List Info

Thread: Bleeding Edge Threats Daily Signature Changes
Bleeding Edge Threats Daily Signature Changes
country flaguser name
United States		 2007-05-19 15:00:07 
[***] Results from Oinkmaster started Sat May 19 16:00:07
2007 [***]

[+++]          Added rules:          [+++]

 2003864 - BLEEDING-EDGE POLICY Outbound SMTP on port 587
(bleeding-policy.rules)
 2003865 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection
Attempt -- stylesheet.php templateid DELETE
(bleeding-web.rules)
 2003866 - BLEEDING-EDGE WEB Glossaire SQL Injection Attempt
-- glossaire-p-f.php sid SELECT (bleeding-web.rules)
 2003867 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion
3_lay.php tt_docroot (bleeding-web.rules)


[///]     Modified active rules:     [///]

 2003660 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion
Attempt - Headerfile.php System (bleeding-web.rules)
 2003661 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion
Attempt -- latest_files.php System (bleeding-web.rules)
 2003662 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion
Attempt -- latest_posts.php System (bleeding-web.rules)
 2003663 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion
Attempt -- groups_headerfile.php System
(bleeding-web.rules)
 2003664 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion
Attempt -- filters_headerfile.php System
(bleeding-web.rules)
 2003665 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion
Attempt -- links.php System (bleeding-web.rules)
 2003666 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion
Attempt -- menu_headerfile.php System (bleeding-web.rules)
 2003667 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion
Attempt -- latest_news.php System (bleeding-web.rules)
 2003668 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion
Attempt -- settings_headerfile.php System
(bleeding-web.rules)
 2003669 - BLEEDING-EDGE WEB TopTree Remote Inclusion
Attempt -- tpl_message.php right_file (bleeding-web.rules)
 2003670 - BLEEDING-EDGE WEB Workbench Survival Guide Remote
Inclusion Attempt -- headerfile.php path
(bleeding-web.rules)
 2003671 - BLEEDING-EDGE WEB Versado CMS Remote Inclusion
Attempt -- ajax_listado.php urlModulo (bleeding-web.rules)
 2003672 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt
-- mod_image_index.php config[pathMod] (bleeding-web.rules)
 2003673 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt
-- mod_liens_index.php config[pathMod] (bleeding-web.rules)
 2003674 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt
-- mod_liste_index.php config[pathMod] (bleeding-web.rules)
 2003675 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt
-- mod_special_index.php config[pathMod]
(bleeding-web.rules)
 2003676 - BLEEDING-EDGE WEB PMECMS Remote Inclusion Attempt
-- mod_texte_index.php config[pathMod] (bleeding-web.rules)
 2003678 - BLEEDING-EDGE WEB Tropicalm Remote Inclusion
Attempt -- dosearch.php RESPATH (bleeding-web.rules)
 2003679 - BLEEDING-EDGE WEB DynamicPAD Remote Inclusion
Attempt -- dp_logs.php HomeDir (bleeding-web.rules)
 2003680 - BLEEDING-EDGE WEB DynamicPAD Remote Inclusion
Attempt -- index.php HomeDir (bleeding-web.rules)
 2003681 - BLEEDING-EDGE WEB Persism CMS Remote Inclusion
Attempt -- users_headerfile.php System (bleeding-web.rules)
 2003682 - BLEEDING-EDGE WEB E-Gads Remote Inclusion Attempt
-- common.php locale (bleeding-web.rules)
 2003683 - BLEEDING-EDGE WEB PHP Turbulence Remote Inclusion
Attempt -- turbulence.php GLOBALS[tcore]
(bleeding-web.rules)
 2003684 - BLEEDING-EDGE WEB MXBB Remote Inclusion Attempt
-- faq.php module_root_path (bleeding-web.rules)
 2003685 - BLEEDING-EDGE WEB Wordpress Remote Inclusion
Attempt -- wptable-button.php wpPATH (bleeding-web.rules)
 2003686 - BLEEDING-EDGE WEB Wordpress Remote Inclusion
Attempt -- wordtube-button.php wpPATH (bleeding-web.rules)
 2003687 - BLEEDING-EDGE WEB TurnKeyWebTools Remote
Inclusion Attempt -- payflow_pro.php abs_path
(bleeding-web.rules)
 2003688 - BLEEDING-EDGE WEB TurnKeyWebTools Remote
Inclusion Attempt -- global.php abs_path
(bleeding-web.rules)
 2003689 - BLEEDING-EDGE WEB TurnKeyWebTools Remote
Inclusion Attempt -- libsecure.php abs_path
(bleeding-web.rules)
 2003690 - BLEEDING-EDGE WEB Firefly Remote Inclusion
Attempt -- config.php DOCUMENT_ROOT (bleeding-web.rules)
 2003691 - BLEEDING-EDGE WEB Pixaria Gallery Remote
Inclusion Attempt -- psg.smarty.lib.php cfg[sys][base_path]
(bleeding-web.rules)
 2003692 - BLEEDING-EDGE WEB VM Watermark Remote Inclusion
Attempt -- watermark.php GALLERY_BASEDIR
(bleeding-web.rules)
 2003693 - BLEEDING-EDGE WEB PHPtree Remote Inclusion
Attempt -- cms2.php s_dir (bleeding-web.rules)
 2003696 - BLEEDING-EDGE WEB Wikivi5 Remote Inclusion
Attempt -- show.php sous_rep (bleeding-web.rules)
 2003698 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion
index.php abs_path (bleeding-web.rules)
 2003699 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion
checkout.php abs_path (bleeding-web.rules)
 2003700 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion
libsecure.php abs_path (bleeding-web.rules)
 2003701 - BLEEDING-EDGE WEB pfa CMS Remote Inclusion
index.php repinc (bleeding-web.rules)
 2003702 - BLEEDING-EDGE WEB Pixaria Gallery Remote
Inclusion class.Smarty.php cfg[sys][base_path]
(bleeding-web.rules)
 2003703 - BLEEDING-EDGE WEB phpMyPortal Remote Inclusion
Attempt -- articles.inc.php GLOBALS[CHEMINMODULES]
(bleeding-web.rules)
 2003716 - BLEEDING-EDGE WEB LaVague Remote Inclusion
Attempt -- printbar.php views_path (bleeding-web.rules)
 2003717 - BLEEDING-EDGE WEB miplex2 Remote Inclusion
SmartyFU.class.php system (bleeding-web.rules)
 2003718 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt
-- lom.php ETCDIR (bleeding-web.rules)
 2003719 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt
-- lom_update.php ETCDIR (bleeding-web.rules)
 2003720 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt
-- check-lom.php ETCDIR (bleeding-web.rules)
 2003721 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt
-- weigh_keywords.php ETCDIR (bleeding-web.rules)
 2003722 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt
-- logout.php ETCDIR (bleeding-web.rules)
 2003723 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt
-- help.php ETCDIR (bleeding-web.rules)
 2003724 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt
-- index.php ETCDIR (bleeding-web.rules)
 2003725 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt
-- login.php ETCDIR (bleeding-web.rules)
 2003726 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt --
mtdialogo.php pathCGX (bleeding-web.rules)
 2003727 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt --
ltdialogo.php pathCGX (bleeding-web.rules)
 2003728 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt --
logingecon.php pathCGX (bleeding-web.rules)
 2003729 - BLEEDING-EDGE WEB CGX Remote Inclusion Attempt --
login.php pathCGX (bleeding-web.rules)
 2003730 - BLEEDING-EDGE WEB PHPHtmlLib Remote Inclusion
Attempt -- widget8.php phphtmllib (bleeding-web.rules)
 2003731 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion
Attempt -- ftp.php path_local (bleeding-web.rules)
 2003732 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion
Attempt -- db.php path_local (bleeding-web.rules)
 2003733 - BLEEDING-EDGE WEB PHPLojaFacil Remote Inclusion
Attempt -- libs_ftp.php path_local (bleeding-web.rules)
 2003735 - BLEEDING-EDGE WEB PHPSecurityAdmin Remote
Inclusion Attempt -- logout.php PSA_PATH
(bleeding-web.rules)
 2003737 - BLEEDING-EDGE WEB CJG Explorer Remote Inclusion
Attempt -- pcltrace.lib.php g_pcltar_lib_dir
(bleeding-web.rules)
 2003739 - BLEEDING-EDGE WEB Yaap Remote Inclusion Attempt
-- common.php root_path (bleeding-web.rules)
 2003740 - BLEEDING-EDGE WEB PHPFirstPost Remote Inclusion
Attempt block.php Include (bleeding-web.rules)
 2003741 - BLEEDING-EDGE WEB Open Translation Engine Remote
Inclusion Attempt -- header.php ote_home
(bleeding-web.rules)
 2003742 - BLEEDING-EDGE WEB PHPChess Remote Inclusion
Attempt -- language.php config (bleeding-web.rules)
 2003743 - BLEEDING-EDGE WEB PHPChess Remote Inclusion
Attempt -- layout_admin_cfg.php Root_Path
(bleeding-web.rules)
 2003744 - BLEEDING-EDGE WEB PHPChess Remote Inclusion
Attempt -- layout_cfg.php Root_Path (bleeding-web.rules)
 2003745 - BLEEDING-EDGE WEB PHPChess Remote Inclusion
Attempt -- layout_t_top.php Root_Path (bleeding-web.rules)
 2003746 - BLEEDING-EDGE WEB Simple PHP Script Gallery
Remote Inclusion index.php gallery (bleeding-web.rules)
 2003747 - BLEEDING-EDGE WEB gnuedu Remote Inclusion Attempt
-- lom.php ETCDIR (bleeding-web.rules)
 2003794 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection
Attempt -- stylesheet.php templateid SELECT
(bleeding-web.rules)
 2003795 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection
Attempt -- stylesheet.php templateid UNION SELECT
(bleeding-web.rules)
 2003796 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection
Attempt -- stylesheet.php templateid INSERT
(bleeding-web.rules)
 2003797 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection
Attempt -- stylesheet.php templateid ASCII
(bleeding-web.rules)
 2003798 - BLEEDING-EDGE WEB CMS Made Simple SQL Injection
Attempt -- stylesheet.php templateid UPDATE
(bleeding-web.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic
Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source
(bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source -
BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 6)  (bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server
Traffic (group 7)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic
(group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[---]         Removed rules:         [---]

       0 - BLEEDING-EDGE WEB TellTarget CMS Remote Inclusion
3_lay.php tt_docroot (bleeding-web.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 188

     -> Added to bleeding-drop.rules (1):
        #  VERSION 188

     -> Added to bleeding-policy.rules (1):
        #Seeing some bots use 587 as an outbound mail
stream. Use this if you do NOT use 587 locally

     -> Added to bleeding-sid-msg.map (5):
        2003796 || BLEEDING-EDGE WEB CMS Made Simple SQL
Injection Attempt -- stylesheet.php templateid INSERT ||
url,www.securityfocus.com/bid/23753 || cve,CVE-2007-2473
        2003864 || BLEEDING-EDGE POLICY Outbound SMTP on
port 587
        2003865 || BLEEDING-EDGE WEB CMS Made Simple SQL
Injection Attempt -- stylesheet.php templateid DELETE ||
url,www.securityfocus.com/bid/23753 || cve,CVE-2007-2473
        2003866 || BLEEDING-EDGE WEB Glossaire SQL Injection
Attempt -- glossaire-p-f.php sid SELECT ||
url,www.milw0rm.com/exploits/3932 || cve,CVE-2007-2738
        2003867 || BLEEDING-EDGE WEB TellTarget CMS Remote
Inclusion 3_lay.php tt_docroot ||
url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 187

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 187

     -> Removed from bleeding-sid-msg.map (2):
        0000000 || BLEEDING-EDGE WEB TellTarget CMS Remote
Inclusion 3_lay.php tt_docroot ||
url,www.milw0rm.com/exploits/3885 || cve,CVE-2007-2597
        2003796 || BLEEDING-EDGE WEB CMS Made Simple SQL
Injection Attempt -- stylesheet.php templateid DELETE ||
url,www.securityfocus.com/bid/23753 || cve,CVE-2007-2473

_______________________________________________
Bleeding-sigs mailing list
Bleeding-sigsbleedingthreats.net
http://lists.bleedingthreats.net/cgi-bin/
mailman/listinfo/bleeding-sigs
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )