"

• "ET EXPLOIT Possible 2015-7547 PoC Server Response"

• "ET EXPLOIT Possible CVE-2015-7547 A/AAAA Record Lookup Possible Forced FallBack(fb set)"

CVE-2015-7450

• "ET EXPLOIT IBM WebSphere - RCE Java Deserialization"

CVE-2015-7297

• "ET WEB_SPECIFIC_APPS Possible Joomla SQLi Attempt (CVE-2015-7297 CVE-2015-7857 CVE-2015-7858)"

CVE-2015-7261

• "SERVER-OTHER QNAP QTS hard coded credential access attempt"

CVE-2015-5477

• "ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M4"

• "ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M1"

• "ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M3"

• "ET EXPLOIT Possible BIND9 DoS CVE-2015-5477 M2"

CVE-2015-5374

• "ET EXPLOIT Win32/Industroyer DDOS Siemens SIPROTEC (CVE-2015-5374)"

CVE-2015-4852

• "ET EXPLOIT Oracle Weblogic Server Deserialization RCE T3 (CVE-2015-4852)"

CVE-2015-4495

• "ET EXPLOIT Possible Firefox PDF.js Same-Origin-Bypass CVE-2015-4495 M2"

• "ET EXPLOIT Possible Firefox PDF.js Same-Origin-Bypass CVE-2015-4495 M1"

CVE-2015-3337

• "ET WEB_SERVER ElasticSearch Directory Traversal Attempt (CVE-2015-3337)"

CVE-2015-2950

• "ET TROJAN URI Struct Observed in Pawn Storm CVE-2015-2950"

CVE-2015-2590

• "ET TROJAN Possible Java/Downloader Observed in Pawn Storm CVE-2015-2590 1"

• "ET TROJAN Possible Java/Downloader Observed in Pawn Storm CVE-2015-2590 2"

CVE-2015-2444

• "ET WEB_CLIENT Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)"

• "ET EXPLOIT Possible Internet Explorer Memory Corruption Vulnerability (CVE-2015-2444)"

CVE-2015-2424

• "ET TROJAN Possible CVE-2015-2424 RTF Dropping Sofacy"

CVE-2015-2419

• "ET CURRENT_EVENTS Terror EK CVE-2015-2419 Exploit"

• "ET EXPLOIT CVE-2015-2419 As observed in Magnitude EK"

CVE-2015-2350

• "SERVER-WEBAPP MikroTik RouterOS cross site request forgery attempt"

CVE-2015-2051

• "ET EXPLOIT D-Link HNAP SOAPAction Command Injection (CVE-2015-2051)"

CVE-2015-1635

• "ET WEB_SERVER Possible IIS Integer Overflow DoS (CVE-2015-1635)"

CVE-2015-1538

• "ET EXPLOIT Possible Android Stagefright MP4 CVE-2015-1538 - Shell"

• "ET EXPLOIT Possible Android Stagefright MP4 CVE-2015-1538 - ROP"

• "ET EXPLOIT Possible Android Stagefright MP4 CVE-2015-1538 - STSC"

CVE-2015-1427

• "ET CURRENT_EVENTS Possible Elasticsearch CVE-2015-1427 Exploit Campaign SSL Certificate"

• "ET WEB_SERVER Possible CVE-2015-1427 Elastic Search Sandbox Escape Remote Code Execution Attempt"

CVE-2015-1398

• "SERVER-WEBAPP Magento remote code execution attempt"

CVE-2015-1187

• "ET EXPLOIT D-Link TRENDnet NCC Service Command Injection Attempt (CVE-2015-1187)"

CVE-2015-0204

• "ET EXPLOIT FREAK Weak Export Suite From Server (CVE-2015-0204)"

CVE-2015-0016

• "ET CURRENT_EVENTS SunDown EK CVE-2015-0016 Sep 22 2016 (b643)"

CVE-2014-9118

• "ET EXPLOIT Zhone ZNID GPON 2426A < S3.0.501 RCE (CVE-2014-9118) M1"

• "ET EXPLOIT Zhone ZNID GPON 2426A < S3.0.501 RCE (CVE-2014-9118) M2"

CVE-2014-8636

• "ET WEB_CLIENT Firefox Proxy Prototype RCE Attempt (CVE-2014-8636)"

CVE-2014-8361

• "ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361"

• "ET EXPLOIT Realtek SDK Miniigd UPnP SOAP Command Execution CVE-2014-8361 - Outbound"

CVE-2014-7229

• "SERVER-WEBAPP Akeeba Kickstart cross site request forgery attempt"

• "SERVER-WEBAPP Akeeba Kickstart restoration.php reconnaissance attempt"

CVE-2014-7228

• "SERVER-WEBAPP Joomla restore.php PHP object injection attempt"

CVE-2014-7169

• "OS-OTHER Bash CGI environment variable injection attempt"

• "OS-OTHER Bash environment variable injection attempt"

• "OS-OTHER Bash CGI environment variable injection attempt"

• "OS-OTHER Bash environment variable injection attempt"

• "OS-OTHER Bash environment variable injection attempt"

• "OS-OTHER Bash CGI environment variable injection attempt"

• "OS-OTHER Bash CGI environment variable injection attempt"

• "OS-OTHER Bash environment variable injection attempt"

• "OS-OTHER Bash environment variable injection attempt"

• "OS-OTHER Bash CGI environment variable injection attempt"

• "OS-OTHER Malicious DHCP server bash environment variable injection attempt"

• "OS-OTHER Bash environment variable injection attempt"

• "OS-OTHER Bash environment variable injection attempt"

CVE-2014-6332

• "ET CURRENT_EVENTS Possible CVE-2014-6332 DECS2"

• "ET CURRENT_EVENTS CVE-2014-6332 Sep 01 2016 (HFS Actor) M1"

• "ET EXPLOIT Possible Internet Explorer VBscript failure to handle error case information disclosure CVE-2014-6332 Common Construct M2"

• "ET CURRENT_EVENTS CVE-2014-6332 Sep 01 2016 (HFS Actor) M2"

• "ET WEB_CLIENT Possible Internet Explorer VBscript CVE-2014-6332 multiple redim preserve"

• "ET WEB_CLIENT Possible Internet Explorer VBscript failure to handle error case information disclosure obfuscated CVE-2014-6332"

• "ET EXPLOIT Possible Internet Explorer VBscript failure to handle error case information disclosure CVE-2014-6332 Common Function Name"

CVE-2014-6271

• "ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie"

• "ET WEB_SERVER Possible CVE-2014-6271 Attempt"

• "ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy"

• "ET WEB_SERVER Possible CVE-2014-6271 Attempt in URI"

• "ET EXPLOIT VisualDoor Sonicwall SSL VPN Exploit Attempt"

• "ET EXPLOIT QNAP Shellshock CVE-2014-6271"

• "ET EXPLOIT Possible OpenVPN CVE-2014-6271 attempt"

• "ET EXPLOIT QNAP Shellshock script retrieval"

• "ET EXPLOIT Possible Qmail CVE-2014-6271 Mail From attempt"

• "ET EXPLOIT Possible Postfix CVE-2014-6271 attempt"

• "ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK"

• "ET WEB_SERVER CVE-2014-6271 Attempt In HTTP Headers Line Continuation Evasion CRLF"

• "ET WEB_SERVER Possible CVE-2014-6271 Attempt in Client Body 2"

• "ET TROJAN Linux/ShellshockCampaign.DDOSBot UDP Flood CnC Server Message"

• "ET EXPLOIT Possible Pure-FTPd CVE-2014-6271 attempt"

• "ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy"

• "ET WEB_SERVER CVE-2014-6271 Attempt In HTTP Headers Line Continuation Evasion LF"

• "ET WEB_SERVER Possible CVE-2014-6271 Attempt in Client Body 3"

• "ET TROJAN Linux/ShellshockCampaign.DDOSBot Execute Shell Command CnC Server Message"

• "ET EXPLOIT Possible CVE-2014-6271 malicious DNS response"

• "ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DNS"

• "ET TROJAN Linux/ShellshockCampaign.DDOSBot Reporting IP"

• "ET TROJAN Linux/ShellshockCampaign.DDOSBot Terminate Process CnC Server Message"

• "ET EXPLOIT Possible OpenVPN CVE-2014-6271 attempt"

• "ET WEB_SERVER Possible CVE-2014-6271 Attempt in Client Body"

• "ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers"

CVE-2014-6041

• "ET MOBILE_MALWARE Possible Android CVE-2014-6041"

• "ET MOBILE_MALWARE Possible Android CVE-2014-6041"

CVE-2014-4671

• "ET WEB_SERVER Adobe Flash Player Rosetta Flash compressed CWS in URI"

• "ET WEB_CLIENT Adobe Flash Player Rosetta Flash compressed FWS"

• "ET WEB_CLIENT Adobe Flash Player Rosetta Flash compressed ZWS"

• "ET WEB_CLIENT Adobe Flash Player Rosetta Flash compressed CWS"

CVE-2014-4113

• "ET WEB_CLIENT Possible CVE-2014-4113 Exploit Download with Hurricane Panda IOC"

CVE-2014-3704

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 8"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 19"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 16"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 18"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 23"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 12"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 29"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 15"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 17"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 28"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 2"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 4"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 14"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 31"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 9"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 24"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 21"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 22"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 26"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 10"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 6"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 20"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 13"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 27"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 25"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 5"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 32"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 3"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 30"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 7"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 11"

• "ET EXPLOIT Possible CVE-2014-3704 Drupal SQLi attempt URLENCODE 1"

CVE-2014-3120

• "ET WEB_SERVER Possible CVE-2014-3120 Elastic Search Remote Code Execution Attempt"

CVE-2014-2424

• "ET WEB_SPECIFIC_APPS Oracle Event Processing FileUploadServlet Arbitrary File Upload"

CVE-2014-2321

• "ET EXPLOIT ZTE Cable Modem RCE Attempt (CVE-2014-2321)"

CVE-2014-1776

• "ET WEB_CLIENT Microsoft Application Crash Report Indicates Potential VGX Memory Corruption 2"

• "ET WEB_CLIENT Microsoft Application Crash Report Indicates Potential VGX Memory Corruption"

• "ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2014-1776 M1"

CVE-2014-1610

• "ET WEB_SPECIFIC_APPS MediaWiki thumb.php RCE"

CVE-2014-100005

• "ET EXPLOIT D-LINK Router DIR-645 / DIR-815 RCE (CVE-2014-100005)"

CVE-2014-0659

• "PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected"

• "PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected"

• "PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected"

• "PROTOCOL-OTHER use of undocumented ScMM test interface in Cisco small business devices detected"

CVE-2014-0195

• "ET CURRENT_EVENTS SUSPICIOUS DTLS 1.0 Fragmented Client Hello Possible CVE-2014-0195"

CVE-2014-0160

• "SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL TLSv1.1 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt"

• "SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt - vulnerable client response"

• "SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt"

• "SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt"

• "SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt"

• "SERVER-OTHER OpenSSL Heartbleed masscan access exploitation attempt"

• "SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL TLSv1.2 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL TLSv1 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt - vulnerable client response"

• "SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt - vulnerable client response"

• "SERVER-OTHER OpenSSL SSLv3 large heartbeat response - possible ssl heartbleed attempt"

• "SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - vulnerable client response"

• "SERVER-OTHER OpenSSL TLSv1 heartbeat read overrun attempt"

• "SERVER-OTHER OpenSSL SSLv3 heartbeat read overrun attempt"

CVE-2014-0050

• "ET WEB_SERVER Apache Tomcat Boundary Overflow DOS/File Upload Attempt"

CVE-2013-7471

• "ET EXPLOIT D-Link Related Command Injection Attempt Inbound (CVE-2013-7471)"

CVE-2013-5912

• "ET EXPLOIT Thomson Reuters Velocity Analytics Vhayu Analytic Servers 6.94 build 2995 CVE-2013-5912 (Inbound)"

• "ET EXPLOIT Thomson Reuters Velocity Analytics Vhayu Analytic Servers 6.94 build 2995 CVE-2013-5912 (Outbound)"

CVE-2013-3827

• "ET WEB_SPECIFIC_APPS Oracle JSF2 Path Traversal Attempt"

CVE-2013-3652

• "ET WEB_SPECIFIC_APPS Openmediavault Crontab Manipulation Remote Code Execution/Privilege Escalation (CVE-2013-3652)"

CVE-2013-3568

• "ET EXPLOIT Possible Linksys WRT100/110 RCE Attempt (CVE-2013-3568)"

CVE-2013-3307

• "SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt"

• "SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt"

• "SERVER-WEBAPP Linksys E-Series apply.cgi ping function command injection attempt"

CVE-2013-3071

• "SERVER-WEBAPP Netgear WNDR4700 and R6200 admin interface authentication bypass attempt"

CVE-2013-2618

• "ET WEB_SPECIFIC_APPS Possible CVE-2013-2618 Attempt (PHP Weathermap Persistent XSS)"

CVE-2013-2568

• "ET EXPLOIT Possible Zavio IP Camera OS Command Injection Attempt Inbound (CVE-2013-2568)"

CVE-2013-2423

• "EXPLOIT-KIT Sweet Orange exploit kit landing page in.php base64 uri"

• "EXPLOIT-KIT Styx exploit kit plugin detection connection jorg"

• "EXPLOIT-KIT Styx exploit kit plugin detection connection jlnp"

• "EXPLOIT-KIT Styx exploit kit plugin detection connection jovf"

CVE-2013-1710

• "ET WEB_CLIENT Possible CVE-2013-1710/CVE-2012-3993 Firefox Exploit Attempt"

CVE-2013-1601

• "ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1601)"

CVE-2013-1600

• "ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1600)"

CVE-2013-1599

• "ET EXPLOIT D-Link IP Camera Vulnerable HTTP Request (CVE-2013-1599)"

CVE-2013-1347

• "ET CURRENT_EVENTS DRIVEBY Sednit EK IE Exploit CVE-2013-1347 M1"

CVE-2013-0662

• "ET SCADA SEIG Modbus 3.4 - Remote Code Execution"

CVE-2013-0657

• "ET SCADA SEIG SYSTEM 9 - Remote Code Execution"

CVE-2013-0431

• "EXPLOIT-KIT Stamp exploit kit portable executable download"

CVE-2013-0144

• "SERVER-OTHER QNAP QTS cross site request forgery attempt"

CVE-2013-0143

• "SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt"

• "SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt"

• "SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt"

• "SERVER-WEBAPP QNAP VioStor NVR and QNAP NAS command injection attempt"

CVE-2012-6050

• "SERVER-OTHER Mikrotik RouterOS denial of service attempt"

CVE-2012-5962

• "SERVER-OTHER libupnp command buffer overflow attempt"

• "SERVER-OTHER libupnp command buffer overflow attempt"

CVE-2012-5958

• "ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M1"

• "ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M2"

• "ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M3"

CVE-2012-4792

• "ET TROJAN CFR DRIVEBY CVE-2012-4792 DNS Query for C2 domain"

CVE-2012-4681

• "EXPLOIT-KIT Blackholev2/Darkleech exploit kit landing page request"

CVE-2012-3574

• "ET EXPLOIT Access To mm-forms-community upload dir (Outbound)"

• "ET EXPLOIT Access To mm-forms-community upload dir (Inbound)"

CVE-2012-3152

• "ET WEB_SERVER Possible Oracle Reports Forms RCE CVE-2012-3152"

CVE-2012-2539

• "ET WEB_CLIENT Microsoft Rich Text File .RTF File download with invalid listoverridecount"

CVE-2012-2336

• "SERVER-WEBAPP PHP-CGI remote file include attempt"

CVE-2012-2311

• "ET EXPLOIT PHP-CGI Query String Parameter Vuln Inbound (CVE-2012-2311)"

CVE-2012-1889

• "ET WEB_CLIENT Potential MSXML2.FreeThreadedDOMDocument Uninitialized Memory Corruption Attempt"

CVE-2012-1533

• "ET EXPLOIT Possible 2012-1533 altjvm RCE via JNLP command injection"

CVE-2012-0209

• "ET WEB_SPECIFIC_APPS Horde 3.3.12 Backdoor Attempt"

CVE-2012-0185

• "ET WEB_CLIENT Microsoft Excel file download - SET 1"

CVE-2012-0183

• "ET WEB_CLIENT Microsoft Rich Text File download - SET"

• "ET WEB_CLIENT Hostile Microsoft Rich Text File (RTF) with corrupted listoverride"

CVE-2012-0158

• "ET WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 3"

• "ET WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 1"

• "ET WEB_CLIENT Microsoft Rich Text File download with vulnerable ActiveX control flowbit set 2"

CVE-2012-0152

• "ET DOS Microsoft Remote Desktop (RDP) Syn/Ack Outbound Flowbit Set"

CVE-2012-0003

• "ET WEB_CLIENT Likely MS12-004 midiOutPlayNextPolyEvent Heap Overflow Midi Filename Requested baby.mid"

• "ET WEB_CLIENT Microsoft Windows Media component specific exploit"

CVE-2011-5148

• "ET EXPLOIT Possible Joomla RCE (CVE-2011-5148)"

• "ET WEB_SPECIFIC_APPS Joolma Simple File Upload Plugin Remote Code Execution (CVE-2011-5148)"

CVE-2011-4786

• "ET ACTIVEX HP Easy Printer Care Software XMLCacheMgr ActiveX Control Remote Code Execution Attempt"

CVE-2011-4722

• "PROTOCOL-TFTP parent directory"

CVE-2011-3416

• "ET WEB_SERVER ASP.NET Forms Authentication Bypass"

CVE-2011-2466

• "ET WEB_SPECIFIC_APPS ZyXEL ZyWALL LoginPassword/HiddenPassword Cross Site Scripting Attempt"

CVE-2011-2179

• "ET WEB_SPECIFIC_APPS Nagios Expand Parameter Cross Site Scripting Attempt"

CVE-2011-2040

• "ET ACTIVEX Cisco AnyConnect VPN Secure Mobility Client Cisco.AnyConnect.VPNWeb.1 Arbitrary Program Execution Attempt"

CVE-2011-1609

• "ET WEB_SPECIFIC_APPS Cisco Unified Communications Manager xmldirectorylist.jsp SQL Injection Attempt"

CVE-2011-1511

• "ET WEB_SPECIFIC_APPS Possible Oracle GlassFish Server Administration Console Authentication Bypass Attempt"

CVE-2011-1038

• "ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf Cross Site Scripting Attempt"

• "ET WEB_SPECIFIC_APPS IBM Lotus Sametime Server stconf.nsf Cross Site Scripting Attempt"

CVE-2011-0962

• "ET WEB_SPECIFIC_APPS Cisco Common Services Framework Reflective XSS Attempt"

CVE-2011-0961

• "ET WEB_SPECIFIC_APPS CiscoWorks Help Servlet Reflective XSS Attempt"

CVE-2011-0960

• "ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager Blind SQL Injection Attempt"

CVE-2011-0959

• "ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon Reflective XSS Attempt"

• "ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager advancedfind.do Reflective XSS Attempt"

• "ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager clusterName Reflective XSS Attempt"

• "ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager deviceInstanceName Reflective XSS Attempt"

• "ET WEB_SPECIFIC_APPS Cisco Unified Operations Manager eventmon_wrapper.jsp Reflective XSS Attempt"

CVE-2011-0615

• "ET WEB_CLIENT Adobe Audition Malformed Session File Buffer Overflow Attempt"

CVE-2011-0321

• "PROTOCOL-RPC portmap UNSET attempt UDP 111"

CVE-2011-0065

• "ET WEB_CLIENT Mozilla Firefox mChannel Object Dangling Pointer Use-After-Free Memory Corruption Attempt"

CVE-2010-4367

• "ET WEB_SPECIFIC_APPS Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Attempt"

CVE-2010-4321

• "ET ACTIVEX Novell iPrint ActiveX GetDriverSettings Remote Code Execution Attempt"

CVE-2010-4172

• "ET WEB_SPECIFIC_APPS Apache Tomcat Sort Parameter Cross Site Scripting Attempt"

• "ET WEB_SPECIFIC_APPS Apache Tomcat Orderby Parameter Cross Site Scripting Attempt"

CVE-2010-4111

• "ET WEB_SPECIFIC_APPS HP Insight Diagnostics Online Edition search.php XSS Attempt"

CVE-2010-4091

• "ET WEB_CLIENT Possible Adobe Reader 9.4 this.printSeps Memory Corruption Attempt"

CVE-2010-3654

• "ET WEB_CLIENT Adobe Flash Player Button Remote Code Execution Attempt"

CVE-2010-3599

• "ET ACTIVEX Oracle Document Capture File Overwrite or Buffer Overflow Attempt"

CVE-2010-3581

• "ET WEB_SPECIFIC_APPS Oracle Fusion Middleware BPEL Console Cross Site Scripting"

CVE-2010-3333

• "ET WEB_CLIENT Microsoft Office RTF Stack Buffer Overflow"

CVE-2010-3274

• "ET WEB_SPECIFIC_APPS ZOHO ManageEngine ADSelfService Employee Search XSS Attempt"

CVE-2010-3272

• "ET WEB_SPECIFIC_APPS Possible ZOHO ManageEngine ADSelfService Captcha Bypass Attempt"

CVE-2010-3148

• "ET WEB_CLIENT Microsoft Visio 2003 mfc71enu.dll DLL Loading Arbitrary Code Execution Attempt"

CVE-2010-3000

• "ET WEB_CLIENT RealPlayer FLV Parsing Integer Overflow Attempt"

CVE-2010-2753

• "ET WEB_CLIENT Mozilla Firefox nsTreeSelection Element invalidateSelection Remote Code Execution Attempt"

CVE-2010-2580

• "SERVER-MAIL RCPT TO overflow"

CVE-2010-2545

• "ET WEB_SPECIFIC_APPS Cacti cacti/utilities.php Cross Site Scripting Attempt"

CVE-2010-2201

• "ET WEB_CLIENT PDF With Embedded Adobe Shockwave Flash Possibly Related to Remote Code Execution Attempt"

• "ET WEB_CLIENT Possible Adobe Acrobat and Reader Pushstring Memory Corruption Attempt"

CVE-2010-2168

• "ET WEB_CLIENT Adobe Acrobat newfunction Remote Code Execution Attempt"

CVE-2010-1922

• "ET WEB_SPECIFIC_APPS 29o3 CMS pageDescriptionObject.php LibDir Parameter Remote File Inclusion Attempt"

CVE-2010-1486

• "ET WEB_SPECIFIC_APPS Possible CactuShop User Invoices Persistent XSS Attempt"

CVE-2010-1297

• "ET WEB_CLIENT PDF With Embedded Flash Possible Remote Code Execution Attempt"

• "ET WEB_CLIENT Adobe Authplay.dll NewClass Memory Corruption Attempt"

• "ET WEB_CLIENT Possible Adobe Acrobat Reader Newclass Invalid Pointer Remote Code Execution Attempt"

CVE-2010-1214

• "ET WEB_CLIENT Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Attempt"

CVE-2010-1186

• "ET WEB_SPECIFIC_APPS Wordpress NextGEN Gallery Plugin Cross Site Scripting Attempt"

CVE-2010-1119

• "ET WEB_CLIENT Android Webkit removeChild Use-After-Free Remote Code Execution Attempt"

CVE-2010-0817

• "ET WEB_SERVER Microsoft SharePoint Server 2007 _layouts/help.aspx Cross Site Scripting Attempt"

CVE-2010-0805

• "ET ACTIVEX Microsoft Internet Explorer Tabular DataURL ActiveX Control Memory Corruption Attempt"

CVE-2010-0738

• "ET WEB_SPECIFIC_APPS Possible JBoss JMX Console Beanshell Deployer WAR Upload and Deployment Exploit Attempt"

• "ET WEB_SERVER JBoss jmx-console Access Control Bypass Attempt"

• "ET WEB_SERVER JBoss jmx-console Probe"

• "ET WEB_SPECIFIC_APPS JBoss JMX Console Beanshell Deployer .WAR File Upload and Deployment Cross Site Request Forgery Attempt"

CVE-2010-0641

• "ET WEB_SPECIFIC_APPS Cisco Collaboration Server LoginPage.jhtml Cross Site Scripting Attempt"

CVE-2010-0625

• "PROTOCOL-FTP RMD overflow attempt"

CVE-2010-0369

• "ET WEB_SERVER LANDesk Command Injection Attempt"

CVE-2010-0248

• "ET WEB_CLIENT Internet Explorer CTableRowCellsCollectionCacheItem.GetNext Memory Use-After-Free Attempt"

CVE-2010-0188

• "ET CURRENT_EVENTS Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request"

CVE-2010-0027

• "ET WEB_CLIENT Possible Microsoft Internet Explorer URI Validation Remote Code Execution Attempt"

CVE-2009-4769

• "PROTOCOL-FTP format string attempt"

CVE-2009-4444

• "ET WEB_SERVER Possible Microsoft Internet Information Services (IIS) .aspx Filename Extension Parsing File Upload Security Bypass Attempt (aspx)"

• "ET WEB_SERVER Possible Microsoft Internet Information Services (IIS) .asp Filename Extension Parsing File Upload Security Bypass Attempt (asp)"

CVE-2009-4324

• "ET WEB_CLIENT Possible Adobe Multimedia Doc.media.newPlayer Memory Corruption Attempt"

CVE-2009-4185

• "ET WEB_SPECIFIC_APPS HP System Management Homepage Input Validation Cross Site Scripting Attempt"

CVE-2009-4179

• "ET WEB_SERVER Possible HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow Attempt"

CVE-2009-3958

• "ET ACTIVEX Possible NOS Microsystems Adobe Reader/Acrobat getPlus Get_atlcomHelper ActiveX Control Multiple Stack Overflows Remote Code Execution Attempt"

CVE-2009-3699

• "PROTOCOL-RPC CMSD UDP CMSD_CREATE buffer overflow attempt"

CVE-2009-3459

• "ET WEB_CLIENT Adobe Acrobat Reader FlateDecode Stream Predictor Exploit Attempt"

CVE-2009-3031

• "ET ACTIVEX Multiple Altiris Products AeXNSConsoleUtilities.dll ActiveX Control BrowseAndSaveFile Method Buffer Overflow Attempt Function Call"

CVE-2009-2990

• "ET WEB_CLIENT Adobe Reader and Acrobat U3D File Invalid Array Index Remote Code Execution Attempt"

CVE-2009-2765

• "ET WEB_SERVER Possible DD-WRT Metacharacter Injection Command Execution Attempt"

CVE-2009-2734

• "ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable UPDATE SET SQL Injection Attempt"

• "ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable INSERT INTO SQL Injection Attempt"

• "ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable SELECT FROM SQL Injection Attempt"

• "ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable UNION SELECT SQL Injection Attempt"

• "ET WEB_SPECIFIC_APPS Possible Achievo userid= Variable DELETE FROM SQL Injection Attempt"

CVE-2009-2685

• "ET WEB_SPECIFIC_APPS Possible HP Power Manager Management Web Server Login Remote Buffer Overflow Attempt"

CVE-2009-2684

• "ET WEB_SERVER HP LaserJet Printer Cross Site Scripting Attempt"

CVE-2009-2334

• "ET WEB_SPECIFIC_APPS WordPress wp-admin/admin.php Module Configuration Security Bypass Attempt"

CVE-2009-1991

• "ET EXPLOIT Possible Oracle Database Text Component ctxsys.drvxtabc.create_tables Remote SQL Injection Attempt"

CVE-2009-1798

• "ET WEB_SPECIFIC_APPS Possible APC Network Management Card Cross Site Scripting Attempt"

CVE-2009-1220

• "ET WEB_SPECIFIC_APPS Cisco Adaptive Security Appliance WebVPN Cross Site Scripting Attempt"

CVE-2009-1203

• "ET WEB_SERVER Possible Cisco Adaptive Security Appliance Web VPN FTP or CIFS Authentication Form Phishing Attempt"

CVE-2009-1202

• "ET WEB_SERVER Possible Cisco ASA Appliance Clientless SSL VPN HTML Rewriting Security Bypass Attempt/Cross Site Scripting Attempt"

CVE-2009-1151

• "SERVER-WEBAPP Setup.php access"

CVE-2009-0921

• "ET WEB_SERVER HP OpenView /OvCgi/Toolbar.exe Accept Language Heap Buffer Overflow Attempt"

CVE-2008-7257

• "ET WEB_SERVER Possible Cisco PIX/ASA HTTP Web Interface HTTP Response Splitting Attempt"

CVE-2008-3714

• "ET WEB_SPECIFIC_APPS Possible AWStats awstats.pl Cross-Site Scripting Attempt"

CVE-2008-2992

• "ET WEB_CLIENT Adobe Acrobat Util.printf Buffer Overflow Attempt"

CVE-2008-2165

• "ET WEB_SERVER Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt"

• "ET WEB_SPECIFIC_APPS Cisco BBSM Captive Portal AccesCodeStart.asp Cross-Site Scripting Attempt"

CVE-2008-1947

• "ET WEB_SPECIFIC_APPS Possible Apache Tomcat Host Manager Cross Site Scripting Attempt"

CVE-2007-0485

• "SERVER-WEBAPP WebChat db_mysql.php file include"

• "SERVER-WEBAPP WebChat english.php file include"

CVE-2006-6576

• "PROTOCOL-FTP PASS overflow attempt"

CVE-2006-6424

• "PROTOCOL-IMAP auth literal overflow attempt"

CVE-2006-4000

• "ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Inbound)"

• "ET EXPLOIT Barracuda Spam Firewall 3.3.x RCE 2006-4000 (Outbound)"

CVE-2006-0189

• "GPL VOIP EXPLOIT SIP UDP Softphone overflow attempt"

CVE-2005-3683

• "PROTOCOL-FTP USER overflow attempt"

• "PROTOCOL-FTP RETR overflow attempt"

• "PROTOCOL-FTP RNTO overflow attempt"

CVE-2005-1256

• "GPL IMAP status overflow attempt"

CVE-2005-0755

• "FILE-MULTIMEDIA RealNetworks RealPlayer playlist http URL overflow attempt"

• "FILE-MULTIMEDIA RealNetworks RealPlayer playlist rtsp URL overflow attempt"

• "FILE-MULTIMEDIA RealNetworks RealPlayer playlist file URL overflow attempt"

CVE-2005-0491

• "SERVER-OTHER Arkeia client backup generic info probe"

• "SERVER-OTHER Arkeia backup client type 84 overflow attempt"

• "SERVER-OTHER Arkeia client backup system info probe"

CVE-2005-0202

• "SERVER-WEBAPP mailman directory traversal attempt"

CVE-2005-0095

• "SERVER-OTHER squid WCCP I_SEE_YOU message overflow attempt"

CVE-2005-0068

• "PROTOCOL-ICMP Destination Unreachable Protocol Unreachable"

• "PROTOCOL-ICMP destination unreachable port unreachable packet detected"

CVE-2004-2728

• "PROTOCOL-FTP XCWD overflow attempt"

CVE-2004-2585

• "SERVER-IIS SmarterTools SmarterMail frmGetAttachment.aspx access"

• "SERVER-IIS SmarterTools SmarterMail frmCompose.asp access"

• "SERVER-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt"

CVE-2004-2379

• "SERVER-WEBAPP util.pl access"

CVE-2004-2375

• "PROTOCOL-POP APOP USER overflow attempt"

CVE-2004-2374

• "SERVER-WEBAPP phptest.php access"

CVE-2004-2368

• "SERVER-WEBAPP Opt-X header.php remote file include attempt"

CVE-2004-2353

• "SERVER-WEBAPP BugPort config.conf file access"

CVE-2004-2170

• "SERVER-WEBAPP Sample_showcode.html access"

CVE-2004-2128

• "SERVER-WEBAPP ISAPISkeleton.dll access"

CVE-2004-1885

• "SERVER-OTHER WSFTP IpSwitch custom SITE command execution attempt"

CVE-2004-1883

• "PROTOCOL-FTP RETR format string attempt"

CVE-2004-1868

• "SERVER-OTHER esignal STREAMQUOTE buffer overflow attempt"

• "SERVER-OTHER esignal SNAPQUOTE buffer overflow attempt"

CVE-2004-1856

• "SERVER-OTHER HP Web JetAdmin remote file upload attempt"

CVE-2004-1817

• "SERVER-WEBAPP modules.php access"

CVE-2004-1776

• "ET SNMP Attempted TCP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String cable-docsis"

• "ET SNMP Attempted UDP Access Attempt to Cisco IOS 12.1 Hidden Read/Write Community String cable-docsis"

CVE-2004-1769

• "SERVER-WEBAPP cPanel resetpass access"

CVE-2004-1596

• "SERVER-WEBAPP 3Com 3CRADSL72 ADSL 11g Wireless Router app_sta.stm access attempt"

CVE-2004-1364

• "SERVER-ORACLE TO_CHAR buffer overflow attempt"

CVE-2004-1315

• "ET WEB_SPECIFIC_APPS WEB-PHP RCE PHPBB 2004-1315"

CVE-2004-1172

• "SERVER-OTHER Veritas backup overflow attempt"

CVE-2004-1154

• "GPL NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt"

• "GPL NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt"

• "GPL NETBIOS SMB-DS NT Trans NT CREATE DACL overflow attempt"

• "GPL NETBIOS SMB-DS NT Trans NT CREATE unicode oversized Security Descriptor attempt"

• "GPL NETBIOS SMB NT Trans NT CREATE oversized Security Descriptor attempt"

• "GPL NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt"

• "GPL NETBIOS SMB NT Trans NT CREATE SACL overflow attempt"

• "GPL NETBIOS SMB-DS NT Trans NT CREATE oversized Security Descriptor attempt"

• "GPL NETBIOS SMB-DS NT Trans NT CREATE unicode DACL overflow attempt"

• "GPL NETBIOS SMB-DS NT Trans NT CREATE SACL overflow attempt"

• "GPL NETBIOS SMB NT Trans NT CREATE unicode SACL overflow attempt"

• "GPL NETBIOS SMB NT Trans NT CREATE unicode andx SACL overflow attempt"

• "GPL NETBIOS SMB NT Trans NT CREATE unicode DACL overflow attempt"

• "GPL NETBIOS SMB NT Trans NT CREATE DACL overflow attempt"

• "GPL NETBIOS SMB-DS NT Trans NT CREATE unicode SACL overflow attempt"

• "GPL NETBIOS SMB NT Trans NT CREATE unicode oversized Security Descriptor attempt"

• "NETBIOS SMB-DS NT Trans NT CREATE andx DACL overflow attempt"

• "NETBIOS SMB NT Trans NT CREATE andx SACL overflow attempt"

• "NETBIOS SMB-DS NT Trans NT CREATE SACL overflow attempt"

• "NETBIOS SMB-DS NT Trans NT CREATE unicode andx oversized Security Descriptor attempt"

• "NETBIOS SMB NT Trans NT CREATE DACL overflow attempt"

• "NETBIOS SMB NT Trans NT CREATE oversized Security Descriptor attempt"

• "NETBIOS SMB-DS NT Trans NT CREATE unicode andx DACL overflow attempt"

• "NETBIOS SMB NT Trans NT CREATE SACL overflow attempt"

• "NETBIOS SMB-DS NT Trans NT CREATE andx SACL overflow attempt"

• "NETBIOS SMB-DS NT Trans NT CREATE unicode oversized Security Descriptor attempt"

• "NETBIOS SMB-DS NT Trans NT CREATE DACL overflow attempt"

• "NETBIOS SMB-DS NT Trans NT CREATE unicode SACL overflow attempt"

• "NETBIOS SMB-DS NT Trans NT CREATE andx oversized Security Descriptor attempt"

• "NETBIOS SMB NT Trans NT CREATE unicode DACL overflow attempt"

• "NETBIOS SMB-DS NT Trans NT CREATE unicode DACL overflow attempt"

• "NETBIOS SMB NT Trans NT CREATE unicode andx DACL overflow attempt"

• "NETBIOS SMB-DS NT Trans NT CREATE unicode andx SACL overflow attempt"

• "NETBIOS SMB NT Trans NT CREATE unicode andx oversized Security Descriptor attempt"

• "NETBIOS SMB NT Trans NT CREATE unicode SACL overflow attempt"

• "NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt"

• "NETBIOS SMB NT Trans NT CREATE unicode andx SACL overflow attempt"

• "NETBIOS SMB NT Trans NT CREATE unicode oversized Security Descriptor attempt"

• "NETBIOS SMB NT Trans NT CREATE andx DACL overflow attempt"

• "NETBIOS SMB-DS NT Trans NT CREATE oversized Security Descriptor attempt"

CVE-2004-1134

• "SERVER-IIS w3who.dll buffer overflow attempt"

CVE-2004-0826

• "SERVER-WEBAPP SSLv2 Client_Hello Challenge Length overflow attempt"

CVE-2004-0798

• "SERVER-WEBAPP Ipswitch WhatsUpGold instancename overflow attempt"

CVE-2004-0777

• "PROTOCOL-IMAP login format string attempt"

• "PROTOCOL-POP PASS format string attempt"

CVE-2004-0636

• "SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt"

• "SERVER-OTHER AOL Instant Messenger goaway message buffer overflow attempt"

CVE-2004-0608

• "SERVER-OTHER Unreal Tournament secure overflow attempt"

CVE-2004-0600

• "SERVER-WEBAPP Samba SWAT Authorization port 901 overflow attempt"

• "SERVER-WEBAPP Samba SWAT Authorization overflow attempt"

CVE-2004-0597

• "FILE-IMAGE libpng tRNS overflow attempt"

CVE-2004-0417

• "SERVER-OTHER CVS Max-dotdot integer overflow attempt"

CVE-2004-0367

• "SERVER-OTHER Ethereal EIGRP prefix length overflow attempt"

• "SERVER-OTHER Ethereal IGMP IGAP message overflow attempt"

• "SERVER-OTHER Ethereal IGMP IGAP account overflow attempt"

CVE-2004-0363

• "BROWSER-PLUGINS Symantec Norton Internet Security 2004 ActiveX clsid access"

CVE-2004-0347

• "SERVER-WEBAPP NetScreen SA 5000 delhomepage.cgi access"

CVE-2004-0338

• "SERVER-WEBAPP Invision Power Board search.pl access"

CVE-2004-0330

• "GPL FTP invalid MDTM command attempt"

• "PROTOCOL-FTP invalid MDTM command attempt"

CVE-2004-0298

• "GPL FTP RETR overflow attempt"

CVE-2004-0286

• "GPL FTP USER overflow attempt"

CVE-2004-0250

• "SERVER-WEBAPP Photopost PHP Pro showphoto.php access"

CVE-2004-0222

• "SERVER-OTHER OpenBSD ISAKMP denial of service attempt"

CVE-2004-0206

• "GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian andx overflow attempt"

• "GPL NETBIOS SMB-DS nddeapi andx bind attempt"

• "GPL NETBIOS SMB NDdeSetTrustedShareW unicode andx overflow attempt"

• "GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode overflow attempt"

• "GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian overflow attempt"

• "GPL NETBIOS SMB NDdeSetTrustedShareW andx overflow attempt"

• "GPL NETBIOS SMB-DS nddeapi unicode create tree attempt"

• "GPL NETBIOS SMB NDdeSetTrustedShareW little endian andx overflow attempt"

• "GPL NETBIOS SMB nddeapi bind attempt"

• "GPL NETBIOS SMB-DS NDdeSetTrustedShareW overflow attempt"

• "GPL NETBIOS SMB NDdeSetTrustedShareW little endian overflow attempt"

• "GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode andx overflow attempt"

• "GPL NETBIOS SMB nddeapi unicode andx bind attempt"

• "GPL NETBIOS SMB NDdeSetTrustedShareW unicode overflow attempt"

• "GPL NETBIOS SMB nddeapi unicode andx create tree attempt"

• "GPL NETBIOS SMB-DS nddeapi unicode bind attempt"

• "GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian andx overflow attempt"

• "GPL NETBIOS SMB-DS nddeapi unicode andx create tree attempt"

• "GPL NETBIOS SMB-DS nddeapi bind attempt"

• "GPL NETBIOS SMB-DS NDdeSetTrustedShareW andx overflow attempt"

• "GPL NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian overflow attempt"

• "GPL NETBIOS SMB nddeapi andx bind attempt"

• "GPL NETBIOS SMB NDdeSetTrustedShareW unicode little endian overflow attempt"

• "GPL NETBIOS SMB-DS nddeapi create tree attempt"

• "GPL NETBIOS SMB nddeapi create tree attempt"

• "GPL NETBIOS SMB-DS nddeapi andx create tree attempt"

• "GPL NETBIOS SMB nddeapi unicode create tree attempt"

• "GPL NETBIOS SMB nddeapi andx create tree attempt"

• "GPL NETBIOS SMB nddeapi unicode bind attempt"

• "GPL NETBIOS SMB NDdeSetTrustedShareW overflow attempt"

• "GPL NETBIOS SMB-DS NDdeSetTrustedShareW little endian andx overflow attempt"

• "GPL NETBIOS SMB-DS nddeapi unicode andx bind attempt"

CVE-2004-0184

• "SERVER-OTHER ISAKMP invalid identification payload attempt"

CVE-2004-0164

• "SERVER-OTHER ISAKMP second payload initial contact notification without SPI attempt"

• "SERVER-OTHER ISAKMP delete hash with empty hash attempt"

• "SERVER-OTHER ISAKMP initial contact notification without SPI attempt"

CVE-2004-0040

• "SERVER-OTHER ISAKMP second payload certificate request length overflow attempt"

• "SERVER-OTHER ISAKMP third payload certificate request length overflow attempt"

• "SERVER-OTHER ISAKMP forth payload certificate request length overflow attempt"

• "SERVER-OTHER ISAKMP fifth payload certificate request length overflow attempt"

• "SERVER-OTHER ISAKMP first payload certificate request length overflow attempt"

CVE-2004-0038

• "SERVER-WEBAPP McAfee ePO file upload attempt"

CVE-2004-0034

• "SERVER-WEBAPP Phorum /support/common.php access"

CVE-2004-0032

• "SERVER-WEBAPP PhpGedView search.php access"

CVE-2004-0030

• "SERVER-WEBAPP PhpGedView PGV authentication_index.php base directory manipulation attempt"

• "SERVER-WEBAPP PhpGedView PGV functions.php base directory manipulation attempt"

• "SERVER-WEBAPP PhpGedView PGV base directory manipulation"

• "SERVER-WEBAPP PhpGedView PGV config_gedcom.php base directory manipulation attempt"

CVE-2003-1530

• "SERVER-WEBAPP phpBB privmsg.php access"

CVE-2003-1470

• "PROTOCOL-IMAP create literal buffer overflow attempt"

• "PROTOCOL-IMAP create buffer overflow attempt"

CVE-2003-1408

• "SERVER-WEBAPP Lotus Notes .exe script source download attempt"

• "SERVER-WEBAPP Lotus Notes .pl script source download attempt"

CVE-2003-1385

• "SERVER-WEBAPP Invision Board ipchat.php file include"

CVE-2003-1365

• "SERVER-IIS perl-browse newline attempt"

• "SERVER-IIS perl-browse space attempt"

CVE-2003-1351

• "SERVER-WEBAPP edittag.pl access"

CVE-2003-1191

• "SERVER-WEBAPP chatbox.php access"

CVE-2003-1153

• "SERVER-WEBAPP files.inc.php access"

CVE-2003-1097

• "INDICATOR-COMPROMISE rexec username too long response"

CVE-2003-0977

• "GPL MISC CVS non-relative path error response"

CVE-2003-0772

• "PROTOCOL-FTP APPE overflow attempt"

CVE-2003-0722

• "PROTOCOL-RPC Solaris UDP portmap sadmin port query request attempt"

CVE-2003-0717

• "OS-WINDOWS Messenger message overflow attempt"

• "OS-WINDOWS Messenger message little endian overflow attempt"

CVE-2003-0627

• "SERVER-WEBAPP PeopleSoft PeopleBooks psdoccgi access"

CVE-2003-0624

• "SERVER-WEBAPP InteractiveQuery.jsp access"

CVE-2003-0466

• "GPL FTP STOU overflow attempt"

• "GPL FTP APPE overflow attempt"

• "GPL FTP RNTO overflow attempt"

• "PROTOCOL-FTP STOU overflow attempt"

CVE-2003-0423

• "SERVER-WEBAPP parse_xml.cgi access"

• "SERVER-WEBAPP streaming server parse_xml.cgi access"

CVE-2003-0422

• "SERVER-WEBAPP Apple QuickTime streaming server view_broadcast.cgi access"

CVE-2003-0201

• "NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt"

CVE-2003-0161

• "GPL SMTP EXPN overflow attempt"

• "SERVER-MAIL EXPN overflow attempt"

• "SERVER-MAIL VRFY overflow attempt"

CVE-2003-0042

• "GPL WEB_SERVER Tomcat null byte directory listing attempt"

CVE-2003-0028

• "GPL RPC portmap proxy integer overflow attempt TCP"

CVE-2003-0015

• "GPL MISC CVS double free exploit attempt response"

• "GPL MISC CVS invalid directory response"

CVE-2002-2314

• "BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt"

• "BROWSER-FIREFOX Mozilla 1.0 Javascript arbitrary cookie access attempt"

CVE-2002-2287

• "SERVER-WEBAPP phpbb quick-reply.php access"

• "SERVER-WEBAPP phpbb quick-reply.php arbitrary command attempt"

CVE-2002-2137

• "SERVER-OTHER GlobalSunTech Access Point Information Disclosure attempt"

CVE-2002-2113

• "SERVER-WEBAPP AHG search.cgi access"

CVE-2002-1734

• "SERVER-IIS NewsPro administration authentication attempt"

CVE-2002-1728

• "SERVER-IIS as_web.exe access"

• "SERVER-IIS as_web4.exe access"

CVE-2002-1717

• "SERVER-OTHER Microsoft Frontpage register.txt access"

• "SERVER-OTHER Microsoft Frontpage service.stp access"

• "SERVER-OTHER Microsoft Frontpage fpsrvadm.exe access"

• "SERVER-OTHER Microsoft Frontpage registrations.txt access"

• "SERVER-OTHER Microsoft Frontpage administrators.pwd access"

• "SERVER-OTHER Microsoft Frontpage contents.htm access"

• "SERVER-OTHER Microsoft Frontpage fpadmin.htm access"

• "SERVER-OTHER Microsoft Frontpage orders.txt access"

• "SERVER-OTHER Microsoft Frontpage orders.htm access"

• "SERVER-OTHER Microsoft Frontpage register.htm access"

• "SERVER-OTHER Microsoft Frontpage registrations.htm access"

• "SERVER-OTHER Microsoft Frontpage cfgwiz.exe access"

• "SERVER-OTHER Microsoft Frontpage fpadmcgi.exe access"

• "SERVER-OTHER Microsoft Frontpage users.pwd access"

• "SERVER-OTHER Microsoft Frontpage author.exe access"

• "SERVER-OTHER Microsoft Frontpage fpremadm.exe access"

CVE-2002-1526

• "SERVER-WEBAPP emumail.cgi NULL attempt"

• "SERVER-WEBAPP emumail.cgi access"

CVE-2002-1337

• "SERVER-MAIL Sendmail SAML FROM prescan too many addresses overflow"

• "SERVER-MAIL Sendmail SOML FROM prescan too many addresses overflow"

• "SERVER-MAIL Sendmail MAIL FROM prescan too many addresses overflow"

• "SERVER-MAIL Sendmail RCPT TO prescan too many addresses overflow"

CVE-2002-1232

• "GPL RPC portmap ypserv request UDP"

• "GPL RPC portmap ypserv request TCP"

• "PROTOCOL-RPC ypserv maplist request TCP"

• "PROTOCOL-RPC portmap ypserv request UDP"

• "PROTOCOL-RPC portmap ypserv request TCP"

CVE-2002-1070

• "SERVER-WEBAPP PHP-Wiki cross site scripting attempt"

CVE-2002-1027

• "SERVER-WEBAPP Macromedia SiteSpring cross site scripting attempt"

CVE-2002-0965

• "SERVER-ORACLE Oracle 9i TNS Listener SERVICE_NAME Remote Buffer Overflow attempt"

CVE-2002-0953

• "ET WEB_SERVER Exploit Suspected PHP Injection Attack (cmd=)"

CVE-2002-0947

• "SERVER-WEBAPP Oracle Reports CGI access"

CVE-2002-0920

• "SERVER-WEBAPP csPassword password.cgi.tmp access"

CVE-2002-0918

• "SERVER-WEBAPP csPassword.cgi access"

CVE-2002-0910

• "PROTOCOL-RPC portmap pcnfsd request TCP"

• "PROTOCOL-RPC portmap pcnfsd request UDP"

CVE-2002-0909

• "PROTOCOL-NNTP return code buffer overflow attempt"

CVE-2002-0902

• "SERVER-WEBAPP cross site scripting HTML Image tag set to javascript attempt"

CVE-2002-0895

• "GPL FTP PASS overflow attempt"

CVE-2002-0826

• "GPL FTP SITE CPWD overflow attempt"

• "PROTOCOL-FTP SITE CPWD overflow attempt"

CVE-2002-0815

• "FILE-JAVA Oracle Javascript document.domain attempt"

CVE-2002-0649

• "MALWARE-OTHER SQL Slammer worm propagation attempt inbound"

CVE-2002-0640

• "SERVER-OTHER successful gobbles ssh exploit GOBBLE"

CVE-2002-0614

• "SERVER-WEBAPP global.inc access"

CVE-2002-0613

• "SERVER-WEBAPP DNSTools administrator authentication bypass attempt"

• "SERVER-WEBAPP DNSTools access"

• "SERVER-WEBAPP DNSTools authentication bypass attempt"

CVE-2002-0599

• "SERVER-WEBAPP Blahz-DNS dostuff.php modify user attempt"

• "SERVER-WEBAPP Blahz-DNS dostuff.php access"

CVE-2002-0539

• "SERVER-WEBAPP Demarc SQL injection attempt"

CVE-2002-0516

• "SERVER-WEBAPP squirrel mail theme arbitrary command attempt"

CVE-2002-0434

• "SERVER-WEBAPP directory.php access"

CVE-2002-0405

• "GPL FTP CWD overflow attempt"

• "PROTOCOL-FTP CWD overflow attempt"

CVE-2002-0392

• "SERVER-WEBAPP Apache chunked-encoding memory corruption exploit attempt"

CVE-2002-0379

• "GPL IMAP EXPLOIT partial body overflow attempt"

CVE-2002-0359

• "GPL RPC portmap rpc.xfsmd request TCP"

• "PROTOCOL-RPC rpc.xfsmd xfs_export attempt UDP"

• "PROTOCOL-RPC rpc.xfsmd xfs_export attempt TCP"

• "PROTOCOL-RPC portmap rpc.xfsmd request TCP"

• "PROTOCOL-RPC portmap rpc.xfsmd request UDP"

CVE-2002-0354

• "BROWSER-OTHER Mozilla Netscape XMLHttpRequest local file read attempt"

CVE-2002-0220

• "SERVER-WEBAPP smssend.php access"

CVE-2002-0206

• "SERVER-WEBAPP PHP-Nuke remote file include attempt"

CVE-2002-0084

• "GPL RPC portmap cachefsd request UDP"

• "GPL RPC portmap cachefsd request TCP"

CVE-2002-0013

• "GPL SNMP public access udp"

• "GPL SNMP public access tcp"

• "GPL SNMP private access udp"

• "GPL SNMP private access tcp"

• "PROTOCOL-SNMP public access tcp"

• "PROTOCOL-SNMP private access tcp"

• "PROTOCOL-SNMP request udp"

• "PROTOCOL-SNMP trap tcp"

• "PROTOCOL-SNMP request tcp"

• "PROTOCOL-SNMP broadcast trap"

• "PROTOCOL-SNMP Broadcast request"

• "PROTOCOL-SNMP trap udp"

• "PROTOCOL-SNMP private access udp"

• "PROTOCOL-SNMP AgentX/tcp request"

CVE-2002-0011

• "SERVER-WEBAPP Bugzilla doeditvotes.cgi access"

CVE-2002-0008

• "SERVER-WEBAPP Bugtraq process_bug.cgi access"

• "SERVER-WEBAPP Bugtraq enter_bug.cgi access"

• "SERVER-WEBAPP Bugtraq enter_bug.cgi arbitrary command attempt"

CVE-2001-1510

• "SERVER-WEBAPP jrun directory browse attempt"

CVE-2001-1371

• "SERVER-WEBAPP Oracle Application Server 9i unauthenticated application deployment attempt"

CVE-2001-1370

• "SERVER-WEBAPP PHPLIB remote command attempt"

CVE-2001-1305

• "POLICY-SOCIAL ICQ forced user addition"

CVE-2001-1252

• "SERVER-WEBAPP cs.exe access"

• "SERVER-WEBAPP console.exe access"

CVE-2001-1226

• "SERVER-WEBAPP adcycle access"

CVE-2001-1206

• "SERVER-WEBAPP lastlines.cgi access"

CVE-2001-1100

• "SERVER-WEBAPP sendmessage.cgi access"

CVE-2001-1032

• "SERVER-WEBAPP admin.php access"

• "SERVER-WEBAPP admin.php file upload attempt"

CVE-2001-1021

• "GPL FTP RMD overflow attempt"

• "GPL FTP XMKD overflow attempt"

• "GPL FTP DELE overflow attempt"

• "PROTOCOL-FTP XMKD overflow attempt"

CVE-2001-1014

• "SERVER-WEBAPP eshop.pl access"

• "SERVER-WEBAPP eshop.pl arbitrary command execution attempt"

CVE-2001-0938

• "SERVER-IIS DirectoryListing.asp access"

CVE-2001-0925

• "SERVER-WEBAPP apache directory disclosure attempt"

CVE-2001-0876

• "GPL MISC UPnP Location overflow"

CVE-2001-0838

• "GPL MISC rwhoisd format string attempt"

CVE-2001-0834

• "SERVER-WEBAPP htsearch arbitrary configuration file attempt"

CVE-2001-0826

• "GPL FTP REST overflow attempt"

CVE-2001-0821

• "SERVER-WEBAPP DCShop access"

• "SERVER-WEBAPP DCShop auth_user_file.txt access"

• "SERVER-WEBAPP DCShop orders.txt access"

CVE-2001-0797

• "GPL EXPLOIT login buffer non-evasive overflow attempt"

CVE-2001-0779

• "GPL RPC yppasswd username overflow attempt UDP"

• "PROTOCOL-RPC yppasswd new password overflow attempt UDP"

• "PROTOCOL-RPC yppasswd user update UDP"

• "PROTOCOL-RPC yppasswd old password overflow attempt UDP"

• "PROTOCOL-RPC yppasswd old password overflow attempt TCP"

• "PROTOCOL-RPC yppasswd new password overflow attempt TCP"

• "PROTOCOL-RPC yppasswd user update TCP"

CVE-2001-0771

• "SERVER-WEBAPP chip.ini access"

CVE-2001-0770

• "GPL FTP SITE overflow attempt"

• "PROTOCOL-FTP SITE overflow attempt"

CVE-2001-0746

• "SERVER-WEBAPP iPlanet GETPROPERTIES attempt"

CVE-2001-0740

• "SERVER-WEBAPP sml3com access"

CVE-2001-0731

• "GPL WEB_SERVER apache ?M=D directory list attempt"

CVE-2001-0717

• "PROTOCOL-RPC tooltalk TCP overflow attempt"

CVE-2001-0590

• "SERVER-APACHE Apache Tomcat view source attempt"

CVE-2001-0572

• "INDICATOR-SHELLCODE ssh CRC32 overflow NOOP"

• "INDICATOR-SHELLCODE ssh CRC32 overflow filler"

• "INDICATOR-SHELLCODE ssh CRC32 overflow /bin/sh"

CVE-2001-0555

• "SERVER-WEBAPP SWEditServlet directory traversal attempt"

CVE-2001-0540

• "ET POLICY MS Remote Desktop POS User Login Request"

• "ET POLICY MS Terminal Server Root login"

CVE-2001-0535

• "SERVER-OTHER Adobe Coldfusion addcontent.cfm access"

• "SERVER-OTHER Adobe Coldfusion application.cfm access"

• "SERVER-OTHER Adobe Coldfusion exampleapp access"

• "SERVER-OTHER Adobe Coldfusion exampleapp application.cfm"

• "SERVER-OTHER Adobe Coldfusion getfile.cfm access"

• "SERVER-OTHER Adobe Coldfusion sendmail.cfm access"

CVE-2001-0500

• "SERVER-IIS ISAPI .ida attempt"

CVE-2001-0476

• "SERVER-WEBAPP SWSoft ASPSeek Overflow attempt"

CVE-2001-0421

• "GPL FTP CWD ~ attempt"

• "GPL FTP CWD ~ attempt"

• "PROTOCOL-FTP CWD ~ attempt"

CVE-2001-0420

• "SERVER-WEBAPP talkback.cgi access"

• "SERVER-WEBAPP talkback.cgi directory traversal attempt"

CVE-2001-0333

• "SERVER-IIS httpodbc.dll access - nimda"

CVE-2001-0331

• "GPL RPC portmap espd request UDP"

• "GPL RPC portmap espd request TCP"

• "PROTOCOL-RPC portmap espd request UDP"

• "PROTOCOL-RPC portmap espd request TCP"

CVE-2001-0330

• "GPL WEB_SERVER globals.pl access"

• "SERVER-WEBAPP globals.pl access"

CVE-2001-0302

• "SERVER-WEBAPP tstisapi.dll access"

CVE-2001-0291

• "SERVER-WEBAPP post-query access"

CVE-2001-0272

• "SERVER-WEBAPP Amaya templates sendtemp.pl access"

CVE-2001-0260

• "GPL SMTP RCPT TO overflow"

CVE-2001-0251

• "SERVER-WEBAPP Netscape Enterprise DOS"

CVE-2001-0170

• "PROTOCOL-TELNET resolv_host_conf"

CVE-2001-0113

• "SERVER-WEBAPP statsconfig.pl access"

CVE-2001-0100

• "SERVER-WEBAPP bslist.cgi access"

CVE-2001-0099

• "SERVER-WEBAPP bsguest.cgi access"

CVE-2001-0076

• "SERVER-WEBAPP register.cgi access"

CVE-2001-0065

• "GPL FTP SITE CHOWN overflow attempt"

CVE-2001-0022

• "SERVER-WEBAPP simplestguest.cgi access"

CVE-2001-0010

• "SERVER-OTHER Bind Buffer Overflow named tsig overflow attempt"

CVE-2000-1234

• "SERVER-WEBAPP Phorum violation access"

CVE-2000-1230

• "SERVER-WEBAPP Phorum authentication access"

CVE-2000-1228

• "SERVER-WEBAPP Phorum admin access"

CVE-2000-1209

• "GPL SQL sa login failed"

CVE-2000-1188

• "SERVER-WEBAPP shopping cart access"

CVE-2000-1187

• "BROWSER-OTHER Netscape 4.7 client overflow"

• "BROWSER-OTHER Netscape 4.7 unsucessful overflow"

CVE-2000-1132

• "SERVER-WEBAPP cgforum.cgi access"

CVE-2000-1131

• "SERVER-WEBAPP gbook.cgi access"

CVE-2000-1110

• "SERVER-WEBAPP document.d2w access"

CVE-2000-1078

• "SERVER-WEBAPP ICQ Webfront HTTP DOS"

CVE-2000-1049

• "SERVER-WEBAPP Allaire JRUN DOS attempt"

CVE-2000-1025

• "SERVER-WEBAPP Netscape Servers suite DOS"

• "SERVER-WEBAPP unify eWave ServletExec DOS"

CVE-2000-1005

• "SERVER-WEBAPP webplus access"

CVE-2000-0967

• "SERVER-WEBAPP strings overflow"

CVE-2000-0951

• "SERVER-WEBAPP WebDAV search access"

CVE-2000-0925

• "SERVER-WEBAPP SmartWin CyberOffice Shopping Cart access"

CVE-2000-0922

• "SERVER-WEBAPP Web Shopper shopper.cgi access"

CVE-2000-0921

• "SERVER-WEBAPP shopping cart directory traversal"

CVE-2000-0917

• "OS-LINUX Redhat 7.0 lprd overflow"

• "SERVER-OTHER LPRng overflow"

CVE-2000-0915

• "PROTOCOL-FINGER / execution attempt"

CVE-2000-0906

• "SERVER-WEBAPP cached_feed.cgi moreover shopping cart access"

• "SERVER-WEBAPP cached_feed.cgi moreover shopping cart directory traversal"

CVE-2000-0886

• "GPL EXPLOIT .cmd executable file parsing attack"

• "SERVER-IIS .cmd executable file parsing attack"

• "SERVER-IIS .bat executable file parsing attack"

CVE-2000-0884

• "GPL ATTACK_RESPONSE file copied ok"

• "INDICATOR-COMPROMISE file copied ok"

CVE-2000-0760

• "GPL WEB_SERVER Tomcat server snoop access"

CVE-2000-0758

• "SERVER-WEBAPP lyris.pl access"

CVE-2000-0733

• "PROTOCOL-TELNET SGI telnetd format bug"

CVE-2000-0697

• "SERVER-WEBAPP answerbook2 arbitrary command execution attempt"

CVE-2000-0696

• "PROTOCOL-RPC AMD UDP version request"

• "SERVER-WEBAPP answerbook2 admin attempt"

CVE-2000-0677

• "SERVER-WEBAPP db2www access"

CVE-2000-0666

• "GPL RPC STATD UDP monitor mon_name format string exploit attempt"

• "GPL RPC STATD TCP stat mon_name format string exploit attempt"

• "GPL RPC STATD UDP stat mon_name format string exploit attempt"

• "GPL RPC STATD TCP monitor mon_name format string exploit attempt"

CVE-2000-0661

• "SERVER-IIS *.idc attempt"

CVE-2000-0630

• "SERVER-IIS ism.dll access"

CVE-2000-0627

• "SERVER-WEBAPP user_update_passwd.pl access"

• "SERVER-WEBAPP user_update_admin.pl access"

CVE-2000-0573

• "PROTOCOL-FTP SITE EXEC format string attempt"

CVE-2000-0474

• "SERVER-OTHER RealNetworks Server template.html"

CVE-2000-0439

• "SERVER-WEBAPP amazon 1-click cookie theft"

CVE-2000-0432

• "SERVER-WEBAPP calendar.pl access"

CVE-2000-0429

• "SERVER-WEBAPP cart 32 AdminPwd access"

CVE-2000-0382

• "SERVER-WEBAPP redirect access"

CVE-2000-0377

• "GPL NETBIOS SMB-DS OpenKey little endian overflow attempt"

• "GPL NETBIOS SMB-DS OpenKey unicode overflow attempt"

• "GPL NETBIOS SMB OpenKey little endian andx overflow attempt"

• "GPL NETBIOS SMB OpenKey little endian overflow attempt"

• "GPL NETBIOS SMB OpenKey unicode overflow attempt"

• "GPL NETBIOS SMB-DS OpenKey andx overflow attempt"

• "GPL NETBIOS SMB OpenKey unicode andx overflow attempt"

• "GPL NETBIOS SMB-DS OpenKey little endian andx overflow attempt"

• "GPL NETBIOS SMB OpenKey andx overflow attempt"

• "GPL NETBIOS SMB-DS OpenKey unicode little endian overflow attempt"

• "GPL NETBIOS SMB OpenKey unicode little endian andx overflow attempt"

• "GPL NETBIOS SMB OpenKey unicode little endian overflow attempt"

• "GPL NETBIOS SMB-DS OpenKey overflow attempt"

• "GPL NETBIOS SMB-DS OpenKey unicode andx overflow attempt"

CVE-2000-0347

• "GPL NETBIOS NT NULL session"

• "OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt"

• "OS-WINDOWS NT NULL session"

• "OS-WINDOWS Microsoft Windows SMB NTLM NULL session attempt"

CVE-2000-0343

• "SERVER-MAIL sniffit overflow"

CVE-2000-0322

• "SERVER-WEBAPP piranha passwd.php3 access"

CVE-2000-0306

• "SERVER-OTHER SCO calserver overflow"

CVE-2000-0289

• "SERVER-WEBAPP SalesLogix Eviewer access"

CVE-2000-0282

• "SERVER-WEBAPP webplus version access"

CVE-2000-0236

• "SERVER-WEBAPP Netscape Enterprise Server directory view"

• "SERVER-WEBAPP Netscape Enterprise Server directory view"

• "SERVER-WEBAPP Netscape Enterprise Server directory view"

• "SERVER-WEBAPP Netscape Enterprise Server directory view"

• "SERVER-WEBAPP Netscape Enterprise Server directory view"

• "SERVER-WEBAPP Netscape Enterprise Server directory view"

• "SERVER-WEBAPP Netscape Enterprise Server directory view"

• "SERVER-WEBAPP Netscape Enterprise Server directory view"

CVE-2000-0221

• "SERVER-OTHER Bay/Nortel Nautica Marlin"

CVE-2000-0207

• "SERVER-WEBAPP SGI InfoSearch fname access"

CVE-2000-0189

• "SERVER-OTHER Adobe Coldfusion application.cfm access"

• "SERVER-OTHER Adobe Coldfusion onrequestend.cfm access"

CVE-2000-0165

• "SERVER-OTHER delegate proxy overflow"

CVE-2000-0138

• "MALWARE-OTHER mstream handler ping to agent"

• "PROTOCOL-ICMP tfn2k icmp possible communication"

• "MALWARE-OTHER Trin00 Daemon to Master PONG message detected"

• "MALWARE-OTHER mstream handler to agent"

• "MALWARE-OTHER mstream agent pong to handler"

• "PROTOCOL-ICMP Stacheldraht client check gag"

• "PROTOCOL-ICMP Stacheldraht server response"

• "MALWARE-OTHER mstream handler to client"

• "MALWARE-OTHER Trin00 Daemon to Master message detected"

• "PROTOCOL-ICMP Stacheldraht client check skillz"

• "MALWARE-OTHER mstream client to handler"

• "PROTOCOL-ICMP Stacheldraht server spoof"

• "MALWARE-OTHER shaft handler to agent"

• "MALWARE-OTHER mstream agent to handler"

• "MALWARE-OTHER mstream handler to client"

• "PROTOCOL-ICMP TFN Probe"

• "PROTOCOL-ICMP Stacheldraht client spoofworks"

• "MALWARE-OTHER shaft agent to handler"

• "PROTOCOL-ICMP Stacheldraht gag server response"

• "PROTOCOL-ICMP - TFN client command LE"

• "PROTOCOL-ICMP TFN server response"

• "PROTOCOL-ICMP TFN client command BE"

CVE-2000-0097

• "SERVER-IIS webhits access"

• "SERVER-WEBAPP webhits.exe access"

CVE-2000-0071

• "GPL EXPLOIT ISAPI .ida attempt"

• "GPL EXPLOIT ISAPI .idq access"

• "GPL EXPLOIT ISAPI .ida access"

• "SERVER-IIS ISAPI .ida access"

• "SERVER-IIS ISAPI .idq access"

CVE-2000-0057

• "SERVER-OTHER Adobe Coldfusion cfcache.map access"

CVE-2000-0054

• "SERVER-WEBAPP search.cgi access"

CVE-2000-0040

• "GPL FTP SITE ZIPCHK overflow attempt"

• "PROTOCOL-FTP SITE ZIPCHK overflow attempt"

CVE-1999-1588

• "OS-SOLARIS Oracle Solaris npls x86 overflow"

CVE-1999-1544

• "GPL FTP NLST overflow attempt"

CVE-1999-1533

• "SERVER-WEBAPP login.htm attempt"

• "SERVER-WEBAPP login.htm access"

CVE-1999-1520

• "SERVER-IIS site server config access"

CVE-1999-1462

• "SERVER-WEBAPP bb-rep.sh access"

• "SERVER-WEBAPP bb-replog.sh access"

• "SERVER-WEBAPP bb-histsvc.sh access"

CVE-1999-1376

• "GPL EXPLOIT fpcount access"

• "SERVER-IIS fpcount attempt"

• "SERVER-IIS fpcount access"

CVE-1999-1374

• "SERVER-WEBAPP perlshop.cgi access"

CVE-1999-1278

• "SERVER-WEBAPP rpc-smb.pl access"

CVE-1999-1232

• "SERVER-WEBAPP day5datacopier.cgi access"

• "SERVER-WEBAPP day5datanotifier.cgi access"

CVE-1999-1228

• "PROTOCOL-ICMP ath"

CVE-1999-1200

• "SERVER-MAIL Vintra Mailserver expn *@"

CVE-1999-1179

• "SERVER-WEBAPP man.sh access"

CVE-1999-1154

• "SERVER-WEBAPP filemail access"

CVE-1999-1081

• "SERVER-WEBAPP files.pl access"

CVE-1999-1078

• "SERVER-WEBAPP ws_ftp.ini access"

CVE-1999-1072

• "SERVER-WEBAPP AT-admin.cgi access"

• "SERVER-WEBAPP AT-generated.cgi access"

CVE-1999-1069

• "SERVER-WEBAPP carbo.dll access"

• "SERVER-WEBAPP icat access"

CVE-1999-1067

• "SERVER-WEBAPP MachineInfo access"

CVE-1999-1052

• "SERVER-OTHER Microsoft Frontpage form_results.htm access"

• "SERVER-OTHER Microsoft Frontpage form_results access"

CVE-1999-1030

• "SQL counter.exe access"

CVE-1999-0997

• "GPL FTP tar parameters"

• "PROTOCOL-FTP tar parameters"

CVE-1999-0977

• "GPL RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt"

• "PROTOCOL-RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt"

• "PROTOCOL-RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt"

CVE-1999-0974

• "GPL RPC RQUOTA getquota overflow attempt UDP"

• "PROTOCOL-RPC RQUOTA getquota overflow attempt TCP"

• "PROTOCOL-RPC RQUOTA getquota overflow attempt UDP"

CVE-1999-0955

• "GPL FTP SITE EXEC attempt"

• "PROTOCOL-FTP SITE EXEC attempt"

CVE-1999-0954

• "SERVER-WEBAPP wwwboard.pl access"

CVE-1999-0937

• "SERVER-WEBAPP bnbform.cgi access"

CVE-1999-0936

• "SERVER-WEBAPP survey.cgi access"

CVE-1999-0934

• "SERVER-WEBAPP classifieds.cgi access"

CVE-1999-0913

• "SERVER-WEBAPP dfire.cgi access"

CVE-1999-0897

• "SERVER-WEBAPP iChat directory traversal attempt"

CVE-1999-0875

• "PROTOCOL-ICMP IRDP router selection"

• "PROTOCOL-ICMP IRDP router advertisement"

CVE-1999-0874

• "SERVER-IIS idc-srch attempt"

• "SERVER-IIS JET VBA access"

CVE-1999-0833

• "SERVER-OTHER Bind Buffer Overflow via NXT records named overflow ADM"

• "SERVER-OTHER Bind Buffer Overflow via NXT records"

CVE-1999-0815

• "SERVER-IIS codebrowser Exair access"

CVE-1999-0811

• "OS-LINUX x86 Linux samba overflow"

CVE-1999-0800

• "GPL FTP SITE NEWER overflow attempt"

• "PROTOCOL-FTP SITE NEWER overflow attempt"

CVE-1999-0798

• "SERVER-OTHER bootp invalid hardware type"

• "SERVER-OTHER bootp hardware address length overflow"

CVE-1999-0771

• "SERVER-WEBAPP Compaq Insight directory traversal"

CVE-1999-0760

• "SERVER-OTHER Adobe Coldfusion gettempdirectory.cfm access "

• "SERVER-OTHER Adobe Coldfusion snippets attempt"

• "SERVER-OTHER Adobe Coldfusion set odbc ini attempt"

• "SERVER-OTHER Adobe Coldfusion cfmlsyntaxcheck.cfm access"

• "SERVER-OTHER Adobe Coldfusion mainframeset access"

• "SERVER-OTHER Adobe Coldfusion fileexists.cfm access"

• "SERVER-OTHER Adobe Coldfusion exprcalc access"

• "SERVER-OTHER Adobe Coldfusion getodbcdsn access"

• "SERVER-OTHER Adobe Coldfusion datasource passwordattempt"

• "SERVER-OTHER Adobe Coldfusion settings refresh attempt"

• "SERVER-OTHER Adobe Coldfusion expeval access"

• "SERVER-OTHER Adobe Coldfusion beaninfo access"

• "SERVER-OTHER Adobe Coldfusion parks access"

• "SERVER-OTHER Adobe Coldfusion admin encrypt attempt"

• "SERVER-OTHER Adobe Coldfusion datasource attempt"

• "SERVER-OTHER Adobe Coldfusion datasource username attempt"

• "SERVER-OTHER Adobe Coldfusion displayfile access"

• "SERVER-OTHER Adobe Coldfusion evaluate.cfm access"

• "SERVER-OTHER Adobe Coldfusion getodbcin attempt"

• "SERVER-OTHER Adobe Coldfusion cfappman access"

• "SERVER-OTHER Adobe Coldfusion db connections flush attempt"

• "SERVER-OTHER Adobe Coldfusion CFUSION_VERIFYMAIL access"

• "SERVER-OTHER Adobe Coldfusion admin decrypt attempt"

CVE-1999-0756

• "SERVER-OTHER Adobe Coldfusion startstop DOS access"

CVE-1999-0745

• "SERVER-OTHER AIX pdnsd overflow"

CVE-1999-0744

• "SERVER-WEBAPP Netscape Unixware overflow"

CVE-1999-0736

• "SERVER-IIS codebrowser SDK access"

CVE-1999-0704

• "PROTOCOL-RPC AMD TCP amqproc_mount plog overflow attempt"

• "PROTOCOL-RPC AMD UDP amqproc_mount plog overflow attempt"

• "PROTOCOL-RPC portmap amountd request TCP"

• "PROTOCOL-RPC portmap amountd request UDP"

CVE-1999-0696

• "GPL RPC CMSD TCP CMSD_CREATE buffer overflow attempt"

• "GPL RPC CMSD UDP CMSD_CREATE buffer overflow attempt"

• "PROTOCOL-RPC CMSD TCP CMSD_CREATE buffer overflow attempt"

CVE-1999-0678

• "SERVER-WEBAPP /doc/ access"

CVE-1999-0672

• "SERVER-OTHER CHAT IRC topic overflow"

CVE-1999-0671

• "SERVER-OTHER NextFTP client overflow"

CVE-1999-0657

• "POLICY-OTHER WinGate telnet server response"

CVE-1999-0647

• "GPL RPC portmap bootparam request UDP"

• "GPL RPC portmap bootparam request TCP"

CVE-1999-0626

• "GPL RPC portmap rusers request UDP"

• "GPL RPC portmap rusers request TCP"

• "PROTOCOL-RPC portmap rusers request UDP"

• "PROTOCOL-RPC portmap rusers request TCP"

• "PROTOCOL-RPC rusers query UDP"

CVE-1999-0612

• "PROTOCOL-FINGER cybercop query"

• "PROTOCOL-FINGER null request"

CVE-1999-0606

• "SERVER-WEBAPP mall log order access"

CVE-1999-0517

• "ET SNMP missing community string attempt 1"

• "ET SNMP missing community string attempt 4"

• "ET SNMP missing community string attempt 2"

• "GPL SNMP null community string attempt"

• "PROTOCOL-SNMP missing community string attempt"

• "PROTOCOL-SNMP null community string attempt"

CVE-1999-0467

• "SERVER-WEBAPP wguest.exe access"

CVE-1999-0454

• "PROTOCOL-ICMP unassigned type 7 undefined code"

CVE-1999-0449

• "SERVER-IIS query.asp access"

CVE-1999-0407

• "GPL EXPLOIT iisadmpwd attempt"

• "SERVER-IIS achg.htr access"

• "SERVER-WEBAPP AuthChangeUrl access"

• "SERVER-IIS anot.htr access"

CVE-1999-0404

• "SERVER-MAIL x86 windows MailMax overflow"

CVE-1999-0368

• "GPL FTP MKD overflow"

CVE-1999-0360

• "SERVER-IIS postinfo.asp access"

• "SERVER-WEBAPP cpshost.dll access"

• "SERVER-IIS uploadn.asp access"

CVE-1999-0346

• "SERVER-WEBAPP mylog.phtml access"

• "SERVER-WEBAPP mlog.phtml access"

CVE-1999-0287

• "SERVER-WEBAPP rguest.exe access"

CVE-1999-0269

• "SERVER-WEBAPP ?PageServices access"

CVE-1999-0265

• "PROTOCOL-ICMP Redirect for TOS and Host"

• "PROTOCOL-ICMP Redirect undefined code"

• "PROTOCOL-ICMP Redirect for TOS and Network"

CVE-1999-0261

• "SERVER-MAIL Netmanager chameleon SMTPd buffer overflow attempt"

CVE-1999-0259

• "PROTOCOL-FINGER search query"

CVE-1999-0233

• "SERVER-WEBAPP snork.bat access"

CVE-1999-0229

• "SERVER-IIS Microsoft Windows IIS directory traversal attempt"

CVE-1999-0218

• "PROTOCOL-TELNET livingston DOS"

CVE-1999-0210

• "PROTOCOL-RPC mountd TCP mount request"

CVE-1999-0209

• "PROTOCOL-RPC portmap selection_svc request TCP"

• "PROTOCOL-RPC portmap selection_svc request UDP"

CVE-1999-0208

• "PROTOCOL-RPC portmap ypupdated request UDP"

• "PROTOCOL-RPC ypupdated arbitrary command attempt TCP"

• "PROTOCOL-RPC ypupdated arbitrary command attempt UDP"

• "PROTOCOL-RPC portmap ypupdated request TCP"

CVE-1999-0207

• "SERVER-MAIL Majordomo ifs"

CVE-1999-0204

• "SERVER-MAIL Sendmail 8.6.9 exploit"

• "SERVER-MAIL Sendmail 8.6.9 exploit"

• "SERVER-MAIL Sendmail 8.6.9c exploit"

• "SERVER-MAIL Sendmail 8.6.9 exploit"

• "SERVER-MAIL Sendmail 8.6.10 exploit"

• "SERVER-MAIL Sendmail 8.6.10 exploit"

CVE-1999-0203

• "SERVER-MAIL Sendmail 5.6.5 exploit"

• "SERVER-MAIL Sendmail RCPT TO decode attempt"

CVE-1999-0183

• "GPL TFTP Put"

• "PROTOCOL-TFTP root directory"

CVE-1999-0181

• "PROTOCOL-RPC portmap rwalld request TCP"

• "PROTOCOL-RPC portmap rwalld request UDP"

CVE-1999-0175

• "SERVER-WEBAPP convert.bas access"

CVE-1999-0174

• "SERVER-WEBAPP view-source access"

• "SERVER-WEBAPP view-source directory traversal"

CVE-1999-0153

• "SERVER-OTHER Winnuke attack"

CVE-1999-0152

• "PROTOCOL-FINGER remote command pipe execution attempt"

CVE-1999-0150

• "PROTOCOL-FINGER remote command execution attempt"

CVE-1999-0113

• "PROTOCOL-SERVICES Unix rlogin froot parameter root access attempt"

CVE-1999-0106

• "PROTOCOL-FINGER bomb attempt"

CVE-1999-0096

• "GPL SMTP vrfy decode"

• "SERVER-MAIL vrfy decode"

CVE-1999-0095

• "SERVER-MAIL Sendmail rcpt to command attempt"

CVE-1999-0082

• "GPL FTP CWD ~root attempt"

• "PROTOCOL-FTP CWD ~root attempt"

CVE-1999-0081

• "PROTOCOL-FTP RNFR ././ attempt"

CVE-1999-0073

• "PROTOCOL-TELNET ld_library_path"

CVE-1999-0067

• "SERVER-WEBAPP phf arbitrary command execution attempt"

• "SERVER-WEBAPP phf access"

CVE-1999-0066

• "SERVER-WEBAPP anform2 access"

CVE-1999-0060

• "SERVER-OTHER Ascend Route"

CVE-1999-0039

• "SERVER-WEBAPP cat_ access"

CVE-1999-0009

• "PROTOCOL-DNS UDP inverse query overflow"

• "PROTOCOL-DNS TCP inverse query overflow"

CVE-1999-0008

• "PROTOCOL-RPC portmap nisd request UDP"

CVE-1999-0006

• "GPL POP3 x86 SCO overflow"

• "PROTOCOL-POP EXPLOIT x86 SCO overflow"

CVE-1999-0003

• "GPL RPC tooltalk TCP overflow attempt"

• "GPL RPC tooltalk UDP overflow attempt"

• "PROTOCOL-RPC DOS ttdbserv Solaris"

• "PROTOCOL-RPC tooltalk UDP overflow attempt"

CVE-1999-0002

• "OS-LINUX x86 Linux mountd overflow"

• "OS-LINUX x86 Linux mountd overflow"

• "OS-LINUX x86 Linux mountd overflow"