CVS log for snort/rules/oracle.rules

 (logo)

Help
(back) Up to [cvs] / snort / rules

Request diff between arbitrary revisions

Default branch: MAIN
Bookmark a link to: HEAD / (download)
Revision 1.21 / (view) - annotate - [select for diffs] , Thu Feb 10 01:11:04 2005 UTC (5 years, 1 month ago) by bmc
Branch: MAIN
CVS Tags: HEAD
Changes since 1.20: +0 -0 lines
Diff to previous 1.20 
a bunch of new rules.  thanks microsoft, I didn't want to sleep on my birthday.  Really.
Revision 1.20 / (view) - annotate - [select for diffs] , Wed Jan 12 15:46:11 2005 UTC (5 years, 2 months ago) by bmc
Branch: MAIN
Changes since 1.19: +254 -230 lines
Diff to previous 1.19 
a bunch of new rules.  go sourcefire.
Revision 1.19 / (view) - annotate - [select for diffs] , Wed Oct 13 20:26:07 2004 UTC (5 years, 5 months ago) by bmc
Branch: MAIN
Changes since 1.18: +239 -27 lines
Diff to previous 1.18 
tons of new rules, tons of rule updates.  oracle & nntp xpat rules are the important ones
Revision 1.17.2.2 / (view) - annotate - [select for diffs] , Wed Oct 13 20:25:57 2004 UTC (5 years, 5 months ago) by bmc
Branch: SNORT_2_3
CVS Tags: STABLE, SNORT_v2_3_0-RC2, SNORT_v2_3_0-RC1, SNORT_v2_3_0
Changes since 1.17.2.1: +239 -27 lines
Diff to previous 1.17.2.1 to branch point 1.17 to next main 1.18 
tons of new rules, tons of rule updates.  oracle & nntp xpat rules are the important ones
Revision 1.13.2.4 / (view) - annotate - [select for diffs] , Wed Oct 13 20:25:46 2004 UTC (5 years, 5 months ago) by bmc
Branch: SNORT_2_2
Changes since 1.13.2.3: +239 -27 lines
Diff to previous 1.13.2.3 to branch point 1.13 to next main 1.14 
tons of new rules, tons of rule updates.  oracle & nntp xpat rules are the important ones
Revision 1.10.2.7 / (view) - annotate - [select for diffs] , Wed Oct 13 20:25:36 2004 UTC (5 years, 5 months ago) by bmc
Branch: SNORT_2_1
Changes since 1.10.2.6: +239 -27 lines
Diff to previous 1.10.2.6 to branch point 1.10 to next main 1.11 
tons of new rules, tons of rule updates.  oracle & nntp xpat rules are the important ones
Revision 1.8.2.5 / (view) - annotate - [select for diffs] , Wed Oct 13 20:25:25 2004 UTC (5 years, 5 months ago) by bmc
Branch: SNORT_2_0
Changes since 1.8.2.4: +23 -23 lines
Diff to previous 1.8.2.4 to branch point 1.8 to next main 1.9 
tons of new rules, tons of rule updates.  oracle & nntp xpat rules are the important ones
Revision 1.18 / (view) - annotate - [select for diffs] , Wed Sep 22 14:10:15 2004 UTC (5 years, 5 months ago) by bmc
Branch: MAIN
Changes since 1.17: +79 -52 lines
Diff to previous 1.17 
more rules.  huge amount of effort from the sourcefire rules team.  go, team, go.
Revision 1.17.2.1 / (view) - annotate - [select for diffs] , Wed Sep 22 14:10:11 2004 UTC (5 years, 5 months ago) by bmc
Branch: SNORT_2_3
Changes since 1.17: +79 -52 lines
Diff to previous 1.17 
more rules.  huge amount of effort from the sourcefire rules team.  go, team, go.
Revision 1.13.2.3 / (view) - annotate - [select for diffs] , Wed Sep 22 14:10:05 2004 UTC (5 years, 5 months ago) by bmc
Branch: SNORT_2_2
Changes since 1.13.2.2: +79 -52 lines
Diff to previous 1.13.2.2 to branch point 1.13 
more rules.  huge amount of effort from the sourcefire rules team.  go, team, go.
Revision 1.10.2.6 / (view) - annotate - [select for diffs] , Wed Sep 22 14:09:59 2004 UTC (5 years, 5 months ago) by bmc
Branch: SNORT_2_1
Changes since 1.10.2.5: +79 -52 lines
Diff to previous 1.10.2.5 to branch point 1.10 
more rules.  huge amount of effort from the sourcefire rules team.  go, team, go.
Revision 1.8.2.4 / (view) - annotate - [select for diffs] , Wed Sep 22 14:09:55 2004 UTC (5 years, 5 months ago) by bmc
Branch: SNORT_2_0
Changes since 1.8.2.3: +23 -23 lines
Diff to previous 1.8.2.3 to branch point 1.8 
more rules.  huge amount of effort from the sourcefire rules team.  go, team, go.
Revision 1.10.2.5 / (view) - annotate - [select for diffs] , Tue Aug 10 13:59:23 2004 UTC (5 years, 7 months ago) by bmc
Branch: SNORT_2_1
Changes since 1.10.2.4: +57 -2 lines
Diff to previous 1.10.2.4 to branch point 1.10 
* massive sync
Revision 1.13.2.2 / (view) - annotate - [select for diffs] , Tue Aug 10 13:52:06 2004 UTC (5 years, 7 months ago) by bmc
Branch: SNORT_2_2
CVS Tags: SNORT_v2_2_0
Changes since 1.13.2.1: +79 -2 lines
Diff to previous 1.13.2.1 to branch point 1.13 
* sync sync sync
Revision 1.17 / (view) - annotate - [select for diffs] , Tue Aug 10 13:44:40 2004 UTC (5 years, 7 months ago) by bmc
Branch: MAIN
Branch point for: SNORT_2_3
Changes since 1.16: +79 -2 lines
Diff to previous 1.16 
* tons of new rules
* tons of new rule references
* tons of new rule docs
* initial documentation on preprocessor alerts (gen-sid.txt in doc/signatures)
* new build of the manual
Revision 1.10.2.4 / (view) - annotate - [select for diffs] , Fri Jul 23 20:26:27 2004 UTC (5 years, 7 months ago) by bmc
Branch: SNORT_2_1
Changes since 1.10.2.3: +2 -2 lines
Diff to previous 1.10.2.3 to branch point 1.10 
* new rules
Revision 1.13.2.1 / (view) - annotate - [select for diffs] , Fri Jul 23 20:19:25 2004 UTC (5 years, 7 months ago) by bmc
Branch: SNORT_2_2
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 
* massive sync here too
Revision 1.16 / (view) - annotate - [select for diffs] , Fri Jul 23 20:15:44 2004 UTC (5 years, 7 months ago) by bmc
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 
* sync sync sync
* go ruleteam go
Revision 1.8.2.3 / (view) - annotate - [select for diffs] , Thu Jul 15 19:14:33 2004 UTC (5 years, 8 months ago) by bmc
Branch: SNORT_2_0
Changes since 1.8.2.2: +5 -5 lines
Diff to previous 1.8.2.2 to branch point 1.8 
* massive sync from head
Revision 1.15 / (view) - annotate - [select for diffs] , Thu Jul 15 16:21:28 2004 UTC (5 years, 8 months ago) by bmc
Branch: MAIN
Changes since 1.14: +2 -1 lines
Diff to previous 1.14 
* yet another sync, lets go forward in time, not backwards...
Revision 1.14 / (view) - annotate - [select for diffs] , Wed Jul 14 21:16:09 2004 UTC (5 years, 8 months ago) by bmc
Branch: MAIN
Changes since 1.13: +1 -2 lines
Diff to previous 1.13 
* massive rule updates (go ruleteam, go)
Revision 1.10.2.3 / (view) - annotate - [select for diffs] , Wed Jun 16 15:11:07 2004 UTC (5 years, 9 months ago) by jhewlett
Branch: SNORT_2_1
Changes since 1.10.2.2: +1 -0 lines
Diff to previous 1.10.2.2 to branch point 1.10 
* Syncing changes for rules team
Revision 1.13 / (view) - annotate - [select for diffs] , Tue Jun 15 13:47:07 2004 UTC (5 years, 9 months ago) by bmc
Branch: MAIN
CVS Tags: SNORT_v2_2_0-RC1
Branch point for: SNORT_2_2
Changes since 1.12: +2 -1 lines
Diff to previous 1.12 
* lets try this *again*
Revision 1.12 / (view) - annotate - [select for diffs] , Thu Jun 3 20:11:05 2004 UTC (5 years, 9 months ago) by jhewlett
Branch: MAIN
Changes since 1.11: +5 -5 lines
Diff to previous 1.11 
* sync with sforge current
Revision 1.10.2.2 / (view) - annotate - [select for diffs] , Thu Jun 3 18:13:37 2004 UTC (5 years, 9 months ago) by jhewlett
Branch: SNORT_2_1
CVS Tags: SNORT_v2_1_3
Changes since 1.10.2.1: +5 -5 lines
Diff to previous 1.10.2.1 to branch point 1.10 
* updating 2.1.3 from sforge
Revision 1.8.2.2 / (view) - annotate - [select for diffs] , Mon Mar 22 16:26:30 2004 UTC (6 years ago) by cazz
Branch: SNORT_2_0
Changes since 1.8.2.1: +2 -2 lines
Diff to previous 1.8.2.1 to branch point 1.8 
* sync sync sync
Revision 1.10.2.1 / (view) - annotate - [select for diffs] , Mon Mar 22 16:18:34 2004 UTC (6 years ago) by cazz
Branch: SNORT_2_1
CVS Tags: SNORT_v2_1_3-RC1, SNORT_v2_1_2
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 
* sync sync sync
Revision 1.11 / (view) - annotate - [select for diffs] , Sat Mar 20 21:58:43 2004 UTC (6 years ago) by cazz
Branch: MAIN
Changes since 1.10: +3 -3 lines
Diff to previous 1.10 
* Added a ton of rules that include vulnerabilities in many high-profile
  security products, including Checkpoint & ISS gear (see below)
* provided a single high-powered rule for detecting all of the evil virus emails
* added even more docs.  (Go Nigel)

2405 || WEB-PHP phptest.php access || bugtraq,9737
2406 || TELNET APC SmartSlot default admin account attempt || bugtraq,9681
2407 || WEB-MISC util.pl access || bugtraq,9748
2408 || WEB-MISC Invision Power Board search.pl access || bugtraq,9766
2409 || POP3 APOP USER overflow attempt || bugtraq,9794
2410 || WEB-PHP IGeneric Free Shopping Cart page.php access || bugtraq,9773
2411 || WEB-MISC Real Server DESCRIBE buffer overflow attempt || url,www.service.real.com/help/faq/security/rootexploit091103.html || bugtraq,8476
2412 || ATTACK-RESPONSES successful cross site scripting forced download attempt
2413 || EXPLOIT ISAKMP delete hash with empty hash attempt || bugtraq,9416 || bugtraq,CAN-2004-0164
2414 || EXPLOIT ISAKMP initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,CAN-2004-0164
2415 || EXPLOIT ISAKMP second payload initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,CAN-2004-0164
2416 || FTP invalid MDTM command attempt
2417 || FTP format string attempt
2418 || MISC MS Terminal Server no encryption session initiation attmept || url,www.microsoft.com/technet/security/bulletin/MS01-052.asp
2419 || MULTIMEDIA realplayer .ram playlist download attempt
2420 || MULTIMEDIA realplayer .rmp playlist download attempt
2421 || MULTIMEDIA realplayer .smi playlist download attempt
2422 || MULTIMEDIA realplayer .rt playlist download attempt
2423 || MULTIMEDIA realplayer .rp playlist download attempt
2424 || NNTP sendsys overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2425 || NNTP senduuname overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2426 || NNTP version overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2427 || NNTP checkgroups overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2428 || NNTP ihave overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2429 || NNTP sendme overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2430 || NNTP newgroup overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2431 || NNTP rmgroup overflow attempt || bugtraq,9382 || cve,CAN-2004-00045
2432 || NNTP article post without path attempt
2433 || WEB-CGI MDaemon form2raw.cgi overflow attempt || bugtraq,9317
2434 || WEB-CGI MDaemon form2raw.cgi access || bugtraq,9317
2435 || WEB-CLIENT Microsoft emf metafile access || bugtraq,9707
2436 || WEB-CLIENT Microsoft wmf metafile access || bugtraq,9707
2437 || WEB-CLIENT RealPlayer arbitrary javascript command attempt || bugtraq,8453 || bugtraq,9738 || cve,CAN-2003-0726
2438 || WEB-CLIENT RealPlayer playlist file URL overflow attempt || bugtraq,9579
2439 || WEB-CLIENT RealPlayer playlist http URL overflow attempt || bugtraq,9579
2440 || WEB-CLIENT RealPlayer playlist rtsp URL overflow attempt || bugtraq,9579
2441 || WEB-MISC NetObserve authentication bypass attempt || bugtraq,9319
2442 || WEB-MISC Quicktime User-Agent buffer overflow attempt || cve,CAN-2004-0169
2443 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER first name overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html
2444 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER first name overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html
2445 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER last name overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html
2446 || EXPLOIT ICQ SRV_MULTI/SRV_META_USER email overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html
Revision 1.8.2.1 / (view) - annotate - [select for diffs] , Mon Dec 1 15:50:31 2003 UTC (6 years, 3 months ago) by cazz
Branch: SNORT_2_0
CVS Tags: version-2-0-6
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 
* another sync from CURRENT.  This includes the new netbios rules as well as an updated sid-msg.map
Revision 1.10 / (view) - annotate - [select for diffs] , Thu Nov 20 20:56:56 2003 UTC (6 years, 4 months ago) by cazz
Branch: MAIN
CVS Tags: version-2-1-0, SNORT_v2_1_1-RC1, SNORT_v2_1_1, SNORT_v2_1_0
Branch point for: SNORT_2_1
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 
* remove backticked things from message.  this tends to fsck up too many tools
Revision 1.9 / (view) - annotate - [select for diffs] , Mon Oct 20 15:03:10 2003 UTC (6 years, 5 months ago) by chrisgreen
Branch: MAIN
CVS Tags: cmg
Changes since 1.8: +1 -1 lines
Diff to previous 1.8 
* Major add/commit of 2.1 feature set...

  Will do a tag and then remove the "moved" files
Revision 1.8 / (view) - annotate - [select for diffs] , Thu Apr 17 00:35:47 2003 UTC (6 years, 11 months ago) by cazz
Branch: MAIN
CVS Tags: version-2-0-5, version-2-0-2, version-2-0-1
Branch point for: SNORT_2_0
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 
* MASSIVE sync of rules

This is the first major sync of rules since I started working for Sourcefire.

Many of these updates are a direct result of my employment at Sourcefire.  We
have time and resources to test and document rules extensively.  Many people
have contributed to these updates.  Too many to mention here.

You should continue to see awesome updates, rewrites and new rules as
Sourcefire is dedicating serious resources to the Snort project.

Even if you don't buy an appliance from Sourcefire, you should send an
email to info@sourcefire.com to let them know how much you appreciate their
dedication to making snort awesome.
Revision 1.6.2.1 / (view) - annotate - [select for diffs] , Fri Feb 7 22:04:56 2003 UTC (7 years, 1 month ago) by cazz
Branch: SNORT_1_9
CVS Tags: version-1-9-1
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 to next main 1.7 
* merge merge merge merge merge.  Happy with the merge?
Revision 1.7 / (view) - annotate - [select for diffs] , Mon Jan 27 00:33:10 2003 UTC (7 years, 1 month ago) by cazz
Branch: MAIN
CVS Tags: version-2-0-0, CMG
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 
* updated sid:1293 - reduce false positives
* updated sid:1294 - reduce false positives
* updated sid:604 - corrected references
* updated sid:1200 - added reference
* moved sid:307 - moved to more appropriate category
* moved sid:1382 - moved to more appropriate category

Thanks to:
Bob Dehnhardt
Mathew Johnston
Andrew Hintz
Jon Hart
Revision 1.6 / (view) - annotate - [select for diffs] , Sun Aug 18 20:28:43 2002 UTC (7 years, 7 months ago) by cazz
Branch: MAIN
CVS Tags: version-1-9-0
Branch point for: SNORT_1_9
Changes since 1.5: +3 -2 lines
Diff to previous 1.5 
* large update of signatures.  CVS disconnected during the last commit, so
  this is a recommit
Revision 1.5 / (view) - annotate - [select for diffs] , Fri Jun 14 22:21:15 2002 UTC (7 years, 9 months ago) by cazz
Branch: MAIN
CVS Tags: beta-1_9_0-beta6, beta-1_9_0-beta5, beta-1_9_0-beta4, beta-1_9_0-beta2
Changes since 1.4: +1 -2 lines
Diff to previous 1.4 
* deleted sid:1698 - deleted duplicate signature
* updated sid:1768 - cleaned up deleted sig
* updated sid:1801,1802,1803,1804 - cleaned up msg
Revision 1.4 / (view) - annotate - [select for diffs] , Fri Jun 7 22:35:55 2002 UTC (7 years, 9 months ago) by cazz
Branch: MAIN
Changes since 1.3: +27 -27 lines
Diff to previous 1.3 
* s/$SQL_SERVERS any/$SQL_SERVERS $ORACLE_PORTS/
Revision 1.3 / (view) - annotate - [select for diffs] , Wed May 15 12:45:33 2002 UTC (7 years, 10 months ago) by cazz
Branch: MAIN
Changes since 1.2: +27 -27 lines
Diff to previous 1.2 
woohoo.  Biggest change we've made in a while.  We've removed "flags:A+"
in favor of "flow:established".  Initial testing shows that this change
is about a 200% speed increase.

NOTE: I know that not all of the signatures have been converted.  There are
144 signatures with flags left to be looked at.  I'll commit them later today,
but this the majority of them.
Revision 1.2 / (view) - annotate - [select for diffs] , Sat May 4 00:53:25 2002 UTC (7 years, 10 months ago) by cazz
Branch: MAIN
Changes since 1.1: +4 -4 lines
Diff to previous 1.1 
* removed spaces at the end of a ton of signatures.  Since this isn't technically modifying the sig, I didn't bump the rev.  Any decent parsing program shouldn't bitch at this.
* corrected sid:1747 - corrected msg (said UDP in TCP sig)
* corrected sid:1746 - corrected msg (said TCP in UDP sig)
* corrected sid:1562 - SITE CHOWN sig should look for SITE CHOWN, not USER
* added the following sigs:
1734 || EXPERIMENTAL FTP USER overflow attempt || bugtraq,4638
1735 || EXPERIMENTAL WEB-CLIENT XMLHttpRequest attempt
1736 || EXPERIMENTAL WEB-MISC squirrelmail spellcheck arbitrary command attemp || bugtraq,3952
1737 || EXPERIMENTAL WEB-MISC squirrelmail theme arbitrary command attempt || bugtraq,4385
1738 || EXPERIMENTAL WEB-MISC global.inc access || bugtraq,4612
1739 || EXPERIMENTAL WEB-PHP DNSTools administror authentication bypass attempt || bugtraq,4617
1740 || EXPERIMENTAL WEB-PHP DNSTools authentication bypass attempt || bugtraq,4617
1741 || EXPERIMENTAL WEB-PHP DNSTools access || bugtraq,4617
1742 || EXPERIMENTAL WEB-PHP Blahz-DNS dostuff.php modify user attempt || bugtraq,4618
1743 || EXPERIMENTAL WEB-PHP Blahz-DNS dostuff.php access || bugtraq,4618
1744 || EXPERIMENTAL WEB-MISC SecureSite authentication bypass attempt || bugtraq,4621
1745 || EXPERIMENTAL WEB-PHP Messagerie supp_membre.php access || bugtraq,4635
1746 || RPC UDP cachefsd request
1747 || RPC TCP cachefsd request
1748 || EXPERIMENTAL FTP command overflow attempt
1749 || EXPERIMENTAL WEB-IIS .NET trace.axd access
1750 || EXPERIMENTAL WEB-IIS users.xml access
Revision 1.1 / (view) - annotate - [select for diffs] , Sun Apr 28 16:45:15 2002 UTC (7 years, 10 months ago) by cazz
Branch: MAIN 
FYI, the oracle signatures are based on the signatures written by
by Hank Leininger <hlein@progressive-comp.com> originally for Enterasys's
Dragon IDS.

* added sid to that didn't have em.
* moved sid:614 - now in backdoor.rules
* updated sid:1549 - corrected port
* updated sid:1550 - corrected port
* updated sid:336 - updated msg
* updated sid:615 - updated msg
* update sid:616 - updated msg
* updated sid:620 - updated msg
* updated sd:626 - corrected msg
* updated sid:634 - updated msg
* updated sid:631 - updated msg
* updated sid:632 - updated msg
* updated sid:1150 - corrected msg
* updated sid:1183 - added CVE ref
* updated sid:1196 - corrected msg

Added the following signatures:

1666 || ATTACK RESPONSES index of /cgi-bin/ response
1667 || EXPERIMENTAL cross site scripting \(img src=javascript\) attempt
1668 || EXPERIMENTAL WEB-CGI /cgi-bin/ access
1669 || EXPERIMENTAL WEB-CGI /cgi-dos/ access
1670 || EXPERIMENTAL WEB-MISC /home/ftp access
1671 || EXPERIMENTAL WEB-MISC /home/www access
1672 || FTP CWD ~<NEWLINE>  attempt || bugtraq,2601 || cve,CAN-2001-0421
1673 || ORACLE EXECUTE_SYSTEM attempt
1674 || ORACLE connect_data\(command=version\) attempt
1675 || ORACLE misparsed login response
1676 || ORACLE select union attempt
1677 || ORACLE select like '%' attempt
1678 || ORACLE select like \
1679 || ORACLE describe attempt
1680 || ORACLE all_constraints access
1681 || ORACLE all_views access
1682 || ORACLE all_source access
1683 || ORACLE all_tables access
1684 || ORACLE all_tab_columns access
1685 || ORACLE all_tab_privs access
1686 || ORACLE dba_tablespace access
1687 || ORACLE dba_tables access
1688 || ORACLE user_tablespace access
1689 || ORACLE sys.all_users access
1690 || ORACLE grant attempt
1691 || ORACLE ALTER USER attempt
1692 || ORACLE drop table attempt
1693 || ORACLE create table attempt
1694 || ORACLE alter table attempt
1695 || ORACLE truncate table attempt
1696 || ORACLE create database attempt
1697 || ORACLE alter database attempt
1698 || ORACLE execute_system attempt
1699 || P2P Fastrack (kazaa/morpheus) traffic || url,www.kazaa.com
1700 || WEB-CGI imagemap.exe access || arachnids,412 || cve,CVE-1999-0951
1701 || WEB-CGI calendar-admin.pl access || bugtraq,1215
1702 || WEB-CGI Amaya templates sendtemp.pl access || cve,CAN-2001-0272 || bugtraq,2504
1703 || WEB-CGI auktion.cgi directory traversal attempt || cve,CAN-2001-0212 || bugtraq,2367
1704 || WEB-CGI cal_make.pl directory traversal attempt || bugtraq,2663 || cve,CVE-2001-0463
1705 || WEB-CGI echo.bat arbitrary command execution attempt
1706 || WEB-CGI echo.bat access
1707 || WEB-CGI hello.bat arbitrary command execution attempt
1708 || WEB-CGI hello.bat access
1709 || WEB-CGI ad.cgi access
1710 || WEB-CGI bbs_forum.cgi access
1711 || WEB-CGI bsguest.cgi access
1712 || WEB-CGI bslist.cgi access
1713 || WEB-CGI cgforum.cgi access
1714 || WEB-CGI newdesk access
1715 || WEB-CGI register.cgi access
1716 || WEB-CGI gbook.cgi access
1717 || WEB-CGI simplestguest.cgi access
1718 || WEB-CGI statusconfig.pl access
1719 || WEB-CGI talkback.cgi directory traversal attempt
1720 || WEB-CGI talkback.cgi access
1721 || WEB-CGI adcycle access
1722 || WEB-CGI MachineInfo access
1723 || WEB-CGI emumail.cgi NULL attempt
1724 || WEB-CGI emumail.cgi access
1725 || WEB-IIS +.htr code fragment attempt || cve,CVE-2000-0630
1726 || WEB-IIS doctodep.btr access
1727 || WEB-MISC SGI InfoSearch fname access || cve,CVE-2000-0207 || arachnids,290 || bugtraq,1031
1728 || FTP CWD ~<CR><NEWLINE> attempt || bugtraq,2601 || cve,CAN-2001-0421
This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Diffs between and
Type of Diff should be a
View only Branch:
Sort log by:
snort-team@sourcefire.com