All Vulnerabilities
- * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services
1008119* - Microsoft Windows Local Security Authority Subsystem Service (LSASS) Denial Of Service Vulnerability (CVE-2017-0004)
1008123* - Microsoft Windows Local Security Authority Subsystem Service Denial Of Service Vulnerability (CVE-2016-7237)
1008224* - Microsoft Windows SMB Remote Code Execution Vulnerabilities (CVE-2017-0144 and CVE-2017-0146)
1007699* - Oracle Job Scheduler Named Pipe Command Execution Vulnerability
1005140* - Print Spooler Service Format String Vulnerability (CVE-2012-1851)
DCERPC Services - Client
1004821* - Active Accessibility Insecure Library Loading Vulnerability (CVE-2011-1247)
1007494* - Adobe Acrobat DLL Loading Arbitrary Code Execution Vulnerability (CVE-2016-1008)
1007695* - Adobe Flash Player DLL Hijacking Vulnerability Over Network Share (CVE-2016-4140)
1004930* - Adobe Flash Player Remote Security Bypass Vulnerability Over Network Share (CVE-2012-0756)
1004924* - Color Control Panel Insecure Library Loading Vulnerability Over Network Share (CVE-2010-5082)
1004700* - DFS Memory Corruption Vulnerability (CVE-2011-1868)
1005261* - Foxit Reader Arbitrary DLL Injection Code Execution Vulnerability Over Network Share
1004926* - Indeo Codec Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3138)
1004878* - Internet Explorer Insecure Library Loading Vulnerability Over Network Share (CVE-2011-2019)
1004946* - Microsoft Expression Design Insecure Library Loading Vulnerability Over Network Share (CVE-2012-0016)
1007897* - Microsoft Internet Explorer Information Disclosure Vulnerability Over SMB (CVE-2016-3321)
1005080* - Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability Over Network Share (CVE-2012-1854)
1005281* - Microsoft Windows Briefcase Integer Overflow Vulnerability Over Network Share (CVE-2012-1528)
1007369* - Microsoft Windows DLL Loading Vulnerabilities Over Network Share (MS16-007)
1007531* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128)
1004897* - Object Packager Insecure Executable Launching Vulnerability Over Network Share (CVE-2012-0009)
1004741* - Oracle Java JRE Insecure Executable Loading Vulnerability Over Network Share
1004877* - PowerPoint Insecure Library Loading Vulnerability Over Network Share (CVE-2011-3396)
1005153* - Print Spooler Service Format String Vulnerability (CVE-2012-1851) II
1005139* - Remote Administration Protocol Denial Of Service Vulnerability (CVE-2012-1850)
1005142* - Remote Administration Protocol Stack Overflow Vulnerability
1004775* - Telnet Handler Remote Code Execution Vulnerability Over Network Share (CVE-2011-1961)
1004797* - Windows Components Insecure Library Loading Vulnerability Over Network Share (CVE-2011-1991)
DNS Client
1008203* - DNSMessenger Malware C&C Traffic Over DNS Protocol
1009135* - Microsoft Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225)
Directory Server LDAP
1008842 - OpenLDAP 'deref_parseCtrl' Denial Of Service Vulnerability (CVE-2015-1545)
RTMP Client
1006288* - Adobe Flash Player Memory Corruption Vulnerability (CVE-2014-0551)
1005000* - Adobe Flash Player Object Confusion Vulnerability (CVE-2012-0779)
1005456* - Adobe Flash Player Remote Arbitrary Code Execution Vulnerability (CVE-2013-2555)
Remote Desktop Protocol Client
1009031* - Microsoft Windows CredSSP Remote Code Execution Vulnerability (CVE-2018-0886)
Remote Desktop Protocol Server
1006870* - Microsoft Windows Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability (CVE-2015-2373)
1004949* - Remote Desktop Protocol Vulnerability (CVE-2012-0002)
1005138* - Remote Desktop Protocol Vulnerability (CVE-2012-2526)
Suspicious Client Application Activity
1005067* - Identified Potentially Harmful Client Traffic
1005283* - Identified Potentially Malicious RAT Traffic - I
1005299* - Identified Potentially Malicious RAT Traffic - III
1005300* - Identified Potentially Malicious RAT Traffic - IV
1005473* - Identified Potentially Malicious RAT Traffic - V
1008756* - Identified Potentially Malicious RAT Traffic - VII
1005401* - Identified Suspicious HTTP Traffic
1005294* - TMTR-0004: GHOST RAT HTTP Request
Suspicious Server Application Activity
1005090* - Identified Potentially Harmful Server Traffic
Web Application Common
1009312 - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509) - 1
1009040* - Identified Directory Traversal Sequence In URI
Web Client Common
1009311 - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509)
Web Server Apache Tika
1009129 - Apache Tika Chmparser Denial Of Service Vulnerability (CVE-2018-1339)
Windows Services RPC Client DCERPC
1007539* - Microsoft Windows RPC Downgrade Vulnerability (CVE-2016-0128) - 1
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1008670* - Microsoft Windows Security Events - 3 - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1004373* - Identified DLL Side Loading Attempt Over Network Share
1009331 - Microsoft Filter Manager Elevation Of Privilege Vulnerability (CVE-2018-8333)
1009330 - Microsoft MFC Insecure Library Loading Vulnerability Over Network Share (CVE-2010-3190)
FTP Client Windows
1009113 - Multiple FTPShell Client Buffer Overflow Vulnerabilities
Web Application Common
1009312* - Ghostscript Remote Code Execution Vulnerability (CVE-2018-16509) - 1
Web Client Common
1009317 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 10
1009324 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 11
1009320 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 2
1009321 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 3
1009323 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 4
1009325 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 6
1009313 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 7
1009326 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 8
1009327 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-30) - 9
1009307* - Microsoft JET Database Engine Remote Code Execution Vulnerability (CVE-2018-8423)
1009341 - Microsoft MFC Insecure Library Loading Vulnerability Over WebDAV (CVE-2010-3190)
1009337 - Microsoft Windows Device Guard Code Integrity Policy Security Feature Bypass Vulnerability (CVE-2018-8492)
1009340 - Microsoft Windows Multiple Security Vulnerabilities (Oct-2018)
1009338 - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8495)
1009333 - Microsoft Windows Theme API Remote Code Execution Vulnerability (CVE-2018-8413)
Web Client Internet Explorer/Edge
1009339 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8505)
1009335 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8460)
1009336 - Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2018-8491)
Web Server Apache Tika
1009129* - Apache Tika Chmparser Denial Of Service Vulnerability (CVE-2018-1339)
Web Server Oracle
1008898* - Oracle E-Business Suite Open Redirect Vulnerability (CVE-2017-3528)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Asterisk RTP Protocol
1008964 - Digium Asterisk Compound RTCP Out-Of-Bounds Write Vulnerability (CVE-2017-17664)
DCERPC Services - Client
1009331* - Microsoft Filter Manager Elevation Of Privilege Vulnerability (CVE-2018-8333)
Directory Server LDAP
1008842* - OpenLDAP 'deref_parseCtrl' Denial Of Service Vulnerability (CVE-2015-1545)
Mail Server Common
1009117* - Dovecot 'rfc822_parse_domain' Out Of Bounds Read Vulnerability (CVE-2017-14461)
Microsoft Office
1009073* - Microsoft Office Remote Code Execution Vulnerability (CVE-2018-8157)
Remote Desktop Protocol Server
1009343 - Identified Too Many SSL Alert Messages In SSLv3 Over RDP
Web Application Common
1009310 - Microsoft Exchange Server SSRF Vulnerability (CVE-2018-16793)
Web Client Common
1008937 - Apache Subversion Client svn-ssh URL Command Execution Vulnerability (CVE-2017-9800)
1009092* - Foxit PDF Reader JavaScript 'XFA Clone' Remote Code Execution Vulnerability (CVE-2018-3850)
1009237 - Foxit Reader Multiple Security Vulnerabilities - 1
1009231 - Foxit Reader Multiple Security Vulnerabilities - 2
1009236 - Foxit Reader Multiple Security Vulnerabilities - 3
1009232 - Foxit Reader Multiple Security Vulnerabilities - 4
1009235 - Foxit Reader Multiple Security Vulnerabilities - 5
1009147 - Microsoft Windows .NET Framework Device Guard Security Feature Bypass Vulnerability (CVE-2018-1039)
1009171* - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8414)
1009238* - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8414) - 1
1009338* - Microsoft Windows Shell Remote Code Execution Vulnerability (CVE-2018-8495)
Integrity Monitoring Rules:
1003105* - Database Server - PostgreSQL
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Database Oracle
1009306 - Oracle PL/SQL Procedures Arbitrary SQL Command Execution Vulnerability (CVE-2004-1370)
Web Application Common
1009264 - GitLab Arbitrary File Write Vulnerability (CVE-2018-14364)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Database Oracle
1009342 - Oracle Database DIRECTORY Object Information Disclosure Vulnerability (CVE-2005-0298)
Suspicious Client Application Activity
1008756* - Identified Potentially Malicious RAT Traffic - VII
Unix Samba
1008847 - Samba Information Disclosure Vulnerability (CVE-2017-15275)
Web Application Common
1009350 - Telerik UI for ASP.NET AJAX Multiple Arbitrary File Upload Vulnerabilities (CVE-2017-11357 and CVE-2017-11317)
1009356 - Telerik UI for ASP.NET AJAX RadAsyncUpload Control Path Traversal Vulnerability (CVE-2014-2217)
Web Client Common
1009349 - Microsoft Windows Data Sharing Service Arbitrary File Delete Vulnerability
1009333* - Microsoft Windows Theme API Remote Code Execution Vulnerability (CVE-2018-8413)
Web Server Apache
1006027* - Apache HTTP Server Denial Of Service Vulnerability (CVE-2014-0098)
Web Server HTTPS
1008857 - Trend Micro Control Manager Multiple SQL Injection Remote Code Execution Vulnerability (CVE-2018-3604)
Web Server Miscellaneous
1005527* - Apache Struts OGNL Expression Injection Vulnerability
Web Server Oracle
1009353 - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3245)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Database Oracle
1009342* - Oracle Database DIRECTORY Object Information Disclosure Vulnerability (CVE-2005-0298)
1009306* - Oracle PL/SQL Procedures Arbitrary SQL Command Execution Vulnerability (CVE-2004-1370)
Trend Micro OfficeScan
1009034 - Trend Micro Smart Protection Server Auth Command Injection Authentication Bypass Vulnerability (CVE-2018-6231)
Web Application Common
1009264* - GitLab Arbitrary File Write Vulnerability (CVE-2018-14364)
1009350* - Telerik UI for ASP.NET AJAX Multiple Arbitrary File Upload Vulnerabilities (CVE-2017-11357 and CVE-2017-11317)
1009356* - Telerik UI for ASP.NET AJAX RadAsyncUpload Control Path Traversal Vulnerability (CVE-2014-2217)
Web Client Common
1008828* - Speculative Execution Information Disclosure Vulnerabilities (Spectre)
Web Client Internet Explorer/Edge
1009384 - Microsoft Internet Explorer 'Tree::Notify_InvalidateDisplay' Null Pointer Dereference Vulnerability
Web Server Apache
1009045* - Apache httpd 'mod_cache_socache' Denial Of Service Vulnerability (CVE-2018-1303)
Web Server HTTPS
1008857* - Trend Micro Control Manager Multiple SQL Injection Remote Code Execution Vulnerability (CVE-2018-3604)
Web Server Oracle
1009358 - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3191)
1009353* - Oracle WebLogic Server RemoteObject Insecure Deserialization Vulnerability (CVE-2018-3245)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Microsoft Office
1009368 - Microsoft Word Remote Code Execution Vulnerability (CVE-2018-8539)
Web Client Common
1009366 - Microsoft Outlook Multiple Security Vulnerabilities (Nov-2018)
1009349* - Microsoft Windows ALPC Elevation Of Privilege Vulnerability (CVE-2018-8584)
1009378 - Microsoft Windows DirectX Information Disclosure Vulnerability (CVE-2018-8563)
1009372 - Microsoft Windows Graphics Components Remote Code Execution Vulnerability (CVE-2018-8553)
1009382 - Microsoft Windows Multiple Security Vulnerabilities (Nov-2018)
1009369 - Microsoft Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8544)
Web Client Internet Explorer/Edge
1009383 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8542)
1009374 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8555)
1009375 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8556)
1009376 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8557)
1009381 - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8588)
1009371 - Microsoft Internet Explorer VBScript Engine Remote Code Execution Vulnerability (CVE-2018-8552)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Java RMI
1009390 - Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution Vulnerability (CVE-2016-1000031)
Trend Micro OfficeScan
1009034* - Trend Micro Smart Protection Server Auth Command Injection Authentication Bypass Vulnerability (CVE-2018-6231)
Web Application PHP Based
1009395 - PHP 'imap_open()' Remote Code Execution Vulnerability
Web Application Tomcat
1009388 - Apache Tomcat 'mod_jk' Information Disclosure Vulnerability (CVE-2018-11759)
Web Client Common
1009394 - Adobe Acrobat And Reader NTLM SSO Hash Information Disclosure Vulnerability (CVE-2018-15979)
1009393 - Adobe Flash Player Out Of Bounds Read Vulnerability (CVE-2018-15978)
1009398 - Adobe Flash Player Type Confusion Vulnerability (CVE-2018-15981)
1004085* - Heuristic Detection Of Malicious PDF Documents - 3
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
FTP Server Common
1000153* - FTP MKD Command
1000151* - FTP PORT Command
Java RMI
1009451 - Java Unserialize Remote Code Execution Vulnerability Over RMI
Remote Desktop Protocol Server
1009448 - Microsoft Windows Remote Desktop Protocol (RDP) Brute Force Attempt
Suspicious Client Application Activity
1009432 - Tildeb Acknowledgment Request
Suspicious Server Application Activity
1009433 - Tildeb Knock Request
Web Application PHP Based
1009445 - WordPress Authenticated Phar Insecure Deserialization Vulnerability
Web Client Common
1009454 - Microsoft Windows MsiAdvertiseProduct ReadFile Unauthorized Access Vulnerability
Web Server Common
1009450 - Kubernetes API Proxy Request Handling Privilege Escalation Vulnerability (CVE-2018-1002105)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update. - * indicates a new version of an existing rule
Deep Packet Inspection Rules:
Port Mapper FTP Client
1009558 - Remote File Copy Over FTP
Suspicious Client Ransomware Activity
1007581* - Ransomware Lectool
1007711* - Ransomware XORBAT
Suspicious Server Ransomware Activity
1007582* - Ransomware Lectool-1
Web Application Common
1009319 - ImageMagick 'ReadMATImage' Use After Free Vulnerability (CVE-2018-11624) - 1
1009421* - ImageMagick Multiple Security Vulnerabilities (Server) - 25
1009328 - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271) - 1
Web Client Common
1009207* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB18-21) - 2
1009239 - Foxit Reader 'addField' Use-After-Free Remote Code Execution Vulnerability (CVE-2018-9935)
1008829* - Foxit Reader Multiple Information Disclosure Vulnerabilities
1009318 - ImageMagick 'ReadMATImage' Use After Free Vulnerability (CVE-2018-11624)
1009329 - ImageMagick ReadMIFFImage Denial Of Service Vulnerability (CVE-2017-18271)
1009489 - Microsoft Windows Vcf And Contact File Insufficient UI Warning Remote Code Execution Vulnerability
1009554* - RARLAB WinRAR ACE Remote Code Execution Vulnerability (CVE-2018-20250)
Web Client Internet Explorer/Edge
1009469* - Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.