![[Silicon Defense logo]](SDlogo.gif)
|
SnortSnarf start pageAll Snort signaturesSnortSnarf v021111.1 |
| Signature section (933) | Top 20 source IPs | Top 20 dest IPs |
| Priority | Signature (click for sig info) | # Alerts | # Sources | # Dests | Detail link |
| 2 | SERVER-WEBAPP JBoss admin-console access [sid] [CVE] | 1 | 1 | 1 | Summary |
| 2 | SERVER-WEBAPP JBoss web console access attempt [sid] [CVE] | 1 | 1 | 1 | Summary |
| 1 | SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt [sid] [CVE] | 1 | 1 | 1 | Summary |
| 1 | SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt [isc.sans.edu] [sid] | 1 | 1 | 1 | Summary |
| 1 | SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt [seclists.org] [sid] | 1 | 1 | 1 | Summary |
| 1 | SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt [sid] [CVE] | 1 | 1 | 1 | Summary |
| 1 | SERVER-WEBAPP WordPress get_post authentication bypass attempt [wordpress.org] [sid] | 2 | 1 | 1 | Summary |
| 1 | SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt [sid] [CVE] | 2 | 2 | 1 | Summary |
| 1 | SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt [sid] [CVE] | 2 | 2 | 1 | Summary |
| 1 | SERVER-OTHER Wordpress linenity theme LFI attempt [sid] [BUGTRAQ] | 2 | 1 | 1 | Summary |
| 1 | EXPLOIT-KIT Qadars exploit kit attempt [sid] | 3 | 1 | 1 | Summary |
| 1 | MALWARE-CNC User-Agent known malicious user agent BOT/0.1 [www.joomlacontenteditor.net] [sid] | 4 | 1 | 1 | Summary |
| 1 | SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt [sid] [BUGTRAQ] | 4 | 2 | 1 | Summary |
| 1 | POLICY-OTHER Adobe ColdFusion admin interface access attempt [sid] [BUGTRAQ] | 4 | 1 | 1 | Summary |
| 1 | SERVER-WEBAPP Drupal 8 remote code execution attempt [sid] [CVE] | 5 | 5 | 1 | Summary |
| 1 | BLACKLIST User-Agent known malicious user agent BOT/0.1 [www.joomlacontenteditor.net] [sid] | 5 | 2 | 1 | Summary |
| 1 | MALWARE-BACKDOOR JSP webshell backdoor detected [sid] | 7 | 2 | 1 | Summary |
| 1 | SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt [sid] [CVE] | 8 | 4 | 1 | Summary |
| 1 | SQL 1 = 1 - possible sql injection attempt [ferruh.mavituna.com] [sid] | 8 | 1 | 1 | Summary |
| 1 | SERVER-APACHE Apache Tomcat remote JSP file upload attempt [sid] [BUGTRAQ] | 15 | 6 | 1 | Summary |
| 1 | SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt [seclists.org] [sid] | 16 | 12 | 1 | Summary |
| 1 | SERVER-WEBAPP vBulletin pre-authenticated command injection attempt [sid] [CVE] | 19 | 13 | 1 | Summary |
| 1 | SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt [cxsecurity.com] [sid] | 22 | 19 | 1 | Summary |
| 1 | SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt [www.pentestpartners.com] [sid] | 23 | 21 | 1 | Summary |
| 1 | SERVER-APACHE Apache Struts remote code execution attempt [sid] [CVE] | 32 | 10 | 1 | Summary |
| 1 | SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt [sid] [CVE] | 33 | 23 | 1 | Summary |
| 1 | OS-OTHER Bash CGI environment variable injection attempt [sid] [CVE] | 40 | 16 | 1 | Summary |
| 1 | SERVER-WEBAPP DrayTek multiple products command injection attempt [sid] [CVE] | 49 | 32 | 1 | Summary |
| 1 | SERVER-WEBAPP Apache Struts remote code execution attempt [sid] [CVE] | 90 | 9 | 1 | Summary |
| 1 | SERVER-ORACLE Oracle WebLogic Server remote command execution attempt [sid] [BUGTRAQ] | 132 | 121 | 1 | Summary |
| 1 | SERVER-WEBAPP PHPUnit PHP remote code execution attempt [sid] [CVE] | 152 | 24 | 1 | Summary |
| 1 | SERVER-WEBAPP GPON Router authentication bypass and command injection attempt [sid] [CVE] | 240 | 239 | 1 | Summary |
| 0 | ICMP traffic [sid] | 8 | 2 | 2 | Summary |