[Silicon Defense logo]

SnortSnarf start page

All Snort signatures

SnortSnarf v021111.1

Signature section (808)Top 20 source IPsTop 20 dest IPs

808 alerts found using input module SnortFileInput, with sources: Earliest alert at 14:18:17.666344 on 04/24/2020
Latest alert at 18:17:53.322491 on 04/21/2021

PrioritySignature (click for sig info)# Alerts# Sources# DestsDetail link
2SERVER-WEBAPP JBoss admin-console access [sid] [CVE]111Summary
2SERVER-WEBAPP JBoss web console access attempt [sid] [CVE]111Summary
1SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt [isc.sans.edu] [sid]111Summary
1SERVER-WEBAPP Avtech IP Camera unauthenticated config access attempt [seclists.org] [sid]111Summary
1SERVER-OTHER Java Library CommonsCollection unauthorized serialized object attempt [sid] [CVE]221Summary
1SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt [sid] [CVE]221Summary
1SERVER-WEBAPP WordPress get_post authentication bypass attempt [wordpress.org] [sid]211Summary
1SERVER-OTHER Wordpress linenity theme LFI attempt [sid] [BUGTRAQ]211Summary
1EXPLOIT-KIT Qadars exploit kit attempt [sid]311Summary
1MALWARE-CNC User-Agent known malicious user agent BOT/0.1 [www.joomlacontenteditor.net] [sid]411Summary
1SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt [sid] [BUGTRAQ]421Summary
1POLICY-OTHER Adobe ColdFusion admin interface access attempt [sid] [BUGTRAQ]411Summary
1SERVER-WEBAPP Drupal 8 remote code execution attempt [sid] [CVE]551Summary
1BLACKLIST User-Agent known malicious user agent BOT/0.1 [www.joomlacontenteditor.net] [sid]521Summary
1MALWARE-BACKDOOR JSP webshell backdoor detected [sid]721Summary
1SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt [sid] [CVE]841Summary
1SQL 1 = 1 - possible sql injection attempt [ferruh.mavituna.com] [sid]811Summary
1SERVER-APACHE Apache Tomcat remote JSP file upload attempt [sid] [BUGTRAQ]1561Summary
1SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt [seclists.org] [sid]16121Summary
1SERVER-WEBAPP vBulletin pre-authenticated command injection attempt [sid] [CVE]19131Summary
1SERVER-WEBAPP Wordpress timthumb.php webshot source attack attempt [cxsecurity.com] [sid]22191Summary
1SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt [www.pentestpartners.com] [sid]23211Summary
1SERVER-APACHE Apache Struts remote code execution attempt [sid] [CVE]32101Summary
1SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt [sid] [CVE]33231Summary
1OS-OTHER Bash CGI environment variable injection attempt [sid] [CVE]40161Summary
1SERVER-WEBAPP DrayTek multiple products command injection attempt [sid] [CVE]49321Summary
1SERVER-WEBAPP Apache Struts remote code execution attempt [sid] [CVE]9091Summary
1SERVER-WEBAPP PHPUnit PHP remote code execution attempt [sid] [CVE]124191Summary
1SERVER-ORACLE Oracle WebLogic Server remote command execution attempt [sid] [BUGTRAQ]1271201Summary
1SERVER-WEBAPP GPON Router authentication bypass and command injection attempt [sid] [CVE]1501491Summary
0ICMP traffic [sid]822Summary

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Fri Apr 23 13:01:02 2021