# $Id$ # Format: SID || MSG || Optional References || Optional References ... # SID -> MSG map 103 || BACKDOOR subseven 22 || arachnids,485 || url,www.hackfix.org/subseven/ 104 || BACKDOOR - Dagger_1.4.0_client_connect || arachnids,483 || url,www.tlsecurity.net/backdoor/Dagger.1.4.html 105 || BACKDOOR - Dagger_1.4.0 || arachnids,484 || url,www.tlsecurity.net/backdoor/Dagger.1.4.html 106 || BACKDOOR ACKcmdC trojan scan || arachnids,445 107 || BACKDOOR subseven DEFCON8 2.1 access 108 || BACKDOOR QAZ Worm Client Login access || MCAFEE,98775 109 || BACKDOOR netbus active || arachnids,401 110 || BACKDOOR netbus getinfo || arachnids,403 111 || BACKDOOR netbus getinfo || arachnids,403 112 || BACKDOOR BackOrifice access || arachnids,400 113 || BACKDOOR DeepThroat access || arachnids,405 114 || BACKDOOR netbus active || arachnids,401 115 || BACKDOOR netbus 2 active || arachnids,401 116 || BACKDOOR BackOrifice access || arachnids,399 117 || BACKDOOR Infector.1.x || arachnids,315 118 || BACKDOOR SatansBackdoor.2.0.Beta || arachnids,316 119 || BACKDOOR Doly 2.0 access || arachnids,312 120 || BACKDOOR Infector 1.6 Server to Client || cve,1999-0660 || nessus,11157 121 || BACKDOOR Infector 1.6 Client to Server Connection Request || cve,1999-0660 || nessus,11157 122 || BACKDOOR DeepThroat 3.1 System Info Client Request || arachnids,106 124 || BACKDOOR DeepThroat 3.1 FTP Status Client Request || arachnids,106 125 || BACKDOOR DeepThroat 3.1 E-Mail Info From Server || arachnids,106 126 || BACKDOOR DeepThroat 3.1 E-Mail Info Client Request || arachnids,106 127 || BACKDOOR DeepThroat 3.1 Server Status From Server || arachnids,106 128 || BACKDOOR DeepThroat 3.1 Server Status Client Request || arachnids,106 129 || BACKDOOR DeepThroat 3.1 Drive Info From Server || arachnids,106 130 || BACKDOOR DeepThroat 3.1 System Info From Server || arachnids,106 131 || BACKDOOR DeepThroat 3.1 Drive Info Client Request || arachnids,106 132 || BACKDOOR DeepThroat 3.1 Server FTP Port Change From Server || arachnids,106 133 || BACKDOOR DeepThroat 3.1 Cached Passwords Client Request || arachnids,106 134 || BACKDOOR DeepThroat 3.1 RAS Passwords Client Request || arachnids,106 135 || BACKDOOR DeepThroat 3.1 Server Password Change Client Request || arachnids,106 136 || BACKDOOR DeepThroat 3.1 Server Password Remove Client Request || arachnids,106 137 || BACKDOOR DeepThroat 3.1 Rehash Client Request || arachnids,106 138 || BACKDOOR DeepThroat 3.1 Server Rehash Client Request || arachnids,106 140 || BACKDOOR DeepThroat 3.1 ICQ Alert OFF Client Request || arachnids,106 141 || BACKDOOR HackAttack 1.20 Connect 142 || BACKDOOR DeepThroat 3.1 ICQ Alert ON Client Request || arachnids,106 143 || BACKDOOR DeepThroat 3.1 Change Wallpaper Client Request || arachnids,106 144 || FTP ADMw0rm ftp login attempt || arachnids,01 145 || BACKDOOR GirlFriendaccess || arachnids,98 146 || BACKDOOR NetSphere access || arachnids,76 147 || BACKDOOR GateCrasher || arachnids,99 148 || BACKDOOR DeepThroat 3.1 Keylogger Active on Network || arachnids,106 149 || BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network || arachnids,106 150 || BACKDOOR DeepThroat 3.1 Server Active on Network || arachnids,106 151 || BACKDOOR DeepThroat 3.1 Client Sending Data to Server on Network || arachnids,106 152 || BACKDOOR BackConstruction 2.1 Connection 153 || BACKDOOR DonaldDick 1.53 Traffic || mcafee,98575 154 || BACKDOOR DeepThroat 3.1 Wrong Password || arachnids,106 155 || BACKDOOR NetSphere 1.31.337 access || arachnids,76 156 || BACKDOOR DeepThroat 3.1 Visible Window List Client Request || arachnids,106 157 || BACKDOOR BackConstruction 2.1 Client FTP Open Request 158 || BACKDOOR BackConstruction 2.1 Server FTP Open Reply 159 || BACKDOOR NetMetro File List || arachnids,79 160 || BACKDOOR NetMetro Incoming Traffic || arachnids,79 161 || BACKDOOR Matrix 2.0 Client connect || arachnids,83 162 || BACKDOOR Matrix 2.0 Server access || arachnids,83 163 || BACKDOOR WinCrash 1.0 Server Active || arachnids,36 164 || BACKDOOR DeepThroat 3.1 Server Active on Network || arachnids,106 165 || BACKDOOR DeepThroat 3.1 Keylogger on Server ON || arachnids,106 166 || BACKDOOR DeepThroat 3.1 Show Picture Client Request || arachnids,106 167 || BACKDOOR DeepThroat 3.1 Hide/Show Clock Client Request || arachnids,106 168 || BACKDOOR DeepThroat 3.1 Hide/Show Desktop Client Request || arachnids,106 169 || BACKDOOR DeepThroat 3.1 Swap Mouse Buttons Client Request || arachnids,106 170 || BACKDOOR DeepThroat 3.1 Enable/Disable CTRL-ALT-DEL Client Request || arachnids,106 171 || BACKDOOR DeepThroat 3.1 Freeze Mouse Client Request || arachnids,106 172 || BACKDOOR DeepThroat 3.1 Show Dialog Box Client Request || arachnids,106 173 || BACKDOOR DeepThroat 3.1 Show Replyable Dialog Box Client Request || arachnids,106 174 || BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request || arachnids,106 175 || BACKDOOR DeepThroat 3.1 Resolution Change Client Request || arachnids,106 176 || BACKDOOR DeepThroat 3.1 Hide/Show Start Button Client Request || arachnids,106 177 || BACKDOOR DeepThroat 3.1 Keylogger on Server OFF || arachnids,106 179 || BACKDOOR DeepThroat 3.1 FTP Server Port Client Request || arachnids,106 180 || BACKDOOR DeepThroat 3.1 Process List Client request || arachnids,106 181 || BACKDOOR DeepThroat 3.1 Close Port Scan Client Request || arachnids,106 182 || BACKDOOR DeepThroat 3.1 Registry Add Client Request || arachnids,106 183 || BACKDOOR SIGNATURE - Q ICMP || arachnids,202 184 || BACKDOOR Q access || arachnids,203 185 || BACKDOOR CDK || arachnids,263 186 || BACKDOOR DeepThroat 3.1 Monitor on/off Client Request || arachnids,106 187 || BACKDOOR DeepThroat 3.1 Delete File Client Request || arachnids,106 188 || BACKDOOR DeepThroat 3.1 Kill Window Client Request || arachnids,106 189 || BACKDOOR DeepThroat 3.1 Disable Window Client Request || arachnids,106 190 || BACKDOOR DeepThroat 3.1 Enable Window Client Request || arachnids,106 191 || BACKDOOR DeepThroat 3.1 Change Window Title Client Request || arachnids,106 192 || BACKDOOR DeepThroat 3.1 Hide Window Client Request || arachnids,106 193 || BACKDOOR DeepThroat 3.1 Show Window Client Request || arachnids,106 194 || BACKDOOR DeepThroat 3.1 Send Text to Window Client Request || arachnids,106 195 || BACKDOOR DeepThroat 3.1 Server Response || arachnids,106 || mcafee,98574 || nessus,10053 196 || BACKDOOR DeepThroat 3.1 Hide/Show Systray Client Request || arachnids,106 197 || BACKDOOR DeepThroat 3.1 Create Directory Client Request || arachnids,106 198 || BACKDOOR DeepThroat 3.1 All Window List Client Request || arachnids,106 199 || BACKDOOR DeepThroat 3.1 Play Sound Client Request || arachnids,106 200 || BACKDOOR DeepThroat 3.1 Run Program Normal Client Request || arachnids,106 201 || BACKDOOR DeepThroat 3.1 Run Program Hidden Client Request || arachnids,106 202 || BACKDOOR DeepThroat 3.1 Get NET File Client Request || arachnids,106 203 || BACKDOOR DeepThroat 3.1 Find File Client Request || arachnids,106 204 || BACKDOOR DeepThroat 3.1 Find File Client Request || arachnids,106 205 || BACKDOOR DeepThroat 3.1 HUP Modem Client Request || arachnids,106 206 || BACKDOOR DeepThroat 3.1 CD ROM Open Client Request || arachnids,106 207 || BACKDOOR DeepThroat 3.1 CD ROM Close Client Request || arachnids,106 208 || BACKDOOR PhaseZero Server Active on Network 209 || BACKDOOR w00w00 attempt || arachnids,510 210 || BACKDOOR attempt 211 || BACKDOOR MISC r00t attempt 212 || BACKDOOR MISC rewt attempt 213 || BACKDOOR MISC Linux rootkit attempt 214 || BACKDOOR MISC Linux rootkit attempt lrkr0x 215 || BACKDOOR MISC Linux rootkit attempt 216 || BACKDOOR MISC Linux rootkit satori attempt || arachnids,516 217 || BACKDOOR MISC sm4ck attempt 218 || BACKDOOR MISC Solaris 2.5 attempt 219 || BACKDOOR HidePak backdoor attempt 220 || BACKDOOR HideSource backdoor attempt 221 || DDOS TFN Probe || arachnids,443 222 || DDOS tfn2k icmp possible communication || arachnids,425 223 || DDOS Trin00 Daemon to Master PONG message detected || arachnids,187 224 || DDOS Stacheldraht server spoof || arachnids,193 225 || DDOS Stacheldraht gag server response || arachnids,195 226 || DDOS Stacheldraht server response || arachnids,191 227 || DDOS Stacheldraht client spoofworks || arachnids,192 228 || DDOS TFN client command BE || arachnids,184 229 || DDOS Stacheldraht client check skillz || arachnids,190 230 || DDOS shaft client login to handler || arachnids,254 || url,security.royans.net/info/posts/bugtraq_ddos3.shtml 231 || DDOS Trin00 Daemon to Master message detected || arachnids,186 232 || DDOS Trin00 Daemon to Master *HELLO* message detected || arachnids,185 || url,www.sans.org/newlook/resources/IDFAQ/trinoo.htm 233 || DDOS Trin00 Attacker to Master default startup password || arachnids,197 234 || DDOS Trin00 Attacker to Master default password 235 || DDOS Trin00 Attacker to Master default mdie password 236 || DDOS Stacheldraht client check gag || arachnids,194 237 || DDOS Trin00 Master to Daemon default password attempt || arachnids,197 238 || DDOS TFN server response || arachnids,182 239 || DDOS shaft handler to agent || arachnids,255 240 || DDOS shaft agent to handler || arachnids,256 241 || DDOS shaft synflood || arachnids,253 || cve,2000-0138 243 || DDOS mstream agent to handler 244 || DDOS mstream handler to agent || cve,2000-0138 245 || DDOS mstream handler ping to agent || cve,2000-0138 246 || DDOS mstream agent pong to handler 247 || DDOS mstream client to handler || cve,2000-0138 248 || DDOS mstream handler to client || cve,2000-0138 249 || DDOS mstream client to handler || arachnids,111 || cve,2000-0138 250 || DDOS mstream handler to client || cve,2000-0138 251 || DDOS - TFN client command LE || arachnids,183 252 || DNS named iquery attempt || arachnids,277 || bugtraq,134 || cve,1999-0009 || url,www.rfc-editor.org/rfc/rfc1035.txt 253 || DNS SPOOF query response PTR with TTL of 1 min. and no authority 254 || DNS SPOOF query response with TTL of 1 min. and no authority 255 || DNS zone transfer TCP || arachnids,212 || cve,1999-0532 || nessus,10595 256 || DNS named authors attempt || arachnids,480 || nessus,10728 257 || DNS named version attempt || arachnids,278 || nessus,10028 258 || DNS EXPLOIT named 8.2->8.2.1 || bugtraq,788 || cve,1999-0833 259 || DNS EXPLOIT named overflow ADM || bugtraq,788 || cve,1999-0833 260 || DNS EXPLOIT named overflow ADMROCKS || bugtraq,788 || cve,1999-0833 || url,www.cert.org/advisories/CA-1999-14.html 261 || DNS EXPLOIT named overflow attempt || url,www.cert.org/advisories/CA-1998-05.html 262 || DNS EXPLOIT x86 Linux overflow attempt 264 || DNS EXPLOIT x86 Linux overflow attempt 265 || DNS EXPLOIT x86 Linux overflow attempt ADMv2 266 || DNS EXPLOIT x86 FreeBSD overflow attempt 267 || DNS EXPLOIT sparc overflow attempt 268 || DOS Jolt attack || cve,1999-0345 269 || DOS Land attack || bugtraq,2666 || cve,1999-0016 270 || DOS Teardrop attack || bugtraq,124 || cve,1999-0015 || nessus,10279 || url,www.cert.org/advisories/CA-1997-28.html 271 || DOS UDP echo+chargen bomb || cve,1999-0103 || cve,1999-0635 272 || DOS IGMP dos attack || bugtraq,514 || cve,1999-0918 273 || DOS IGMP dos attack || bugtraq,514 || cve,1999-0918 274 || DOS ath || arachnids,264 || cve,1999-1228 275 || DOS NAPTHA || bugtraq,2022 || cve,2000-1039 || url,razor.bindview.com/publish/advisories/adv_NAPTHA.html || url,www.cert.org/advisories/CA-2000-21.html || url,www.microsoft.com/technet/security/bulletin/MS00-091.mspx 276 || DOS Real Audio Server || arachnids,411 || bugtraq,1288 || cve,2000-0474 277 || DOS Real Server template.html || bugtraq,1288 || cve,2000-0474 278 || DOS Real Server template.html || bugtraq,1288 || cve,2000-0474 279 || DOS Bay/Nortel Nautica Marlin || bugtraq,1009 || cve,2000-0221 281 || DOS Ascend Route || arachnids,262 || bugtraq,714 || cve,1999-0060 282 || DOS arkiea backup || arachnids,261 || bugtraq,662 || cve,1999-0788 283 || EXPLOIT Netscape 4.7 client overflow || arachnids,215 || bugtraq,822 || cve,1999-1189 || cve,2000-1187 284 || POP2 x86 Linux overflow 285 || POP2 x86 Linux overflow 286 || POP3 EXPLOIT x86 BSD overflow || bugtraq,133 || cve,1999-0006 || nessus,10196 287 || POP3 EXPLOIT x86 BSD overflow 288 || POP3 EXPLOIT x86 Linux overflow 289 || POP3 EXPLOIT x86 SCO overflow || bugtraq,156 || cve,1999-0006 290 || POP3 EXPLOIT qpopper overflow || bugtraq,830 || cve,1999-0822 || nessus,10184 291 || NNTP Cassandra Overflow || arachnids,274 || bugtraq,1156 || cve,2000-0341 292 || EXPLOIT x86 Linux samba overflow || bugtraq,1816 || bugtraq,536 || cve,1999-0182 || cve,1999-0811 293 || IMAP EXPLOIT overflow 295 || IMAP EXPLOIT x86 linux overflow || bugtraq,130 || cve,1999-0005 296 || IMAP EXPLOIT x86 linux overflow || bugtraq,130 || cve,1999-0005 297 || IMAP EXPLOIT x86 linux overflow || bugtraq,130 || cve,1999-0005 298 || IMAP EXPLOIT x86 linux overflow || bugtraq,130 || cve,1999-0005 299 || IMAP EXPLOIT x86 linux overflow || bugtraq,130 || cve, CVE-1999-0005 300 || EXPLOIT nlps x86 Solaris overflow || bugtraq,2319 301 || EXPLOIT LPRng overflow || bugtraq,1712 || cve,2000-0917 302 || EXPLOIT Redhat 7.0 lprd overflow || bugtraq,1712 || cve,2000-0917 303 || DNS EXPLOIT named tsig overflow attempt || arachnids,482 || bugtraq,2302 || cve,2001-0010 304 || EXPLOIT SCO calserver overflow || bugtraq,2353 || cve,2000-0306 305 || EXPLOIT delegate proxy overflow || arachnids,267 || bugtraq,808 || cve,2000-0165 306 || EXPLOIT VQServer admin || bugtraq,1610 || cve,2000-0766 || url,www.vqsoft.com/vq/server/docs/other/control.html 307 || EXPLOIT CHAT IRC topic overflow || bugtraq,573 || cve,1999-0672 308 || EXPLOIT NextFTP client overflow || bugtraq,572 || cve,1999-0671 309 || EXPLOIT sniffit overflow || arachnids,273 || bugtraq,1158 || cve,2000-0343 310 || EXPLOIT x86 windows MailMax overflow || bugtraq,2312 || cve,1999-0404 311 || EXPLOIT Netscape 4.7 unsucessful overflow || arachnids,214 || bugtraq,822 || cve,1999-1189 || cve,2000-1187 312 || EXPLOIT ntpdx overflow attempt || arachnids,492 || bugtraq,2540 || cve,2001-0414 313 || EXPLOIT ntalkd x86 Linux overflow || bugtraq,210 314 || DNS EXPLOIT named tsig overflow attempt || bugtraq,2303 || cve,2001-0010 315 || EXPLOIT x86 Linux mountd overflow || bugtraq,121 || cve,1999-0002 316 || EXPLOIT x86 Linux mountd overflow || bugtraq,121 || cve,1999-0002 317 || EXPLOIT x86 Linux mountd overflow || bugtraq,121 || cve,1999-0002 318 || EXPLOIT bootp x86 bsd overfow || bugtraq,324 || cve,1999-0914 319 || EXPLOIT bootp x86 linux overflow || cve,1999-0389 || cve,1999-0798 || cve,1999-0799 320 || FINGER cmd_rootsh backdoor attempt || nessus,10070 || url,www.sans.org/y2k/TFN_toolkit.htm || url,www.sans.org/y2k/fingerd.htm 321 || FINGER account enumeration attempt || nessus,10788 322 || FINGER search query || arachnids,375 || cve,1999-0259 323 || FINGER root query || arachnids,376 324 || FINGER null request || arachnids,377 325 || FINGER probe 0 attempt || arachnids,378 326 || FINGER remote command execution attempt || arachnids,379 || bugtraq,974 || cve,1999-0150 327 || FINGER remote command pipe execution attempt || arachnids,380 || bugtraq,2220 || cve,1999-0152 328 || FINGER bomb attempt || arachnids,381 || cve,1999-0106 329 || FINGER cybercop redirection || arachnids,11 330 || FINGER redirection attempt || arachnids,251 || cve,1999-0105 || nessus,10073 331 || FINGER cybercop query || arachnids,132 || cve,1999-0612 332 || FINGER 0 query || arachnids,131 || arachnids,378 || cve,1999-0197 || nessus,10069 333 || FINGER . query || arachnids,130 || cve,1999-0198 || nessus,10072 334 || FTP .forward || arachnids,319 335 || FTP .rhosts || arachnids,328 336 || FTP CWD ~root attempt || arachnids,318 || cve,1999-0082 337 || FTP CEL overflow attempt || arachnids,257 || bugtraq,679 || cve,1999-0789 || nessus,10009 338 || FTP EXPLOIT format string || arachnids,453 || bugtraq,1387 || cve,2000-0573 339 || FTP EXPLOIT OpenBSD x86 ftpd || arachnids,446 || bugtraq,2124 || cve,2001-0053 340 || FTP EXPLOIT overflow 341 || FTP EXPLOIT overflow 342 || FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Solaris 2.8 || arachnids,451 || bugtraq,1387 || cve,2000-0573 343 || FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow FreeBSD || arachnids,228 || bugtraq,1387 || cve,2000-0573 344 || FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow Linux || arachnids,287 || bugtraq,1387 || cve,2000-0573 345 || FTP EXPLOIT wu-ftpd 2.6.0 site exec format string overflow generic || arachnids,285 || bugtraq,1387 || cve,2000-0573 || nessus,10452 346 || FTP EXPLOIT wu-ftpd 2.6.0 site exec format string check || arachnids,286 || bugtraq,1387 || cve,2000-0573 348 || FTP EXPLOIT wu-ftpd 2.6.0 || arachnids,440 || bugtraq,1387 349 || FTP EXPLOIT MKD overflow || bugtraq,113 || bugtraq,2242 || cve,1999-0368 350 || FTP EXPLOIT x86 linux overflow || bugtraq,113 || bugtraq,2242 || cve,1999-0368 351 || FTP EXPLOIT x86 linux overflow || bugtraq,113 || bugtraq,2242 || cve,1999-0368 352 || FTP EXPLOIT x86 linux overflow || bugtraq, 113 || cve, CVE-1999-0368 353 || FTP adm scan || arachnids,332 354 || FTP iss scan || arachnids,331 355 || FTP pass wh00t || arachnids,324 356 || FTP passwd retrieval attempt || arachnids,213 357 || FTP piss scan 358 || FTP saint scan || arachnids,330 359 || FTP satan scan || arachnids,329 360 || FTP serv-u directory transversal || bugtraq,2052 || cve,2001-0054 361 || FTP SITE EXEC attempt || arachnids,317 || bugtraq,2241 || cve,1999-0080 || cve,1999-0080 || cve,1999-0955 362 || FTP tar parameters || arachnids,134 || bugtraq,2240 || cve,1999-0202 || cve,1999-0997 363 || ICMP IRDP router advertisement || arachnids,173 || bugtraq,578 || cve,1999-0875 364 || ICMP IRDP router selection || arachnids,174 || bugtraq,578 || cve,1999-0875 365 || ICMP PING undefined code 366 || ICMP PING *NIX 368 || ICMP PING BSDtype || arachnids,152 369 || ICMP PING BayRS Router || arachnids,438 || arachnids,444 370 || ICMP PING BeOS4.x || arachnids,151 371 || ICMP PING Cisco Type.x || arachnids,153 372 || ICMP PING Delphi-Piette Windows || arachnids,155 373 || ICMP PING Flowpoint2200 or Network Management Software || arachnids,156 374 || ICMP PING IP NetMonitor Macintosh || arachnids,157 375 || ICMP PING LINUX/*BSD || arachnids,447 376 || ICMP PING Microsoft Windows || arachnids,159 377 || ICMP PING Network Toolbox 3 Windows || arachnids,161 378 || ICMP PING Ping-O-MeterWindows || arachnids,164 379 || ICMP PING Pinger Windows || arachnids,163 380 || ICMP PING Seer Windows || arachnids,166 381 || ICMP PING Sun Solaris || arachnids,448 382 || ICMP PING Windows || arachnids,169 384 || ICMP PING 385 || ICMP traceroute || arachnids,118 386 || ICMP Address Mask Reply 387 || ICMP Address Mask Reply undefined code 388 || ICMP Address Mask Request 389 || ICMP Address Mask Request undefined code 390 || ICMP Alternate Host Address 391 || ICMP Alternate Host Address undefined code 392 || ICMP Datagram Conversion Error 393 || ICMP Datagram Conversion Error undefined code 394 || ICMP Destination Unreachable Destination Host Unknown 395 || ICMP Destination Unreachable Destination Network Unknown 396 || ICMP Destination Unreachable Fragmentation Needed and DF bit was set 397 || ICMP Destination Unreachable Host Precedence Violation 398 || ICMP Destination Unreachable Host Unreachable for Type of Service 399 || ICMP Destination Unreachable Host Unreachable 400 || ICMP Destination Unreachable Network Unreachable for Type of Service 401 || ICMP Destination Unreachable Network Unreachable 402 || ICMP Destination Unreachable Port Unreachable 403 || ICMP Destination Unreachable Precedence Cutoff in effect 404 || ICMP Destination Unreachable Protocol Unreachable 405 || ICMP Destination Unreachable Source Host Isolated 406 || ICMP Destination Unreachable Source Route Failed 407 || ICMP Destination Unreachable cndefined code 408 || ICMP Echo Reply 409 || ICMP Echo Reply undefined code 410 || ICMP Fragment Reassembly Time Exceeded 411 || ICMP IPV6 I-Am-Here 412 || ICMP IPV6 I-Am-Here undefined code 413 || ICMP IPV6 Where-Are-You 414 || ICMP IPV6 Where-Are-You undefined code 415 || ICMP Information Reply 416 || ICMP Information Reply undefined code 417 || ICMP Information Request 418 || ICMP Information Request undefined code 419 || ICMP Mobile Host Redirect 420 || ICMP Mobile Host Redirect undefined code 421 || ICMP Mobile Registration Reply 422 || ICMP Mobile Registration Reply undefined code 423 || ICMP Mobile Registration Request 424 || ICMP Mobile Registration Request undefined code 425 || ICMP Parameter Problem Bad Length 426 || ICMP Parameter Problem Missing a Required Option 427 || ICMP Parameter Problem Unspecified Error 428 || ICMP Parameter Problem undefined Code 429 || ICMP Photuris Reserved 430 || ICMP Photuris Unknown Security Parameters Index 431 || ICMP Photuris Valid Security Parameters, But Authentication Failed 432 || ICMP Photuris Valid Security Parameters, But Decryption Failed 433 || ICMP Photuris undefined code! 436 || ICMP Redirect for TOS and Host 437 || ICMP Redirect for TOS and Network 438 || ICMP Redirect undefined code 439 || ICMP Reserved for Security Type 19 440 || ICMP Reserved for Security Type 19 undefined code 441 || ICMP Router Advertisement || arachnids,173 443 || ICMP Router Selection || arachnids,174 445 || ICMP SKIP 446 || ICMP SKIP undefined code 448 || ICMP Source Quench undefined code 449 || ICMP Time-To-Live Exceeded in Transit 450 || ICMP Time-To-Live Exceeded in Transit undefined code 451 || ICMP Timestamp Reply 452 || ICMP Timestamp Reply undefined code 453 || ICMP Timestamp Request 454 || ICMP Timestamp Request undefined code 455 || ICMP Traceroute ipopts || arachnids,238 456 || ICMP Traceroute 457 || ICMP Traceroute undefined code 458 || ICMP unassigned type 1 459 || ICMP unassigned type 1 undefined code 460 || ICMP unassigned type 2 461 || ICMP unassigned type 2 undefined code 462 || ICMP unassigned type 7 463 || ICMP unassigned type 7 undefined code 465 || ICMP ISS Pinger || arachnids,158 466 || ICMP L3retriever Ping || arachnids,311 467 || ICMP Nemesis v1.1 Echo || arachnids,449 469 || ICMP PING NMAP || arachnids,162 471 || ICMP icmpenum v1.1.1 || arachnids,450 472 || ICMP redirect host || arachnids,135 || cve,1999-0265 473 || ICMP redirect net || arachnids,199 || cve,1999-0265 474 || ICMP superscan echo 475 || ICMP traceroute ipopts || arachnids,238 476 || ICMP webtrends scanner || arachnids,307 477 || ICMP Source Quench 478 || ICMP Broadscan Smurf Scanner 480 || ICMP PING speedera 481 || ICMP TJPingPro1.1Build 2 Windows || arachnids,167 482 || ICMP PING WhatsupGold Windows || arachnids,168 483 || ICMP PING CyberKit 2.2 Windows || arachnids,154 484 || ICMP PING Sniffer Pro/NetXRay network scan 485 || ICMP Destination Unreachable Communication Administratively Prohibited 486 || ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited 487 || ICMP Destination Unreachable Communication with Destination Network is Administratively Prohibited 488 || INFO Connection Closed MSG from Port 80 489 || INFO FTP no password || arachnids,322 490 || INFO battle-mail traffic 491 || INFO FTP Bad login 492 || INFO TELNET Bad Login 493 || INFO psyBNC access 494 || ATTACK-RESPONSES command completed || bugtraq,1806 495 || ATTACK-RESPONSES command error 496 || ATTACK RESPONSES directory listing 497 || ATTACK-RESPONSES file copied ok || bugtraq,1806 || cve,2000-0884 498 || ATTACK-RESPONSES id check returned root 499 || ICMP Large ICMP Packet || arachnids,246 500 || MISC source route lssr || arachnids,418 || bugtraq,646 || cve,1999-0909 501 || MISC source route lssre || arachnids,420 || bugtraq,646 || cve,1999-0909 502 || MISC source route ssrr || arachnids,422 503 || MISC Source Port 20 to <1024 || arachnids,06 504 || MISC source port 53 to <1024 || arachnids,07 505 || MISC Insecure TIMBUKTU Password || arachnids,229 506 || MISC ramen worm incoming || arachnids,460 507 || MISC PCAnywhere Attempted Administrator Login 508 || MISC gopher proxy || arachnids,409 509 || WEB-MISC PCCS mysql database admin tool access || arachnids,300 || bugtraq,1557 || cve,CVE-2000-0707 || nessus,10783 510 || POLICY HP JetDirect LCD modification attempt || arachnids,302 || bugtraq,2245 511 || MISC Invalid PCAnywhere Login 512 || MISC PCAnywhere Failed Login || arachnids,240 513 || MISC Cisco Catalyst Remote Access || arachnids,129 || bugtraq,705 || cve,1999-0430 514 || MISC ramen worm || arachnids,461 516 || MISC SNMP NT UserList || nessus,10546 517 || MISC xdmcp query || arachnids,476 518 || TFTP Put || arachnids,148 || cve,1999-0183 519 || TFTP parent directory || arachnids,137 || cve,1999-0183 || cve,2002-1209 520 || TFTP root directory || arachnids,138 || cve,1999-0183 521 || MISC Large UDP Packet || arachnids,247 522 || MISC Tiny Fragments 523 || BAD-TRAFFIC ip reserved bit set 524 || BAD-TRAFFIC tcp port 0 traffic 525 || BAD-TRAFFIC udp port 0 traffic || bugtraq,576 || cve,1999-0675 || nessus,10074 526 || BAD-TRAFFIC data in TCP SYN packet || url,www.cert.org/incident_notes/IN-99-07.html 527 || BAD-TRAFFIC same SRC/DST || bugtraq,2666 || cve,1999-0016 || url,www.cert.org/advisories/CA-1997-28.html 528 || BAD-TRAFFIC loopback traffic || url,rr.sans.org/firewall/egress.php 529 || NETBIOS DOS RFPoison || arachnids,454 530 || NETBIOS NT NULL session || arachnids,204 || bugtraq,1163 || cve,2000-0347 532 || NETBIOS SMB ADMIN$ share access 533 || NETBIOS SMB C$ share access 534 || NETBIOS SMB CD.. || arachnids,338 535 || NETBIOS SMB CD... || arachnids,337 536 || NETBIOS SMB D$ share access 537 || NETBIOS SMB IPC$ share access 538 || NETBIOS SMB IPC$ share unicode access 539 || NETBIOS Samba clientaccess || arachnids,341 540 || CHAT MSN message 541 || CHAT ICQ access 542 || CHAT IRC nick change 543 || POLICY FTP 'STOR 1MB' possible warez site 544 || POLICY FTP 'RETR 1MB' possible warez site 545 || POLICY FTP 'CWD / ' possible warez site 546 || POLICY FTP 'CWD ' possible warez site 547 || POLICY FTP 'MKD ' possible warez site 548 || POLICY FTP 'MKD .' possible warez site 549 || P2P napster login 550 || P2P napster new user login 551 || P2P napster download attempt 552 || P2P napster upload request 553 || POLICY FTP anonymous login attempt 554 || POLICY FTP 'MKD / ' possible warez site 555 || POLICY WinGate telnet server response || arachnids,366 || cve,1999-0657 556 || P2P Outbound GNUTella client request 557 || P2P GNUTella client request 558 || INFO Outbound GNUTella client request 559 || P2P Inbound GNUTella client request 560 || POLICY VNC server response 561 || P2P Napster Client Data 562 || P2P Napster Client Data 563 || P2P Napster Client Data 564 || P2P Napster Client Data 565 || P2P Napster Server Login 566 || POLICY PCAnywhere server response || arachnids,239 567 || POLICY SMTP relaying denied || arachnids,249 || url,mail-abuse.org/tsi/ar-fix.html 568 || POLICY HP JetDirect LCD modification attempt || arachnids,302 || bugtraq,2245 569 || RPC snmpXdmi overflow attempt TCP || bugtraq,2417 || cve,2001-0236 || url,www.cert.org/advisories/CA-2001-05.html 570 || RPC EXPLOIT ttdbserv solaris overflow || arachnids,242 || bugtraq,122 || cve,1999-0003 || url,www.cert.org/advisories/CA-2001-27.html 571 || RPC EXPLOIT ttdbserv Solaris overflow || arachnids,242 || bugtraq,122 || cve,1999-0003 || url,www.cert.org/advisories/CA-2001-27.html 572 || RPC DOS ttdbserv Solaris || arachnids,241 || bugtraq,122 || cve,1999-0003 573 || RPC AMD Overflow || arachnids,217 || cve,1999-0704 574 || RPC mountd TCP export request || arachnids,26 575 || RPC portmap admind request UDP || arachnids,18 576 || RPC portmap amountd request UDP || arachnids,19 577 || RPC portmap bootparam request UDP || arachnids,16 || cve,1999-0647 578 || RPC portmap cmsd request UDP || arachnids,17 579 || RPC portmap mountd request UDP || arachnids,13 580 || RPC portmap nisd request UDP || arachnids,21 581 || RPC portmap pcnfsd request UDP || arachnids,22 582 || RPC portmap rexd request UDP || arachnids,23 583 || RPC portmap rstatd request UDP || arachnids,10 584 || RPC portmap rusers request UDP || arachnids,133 || cve,1999-0626 585 || RPC portmap sadmind request UDP || arachnids,20 586 || RPC portmap selection_svc request UDP || arachnids,25 587 || RPC portmap status request UDP || arachnids,15 588 || RPC portmap ttdbserv request UDP || arachnids,24 || bugtraq,122 || bugtraq,3382 || cve,1999-0003 || cve,1999-0687 || cve,1999-1075 || cve,2001-0717 || url,www.cert.org/advisories/CA-2001-05.html 589 || RPC portmap yppasswd request UDP || arachnids,14 590 || RPC portmap ypserv request UDP || arachnids,12 || bugtraq,5914 || bugtraq,6016 || cve,2000-1042 || cve,2000-1043 || cve,2002-1232 591 || RPC portmap ypupdated request TCP || arachnids,125 592 || RPC rstatd query || arachnids,9 593 || RPC portmap snmpXdmi request TCP || bugtraq,2417 || cve,2001-0236 || url,www.cert.org/advisories/CA-2001-05.html 595 || RPC portmap espd request TCP || bugtraq,2714 || cve,2001-0331 596 || RPC portmap listing || arachnids,429 597 || RPC portmap listing || arachnids,429 598 || RPC portmap listing TCP 111 || arachnids,428 599 || RPC portmap listing TCP 32771 || arachnids,429 600 || RPC EXPLOIT statdx || arachnids,442 601 || RSERVICES rlogin LinuxNIS 602 || RSERVICES rlogin bin || arachnids,384 603 || RSERVICES rlogin echo++ || arachnids,385 604 || RSERVICES rsh froot || arachnids,387 605 || RSERVICES rlogin login failure || arachnids,393 606 || RSERVICES rlogin root || arachnids,389 607 || RSERVICES rsh bin || arachnids,390 608 || RSERVICES rsh echo + + || arachnids,388 609 || RSERVICES rsh froot || arachnids,387 610 || RSERVICES rsh root || arachnids,391 611 || RSERVICES rlogin login failure || arachnids,392 612 || RPC rusers query UDP || cve,1999-0626 613 || SCAN myscan || arachnids,439 614 || BACKDOOR hack-a-tack attempt || arachnids,314 615 || SCAN SOCKS Proxy attempt || url,help.undernet.org/proxyscan/ 616 || SCAN ident version request || arachnids,303 617 || SCAN ssh-research-scanner 618 || SCAN Squid Proxy attempt 619 || SCAN cybercop os probe || arachnids,146 620 || SCAN Proxy Port 8080 attempt 621 || SCAN FIN || arachnids,27 622 || SCAN ipEye SYN scan || arachnids,236 623 || SCAN NULL || arachnids,4 624 || SCAN SYN FIN || arachnids,198 625 || SCAN XMAS || arachnids,144 626 || SCAN cybercop os PA12 attempt || arachnids,149 627 || SCAN cybercop os SFU12 probe || arachnids,150 628 || SCAN nmap TCP || arachnids,28 629 || SCAN nmap fingerprint attempt || arachnids,05 630 || SCAN synscan portscan || arachnids,441 631 || SMTP ehlo cybercop attempt || arachnids,372 632 || SMTP expn cybercop attempt || arachnids,371 634 || SCAN Amanda client version request 635 || SCAN XTACACS logout || arachnids,408 636 || SCAN cybercop udp bomb || arachnids,363 637 || SCAN Webtrends Scanner UDP Probe || arachnids,308 638 || SHELLCODE SGI NOOP || arachnids,356 639 || SHELLCODE SGI NOOP || arachnids,357 640 || SHELLCODE AIX NOOP 641 || SHELLCODE Digital UNIX NOOP || arachnids,352 642 || SHELLCODE HP-UX NOOP || arachnids,358 643 || SHELLCODE HP-UX NOOP || arachnids,359 644 || SHELLCODE sparc NOOP || arachnids,345 645 || SHELLCODE sparc NOOP || arachnids,353 646 || SHELLCODE sparc NOOP || arachnids,355 647 || SHELLCODE sparc setuid 0 || arachnids,282 648 || SHELLCODE x86 NOOP || arachnids,181 649 || SHELLCODE x86 setgid 0 || arachnids,284 650 || SHELLCODE x86 setuid 0 || arachnids,436 651 || SHELLCODE x86 stealth NOOP || arachnids,291 652 || SHELLCODE Linux shellcode || arachnids,343 653 || SHELLCODE x86 0x90 unicode NOOP 654 || SMTP RCPT TO overflow || bugtraq,2283 || bugtraq,9696 || cve,2001-0260 655 || SMTP sendmail 8.6.9 exploit || arachnids,140 || bugtraq,2311 || cve,1999-0204 656 || SMTP EXPLOIT x86 windows CSMMail overflow || bugtraq,895 || cve,2000-0042 657 || SMTP chameleon overflow || arachnids,266 || bugtraq,2387 || cve,1999-0261 658 || SMTP exchange mime DOS || bugtraq,1869 || cve,2000-1006 || nessus,10558 659 || SMTP expn decode || arachnids,32 || cve,1999-0096 || nessus,10248 660 || SMTP expn root || arachnids,31 || cve,1999-0531 || nessus,10249 661 || SMTP majordomo ifs || arachnids,143 || cve,1999-0208 662 || SMTP sendmail 5.5.5 exploit || arachnids,119 || cve,1999-0203 || nessus,10258 663 || SMTP rcpt to command attempt || arachnids,172 || bugtraq,1 || cve,1999-0095 664 || SMTP RCPT TO decode attempt || arachnids,121 || bugtraq,2308 || cve,1999-0203 665 || SMTP sendmail 5.6.5 exploit || arachnids,122 || bugtraq,2308 || cve,1999-0203 666 || SMTP sendmail 8.4.1 exploit || arachnids,120 667 || SMTP sendmail 8.6.10 exploit || arachnids,123 || bugtraq,2311 || cve,1999-0204 668 || SMTP sendmail 8.6.10 exploit || arachnids,124 669 || SMTP sendmail 8.6.9 exploit || arachnids,142 || bugtraq,2311 || cve,1999-0204 670 || SMTP sendmail 8.6.9 exploit || arachnids,139 || bugtraq,2311 || cve,1999-0204 671 || SMTP sendmail 8.6.9c exploit || arachnids,141 || bugtraq,2311 || cve,1999-0204 672 || SMTP vrfy decode || arachnids,373 || bugtraq,10248 || cve,1999-0096 673 || MS-SQL sp_start_job - program execution 674 || MS-SQL xp_displayparamstmt possible buffer overflow || bugtraq,2030 || cve,2000-1081 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 675 || MS-SQL xp_setsqlsecurity possible buffer overflow || bugtraq,2043 || cve,2000-1088 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 676 || MS-SQL/SMB sp_start_job - program execution 677 || MS-SQL/SMB sp_password password change 678 || MS-SQL/SMB sp_delete_alert log file deletion 679 || MS-SQL/SMB sp_adduser database user creation 680 || MS-SQL/SMB sa login failed || bugtraq,4797 || cve,2000-1209 681 || MS-SQL/SMB xp_cmdshell program execution 682 || MS-SQL xp_enumresultset possible buffer overflow || bugtraq,2031 || cve,2000-1082 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 683 || MS-SQL sp_password - password change 684 || MS-SQL sp_delete_alert log file deletion 685 || MS-SQL sp_adduser - database user creation 686 || MS-SQL xp_reg* - registry access || bugtraq,5205 || cve,2002-0642 || nessus,10642 687 || MS-SQL xp_cmdshell - program execution 688 || MS-SQL sa login failed || bugtraq,4797 || cve,CAN-2000-1209 || nessus,10673 689 || MS-SQL/SMB xp_reg* registry access || bugtraq,5205 || cve,2002-0642 || nessus,10642 690 || MS-SQL/SMB xp_printstatements possible buffer overflow || bugtraq,2041 || cve,2000-1086 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 691 || MS-SQL shellcode attempt 692 || MS-SQL/SMB shellcode attempt 693 || MS-SQL shellcode attempt 694 || MS-SQL/SMB shellcode attempt 695 || MS-SQL/SMB xp_sprintf possible buffer overflow || bugtraq,1204 || url,www.microsoft.com/technet/security/bulletin/MS01-060.mspx 696 || MS-SQL/SMB xp_showcolv possible buffer overflow || bugtraq,2038 || cve,2000-1083 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 697 || MS-SQL/SMB xp_peekqueue possible buffer overflow || bugtraq,2040 || cve,2000-1085 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 698 || MS-SQL/SMB xp_proxiedmetadata possible buffer overflow || bugtraq,2042 || cve,2000-1087 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 699 || MS-SQL xp_printstatements possible buffer overflow || bugtraq,2041 || cve,2000-1086 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 700 || MS-SQL/SMB xp_updatecolvbm possible buffer overflow || bugtraq,2039 || cve,2000-1084 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 701 || MS-SQL xp_updatecolvbm possible buffer overflow || bugtraq,2039 || cve,2000-1084 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 702 || MS-SQL/SMB xp_displayparamstmt possible buffer overflow || bugtraq,2030 || cve,2000-1081 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 703 || MS-SQL/SMB xp_setsqlsecurity possible buffer overflow || bugtraq,2043 || cve,CAN-2000-1088 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 704 || MS-SQL xp_sprintf possible buffer overflow || bugtraq,1204 || cve,CAN-2001-0542 || url,www.microsoft.com/technet/security/bulletin/MS01-060.mspx 705 || MS-SQL xp_showcolv possible buffer overflow || bugtraq,2038 || cve,2000-1083 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 706 || MS-SQL xp_peekqueue possible buffer overflow || bugtraq,2040 || cve,2000-1085 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 707 || MS-SQL xp_proxiedmetadata possible buffer overflow || bugtraq,2024 || cve,1999-0287 || cve,2000-1087 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 708 || MS-SQL/SMB xp_enumresultset possible buffer overflow || bugtraq,2031 || cve,2000-1082 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx 709 || TELNET 4Dgifts SGI account attempt || cve,1999-0501 || nessus,11243 710 || TELNET EZsetup account attempt || cve,1999-0501 || nessus,11244 711 || TELNET SGI telnetd format bug || arachnids,304 || bugtraq,1572 || cve,2000-0733 712 || TELNET ld_library_path || arachnids,367 || bugtraq,459 || cve,1999-0073 713 || TELNET livingston DOS || arachnids,370 || bugtraq,2225 || cve,1999-0218 714 || TELNET resolv_host_conf || arachnids,369 || bugtraq,2181 || cve,2001-0170 715 || TELNET Attempted SU from wrong group 716 || TELNET access || arachnids,08 || cve,1999-0619 || nessus,10280 717 || TELNET not on console || arachnids,365 718 || TELNET login incorrect || arachnids,127 719 || TELNET root login 720 || Virus - SnowWhite Trojan Incoming 721 || VIRUS OUTBOUND bad file attachment 722 || Virus - Possible NAVIDAD Worm 723 || Virus - Possible MyRomeo Worm 724 || Virus - Possible MyRomeo Worm 725 || Virus - Possible MyRomeo Worm 726 || Virus - Possible MyRomeo Worm 727 || Virus - Possible MyRomeo Worm 728 || Virus - Possible MyRomeo Worm 729 || VIRUS OUTBOUND .scr file attachment 730 || VIRUS OUTBOUND .shs file attachment 731 || Virus - Possible QAZ Worm || MCAFEE,98775 732 || Virus - Possible QAZ Worm Infection || MCAFEE,98775 733 || Virus - Possible QAZ Worm Calling Home || MCAFEE,98775 734 || Virus - Possible Matrix worm 735 || Virus - Possible MyRomeo Worm 736 || Virus - Successful eurocalculator execution 737 || Virus - Possible eurocalculator.exe file 738 || Virus - Possible Pikachu Pokemon Virus || MCAFEE,98696 739 || Virus - Possible Triplesix Worm || MCAFEE,10389 740 || Virus - Possible Tune.vbs || MCAFEE,10497 741 || Virus - Possible NAIL Worm || MCAFEE,10109 742 || Virus - Possible NAIL Worm || MCAFEE,10109 743 || Virus - Possible NAIL Worm || MCAFEE,10109 744 || Virus - Possible NAIL Worm || MCAFEE,10109 745 || Virus - Possible Papa Worm || MCAFEE,10145 746 || Virus - Possible Freelink Worm || MCAFEE,10225 747 || Virus - Possible Simbiosis Worm 748 || Virus - Possible BADASS Worm || MCAFEE,10388 749 || Virus - Possible ExploreZip.B Worm || MCAFEE,10471 751 || Virus - Possible wscript.KakWorm || MCAFEE,10509 752 || Virus Possible Suppl Worm || MCAFEE,10361 753 || Virus - Possible NewApt.Worm - theobbq.exe || MCAFEE,10540 754 || Virus - Possible Word Macro - VALE || MCAFEE,10502 755 || Virus - Possible IROK Worm || MCAFEE,98552 756 || Virus - Possible Fix2001 Worm || MCAFEE,10355 757 || Virus - Possible Y2K Zelu Trojan || MCAFEE,10505 758 || Virus - Possible The_Fly Trojan || MCAFEE,10478 759 || Virus - Possible Word Macro - VALE || MCAFEE,10502 760 || Virus - Possible Passion Worm || MCAFEE,10467 761 || Virus - Possible NewApt.Worm - cooler3.exe || MCAFEE,10540 762 || Virus - Possible NewApt.Worm - party.exe || MCAFEE,10540 763 || Virus - Possible NewApt.Worm - hog.exe || MCAFEE,10540 764 || Virus - Possible NewApt.Worm - goal1.exe || MCAFEE,10540 765 || Virus - Possible NewApt.Worm - pirate.exe || MCAFEE,10540 766 || Virus - Possible NewApt.Worm - video.exe || MCAFEE,10540 767 || Virus - Possible NewApt.Worm - baby.exe || MCAFEE,10540 768 || Virus - Possible NewApt.Worm - cooler1.exe || MCAFEE,10540 769 || Virus - Possible NewApt.Worm - boss.exe || MCAFEE,10540 770 || Virus - Possible NewApt.Worm - g-zilla.exe || MCAFEE,10540 771 || Virus - Possible ToadieE-mail Trojan || MCAFEE,10540 772 || Virus - Possible PrettyPark Trojan || MCAFEE,10175 773 || Virus - Possible Happy99 Virus || MCAFEE,10144 774 || Virus - Possible CheckThis Trojan 775 || Virus - Possible Bubbleboy Worm || MCAFEE,10418 776 || Virus - Possible NewApt.Worm - copier.exe || MCAFEE,10540 777 || Virus - Possible MyPics Worm || MCAFEE,10467 778 || Virus - Possible Babylonia - X-MAS.exe || MCAFEE,10461 779 || Virus - Possible NewApt.Worm - gadget.exe || MCAFEE,10540 780 || Virus - Possible NewApt.Worm - irnglant.exe || MCAFEE,10540 781 || Virus - Possible NewApt.Worm - casper.exe || MCAFEE,10540 782 || Virus - Possible NewApt.Worm - fborfw.exe || MCAFEE,10540 783 || Virus - Possible NewApt.Worm - saddam.exe || MCAFEE,10540 784 || Virus - Possible NewApt.Worm - bboy.exe || MCAFEE,10540 785 || Virus - Possible NewApt.Worm - monica.exe || MCAFEE,10540 786 || Virus - Possible NewApt.Worm - goal.exe || MCAFEE,10540 787 || Virus - Possible NewApt.Worm - panther.exe || MCAFEE,10540 788 || Virus - Possible NewApt.Worm - chestburst.exe || MCAFEE,10540 789 || Virus - Possible NewApt.Worm - farter.exe || MCAFEE,1054 790 || Virus - Possible Common Sense Worm 791 || Virus - Possible NewApt.Worm - cupid2.exe || MCAFEE,10540 792 || Virus - Possible Resume Worm || MCAFEE,98661 793 || VIRUS OUTBOUND .vbs file attachment 794 || Virus - Possible Resume Worm || MCAFEE,98661 795 || Virus - Possible Worm - txt.vbs file 796 || Virus - Possible Worm - xls.vbs file 797 || Virus - Possible Worm - jpg.vbs file 798 || Virus - Possible Worm - gif.vbs file 799 || Virus - Possible Timofonica Worm || MCAFEE,98674 800 || Virus - Possible Resume Worm || MCAFEE,98661 801 || Virus - Possible Worm - doc.vbs file 802 || Virus - Possbile Zipped Files Trojan || MCAFEE,10450 803 || WEB-CGI HyperSeek hsx.cgi directory traversal attempt || bugtraq,2314 || cve,2001-0253 || nessus,10602 804 || WEB-CGI SWSoft ASPSeek Overflow attempt || bugtraq,2492 || cve,2001-0476 805 || WEB-CGI webspeed access || arachnids,467 || bugtraq,969 || cve,2000-0127 || nessus,10304 806 || WEB-CGI yabb directory traversal attempt || arachnids,462 || bugtraq,1668 || cve,2000-0853 807 || WEB-CGI /wwwboard/passwd.txt access || arachnids,463 || bugtraq,649 || cve,1999-0953 || cve,1999-0954 || nessus,10321 808 || WEB-CGI webdriver access || arachnids,473 || bugtraq,2166 || nessus,10592 809 || WEB-CGI whois_raw.cgi arbitrary command execution attempt || arachnids,466 || bugtraq,304 || cve,1999-1063 || nessus,10306 810 || WEB-CGI whois_raw.cgi access || arachnids,466 || bugtraq,304 || cve,1999-1063 || nessus,10306 811 || WEB-CGI websitepro path access || arachnids,468 || bugtraq,932 || cve,2000-0066 812 || WEB-CGI webplus version access || arachnids,470 || bugtraq,1102 || cve,2000-0282 813 || WEB-CGI webplus directory traversal || arachnids,471 || bugtraq,1102 || cve,2000-0282 815 || WEB-CGI websendmail access || arachnids,469 || bugtraq,2077 || cve,1999-0196 || nessus,10301 817 || WEB-CGI dcboard.cgi invalid user addition attempt || bugtraq,2728 || cve,2001-0527 || nessus,10583 818 || WEB-CGI dcforum.cgi access || bugtraq,2728 || cve,2001-0527 || nessus,10583 819 || WEB-CGI mmstdod.cgi access || bugtraq,2063 || cve,2001-0021 || nessus,10566 820 || WEB-CGI anaconda directory transversal attempt || bugtraq,2338 || bugtraq,2388 || cve,2000-0975 || cve,2001-0308 821 || WEB-CGI imagemap.exe overflow attempt || arachnids,412 || bugtraq,739 || cve,1999-0951 || nessus,10122 823 || WEB-CGI cvsweb.cgi access || bugtraq,1469 || cve,2000-0670 || nessus,10465 824 || WEB-CGI php.cgi access || arachnids,232 || bugtraq,2250 || bugtraq,712 || cve,1999-0238 || cve,1999-058 || nessus,10178 825 || WEB-CGI glimpse access || bugtraq,2026 || cve,1999-0147 || nessus,10095 826 || WEB-CGI htmlscript access || bugtraq,2001 || cve,1999-0264 || nessus,10106 827 || WEB-CGI info2www access || bugtraq,1995 || cve,1999-0266 || nessus,10127 828 || WEB-CGI maillist.pl access 829 || WEB-CGI nph-test-cgi access || arachnids,224 || bugtraq,686 || cve,1999-0045 || nessus,10165 830 || WEB-CGI NPH-publish access || cve,1999-1177 || nessus,10164 832 || WEB-CGI perl.exe access || arachnids,219 || cve,1999-0509 || nessus,10173 || url,www.cert.org/advisories/CA-1996-11.html 833 || WEB-CGI rguest.exe access || bugtraq,2024 || cve,1999-0287 || cve,1999-0467 834 || WEB-CGI rwwwshell.pl access || url,www.itsecurity.com/papers/p37.htm 835 || WEB-CGI test-cgi access || arachnids,218 || bugtraq,2003 || cve,1999-0070 || nessus,10282 836 || WEB-CGI textcounter.pl access || bugtraq,2265 || cve,1999-1479 || nessus,11451 837 || WEB-CGI uploader.exe access || cve,1999-0177 || nessus,10291 838 || WEB-CGI webgais access || arachnids,472 || bugtraq,2058 || cve,1999-0176 || nessus,10300 839 || WEB-CGI finger access || arachnids,221 || cve,1999-0612 || nessus,10071 840 || WEB-CGI perlshop.cgi access || cve,1999-1374 841 || WEB-CGI pfdisplay.cgi access || bugtraq,64 || cve,1999-0270 || nessus,10174 842 || WEB-CGI aglimpse access || bugtraq,2026 || cve,1999-0147 || nessus,10095 843 || WEB-CGI anform2 access || arachnids,225 || bugtraq,719 || cve,1999-0066 844 || WEB-CGI args.bat access || cve,1999-1180 || nessus,11465 845 || WEB-CGI AT-admin.cgi access || cve,1999-1072 846 || WEB-CGI bnbform.cgi access || bugtraq,2147 || cve,1999-0937 847 || WEB-CGI campas access || bugtraq,1975 || cve,1999-0146 || nessus,10035 || nessus,10035 848 || WEB-CGI view-source directory traversal || bugtraq,2251 || bugtraq,8883 || cve,1999-0174 849 || WEB-CGI view-source access || bugtraq,2251 || bugtraq,8883 || cve,1999-0174 850 || WEB-CGI wais.pl access 851 || WEB-CGI files.pl access || cve,1999-1081 852 || WEB-CGI wguest.exe access || bugtraq,2024 || cve,1999-0287 || cve,1999-0467 853 || WEB-CGI wrap access || arachnids,234 || bugtraq,373 || cve,1999-0149 || nessus,10317 854 || WEB-CGI classifieds.cgi access || bugtraq,2020 || cve,1999-0934 855 || WEB-CGI edit.pl access || bugtraq,2713 856 || WEB-CGI environ.cgi access 857 || WEB-CGI faxsurvey access || bugtraq,2056 || cve,1999-0262 || nessus,10067 858 || WEB-CGI filemail access || cve,1999-1154 859 || WEB-CGI man.sh access || bugtraq,2276 || cve,1999-1179 860 || WEB-CGI snork.bat access || arachnids,220 || bugtraq,1053 || cve,2000-0169 861 || WEB-CGI w3-msql access || arachnids,210 || bugtraq,591 || bugtraq,898 || cve,1999-0276 || cve,1999-0753 || cve,2000-0012 || nessus,10296 862 || WEB-CGI csh access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html 863 || WEB-CGI day5datacopier.cgi access || cve,1999-1232 864 || WEB-CGI day5datanotifier.cgi access || cve,1999-1232 865 || WEB-CGI ksh access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html 866 || WEB-CGI post-query access || bugtraq,6752 || cve,2001-0291 867 || WEB-CGI visadmin.exe access || bugtraq,1808 || cve,1999-0970 || cve,1999-1970 || nessus,10295 868 || WEB-CGI rsh access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html 869 || WEB-CGI dumpenv.pl access || cve,1999-1178 || nessus,10060 870 || WEB-CGI snorkerz.cmd access 871 || WEB-CGI survey.cgi access || bugtraq,1817 || cve,1999-0936 872 || WEB-CGI tcsh access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html 873 || WEB-CGI scriptalias access || arachnids,227 || bugtraq,2300 || cve,1999-0236 874 || WEB-CGI w3-msql solaris x86 access || arachnids,211 || cve,1999-0276 875 || WEB-CGI win-c-sample.exe access || arachnids,231 || bugtraq,2078 || cve,1999-0178 || nessus,10008 877 || WEB-CGI rksh access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html 878 || WEB-CGI w3tvars.pm access 879 || WEB-CGI admin.pl access || bugtraq,3839 || url,online.securityfocus.com/archive/1/249355 880 || WEB-CGI LWGate access || url,www.netspace.org/~dwb/lwgate/lwgate-history.html || url,www.wiretrip.net/rfp/p/doc.asp/i2/d6.htm 881 || WEB-CGI archie access 882 || WEB-CGI calendar access 883 || WEB-CGI flexform access || url,www.wiretrip.net/rfp/p/doc.asp/i2/d6.htm 884 || WEB-CGI formmail access || arachnids,226 || bugtraq,1187 || bugtraq,2079 || cve,1999-0172 || cve,2000-0411 || nessus,10076 || nessus,10782 885 || WEB-CGI bash access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html 886 || WEB-CGI phf access || arachnids,128 || bugtraq,629 || cve,1999-0067 887 || WEB-CGI www-sql access || url,marc.theaimsgroup.com/?l=bugtraq&m=88704258804054&w=2 888 || WEB-CGI wwwadmin.pl access 889 || WEB-CGI ppdscgi.exe access || bugtraq,491 || nessus,10187 || nessus,10187 || url,online.securityfocus.com/archive/1/16878 890 || WEB-CGI sendform.cgi access || bugtraq,5286 || cve,2002-0710 || url,www.scn.org/help/sendform.txt 891 || WEB-CGI upload.pl access 892 || WEB-CGI AnyForm2 access || bugtraq,719 || cve,1999-0066 || nessus,10277 893 || WEB-CGI MachineInfo access || cve,1999-1067 894 || WEB-CGI bb-hist.sh access || bugtraq,142 || cve,1999-1462 || nessus,10025 895 || WEB-CGI redirect access || bugtraq,1179 || cve,2000-0382 896 || WEB-CGI way-board access || bugtraq,2370 || cve,2001-0214 || nessus,10610 897 || WEB-CGI pals-cgi access || bugtraq,2372 || cve,2001-0216 || cve,2001-0217 || nessus,10611 898 || WEB-CGI commerce.cgi access || bugtraq,2361 || cve,2001-0210 || nessus,10612 899 || WEB-CGI Amaya templates sendtemp.pl directory traversal attempt || bugtraq,2504 || cve,2001-0272 900 || WEB-CGI webspirs.cgi directory traversal attempt || bugtraq,2362 || cve,2001-0211 || nessus,10616 901 || WEB-CGI webspirs.cgi access || bugtraq,2362 || cve,2001-0211 || nessus,10616 902 || WEB-CGI tstisapi.dll access || bugtraq,2381 || cve,2001-0302 903 || WEB-COLDFUSION cfcache.map access || bugtraq,917 || cve,2000-0057 904 || WEB-COLDFUSION exampleapp application.cfm || bugtraq,1021 || cve,2000-0189 905 || WEB-COLDFUSION application.cfm access || bugtraq,1021 || cve,2000-0189 906 || WEB-COLDFUSION getfile.cfm access || bugtraq,229 || cve,1999-0800 907 || WEB-COLDFUSION addcontent.cfm access 908 || WEB-COLDFUSION administrator access || bugtraq,1314 || cve,2000-0538 909 || WEB-COLDFUSION datasource username attempt || bugtraq,550 910 || WEB-COLDFUSION fileexists.cfm access || bugtraq,550 911 || WEB-COLDFUSION exprcalc access || bugtraq,115 || bugtraq,550 || cve,1999-0455 912 || WEB-COLDFUSION parks access || bugtraq,550 913 || WEB-COLDFUSION cfappman access || bugtraq,550 914 || WEB-COLDFUSION beaninfo access || bugtraq,550 915 || WEB-COLDFUSION evaluate.cfm access || bugtraq,550 916 || WEB-COLDFUSION getodbcdsn access || bugtraq,550 917 || WEB-COLDFUSION db connections flush attempt || bugtraq,550 918 || WEB-COLDFUSION expeval access || bugtraq,550 || cve,1999-0477 919 || WEB-COLDFUSION datasource passwordattempt || bugtraq,550 920 || WEB-COLDFUSION datasource attempt || bugtraq,550 921 || WEB-COLDFUSION admin encrypt attempt || bugtraq,550 922 || WEB-COLDFUSION displayfile access || bugtraq,550 923 || WEB-COLDFUSION getodbcin attempt || bugtraq,550 924 || WEB-COLDFUSION admin decrypt attempt || bugtraq,550 925 || WEB-COLDFUSION mainframeset access || bugtraq,550 926 || WEB-COLDFUSION set odbc ini attempt || bugtraq,550 927 || WEB-COLDFUSION settings refresh attempt || bugtraq,550 928 || WEB-COLDFUSION exampleapp access 929 || WEB-COLDFUSION CFUSION_VERIFYMAIL access || bugtraq,550 930 || WEB-COLDFUSION snippets attempt || bugtraq,550 931 || WEB-COLDFUSION cfmlsyntaxcheck.cfm access || bugtraq,550 932 || WEB-COLDFUSION application.cfm access || arachnids,268 || bugtraq,550 || cve,2000-0189 933 || WEB-COLDFUSION onrequestend.cfm access || arachnids,269 || bugtraq,550 || cve,2000-0189 935 || WEB-COLDFUSION startstop DOS access || bugtraq,247 936 || WEB-COLDFUSION gettempdirectory.cfm access || bugtraq,550 937 || WEB-FRONTPAGE _vti_rpc access || bugtraq,2144 || cve,2001-0096 || nessus,10585 939 || WEB-FRONTPAGE posting || bugtraq,2144 || cve,2001-0096 || nessus,10585 940 || WEB-FRONTPAGE shtml.dll access || arachnids,292 || bugtraq,1594 || bugtraq,1595 || cve,CAN-2000-0746 || cve,CAN-2000-0746 || nessus,11395 || url,www.microsoft.com/technet/security/bulletin/ms00-060.mspx 941 || WEB-FRONTPAGE contents.htm access 942 || WEB-FRONTPAGE orders.htm access 943 || WEB-FRONTPAGE fpsrvadm.exe access 944 || WEB-FRONTPAGE fpremadm.exe access 945 || WEB-FRONTPAGE fpadmin.htm access 946 || WEB-FRONTPAGE fpadmcgi.exe access 947 || WEB-FRONTPAGE orders.txt access 948 || WEB-FRONTPAGE form_results access 949 || WEB-FRONTPAGE registrations.htm access 950 || WEB-FRONTPAGE cfgwiz.exe access 951 || WEB-FRONTPAGE authors.pwd access || bugtraq,989 || cve,1999-0386 || nessus,10078 952 || WEB-FRONTPAGE author.exe access 953 || WEB-FRONTPAGE administrators.pwd access || bugtraq,1205 954 || WEB-FRONTPAGE form_results.htm access 955 || WEB-FRONTPAGE access.cnf access || bugtraq,4078 || nessus,10575 956 || WEB-FRONTPAGE register.txt access 957 || WEB-FRONTPAGE registrations.txt access 958 || WEB-FRONTPAGE service.cnf access || bugtraq,4078 || nessus,10575 959 || WEB-FRONTPAGE service.pwd || bugtraq,1205 960 || WEB-FRONTPAGE service.stp access 961 || WEB-FRONTPAGE services.cnf access || bugtraq,4078 || nessus,10575 962 || WEB-FRONTPAGE shtml.exe access || bugtraq,1174 || bugtraq,1608 || bugtraq,5804 || cve,2000-0413 || cve,2000-0709 || cve,CVE-2002-0692 || nessus,10405 || nessus,11311 963 || WEB-FRONTPAGE svcacl.cnf access || bugtraq,4078 || nessus,10575 964 || WEB-FRONTPAGE users.pwd access 965 || WEB-FRONTPAGE writeto.cnf access || bugtraq,4078 || nessus,10575 966 || WEB-FRONTPAGE .... request || arachnids,248 || bugtraq,989 || cve,1999-0386 || cve,2000-0153 || nessus,10142 967 || WEB-FRONTPAGE dvwssr.dll access || arachnids,271 || bugtraq,1108 || bugtraq,1109 || cve,2000-0260 || url,www.microsoft.com/technet/security/bulletin/ms00-025.mspx 968 || WEB-FRONTPAGE register.htm access 969 || WEB-IIS WebDAV file lock attempt || bugtraq,2736 970 || WEB-IIS multiple decode attempt || bugtraq,2708 || cve,2001-0333 || nessus,10671 971 || WEB-IIS ISAPI .printer access || arachnids,533 || bugtraq,2674 || cve,2001-0241 || nessus,10661 972 || WEB-IIS %2E-asp access || bugtraq,1814 || cve,1999-0253 973 || WEB-IIS *.idc attempt || bugtraq,1448 || cve,1999-0874 || cve,2000-0661 974 || WEB-IIS Directory transversal attempt || bugtraq,2218 || cve,1999-0229 975 || WEB-IIS Alternate Data streams ASP file access attempt || bugtraq,149 || cve,1999-0278 || nessus,10362 || url,support.microsoft.com/default.aspx?scid=kb\ 976 || WEB-IIS .bat? access || bugtraq,2023 || cve,1999-0233 || url,support.microsoft.com/support/kb/articles/Q148/1/88.asp || url,support.microsoft.com/support/kb/articles/Q155/0/56.asp 977 || WEB-IIS .cnf access || bugtraq,4078 || nessus,10575 978 || WEB-IIS ASP contents view || bugtraq,1084 || cve,2000-0302 || nessus,10356 979 || WEB-IIS ASP contents view || bugtraq,1861 || cve,2000-0942 980 || WEB-IIS CGImail.exe access || bugtraq,1623 || cve,2000-0726 981 || WEB-IIS unicode directory traversal attempt || bugtraq,1806 || cve,2000-0884 || nessus,10537 982 || WEB-IIS unicode directory traversal attempt || bugtraq,1806 || cve,2000-0884 || nessus,10537 983 || WEB-IIS unicode directory traversal attempt || bugtraq,1806 || cve,2000-0884 || nessus,10537 984 || WEB-IIS JET VBA access || bugtraq,307 || cve,1999-0874 || nessus,10116 985 || WEB-IIS JET VBA access || bugtraq,286 || cve,1999-0874 986 || WEB-IIS MSProxy access 987 || WEB-IIS .htr access || bugtraq,1488 || cve,2000-0630 || nessus,10680 988 || WEB-IIS SAM Attempt || url,www.ciac.org/ciac/bulletins/h-45.shtml 989 || BACKDOOR sensepost.exe command shell attempt || nessus,11003 990 || WEB-FRONTPAGE _vti_inf.html access || nessus,11455 991 || WEB-IIS achg.htr access || bugtraq,2110 || cve,1999-0407 992 || WEB-IIS adctest.asp access 993 || WEB-IIS iisadmin access || nessus,11032 994 || WEB-IIS /scripts/iisadmin/default.htm access 995 || WEB-IIS ism.dll access || bugtraq,189 || cve,1999-1538 || cve,2000-0630 996 || WEB-IIS anot.htr access || bugtraq,2110 || cve,1999-0407 997 || WEB-IIS asp-dot attempt || bugtraq,1814 || nessus,10363 998 || WEB-IIS asp-srch attempt 999 || WEB-IIS bdir access 1000 || WEB-IIS bdir.htr access || bugtraq,2280 || nessus,10577 1001 || WEB-MISC carbo.dll access || bugtraq,2126 || cve,1999-1069 1002 || WEB-IIS cmd.exe access 1003 || WEB-IIS cmd? access 1004 || WEB-IIS codebrowser Exair access || cve,1999-0499 || cve,1999-0815 1005 || WEB-IIS codebrowser SDK access || bugtraq,167 || cve,1999-0736 1007 || WEB-IIS cross-site scripting attempt || nessus,10572 1008 || WEB-IIS del attempt 1009 || WEB-IIS directory listing || nessus,10573 1010 || WEB-IIS encoding access || arachnids,200 1011 || WEB-IIS exec-src access 1012 || WEB-IIS fpcount attempt || bugtraq,2252 || cve,1999-1376 1013 || WEB-IIS fpcount access || bugtraq,2252 || cve,1999-1376 1015 || WEB-IIS getdrvs.exe access 1016 || WEB-IIS global.asa access || cve,2000-0778 || nessus,10491 || nessus,10991 1017 || WEB-IIS idc-srch attempt || cve,1999-0874 1018 || WEB-IIS iisadmpwd attempt || bugtraq,1191 || bugtraq,2110 || cve,2000-0304 1019 || WEB-IIS index server file source code attempt || bugtraq,1084 || nessus,10356 1020 || WEB-IIS isc$data attempt || bugtraq,307 || cve,1999-0874 || nessus,10116 1021 || WEB-IIS ism.dll attempt || bugtraq,1193 || cve,2000-0457 || nessus,10680 1022 || WEB-IIS jet vba access || bugtraq,286 || cve,1999-0874 1023 || WEB-IIS msadcs.dll access || bugtraq,529 || cve,1999-1011 || nessus,10357 1024 || WEB-IIS newdsn.exe access || bugtraq,1818 || cve,1999-0191 || nessus,10360 1025 || WEB-IIS perl access 1026 || WEB-IIS perl-browse newline attempt || bugtraq,6833 1027 || WEB-IIS perl-browse space attempt || bugtraq,6833 1028 || WEB-IIS query.asp access || bugtraq,193 || cve,1999-0449 1029 || WEB-IIS scripts-browse access || nessus,11032 1030 || WEB-IIS search97.vts access || bugtraq,162 1031 || WEB-IIS /SiteServer/Publishing/viewcode.asp access || nessus,10576 1032 || WEB-IIS showcode access || nessus,10576 1033 || WEB-IIS showcode access || nessus,10576 1034 || WEB-IIS showcode access || nessus,10576 1035 || WEB-IIS showcode access || nessus,10576 1036 || WEB-IIS showcode access || nessus,10576 1037 || WEB-IIS showcode.asp access || bugtraq,167 || cve,1999-0736 || nessus,10007 1038 || WEB-IIS site server config access || bugtraq,256 || cve,1999-1520 1039 || WEB-IIS srch.htm access 1040 || WEB-IIS srchadm access || nessus,11032 1041 || WEB-IIS uploadn.asp access 1042 || WEB-IIS view source via translate header || arachnids,305 || bugtraq,1578 1043 || WEB-IIS viewcode.asp access || nessus,10576 1044 || WEB-IIS webhits access || arachnids,237 1045 || WEB-IIS Unauthorized IP Access Attempt 1046 || WEB-IIS site/iisamples access 1047 || WEB-MISC Netscape Enterprise DOS || bugtraq,2294 || cve,2001-0251 1048 || WEB-MISC Netscape Enterprise directory listing attempt || bugtraq,2285 || cve,2001-0250 1049 || WEB-MISC iPlanet ../../ DOS attempt || bugtraq,2282 || cve,2001-0252 1050 || WEB-MISC iPlanet GETPROPERTIES attempt || bugtraq,2732 || cve,2001-0746 1051 || WEB-CGI technote main.cgi file directory traversal attempt || bugtraq,2156 || cve,2001-0075 1052 || WEB-CGI technote print.cgi directory traversal attempt || bugtraq,2156 || cve,2001-0075 1053 || WEB-CGI ads.cgi command execution attempt || bugtraq,2103 || cve,2001-0025 1054 || WEB-MISC weblogic/tomcat .jsp view source attempt || bugtraq,2527 1055 || WEB-MISC Tomcat directory traversal attempt || bugtraq,2518 1056 || WEB-MISC Tomcat view source attempt || bugtraq,2527 1057 || WEB-MISC ftp attempt 1058 || WEB-MISC xp_enumdsn attempt 1059 || WEB-MISC xp_filelist attempt 1060 || WEB-MISC xp_availablemedia attempt 1061 || WEB-MISC xp_cmdshell attempt 1062 || WEB-MISC nc.exe attempt 1064 || WEB-MISC wsh attempt 1065 || WEB-MISC rcmd attempt 1066 || WEB-MISC telnet attempt 1067 || WEB-MISC net attempt 1068 || WEB-MISC tftp attempt 1069 || WEB-MISC xp_regread attempt 1070 || WEB-MISC WebDAV search access || arachnids,474 1071 || WEB-MISC .htpasswd access 1072 || WEB-MISC Lotus Domino directory traversal || bugtraq,2173 || cve,2001-0009 || nessus,12248 1073 || WEB-MISC webhits.exe access 1075 || WEB-IIS postinfo.asp access || bugtraq,1811 || cve,1999-0360 1076 || WEB-IIS repost.asp access || nessus,10372 1077 || WEB-MISC queryhit.htm access || nessus,10370 1078 || WEB-MISC counter.exe access || bugtraq,267 || cve,1999-1030 1079 || WEB-MISC WebDAV propfind access || bugtraq,1656 || cve,2000-0869 1080 || WEB-MISC unify eWave ServletExec upload || bugtraq,1868 || bugtraq,1876 || cve,2000-1024 || cve,2000-1025 || nessus,10570 1081 || WEB-MISC Netscape Servers suite DOS || bugtraq,1868 || cve,2000-1025 1082 || WEB-MISC amazon 1-click cookie theft || bugtraq,1194 || cve,2000-0439 1083 || WEB-MISC unify eWave ServletExec DOS || bugtraq,1868 1084 || WEB-MISC Allaire JRUN DOS attempt || bugtraq,2337 1085 || WEB-PHP strings overflow || arachnids,431 || bugtraq,802 1086 || WEB-PHP strings overflow || arachnids,430 || bugtraq,1786 || cve,2000-0967 1087 || WEB-MISC whisker tab splice attack || arachnids,415 || url,www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html 1088 || WEB-CGI eXtropia webstore directory traversal || bugtraq,1774 || cve,2000-1005 1089 || WEB-CGI shopping cart directory traversal || bugtraq,1777 || cve,2000-0921 1090 || WEB-CGI Allaire Pro Web Shell attempt 1091 || WEB-MISC ICQ Webfront HTTP DOS || cve,2000-1078 1092 || WEB-CGI Armada Style Master Index directory traversal || bugtraq,1772 || cve,2000-0924 || url,www.synnergy.net/downloads/advisories/SLA-2000-16.masterindex.txt 1093 || WEB-CGI cached_feed.cgi moreover shopping cart directory traversal || bugtraq,1762 || cve,2000-0906 1094 || WEB-CGI webstore directory traversal || bugtraq,1774 || cve,2000-1005 1095 || WEB-MISC Talentsoft Web+ Source Code view access || bugtraq,1722 1096 || WEB-MISC Talentsoft Web+ internal IP Address access || bugtraq,1720 1097 || WEB-CGI Talentsoft Web+ exploit attempt || bugtraq,1725 1098 || WEB-MISC SmartWin CyberOffice Shopping Cart access || bugtraq,1734 || cve,2000-0925 1099 || WEB-MISC cybercop scan || arachnids,374 1100 || WEB-MISC L3retriever HTTP Probe || arachnids,310 1101 || WEB-MISC Webtrends HTTP probe || arachnids,309 1102 || WEB-MISC nessus 1.X 404 probe || arachnids,301 1103 || WEB-MISC Netscape admin passwd || bugtraq,1579 || nessus,10468 1104 || WEB-MISC whisker space splice attack || arachnids,296 || url,www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html 1105 || WEB-MISC BigBrother access || bugtraq,1455 || cve,2000-0638 || nessus,10460 1106 || WEB-CGI Poll-it access || bugtraq,1431 || cve,2000-0590 1107 || WEB-MISC ftp.pl access || bugtraq,1471 || cve,2000-0674 || nessus,10467 1108 || WEB-MISC Tomcat server snoop access || bugtraq,1532 || cve,2000-0760 1109 || WEB-MISC ROXEN directory list attempt || bugtraq,1510 || cve,2000-0671 1110 || WEB-MISC apache source.asp file access || bugtraq,1457 || cve,2000-0628 || nessus,10480 1111 || WEB-MISC Tomcat server exploit access || bugtraq,1548 || cve,2000-0672 || nessus,10477 1112 || WEB-MISC http directory traversal || arachnids,298 1113 || WEB-MISC http directory traversal || arachnids,297 1114 || WEB-MISC prefix-get // 1115 || WEB-MISC ICQ webserver DOS || cve,1999-0474 1116 || WEB-MISC Lotus DelDoc attempt 1117 || WEB-MISC Lotus EditDoc attempt || url,www.securiteam.com/exploits/5NP080A1RE.html 1118 || WEB-MISC ls%20-l 1119 || WEB-MISC mlog.phtml access || bugtraq,713 || cve,1999-0068 || cve,1999-0346 1120 || WEB-MISC mylog.phtml access || bugtraq,713 || cve,1999-0068 || cve,1999-0346 1121 || WEB-MISC O'Reilly args.bat access 1122 || WEB-MISC /etc/passwd 1123 || WEB-MISC ?PageServices access || bugtraq,1063 || bugtraq,7621 || cve,1999-0269 1124 || WEB-MISC Ecommerce check.txt access 1125 || WEB-MISC webcart access || cve,1999-0610 || nessus,10298 1126 || WEB-MISC AuthChangeUrl access || bugtraq,1191 || cve,2000-0304 1127 || WEB-MISC convert.bas access || bugtraq,2025 || cve,1999-0175 1128 || WEB-MISC cpshost.dll access || bugtraq,4002 1129 || WEB-MISC .htaccess access 1130 || WEB-MISC .wwwacl access 1131 || WEB-MISC .wwwacl access 1132 || WEB-MISC Netscape Unixware overflow || arachnids,180 1133 || SCAN cybercop os probe || arachnids,145 1134 || WEB-PHP Phorum admin access || arachnids,205 || bugtraq,2271 1136 || WEB-MISC cd.. 1137 || WEB-PHP Phorum authentication access || arachnids,206 || bugtraq,2274 1138 || WEB-MISC Cisco Web DOS attempt || arachnids,275 1139 || WEB-MISC whisker HEAD/./ || url,www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html 1140 || WEB-MISC guestbook.pl access || arachnids,228 || bugtraq,776 || cve,1999-0237 || cve,1999-1053 || nessus,10099 1141 || WEB-MISC handler access || arachnids,235 || bugtraq,380 || cve,1999-0148 || nessus,10100 1142 || WEB-MISC /.... access 1143 || WEB-MISC ///cgi-bin access || nessus,11032 1144 || WEB-MISC /cgi-bin/// access || nessus,11032 1145 || WEB-MISC /~root access 1146 || WEB-MISC Ecommerce import.txt access 1147 || WEB-MISC cat%20 access || bugtraq,374 || cve,1999-0039 1148 || WEB-MISC Ecommerce import.txt access 1149 || WEB-CGI count.cgi access || bugtraq,128 || cve,1999-0021 || nessus,10049 1150 || WEB-MISC Domino catalog.nsf access || nessus,10629 1151 || WEB-MISC Domino domcfg.nsf access || nessus,10629 1152 || WEB-MISC Domino domlog.nsf access || nessus,10629 1153 || WEB-MISC Domino log.nsf access || nessus,10629 1154 || WEB-MISC Domino names.nsf access || nessus,10629 1155 || WEB-MISC Ecommerce checks.txt access || bugtraq,2281 1156 || WEB-MISC apache directory disclosure attempt || bugtraq,2503 1157 || WEB-MISC Netscape PublishingXpert access || cve,2000-1196 1158 || WEB-MISC windmail.exe access || arachnids,465 || bugtraq,1073 || cve,2000-0242 || nessus,10365 1159 || WEB-MISC webplus access || bugtraq,1174 || bugtraq,1720 || bugtraq,1722 || bugtraq,1725 || cve,2000-1005 1160 || WEB-MISC Netscape dir index wp || arachnids,270 || bugtraq,1063 || cve,2000-0236 1161 || WEB-PHP piranha passwd.php3 access || arachnids,272 || bugtraq,1149 || cve,2000-0322 1162 || WEB-MISC cart 32 AdminPwd access || bugtraq,1153 || cve,2000-0429 1163 || WEB-CGI webdist.cgi access || bugtraq,374 || cve,1999-0039 || nessus,10299 1164 || WEB-MISC shopping cart access || bugtraq,1983 || bugtraq,2049 || cve,1999-0607 || cve,2000-1188 1165 || WEB-MISC Novell Groupwise gwweb.exe access || bugtraq,879 || cve,1999-1005 || cve,1999-1006 || nessus,10877 1166 || WEB-MISC ws_ftp.ini access || bugtraq,547 || cve,1999-1078 1167 || WEB-MISC rpm_query access || bugtraq,1036 || cve,2000-0192 || nessus,10340 1168 || WEB-MISC mall log order access || bugtraq,2266 || cve,1999-0606 1171 || WEB-MISC whisker HEAD with large datagram || url,www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html 1172 || WEB-CGI bigconf.cgi access || bugtraq,778 || cve,1999-1550 || nessus,10027 1173 || WEB-MISC architext_query.pl access || bugtraq,2248 || nessus,10064 || url,www2.fedcirc.gov/alerts/advisories/1998/txt/fedcirc.98.03.txt 1174 || WEB-CGI /cgi-bin/jj access || bugtraq,2002 || cve,1999-0260 || nessus,10131 1175 || WEB-MISC wwwboard.pl access || bugtraq,1795 || bugtraq,649 || cve,1999-0930 || cve,1999-0954 1176 || WEB-MISC order.log access 1177 || WEB-MISC Netscape Enterprise Server directory view || bugtraq,1063 1178 || WEB-PHP Phorum read access || arachnids,208 1179 || WEB-PHP Phorum violation access || arachnids,209 || bugtraq,2272 1180 || WEB-MISC get32.exe access || arachnids,258 || bugtraq,1485 || bugtraq,770 || cve,1999-0885 || nessus,10011 1181 || WEB-MISC Annex Terminal DOS attempt || arachnids,260 || cve,1999-1070 || nessus,10017 1182 || WEB-MISC cgitest.exe attempt || arachnids,265 || bugtraq,1313 || bugtraq,3885 || cve,2000-0521 || cve,2002-0128 || nessus,10040 || nessus,10623 1183 || WEB-MISC Netscape Enterprise Server directory view || bugtraq,1063 || cve,2000-0236 1184 || WEB-MISC Netscape Enterprise Server directory view || bugtraq,1063 1185 || WEB-CGI bizdbsearch attempt || bugtraq,1104 || cve,2000-0287 || nessus,10383 1186 || WEB-MISC Netscape Enterprise Server directory view || bugtraq,1063 1187 || WEB-MISC SalesLogix Eviewer web command attempt || bugtraq,1078 || bugtraq,1089 || cve,2000-0278 || cve,2000-0289 1188 || WEB-MISC Netscape Enterprise Server directory view || bugtraq,1063 1189 || WEB-MISC Netscape Enterprise Server directory view || bugtraq,1063 1190 || WEB-MISC Netscape Enterprise Server directory view || bugtraq,1063 1191 || WEB-MISC Netscape Enterprise Server directory view || bugtraq,1063 1192 || WEB-MISC Trend Micro OfficeScan access || bugtraq,1057 1193 || WEB-MISC oracle web arbitrary command execution attempt || bugtraq,1053 || cve,2000-0169 || nessus,10348 1194 || WEB-CGI sojourn.cgi File attempt || bugtraq,1052 || cve,2000-0180 1195 || WEB-CGI sojourn.cgi access || bugtraq,1052 || cve,2000-0180 1196 || WEB-CGI SGI InfoSearch fname attempt || arachnids,290 || bugtraq,1031 || cve,2000-0207 1197 || WEB-PHP Phorum code access || arachnids,207 1198 || WEB-MISC Netscape Enterprise Server directory view || bugtraq,1063 1199 || WEB-MISC Compaq Insight directory traversal || arachnids,244 || bugtraq,282 || cve,1999-0771 1200 || ATTACK-RESPONSES Invalid URL || url,www.microsoft.com/technet/security/bulletin/MS00-063.mspx 1201 || ATTACK-RESPONSES 403 Forbidden 1202 || WEB-MISC search.vts access || bugtraq,162 1204 || WEB-CGI ax-admin.cgi access 1205 || WEB-CGI axs.cgi access 1206 || WEB-CGI cachemgr.cgi access || bugtraq,2059 || cve,1999-0710 || nessus,10034 1207 || WEB-MISC htgrep access || cve,2000-0832 1208 || WEB-CGI responder.cgi access || bugtraq,3155 1209 || WEB-MISC .nsconfig access 1211 || WEB-CGI web-map.cgi access 1212 || WEB-MISC Admin_files access 1213 || WEB-MISC backup access 1214 || WEB-MISC intranet access || nessus,11626 1215 || WEB-CGI ministats admin access 1216 || WEB-MISC filemail access || cve,1999-1154 || cve,1999-1155 || url,www.securityfocus.com/archive/1/11175 1217 || WEB-MISC plusmail access || bugtraq,2653 || cve,2000-0074 || nessus,10181 1218 || WEB-MISC adminlogin access || bugtraq,1164 || bugtraq,1175 || nessus,11748 1219 || WEB-CGI dfire.cgi access || bugtraq,0564 || bugtraq,564 || cve,1999-0913 1220 || WEB-MISC ultraboard access || bugtraq,1164 || bugtraq,1175 || nessus,11748 1221 || WEB-MISC musicat empower access || bugtraq,2374 || cve,2001-0224 || nessus,10609 1222 || WEB-CGI pals-cgi arbitrary file access attempt || bugtraq,2372 || cve,2001-0217 || nessus,10611 1224 || WEB-MISC ROADS search.pl attempt || bugtraq,2371 || cve,2001-0215 || nessus,10627 1225 || X11 MIT Magic Cookie detected || arachnids,396 1226 || X11 xopen || arachnids,395 1227 || X11 outbound client connection detected || arachnids,126 1228 || SCAN nmap XMAS || arachnids,30 1229 || FTP CWD ... || bugtraq,9237 1230 || WEB-MISC VirusWall FtpSave access || bugtraq,2808 || cve,2001-0432 || nessus,10733 1231 || WEB-MISC VirusWall catinfo access || bugtraq,2579 || bugtraq,2808 || cve,2001-0432 || nessus,10650 1232 || WEB-MISC VirusWall catinfo access || bugtraq,2579 || bugtraq,2808 || cve,2001-0432 || nessus,10650 1233 || WEB-CLIENT Outlook EML access || nessus,10767 1234 || WEB-MISC VirusWall FtpSaveCSP access || bugtraq,2808 || cve,2001-0432 || nessus,10733 1235 || WEB-MISC VirusWall FtpSaveCVP access || bugtraq,2808 || cve,2001-0432 || nessus,10733 1236 || WEB-MISC Tomcat sourecode view 1237 || WEB-MISC Tomcat sourecode view 1238 || WEB-MISC Tomcat sourecode view 1239 || NETBIOS RFParalyze Attempt || bugtraq,1163 || cve,2000-0347 || nessus,10392 1240 || EXPLOIT MDBMS overflow || bugtraq,1252 || cve,2000-0446 1241 || WEB-MISC SWEditServlet directory traversal attempt || bugtraq,2868 1242 || WEB-IIS ISAPI .ida access || arachnids,552 || bugtraq,1065 || cve,2000-0071 1243 || WEB-IIS ISAPI .ida attempt || arachnids,552 || bugtraq,1065 || cve,2000-0071 1244 || WEB-IIS ISAPI .idq attempt || arachnids,553 || bugtraq,1065 || bugtraq,968 || cve,2000-0071 || cve,2000-0126 || nessus,10115 1245 || WEB-IIS ISAPI .idq access || arachnids,553 || bugtraq,1065 || cve,2000-0071 1246 || WEB-FRONTPAGE rad overflow attempt || arachnids,555 || bugtraq,2906 || cve,2001-0341 || url,www.microsoft.com/technet/security/bulletin/MS01-035.mspx 1247 || WEB-FRONTPAGE rad overflow attempt || bugtraq,2906 || cve,2001-0341 1248 || WEB-FRONTPAGE rad fp30reg.dll access || arachnids,555 || bugtraq,2906 || cve,2001-0341 || url,www.microsoft.com/technet/security/bulletin/MS01-035.mspx 1249 || WEB-FRONTPAGE frontpage rad fp4areg.dll access || bugtraq,2906 || cve,2001-0341 1250 || WEB-MISC Cisco IOS HTTP configuration attempt || bugtraq,2936 || cve,2001-0537 1251 || INFO TELNET Bad Login 1252 || TELNET bsd telnet exploit response || bugtraq,3064 || cve,2001-0554 || nessus,10709 1253 || TELNET bsd exploit client finishing || bugtraq,3064 || cve,2001-0554 || nessus,10709 1254 || WEB-PHP PHPLIB remote command attempt || bugtraq,3079 || cve,2001-1370 1255 || WEB-PHP PHPLIB remote command attempt || bugtraq,3079 || cve,2001-1370 1256 || WEB-IIS CodeRed v2 root.exe access || url,www.cert.org/advisories/CA-2001-19.html 1257 || DOS Winnuke attack || bugtraq,2010 || cve,1999-0153 1258 || WEB-MISC HP OpenView Manager DOS || bugtraq,2845 || cve,2001-0552 1259 || WEB-MISC SWEditServlet access || bugtraq,2868 1260 || WEB-MISC long basic authorization string || bugtraq,3230 || cve,2001-1067 1261 || EXPLOIT AIX pdnsd overflow || bugtraq,3237 || bugtraq,590 || cve,1999-0745 1262 || RPC portmap admind request TCP || arachnids,18 1263 || RPC portmap amountd request TCP || arachnids,19 1264 || RPC portmap bootparam request TCP || arachnids,16 || cve,1999-0647 1265 || RPC portmap cmsd request TCP || arachnids,17 1266 || RPC portmap mountd request TCP || arachnids,13 1267 || RPC portmap nisd request TCP || arachnids,21 1268 || RPC portmap pcnfsd request TCP || arachnids,22 1269 || RPC portmap rexd request TCP || arachnids,23 1270 || RPC portmap rstatd request TCP || arachnids,10 1271 || RPC portmap rusers request TCP || arachnids,133 || cve,1999-0626 1272 || RPC portmap sadmind request TCP || arachnids,20 1273 || RPC portmap selection_svc request TCP || arachnids,25 1274 || RPC portmap ttdbserv request TCP || arachnids,24 || bugtraq,122 || bugtraq,3382 || cve,1999-0003 || cve,1999-0687 || cve,1999-1075 || cve,2001-0717 || url,www.cert.org/advisories/CA-2001-05.html 1275 || RPC portmap yppasswd request TCP || arachnids,14 1276 || RPC portmap ypserv request TCP || arachnids,12 || bugtraq,5914 || bugtraq,6016 || cve,2000-1042 || cve,2000-1043 || cve,2002-1232 1277 || RPC portmap ypupdated request UDP || arachnids,125 1278 || RPC rstatd query || arachnids,9 1279 || RPC portmap snmpXdmi request UDP || bugtraq,2417 || cve,2001-0236 || url,www.cert.org/advisories/CA-2001-05.html 1280 || RPC portmap listing UDP 111 || arachnids,428 1281 || RPC portmap listing UDP 32771 || arachnids,429 1282 || RPC EXPLOIT statdx || arachnids,442 1283 || WEB-IIS outlook web dos || bugtraq,3223 1284 || WEB-CLIENT readme.eml download attempt || url,www.cert.org/advisories/CA-2001-26.html 1285 || WEB-IIS msdac access || nessus,11032 1286 || WEB-IIS _mem_bin access || nessus,11032 1287 || WEB-IIS scripts access 1288 || WEB-FRONTPAGE /_vti_bin/ access || nessus,11032 1289 || TFTP GET Admin.dll || url,www.cert.org/advisories/CA-2001-26.html 1290 || WEB-CLIENT readme.eml autoload attempt || url,www.cert.org/advisories/CA-2001-26.html 1291 || WEB-MISC sml3com access || bugtraq,2721 || cve,2001-0740 1292 || ATTACK-RESPONSES directory listing 1293 || NETBIOS nimda .eml || url,www.f-secure.com/v-descs/nimda.shtml 1294 || NETBIOS nimda .nws || url,www.f-secure.com/v-descs/nimda.shtml 1295 || NETBIOS nimda RICHED20.DLL || url,www.f-secure.com/v-descs/nimda.shtml 1296 || RPC portmap request yppasswdd || bugtraq,2763 1297 || RPC portmap request yppasswdd || bugtraq,2763 1298 || RPC portmap tooltalk request TCP || bugtraq,3382 || cve,1999-0003 || cve,1999-0687 || cve,1999-1075 || cve,2001-0717 || url,www.cert.org/advisories/CA-2001-05.html 1299 || RPC portmap tooltalk request UDP || bugtraq,3382 || cve,1999-0003 || cve,1999-0687 || cve,1999-1075 || cve,2001-0717 || url,www.cert.org/advisories/CA-2001-05.html 1300 || WEB-PHP admin.php file upload attempt || bugtraq,3361 || cve,2001-1032 1301 || WEB-PHP admin.php access || bugtraq,3361 || bugtraq,7532 || bugtraq,9270 || cve,2001-1032 1302 || WEB-MISC console.exe access || bugtraq,3375 || cve,2001-1252 1303 || WEB-MISC cs.exe access || bugtraq,3375 || cve,2001-1252 1304 || WEB-CGI txt2html.cgi access 1305 || WEB-CGI txt2html.cgi directory traversal attempt 1306 || WEB-CGI store.cgi product directory traversal attempt || bugtraq,2385 || cve,2001-0305 1307 || WEB-CGI store.cgi access || bugtraq,2385 || cve,2001-0305 || nessus,10639 1308 || WEB-CGI sendmessage.cgi access || bugtraq,3673 || cve,2001-1100 1309 || WEB-CGI zsh access || cve,1999-0509 || url,www.cert.org/advisories/CA-1996-11.html 1310 || PORN free XXX 1311 || PORN hardcore anal 1312 || PORN nude cheerleader 1313 || PORN up skirt 1314 || PORN young teen 1315 || PORN hot young sex 1316 || PORN fuck fuck fuck 1317 || PORN anal sex 1318 || PORN hardcore rape 1319 || PORN real snuff 1320 || PORN fuck movies 1321 || BAD-TRAFFIC 0 ttl || url,support.microsoft.com/default.aspx?scid=kb\ || url,www.isi.edu/in-notes/rfc1122.txt 1322 || BAD-TRAFFIC bad frag bits 1323 || EXPLOIT rwhoisd format string attempt || bugtraq,3474 || cve,2001-0838 1324 || EXPLOIT ssh CRC32 overflow /bin/sh || bugtraq,2347 || cve,2001-0144 || cve,2001-0572 1325 || EXPLOIT ssh CRC32 overflow filler || bugtraq,2347 || cve,2001-0144 || cve,2001-0572 1326 || EXPLOIT ssh CRC32 overflow NOOP || bugtraq,2347 || cve,2001-0144 || cve,2001-0572 1327 || EXPLOIT ssh CRC32 overflow || bugtraq,2347 || cve,2001-0144 || cve,2001-0572 1328 || WEB-ATTACKS ps command attempt 1329 || WEB-ATTACKS /bin/ps command attempt 1330 || WEB-ATTACKS wget command attempt 1331 || WEB-ATTACKS uname -a command attempt 1332 || WEB-ATTACKS /usr/bin/id command attempt 1333 || WEB-ATTACKS id command attempt 1334 || WEB-ATTACKS echo command attempt 1335 || WEB-ATTACKS kill command attempt 1336 || WEB-ATTACKS chmod command attempt 1337 || WEB-ATTACKS chgrp command attempt 1338 || WEB-ATTACKS chown command attempt 1339 || WEB-ATTACKS chsh command attempt 1340 || WEB-ATTACKS tftp command attempt 1341 || WEB-ATTACKS /usr/bin/gcc command attempt 1342 || WEB-ATTACKS gcc command attempt 1343 || WEB-ATTACKS /usr/bin/cc command attempt 1344 || WEB-ATTACKS cc command attempt 1345 || WEB-ATTACKS /usr/bin/cpp command attempt 1346 || WEB-ATTACKS cpp command attempt 1347 || WEB-ATTACKS /usr/bin/g++ command attempt 1348 || WEB-ATTACKS g++ command attempt 1349 || WEB-ATTACKS bin/python access attempt 1350 || WEB-ATTACKS python access attempt 1351 || WEB-ATTACKS bin/tclsh execution attempt 1352 || WEB-ATTACKS tclsh execution attempt 1353 || WEB-ATTACKS bin/nasm command attempt 1354 || WEB-ATTACKS nasm command attempt 1355 || WEB-ATTACKS /usr/bin/perl execution attempt 1356 || WEB-ATTACKS perl execution attempt 1357 || WEB-ATTACKS nt admin addition attempt 1358 || WEB-ATTACKS traceroute command attempt 1359 || WEB-ATTACKS ping command attempt 1360 || WEB-ATTACKS netcat command attempt 1361 || WEB-ATTACKS nmap command attempt 1362 || WEB-ATTACKS xterm command attempt 1363 || WEB-ATTACKS X application to remote host attempt 1364 || WEB-ATTACKS lsof command attempt 1365 || WEB-ATTACKS rm command attempt 1366 || WEB-ATTACKS mail command attempt 1367 || WEB-ATTACKS mail command attempt 1368 || WEB-ATTACKS /bin/ls| command attempt 1369 || WEB-ATTACKS /bin/ls command attempt 1370 || WEB-ATTACKS /etc/inetd.conf access 1371 || WEB-ATTACKS /etc/motd access 1372 || WEB-ATTACKS /etc/shadow access 1373 || WEB-ATTACKS conf/httpd.conf attempt 1374 || WEB-ATTACKS .htgroup access 1375 || WEB-MISC sadmind worm access || url,www.cert.org/advisories/CA-2001-11.html 1376 || WEB-MISC jrun directory browse attempt || bugtraq,3592 1377 || FTP wu-ftp bad file completion attempt [ || bugtraq,3581 || bugtraq,3707 || cve,2001-0550 || cve,2001-0886 1378 || FTP wu-ftp bad file completion attempt { || bugtraq,3581 || bugtraq,3707 || cve,2001-0550 || cve,2001-0886 1379 || FTP STAT overflow attempt || bugtraq,3507 || bugtraq,8542 || cve,2001-0325 || cve,2001-1021 || url,labs.defcom.com/adv/2001/def-2001-31.txt 1380 || WEB-IIS cross-site scripting attempt || nessus,10572 1381 || WEB-MISC Trend Micro OfficeScan attempt || bugtraq,1057 1382 || EXPLOIT CHAT IRC Ettercap parse overflow attempt || url,www.bugtraq.org/dev/GOBBLES-12.txt 1383 || P2P Fastrack kazaa/morpheus GET request || url,www.kazaa.com || url,www.musiccity.com/technology.htm 1384 || MISC UPnP malformed advertisement || bugtraq,3723 || cve,2001-0876 || cve,2001-0877 || url,www.microsoft.com/technet/security/bulletin/MS01-059.mspx 1385 || WEB-MISC mod-plsql administration access || bugtraq,3726 || bugtraq,3727 || cve,2001-1216 || cve,2001-1217 || nessus,10849 1386 || MS-SQL/SMB raiserror possible buffer overflow || bugtraq,3733 || cve,2001-0542 || url,www.microsoft.com/technet/security/bulletin/MS01-060.mspx 1387 || MS-SQL raiserror possible buffer overflow || bugtraq,3733 || cve,2001-0542 || nessus,11217 1388 || MISC UPnP Location overflow || bugtraq,3723 || cve,2001-0876 1389 || WEB-MISC viewcode.jse access || bugtraq,3715 1390 || SHELLCODE x86 inc ebx NOOP 1391 || WEB-MISC Phorecast remote code execution attempt || bugtraq,3388 || cve,2001-1049 1392 || WEB-CGI lastlines.cgi access || bugtraq,3754 || bugtraq,3755 || cve,2001-1205 || cve,2001-1206 1393 || MISC AIM AddGame attempt || bugtraq,3769 || cve,2002-0005 || url,www.w00w00.org/files/w00aimexp/ 1394 || SHELLCODE x86 NOOP 1395 || WEB-CGI zml.cgi attempt || bugtraq,3759 || cve,2001-1209 1396 || WEB-CGI zml.cgi access || bugtraq,3759 || cve,2001-1209 1397 || WEB-CGI wayboard attempt || bugtraq,2370 || cve,2001-0214 1398 || EXPLOIT CDE dtspcd exploit attempt || bugtraq,3517 || cve,2001-0803 || url,www.cert.org/advisories/CA-2002-01.html 1399 || WEB-PHP PHP-Nuke remote file include attempt || bugtraq,3889 || cve,2002-0206 1400 || WEB-IIS /scripts/samples/ access || nessus,10370 1401 || WEB-IIS /msadc/samples/ access || bugtraq,167 || cve,1999-0736 || nessus,1007 1402 || WEB-IIS iissamples access || nessus,11032 1403 || WEB-MISC viewcode access || cve,1999-0737 || nessus,10576 || nessus,12048 1404 || WEB-MISC showcode access 1405 || WEB-CGI AHG search.cgi access || bugtraq,3985 1406 || WEB-CGI agora.cgi access || bugtraq,3702 || bugtraq,3976 || cve,2001-1199 || cve,2002-0215 || nessus,10836 1407 || WEB-PHP smssend.php access || bugtraq,3982 || cve,2002-0220 1408 || DOS MSDTC attempt || bugtraq,4006 || cve,2002-0224 || nessus,10939 1409 || SNMP community string buffer overflow attempt || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 || url,www.cert.org/advisories/CA-2002-03.html 1410 || WEB-CGI dcboard.cgi access || bugtraq,2728 || cve,2001-0527 || nessus,10583 1411 || SNMP public access udp || bugtraq,2112 || bugtraq,4088 || bugtraq,4089 || cve,1999-0517 || cve,2002-0012 || cve,2002-0013 1412 || SNMP public access tcp || bugtraq,2112 || bugtraq,4088 || bugtraq,4089 || bugtraq,7212 || cve,1999-0517 || cve,2002-0012 || cve,2002-0013 1413 || SNMP private access udp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || bugtraq,7212 || cve,2002-0012 || cve,2002-0013 1414 || SNMP private access tcp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1415 || SNMP Broadcast request || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1416 || SNMP broadcast trap || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1417 || SNMP request udp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1418 || SNMP request tcp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1419 || SNMP trap udp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1420 || SNMP trap tcp || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1421 || SNMP AgentX/tcp request || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 1422 || SNMP community string buffer overflow attempt with evasion || bugtraq,4088 || bugtraq,4089 || bugtraq,4132 || cve,2002-0012 || cve,2002-0013 || url,www.cert.org/advisories/CA-2002-03.html 1423 || WEB-PHP content-disposition memchr overflow || bugtraq,4183 || cve,2002-0081 || nessus,10867 1424 || SHELLCODE x86 0xEB0C NOOP 1425 || WEB-PHP content-disposition || bugtraq,4183 || cve,2002-0081 || nessus,10867 1426 || SNMP PROTOS test-suite-req-app attempt || url,www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html 1427 || SNMP PROTOS test-suite-trap-app attempt || url,www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html 1428 || MULTIMEDIA audio galaxy keepalive 1429 || POLICY poll.gotomypc.com access || url,www.gotomypc.com/help2.tmpl 1430 || TELNET Solaris memory mismanagement exploit attempt 1431 || BAD-TRAFFIC syn to multicast address 1432 || P2P GNUTella client request 1433 || WEB-MISC .history access 1434 || WEB-MISC .bash_history access 1435 || DNS named authors attempt || arachnids,480 || nessus,10728 1436 || MULTIMEDIA Quicktime User Agent access 1437 || MULTIMEDIA Windows Media download 1438 || MULTIMEDIA Windows Media Video download 1439 || MULTIMEDIA Shoutcast playlist redirection 1440 || MULTIMEDIA Icecast playlist redirection 1441 || TFTP GET nc.exe 1442 || TFTP GET shadow 1443 || TFTP GET passwd 1444 || TFTP Get 1445 || POLICY FTP file_id.diz access possible warez site 1446 || SMTP vrfy root 1447 || MISC MS Terminal server request RDP || bugtraq,3099 || cve,2001-0540 1448 || MISC MS Terminal server request || bugtraq,3099 || cve,2001-0540 || url,www.microsoft.com/technet/security/bulletin/MS01-040.mspx 1449 || POLICY FTP anonymous ftp login attempt 1450 || SMTP expn *@ || cve,1999-1200 1451 || WEB-CGI NPH-publish access || bugtraq,2563 || cve,2001-0400 1452 || WEB-CGI args.cmd access || cve,1999-1180 || nessus,11465 1453 || WEB-CGI AT-generated.cgi access || cve,1999-1072 1454 || WEB-CGI wwwwais access || cve,2001-0223 || nessus,10597 1455 || WEB-CGI calender.pl access || cve,2000-0432 1456 || WEB-CGI calender_admin.pl access || cve,2000-0432 1457 || WEB-CGI user_update_admin.pl access || bugtraq,1486 || cve,2000-0627 1458 || WEB-CGI user_update_passwd.pl access || bugtraq,1486 || cve,2000-0627 1459 || WEB-CGI bb-histlog.sh access || bugtraq,142 || cve,1999-1462 || nessus,10025 1460 || WEB-CGI bb-histsvc.sh access || bugtraq,142 || cve,1999-1462 1461 || WEB-CGI bb-rep.sh access || bugtraq,142 || cve,1999-1462 1462 || WEB-CGI bb-replog.sh access || bugtraq,142 || cve,1999-1462 1463 || CHAT IRC message 1464 || ATTACK-RESPONSES oracle one hour install || nessus,10737 1465 || WEB-CGI auktion.cgi access || bugtraq,2367 || cve,2001-0212 || nessus,10638 1466 || WEB-CGI cgiforum.pl access || bugtraq,1963 || cve,2000-1171 || nessus,10552 1467 || WEB-CGI directorypro.cgi access || bugtraq,2793 || cve,2001-0780 1468 || WEB-CGI Web Shopper shopper.cgi attempt || bugtraq,1776 || cve,2000-0922 1469 || WEB-CGI Web Shopper shopper.cgi access || bugtraq,1776 || cve,2000-0922 1470 || WEB-CGI listrec.pl access || bugtraq,3328 || cve,2001-0997 1471 || WEB-CGI mailnews.cgi access || bugtraq,2391 || cve,2001-0271 || nessus,10641 1472 || WEB-CGI book.cgi access || bugtraq,3178 || cve,2001-1114 || nessus,10721 1473 || WEB-CGI newsdesk.cgi access || bugtraq,2172 || cve,2001-0232 1474 || WEB-CGI cal_make.pl access || bugtraq,2663 || cve,2001-0463 || nessus,10664 1475 || WEB-CGI mailit.pl access || nessus,10417 1476 || WEB-CGI sdbsearch.cgi access || cve,2001-1130 || nessus,10503 || nessus,10720 1477 || WEB-CGI swc attempt 1478 || WEB-CGI swc access || nessus,10493 1479 || WEB-CGI ttawebtop.cgi arbitrary file attempt || bugtraq,2890 || cve,2001-0805 || nessus,10696 1480 || WEB-CGI ttawebtop.cgi access || bugtraq,2890 || cve,2001-0805 || nessus,10696 1481 || WEB-CGI upload.cgi access || nessus,10290 1482 || WEB-CGI view_source access || bugtraq,2251 || cve,1999-0174 || nessus,10294 1483 || WEB-CGI ustorekeeper.pl access || cve,2001-0466 || nessus,10646 1484 || WEB-IIS /isapi/tstisapi.dll access || bugtraq,2381 || cve,2001-0302 1485 || WEB-IIS mkilog.exe access || nessus,10359 1486 || WEB-IIS ctss.idc access || nessus,10359 1487 || WEB-IIS /iisadmpwd/aexp2.htr access || bugtraq,2110 || cve,1999-0407 || cve,2002-0421 || nessus,10371 1488 || WEB-CGI store.cgi directory traversal attempt || bugtraq,2385 || cve,2001-0305 || nessus,10639 1489 || WEB-MISC /~nobody access || nessus,10484 1490 || WEB-PHP Phorum /support/common.php attempt || bugtraq,1997 1491 || WEB-PHP Phorum /support/common.php access || bugtraq,1997 || bugtraq,9361 1492 || WEB-MISC RBS ISP /newuser directory traversal attempt || bugtraq,1704 || cve,CVE-2000-1036 || nessus,10521 1493 || WEB-MISC RBS ISP /newuser access || bugtraq,1704 || cve,CVE-2000-1036 || nessus,10521 1494 || WEB-CGI SIX webboard generate.cgi attempt || bugtraq,3175 || cve,2001-1115 1495 || WEB-CGI SIX webboard generate.cgi access || bugtraq,3175 || cve,2001-1115 1496 || WEB-CGI spin_client.cgi access || nessus,10393 1497 || WEB-MISC cross site scripting attempt 1498 || WEB-MISC PIX firewall manager directory traversal attempt || bugtraq,691 || nessus,10819 1499 || WEB-MISC SiteScope Service access || nessus,10778 1500 || WEB-MISC ExAir access || bugtraq,193 || cve,1999-0449 || nessus,10002 || nessus,10003 || nessus,10004 1501 || WEB-CGI a1stats a1disp3.cgi directory traversal attempt || bugtraq,2705 || cve,2001-0561 || nessus,10669 1502 || WEB-CGI a1stats a1disp3.cgi access || bugtraq,2705 || cve,2001-0561 || nessus,10669 1503 || WEB-CGI admentor admin.asp access || bugtraq,4152 || cve,2002-0308 || nessus,10880 || url,www.securiteam.com/windowsntfocus/5DP0N1F6AW.html 1504 || MISC AFS access || nessus,10441 1505 || WEB-CGI alchemy http server PRN arbitrary command execution attempt || bugtraq,3599 || cve,2001-0871 1506 || WEB-CGI alchemy http server NUL arbitrary command execution attempt || bugtraq,3599 || cve,2001-0871 1507 || WEB-CGI alibaba.pl arbitrary command execution attempt || cve,1999-0885 || nessus,10013 1508 || WEB-CGI alibaba.pl access || bugtraq,770 || cve ,CAN-1999-0885 || nessus,10013 1509 || WEB-CGI AltaVista Intranet Search directory traversal attempt || bugtraq,896 || cve,2000-0039 || nessus,10015 1510 || WEB-CGI test.bat arbitrary command execution attempt || bugtraq,762 || cve,1999-0947 || nessus,10016 1511 || WEB-CGI test.bat access || bugtraq,762 || cve,1999-0947 || nessus,10016 1512 || WEB-CGI input.bat arbitrary command execution attempt || bugtraq,762 || cve,1999-0947 || nessus,10016 1513 || WEB-CGI input.bat access || bugtraq,762 || cve,1999-0947 || nessus,10016 1514 || WEB-CGI input2.bat arbitrary command execution attempt || bugtraq,762 || cve,1999-0947 || nessus,10016 1515 || WEB-CGI input2.bat access || bugtraq,762 || cve,1999-0947 || nessus,10016 1516 || WEB-CGI envout.bat arbitrary command execution attempt || bugtraq,762 || cve,1999-0947 || nessus,10016 1517 || WEB-CGI envout.bat access || bugtraq,762 || cve,1999-0947 || nessus,10016 1518 || WEB-MISC nstelemetry.adp access || nessus,10753 1519 || WEB-MISC apache ?M=D directory list attempt || bugtraq,3009 || cve,2001-0731 1520 || WEB-MISC server-info access || url,httpd.apache.org/docs/mod/mod_info.html 1521 || WEB-MISC server-status access || url,httpd.apache.org/docs/mod/mod_info.html 1522 || WEB-MISC ans.pl attempt || bugtraq,4147 || bugtraq,4149 || cve,2002-0306 || cve,2002-0307 || nessus,10875 1523 || WEB-MISC ans.pl access || bugtraq,4147 || bugtraq,4149 || cve,2002-0306 || cve,2002-0307 || nessus,10875 1524 || WEB-MISC AxisStorpoint CD attempt || bugtraq,1025 || cve,2000-0191 || nessus,10023 1525 || WEB-MISC Axis Storpoint CD access || bugtraq,1025 || cve,2000-0191 || nessus,10023 1526 || WEB-MISC basilix sendmail.inc access || cve,2001-1044 || nessus,10601 1527 || WEB-MISC basilix mysql.class access || cve,2001-1044 || nessus,10601 1528 || WEB-MISC BBoard access || bugtraq,1459 || cve,2000-0629 || nessus,10507 1529 || FTP SITE overflow attempt || cve,1999-0838 || cve,2001-0755 || cve,2001-0770 1530 || FTP format string attempt || bugtraq,1387 || bugtraq,2240 || bugtraq,726 || cve,1999-0997 || cve,2000-0573 || nessus,10452 1531 || WEB-CGI bb-hist.sh attempt || bugtraq,142 || cve,1999-1462 || nessus,10025 1532 || WEB-CGI bb-hostscv.sh attempt || bugtraq,1455 || cve,2000-0638 || nessus,10460 1533 || WEB-CGI bb-hostscv.sh access || bugtraq,1455 || cve,2000-0638 || nessus,10460 1534 || WEB-CGI agora.cgi attempt || bugtraq,3702 || bugtraq,3976 || cve,2001-1199 || cve,2002-0215 || nessus,10836 1535 || WEB-CGI bizdbsearch access || bugtraq,1104 || cve,2000-0287 || nessus,10383 1536 || WEB-CGI calendar_admin.pl arbitrary command execution attempt || cve,2000-0432 1537 || WEB-CGI calendar_admin.pl access || cve,2000-0432 1538 || NNTP AUTHINFO USER overflow attempt || arachnids,274 || bugtraq,1156 || cve,2000-0341 1539 || WEB-CGI /cgi-bin/ls access || bugtraq,936 || cve,2000-0079 1540 || WEB-COLDFUSION ?Mode=debug attempt || nessus,10797 1541 || FINGER version query 1542 || WEB-CGI cgimail access || cve,2000-0726 1543 || WEB-CGI cgiwrap access || bugtraq,1238 || bugtraq,3084 || bugtraq,777 || cve,1999-1530 || cve,2000-0431 || cve,2001-0987 || nessus,10041 1544 || WEB-MISC Cisco Catalyst command execution attempt || bugtraq,1846 || cve,2000-0945 || nessus,10545 1545 || DOS Cisco attempt 1546 || WEB-MISC Cisco /%% DOS attempt || bugtraq,1154 || cve,2000-0380 1547 || WEB-CGI csSearch.cgi arbitrary command execution attempt || bugtraq,4368 || cve,2002-0495 || nessus,10924 1548 || WEB-CGI csSearch.cgi access || bugtraq,4368 || cve,2002-0495 || nessus,10924 1549 || SMTP HELO overflow attempt || bugtraq,7726 || bugtraq,895 || cve,2000-0042 || nessus,10324 || nessus,11674 1550 || SMTP ETRN overflow attempt || bugtraq,1297 || cve,2000-0490 || nessus,10438 1551 || WEB-MISC /CVS/Entries access || nessus,11032 1552 || WEB-MISC cvsweb version access || cve,2000-0670 1553 || WEB-CGI /cart/cart.cgi access || bugtraq,1115 || cve,2000-0252 1554 || WEB-CGI dbman db.cgi access || bugtraq,1178 || cve,2000-0381 || nessus,10403 1555 || WEB-CGI DCShop access || bugtraq,2889 || cve,2001-0821 1556 || WEB-CGI DCShop orders.txt access || bugtraq,2889 || cve,2001-0821 1557 || WEB-CGI DCShop auth_user_file.txt access || bugtraq,2889 || cve,2001-0821 1558 || WEB-MISC Delegate whois overflow attempt || cve,2000-0165 1559 || WEB-MISC /doc/packages access || nessus,11032 1560 || WEB-MISC /doc/ access || bugtraq,318 || cve,1999-0678 1561 || WEB-MISC ?open access 1562 || FTP SITE CHOWN overflow attempt || bugtraq,2120 || cve,2001-0065 1563 || WEB-MISC login.htm attempt || bugtraq,665 || cve,1999-1533 1564 || WEB-MISC login.htm access || bugtraq,665 || cve,1999-1533 1565 || WEB-CGI eshop.pl arbitrary commane execution attempt || bugtraq,3340 || cve,2001-1014 1566 || WEB-CGI eshop.pl access || bugtraq,3340 || cve,2001-1014 1567 || WEB-IIS /exchange/root.asp attempt || bugtraq,3301 || cve,2001-0660 || nessus,10755 || nessus,10781 1568 || WEB-IIS /exchange/root.asp access || bugtraq,3301 || cve,2001-0660 || nessus,10755 || nessus,10781 1569 || WEB-CGI loadpage.cgi directory traversal attempt 1570 || WEB-CGI loadpage.cgi access 1571 || WEB-CGI dcforum.cgi directory traversal attempt || bugtraq,2611 || cve,2001-0436 || cve,2001-0437 1572 || WEB-CGI commerce.cgi arbitrary file access attempt || bugtraq,2361 || cve,2001-0210 || nessus,10612 1573 || WEB-CGI cgiforum.pl attempt || bugtraq,1963 || cve,2000-1171 || nessus,10552 1574 || WEB-CGI directorypro.cgi attempt || bugtraq,2793 || cve,2001-0780 1575 || WEB-MISC Domino mab.nsf access || bugtraq,4022 || nessus,10953 1576 || WEB-MISC Domino cersvr.nsf access || nessus,10629 1577 || WEB-MISC Domino setup.nsf access || nessus,10629 1578 || WEB-MISC Domino statrep.nsf access || nessus,10629 1579 || WEB-MISC Domino webadmin.nsf access || nessus,10629 1580 || WEB-MISC Domino events4.nsf access || nessus,10629 1581 || WEB-MISC Domino ntsync4.nsf access || nessus,10629 1582 || WEB-MISC Domino collect4.nsf access || nessus,10629 1583 || WEB-MISC Domino mailw46.nsf access || nessus,10629 1584 || WEB-MISC Domino bookmark.nsf access || nessus,10629 1585 || WEB-MISC Domino agentrunner.nsf access || nessus,10629 1586 || WEB-MISC Domino mail.box access || bugtraq,881 || nessus,10629 1587 || WEB-MISC cgitest.exe access || arachnids,265 || bugtraq,1313 || bugtraq,3885 || cve,2000-0521 || cve,2002-0128 || nessus,10040 || nessus,10623 1588 || WEB-MISC SalesLogix Eviewer access || bugtraq,1078 || bugtraq,1089 || cve,2000-0278 || cve,2000-0289 1589 || WEB-MISC musicat empower attempt || bugtraq,2374 || cve,2001-0224 || nessus,10609 1590 || WEB-CGI faqmanager.cgi arbitrary file access attempt || bugtraq,3810 || nessus,10837 1591 || WEB-CGI faqmanager.cgi access || bugtraq,3810 || nessus,10837 1592 || WEB-CGI /fcgi-bin/echo.exe access || nessus,10838 1593 || WEB-CGI FormHandler.cgi external site redirection attempt || bugtraq,798 || bugtraq,799 || cve,1999-1050 || nessus,10075 1594 || WEB-CGI FormHandler.cgi access || bugtraq,798 || bugtraq,799 || cve,1999-1050 || nessus,10075 1595 || WEB-IIS htimage.exe access || bugtraq,1117 || bugtraq,964 || cve,2000-0122 || cve,2000-0256 || nessus,10376 1597 || WEB-CGI guestbook.cgi access || cve,1999-0237 || nessus,10098 1598 || WEB-CGI Home Free search.cgi directory traversal attempt || bugtraq,921 || cve,2000-0054 1599 || WEB-CGI search.cgi access || bugtraq,921 || cve,2000-0054 1600 || WEB-CGI htsearch arbitrary configuration file attempt || cve,2000-0208 1601 || WEB-CGI htsearch arbitrary file read attempt || bugtraq,1026 || cve,2000-0208 || nessus,10105 1602 || WEB-CGI htsearch access || bugtraq,1026 || cve,2000-0208 || nessus,10105 1603 || WEB-MISC DELETE attempt || nessus,10498 1604 || WEB-MISC iChat directory traversal attempt || cve,1999-0897 1605 || DOS iParty DOS attempt || bugtraq,6844 || cve,1999-1566 1606 || WEB-CGI icat access || cve,1999-1069 1607 || WEB-CGI HyperSeek hsx.cgi access || bugtraq,2314 || cve,2001-0253 || nessus,10602 1608 || WEB-CGI htmlscript attempt || bugtraq,2001 || cve,1999-0264 || nessus,10106 1609 || WEB-CGI faxsurvey arbitrary file read attempt || bugtraq,2056 || cve,1999-0262 || nessus,10067 1610 || WEB-CGI formmail arbitrary command execution attempt || arachnids,226 || bugtraq,1187 || bugtraq,2079 || cve,1999-0172 || cve,2000-0411 || nessus,10076 || nessus,10782 1611 || WEB-CGI eXtropia webstore access || bugtraq,1774 || cve,2000-1005 1612 || WEB-MISC ftp.pl attempt || bugtraq,1471 || cve,2000-0674 || nessus,10467 1613 || WEB-MISC handler attempt || arachnids,235 || bugtraq,380 || cve,1999-0148 || nessus,10100 1614 || WEB-MISC Novell Groupwise gwweb.exe attempt || bugtraq,879 || cve,1999-1005 || cve,1999-1006 || nessus,10877 1615 || WEB-MISC htgrep attempt || cve,2000-0832 1616 || DNS named version attempt || arachnids,278 || nessus,10028 1617 || WEB-CGI Bugzilla doeditvotes.cgi access || bugtraq,3800 || cve,2002-0011 1618 || WEB-IIS .asp chunked Transfer-Encoding || bugtraq,4474 || bugtraq,4485 || cve,2002-0071 || cve,2002-0079 || nessus,10932 1619 || EXPERIMENTAL WEB-IIS .htr request || bugtraq,4474 || cve,2002-0071 || nessus,10932 1620 || BAD TRAFFIC Non-Standard IP protocol 1621 || FTP CMD overflow attempt 1622 || FTP RNFR ././ attempt 1623 || FTP invalid MODE 1624 || FTP large PWD command 1625 || FTP large SYST command 1626 || WEB-IIS /StoreCSVS/InstantOrder.asmx request 1627 || BAD-TRAFFIC Unassigned/Reserved IP protocol || url,www.iana.org/assignments/protocol-numbers 1628 || WEB-CGI FormHandler.cgi directory traversal attempt attempt || bugtraq,798 || bugtraq,799 || cve,1999-1050 || nessus,10075 1629 || OTHER-IDS SecureNetPro traffic 1631 || CHAT AIM login 1632 || CHAT AIM send message 1633 || CHAT AIM receive message 1634 || POP3 PASS overflow attempt || bugtraq,791 || cve,1999-1511 || nessus,10325 1635 || POP3 APOP overflow attempt || bugtraq,1652 || cve,2000-0840 || cve,2000-0841 || nessus,10559 1636 || MISC Xtramail Username overflow attempt || bugtraq,791 || cve,1999-1511 || nessus,10323 1637 || WEB-CGI yabb access || arachnids,462 || bugtraq,1668 || cve,2000-0853 1638 || SCAN SSH Version map attempt 1639 || CHAT IRC DCC file transfer request 1640 || CHAT IRC DCC chat request 1641 || DOS DB2 dos attempt || bugtraq,3010 || cve,2001-1143 || nessus,10871 1642 || WEB-CGI document.d2w access || bugtraq,2017 || cve,2000-1110 1643 || WEB-CGI db2www access || cve,2000-0677 1644 || WEB-CGI test-cgi attempt || arachnids,218 || bugtraq,2003 || cve,1999-0070 || nessus,10282 1645 || WEB-CGI testcgi access || bugtraq,7214 || nessus,11610 1646 || WEB-CGI test.cgi access 1647 || WEB-CGI faxsurvey attempt full path || bugtraq,2056 || cve,1999-0262 || nessus,10067 1648 || WEB-CGI perl.exe command attempt || arachnids,219 || cve,1999-0509 || nessus,10173 || url,www.cert.org/advisories/CA-1996-11.html 1649 || WEB-CGI perl command attempt || arachnids,219 || cve,1999-0509 || nessus,10173 || url,www.cert.org/advisories/CA-1996-11.html 1650 || WEB-CGI tst.bat access || bugtraq,770 || cve,1999-0885 || nessus,10014 1651 || WEB-CGI enivorn.pl access 1652 || WEB-CGI campus attempt || bugtraq,1975 || nessus,10035 1653 || WEB-CGI campus access || bugtraq,1975 || nessus,10035 1654 || WEB-CGI cart32.exe access 1655 || WEB-CGI pfdispaly.cgi arbitrary command execution attempt 1656 || WEB-CGI pfdispaly.cgi access 1657 || WEB-CGI pagelog.cgi directory traversal attempt || bugtraq,1864 || cve,2000-0940 || nessus,10591 1658 || WEB-CGI pagelog.cgi access || bugtraq,1864 || cve,2000-0940 || nessus,10591 1659 || WEB-COLDFUSION sendmail.cfm access 1660 || WEB-IIS trace.axd access || nessus,10993 1661 || WEB-IIS cmd32.exe access 1662 || WEB-MISC /~ftp access 1663 || WEB-MISC *%0a.pl access 1664 || WEB-MISC mkplog.exe access 1665 || WEB-MISC mkilog.exe access 1666 || ATTACK-RESPONSES index of /cgi-bin/ response || nessus,10039 1667 || WEB-MISC cross site scripting HTML Image tag set to javascript attempt 1668 || WEB-CGI /cgi-bin/ access 1669 || WEB-CGI /cgi-dos/ access 1670 || WEB-MISC /home/ftp access || nessus,11032 1671 || WEB-MISC /home/www access || nessus,11032 1672 || FTP CWD ~ attempt || bugtraq,2601 || bugtraq,9215 || cve,2001-0421 1673 || ORACLE EXECUTE_SYSTEM attempt 1674 || ORACLE connect_data remote version detection attempt 1675 || ORACLE misparsed login response 1676 || ORACLE select union attempt 1677 || ORACLE select like '%' attempt 1678 || ORACLE select like '%' attempt backslash escaped 1679 || ORACLE describe attempt 1680 || ORACLE all_constraints access 1681 || ORACLE all_views access 1682 || ORACLE all_source access 1683 || ORACLE all_tables access 1684 || ORACLE all_tab_columns access 1685 || ORACLE all_tab_privs access 1686 || ORACLE dba_tablespace access 1687 || ORACLE dba_tables access 1688 || ORACLE user_tablespace access 1689 || ORACLE sys.all_users access 1690 || ORACLE grant attempt 1691 || ORACLE ALTER USER attempt 1692 || ORACLE drop table attempt 1693 || ORACLE create table attempt 1694 || ORACLE alter table attempt 1695 || ORACLE truncate table attempt 1696 || ORACLE create database attempt 1697 || ORACLE alter database attempt 1698 || ORACLE execute_system attempt 1699 || P2P Fastrack kazaa/morpheus traffic || url,www.kazaa.com 1700 || WEB-CGI imagemap.exe access || arachnids,412 || bugtraq,739 || cve,1999-0951 || nessus,10122 1701 || WEB-CGI calendar-admin.pl access || bugtraq,1215 1702 || WEB-CGI Amaya templates sendtemp.pl access || bugtraq,2504 || cve,2001-0272 1703 || WEB-CGI auktion.cgi directory traversal attempt || bugtraq,2367 || cve,2001-0212 || nessus,10638 1704 || WEB-CGI cal_make.pl directory traversal attempt || bugtraq,2663 || cve,2001-0463 || nessus,10664 1705 || WEB-CGI echo.bat arbitrary command execution attempt || bugtraq,1002 || cve,2000-0213 || nessus,10246 1706 || WEB-CGI echo.bat access || bugtraq,1002 || cve,2000-0213 || nessus,10246 1707 || WEB-CGI hello.bat arbitrary command execution attempt || bugtraq,1002 || cve,2000-0213 || nessus,10246 1708 || WEB-CGI hello.bat access || bugtraq,1002 || cve,2000-0213 || nessus,10246 1709 || WEB-CGI ad.cgi access 1710 || WEB-CGI bbs_forum.cgi access 1711 || WEB-CGI bsguest.cgi access 1712 || WEB-CGI bslist.cgi access 1713 || WEB-CGI cgforum.cgi access 1714 || WEB-CGI newdesk access 1715 || WEB-CGI register.cgi access 1716 || WEB-CGI gbook.cgi access || bugtraq,1940 || cve,2000-1131 1717 || WEB-CGI simplestguest.cgi access 1718 || WEB-CGI statusconfig.pl access 1719 || WEB-CGI talkback.cgi directory traversal attempt 1720 || WEB-CGI talkback.cgi access 1721 || WEB-CGI adcycle access 1722 || WEB-CGI MachineInfo access 1723 || WEB-CGI emumail.cgi NULL attempt || bugtraq,5824 || cve,2002-1526 1724 || WEB-CGI emumail.cgi access || bugtraq,5824 || cve,2002-1526 1725 || WEB-IIS +.htr code fragment attempt || bugtraq,1488 || cve,2000-0630 || nessus,10680 1726 || WEB-IIS doctodep.btr access 1727 || WEB-CGI SGI InfoSearch fname access || arachnids,290 || bugtraq,1031 || cve,2000-0207 1728 || FTP CWD ~<CR><NEWLINE> attempt || bugtraq,2601 || cve,2001-0421 1729 || CHAT IRC channel join 1730 || WEB-CGI ustorekeeper.pl directory traversal attempt || cve,2001-0466 || nessus,10645 1731 || WEB-CGI a1stats access || bugtraq,2705 || cve,2001-0561 || nessus,10669 1732 || RPC portmap rwalld request UDP 1733 || RPC portmap rwalld request TCP 1734 || FTP USER overflow attempt || bugtraq,10078 || bugtraq,1227 || bugtraq,1504 || bugtraq,1690 || bugtraq,4638 || bugtraq,7307 || bugtraq,8376 || cve,1999-1510 || cve,1999-1514 || cve,1999-1519 || cve,1999-1539 || cve,2000-0479 || cve,2000-0656 || cve,2000-0761 || cve,2000-0943 || cve,2000-1035 || cve,2000-1194 || cve,2001-0256 || cve,2001-0794 || cve,2001-0826 || cve,2002-0126 || cve,2002-1522 || cve,2003-0271 || cve,2004-0286 1735 || WEB-CLIENT XMLHttpRequest attempt || bugtraq,4628 1736 || WEB-PHP squirrel mail spell-check arbitrary command attempt || bugtraq,3952 1737 || WEB-PHP squirrel mail theme arbitrary command attempt || bugtraq,4385 || cve,2002-0516 1738 || WEB-MISC global.inc access || bugtraq,4612 || cve,2002-0614 1739 || WEB-PHP DNSTools administrator authentication bypass attempt || bugtraq,4617 || cve,2002-0613 1740 || WEB-PHP DNSTools authentication bypass attempt || bugtraq,4617 || cve,2002-0613 1741 || WEB-PHP DNSTools access || bugtraq,4617 || cve,2002-0613 1742 || WEB-PHP Blahz-DNS dostuff.php modify user attempt || bugtraq,4618 || cve,2002-0599 1743 || WEB-PHP Blahz-DNS dostuff.php access || bugtraq,4618 || cve,2002-0599 1744 || WEB-MISC SecureSite authentication bypass attempt || bugtraq,4621 1745 || WEB-PHP Messagerie supp_membre.php access || bugtraq,4635 1746 || RPC portmap cachefsd request UDP || bugtraq,4674 || cve,2002-0033 || cve,2002-0084 1747 || RPC portmap cachefsd request TCP || bugtraq,4674 || cve,2002-0033 || cve,2002-0084 1748 || FTP command overflow attempt || bugtraq,4638 || cve,2002-0606 1749 || EXPERIMENTAL WEB-IIS .NET trace.axd access 1750 || WEB-IIS users.xml access 1751 || EXPLOIT cachefsd buffer overflow attempt || bugtraq,4631 || cve,2002-0084 || nessus,10951 1752 || MISC AIM AddExternalApp attempt || url,www.w00w00.org/files/w00aimexp/ 1753 || WEB-IIS as_web.exe access || bugtraq,4670 1754 || WEB-IIS as_web4.exe access || bugtraq,4670 1755 || IMAP partial body buffer overflow attempt || bugtraq,4713 || cve,2002-0379 1756 || WEB-IIS NewsPro administration authentication attempt || bugtraq,4672 1757 || WEB-MISC b2 arbitrary command execution attempt || bugtraq,4673 || cve,2002-0734 1758 || WEB-MISC b2 access || bugtraq,4673 || cve,2002-0734 1759 || MS-SQL xp_cmdshell program execution 445 1760 || OTHER-IDS ISS RealSecure 6 event collector connection attempt 1761 || OTHER-IDS ISS RealSecure 6 daemon connection attempt 1762 || WEB-CGI phf arbitrary command execution attempt || arachnids,128 || bugtraq,629 || cve,1999-0067 1763 || WEB-CGI Nortel Contivity cgiproc DOS attempt || bugtraq,938 || cve,2000-0063 || cve,2000-0064 || nessus,10160 1764 || WEB-CGI Nortel Contivity cgiproc DOS attempt || bugtraq,938 || cve,2000-0063 || cve,2000-0064 || nessus,10160 1765 || WEB-CGI Nortel Contivity cgiproc access || bugtraq,938 || cve,2000-0063 || cve,2000-0064 || nessus,10160 1766 || WEB-MISC search.dll directory listing attempt || bugtraq,1684 || cve,2000-0835 || nessus,10514 1767 || WEB-MISC search.dll access || bugtraq,1684 || cve,2000-0835 || nessus,10514 1768 || WEB-IIS header field buffer overflow attempt || bugtraq,4476 || cve,2002-0150 1769 || WEB-MISC .DS_Store access || url,www.macintouch.com/mosxreaderreports46.html 1770 || WEB-MISC .FBCIndex access || url,www.securiteam.com/securitynews/5LP0O005FS.html 1771 || POLICY IPSec PGPNet connection attempt 1772 || WEB-IIS pbserver access || url,www.microsoft.com/technet/security/bulletin/ms00-094.mspx 1773 || WEB-PHP php.exe access || url,www.securitytracker.com/alerts/2002/Jan/1003104.html 1774 || WEB-PHP bb_smilies.php access || url,www.securiteam.com/securitynews/Serious_security_hole_in_PHP-Nuke__bb_smilies_.html 1775 || MYSQL root login attempt 1776 || MYSQL show databases attempt 1777 || FTP EXPLOIT STAT * dos attempt || bugtraq,4482 || cve,2002-0073 || nessus,10934 1778 || FTP EXPLOIT STAT ? dos attempt || bugtraq,4482 || cve,2002-0073 || nessus,10934 1779 || FTP CWD .... attempt || bugtraq,4884 1780 || IMAP EXPLOIT partial body overflow attempt || bugtraq,4713 || cve,2002-0379 1781 || PORN dildo 1782 || PORN nipple clamp 1783 || PORN oral sex 1784 || PORN nude celeb 1785 || PORN voyeur 1786 || PORN raw sex 1787 || WEB-CGI csPassword.cgi access || bugtraq,4885 || bugtraq,4886 || bugtraq,4887 || bugtraq,4889 || cve,2002-0917 || cve,2002-0918 1788 || WEB-CGI csPassword password.cgi.tmp access || bugtraq,4889 || cve,2002-0920 1789 || CHAT IRC dns request 1790 || CHAT IRC dns response 1791 || BACKDOOR fragroute trojan connection attempt || bugtraq,4898 1792 || NNTP return code buffer overflow attempt || bugtraq,4900 || cve,2002-0909 1793 || PORN fetish 1794 || PORN masturbation 1795 || PORN ejaculation 1796 || PORN virgin 1797 || PORN BDSM 1798 || PORN erotica 1799 || PORN fisting 1800 || VIRUS Klez Incoming 1801 || WEB-IIS .asp HTTP header buffer overflow attempt || bugtraq,4476 || cve,2002-0150 1802 || WEB-IIS .asa HTTP header buffer overflow attempt || bugtraq,4476 || cve,2002-0150 1803 || WEB-IIS .cer HTTP header buffer overflow attempt || bugtraq,4476 || cve,2002-0150 1804 || WEB-IIS .cdx HTTP header buffer overflow attempt || bugtraq,4476 || cve,2002-0150 1805 || WEB-CGI Oracle reports CGI access || bugtraq,4848 || cve,2002-0947 1806 || WEB-IIS .htr chunked Transfer-Encoding || bugtraq,4855 || bugtraq,5003 || cve,2002-0364 1807 || WEB-MISC Chunked-Encoding transfer attempt || bugtraq,4474 || bugtraq,4485 || bugtraq,5033 || cve,2002-0071 || cve,2002-0079 || cve,2002-0392 1808 || WEB-MISC apache chunked encoding memory corruption exploit attempt || bugtraq,5033 || cve,2002-0392 1809 || WEB-MISC Apache Chunked-Encoding worm attempt || bugtraq,4474 || bugtraq,4485 || bugtraq,5033 || cve,2002-0071 || cve,2002-0079 || cve,2002-0392 1810 || ATTACK-RESPONSES successful gobbles ssh exploit GOBBLE || bugtraq,5093 || cve,2002-0390 || cve,2002-0639 1811 || ATTACK-RESPONSES successful gobbles ssh exploit uname || bugtraq,5093 || cve,2002-0390 || cve,2002-0639 1812 || EXPLOIT gobbles SSH exploit attempt || bugtraq,5093 || cve,2002-0390 || cve,2002-0639 1813 || ICMP digital island bandwidth query 1814 || WEB-MISC CISCO VoIP DOS ATTEMPT || bugtraq,4794 || bugtraq,4794 || cve,2002-0882 || nessus,11013 1815 || WEB-PHP directory.php arbitrary command attempt || bugtraq,4278 || cve,2002-0434 1816 || WEB-PHP directory.php access || bugtraq,4278 || cve,2002-0434 1817 || WEB-IIS MS Site Server default login attempt || nessus,11018 1818 || WEB-IIS MS Site Server admin attempt || nessus,11018 1819 || MISC Alcatel PABX 4400 connection attempt || nessus,11019 1820 || WEB-MISC IBM Net.Commerce orderdspc.d2w access || bugtraq,2350 || cve,2001-0319 || nessus,11020 1821 || EXPLOIT LPD dvips remote command execution attempt || bugtraq,3241 || cve,2001-1002 || nessus,11023 1822 || WEB-CGI alienform.cgi directory traversal attempt || bugtraq,4983 || cve,2002-0934 || nessus,11027 1823 || WEB-CGI AlienForm af.cgi directory traversal attempt || bugtraq,4983 || cve,2002-0934 || nessus,11027 1824 || WEB-CGI alienform.cgi access || bugtraq,4983 || cve,2002-0934 || nessus,11027 1825 || WEB-CGI AlienForm af.cgi access || bugtraq,4983 || cve,2002-0934 || nessus,11027 1826 || WEB-MISC WEB-INF access || nessus,11037 1827 || WEB-MISC Tomcat servlet mapping cross site scripting attempt || bugtraq,5193 || cve,2002-0682 || nessus,11041 1828 || WEB-MISC iPlanet Search directory traversal attempt || bugtraq,5191 || cve,2002-1042 || nessus,11043 1829 || WEB-MISC Tomcat TroubleShooter servlet access || bugtraq,4575 || nessus,11046 1830 || WEB-MISC Tomcat SnoopServlet servlet access || bugtraq,4575 || nessus,11046 1831 || WEB-MISC jigsaw dos attempt || nessus,11047 1832 || CHAT ICQ forced user addition || bugtraq,3226 || cve,2001-1305 1833 || PORN naked lesbians 1834 || WEB-PHP PHP-Wiki cross site scripting attempt || bugtraq,5254 || cve,2002-1070 1835 || WEB-MISC Macromedia SiteSpring cross site scripting attempt || bugtraq,5249 || cve,2002-1027 1836 || PORN alt.binaries.pictures.erotica 1837 || PORN alt.binaries.pictures.tinygirls 1838 || EXPLOIT SSH server banner overflow || bugtraq,5287 || cve,2002-1059 1839 || WEB-MISC mailman cross site scripting attempt || bugtraq,5298 || cve,2002-0855 1840 || WEB-CLIENT Javascript document.domain attempt || bugtraq,5346 1841 || WEB-CLIENT Javascript URL host spoofing attempt || bugtraq,5293 1842 || IMAP login buffer overflow attempt || bugtraq,502 || cve,1999-0005 || cve,1999-1557 || nessus,10123 || nessus,10125 1843 || BACKDOOR trinity connection attempt || cve,2000-0138 || nessus,10501 1844 || IMAP authenticate overflow attempt || cve,1999-0042 || nessus,10292 1845 || IMAP list literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 1846 || POLICY vncviewer Java applet download attempt || nessus,10758 1847 || WEB-MISC webalizer access || bugtraq,3473 || cve,1999-0643 || cve,2001-0835 || nessus,10816 1848 || WEB-MISC webcart-lite access || cve,1999-0610 || nessus,10298 1849 || WEB-MISC webfind.exe access || bugtraq,1487 || cve,2000-0622 || nessus,10475 1850 || WEB-CGI way-board.cgi access || nessus,10610 1851 || WEB-MISC active.log access || bugtraq,1497 || cve,2000-0642 || nessus,10470 1852 || WEB-MISC robots.txt access || nessus,10302 1853 || BACKDOOR win-trin00 connection attempt || cve,2000-0138 || nessus,10307 1854 || DDOS Stacheldraht handler->agent niggahbitch || url,staff.washington.edu/dittrich/misc/stacheldraht.analysis 1855 || DDOS Stacheldraht agent->handler skillz || url,staff.washington.edu/dittrich/misc/stacheldraht.analysis 1856 || DDOS Stacheldraht handler->agent ficken || url,staff.washington.edu/dittrich/misc/stacheldraht.analysis 1857 || WEB-MISC robot.txt access || nessus,10302 1858 || WEB-MISC CISCO PIX Firewall Manager directory traversal attempt || bugtraq,691 || cve,1999-0158 || nessus,10819 1859 || WEB-MISC Sun JavaServer default password login attempt || cve,1999-0508 || nessus,10995 1860 || WEB-MISC Linksys router default password login attempt || nessus,10999 1861 || WEB-MISC Linksys router default username and password login attempt || nessus,10999 1862 || WEB-CGI mrtg.cgi directory traversal attempt || bugtraq,4017 || cve,2002-0232 || nessus,11001 1864 || FTP SITE NEWER attempt || cve,1999-0880 || nessus,10319 1865 || WEB-CGI webdist.cgi arbitrary command attempt || bugtraq,374 || cve,1999-0039 || nessus,10299 1866 || POP3 USER overflow attempt || bugtraq,789 || cve,1999-0494 || nessus,10311 1867 || MISC xdmcp info query || nessus,10891 1868 || WEB-CGI story.pl arbitrary file read attempt || bugtraq,3028 || cve,2001-0804 || nessus,10817 1869 || WEB-CGI story.pl access || bugtraq,3028 || cve,2001-0804 || nessus,10817 1870 || WEB-CGI siteUserMod.cgi access || bugtraq,951 || cve,2000-0117 || nessus,10253 1871 || WEB-MISC Oracle XSQLConfig.xml access || bugtraq,4290 || cve,2002-0568 || nessus,10855 1872 || WEB-MISC Oracle Dynamic Monitoring Services dms access || nessus,10848 1873 || WEB-MISC globals.jsa access || bugtraq,4034 || cve,2002-0562 || nessus,10850 1874 || WEB-MISC Oracle Java Process Manager access || nessus,10851 1875 || WEB-CGI cgicso access || bugtraq,6141 || nessus,10779 || nessus,10780 1876 || WEB-CGI nph-publish.cgi access || cve,1999-1177 || nessus,10164 1877 || WEB-CGI printenv access || bugtraq,1658 || cve,2000-0868 || nessus,10188 || nessus,10503 1878 || WEB-CGI sdbsearch.cgi access || bugtraq,1658 || cve,2000-0868 || nessus,10503 1879 || WEB-CGI book.cgi arbitrary command execution attempt || bugtraq,3178 || cve,2001-1114 || nessus,10721 1880 || WEB-MISC oracle web application server access || bugtraq,1053 || cve,2000-0169 || nessus,10348 1881 || WEB-MISC bad HTTP/1.1 request, Potentially worm attack || url,securityresponse.symantec.com/avcenter/security/Content/2002.09.13.html 1882 || ATTACK-RESPONSES id check returned userid 1883 || ATTACK-RESPONSES id check returned nobody 1884 || ATTACK-RESPONSES id check returned web 1885 || ATTACK-RESPONSES id check returned http 1886 || ATTACK-RESPONSES id check returned apache 1887 || MISC OpenSSL Worm traffic || url,www.cert.org/advisories/CA-2002-27.html 1888 || FTP SITE CPWD overflow attempt || bugtraq,5427 || cve,2002-0826 1889 || MISC slapper worm admin traffic || url,isc.incidents.org/analysis.html?id=167 || url,www.cert.org/advisories/CA-2002-27.html 1890 || RPC status GHBN format string attack || bugtraq,1480 || cve,2000-0666 1891 || RPC status GHBN format string attack || bugtraq,1480 || cve,2000-0666 1892 || SNMP null community string attempt || bugtraq,2112 || bugtraq,8974 || cve,1999-0517 1893 || SNMP missing community string attempt || bugtraq,2112 || cve,1999-0517 1894 || EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1895 || EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1896 || EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1897 || EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1898 || EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1899 || EXPLOIT kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1900 || ATTACK-RESPONSES successful kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1901 || ATTACK-RESPONSES successful kadmind buffer overflow attempt || bugtraq,5731 || bugtraq,6024 || cve,2002-1226 || cve,2002-1235 || url,www.kb.cert.org/vuls/id/875073 1902 || IMAP lsub literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 1903 || IMAP rename overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 1904 || IMAP find overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 1905 || RPC AMD UDP amqproc_mount plog overflow attempt || bugtraq,614 || cve,1999-0704 1906 || RPC AMD TCP amqproc_mount plog overflow attempt || bugtraq,614 || cve,1999-0704 1907 || RPC CMSD UDP CMSD_CREATE buffer overflow attempt || bugtraq,524 || cve,1999-0696 1908 || RPC CMSD TCP CMSD_CREATE buffer overflow attempt || bugtraq,524 || cve,1999-0696 1909 || RPC CMSD TCP CMSD_INSERT buffer overflow attempt || cve,1999-0696 || url,www.cert.org/advisories/CA-99-08-cmsd.html 1910 || RPC CMSD udp CMSD_INSERT buffer overflow attempt || cve,1999-0696 || url,www.cert.org/advisories/CA-99-08-cmsd.html 1911 || RPC sadmind UDP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt || bugtraq,0866 || bugtraq,866 || cve,1999-0977 1912 || RPC sadmind TCP NETMGT_PROC_SERVICE CLIENT_DOMAIN overflow attempt || bugtraq,0866 || bugtraq,866 || cve,1999-0977 1913 || RPC STATD UDP stat mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666 1914 || RPC STATD TCP stat mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666 1915 || RPC STATD UDP monitor mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666 1916 || RPC STATD TCP monitor mon_name format string exploit attempt || bugtraq,1480 || cve,2000-0666 1917 || SCAN UPnP service discover attempt 1918 || SCAN SolarWinds IP scan attempt 1919 || FTP CWD overflow attempt || bugtraq,1227 || bugtraq,1690 || bugtraq,6869 || bugtraq,7251 || bugtraq,7950 || cve,1999-0219 || cve,1999-1058 || cve,1999-1510 || cve,2000-1035 || cve,2000-1194 || cve,2001-0781 || cve,2002-0126 || cve,2002-0405 1920 || FTP SITE NEWER overflow attempt || bugtraq,229 || cve,1999-0800 1921 || FTP SITE ZIPCHK overflow attempt || cve,2000-0040 1922 || RPC portmap proxy attempt TCP 1923 || RPC portmap proxy attempt UDP 1924 || RPC mountd UDP export request || arachnids,26 1925 || RPC mountd TCP exportall request || arachnids,26 1926 || RPC mountd UDP exportall request || arachnids,26 1927 || FTP authorized_keys 1928 || FTP shadow retrieval attempt 1929 || BACKDOOR TCPDUMP/PCAP trojan traffic || url,hlug.fscker.com 1930 || IMAP auth literal overflow attempt || cve,1999-0005 1931 || WEB-CGI rpc-nlog.pl access || cve,1999-1278 1932 || WEB-CGI rpc-smb.pl access || cve,1999-1278 1933 || WEB-CGI cart.cgi access || bugtraq,1115 || nessus,10368 1934 || POP2 FOLD overflow attempt || bugtraq,283 || cve,1999-0920 || nessus,10130 1935 || POP2 FOLD arbitrary file attempt 1936 || POP3 AUTH overflow attempt || cve,1999-0822 || nessus,10184 1937 || POP3 LIST overflow attempt || bugtraq,948 || cve,2000-0096 || nessus,10197 1938 || POP3 XTND overflow attempt 1939 || MISC bootp hardware address length overflow || cve,1999-0798 1940 || MISC bootp invalid hardware type || cve,1999-0798 1941 || TFTP GET filename overflow attempt || bugtraq,5328 || cve,2002-0813 1942 || FTP RMDIR overflow attempt || bugtraq,819 1943 || WEB-MISC /Carello/add.exe access || bugtraq,1245 || cve,2000-0396 || nessus,11776 1944 || WEB-MISC /ecscripts/ecware.exe access || bugtraq,6066 1945 || WEB-IIS unicode directory traversal attempt || bugtraq,1806 || cve,2000-0884 || nessus,10537 1946 || WEB-MISC answerbook2 admin attempt 1947 || WEB-MISC answerbook2 arbitrary command execution attempt || bugtraq,1556 || cve,2000-0697 1948 || DNS zone transfer UDP || arachnids,212 || cve,1999-0532 || nessus,10595 1949 || RPC portmap SET attempt TCP 111 1950 || RPC portmap SET attempt UDP 111 1951 || RPC mountd TCP mount request 1952 || RPC mountd UDP mount request 1953 || RPC AMD TCP pid request 1954 || RPC AMD UDP pid request 1955 || RPC AMD TCP version request 1956 || RPC AMD UDP version request || bugtraq,1554 || cve,2000-0696 1957 || RPC sadmind UDP PING || bugtraq,866 1958 || RPC sadmind TCP PING || bugtraq,866 1959 || RPC portmap NFS request UDP 1960 || RPC portmap NFS request TCP 1961 || RPC portmap RQUOTA request UDP 1962 || RPC portmap RQUOTA request TCP 1963 || RPC RQUOTA getquota overflow attempt UDP || bugtraq,864 || cve,1999-0974 1964 || RPC tooltalk UDP overflow attempt || bugtraq,122 || cve,1999-0003 1965 || RPC tooltalk TCP overflow attempt || bugtraq,122 || cve,1999-0003 1966 || MISC GlobalSunTech Access Point Information Disclosure attempt || bugtraq,6100 1967 || WEB-PHP phpbb quick-reply.php arbitrary command attempt || bugtraq,6173 1968 || WEB-PHP phpbb quick-reply.php access || bugtraq,6173 1969 || WEB-MISC ion-p access || bugtraq,6091 || cve,2002-1559 1970 || WEB-IIS MDAC Content-Type overflow attempt || bugtraq,6214 || cve,2002-1142 || url,www.foundstone.com/knowledge/randd-advisories-display.html?id=337 1971 || FTP SITE EXEC format string attempt 1972 || FTP PASS overflow attempt || bugtraq,10078 || bugtraq,10720 || bugtraq,1690 || bugtraq,3884 || bugtraq,8601 || bugtraq,9285 || cve,1999-1519 || cve,1999-1539 || cve,2000-1035 || cve,2002-0126 || cve,2002-0895 1973 || FTP MKD overflow attempt || bugtraq,612 || bugtraq,7278 || bugtraq,9872 || cve,1999-0911 || nessus,12108 1974 || FTP REST overflow attempt || bugtraq,2972 || cve,2001-0826 1975 || FTP DELE overflow attempt || bugtraq,2972 || cve,2001-0826 || cve,2001-1021 1976 || FTP RMD overflow attempt || bugtraq,2972 || cve,2000-0133 || cve,2001-0826 || cve,2001-1021 1977 || WEB-MISC xp_regwrite attempt 1978 || WEB-MISC xp_regdeletekey attempt 1979 || WEB-MISC perl post attempt || bugtraq,5520 || cve,2002-1436 || nessus,11158 1980 || BACKDOOR DeepThroat 3.1 Connection attempt || mcafee,98574 || nessus,10053 1981 || BACKDOOR DeepThroat 3.1 Connection attempt [3150] || mcafee,98574 || nessus,10053 1982 || BACKDOOR DeepThroat 3.1 Server Response [3150] || arachnids,106 || mcafee,98574 || nessus,10053 1983 || BACKDOOR DeepThroat 3.1 Connection attempt [4120] || mcafee,98574 || nessus,10053 1984 || BACKDOOR DeepThroat 3.1 Server Response [4120] || arachnids,106 || mcafee,98574 || nessus,10053 1985 || BACKDOOR Doly 1.5 server response 1986 || CHAT MSN file transfer request 1987 || MISC xfs overflow attempt || bugtraq,6241 || cve,2002-1317 || nessus,11188 1988 || CHAT MSN file transfer accept 1989 || CHAT MSN file transfer reject 1990 || CHAT MSN user search 1991 || CHAT MSN login attempt 1992 || FTP LIST directory traversal attempt || bugtraq,2618 || cve,2001-0680 || cve,2002-1054 || nessus,11112 1993 || IMAP login literal buffer overflow attempt || bugtraq,6298 1994 || WEB-CGI vpasswd.cgi access || bugtraq,6038 || nessus,11165 1995 || WEB-CGI alya.cgi access || nessus,11118 1996 || WEB-CGI viralator.cgi access || cve,2001-0849 || nessus,11107 1997 || WEB-PHP read_body.php access attempt || bugtraq,6302 || cve,2002-1341 1998 || WEB-PHP calendar.php access || bugtraq,5820 || bugtraq,9353 || nessus,11179 1999 || WEB-PHP edit_image.php access || bugtraq,3288 || cve,2001-1020 || nessus,11104 2000 || WEB-PHP readmsg.php access || cve,CAN-2001-1408 || nessus,11073 2001 || WEB-CGI smartsearch.cgi access || bugtraq,7133 2002 || WEB-PHP remote include path 2003 || MS-SQL Worm propagation attempt || bugtraq,5310 || bugtraq,5311 || cve,2002-0649 || nessus,11214 || url,vil.nai.com/vil/content/v_99992.htm 2004 || MS-SQL Worm propagation attempt OUTBOUND || bugtraq,5310 || bugtraq,5311 || cve,2002-0649 || nessus,11214 || url,vil.nai.com/vil/content/v_99992.htm 2005 || RPC portmap kcms_server request UDP || bugtraq,6665 || cve,2003-0027 || url,www.kb.cert.org/vuls/id/850785 2006 || RPC portmap kcms_server request TCP || bugtraq,6665 || cve,2003-0027 || url,www.kb.cert.org/vuls/id/850785 2007 || RPC kcms_server directory traversal attempt || bugtraq,6665 || cve,2003-0027 || url,www.kb.cert.org/vuls/id/850785 2008 || MISC CVS invalid user authentication response 2009 || MISC CVS invalid repository response 2010 || MISC CVS double free exploit attempt response || bugtraq,6650 || cve,2003-0015 2011 || MISC CVS invalid directory response || bugtraq,6650 || cve,2003-0015 2012 || MISC CVS missing cvsroot response 2013 || MISC CVS invalid module response 2014 || RPC portmap UNSET attempt TCP 111 || bugtraq,1892 2015 || RPC portmap UNSET attempt UDP 111 || bugtraq,1892 2016 || RPC portmap status request TCP || arachnids,15 2017 || RPC portmap espd request UDP || bugtraq,2714 || cve,2001-0331 2018 || RPC mountd TCP dump request 2019 || RPC mountd UDP dump request 2020 || RPC mountd TCP unmount request 2021 || RPC mountd UDP unmount request 2022 || RPC mountd TCP unmountall request 2023 || RPC mountd UDP unmountall request 2024 || RPC RQUOTA getquota overflow attempt TCP || bugtraq,864 || cve,1999-0974 2025 || RPC yppasswd username overflow attempt UDP || bugtraq,2763 || cve,2001-0779 2026 || RPC yppasswd username overflow attempt TCP || bugtraq,2763 || cve,2001-0779 2027 || RPC yppasswd old password overflow attempt UDP 2028 || RPC yppasswd old password overflow attempt TCP 2029 || RPC yppasswd new password overflow attempt UDP 2030 || RPC yppasswd new password overflow attempt TCP 2031 || RPC yppasswd user update UDP 2032 || RPC yppasswd user update TCP 2033 || RPC ypserv maplist request UDP || bugtraq,5914 || bugtraq,6016 || cve,2002-1232 2034 || RPC ypserv maplist request TCP || Cve,CAN-2002-1232 || bugtraq,5914 || bugtraq,6016 2035 || RPC portmap network-status-monitor request UDP 2036 || RPC portmap network-status-monitor request TCP 2037 || RPC network-status-monitor mon-callback request UDP 2038 || RPC network-status-monitor mon-callback request TCP 2039 || MISC bootp hostname format string attempt || bugtraq,4701 || cve,2002-0702 || nessus,11312 2040 || POLICY xtacacs login attempt 2041 || MISC xtacacs failed login response 2042 || POLICY xtacacs accepted login response 2043 || MISC isakmp login failed 2044 || POLICY PPTP Start Control Request attempt 2045 || RPC snmpXdmi overflow attempt UDP || bugtraq,2417 || cve,2001-0236 || url,www.cert.org/advisories/CA-2001-05.html 2046 || IMAP partial body.peek buffer overflow attempt || bugtraq,4713 || cve,2002-0379 2047 || MISC rsyncd module list access 2048 || MISC rsyncd overflow attempt || bugtraq,9153 || cve,CAN-2003-0962 || nessus,11943 2049 || MS-SQL ping attempt || nessus,10674 || nessus,10674 2050 || MS-SQL version overflow attempt || bugtraq,5310 || cve,2002-0649 || nessus,10674 2051 || WEB-CGI cached_feed.cgi moreover shopping cart access || bugtraq,1762 || cve,2000-0906 2052 || WEB-CGI overflow.cgi access || nessus,11190 || url,www.cert.org/advisories/CA-2002-35.html 2053 || WEB-CGI process_bug.cgi access || cve,2002-0008 2054 || WEB-CGI enter_bug.cgi arbitrary command attempt || cve,2002-0008 2055 || WEB-CGI enter_bug.cgi access || cve,2002-0008 2056 || WEB-MISC TRACE attempt || bugtraq,9561 || nessus,11213 || url,www.whitehatsec.com/press_releases/WH-PR-20030120.pdf 2057 || WEB-MISC helpout.exe access || bugtraq,6002 || cve,2002-1169 || nessus,11162 2058 || WEB-MISC MsmMask.exe attempt || nessus,11163 2059 || WEB-MISC MsmMask.exe access || nessus,11163 2060 || WEB-MISC DB4Web access || nessus,11180 2061 || WEB-MISC Tomcat null byte directory listing attempt || bugtraq,2518 || bugtraq,6721 || cve,2003-0042 2062 || WEB-MISC iPlanet .perf access || nessus,11220 2063 || WEB-MISC Demarc SQL injection attempt || bugtraq,4520 || cve,2002-0539 2064 || WEB-MISC Lotus Notes .csp script source download attempt || bugtraq,6841 2065 || WEB-MISC Lotus Notes .csp script source download attempt 2066 || WEB-MISC Lotus Notes .pl script source download attempt || bugtraq,6841 2067 || WEB-MISC Lotus Notes .exe script source download attempt || bugtraq,6841 2068 || WEB-MISC BitKeeper arbitrary command attempt || bugtraq,6588 2069 || WEB-MISC chip.ini access || bugtraq,2755 || bugtraq,2775 || cve,2001-0749 || cve,2001-0771 2070 || WEB-MISC post32.exe arbitrary command attempt || bugtraq,1485 2071 || WEB-MISC post32.exe access || bugtraq,1485 2072 || WEB-MISC lyris.pl access || bugtraq,1584 || cve,2000-0758 2073 || WEB-MISC globals.pl access || bugtraq,2671 || cve,2001-0330 2074 || WEB-PHP Mambo uploadimage.php upload php file attempt || bugtraq,6572 2075 || WEB-PHP Mambo upload.php upload php file attempt || bugtraq,6572 2076 || WEB-PHP Mambo uploadimage.php access || bugtraq,6572 2077 || WEB-PHP Mambo upload.php access || bugtraq,6572 2078 || WEB-PHP phpBB privmsg.php access || bugtraq,6634 2079 || RPC portmap nlockmgr request UDP || bugtraq,1372 || cve,2000-0508 2080 || RPC portmap nlockmgr request TCP || bugtraq,1372 || cve,2000-0508 2081 || RPC portmap rpc.xfsmd request UDP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359 2082 || RPC portmap rpc.xfsmd request TCP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359 2083 || RPC rpc.xfsmd xfs_export attempt UDP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359 2084 || RPC rpc.xfsmd xfs_export attempt TCP || bugtraq,5072 || bugtraq,5075 || cve,2002-0359 2085 || WEB-CGI parse_xml.cgi access || bugtraq,6960 || cve,2003-0054 2086 || WEB-CGI streaming server parse_xml.cgi access || bugtraq,6960 || cve,2003-0054 2087 || SMTP From comment overflow attempt || bugtraq,6991 || cve,2002-1337 || url,www.kb.cert.org/vuls/id/398025 2088 || RPC ypupdated arbitrary command attempt UDP 2089 || RPC ypupdated arbitrary command attempt TCP 2090 || WEB-IIS WEBDAV exploit attempt || bugtraq,7116 || bugtraq,7716 || cve,2003-0109 || nessus,11413 || url,www.microsoft.com/technet/security/bulletin/ms03-007.mspx 2091 || WEB-IIS WEBDAV nessus safe scan attempt || bugtraq,7116 || cve,2003-0109 || nessus,11412 || nessus,11413 || url,www.microsoft.com/technet/security/bulletin/ms03-007.mspx 2092 || RPC portmap proxy integer overflow attempt UDP || bugtraq,7123 || cve,2003-0028 2093 || RPC portmap proxy integer overflow attempt TCP || bugtraq,7123 || cve,2003-0028 2094 || RPC CMSD UDP CMSD_CREATE array buffer overflow attempt || bugtraq,5356 || cve,2002-0391 2095 || RPC CMSD TCP CMSD_CREATE array buffer overflow attempt || bugtraq,5356 || cve,2002-0391 2100 || BACKDOOR SubSeven 2.1 Gold server connection response || mcafee,10566 || nessus,10409 2101 || NETBIOS SMB SMB_COM_TRANSACTION Max Parameter and Max Count of 0 DOS Attempt || bugtraq,5556 || cve,2002-0724 || nessus,11110 || url,www.corest.com/common/showdoc.php?idx=262 || url,www.microsoft.com/technet/security/bulletin/MS02-045.mspx 2102 || NETBIOS SMB SMB_COM_TRANSACTION Max Data Count of 0 DOS Attempt || bugtraq,5556 || cve,2002-0724 || nessus,11110 || url,www.corest.com/common/showdoc.php?idx=262 || url,www.microsoft.com/technet/security/bulletin/MS02-045.mspx 2103 || NETBIOS SMB trans2open buffer overflow attempt || bugtraq,7294 || cve,2003-0201 || url,www.digitaldefense.net/labs/advisories/DDI-1013.txt 2104 || ATTACK-RESPONSES rexec username too long response || bugtraq,7459 2105 || IMAP authenticate literal overflow attempt || cve,1999-0042 || nessus,10292 2106 || IMAP lsub overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 2107 || IMAP create buffer overflow attempt || bugtraq,7446 2108 || POP3 CAPA overflow attempt 2109 || POP3 TOP overflow attempt 2110 || POP3 STAT overflow attempt 2111 || POP3 DELE overflow attempt 2112 || POP3 RSET overflow attempt 2113 || RSERVICES rexec username overflow attempt 2114 || RSERVICES rexec password overflow attempt 2115 || WEB-CGI album.pl access || bugtraq,7444 2116 || WEB-CGI chipcfg.cgi access || bugtraq,2767 || cve,2001-1341 2117 || WEB-IIS Battleaxe Forum login.asp access || bugtraq,7416 || cve,2003-0215 2118 || IMAP list overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 2119 || IMAP rename literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374 2120 || IMAP create literal buffer overflow attempt || bugtraq,7446 2121 || POP3 DELE negative arguement attempt || bugtraq,6053 || bugtraq,7445 || cve,2002-1539 2122 || POP3 UIDL negative arguement attempt || bugtraq,6053 || cve,2002-1539 || nessus,11570 2123 || ATTACK-RESPONSES Microsoft cmd.exe banner || nessus,11633 2124 || BACKDOOR Remote PC Access connection attempt || nessus,11673 2125 || FTP CWD Root directory transversal attempt || bugtraq,7674 || cve,2003-0392 || nessus,11677 2126 || MISC Microsoft PPTP Start Control Request buffer overflow attempt || bugtraq,5807 || cve,2002-1214 2127 || WEB-CGI ikonboard.cgi access || bugtraq,7361 || nessus,11605 2128 || WEB-CGI swsrv.cgi access || bugtraq,7510 || cve,2003-0217 || nessus,11608 2129 || WEB-IIS nsiislog.dll access || bugtraq,8035 || cve,2003-0349 || cve,CAN-2003-0227 || nessus,11664 || url,www.microsoft.com/technet/security/bulletin/ms03-018.mspx 2130 || WEB-IIS IISProtect siteadmin.asp access || bugtraq,7675 || cve,2003-0377 || nessus,11662 2131 || WEB-IIS IISProtect access || nessus,11661 2132 || WEB-IIS Synchrologic Email Accelerator userid list access attempt || nessus,11657 2133 || WEB-IIS MS BizTalk server access || bugtraq,7469 || bugtraq,7470 || cve,2003-0117 || cve,2003-0118 || nessus,11638 2134 || WEB-IIS register.asp access || nessus,11621 2135 || WEB-MISC philboard.mdb access || nessus,11682 2136 || WEB-MISC philboard_admin.asp authentication bypass attempt || bugtraq,7739 || nessus,11675 2137 || WEB-MISC philboard_admin.asp access || bugtraq,7739 || nessus,11675 2138 || WEB-MISC logicworks.ini access || bugtraq,6996 || nessus,11639 2139 || WEB-MISC /*.shtml access || bugtraq,1517 || cve,2000-0683 || nessus,11604 2140 || WEB-PHP p-news.php access || nessus,11669 2141 || WEB-PHP shoutbox.php directory traversal attempt || nessus,11668 2142 || WEB-PHP shoutbox.php access || nessus,11668 2143 || WEB-PHP b2 cafelog gm-2-b2.php remote file include attempt || nessus,11667 2144 || WEB-PHP b2 cafelog gm-2-b2.php access || nessus,11667 2145 || WEB-PHP TextPortal admin.php default password admin attempt || bugtraq,7673 || nessus,11660 2146 || WEB-PHP TextPortal admin.php default password 12345 attempt || bugtraq,7673 || nessus,11660 2147 || WEB-PHP BLNews objects.inc.php4 remote file include attempt || bugtraq,7677 || cve,2003-0394 || nessus,11647 2148 || WEB-PHP BLNews objects.inc.php4 access || bugtraq,7677 || cve,2003-0394 || nessus,11647 2149 || WEB-PHP Turba status.php access || nessus,11646 2150 || WEB-PHP ttCMS header.php remote file include attempt || bugtraq,7542 || bugtraq,7543 || bugtraq,7625 || nessus,11636 2151 || WEB-PHP ttCMS header.php access || bugtraq,7542 || bugtraq,7543 || bugtraq,7625 || nessus,11636 2152 || WEB-PHP test.php access || nessus,11617 2153 || WEB-PHP autohtml.php directory traversal attempt || nessus,11630 2154 || WEB-PHP autohtml.php access || nessus,11630 2155 || WEB-PHP ttforum remote file include attempt || bugtraq,7542 || bugtraq,7543 || nessus,11615 2156 || WEB-MISC mod_gzip_status access || nessus,11685 2157 || WEB-IIS IISProtect globaladmin.asp access || nessus,11661 2158 || MISC BGP invalid length || bugtraq,6213 || cve,2002-1350 || url,sf.net/tracker/index.php?func=detail&aid=744523&group_id=53066&atid=469575 2159 || MISC BGP invalid type 0 || bugtraq,6213 || cve,2002-1350 2160 || VIRUS OUTBOUND .exe file attachment 2161 || VIRUS OUTBOUND .doc file attachment 2162 || VIRUS OUTBOUND .hta file attachment 2163 || VIRUS OUTBOUND .chm file attachment 2164 || VIRUS OUTBOUND .reg file attachment 2165 || VIRUS OUTBOUND .ini file attachment 2166 || VIRUS OUTBOUND .bat file attachment 2167 || VIRUS OUTBOUND .diz file attachment 2168 || VIRUS OUTBOUND .cpp file attachment 2169 || VIRUS OUTBOUND .dll file attachment 2170 || VIRUS OUTBOUND .vxd file attachment 2171 || VIRUS OUTBOUND .sys file attachment 2172 || VIRUS OUTBOUND .com file attachment 2173 || VIRUS OUTBOUND .hsq file attachment 2174 || NETBIOS SMB winreg access 2175 || NETBIOS SMB winreg unicode access 2176 || NETBIOS SMB startup folder access 2177 || NETBIOS SMB startup folder unicode access 2178 || FTP USER format string attempt || bugtraq,7474 || bugtraq,7776 || bugtraq,9262 || bugtraq,9402 || bugtraq,9600 || bugtraq,9800 || cve,2004-0277 || nessus,10041 || nessus,11687 2179 || FTP PASS format string attempt || bugtraq,7474 || bugtraq,9262 || bugtraq,9800 || cve,2000-0699 2180 || P2P BitTorrent announce request 2181 || P2P BitTorrent transfer 2182 || BACKDOOR typot trojan traffic || mcafee,100406 2183 || SMTP Content-Transfer-Encoding overflow attempt || cve,2003-0161 || url,www.cert.org/advisories/CA-2003-12.html 2184 || RPC mountd TCP mount path overflow attempt || bugtraq,8179 || cve,2003-0252 || nessus,11800 2185 || RPC mountd UDP mount path overflow attempt || bugtraq,8179 || cve,2003-0252 || nessus,11800 2186 || BAD-TRAFFIC IP Proto 53 SWIPE || bugtraq,8211 || cve,2003-0567 2187 || BAD-TRAFFIC IP Proto 55 IP Mobility || bugtraq,8211 || cve,2003-0567 2188 || BAD-TRAFFIC IP Proto 77 Sun ND || bugtraq,8211 || cve,2003-0567 2189 || BAD-TRAFFIC IP Proto 103 PIM || bugtraq,8211 || cve,2003-0567 2190 || NETBIOS DCERPC invalid bind attempt 2191 || NETBIOS SMB DCERPC invalid bind attempt 2192 || NETBIOS DCERPC ISystemActivator bind attempt || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 2193 || NETBIOS SMB-DS DCERPC ISystemActivator bind attempt || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 2194 || WEB-CGI CSMailto.cgi access || bugtraq,4579 || bugtraq,6265 || cve,2002-0749 || nessus,11748 2195 || WEB-CGI alert.cgi access || bugtraq,4211 || bugtraq,4579 || cve,2002-0346 || nessus,11748 2196 || WEB-CGI catgy.cgi access || bugtraq,3714 || bugtraq,4579 || cve,2001-1212 || nessus,11748 2197 || WEB-CGI cvsview2.cgi access || bugtraq,4579 || bugtraq,5517 || cve,2003-0153 || nessus,11748 2198 || WEB-CGI cvslog.cgi access || bugtraq,4579 || bugtraq,5517 || cve,2003-0153 || nessus,11748 2199 || WEB-CGI multidiff.cgi access || bugtraq,4579 || bugtraq,5517 || cve,2003-0153 || nessus,11748 2200 || WEB-CGI dnewsweb.cgi access || bugtraq,1172 || bugtraq,4579 || cve,2000-0423 || nessus,11748 2201 || WEB-CGI download.cgi access || bugtraq,4579 || cve,1999-1377 || nessus,11748 2202 || WEB-CGI edit_action.cgi access || bugtraq,3698 || bugtraq,4579 || cve,2001-1196 || nessus,11748 2203 || WEB-CGI everythingform.cgi access || bugtraq,2101 || bugtraq,4579 || cve,2001-0023 || nessus,11748 2204 || WEB-CGI ezadmin.cgi access || bugtraq,4068 || bugtraq,4579 || cve,2002-0263 || nessus,11748 2205 || WEB-CGI ezboard.cgi access || bugtraq,4068 || bugtraq,4579 || cve,2002-0263 || nessus,11748 2206 || WEB-CGI ezman.cgi access || bugtraq,4068 || bugtraq,4579 || cve,2002-0263 || nessus,11748 2207 || WEB-CGI fileseek.cgi access || bugtraq,4579 || bugtraq,6784 || cve,2002-0611 || nessus,11748 2208 || WEB-CGI fom.cgi access || bugtraq,4579 || cve,2002-0230 || nessus,11748 2209 || WEB-CGI getdoc.cgi access || bugtraq,4579 || cve,2000-0288 || cve,2000-0288 || nessus,11748 2210 || WEB-CGI global.cgi access || bugtraq,4579 || cve,2000-0952 || nessus,11748 2211 || WEB-CGI guestserver.cgi access || bugtraq,4579 || cve,2001-0180 || nessus,11748 2212 || WEB-CGI imageFolio.cgi access || bugtraq,4579 || bugtraq,6265 || cve,2002-1334 || nessus,11748 2213 || WEB-CGI mailfile.cgi access || bugtraq,1807 || bugtraq,4579 || cve,2000-0977 || nessus,11748 2214 || WEB-CGI mailview.cgi access || bugtraq,1335 || bugtraq,4579 || cve,2000-0526 || nessus,11748 2215 || WEB-CGI nsManager.cgi access || bugtraq,1710 || bugtraq,4579 || cve,2000-1023 || nessus,11748 2216 || WEB-CGI readmail.cgi access || bugtraq,3427 || bugtraq,4579 || cve,2001-1283 || nessus,11748 2217 || WEB-CGI printmail.cgi access || bugtraq,3427 || bugtraq,4579 || cve,2001-1283 || nessus,11748 2218 || WEB-CGI service.cgi access || bugtraq,4211 || bugtraq,4579 || cve,2002-0346 || nessus,11748 2219 || WEB-CGI setpasswd.cgi access || bugtraq,2212 || bugtraq,4579 || cve,2001-0133 || nessus,11748 2220 || WEB-CGI simplestmail.cgi access || bugtraq,2106 || bugtraq,4579 || cve,2001-0022 || nessus,11748 2221 || WEB-CGI ws_mail.cgi access || bugtraq,2861 || bugtraq,4579 || cve,2001-1343 || nessus,11748 2222 || WEB-CGI nph-exploitscanget.cgi access || bugtraq,7910 || bugtraq,7911 || bugtraq,7913 || cve,2003-0434 || nessus,11740 2223 || WEB-CGI csNews.cgi access || bugtraq,4994 || cve,2002-0923 || nessus,11726 2224 || WEB-CGI psunami.cgi access || bugtraq,6607 || nessus,11750 2225 || WEB-CGI gozila.cgi access || nessus,11773 2226 || WEB-PHP pmachine remote file include attempt || bugtraq,7919 || nessus,11739 2227 || WEB-PHP forum_details.php access || bugtraq,7933 || nessus,11760 2228 || WEB-PHP phpMyAdmin db_details_importdocsql.php access || bugtraq,7962 || bugtraq,7965 || nessus,11761 2229 || WEB-PHP viewtopic.php access || bugtraq,7979 || cve,2003-0486 || nessus,11767 2230 || WEB-MISC NetGear router default password login attempt admin/password || nessus,11737 2231 || WEB-MISC register.dll access || bugtraq,3327 || cve,2001-0958 || nessus,11747 2232 || WEB-MISC ContentFilter.dll access || bugtraq,3327 || cve,2001-0958 || nessus,11747 2233 || WEB-MISC SFNofitication.dll access || bugtraq,3327 || cve,2001-0958 || nessus,11747 2234 || WEB-MISC TOP10.dll access || bugtraq,3327 || cve,2001-0958 || nessus,11747 2235 || WEB-MISC SpamExcp.dll access || bugtraq,3327 || cve,2001-0958 || nessus,11747 2236 || WEB-MISC spamrule.dll access || bugtraq,3327 || cve,2001-0958 || nessus,11747 2237 || WEB-MISC cgiWebupdate.exe access || bugtraq,3216 || cve,2001-1150 || nessus,11722 2238 || WEB-MISC WebLogic ConsoleHelp view source attempt || bugtraq,1518 || cve,2000-0682 || nessus,11724 2239 || WEB-MISC redirect.exe access || bugtraq,1256 || cve,2000-0401 2240 || WEB-MISC changepw.exe access || bugtraq,1256 || cve,2000-0401 2241 || WEB-MISC cwmail.exe access || bugtraq,4093 || cve,2002-0273 || nessus,11727 2242 || WEB-MISC ddicgi.exe access || bugtraq,1657 || cve,2000-0826 || nessus,11728 2243 || WEB-MISC ndcgi.exe access || cve,2001-0922 || nessus,11730 2244 || WEB-MISC VsSetCookie.exe access || bugtraq,3784 || cve,2002-0236 || nessus,11731 2245 || WEB-MISC Webnews.exe access || bugtraq,4124 || cve,2002-0290 || nessus,11732 2246 || WEB-MISC webadmin.dll access || bugtraq,7438 || bugtraq,7439 || bugtraq,8024 || cve,2003-0471 || nessus,11771 2247 || WEB-IIS UploadScript11.asp access || cve,2001-0938 2248 || WEB-IIS DirectoryListing.asp access || cve,2001-0938 2249 || WEB-IIS /pcadmin/login.asp access || bugtraq,8103 || nessus,11785 2250 || POP3 USER format string attempt || bugtraq,7667 || cve,2003-0391 || nessus,11742 2251 || NETBIOS DCERPC Remote Activation bind attempt || bugtraq,8234 || bugtraq,8458 || cve,2003-0528 || cve,2003-0605 || cve,2003-0715 || nessus,11798 || nessus,11835 || url,www.microsoft.com/technet/security/bulletin/MS03-039.mspx 2252 || NETBIOS SMB-DS DCERPC Remote Activation bind attempt || bugtraq,8234 || bugtraq,8458 || cve,2003-0528 || cve,2003-0605 || cve,2003-0715 || nessus,11798 || nessus,11835 || url,www.microsoft.com/technet/security/bulletin/MS03-039.mspx 2253 || SMTP XEXCH50 overflow attempt || bugtraq,8838 || cve,2003-0714 || nessus,11889 || url,www.microsoft.com/technet/security/bulletin/MS03-046.mspx 2254 || SMTP XEXCH50 overflow with evasion attempt || url,www.microsoft.com/technet/security/bulletin/MS03-046.mspx 2255 || RPC sadmind query with root credentials attempt TCP 2256 || RPC sadmind query with root credentials attempt UDP 2257 || NETBIOS DCERPC Messenger Service buffer overflow attempt || bugtraq,8826 || cve,2003-0717 || nessus,11888 || nessus,11890 || url,www.microsoft.com/technet/security/bulletin/MS03-043.mspx 2258 || NETBIOS SMB-DS DCERPC Messenger Service buffer overflow attempt || bugtraq,8826 || cve,2003-0717 || nessus,11888 || nessus,11890 || url,www.microsoft.com/technet/security/bulletin/MS03-043.mspx 2259 || SMTP EXPN overflow attempt || bugtraq,6991 || bugtraq,7230 || cve,2002-1337 || cve,2003-0161 2260 || SMTP VRFY overflow attempt || bugtraq,6991 || bugtraq,7230 || cve,2002-1337 || cve,2003-0161 2261 || SMTP SEND FROM sendmail prescan too many addresses overflow || bugtraq,6991 || cve,2002-1337 || nessus,11316 2262 || SMTP SEND FROM sendmail prescan too long addresses overflow || bugtraq,7230 || cve,2003-0161 2263 || SMTP SAML FROM sendmail prescan too many addresses overflow || bugtraq,6991 || cve,2002-1337 2264 || SMTP SAML FROM sendmail prescan too long addresses overflow || bugtraq,7230 || cve,2003-0161 2265 || SMTP SOML FROM sendmail prescan too many addresses overflow || bugtraq,6991 || cve,2002-1337 2266 || SMTP SOML FROM sendmail prescan too long addresses overflow || bugtraq,7230 || cve,2003-0161 2267 || SMTP MAIL FROM sendmail prescan too many addresses overflow || bugtraq,6991 || cve,2002-1337 2268 || SMTP MAIL FROM sendmail prescan too long addresses overflow || bugtraq,7230 || cve,2003-0161 2269 || SMTP RCPT TO sendmail prescan too many addresses overflow || bugtraq,6991 || cve,2002-1337 2270 || SMTP RCPT TO sendmail prescan too long addresses overflow || bugtraq,7230 || cve,2003-0161 2271 || BACKDOOR FsSniffer connection attempt || nessus,11854 2272 || FTP LIST integer overflow attempt || bugtraq,8875 || cve,2003-0853 || cve,2003-0854 2273 || IMAP login brute force attempt 2274 || POP3 login brute force attempt 2275 || SMTP AUTH LOGON brute force attempt 2276 || WEB-MISC oracle portal demo access || nessus,11918 2277 || WEB-MISC PeopleSoft PeopleBooks psdoccgi access || bugtraq,9037 || bugtraq,9038 || cve,2003-0626 || cve,2003-0627 2278 || WEB-MISC client negative Content-Length attempt || bugtraq,9098 || bugtraq,9476 || bugtraq,9576 || cve,2004-0095 2279 || WEB-PHP UpdateClasses.php access || bugtraq,9057 2280 || WEB-PHP Title.php access || bugtraq,9057 2281 || WEB-PHP Setup.php access || bugtraq,9057 2282 || WEB-PHP GlobalFunctions.php access || bugtraq,9057 2283 || WEB-PHP DatabaseFunctions.php access || bugtraq,9057 2284 || WEB-PHP rolis guestbook remote file include attempt || bugtraq,9057 2285 || WEB-PHP rolis guestbook access || bugtraq,9057 2286 || WEB-PHP friends.php access || bugtraq,9088 2287 || WEB-PHP Advanced Poll admin_comment.php access || bugtraq,8890 || nessus,11487 2288 || WEB-PHP Advanced Poll admin_edit.php access || bugtraq,8890 || nessus,11487 2289 || WEB-PHP Advanced Poll admin_embed.php access || bugtraq,8890 || nessus,11487 2290 || WEB-PHP Advanced Poll admin_help.php access || bugtraq,8890 || nessus,11487 2291 || WEB-PHP Advanced Poll admin_license.php access || bugtraq,8890 || nessus,11487 2292 || WEB-PHP Advanced Poll admin_logout.php access || bugtraq,8890 || nessus,11487 2293 || WEB-PHP Advanced Poll admin_password.php access || bugtraq,8890 || nessus,11487 2294 || WEB-PHP Advanced Poll admin_preview.php access || bugtraq,8890 || nessus,11487 2295 || WEB-PHP Advanced Poll admin_settings.php access || bugtraq,8890 || nessus,11487 2296 || WEB-PHP Advanced Poll admin_stats.php access || bugtraq,8890 || nessus,11487 2297 || WEB-PHP Advanced Poll admin_templates_misc.php access || bugtraq,8890 || nessus,11487 2298 || WEB-PHP Advanced Poll admin_templates.php access || bugtraq,8890 || nessus,11487 2299 || WEB-PHP Advanced Poll admin_tpl_misc_new.php access || bugtraq,8890 || nessus,11487 2300 || WEB-PHP Advanced Poll admin_tpl_new.php access || bugtraq,8890 || nessus,11487 2301 || WEB-PHP Advanced Poll booth.php access || bugtraq,8890 || nessus,11487 2302 || WEB-PHP Advanced Poll poll_ssi.php access || bugtraq,8890 || nessus,11487 2303 || WEB-PHP Advanced Poll popup.php access || bugtraq,8890 || nessus,11487 2304 || WEB-PHP files.inc.php access || bugtraq,8910 2305 || WEB-PHP chatbox.php access || bugtraq,8930 2306 || WEB-PHP gallery remote file include attempt || bugtraq,8814 || nessus,11876 2307 || WEB-PHP PayPal Storefront remote file include attemtp || bugtraq,8791 || nessus,11873 2308 || NETBIOS SMB DCERPC Workstation Service unicode bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx 2309 || NETBIOS SMB DCERPC Workstation Service bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx 2310 || NETBIOS SMB-DS DCERPC Workstation Service unicode bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx 2311 || NETBIOS SMB-DS DCERPC Workstation Service bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx 2312 || SHELLCODE x86 0x71FB7BAB NOOP 2313 || SHELLCODE x86 0x71FB7BAB NOOP unicode 2314 || SHELLCODE x86 0x90 NOOP unicode 2315 || NETBIOS DCERPC Workstation Service direct service bind attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx 2316 || NETBIOS DCERPC Workstation Service direct service access attempt || bugtraq,9011 || cve,2003-0812 || url,www.microsoft.com/technet/security/bulletin/MS03-049.mspx 2317 || MISC CVS non-relative path error response || bugtraq,9178 || cve,2003-0977 2318 || MISC CVS non-relative path access attempt || bugtraq,9178 || cve,2003-0977 2319 || EXPLOIT ebola PASS overflow attempt || bugtraq,9156 2320 || EXPLOIT ebola USER overflow attempt || bugtraq,9156 2321 || WEB-IIS foxweb.exe access || nessus,11939 2322 || WEB-IIS foxweb.dll access || nessus,11939 2323 || WEB-CGI quickstore.cgi access || bugtraq,9282 || nessus,11975 2324 || WEB-IIS VP-ASP shopsearch.asp access || bugtraq,9133 || bugtraq,9134 || nessus,11942 2325 || WEB-IIS VP-ASP ShopDisplayProducts.asp access || bugtraq,9133 || bugtraq,9134 || nessus,11942 2326 || WEB-IIS sgdynamo.exe access || bugtraq,4720 || cve,2002-0375 || nessus,11955 2327 || WEB-MISC bsml.pl access || bugtraq,9311 || nessus,11973 2328 || WEB-PHP authentication_index.php access || cve,2004-0032 || nessus,11982 2329 || MS-SQL probe response overflow attempt || bugtraq,9407 || cve,2003-0903 || url,www.microsoft.com/technet/security/bulletin/MS04-003.mspx 2330 || IMAP auth overflow attempt || bugtraq,8861 2331 || WEB-PHP MatrikzGB privilege escalation attempt || bugtraq,8430 2332 || FTP MKDIR format string attempt || bugtraq,9262 2333 || FTP RENAME format string attempt || bugtraq,9262 2334 || FTP Yak! FTP server default account login attempt || bugtraq,9072 2335 || FTP RMD / attempt || bugtraq,9159 2336 || TFTP NULL command attempt || bugtraq,7575 2337 || TFTP PUT filename overflow attempt || bugtraq,7819 || bugtraq,8505 || cve,2003-0380 2338 || FTP LIST buffer overflow attempt || bugtraq,10181 || bugtraq,6869 || bugtraq,7251 || bugtraq,7861 || bugtraq,8486 || bugtraq,9675 || cve,1999-0349 || cve,1999-1510 || cve,2000-0129 2339 || TFTP NULL command attempt || bugtraq,7575 2340 || FTP SITE CHMOD overflow attempt || bugtraq,10181 || bugtraq,9483 || bugtraq,9675 || cve,1999-0838 || nessus,12037 2341 || WEB-PHP DCP-Portal remote file include attempt || bugtraq,6525 2342 || WEB-PHP DCP-Portal remote file include attempt || bugtraq,6525 2343 || FTP STOR overflow attempt || bugtraq,8668 || cve,2000-0133 2344 || FTP XCWD overflow attempt || bugtraq,8704 2345 || WEB-PHP PhpGedView search.php access || bugtraq,9369 || cve,2004-0032 2346 || WEB-PHP myPHPNuke chatheader.php access || bugtraq,6544 2347 || WEB-PHP myPHPNuke partner.php access || bugtraq,6544 2348 || NETBIOS SMB-DS DCERPC print spool bind attempt 2349 || NETBIOS SMB-DS DCERPC enumerate printers request attempt 2350 || NETBIOS DCERPC ISystemActivator bind accept || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 2351 || NETBIOS DCERPC ISystemActivator path overflow attempt little endian || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 2352 || NETBIOS DCERPC ISystemActivator path overflow attempt big endian || bugtraq,8205 || cve,2003-0352 || nessus,11808 || url,www.microsoft.com/technet/security/bulletin/MS03-026.mspx 2353 || WEB-PHP IdeaBox cord.php file include || bugtraq,7488 2354 || WEB-PHP IdeaBox notification.php file include || bugtraq,7488 2355 || WEB-PHP Invision Board emailer.php file include || bugtraq,7204 2356 || WEB-PHP WebChat db_mysql.php file include || bugtraq,7000 2357 || WEB-PHP WebChat english.php file include || bugtraq,7000 2358 || WEB-PHP Typo3 translations.php file include || bugtraq,6984 2359 || WEB-PHP Invision Board ipchat.php file include || bugtraq,6976 2360 || WEB-PHP myphpPagetool pt_config.inc file include || bugtraq,6744 2361 || WEB-PHP news.php file include || bugtraq,6674 2362 || WEB-PHP YaBB SE packages.php file include || bugtraq,6663 2363 || WEB-PHP Cyboards default_header.php access || bugtraq,6597 2364 || WEB-PHP Cyboards options_form.php access || bugtraq,6597 2365 || WEB-PHP newsPHP Language file include attempt || bugtraq,8488 2366 || WEB-PHP PhpGedView PGV authentication_index.php base directory manipulation attempt || bugtraq,9368 || cve,2004-0030 2367 || WEB-PHP PhpGedView PGV functions.php base directory manipulation attempt || bugtraq,9368 || cve,2004-0030 2368 || WEB-PHP PhpGedView PGV config_gedcom.php base directory manipulation attempt || bugtraq,9368 || cve,2004-0030 2369 || WEB-MISC ISAPISkeleton.dll access || bugtraq,9516 2370 || WEB-MISC BugPort config.conf file access || bugtraq,9542 2371 || WEB-MISC Sample_showcode.html access || bugtraq,9555 2372 || WEB-PHP Photopost PHP Pro showphoto.php access || bugtraq,9557 2373 || FTP XMKD overflow attempt || bugtraq,7909 || cve,2000-0133 || cve,2001-1021 2374 || FTP NLST overflow attempt || bugtraq,10184 || bugtraq,7909 || bugtraq,9675 || cve,1999-1544 2375 || BACKDOOR DoomJuice file upload attempt || url,securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html 2376 || EXPLOIT ISAKMP first payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040 2377 || EXPLOIT ISAKMP second payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040 2378 || EXPLOIT ISAKMP third payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040 2379 || EXPLOIT ISAKMP forth payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040 2380 || EXPLOIT ISAKMP fifth payload certificate request length overflow attempt || bugtraq,9582 || cve,2004-0040 2381 || WEB-MISC schema overflow attempt || bugtraq,9581 || cve,2004-0039 || nessus,12084 2382 || NETBIOS SMB DCERPC NTLMSSP asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 2383 || NETBIOS SMB-DS DCERPC NTLMSSP asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 2384 || NETBIOS SMB NTLMSSP invalid mechlistMIC attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12054 || nessus,12065 2385 || NETBIOS SMB-DS DCERPC NTLMSSP invalid mechlistMIC attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12054 || nessus,12065 2386 || WEB-IIS NTLM ASN.1 vulnerability scan attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12055 || nessus,12065 2387 || WEB-CGI view_broadcast.cgi access || bugtraq,8257 || cve,2003-0422 2388 || WEB-CGI streaming server view_broadcast.cgi access || bugtraq,8257 || cve,2003-0422 2389 || FTP RNTO overflow attempt || bugtraq,8315 || cve,2000-0133 || cve,2001-1021 || cve,2003-0466 2390 || FTP STOU overflow attempt || bugtraq,8315 || cve,2003-0466 2391 || FTP APPE overflow attempt || bugtraq,8315 || bugtraq,8542 || cve,2000-0133 || cve,2003-0466 2392 || FTP RETR overflow attempt || bugtraq,8315 || cve,2003-0466 || cve,2004-0287 || cve,2004-0298 2393 || WEB-PHP /_admin access || bugtraq,9537 || nessus,12032 2394 || WEB-MISC Compaq web-based management agent denial of service attempt || bugtraq,8014 2395 || WEB-MISC InteractiveQuery.jsp access || bugtraq,8938 || cve,2003-0624 2396 || WEB-CGI CCBill whereami.cgi arbitrary command execution attempt || bugtraq,8095 2397 || WEB-CGI CCBill whereami.cgi access || bugtraq,8095 2398 || WEB-PHP WAnewsletter newsletter.php file include attempt || bugtraq,6965 2399 || WEB-PHP WAnewsletter db_type.php access || bugtraq,6964 2400 || WEB-MISC edittag.pl access || bugtraq,6675 2401 || NETBIOS SMB Session Setup AndX request username overflow attempt || bugtraq,9752 || url,www.eeye.com/html/Research/Advisories/AD20040226.html 2402 || NETBIOS SMB-DS Session Setup AndX request username overflow attempt || bugtraq,9752 || url,www.eeye.com/html/Research/Advisories/AD20040226.html 2403 || NETBIOS SMB Session Setup AndX request unicode username overflow attempt || bugtraq,9752 || url,www.eeye.com/html/Research/Advisories/AD20040226.html 2404 || NETBIOS SMB-DS Session Setup AndX request unicode username overflow attempt || bugtraq,9752 || url,www.eeye.com/html/Research/Advisories/AD20040226.html 2405 || WEB-PHP phptest.php access || bugtraq,9737 2406 || TELNET APC SmartSlot default admin account attempt || bugtraq,9681 || cve,2004-0311 || nessus,12066 2407 || WEB-MISC util.pl access || bugtraq,9748 2408 || WEB-MISC Invision Power Board search.pl access || bugtraq,9766 2409 || POP3 APOP USER overflow attempt || bugtraq,9794 2410 || WEB-PHP IGeneric Free Shopping Cart page.php access || bugtraq,9773 2411 || WEB-MISC Real Server DESCRIBE buffer overflow attempt || bugtraq,8476 || url,www.service.real.com/help/faq/security/rootexploit091103.html 2412 || ATTACK-RESPONSES successful cross site scripting forced download attempt 2413 || EXPLOIT ISAKMP delete hash with empty hash attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164 || cve,CAN-2004-0164 2414 || EXPLOIT ISAKMP initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164 || cve,CAN-2004-0164 2415 || EXPLOIT ISAKMP second payload initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164 || cve,CAN-2004-0164 2416 || FTP invalid MDTM command attempt || bugtraq,9751 || cve,2001-1021 || cve,2004-0330 2417 || FTP format string attempt 2418 || MISC MS Terminal Server no encryption session initiation attmept || url,www.microsoft.com/technet/security/bulletin/MS01-052.mspx 2419 || MULTIMEDIA realplayer .ram playlist download attempt 2420 || MULTIMEDIA realplayer .rmp playlist download attempt 2421 || MULTIMEDIA realplayer .smi playlist download attempt 2422 || MULTIMEDIA realplayer .rt playlist download attempt 2423 || MULTIMEDIA realplayer .rp playlist download attempt 2424 || NNTP sendsys overflow attempt || bugtraq,9382 || cve,2004-00045 2425 || NNTP senduuname overflow attempt || bugtraq,9382 || cve,2004-00045 2426 || NNTP version overflow attempt || bugtraq,9382 || cve,2004-00045 2427 || NNTP checkgroups overflow attempt || bugtraq,9382 || cve,2004-00045 2428 || NNTP ihave overflow attempt || bugtraq,9382 || cve,2004-00045 2429 || NNTP sendme overflow attempt || bugtraq,9382 || cve,2004-00045 2430 || NNTP newgroup overflow attempt || bugtraq,9382 || cve,2004-00045 2431 || NNTP rmgroup overflow attempt || bugtraq,9382 || cve,2004-00045 2432 || NNTP article post without path attempt 2433 || WEB-CGI MDaemon form2raw.cgi overflow attempt || bugtraq,9317 2434 || WEB-CGI MDaemon form2raw.cgi access || bugtraq,9317 2435 || WEB-CLIENT Microsoft emf metafile access || bugtraq,9707 2436 || WEB-CLIENT Microsoft wmf metafile access || bugtraq,9707 2437 || WEB-CLIENT RealPlayer arbitrary javascript command attempt || bugtraq,8453 || bugtraq,9378 || cve,2003-0726 2438 || WEB-CLIENT RealPlayer playlist file URL overflow attempt || bugtraq,9579 2439 || WEB-CLIENT RealPlayer playlist http URL overflow attempt || bugtraq,9579 2440 || WEB-CLIENT RealPlayer playlist rtsp URL overflow attempt || bugtraq,9579 2441 || WEB-MISC NetObserve authentication bypass attempt || bugtraq,9319 2442 || WEB-MISC Quicktime User-Agent buffer overflow attempt || bugtraq,9735 || cve,2004-0169 2443 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER first name overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html 2444 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER first name overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html 2445 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER last name overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html 2446 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER email overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html 2447 || WEB-MISC ServletManager access || bugtraq,3697 || cve,2001-1195 || nessus,12122 2448 || WEB-MISC setinfo.hts access || bugtraq,9973 || nessus,12120 2449 || FTP ALLO overflow attempt || bugtraq,9953 2450 || CHAT Yahoo IM successful logon 2451 || CHAT Yahoo IM voicechat 2452 || CHAT Yahoo IM ping 2453 || CHAT Yahoo IM conference invitation 2454 || CHAT Yahoo IM conference logon success 2455 || CHAT Yahoo IM conference message 2456 || CHAT Yahoo IM file transfer request 2457 || CHAT Yahoo IM message 2458 || CHAT Yahoo IM successful chat join 2459 || CHAT Yahoo IM conference offer invitation 2460 || CHAT Yahoo IM conference request 2461 || CHAT Yahoo IM conference watch 2462 || EXPLOIT IGMP IGAP account overflow attempt || bugtraq,9952 || cve, CAN-2004-0367 || cve,2004-0176 || cve,2004-0367 2463 || EXPLOIT IGMP IGAP message overflow attempt || bugtraq,9952 || cve, CAN-2004-0367 || cve,2004-0176 || cve,2004-0367 2464 || EXPLOIT EIGRP prefix length overflow attempt || bugtraq,9952 || cve, CAN-2004-0367 || cve,2004-0176 || cve,2004-0367 2465 || NETBIOS SMB-DS IPC$ share access 2466 || NETBIOS SMB-DS IPC$ share unicode access 2467 || NETBIOS SMB D$ share unicode access 2468 || NETBIOS SMB-DS D$ share access 2469 || NETBIOS SMB-DS D$ share unicode access 2470 || NETBIOS SMB C$ share unicode access 2471 || NETBIOS SMB-DS C$ share access 2472 || NETBIOS SMB-DS C$ share unicode access 2473 || NETBIOS SMB ADMIN$ share unicode access 2474 || NETBIOS SMB-DS ADMIN$ share access 2475 || NETBIOS SMB-DS ADMIN$ share unicode access 2476 || NETBIOS SMB-DS Create AndX Request winreg attempt 2477 || NETBIOS SMB-DS Create AndX Request winreg unicode attempt 2478 || NETBIOS SMB-DS DCERPC bind winreg attempt 2479 || NETBIOS SMB-DS DCERPC bind winreg unicode attempt 2480 || NETBIOS SMB-DS DCERPC shutdown unicode attempt 2481 || NETBIOS SMB-DS DCERPC shutdown unicode little endian attempt 2482 || NETBIOS SMB-DS DCERPC shutdown attempt 2483 || NETBIOS SMB-DS DCERPC shutdown little endian attempt 2484 || WEB-MISC source.jsp access || nessus,12119 2485 || WEB-CLIENT Nortan antivirus sysmspam.dll load attempt || bugtraq,9916 || cve,2004-0363 2486 || DOS ISAKMP invalid identification payload attempt || bugtraq,10004 || cve,2004-0184 2487 || SMTP WinZip MIME content-type buffer overflow || bugtraq,9758 || cve,2004-0333 || nessus,12621 2488 || SMTP WinZip MIME content-disposition buffer overflow || bugtraq,9758 || cve,2004-0333 || nessus,12621 2489 || EXPLOIT esignal STREAMQUOTE buffer overflow attempt || bugtraq,9978 2490 || EXPLOIT esignal SNAPQUOTE buffer overflow attempt || bugtraq,9978 2491 || NETBIOS SMB-DS DCERPC ISystemActivator unicode bind attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2492 || NETBIOS SMB DCERPC ISystemActivator bind attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2493 || NETBIOS SMB DCERPC ISystemActivator unicode bind attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2494 || NETBIOS DCEPRC ORPCThis request flood attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2495 || NETBIOS SMB DCEPRC ORPCThis request flood attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2496 || NETBIOS SMB-DS DCEPRC ORPCThis request flood attempt || bugtraq,8811 || cve,2003-0813 || nessus,12206 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2497 || IMAP SSLv3 invalid data version attempt || bugtraq,10115 || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2498 || IMAP SSLv3 invalid timestamp attempt || bugtraq,10115 || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2499 || MISC LDAP SSLv3 invalid timestamp attempt || bugtraq,10115 || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2500 || MISC LDAP SSLv3 invalid data version attempt || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2501 || POP3 SSLv3 invalid timestamp attempt || bugtraq,10115 || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2502 || POP3 SSLv3 invalid data version attempt || bugtraq,10115 || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2503 || SMTP SSLv3 invalid timestamp attempt || bugtraq,10115 || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2504 || SMTP SSLv3 invalid data version attempt || bugtraq,10115 || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2505 || WEB-MISC SSLv3 invalid data version attempt || bugtraq,10115 || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2506 || WEB-MISC SSLv3 invalid timestamp attempt || bugtraq,10115 || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2507 || NETBIOS DCERPC LSASS bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2508 || NETBIOS DCERPC LSASS DsRolerUpgradeDownlevelServer Exploit attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2509 || NETBIOS SMB DCERPC LSASS unicode bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2510 || NETBIOS SMB DCERPC LSASS bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2511 || NETBIOS SMB DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2512 || NETBIOS SMB-DS DCERPC LSASS bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2513 || NETBIOS SMB-DS DCERPC LSASS unicode bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2514 || NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2515 || WEB-MISC PCT Client_Hello overflow attempt || bugtraq,10116 || cve,2003-0719 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2516 || MISC LDAP PCT Client_Hello overflow attempt || bugtraq,10116 || cve,2003-0719 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2517 || IMAP PCT Client_Hello overflow attempt || bugtraq,10116 || cve,2003-0719 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2518 || POP3 PCT Client_Hello overflow attempt || bugtraq,10116 || cve,2003-0719 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2519 || SMTP Client_Hello overflow attempt || bugtraq,10116 || cve,2003-0719 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2520 || WEB-MISC SSLv3 Client_Hello request || cve,2004-0120 || nessus,12204 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2521 || WEB-MISC SSLv3 Server_Hello request || cve,2004-0120 || nessus,12204 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2522 || WEB-MISC SSLv3 invalid Client_Hello attempt || cve,2004-0120 || nessus,12204 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2523 || DOS BGP spoofed connection reset attempt || bugtraq,10183 || cve,2004-0230 || url,www.uniras.gov.uk/vuls/2004/236929/index.htm 2524 || NETBIOS DCERPC LSASS direct bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2525 || NETBIOS SMB DCERPC LSASS direct bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2526 || NETBIOS SMB-DS DCERPC LSASS direct bind attempt || bugtraq,10108 || cve,2003-0533 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2527 || SMTP STARTTLS attempt 2528 || SMTP TLS PCT Client_Hello overflow attempt || bugtraq,10116 || cve,2003-0719 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2529 || IMAP SSLv3 Client_Hello request || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2530 || IMAP SSLv3 Server_Hello request || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2531 || IMAP SSLv3 invalid Client_Hello attempt || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2532 || MISC LDAP SSLv3 Client_Hello request || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2533 || MISC LDAP SSLv3 Server_Hello request || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2534 || MISC LDAP SSLv3 invalid Client_Hello attempt || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2535 || POP3 SSLv3 Client_Hello request || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2536 || POP3 SSLv3 Server_Hello request || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2537 || POP3 SSLv3 invalid Client_Hello attempt || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2538 || SMTP SSLv3 Client_Hello request || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2539 || SMTP SSLv3 Server_Hello request || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2540 || SMTP SSLv3 invalid Client_Hello attempt || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2541 || SMTP TLS SSLv3 invalid data version attempt || bugtraq,10115 || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2542 || SMTP TLS SSLv3 Client_Hello request || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2543 || SMTP TLS SSLv3 Server_Hello request || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2544 || SMTP TLS SSLv3 invalid Client_Hello attempt || cve,2004-0120 || nessus,12204 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx 2545 || EXPLOIT AFP FPLoginExt username buffer overflow attempt || bugtraq,10271 || cve,2004-0430 || url,www.atstake.com/research/advisories/2004/a050304-1.txt 2546 || FTP MDTM overflow attempt || bugtraq,9751 || cve,2001-1021 || cve,2004-0330 || nessus,12080 2547 || MISC HP Web JetAdmin remote file upload attempt || bugtraq,9978 2548 || MISC HP Web JetAdmin setinfo access || bugtraq,9972 2549 || MISC HP Web JetAdmin file write attempt || bugtraq,9973 2550 || EXPLOIT winamp XM module name overflow || url,www.nextgenss.com/advisories/winampheap.txt 2551 || EXPLOIT Oracle Web Cache GET overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 2552 || EXPLOIT Oracle Web Cache HEAD overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 2553 || EXPLOIT Oracle Web Cache PUT overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 2554 || EXPLOIT Oracle Web Cache POST overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 2555 || EXPLOIT Oracle Web Cache TRACE overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 2556 || EXPLOIT Oracle Web Cache DELETE overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 2557 || EXPLOIT Oracle Web Cache LOCK overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 2558 || EXPLOIT Oracle Web Cache MKCOL overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 2559 || EXPLOIT Oracle Web Cache COPY overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 2560 || EXPLOIT Oracle Web Cache MOVE overflow attempt || bugtraq,9868 || cve,2004-0385 || nessus,12126 2561 || MISC rsync backup-dir directory traversal attempt || bugtraq,10247 || cve,2004-0426 || nessus,12230 2562 || WEB-MISC McAfee ePO file upload attempt || bugtraq,10200 || cve,2004-0038 2563 || NETBIOS NS lookup response name overflow attempt || bugtraq,10333 || bugtraq,10334 || cve,2004-0444 || cve,2004-0445 || url,www.eeye.com/html/Research/Advisories/AD20040512A.html 2564 || NETBIOS NS lookup short response attempt || bugtraq,10334 || bugtraq,10335 || cve,2004-0444 || cve,2004-0445 || url,www.eeye.com/html/Research/Advisories/AD20040512C.html 2565 || WEB-PHP modules.php access || bugtraq,9879 2566 || WEB-PHP PHPBB viewforum.php access || bugtraq,9865 || bugtraq,9866 || nessus,12093 2567 || WEB-CGI Emumail init.emu access || bugtraq,9861 || nessus,12095 2568 || WEB-CGI Emumail emumail.fcgi access || bugtraq,9861 || nessus,12095 2569 || WEB-MISC cPanel resetpass access || bugtraq,9848 2570 || WEB-MISC Invalid HTTP Version String || bugtraq,9809 || nessus,11593 2571 || WEB-IIS SmarterTools SmarterMail frmGetAttachment.aspx access || bugtraq,9805 2572 || WEB-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt || bugtraq,9805 2573 || WEB-IIS SmarterTools SmarterMail frmCompose.asp access || bugtraq,9805 2574 || FTP RETR format string attempt || bugtraq,9800 2575 || WEB-PHP Opt-X header.php remote file include attempt || bugtraq,9732 2576 || ORACLE generate_replication_support prefix buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck93.html 2577 || WEB-CLIENT local resource redirection attempt || cve,2004-0549 || url,www.kb.cert.org/vuls/id/713878 2578 || EXPLOIT kerberos principal name overflow UDP || url,web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt 2579 || EXPLOIT kerberos principal name overflow TCP || url,web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt 2580 || WEB-MISC server negative Content-Length attempt || cve,CAN-2004-0492 || url,www.guninski.com/modproxy1.html 2581 || WEB-MISC Crystal Reports crystalimagehandler.aspx access || cve,CAN-2004-0204 || url,www.microsoft.com/security/bulletins/200406_crystal.mspx 2582 || WEB-MISC Crystal Reports crystalImageHandler.aspx directory traversal attempt || bugtraq,10260 || cve,CAN-2004-0204 || nessus,12271 || url,www.microsoft.com/security/bulletins/200406_crystal.mspx 2583 || MISC CVS Max-dotdot integer overflow attempt || bugtraq,10499 || cve,CAN-2004-0417 2584 || EXPLOIT eMule buffer overflow attempt || bugtraq,10039 || nessus,12233 2585 || WEB-MISC nessus 2.x 404 probe || nessus,10386 2586 || P2P eDonkey transfer || url,www.kom.e-technik.tu-darmstadt.de/publications/abstracts/HB02-1.html 2587 || P2P eDonkey server response || url,www.emule-project.net 2588 || WEB-PHP TUTOS path disclosure attempt || bugtraq,10129 || url,www.securiteam.com/unixfocus/5FP0J15CKE.html 2589 || WEB-CLIENT Content-Disposition CLSID command attempt || bugtraq,9510 || cve,2004-0420 || url,www.microsoft.com/technet/security/bulletin/ms04-024.mspx 2590 || SMTP MAIL FROM overflow attempt || bugtraq,10290 || cve,CAN-2004-0399 || url,www.guninski.com/exim1.html 2591 || SMTP From command overflow attempt || bugtraq,10291 || cve,CAN-2004-0400 || url,www.guninski.com/exim1.html 2592 || SMTP ReplyTo command overflow attempt || bugtraq,10291 || cve,CAN-2004-0400 || url,www.guninski.com/exim1.html 2593 || SMTP Sender command overflow attempt || bugtraq,10291 || cve,CAN-2004-0400 || url,www.guninski.com/exim1.html 2594 || SMTP To command overflow attempt || bugtraq,10291 || cve,CAN-2004-0400 || url,www.guninski.com/exim1.html 2595 || SMTP CC command overflow attempt || bugtraq,10291 || cve,CAN-2004-0400 || url,www.guninski.com/exim1.html 2596 || SMTP BCC command overflow attempt || bugtraq,10291 || cve,CAN-2004-0400 || url,www.guninski.com/exim1.html 2597 || WEB-MISC Samba SWAT Authorization overflow attempt || bugtraq,10780 2598 || WEB-MISC Samba SWAT Authorization port 901 overflow attempt || bugtraq,10780 2599 || ORACLE add_grouped_column named sname/oname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html 2600 || ORACLE add_grouped_column ordered sname/oname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html 2601 || ORACLE drop_master_repgroup named gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck87.html 2602 || ORACLE drop_master_repgroup ordered gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck87.html 2603 || ORACLE create_mview_repgroup named fname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html 2604 || ORACLE create_mview_repgroup ordered fname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html 2605 || ORACLE compare_old_values ordered sname/oname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck91.html 2606 || ORACLE comment_on_repobject named type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html 2607 || ORACLE comment_on_repobject ordered type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html 2608 || ORACLE check_ddl_text ordered buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 2609 || ORACLE cancel_statistics named sname/oname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html 2610 || ORACLE cancel_statistics ordered sname/oname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html 2611 || ORACLE LINK metadata buffer overflow attempt || bugtraq,7453 || cve,CAN-2003-0222 || url,archives.neohapsis.com/archives/bugtraq/2003-04/0360.html 2612 || ORACLE revoke_surrogate_repcat named userid buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 2613 || ORACLE revoke_surrogate_repcat ordered userid buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 2614 || ORACLE time_zone buffer overflow attempt || bugtraq,9587 || url,www.nextgenss.com/advisories/ora_time_zone.txt 2615 || ORACLE grant_surrogate_repcat named userid buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 2616 || ORACLE grant_surrogate_repcat ordered userid buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 2617 || ORACLE alter_mview_propagation named gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html 2618 || ORACLE alter_mview_propagation ordered gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html 2619 || ORACLE alter_master_repobject named type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html 2620 || ORACLE alter_master_repobject ordered type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html 2621 || ORACLE utl.register_flavor_change ordered buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 2622 || ORACLE utl.drop_an_object ordered buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 2623 || ORACLE utl.create_snapshot_repgroup ordered buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 2624 || ORACLE unregister_user_repgroup named privilege_type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html 2625 || ORACLE unregister_user_repgroup ordered privilege_type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html 2626 || ORACLE send_old_values ordered sname/oname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck91.html 2627 || ORACLE repcat_import_check named gowner/gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html 2628 || ORACLE repcat_import_check ordered gowner/gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html 2629 || ORACLE register_user_repgroup named privilege_type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html 2630 || ORACLE register_user_repgroup ordered privilege_type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck94.html 2631 || ORACLE refresh_mview_repgroup named gowner buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html 2632 || ORACLE refresh_mview_repgroup ordered gowner buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html 2633 || ORACLE rectifier_diff named sname1 attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 2634 || ORACLE rectifier_diff ordered sname1 buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html 2635 || ORACLE snapshot.end_load named gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html 2636 || ORACLE snapshot.end_load ordered gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html 2637 || ORACLE drop_master_repobject named type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html 2638 || ORACLE drop_master_repobject ordered type buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck634.html 2639 || ORACLE drop_mview_repgroup named gowner buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html 2640 || ORACLE drop_mview_repgroup ordered gowner/gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck90.html 2641 || ORACLE drop_site_instantiate named refresh_template_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck629.html 2642 || ORACLE drop_site_instantiate ordered refresh_template_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck629.html 2643 || ORACLE ensure_not_published ordered fname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck96.html 2644 || ORACLE from_tz buffer overflow attempt || url,www.nextgenss.com/advisories/ora_from_tz.txt 2645 || ORACLE instantiate_offline named refresh_template_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck630.html 2646 || ORACLE instantiate_offline ordered refresh_template_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck630.html 2647 || ORACLE instantiate_online named refresh_template_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck631.html 2648 || ORACLE instantiate_online ordered refresh_template_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck631.html 2649 || ORACLE service_name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck52.html 2650 || ORACLE user name buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck62.html 2651 || ORACLE NUMTODSINTERVAL/NUMTOYMINTERVAL buffer overflow attempt || bugtraq,9587 || url,www.nextgenss.com/advisories/ora_numtodsinterval.txt || url,www.nextgenss.com/advisories/ora_numtoyminterval.txt 2652 || ORACLE og.begin_load named gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html 2653 || ORACLE og.begin_load ordered gname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck632.html 2654 || WEB-PHP PHPNuke Forum viewtopic SQL insertion attempt || bugtraq,7193 2655 || MISC HP Web JetAdmin ExecuteFile admin access || bugtraq,10224 2656 || EXPLOIT SSLv2 Client_Hello Challenge Length overflow attempt 2657 || EXPLOIT SSLv2 Client_Hello with pad Challenge Length overflow attempt 2658 || WEB-MISC SSLv2 Client_Hello request 2659 || WEB-MISC SSLv2 Client_Hello with pad request 2660 || WEB-MISC SSLv2 Server_Hello request 2661 || WEB-MISC TLS1 Client_Hello request 2662 || WEB-MISC TLS1 Server_Hello request 2663 || WEB-CGI WhatsUpGold instancename overflow attempt || bugtraq,11043 || cve,2004-0798 2664 || IMAP login format string attempt || bugtraq,10976 2665 || IMAP login literal format string attempt || bugtraq,10976 2666 || POP3 PASS format string attempt || bugtraq,10976 2667 || WEB-CGI ping.asp access || nessus,10968 2668 || WEB-CGI processit access || nessus,10649 2669 || WEB-CGI ibillpm.pl access || bugtraq,3476 || nessus,11083 2670 || WEB-CGI pgpmail.pl access || nessus,11070 || cve,2001-0937 2671 || WEB-CLIENT bitmap BitmapOffset integer overflow attempt || cve,2004-0566 || bugtraq,9663 2672 || WEB-MISC sresult.exe access || nessus,14186 || bugtraq,10837 2673 || WEB-CLIENT libpng tRNS overflow attempt || bugtraq,10872 || cve,2004-0597