From jonkman at bleedingthreats.net  Wed Aug  1 19:33:39 2007
From: jonkman at bleedingthreats.net (Matt Jonkman)
Date: Wed Aug  1 19:34:53 2007
Subject: [Bleeding-sigs] LibSSH Sig (sid 2006435)
In-Reply-To: <005b01c7d3a9$918ba3d0$b4a2eb70$@uwaterloo.ca>
References: <46A9677B.6080800@bleedingthreats.net>
	<46ADEE51.2090007@jtan.com>	<46AE7E67.8060309@bleedingthreats.net>
	<005b01c7d3a9$918ba3d0$b4a2eb70$@uwaterloo.ca>
Message-ID: <46B11853.1030400@bleedingthreats.net>

As RPG mentinoed, a threshold like the other SSH sigs would be good.

I'd rather not threshold this one, but how about we do a second sig
that's the same, but has a threshold and in THAT one we can say "this is
likely a brute force attack".

Like:

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"BLEEDING-EDGE SCAN
LibSSH Based Frequent SSH Connections -- Likely BruteForce Attack!";
flow:established,to_server; content:"SSH-"; content:"libssh"; within:20;
threshold: type both, count 5, seconds 60, track by_src;
classtype:misc-activity; sid:2006546; rev:1;)

5 new ssh connections in 60 seconds from one source is a significant
event I think.

That look right to everyone?

Then you could choose to run either this or the non-thresholded one. Or
both if you like lots of events. :)

Matt

Reg Quinton wrote:
> My summary of alerts for yesterday had these as the top counts:
> 
>  914136 BLEEDING-EDGE SCAN LibSSH Based SSH Connection - Often used as a
> BruteForce Tool 
>  254268 BLEEDING-EDGE SCAN Potential VNC Scan 5900-5920 
>  244477 BLEEDING-EDGE Potential SSH Scan 
> 
> (And all of those SSH alerts were generated by only 3 attackers).
> 
> Can we put some a threshold on the LibSSH alert or use thresholds and
> flowbits set at sid 2001219 to limit the alerts? Would this help ...
> 
> alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"BLEEDING-EDGE SCAN LibSSH
> Based SSH Connection - Often used as a BruteForce Tool";
> flow:established,to_server; content:"SSH-"; content:"libssh"; within:20;
> flowbits:iset,ssh.brute.attempt;classtype:misc-activity; sid:2006435;
> rev:4;)
> 
> PS. The signature certainly works, it works very well.
> 
> _______________________________________________
> Bleeding-sigs mailing list
> Bleeding-sigs@bleedingthreats.net
> http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs

-- 
--------------------------------------------
Matthew Jonkman
Bleeding Edge Threats
US Phone 765-429-0398
US Fax 312-264-0205
AUS Phone 61-42-4157-491
AUS Fax 61-29-4750-026
http://www.bleedingthreats.net
--------------------------------------------

PGP: http://www.bleedingthreats.com/mattjonkman.asc


From bleeding at bleedingthreats.net  Wed Aug  1 20:00:15 2007
From: bleeding at bleedingthreats.net (bleeding@bleedingthreats.net)
Date: Wed Aug  1 20:00:18 2007
Subject: [Bleeding-sigs] Bleeding Edge Threats Daily Signature Changes
Message-ID: <20070802000015.42A4D22C0AE@sb03.us.bleedingsnort.com>


[***] Results from Oinkmaster started Thu Aug  2 00:00:14 2007 [***]

[+++]          Added rules:          [+++]

 2006504 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct SELECT (bleeding-web.rules)
 2006505 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UNION SELECT (bleeding-web.rules)
 2006506 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct INSERT (bleeding-web.rules)
 2006507 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct DELETE (bleeding-web.rules)
 2006508 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ASCII (bleeding-web.rules)
 2006509 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UPDATE (bleeding-web.rules)
 2006510 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID SELECT (bleeding-web.rules)
 2006511 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UNION SELECT (bleeding-web.rules)
 2006512 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID INSERT (bleeding-web.rules)
 2006513 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID DELETE (bleeding-web.rules)
 2006514 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ASCII (bleeding-web.rules)
 2006515 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UPDATE (bleeding-web.rules)
 2006516 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID SELECT (bleeding-web.rules)
 2006517 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UNION SELECT (bleeding-web.rules)
 2006518 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID INSERT (bleeding-web.rules)
 2006519 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID DELETE (bleeding-web.rules)
 2006520 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ASCII (bleeding-web.rules)
 2006521 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UPDATE (bleeding-web.rules)
 2006522 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID SELECT (bleeding-web.rules)
 2006523 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID UNION SELECT (bleeding-web.rules)
 2006524 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID INSERT (bleeding-web.rules)
 2006525 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID DELETE (bleeding-web.rules)
 2006526 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID ASCII (bleeding-web.rules)
 2006527 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID UPDATE (bleeding-web.rules)
 2006528 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID SELECT (bleeding-web.rules)
 2006529 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID UNION SELECT (bleeding-web.rules)
 2006530 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID INSERT (bleeding-web.rules)
 2006531 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID DELETE (bleeding-web.rules)
 2006532 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID ASCII (bleeding-web.rules)
 2006533 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID UPDATE (bleeding-web.rules)
 2006534 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID SELECT (bleeding-web.rules)
 2006535 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UNION SELECT (bleeding-web.rules)
 2006536 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID INSERT (bleeding-web.rules)
 2006537 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID DELETE (bleeding-web.rules)
 2006538 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ASCII (bleeding-web.rules)
 2006539 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UPDATE (bleeding-web.rules)
 2006540 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID SELECT (bleeding-web.rules)
 2006541 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UNION SELECT (bleeding-web.rules)
 2006542 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID INSERT (bleeding-web.rules)
 2006543 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID DELETE (bleeding-web.rules)
 2006544 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ASCII (bleeding-web.rules)
 2006545 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UPDATE (bleeding-web.rules)
 2006546 - BLEEDING-EDGE SCAN LibSSH Based Frequent SSH Connections -- Likely BruteForce Attack! (bleeding-scan.rules)


[///]     Modified active rules:     [///]

 2006434 - BLEEDING-EDGE POLICY Possible Ecard Trojan download (bleeding-policy.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2404007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  (bleeding-botcc.rules)
 2404008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  (bleeding-botcc.rules)
 2404009 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405009 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 263

     -> Added to bleeding-drop.rules (1):
        #  VERSION 263

     -> Added to bleeding-scan.rules (1):
        #This is the same as above but has a threshold to help keep events down, and more readily identify brute force attacks

     -> Added to bleeding-sid-msg.map (43):
        2006504 || BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct SELECT || url,www.securityfocus.com/bid/24562 || cve,CVE-2007-3323
        2006505 || BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UNION SELECT || url,www.securityfocus.com/bid/24562 || cve,CVE-2007-3323
        2006506 || BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct INSERT || url,www.securityfocus.com/bid/24562 || cve,CVE-2007-3323
        2006507 || BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct DELETE || url,www.securityfocus.com/bid/24562 || cve,CVE-2007-3323
        2006508 || BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ASCII || url,www.securityfocus.com/bid/24562 || cve,CVE-2007-3323
        2006509 || BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UPDATE || url,www.securityfocus.com/bid/24562 || cve,CVE-2007-3323
        2006510 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006511 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UNION SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006512 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID INSERT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006513 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID DELETE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006514 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ASCII || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006515 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UPDATE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006516 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006517 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UNION SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006518 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID INSERT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006519 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID DELETE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006520 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ASCII || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006521 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UPDATE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006522 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006523 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID UNION SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006524 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID INSERT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006525 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID DELETE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006526 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID ASCII || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006527 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID UPDATE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006528 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006529 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID UNION SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006530 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID INSERT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006531 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID DELETE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006532 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID ASCII || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006533 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID UPDATE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006534 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006535 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UNION SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006536 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID INSERT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006537 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID DELETE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006538 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ASCII || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006539 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UPDATE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006540 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006541 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UNION SELECT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006542 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID INSERT || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006543 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID DELETE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006544 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ASCII || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006545 || BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UPDATE || url,pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html || cve,CVE-2007-3345
        2006546 || BLEEDING-EDGE SCAN LibSSH Based Frequent SSH Connections -- Likely BruteForce Attack!

     -> Added to bleeding-web.rules (1):
        #by Tinytwitty

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 262

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 262

From reggers at ist.uwaterloo.ca  Thu Aug  2 10:31:12 2007
From: reggers at ist.uwaterloo.ca (Reg Quinton)
Date: Thu Aug  2 10:33:20 2007
Subject: [Bleeding-sigs] LibSSH Sig (sid 2006435)
In-Reply-To: <46B11853.1030400@bleedingthreats.net>
References: <46A9677B.6080800@bleedingthreats.net>	<46ADEE51.2090007@jtan.com>	<46AE7E67.8060309@bleedingthreats.net>	<005b01c7d3a9$918ba3d0$b4a2eb70$@uwaterloo.ca>
	<46B11853.1030400@bleedingthreats.net>
Message-ID: <00ec01c7d511$c72b9130$5582b390$@uwaterloo.ca>

> Then you could choose to run either this or the non-thresholded one. Or
> both if you like lots of events. :)

Sure, we can have two, one with a threshold (I'd use the flowbits already
set for that) that says:

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg:"BLEEDING-EDGE SCAN
LibSSH Based Frequent SSH Connections -- Definitely BruteForce Attack!";

The other sig w/o any thresholds that says "Likely BruteForce Attack".

I'd prefer the we had the likely one disabled and the definitely one
enabled.


From juergen.leising at gmx.de  Thu Aug  2 11:38:25 2007
From: juergen.leising at gmx.de (Juergen Leising)
Date: Thu Aug  2 12:12:45 2007
Subject: [Bleeding-sigs] missing ')' in sid 2002474, 2002558, 2002639
Message-ID: <20070802153825.GA3678@jl2.example.com>


Hello,

there's a second issue with the following rules, that I haven't 
realized before:

bleeding-policy.rules: sid:2002474; rev:2; (currently disabled)

        pcre:"/\Wdsm\W[\s\w,/-]*(?=([2-9][0-9]{2}(\.[0-9]{1,2}?)|(v[167][0-9]\.[0-9]{1,2}))/ism"



bleeding-policy.rules: sid:2002558; rev:3; (currently disabled)

        pcre:"/\Wdsm\W[\s\w,/-]*(?=([2-9][0-9]{2}(\.[0-9]{1,2}?)|(v[167][0-9]\.[0-9]{1,2}))/ism";



bleeding-policy.rules: sid:2002639; rev:3; (currently disabled)

        pcre:"/\Wdsm\W[\s\w,/-]*(?=([2-9][0-9]{2}(\.[0-9]{1,2}?)|(v[167][0-9]\.[0-9]{1,2}))/ism";



In all of these three rules there is one closing parenthesis
missing.

Instead of

        {1,2}))/ism

the tail should probably read as

        {1,2})))/ism

Bye, bye,

Juergen

From jdell at activeworx.com  Thu Aug  2 17:02:39 2007
From: jdell at activeworx.com (Jeff Dell)
Date: Thu Aug  2 17:56:18 2007
Subject: [Bleeding-sigs] bad rule
Message-ID: <008301c7d548$76416fb0$62c44f10$@com>

I didn't know you could use [] as a source ip:

alert ip [] any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block
Listed Source - BLOCKING"; reference:url,feeds.dshield.org/block.txt;
threshold: type limit, track by_src, seconds 3600, count 1; sid:2403000;
rev:521; fwsam: src, 72 hours;)


Cheers,
Jeff

From jonkman at bleedingthreats.net  Thu Aug  2 18:41:18 2007
From: jonkman at bleedingthreats.net (Matt Jonkman)
Date: Thu Aug  2 18:42:16 2007
Subject: [Bleeding-sigs] bad rule
In-Reply-To: <008301c7d548$76416fb0$62c44f10$@com>
References: <008301c7d548$76416fb0$62c44f10$@com>
Message-ID: <46B25D8E.4090403@bleedingthreats.net>

Fixed up, thanks Jeff. Must have been a connectivity issue at the time
of update.

Matt

Jeff Dell wrote:
> I didn't know you could use [] as a source ip:
> 
> alert ip [] any -> $HOME_NET any (msg:"BLEEDING-EDGE DROP Dshield Block
> Listed Source - BLOCKING"; reference:url,feeds.dshield.org/block.txt;
> threshold: type limit, track by_src, seconds 3600, count 1; sid:2403000;
> rev:521; fwsam: src, 72 hours;)
> 
> 
> Cheers,
> Jeff
> 
> _______________________________________________
> Bleeding-sigs mailing list
> Bleeding-sigs@bleedingthreats.net
> http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs

-- 
--------------------------------------------
Matthew Jonkman
Bleeding Edge Threats
US Phone 765-429-0398
US Fax 312-264-0205
AUS Phone 61-42-4157-491
AUS Fax 61-29-4750-026
http://www.bleedingthreats.net
--------------------------------------------

PGP: http://www.bleedingthreats.com/mattjonkman.asc


From jonkman at bleedingthreats.net  Thu Aug  2 19:27:43 2007
From: jonkman at bleedingthreats.net (Matt Jonkman)
Date: Thu Aug  2 19:28:40 2007
Subject: [Bleeding-sigs] missing ')' in sid 2002474, 2002558, 2002639
In-Reply-To: <20070802153825.GA3678@jl2.example.com>
References: <20070802153825.GA3678@jl2.example.com>
Message-ID: <46B2686F.2040909@bleedingthreats.net>

Thanks Juergen. I've corrected all 3.

Matt

Juergen Leising wrote:
> Hello,
> 
> there's a second issue with the following rules, that I haven't 
> realized before:
> 
> bleeding-policy.rules: sid:2002474; rev:2; (currently disabled)
> 
>         pcre:"/\Wdsm\W[\s\w,/-]*(?=([2-9][0-9]{2}(\.[0-9]{1,2}?)|(v[167][0-9]\.[0-9]{1,2}))/ism"
> 
> 
> 
> bleeding-policy.rules: sid:2002558; rev:3; (currently disabled)
> 
>         pcre:"/\Wdsm\W[\s\w,/-]*(?=([2-9][0-9]{2}(\.[0-9]{1,2}?)|(v[167][0-9]\.[0-9]{1,2}))/ism";
> 
> 
> 
> bleeding-policy.rules: sid:2002639; rev:3; (currently disabled)
> 
>         pcre:"/\Wdsm\W[\s\w,/-]*(?=([2-9][0-9]{2}(\.[0-9]{1,2}?)|(v[167][0-9]\.[0-9]{1,2}))/ism";
> 
> 
> 
> In all of these three rules there is one closing parenthesis
> missing.
> 
> Instead of
> 
>         {1,2}))/ism
> 
> the tail should probably read as
> 
>         {1,2})))/ism
> 
> Bye, bye,
> 
> Juergen
> 
> _______________________________________________
> Bleeding-sigs mailing list
> Bleeding-sigs@bleedingthreats.net
> http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs

-- 
--------------------------------------------
Matthew Jonkman
Bleeding Edge Threats
US Phone 765-429-0398
US Fax 312-264-0205
AUS Phone 61-42-4157-491
AUS Fax 61-29-4750-026
http://www.bleedingthreats.net
--------------------------------------------

PGP: http://www.bleedingthreats.com/mattjonkman.asc


From bleeding at bleedingthreats.net  Thu Aug  2 20:00:15 2007
From: bleeding at bleedingthreats.net (bleeding@bleedingthreats.net)
Date: Thu Aug  2 20:00:16 2007
Subject: [Bleeding-sigs] Bleeding Edge Threats Daily Signature Changes
Message-ID: <20070803000015.212EE22C08A@sb03.us.bleedingsnort.com>


[***] Results from Oinkmaster started Fri Aug  3 00:00:15 2007 [***]

[+++]          Added rules:          [+++]

 2006547 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id SELECT (bleeding-web.rules)
 2006548 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UNION SELECT (bleeding-web.rules)
 2006549 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id INSERT (bleeding-web.rules)
 2006550 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id DELETE (bleeding-web.rules)
 2006551 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id ASCII (bleeding-web.rules)
 2006552 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UPDATE (bleeding-web.rules)
 2006553 - BLEEDING-EDGE MALWARE Cpushpop.com Spyware User Agent (CPUSH_UPDATER) (bleeding-malware.rules)


[///]     Modified active rules:     [///]

 2001882 - BLEEDING-EDGE DOS ICMP Path MTU lowered below acceptable threshold (bleeding-dos.rules)
 2006381 - BLEEDING-EDGE MALWARE Ask.com Toolbar/Spyware User Agent (bleeding-malware.rules)
 2006386 - BLEEDING-EDGE MALWARE Deepdo.com Toolbar/Spyware User Agent (DeepdoUpdate) (bleeding-malware.rules)
 2006388 - BLEEDING-EDGE MALWARE Suspicious User Agent (006) (bleeding-malware.rules)
 2006392 - BLEEDING-EDGE MALWARE Win-touch.com Spyware User Agent (WTRecover) (bleeding-malware.rules)
 2006393 - BLEEDING-EDGE MALWARE Win-touch.com Spyware User Agent (WTInstaller) (bleeding-malware.rules)
 2006413 - BLEEDING-EDGE MALWARE Mycashbank.co.kr Spyware User Agent (pint_agency) (bleeding-malware.rules)
 2006418 - BLEEDING-EDGE MALWARE Vaccineprogram.co.kr Related Spyware User Agent (Museon) (bleeding-malware.rules)
 2006419 - BLEEDING-EDGE MALWARE Vaccineprogram.co.kr Related Spyware User Agent (anycleaner) (bleeding-malware.rules)
 2006420 - BLEEDING-EDGE MALWARE Vaccineprogram.co.kr Related Spyware User Agent (pcsafe) (bleeding-malware.rules)
 2006421 - BLEEDING-EDGE MALWARE Doctorvaccine.co.kr Related Spyware User Agent (DoctorVaccine) (bleeding-malware.rules)
 2006422 - BLEEDING-EDGE MALWARE Platinumreward.co.kr Spyware User Agent (WT_GET_COMM) (bleeding-malware.rules)
 2006423 - BLEEDING-EDGE MALWARE Doctorpro.co.kr Related Spyware User Agent (doctorpro1) (bleeding-malware.rules)
 2006424 - BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (WebUpdate) (bleeding-malware.rules)
 2006429 - BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (chk Profile) (bleeding-malware.rules)
 2006430 - BLEEDING-EDGE MALWARE Karine.co.kr Related Spyware User Agent (Access down) (bleeding-malware.rules)
 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2404007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  (bleeding-botcc.rules)
 2404008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  (bleeding-botcc.rules)
 2404009 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405009 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[///]    Modified inactive rules:    [///]

 2002474 - BLEEDING-EDGE POLICY SMTP DSM-IV Code (bleeding-policy.rules)
 2002558 - BLEEDING-EDGE POLICY HTTP - DSM-IV Code (bleeding-policy.rules)
 2002639 - BLEEDING-EDGE POLICY High Ports -  DSM-IV Code (bleeding-policy.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-dos.rules (1):
        #Updated to be 6 in the byte test as per Shane Castle

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 264

     -> Added to bleeding-drop.rules (1):
        #  VERSION 264

     -> Added to bleeding-malware.rules (1):
        #from spyware lp

     -> Added to bleeding-sid-msg.map (7):
        2006547 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id SELECT || url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006548 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UNION SELECT || url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006549 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id INSERT || url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006550 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id DELETE || url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006551 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id ASCII || url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006552 || BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UPDATE || url,www.securityfocus.com/bid/24584 || cve,CVE-2007-3354
        2006553 || BLEEDING-EDGE MALWARE Cpushpop.com Spyware User Agent (CPUSH_UPDATER)

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 263

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 263

From Christian.Lees at Level3.com  Fri Aug  3 12:59:12 2007
From: Christian.Lees at Level3.com (Lees, Christian)
Date: Fri Aug  3 13:00:07 2007
Subject: [Bleeding-sigs] Rule question
Message-ID: <92AD49B07F559D4680A409859C9A1DD30A5133@idc1exc0004.corp.global.level3.com>


Dear list, 
I have recently encountered a number of problems with new rule sets. For
instance here is one I encountered today.

Aug  3 10:38:28 xxhostnamexx snort[20539]: FATAL ERROR:
/etc/snort/rules/bleeding-all.rules(5792) => No argument passed to
keyword " reference" Make sure you didn't forget a ':' or the argument
to this keyword!

In turn if I comment all these rules I have no problems,,, some sensor
complain others don't. Anyone have an idea what I am encountering?
From david at vorant.com  Fri Aug  3 13:45:29 2007
From: david at vorant.com (David J. Bianco)
Date: Fri Aug  3 14:22:07 2007
Subject: [Bleeding-sigs] Rule question
In-Reply-To: <92AD49B07F559D4680A409859C9A1DD30A5133@idc1exc0004.corp.global.level3.com>
References: <92AD49B07F559D4680A409859C9A1DD30A5133@idc1exc0004.corp.global.level3.com>
Message-ID: <46B369B9.2000603@vorant.com>

Yeah, it's just a bug in the rules you downloaded.  The bleeding-web rules
(which are also in bleeding-all) have a few rules that contain:

	reference:url,http://something

This confuses the snort preprocessor, as the proper syntax is:

	reference:url,something

You can just edit the files and remove all references to "http://"
and it'll work.

	David

Lees, Christian wrote:
> Dear list, 
> I have recently encountered a number of problems with new rule sets. For
> instance here is one I encountered today.
> 
> Aug  3 10:38:28 xxhostnamexx snort[20539]: FATAL ERROR:
> /etc/snort/rules/bleeding-all.rules(5792) => No argument passed to
> keyword " reference" Make sure you didn't forget a ':' or the argument
> to this keyword!
> 
> In turn if I comment all these rules I have no problems,,, some sensor
> complain others don't. Anyone have an idea what I am encountering?
> _______________________________________________
> Bleeding-sigs mailing list
> Bleeding-sigs@bleedingthreats.net
> http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs

From jonkman at bleedingthreats.net  Fri Aug  3 18:55:30 2007
From: jonkman at bleedingthreats.net (Matt Jonkman)
Date: Fri Aug  3 18:56:31 2007
Subject: [Bleeding-sigs] Rule question
In-Reply-To: <46B369B9.2000603@vorant.com>
References: <92AD49B07F559D4680A409859C9A1DD30A5133@idc1exc0004.corp.global.level3.com>
	<46B369B9.2000603@vorant.com>
Message-ID: <46B3B262.4040903@bleedingthreats.net>

I have corrected those. Strange that the test snort didn't complain
about those. Newer versions of snort apparently don't handle errors the
same way. WIll have to adjust our error checking.

This issue is fixed though.

Matt

David J. Bianco wrote:
> Yeah, it's just a bug in the rules you downloaded.  The bleeding-web rules
> (which are also in bleeding-all) have a few rules that contain:
> 
> 	reference:url,http://something
> 
> This confuses the snort preprocessor, as the proper syntax is:
> 
> 	reference:url,something
> 
> You can just edit the files and remove all references to "http://"
> and it'll work.
> 
> 	David
> 
> Lees, Christian wrote:
>> Dear list, 
>> I have recently encountered a number of problems with new rule sets. For
>> instance here is one I encountered today.
>>
>> Aug  3 10:38:28 xxhostnamexx snort[20539]: FATAL ERROR:
>> /etc/snort/rules/bleeding-all.rules(5792) => No argument passed to
>> keyword " reference" Make sure you didn't forget a ':' or the argument
>> to this keyword!
>>
>> In turn if I comment all these rules I have no problems,,, some sensor
>> complain others don't. Anyone have an idea what I am encountering?
>> _______________________________________________
>> Bleeding-sigs mailing list
>> Bleeding-sigs@bleedingthreats.net
>> http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs
> 
> _______________________________________________
> Bleeding-sigs mailing list
> Bleeding-sigs@bleedingthreats.net
> http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/bleeding-sigs

-- 
--------------------------------------------
Matthew Jonkman
Bleeding Edge Threats
US Phone 765-429-0398
US Fax 312-264-0205
AUS Phone 61-42-4157-491
AUS Fax 61-29-4750-026
http://www.bleedingthreats.net
--------------------------------------------

PGP: http://www.bleedingthreats.com/mattjonkman.asc


From bleeding at bleedingthreats.net  Fri Aug  3 20:00:11 2007
From: bleeding at bleedingthreats.net (bleeding@bleedingthreats.net)
Date: Fri Aug  3 20:00:14 2007
Subject: [Bleeding-sigs] Bleeding Edge Threats Daily Signature Changes
Message-ID: <20070804000011.98C3322C09A@sb03.us.bleedingsnort.com>


[***] Results from Oinkmaster started Sat Aug  4 00:00:10 2007 [***]

[+++]          Added rules:          [+++]

  200673 - BLEEDING-EDGE WEB DUware DUpaypal SQL Injection Attempt -- detail.asp iType DELETE (bleeding-web.rules)
 2006554 - BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId SELECT (bleeding-web.rules)
 2006555 - BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId UNION SELECT (bleeding-web.rules)
 2006556 - BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId INSERT (bleeding-web.rules)
 2006557 - BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId DELETE (bleeding-web.rules)
 2006558 - BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId ASCII (bleeding-web.rules)
 2006559 - BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId UPDATE (bleeding-web.rules)
 2006560 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id SELECT (bleeding-web.rules)
 2006561 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id UNION SELECT (bleeding-web.rules)
 2006562 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id INSERT (bleeding-web.rules)
 2006564 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id DELETE (bleeding-web.rules)
 2006565 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id ASCII (bleeding-web.rules)
 2006566 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id UPDATE (bleeding-web.rules)
 2006567 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no SELECT (bleeding-web.rules)
 2006568 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no UNION SELECT (bleeding-web.rules)
 2006569 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no INSERT (bleeding-web.rules)
 2006570 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no DELETE (bleeding-web.rules)
 2006571 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no ASCII (bleeding-web.rules)
 2006572 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no UPDATE (bleeding-web.rules)
 2006573 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre SELECT (bleeding-web.rules)
 2006574 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre UNION SELECT (bleeding-web.rules)
 2006575 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre INSERT (bleeding-web.rules)
 2006576 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre DELETE (bleeding-web.rules)
 2006577 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre ASCII (bleeding-web.rules)
 2006578 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre UPDATE (bleeding-web.rules)
 2006579 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce SELECT (bleeding-web.rules)
 2006580 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce UNION SELECT (bleeding-web.rules)
 2006581 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce INSERT (bleeding-web.rules)
 2006582 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce DELETE (bleeding-web.rules)
 2006583 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce ASCII (bleeding-web.rules)
 2006584 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce UPDATE (bleeding-web.rules)
 2006585 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce SELECT (bleeding-web.rules)
 2006586 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce UNION SELECT (bleeding-web.rules)
 2006587 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce INSERT (bleeding-web.rules)
 2006588 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce DELETE (bleeding-web.rules)
 2006589 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce ASCII (bleeding-web.rules)
 2006590 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce UPDATE (bleeding-web.rules)
 2006591 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid SELECT (bleeding-web.rules)
 2006592 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid UNION SELECT (bleeding-web.rules)
 2006593 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid INSERT (bleeding-web.rules)
 2006594 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid DELETE (bleeding-web.rules)
 2006595 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid ASCII (bleeding-web.rules)
 2006596 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid UPDATE (bleeding-web.rules)
 2006597 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass SELECT (bleeding-web.rules)
 2006598 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass UNION SELECT (bleeding-web.rules)
 2006599 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass INSERT (bleeding-web.rules)
 2006600 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass DELETE (bleeding-web.rules)
 2006601 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass ASCII (bleeding-web.rules)
 2006602 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass UPDATE (bleeding-web.rules)
 2006603 - BLEEDING-EDGE WEB Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user SELECT (bleeding-web.rules)
 2006604 - BLEEDING-EDGE WEB Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UNION SELECT (bleeding-web.rules)
 2006605 - BLEEDING-EDGE WEB Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user INSERT (bleeding-web.rules)
 2006606 - BLEEDING-EDGE WEB Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user DELETE (bleeding-web.rules)
 2006607 - BLEEDING-EDGE WEB Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ASCII (bleeding-web.rules)
 2006608 - BLEEDING-EDGE WEB Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UPDATE (bleeding-web.rules)
 2006609 - BLEEDING-EDGE WEB iWare Professional SQL Injection Attempt -- index.php D SELECT (bleeding-web.rules)
 2006610 - BLEEDING-EDGE WEB iWare Professional SQL Injection Attempt -- index.php D UNION SELECT (bleeding-web.rules)
 2006611 - BLEEDING-EDGE WEB iWare Professional SQL Injection Attempt -- index.php D INSERT (bleeding-web.rules)
 2006612 - BLEEDING-EDGE WEB iWare Professional SQL Injection Attempt -- index.php D DELETE (bleeding-web.rules)
 2006613 - BLEEDING-EDGE WEB iWare Professional SQL Injection Attempt -- index.php D ASCII (bleeding-web.rules)
 2006614 - BLEEDING-EDGE WEB iWare Professional SQL Injection Attempt -- index.php D UPDATE (bleeding-web.rules)
 2006615 - BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_doc SELECT (bleeding-web.rules)
 2006616 - BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_doc UNION SELECT (bleeding-web.rules)
 2006617 - BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_doc INSERT (bleeding-web.rules)
 2006618 - BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_doc DELETE (bleeding-web.rules)
 2006619 - BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_doc ASCII (bleeding-web.rules)
 2006620 - BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_doc UPDATE (bleeding-web.rules)
 2006621 - BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_aut SELECT (bleeding-web.rules)
 2006622 - BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_aut UNION SELECT (bleeding-web.rules)
 2006623 - BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_aut INSERT (bleeding-web.rules)
 2006624 - BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_aut DELETE (bleeding-web.rules)
 2006625 - BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_aut ASCII (bleeding-web.rules)
 2006626 - BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_aut UPDATE (bleeding-web.rules)
 2006627 - BLEEDING-EDGE WEB MyStats SQL Injection Attempt -- mystats.php details SELECT (bleeding-web.rules)
 2006628 - BLEEDING-EDGE WEB MyStats SQL Injection Attempt -- mystats.php details UNION SELECT (bleeding-web.rules)
 2006629 - BLEEDING-EDGE WEB MyStats SQL Injection Attempt -- mystats.php details INSERT (bleeding-web.rules)
 2006630 - BLEEDING-EDGE WEB MyStats SQL Injection Attempt -- mystats.php details DELETE (bleeding-web.rules)
 2006631 - BLEEDING-EDGE WEB MyStats SQL Injection Attempt -- mystats.php details ASCII (bleeding-web.rules)
 2006632 - BLEEDING-EDGE WEB MyStats SQL Injection Attempt -- mystats.php details UPDATE (bleeding-web.rules)
 2006633 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp  SELECT (bleeding-web.rules)
 2006634 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp  UNION SELECT (bleeding-web.rules)
 2006635 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp  INSERT (bleeding-web.rules)
 2006636 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp  DELETE (bleeding-web.rules)
 2006637 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp  ASCII (bleeding-web.rules)
 2006638 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp  UPDATE (bleeding-web.rules)
 2006639 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp  SELECT (bleeding-web.rules)
 2006640 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp  UNION SELECT (bleeding-web.rules)
 2006641 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp  INSERT (bleeding-web.rules)
 2006642 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp  DELETE (bleeding-web.rules)
 2006643 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp  ASCII (bleeding-web.rules)
 2006644 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp  UPDATE (bleeding-web.rules)
 2006645 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID SELECT (bleeding-web.rules)
 2006646 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID UNION SELECT (bleeding-web.rules)
 2006647 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID INSERT (bleeding-web.rules)
 2006648 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID DELETE (bleeding-web.rules)
 2006649 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID ASCII (bleeding-web.rules)
 2006650 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID UPDATE (bleeding-web.rules)
 2006651 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID SELECT (bleeding-web.rules)
 2006652 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID UNION SELECT (bleeding-web.rules)
 2006653 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID INSERT (bleeding-web.rules)
 2006654 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID DELETE (bleeding-web.rules)
 2006655 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID ASCII (bleeding-web.rules)
 2006656 - BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID UPDATE (bleeding-web.rules)
 2006657 - BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni SELECT (bleeding-web.rules)
 2006658 - BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni UNION SELECT (bleeding-web.rules)
 2006659 - BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni INSERT (bleeding-web.rules)
 2006660 - BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni DELETE (bleeding-web.rules)
 2006661 - BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni ASCII (bleeding-web.rules)
 2006662 - BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni UPDATE (bleeding-web.rules)
 2006663 - BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci SELECT (bleeding-web.rules)
 2006664 - BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci UNION SELECT (bleeding-web.rules)
 2006665 - BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci INSERT (bleeding-web.rules)
 2006666 - BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci DELETE (bleeding-web.rules)
 2006667 - BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci ASCII (bleeding-web.rules)
 2006668 - BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci UPDATE (bleeding-web.rules)
 2006669 - BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- post.php img SELECT (bleeding-web.rules)
 2006670 - BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- post.php img UNION SELECT (bleeding-web.rules)
 2006671 - BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- post.php img INSERT (bleeding-web.rules)
 2006672 - BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- post.php img DELETE (bleeding-web.rules)
 2006673 - BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- post.php img ASCII (bleeding-web.rules)
 2006674 - BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- post.php img UPDATE (bleeding-web.rules)
 2006675 - BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- index.php img SELECT (bleeding-web.rules)
 2006676 - BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- index.php img UNION SELECT (bleeding-web.rules)
 2006677 - BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- index.php img INSERT (bleeding-web.rules)
 2006678 - BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- index.php img DELETE (bleeding-web.rules)
 2006679 - BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- index.php img ASCII (bleeding-web.rules)
 2006680 - BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- index.php img UPDATE (bleeding-web.rules)
 2006681 - BLEEDING-EDGE WEB Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid SELECT (bleeding-web.rules)
 2006682 - BLEEDING-EDGE WEB Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid UNION SELECT (bleeding-web.rules)
 2006683 - BLEEDING-EDGE WEB Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid INSERT (bleeding-web.rules)
 2006684 - BLEEDING-EDGE WEB Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid DELETE (bleeding-web.rules)
 2006685 - BLEEDING-EDGE WEB Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid ASCII (bleeding-web.rules)
 2006686 - BLEEDING-EDGE WEB Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid UPDATE (bleeding-web.rules)
 2006687 - BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp iFile SELECT (bleeding-web.rules)
 2006688 - BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp iFile UNION SELECT (bleeding-web.rules)
 2006689 - BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp iFile INSERT (bleeding-web.rules)
 2006690 - BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp iFile DELETE (bleeding-web.rules)
 2006691 - BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp iFile ASCII (bleeding-web.rules)
 2006692 - BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp iFile UPDATE (bleeding-web.rules)
 2006694 - BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp action SELECT (bleeding-web.rules)
 2006695 - BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp action UNION SELECT (bleeding-web.rules)
 2006696 - BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp action INSERT (bleeding-web.rules)
 2006697 - BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp action DELETE (bleeding-web.rules)
 2006698 - BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp action ASCII (bleeding-web.rules)
 2006699 - BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp action UPDATE (bleeding-web.rules)
 2006700 - BLEEDING-EDGE WEB DUware DUpaypal SQL Injection Attempt -- detail.asp iType SELECT (bleeding-web.rules)
 2006701 - BLEEDING-EDGE WEB DUware DUpaypal SQL Injection Attempt -- detail.asp iType UNION SELECT (bleeding-web.rules)
 2006702 - BLEEDING-EDGE WEB DUware DUpaypal SQL Injection Attempt -- detail.asp iType INSERT (bleeding-web.rules)
 2006704 - BLEEDING-EDGE WEB DUware DUpaypal SQL Injection Attempt -- detail.asp iType ASCII (bleeding-web.rules)
 2006705 - BLEEDING-EDGE WEB DUware DUpaypal SQL Injection Attempt -- detail.asp iType UPDATE (bleeding-web.rules)
 2006706 - BLEEDING-EDGE WEB DuWare DuClassmate SQL Injection Attempt -- default.asp iCity SELECT (bleeding-web.rules)
 2006707 - BLEEDING-EDGE WEB DuWare DuClassmate SQL Injection Attempt -- default.asp iCity UNION SELECT (bleeding-web.rules)
 2006708 - BLEEDING-EDGE WEB DuWare DuClassmate SQL Injection Attempt -- default.asp iCity INSERT (bleeding-web.rules)
 2006709 - BLEEDING-EDGE WEB DuWare DuClassmate SQL Injection Attempt -- default.asp iCity DELETE (bleeding-web.rules)
 2006710 - BLEEDING-EDGE WEB DuWare DuClassmate SQL Injection Attempt -- default.asp iCity ASCII (bleeding-web.rules)
 2006711 - BLEEDING-EDGE WEB DuWare DuClassmate SQL Injection Attempt -- default.asp iCity UPDATE (bleeding-web.rules)
 2006712 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iNews SELECT (bleeding-web.rules)
 2006713 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iNews UNION SELECT (bleeding-web.rules)
 2006714 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iNews INSERT (bleeding-web.rules)
 2006715 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iNews DELETE (bleeding-web.rules)
 2006716 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iNews ASCII (bleeding-web.rules)
 2006717 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iNews UPDATE (bleeding-web.rules)
 2006718 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iType SELECT (bleeding-web.rules)
 2006719 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iType UNION SELECT (bleeding-web.rules)
 2006720 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iType INSERT (bleeding-web.rules)
 2006721 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iType DELETE (bleeding-web.rules)
 2006722 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iType ASCII (bleeding-web.rules)
 2006723 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iType UPDATE (bleeding-web.rules)
 2006724 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp Action SELECT (bleeding-web.rules)
 2006725 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp Action UNION SELECT (bleeding-web.rules)
 2006726 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp Action INSERT (bleeding-web.rules)
 2006727 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp Action DELETE (bleeding-web.rules)
 2006728 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp Action ASCII (bleeding-web.rules)
 2006729 - BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp Action UPDATE (bleeding-web.rules)
 2006730 - BLEEDING-EDGE WEB PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main SELECT (bleeding-web.rules)
 2006731 - BLEEDING-EDGE WEB PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UNION SELECT (bleeding-web.rules)
 2006732 - BLEEDING-EDGE WEB PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main INSERT (bleeding-web.rules)
 2006733 - BLEEDING-EDGE WEB PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main DELETE (bleeding-web.rules)
 2006734 - BLEEDING-EDGE WEB PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ASCII (bleeding-web.rules)
 2006735 - BLEEDING-EDGE WEB PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UPDATE (bleeding-web.rules)
 2006736 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php  SELECT (bleeding-web.rules)
 2006737 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php  UNION SELECT (bleeding-web.rules)
 2006738 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php  INSERT (bleeding-web.rules)
 2006739 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php  DELETE (bleeding-web.rules)
 2006740 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php  ASCII (bleeding-web.rules)
 2006741 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php  UPDATE (bleeding-web.rules)
 2006742 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php  SELECT (bleeding-web.rules)
 2006743 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php  UNION SELECT (bleeding-web.rules)
 2006744 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php  INSERT (bleeding-web.rules)
 2006745 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php  DELETE (bleeding-web.rules)
 2006746 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php  ASCII (bleeding-web.rules)
 2006747 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php  UPDATE (bleeding-web.rules)
 2006748 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- users.register.inc.php  SELECT (bleeding-web.rules)
 2006749 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- users.register.inc.php  UNION SELECT (bleeding-web.rules)
 2006750 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- users.register.inc.php  INSERT (bleeding-web.rules)
 2006751 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- users.register.inc.php  DELETE (bleeding-web.rules)
 2006752 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- users.register.inc.php  ASCII (bleeding-web.rules)
 2006753 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- users.register.inc.php  UPDATE (bleeding-web.rules)
 2006754 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- polls.php id SELECT (bleeding-web.rules)
 2006755 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- polls.php id UNION SELECT (bleeding-web.rules)
 2006756 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- polls.php id INSERT (bleeding-web.rules)
 2006757 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- polls.php id DELETE (bleeding-web.rules)
 2006758 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- polls.php id ASCII (bleeding-web.rules)
 2006759 - BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- polls.php id UPDATE (bleeding-web.rules)
 2006760 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category SELECT (bleeding-web.rules)
 2006761 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UNION SELECT (bleeding-web.rules)
 2006762 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category INSERT (bleeding-web.rules)
 2006763 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category DELETE (bleeding-web.rules)
 2006764 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ASCII (bleeding-web.rules)
 2006765 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UPDATE (bleeding-web.rules)
 2006766 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent SELECT (bleeding-web.rules)
 2006767 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UNION SELECT (bleeding-web.rules)
 2006768 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent INSERT (bleeding-web.rules)
 2006769 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent DELETE (bleeding-web.rules)
 2006770 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ASCII (bleeding-web.rules)
 2006771 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UPDATE (bleeding-web.rules)
 2006772 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id SELECT (bleeding-web.rules)
 2006773 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UNION SELECT (bleeding-web.rules)
 2006774 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id INSERT (bleeding-web.rules)
 2006775 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id DELETE (bleeding-web.rules)
 2006776 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ASCII (bleeding-web.rules)
 2006777 - BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UPDATE (bleeding-web.rules)


[///]     Modified active rules:     [///]

 2400000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2400004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound (bleeding-drop.rules)
 2401000 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401001 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401002 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401003 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2401004 - BLEEDING-EDGE DROP Spamhaus DROP Listed Traffic Inbound - BLOCKING SOURCE (bleeding-drop-BLOCK.rules)
 2402000 - BLEEDING-EDGE DROP Dshield Block Listed Source (bleeding-dshield.rules)
 2403000 - BLEEDING-EDGE DROP Dshield Block Listed Source - BLOCKING (bleeding-dshield-BLOCK.rules)
 2404000 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 1)  (bleeding-botcc.rules)
 2404001 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 2)  (bleeding-botcc.rules)
 2404002 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 3)  (bleeding-botcc.rules)
 2404003 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 4)  (bleeding-botcc.rules)
 2404004 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 5)  (bleeding-botcc.rules)
 2404005 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 6)  (bleeding-botcc.rules)
 2404006 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 7)  (bleeding-botcc.rules)
 2404007 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 8)  (bleeding-botcc.rules)
 2404008 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 9)  (bleeding-botcc.rules)
 2404009 - BLEEDING-EDGE DROP Known Bot C&C Server Traffic (group 10)  (bleeding-botcc.rules)
 2405000 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 1) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405001 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 2) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405002 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 3) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405003 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 4) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405004 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 5) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405005 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 6) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405006 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 7) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405007 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 8) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405008 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 9) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)
 2405009 - BLEEDING-EDGE DROP Known Bot C&C Traffic (group 10) - BLOCKING SOURCE (bleeding-botcc-BLOCK.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to bleeding-drop-BLOCK.rules (1):
        #  VERSION 265

     -> Added to bleeding-drop.rules (1):
        #  VERSION 265

     -> Added to bleeding-sid-msg.map (222):
        200673 || BLEEDING-EDGE WEB DUware DUpaypal SQL Injection Attempt -- detail.asp iType DELETE || url,www.securityfocus.com/bid/14034 || cve,CVE-2006-6365
        2006554 || BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId SELECT || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || cve,CVE-2006-6486
        2006555 || BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId UNION SELECT || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || cve,CVE-2006-6486
        2006556 || BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId INSERT || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || cve,CVE-2006-6486
        2006557 || BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId DELETE || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || cve,CVE-2006-6486
        2006558 || BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId ASCII || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || cve,CVE-2006-6486
        2006559 || BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId UPDATE || url,www.securityfocus.com/archive/1/archive/1/453586/100/100/threaded || cve,CVE-2006-6486
        2006560 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id SELECT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006561 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id UNION SELECT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006562 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id INSERT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006564 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id DELETE || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006565 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id ASCII || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006566 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id UPDATE || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006567 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no SELECT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006568 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no UNION SELECT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006569 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no INSERT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006570 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no DELETE || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006571 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no ASCII || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006572 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no UPDATE || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006573 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre SELECT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006574 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre UNION SELECT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006575 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre INSERT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006576 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre DELETE || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006577 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre ASCII || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006578 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre UPDATE || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006579 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce SELECT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006580 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce UNION SELECT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006581 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce INSERT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006582 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce DELETE || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006583 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce ASCII || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006584 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce UPDATE || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006585 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce SELECT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006586 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce UNION SELECT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006587 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce INSERT || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006588 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce DELETE || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006589 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce ASCII || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006590 || BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce UPDATE || url,www.securityfocus.com/bid/21514/exploit || cve,CVE-2006-6478
        2006591 || BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid SELECT || url,www.securityfocus.com/bid/21473 || cve,CVE-2006-6450
        2006592 || BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid UNION SELECT || url,www.securityfocus.com/bid/21473 || cve,CVE-2006-6450
        2006593 || BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid INSERT || url,www.securityfocus.com/bid/21473 || cve,CVE-2006-6450
        2006594 || BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid DELETE || url,www.securityfocus.com/bid/21473 || cve,CVE-2006-6450
        2006595 || BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid ASCII || url,www.securityfocus.com/bid/21473 || cve,CVE-2006-6450
        2006596 || BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid UPDATE || url,www.securityfocus.com/bid/21473 || cve,CVE-2006-6450
        2006597 || BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass SELECT || url,www.securityfocus.com/bid/21473 || cve,CVE-2006-6450
        2006598 || BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass UNION SELECT || url,www.securityfocus.com/bid/21473 || cve,CVE-2006-6450
        2006599 || BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass INSERT || url,www.securityfocus.com/bid/21473 || cve,CVE-2006-6450
        2006600 || BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass DELETE || url,www.securityfocus.com/bid/21473 || cve,CVE-2006-6450
        2006601 || BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass ASCII || url,www.securityfocus.com/bid/21473 || cve,CVE-2006-6450
        2006602 || BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass UPDATE || url,www.securityfocus.com/bid/21473 || cve,CVE-2006-6450
        2006603 || BLEEDING-EDGE WEB Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user SELECT || url,www.frsirt.com/english/advisories/2006/4850 || cve,CVE-2006-6448
        2006604 || BLEEDING-EDGE WEB Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UNION SELECT || url,www.frsirt.com/english/advisories/2006/4850 || cve,CVE-2006-6448
        2006605 || BLEEDING-EDGE WEB Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user INSERT || url,www.frsirt.com/english/advisories/2006/4850 || cve,CVE-2006-6448
        2006606 || BLEEDING-EDGE WEB Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user DELETE || url,www.frsirt.com/english/advisories/2006/4850 || cve,CVE-2006-6448
        2006607 || BLEEDING-EDGE WEB Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user ASCII || url,www.frsirt.com/english/advisories/2006/4850 || cve,CVE-2006-6448
        2006608 || BLEEDING-EDGE WEB Vt-Forum Lite SQL Injection Attempt -- vf_memberdetail.asp user UPDATE || url,www.frsirt.com/english/advisories/2006/4850 || cve,CVE-2006-6448
        2006609 || BLEEDING-EDGE WEB iWare Professional SQL Injection Attempt -- index.php D SELECT || url,www.securityfocus.com/bid/21467 || cve,CVE-2006-6446
        2006610 || BLEEDING-EDGE WEB iWare Professional SQL Injection Attempt -- index.php D UNION SELECT || url,www.securityfocus.com/bid/21467 || cve,CVE-2006-6446
        2006611 || BLEEDING-EDGE WEB iWare Professional SQL Injection Attempt -- index.php D INSERT || url,www.securityfocus.com/bid/21467 || cve,CVE-2006-6446
        2006612 || BLEEDING-EDGE WEB iWare Professional SQL Injection Attempt -- index.php D DELETE || url,www.securityfocus.com/bid/21467 || cve,CVE-2006-6446
        2006613 || BLEEDING-EDGE WEB iWare Professional SQL Injection Attempt -- index.php D ASCII || url,www.securityfocus.com/bid/21467 || cve,CVE-2006-6446
        2006614 || BLEEDING-EDGE WEB iWare Professional SQL Injection Attempt -- index.php D UPDATE || url,www.securityfocus.com/bid/21467 || cve,CVE-2006-6446
        2006615 || BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_doc SELECT || url,www.securityfocus.com/bid/21463 || cve,CVE-2006-6414
        2006616 || BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_doc UNION SELECT || url,www.securityfocus.com/bid/21463 || cve,CVE-2006-6414
        2006617 || BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_doc INSERT || url,www.securityfocus.com/bid/21463 || cve,CVE-2006-6414
        2006618 || BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_doc DELETE || url,www.securityfocus.com/bid/21463 || cve,CVE-2006-6414
        2006619 || BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_doc ASCII || url,www.securityfocus.com/bid/21463 || cve,CVE-2006-6414
        2006620 || BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_doc UPDATE || url,www.securityfocus.com/bid/21463 || cve,CVE-2006-6414
        2006621 || BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_aut SELECT || url,www.securityfocus.com/bid/21463 || cve,CVE-2006-6414
        2006622 || BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_aut UNION SELECT || url,www.securityfocus.com/bid/21463 || cve,CVE-2006-6414
        2006623 || BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_aut INSERT || url,www.securityfocus.com/bid/21463 || cve,CVE-2006-6414
        2006624 || BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_aut DELETE || url,www.securityfocus.com/bid/21463 || cve,CVE-2006-6414
        2006625 || BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_aut ASCII || url,www.securityfocus.com/bid/21463 || cve,CVE-2006-6414
        2006626 || BLEEDING-EDGE WEB dol storye SQL Injection Attempt -- dettaglio.asp id_aut UPDATE || url,www.securityfocus.com/bid/21463 || cve,CVE-2006-6414
        2006627 || BLEEDING-EDGE WEB MyStats SQL Injection Attempt -- mystats.php details SELECT || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || cve,CVE-2006-6403
        2006628 || BLEEDING-EDGE WEB MyStats SQL Injection Attempt -- mystats.php details UNION SELECT || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || cve,CVE-2006-6403
        2006629 || BLEEDING-EDGE WEB MyStats SQL Injection Attempt -- mystats.php details INSERT || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || cve,CVE-2006-6403
        2006630 || BLEEDING-EDGE WEB MyStats SQL Injection Attempt -- mystats.php details DELETE || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || cve,CVE-2006-6403
        2006631 || BLEEDING-EDGE WEB MyStats SQL Injection Attempt -- mystats.php details ASCII || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || cve,CVE-2006-6403
        2006632 || BLEEDING-EDGE WEB MyStats SQL Injection Attempt -- mystats.php details UPDATE || url,marc.theaimsgroup.com/?l=bugtraq&m=116344068502988&w=2 || cve,CVE-2006-6403
        2006633 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp  SELECT || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006634 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp  UNION SELECT || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006635 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp  INSERT || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006636 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp  DELETE || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006637 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp  ASCII || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006638 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- sendarticle.asp  UPDATE || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006639 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp  SELECT || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006640 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp  UNION SELECT || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006641 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp  INSERT || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006642 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp  DELETE || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006643 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp  ASCII || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006644 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- printarticle.asp  UPDATE || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006645 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID SELECT || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006646 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID UNION SELECT || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006647 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID INSERT || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006648 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID DELETE || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006649 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID ASCII || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006650 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- index.asp ID UPDATE || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006651 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID SELECT || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006652 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID UNION SELECT || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006653 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID INSERT || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006654 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID DELETE || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006655 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID ASCII || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006656 || BLEEDING-EDGE WEB Superfreaker Studios UPublisher SQL Injection Attempt -- preferences.asp ID UPDATE || url,www.securityfocus.com/archive/1/archive/1/453462/100/0/threaded || cve,CVE-2006-6398
        2006657 || BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni SELECT || url,www.securityfocus.com/bid/21464 || cve,CVE-2006-6387
        2006658 || BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni UNION SELECT || url,www.securityfocus.com/bid/21464 || cve,CVE-2006-6387
        2006659 || BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni INSERT || url,www.securityfocus.com/bid/21464 || cve,CVE-2006-6387
        2006660 || BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni DELETE || url,www.securityfocus.com/bid/21464 || cve,CVE-2006-6387
        2006661 || BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni ASCII || url,www.securityfocus.com/bid/21464 || cve,CVE-2006-6387
        2006662 || BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- navigacija.php IDMeniGlavni UPDATE || url,www.securityfocus.com/bid/21464 || cve,CVE-2006-6387
        2006663 || BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci SELECT || url,www.securityfocus.com/bid/21464 || cve,CVE-2006-6387
        2006664 || BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci UNION SELECT || url,www.securityfocus.com/bid/21464 || cve,CVE-2006-6387
        2006665 || BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci INSERT || url,www.securityfocus.com/bid/21464 || cve,CVE-2006-6387
        2006666 || BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci DELETE || url,www.securityfocus.com/bid/21464 || cve,CVE-2006-6387
        2006667 || BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci ASCII || url,www.securityfocus.com/bid/21464 || cve,CVE-2006-6387
        2006668 || BLEEDING-EDGE WEB LINK Content Management Server (CMS) SQL Injection Attempt -- prikazInformacije.php IDStranicaPodaci UPDATE || url,www.securityfocus.com/bid/21464 || cve,CVE-2006-6387
        2006669 || BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- post.php img SELECT || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || cve,CVE-2006-6370
        2006670 || BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- post.php img UNION SELECT || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || cve,CVE-2006-6370
        2006671 || BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- post.php img INSERT || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || cve,CVE-2006-6370
        2006672 || BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- post.php img DELETE || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || cve,CVE-2006-6370
        2006673 || BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- post.php img ASCII || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || cve,CVE-2006-6370
        2006674 || BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- post.php img UPDATE || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || cve,CVE-2006-6370
        2006675 || BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- index.php img SELECT || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || cve,CVE-2006-6370
        2006676 || BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- index.php img UNION SELECT || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || cve,CVE-2006-6370
        2006677 || BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- index.php img INSERT || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || cve,CVE-2006-6370
        2006678 || BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- index.php img DELETE || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || cve,CVE-2006-6370
        2006679 || BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- index.php img ASCII || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || cve,CVE-2006-6370
        2006680 || BLEEDING-EDGE WEB Invision Gallery SQL Injection Attempt -- index.php img UPDATE || url,www.securityfocus.com/archive/1/archive/1/453468/100/0/threaded || cve,CVE-2006-6370
        2006681 || BLEEDING-EDGE WEB Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid SELECT || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || cve,CVE-2006-6369
        2006682 || BLEEDING-EDGE WEB Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid UNION SELECT || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || cve,CVE-2006-6369
        2006683 || BLEEDING-EDGE WEB Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid INSERT || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || cve,CVE-2006-6369
        2006684 || BLEEDING-EDGE WEB Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid DELETE || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || cve,CVE-2006-6369
        2006685 || BLEEDING-EDGE WEB Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid ASCII || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || cve,CVE-2006-6369
        2006686 || BLEEDING-EDGE WEB Invision Community Blog Mod SQL Injection Attempt -- entry_reply_entry.php eid UPDATE || url,www.securityfocus.com/archive/1/archive/1/453159/100/100/threaded || cve,CVE-2006-6369
        2006687 || BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp iFile SELECT || url,www.securityfocus.com/bid/21405 || cve,CVE-2006-6367
        2006688 || BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp iFile UNION SELECT || url,www.securityfocus.com/bid/21405 || cve,CVE-2006-6367
        2006689 || BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp iFile INSERT || url,www.securityfocus.com/bid/21405 || cve,CVE-2006-6367
        2006690 || BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp iFile DELETE || url,www.securityfocus.com/bid/21405 || cve,CVE-2006-6367
        2006691 || BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp iFile ASCII || url,www.securityfocus.com/bid/21405 || cve,CVE-2006-6367
        2006692 || BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp iFile UPDATE || url,www.securityfocus.com/bid/21405 || cve,CVE-2006-6367
        2006694 || BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp action SELECT || url,www.securityfocus.com/bid/21405 || cve,CVE-2006-6367
        2006695 || BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp action UNION SELECT || url,www.securityfocus.com/bid/21405 || cve,CVE-2006-6367
        2006696 || BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp action INSERT || url,www.securityfocus.com/bid/21405 || cve,CVE-2006-6367
        2006697 || BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp action DELETE || url,www.securityfocus.com/bid/21405 || cve,CVE-2006-6367
        2006698 || BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp action ASCII || url,www.securityfocus.com/bid/21405 || cve,CVE-2006-6367
        2006699 || BLEEDING-EDGE WEB DUware DUdownload SQL Injection Attempt -- detail.asp action UPDATE || url,www.securityfocus.com/bid/21405 || cve,CVE-2006-6367
        2006700 || BLEEDING-EDGE WEB DUware DUpaypal SQL Injection Attempt -- detail.asp iType SELECT || url,www.securityfocus.com/bid/14034 || cve,CVE-2006-6365
        2006701 || BLEEDING-EDGE WEB DUware DUpaypal SQL Injection Attempt -- detail.asp iType UNION SELECT || url,www.securityfocus.com/bid/14034 || cve,CVE-2006-6365
        2006702 || BLEEDING-EDGE WEB DUware DUpaypal SQL Injection Attempt -- detail.asp iType INSERT || url,www.securityfocus.com/bid/14034 || cve,CVE-2006-6365
        2006704 || BLEEDING-EDGE WEB DUware DUpaypal SQL Injection Attempt -- detail.asp iType ASCII || url,www.securityfocus.com/bid/14034 || cve,CVE-2006-6365
        2006705 || BLEEDING-EDGE WEB DUware DUpaypal SQL Injection Attempt -- detail.asp iType UPDATE || url,www.securityfocus.com/bid/14034 || cve,CVE-2006-6365
        2006706 || BLEEDING-EDGE WEB DuWare DuClassmate SQL Injection Attempt -- default.asp iCity SELECT || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || cve,CVE-2006-6355
        2006707 || BLEEDING-EDGE WEB DuWare DuClassmate SQL Injection Attempt -- default.asp iCity UNION SELECT || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || cve,CVE-2006-6355
        2006708 || BLEEDING-EDGE WEB DuWare DuClassmate SQL Injection Attempt -- default.asp iCity INSERT || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || cve,CVE-2006-6355
        2006709 || BLEEDING-EDGE WEB DuWare DuClassmate SQL Injection Attempt -- default.asp iCity DELETE || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || cve,CVE-2006-6355
        2006710 || BLEEDING-EDGE WEB DuWare DuClassmate SQL Injection Attempt -- default.asp iCity ASCII || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || cve,CVE-2006-6355
        2006711 || BLEEDING-EDGE WEB DuWare DuClassmate SQL Injection Attempt -- default.asp iCity UPDATE || url,www.securityfocus.com/archive/1/archive/1/453318/100/0/threaded || cve,CVE-2006-6355
        2006712 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iNews SELECT || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006713 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iNews UNION SELECT || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006714 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iNews INSERT || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006715 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iNews DELETE || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006716 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iNews ASCII || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006717 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iNews UPDATE || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006718 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iType SELECT || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006719 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iType UNION SELECT || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006720 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iType INSERT || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006721 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iType DELETE || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006722 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iType ASCII || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006723 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp iType UPDATE || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006724 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp Action SELECT || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006725 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp Action UNION SELECT || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006726 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp Action INSERT || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006727 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp Action DELETE || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006728 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp Action ASCII || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006729 || BLEEDING-EDGE WEB DuWare DuNews SQL Injection Attempt -- detail.asp Action UPDATE || url,www.securityfocus.com/bid/15681 || cve,CVE-2006-6354
        2006730 || BLEEDING-EDGE WEB PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main SELECT || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || cve,CVE-2006-6349
        2006731 || BLEEDING-EDGE WEB PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UNION SELECT || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || cve,CVE-2006-6349
        2006732 || BLEEDING-EDGE WEB PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main INSERT || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || cve,CVE-2006-6349
        2006733 || BLEEDING-EDGE WEB PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main DELETE || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || cve,CVE-2006-6349
        2006734 || BLEEDING-EDGE WEB PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main ASCII || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || cve,CVE-2006-6349
        2006735 || BLEEDING-EDGE WEB PWP Technologies The Classified Ad System SQL Injection Attempt -- default.asp main UPDATE || url,downloads.securityfocus.com/vulnerabilities/exploits/21758.pl || cve,CVE-2006-6349
        2006736 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php  SELECT || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006737 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php  UNION SELECT || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006738 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php  INSERT || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006739 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php  DELETE || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006740 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php  ASCII || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006741 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- ipsearch.admin.php  UPDATE || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006742 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php  SELECT || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006743 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php  UNION SELECT || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006744 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php  INSERT || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006745 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php  DELETE || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006746 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php  ASCII || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006747 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- pfs.edit.inc.php  UPDATE || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006748 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- users.register.inc.php  SELECT || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006749 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- users.register.inc.php  UNION SELECT || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006750 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- users.register.inc.php  INSERT || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006751 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- users.register.inc.php  DELETE || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006752 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- users.register.inc.php  ASCII || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006753 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- users.register.inc.php  UPDATE || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006754 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- polls.php id SELECT || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006755 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- polls.php id UNION SELECT || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006756 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- polls.php id INSERT || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006757 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- polls.php id DELETE || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006758 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- polls.php id ASCII || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006759 || BLEEDING-EDGE WEB Neocrome Seditio SQL Injection Attempt -- polls.php id UPDATE || url,www.secunia.com/advisories/23180 || cve,CVE-2006-6344
        2006760 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category SELECT || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006761 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UNION SELECT || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006762 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category INSERT || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006763 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category DELETE || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006764 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category ASCII || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006765 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp category UPDATE || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006766 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent SELECT || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006767 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UNION SELECT || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006768 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent INSERT || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006769 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent DELETE || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006770 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent ASCII || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006771 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- search_listing.asp agent UPDATE || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006772 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id SELECT || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006773 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UNION SELECT || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006774 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id INSERT || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006775 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id DELETE || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006776 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id ASCII || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342
        2006777 || BLEEDING-EDGE WEB KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY SQL Injection Attempt -- detail.asp property_id UPDATE || url,www.securityfocus.com/bid/21199 || cve,CVE-2006-6342

[---]     Removed non-rule lines:    [---]

     -> Removed from bleeding-drop-BLOCK.rules (1):
        #  VERSION 264

     -> Removed from bleeding-drop.rules (1):
        #  VERSION 264

From bleeding at bleedingthreats.net  Fri Aug  3 22:00:12 2007
From: bleeding at bleedingthreats.net (bleeding@bleedingthreats.net)
Date: Fri Aug  3 22:00:15 2007
Subject: [Bleeding-sigs] Bleeding Edge Threats Weekly Signature Changes
Message-ID: <20070804020012.21CE122C09C@sb03.us.bleedingsnort.com>


[***] Results from Oinkmaster started Sat Aug  4 02:00:12 2007 [***]

[+++]          Added rules:          [+++]

  200673 - BLEEDING-EDGE WEB DUware DUpaypal SQL Injection Attempt -- detail.asp iType DELETE (bleeding-web.rules)
 2006441 - BLEEDING-EDGE VIRUS Zlob User Agent - updating (Winlogon) (bleeding-virus.rules)
 2006443 - BLEEDING-EDGE WEB Possible SQL Injection Attempt -- DELETE FROM (bleeding-web.rules)
 2006444 - BLEEDING-EDGE WEB Possible SQL Injection Attempt -- INSERT INTO (bleeding-web.rules)
 2006445 - BLEEDING-EDGE WEB Possible SQL Injection Attempt -- SELECT FROM (bleeding-web.rules)
 2006446 - BLEEDING-EDGE WEB Possible SQL Injection Attempt -- UNION SELECT (bleeding-web.rules)
 2006447 - BLEEDING-EDGE WEB Possible SQL Injection Attempt -- UPDATE SET (bleeding-web.rules)
 2006448 - BLEEDING-EDGE TROJAN Win32.Agent.ajx Trojan Reporting to Server (bleeding-virus.rules)
 2006449 - BLEEDING-EDGE WEB Elxis CMS SQL Injection Attempt -- mod_banners.php  SELECT (bleeding-web.rules)
 2006450 - BLEEDING-EDGE WEB Elxis CMS SQL Injection Attempt -- mod_banners.php  UNION SELECT (bleeding-web.rules)
 2006451 - BLEEDING-EDGE WEB Elxis CMS SQL Injection Attempt -- mod_banners.php  INSERT (bleeding-web.rules)
 2006452 - BLEEDING-EDGE WEB Elxis CMS SQL Injection Attempt -- mod_banners.php  DELETE (bleeding-web.rules)
 2006453 - BLEEDING-EDGE WEB Elxis CMS SQL Injection Attempt -- mod_banners.php  ASCII (bleeding-web.rules)
 2006454 - BLEEDING-EDGE WEB Elxis CMS SQL Injection Attempt -- mod_banners.php  UPDATE (bleeding-web.rules)
 2006455 - BLEEDING-EDGE WEB WSPortal SQL Injection Attempt -- content.php page SELECT (bleeding-web.rules)
 2006456 - BLEEDING-EDGE WEB WSPortal SQL Injection Attempt -- content.php page UNION SELECT (bleeding-web.rules)
 2006457 - BLEEDING-EDGE WEB WSPortal SQL Injection Attempt -- content.php page INSERT (bleeding-web.rules)
 2006458 - BLEEDING-EDGE WEB WSPortal SQL Injection Attempt -- content.php page DELETE (bleeding-web.rules)
 2006459 - BLEEDING-EDGE WEB WSPortal SQL Injection Attempt -- content.php page ASCII (bleeding-web.rules)
 2006460 - BLEEDING-EDGE WEB WSPortal SQL Injection Attempt -- content.php page UPDATE (bleeding-web.rules)
 2006461 - BLEEDING-EDGE WEB FuseTalk SQL Injection Attempt -- index.cfm  SELECT (bleeding-web.rules)
 2006462 - BLEEDING-EDGE WEB FuseTalk SQL Injection Attempt -- index.cfm  UNION SELECT (bleeding-web.rules)
 2006463 - BLEEDING-EDGE WEB FuseTalk SQL Injection Attempt -- index.cfm  INSERT (bleeding-web.rules)
 2006464 - BLEEDING-EDGE WEB FuseTalk SQL Injection Attempt -- index.cfm  DELETE (bleeding-web.rules)
 2006465 - BLEEDING-EDGE WEB FuseTalk SQL Injection Attempt -- index.cfm  ASCII (bleeding-web.rules)
 2006466 - BLEEDING-EDGE WEB FuseTalk SQL Injection Attempt -- index.cfm  UPDATE (bleeding-web.rules)
 2006467 - BLEEDING-EDGE WEB FuseTalk SQL Injection Attempt -- autherror.cfm errorcode SELECT (bleeding-web.rules)
 2006468 - BLEEDING-EDGE WEB FuseTalk SQL Injection Attempt -- autherror.cfm errorcode UNION SELECT (bleeding-web.rules)
 2006469 - BLEEDING-EDGE WEB FuseTalk SQL Injection Attempt -- autherror.cfm errorcode INSERT (bleeding-web.rules)
 2006470 - BLEEDING-EDGE WEB FuseTalk SQL Injection Attempt -- autherror.cfm errorcode DELETE (bleeding-web.rules)
 2006471 - BLEEDING-EDGE WEB FuseTalk SQL Injection Attempt -- autherror.cfm errorcode ASCII (bleeding-web.rules)
 2006472 - BLEEDING-EDGE WEB FuseTalk SQL Injection Attempt -- autherror.cfm errorcode UPDATE (bleeding-web.rules)
 2006473 - BLEEDING-EDGE WEB LiveCMS SQL Injection Attempt -- categoria.php cid SELECT (bleeding-web.rules)
 2006474 - BLEEDING-EDGE WEB LiveCMS SQL Injection Attempt -- categoria.php cid UNION SELECT (bleeding-web.rules)
 2006475 - BLEEDING-EDGE WEB LiveCMS SQL Injection Attempt -- categoria.php cid INSERT (bleeding-web.rules)
 2006476 - BLEEDING-EDGE WEB LiveCMS SQL Injection Attempt -- categoria.php cid DELETE (bleeding-web.rules)
 2006477 - BLEEDING-EDGE WEB LiveCMS SQL Injection Attempt -- categoria.php cid ASCII (bleeding-web.rules)
 2006478 - BLEEDING-EDGE WEB LiveCMS SQL Injection Attempt -- categoria.php cid UPDATE (bleeding-web.rules)
 2006479 - BLEEDING-EDGE WEB Solar Empire SQL Injection Attempt -- game_listing.php  SELECT (bleeding-web.rules)
 2006480 - BLEEDING-EDGE WEB Solar Empire SQL Injection Attempt -- game_listing.php  UNION SELECT (bleeding-web.rules)
 2006481 - BLEEDING-EDGE WEB Solar Empire SQL Injection Attempt -- game_listing.php  INSERT (bleeding-web.rules)
 2006482 - BLEEDING-EDGE WEB Solar Empire SQL Injection Attempt -- game_listing.php  DELETE (bleeding-web.rules)
 2006484 - BLEEDING-EDGE WEB Solar Empire SQL Injection Attempt -- game_listing.php  ASCII (bleeding-web.rules)
 2006485 - BLEEDING-EDGE WEB Solar Empire SQL Injection Attempt -- game_listing.php  UPDATE (bleeding-web.rules)
 2006486 - BLEEDING-EDGE WEB Xoops SQL Injection Attempt -- print.php id SELECT (bleeding-web.rules)
 2006487 - BLEEDING-EDGE WEB Xoops SQL Injection Attempt -- print.php id UNION SELECT (bleeding-web.rules)
 2006488 - BLEEDING-EDGE WEB Xoops SQL Injection Attempt -- print.php id INSERT (bleeding-web.rules)
 2006489 - BLEEDING-EDGE WEB Xoops SQL Injection Attempt -- print.php id DELETE (bleeding-web.rules)
 2006490 - BLEEDING-EDGE WEB Xoops SQL Injection Attempt -- print.php id ASCII (bleeding-web.rules)
 2006491 - BLEEDING-EDGE WEB Xoops SQL Injection Attempt -- print.php id UPDATE (bleeding-web.rules)
 2006492 - BLEEDING-EDGE WEB Jasmine CMS SQL Injection Attempt -- login.php login_username SELECT (bleeding-web.rules)
 2006493 - BLEEDING-EDGE WEB Jasmine CMS SQL Injection Attempt -- login.php login_username UNION SELECT (bleeding-web.rules)
 2006494 - BLEEDING-EDGE WEB Jasmine CMS SQL Injection Attempt -- login.php login_username INSERT (bleeding-web.rules)
 2006495 - BLEEDING-EDGE WEB Jasmine CMS SQL Injection Attempt -- login.php login_username DELETE (bleeding-web.rules)
 2006496 - BLEEDING-EDGE WEB Jasmine CMS SQL Injection Attempt -- login.php login_username ASCII (bleeding-web.rules)
 2006497 - BLEEDING-EDGE WEB Jasmine CMS SQL Injection Attempt -- login.php login_username UPDATE (bleeding-web.rules)
 2006498 - BLEEDING-EDGE WEB Jasmine CMS SQL Injection Attempt -- news.php item SELECT (bleeding-web.rules)
 2006499 - BLEEDING-EDGE WEB Jasmine CMS SQL Injection Attempt -- news.php item UNION SELECT (bleeding-web.rules)
 2006500 - BLEEDING-EDGE WEB Jasmine CMS SQL Injection Attempt -- news.php item INSERT (bleeding-web.rules)
 2006501 - BLEEDING-EDGE WEB Jasmine CMS SQL Injection Attempt -- news.php item DELETE (bleeding-web.rules)
 2006502 - BLEEDING-EDGE WEB Jasmine CMS SQL Injection Attempt -- news.php item ASCII (bleeding-web.rules)
 2006503 - BLEEDING-EDGE WEB Jasmine CMS SQL Injection Attempt -- news.php item UPDATE (bleeding-web.rules)
 2006504 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct SELECT (bleeding-web.rules)
 2006505 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UNION SELECT (bleeding-web.rules)
 2006506 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct INSERT (bleeding-web.rules)
 2006507 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct DELETE (bleeding-web.rules)
 2006508 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct ASCII (bleeding-web.rules)
 2006509 - BLEEDING-EDGE WEB Comersus Shop Cart SQL Injection Attempt -- comersus_optReviewReadExec.asp idProduct UPDATE (bleeding-web.rules)
 2006510 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID SELECT (bleeding-web.rules)
 2006511 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UNION SELECT (bleeding-web.rules)
 2006512 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID INSERT (bleeding-web.rules)
 2006513 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID DELETE (bleeding-web.rules)
 2006514 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ASCII (bleeding-web.rules)
 2006515 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UPDATE (bleeding-web.rules)
 2006516 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID SELECT (bleeding-web.rules)
 2006517 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UNION SELECT (bleeding-web.rules)
 2006518 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID INSERT (bleeding-web.rules)
 2006519 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID DELETE (bleeding-web.rules)
 2006520 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ASCII (bleeding-web.rules)
 2006521 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UPDATE (bleeding-web.rules)
 2006522 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID SELECT (bleeding-web.rules)
 2006523 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID UNION SELECT (bleeding-web.rules)
 2006524 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID INSERT (bleeding-web.rules)
 2006525 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID DELETE (bleeding-web.rules)
 2006526 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID ASCII (bleeding-web.rules)
 2006527 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Project_ID UPDATE (bleeding-web.rules)
 2006528 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID SELECT (bleeding-web.rules)
 2006529 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID UNION SELECT (bleeding-web.rules)
 2006530 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID INSERT (bleeding-web.rules)
 2006531 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID DELETE (bleeding-web.rules)
 2006532 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID ASCII (bleeding-web.rules)
 2006533 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Client_ID UPDATE (bleeding-web.rules)
 2006534 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID SELECT (bleeding-web.rules)
 2006535 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UNION SELECT (bleeding-web.rules)
 2006536 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID INSERT (bleeding-web.rules)
 2006537 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID DELETE (bleeding-web.rules)
 2006538 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID ASCII (bleeding-web.rules)
 2006539 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Invoice_ID UPDATE (bleeding-web.rules)
 2006540 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID SELECT (bleeding-web.rules)
 2006541 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UNION SELECT (bleeding-web.rules)
 2006542 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID INSERT (bleeding-web.rules)
 2006543 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID DELETE (bleeding-web.rules)
 2006544 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID ASCII (bleeding-web.rules)
 2006545 - BLEEDING-EDGE WEB PHPAccounts SQL Injection Attempt -- index.php Vendor_ID UPDATE (bleeding-web.rules)
 2006546 - BLEEDING-EDGE SCAN LibSSH Based Frequent SSH Connections -- Likely BruteForce Attack! (bleeding-scan.rules)
 2006547 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id SELECT (bleeding-web.rules)
 2006548 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UNION SELECT (bleeding-web.rules)
 2006549 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id INSERT (bleeding-web.rules)
 2006550 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id DELETE (bleeding-web.rules)
 2006551 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id ASCII (bleeding-web.rules)
 2006552 - BLEEDING-EDGE WEB NetClassifieds Premium Edition SQL Injection Attempt -- ViewCat.php s_user_id UPDATE (bleeding-web.rules)
 2006553 - BLEEDING-EDGE MALWARE Cpushpop.com Spyware User Agent (CPUSH_UPDATER) (bleeding-malware.rules)
 2006554 - BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId SELECT (bleeding-web.rules)
 2006555 - BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId UNION SELECT (bleeding-web.rules)
 2006556 - BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId INSERT (bleeding-web.rules)
 2006557 - BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId DELETE (bleeding-web.rules)
 2006558 - BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId ASCII (bleeding-web.rules)
 2006559 - BLEEDING-EDGE WEB EasyPage SQL Injection Attempt -- default.aspx docId UPDATE (bleeding-web.rules)
 2006560 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id SELECT (bleeding-web.rules)
 2006561 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id UNION SELECT (bleeding-web.rules)
 2006562 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id INSERT (bleeding-web.rules)
 2006564 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id DELETE (bleeding-web.rules)
 2006565 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id ASCII (bleeding-web.rules)
 2006566 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- email.php id UPDATE (bleeding-web.rules)
 2006567 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no SELECT (bleeding-web.rules)
 2006568 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no UNION SELECT (bleeding-web.rules)
 2006569 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no INSERT (bleeding-web.rules)
 2006570 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no DELETE (bleeding-web.rules)
 2006571 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no ASCII (bleeding-web.rules)
 2006572 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- voirannonce.php no UPDATE (bleeding-web.rules)
 2006573 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre SELECT (bleeding-web.rules)
 2006574 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre UNION SELECT (bleeding-web.rules)
 2006575 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre INSERT (bleeding-web.rules)
 2006576 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre DELETE (bleeding-web.rules)
 2006577 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre ASCII (bleeding-web.rules)
 2006578 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- fiche_membre.php idmembre UPDATE (bleeding-web.rules)
 2006579 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce SELECT (bleeding-web.rules)
 2006580 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce UNION SELECT (bleeding-web.rules)
 2006581 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce INSERT (bleeding-web.rules)
 2006582 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce DELETE (bleeding-web.rules)
 2006583 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce ASCII (bleeding-web.rules)
 2006584 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- okvalannonce.php idannonce UPDATE (bleeding-web.rules)
 2006585 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce SELECT (bleeding-web.rules)
 2006586 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce UNION SELECT (bleeding-web.rules)
 2006587 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce INSERT (bleeding-web.rules)
 2006588 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce DELETE (bleeding-web.rules)
 2006589 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce ASCII (bleeding-web.rules)
 2006590 - BLEEDING-EDGE WEB AnnonceScriptHP SQL Injection Attempt -- changeannonce.php idannonce UPDATE (bleeding-web.rules)
 2006591 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid SELECT (bleeding-web.rules)
 2006592 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid UNION SELECT (bleeding-web.rules)
 2006593 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid INSERT (bleeding-web.rules)
 2006594 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid DELETE (bleeding-web.rules)
 2006595 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid ASCII (bleeding-web.rules)
 2006596 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid UPDATE (bleeding-web.rules)
 2006597 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass SELECT (bleeding-web.rules)
 2006598 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass UNION SELECT (bleeding-web.rules)
 2006599 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass INSERT (bleeding-web.rules)
 2006600 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass DELETE (bleeding-web.rules)
 2006601 - BLEEDING-EDGE WEB Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass ASCII (bleeding-web.rules)
 2006602 - BLEEDING