unified2 0.1.2 → 0.2.0

data/example/{sid-msg.map → seeds/sid-msg.map}

@@ -347,23 +347,23 @@
 465 || ICMP ISS Pinger || arachnids,158
 466 || ICMP L3retriever Ping || arachnids,311
 467 || ICMP Nemesis v1.1 Echo || arachnids,449
-469 || ICMP PING NMAP || arachnids,162
-471 || ICMP icmpenum v1.1.1 || arachnids,450
-472 || ICMP redirect host || arachnids,135 || cve,1999-0265
-473 || ICMP redirect net || arachnids,199 || cve,1999-0265
+469 || DELETED ICMP PING NMAP || arachnids,162
+471 || DELETED ICMP icmpenum v1.1.1 || arachnids,450
+472 || DELETED ICMP redirect host || arachnids,135 || cve,1999-0265
+473 || DELETED ICMP redirect net || arachnids,199 || cve,1999-0265
 474 || ICMP superscan echo
-475 || ICMP traceroute ipopts || arachnids,238
+475 || DELETED ICMP traceroute ipopts || arachnids,238
 476 || ICMP webtrends scanner || arachnids,307
-477 || ICMP Source Quench
-478 || ICMP Broadscan Smurf Scanner
+477 || DELETED ICMP Source Quench || bugtraq,13124 || cve,2004-0791
+478 || DELETED ICMP Broadscan Smurf Scanner
 480 || ICMP PING speedera
 481 || ICMP TJPingPro1.1Build 2 Windows || arachnids,167
 482 || ICMP PING WhatsupGold Windows || arachnids,168
 483 || ICMP PING CyberKit 2.2 Windows || arachnids,154
 484 || ICMP PING Sniffer Pro/NetXRay network scan
-485 || ICMP Destination Unreachable Communication Administratively Prohibited
-486 || ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited
-487 || ICMP Destination Unreachable Communication with Destination Network is Administratively Prohibited
+485 || DELETED ICMP Destination Unreachable Communication Administratively Prohibited
+486 || DELETED ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited
+487 || DELETED ICMP Destination Unreachable Communication with Destination Network is Administratively Prohibited
 488 || DELETED INFO Connection Closed MSG from Port 80
 489 || FTP no password || arachnids,322
 490 || POLICY battle-mail traffic
@@ -376,9 +376,9 @@
 497 || ATTACK-RESPONSES file copied ok || bugtraq,1806 || cve,2000-0884
 498 || ATTACK-RESPONSES id check returned root
 499 || DELETED ICMP Large ICMP Packet || arachnids,246
-500 || MISC source route lsrr || arachnids,418 || bugtraq,646 || cve,1999-0510 || cve,1999-0909 || url,www.microsoft.com/technet/security/bulletin/MS99-038.mspx
-501 || MISC source route lsrre || arachnids,420 || bugtraq,646 || cve,1999-0909 || url,www.microsoft.com/technet/security/bulletin/MS99-038.mspx
-502 || MISC source route ssrr || cve,1999-0510
+500 || DELETED MISC source route lsrr || arachnids,418 || bugtraq,646 || cve,1999-0510 || cve,1999-0909 || url,www.microsoft.com/technet/security/bulletin/MS99-038.mspx
+501 || DELETED MISC source route lsrre || arachnids,420 || bugtraq,646 || cve,1999-0909 || url,www.microsoft.com/technet/security/bulletin/MS99-038.mspx
+502 || DELETED MISC source route ssrr || cve,1999-0510
 503 || DELETED MISC Source Port 20 to <1024 || arachnids,06
 504 || DELETED MISC source port 53 to <1024 || arachnids,07
 505 || MISC Insecure TIMBUKTU Password || arachnids,229
@@ -396,11 +396,11 @@
 518 || TFTP Put || arachnids,148 || cve,1999-0183
 519 || TFTP parent directory || arachnids,137 || cve,1999-0183 || cve,2002-1209
 520 || TFTP root directory || arachnids,138 || cve,1999-0183
-521 || MISC Large UDP Packet || arachnids,247
+521 || DELETED MISC Large UDP Packet || arachnids,247
 522 || DELETED MISC Tiny Fragments
-523 || BAD-TRAFFIC ip reserved bit set
-524 || BAD-TRAFFIC tcp port 0 traffic
-525 || BAD-TRAFFIC udp port 0 traffic || bugtraq,576 || cve,1999-0675 || nessus,10074
+523 || DELETED BAD-TRAFFIC ip reserved bit set
+524 || DELETED BAD-TRAFFIC tcp port 0 traffic
+525 || DELETED BAD-TRAFFIC udp port 0 traffic || bugtraq,576 || cve,1999-0675 || nessus,10074
 526 || DELETED BAD-TRAFFIC data in TCP SYN packet || url,www.cert.org/incident_notes/IN-99-07.html
 527 || DELETED BAD-TRAFFIC same SRC/DST || bugtraq,2666 || cve,1999-0016 || url,www.cert.org/advisories/CA-1997-28.html
 528 || DELETED BAD-TRAFFIC loopback traffic || url,www.sans.org/reading_room/whitepapers/firewalls/1059.php
@@ -552,7 +552,7 @@
 677 || SQL sp_password password change
 678 || SQL sp_delete_alert log file deletion
 679 || SQL sp_adduser database user creation
-680 || SQL sa login failed || bugtraq,4797 || cve,2000-1209
+680 || DELETED SQL sa login failed || bugtraq,4797 || cve,2000-1209
 681 || SQL xp_cmdshell program execution || bugtraq,5309
 682 || DELETED SQL xp_enumresultset possible buffer overflow || bugtraq,2031 || cve,2000-1082 || url,www.microsoft.com/technet/security/bulletin/MS00-092.mspx
 683 || SQL sp_password - password change
@@ -1131,7 +1131,7 @@
 1274 || RPC portmap ttdbserv request TCP || arachnids,24 || bugtraq,122 || bugtraq,3382 || cve,1999-0003 || cve,1999-0687 || cve,1999-1075 || cve,2001-0717 || url,www.cert.org/advisories/CA-2001-05.html
 1275 || RPC portmap yppasswd request TCP || arachnids,14
 1276 || RPC portmap ypserv request TCP || arachnids,12 || bugtraq,5914 || bugtraq,6016 || cve,2000-1042 || cve,2000-1043 || cve,2002-1232
-1277 || RPC portmap ypupdated request UDP || bugtraq,1749 || cve,1999-0208
+1277 || RPC portmap ypupdated request UDP || bugtraq,1749 || bugtraq,28383 || cve,1999-0208
 1278 || DELETED RPC rstatd query || arachnids,9
 1279 || RPC portmap snmpXdmi request UDP || bugtraq,2417 || cve,2001-0236 || nessus,10659 || url,www.cert.org/advisories/CA-2001-05.html
 1280 || RPC portmap listing UDP 111 || arachnids,428
@@ -1469,13 +1469,13 @@
 1624 || FTP PWD overflow attempt
 1625 || FTP SYST overflow attempt || url,www.faqs.org/rfcs/rfc959.html
 1626 || WEB-IIS /StoreCSVS/InstantOrder.asmx request
-1627 || BAD-TRAFFIC Unassigned/Reserved IP protocol || url,www.iana.org/assignments/protocol-numbers
+1627 || DELETED BAD-TRAFFIC Unassigned/Reserved IP protocol || url,www.iana.org/assignments/protocol-numbers
 1628 || WEB-CGI FormHandler.cgi directory traversal attempt attempt || bugtraq,798 || bugtraq,799 || cve,1999-1050 || nessus,10075
 1629 || DELETED SecureNetPro traffic
 1631 || CHAT AIM login
 1632 || DELETED CHAT AIM send message
 1633 || CHAT AIM receive message
-1634 || POP3 PASS overflow attempt || bugtraq,791 || cve,1999-1511 || nessus,10325
+1634 || POP3 PASS overflow attempt || bugtraq,21645 || bugtraq,791 || cve,1999-1511 || cve,2006-6605 || nessus,10325
 1635 || POP3 APOP overflow attempt || bugtraq,1652 || cve,2000-0840 || cve,2000-0841 || nessus,10559
 1636 || MISC Xtramail Username overflow attempt || bugtraq,791 || cve,1999-1511 || nessus,10323
 1637 || WEB-CGI yabb access || arachnids,462 || bugtraq,1668 || cve,2000-0853 || nessus,10512
@@ -1575,7 +1575,7 @@
 1731 || WEB-CGI a1stats access || bugtraq,2705 || cve,2001-0561 || nessus,10669
 1732 || RPC portmap rwalld request UDP || bugtraq,205 || cve,1999-0181
 1733 || RPC portmap rwalld request TCP || bugtraq,205 || cve,1999-0181
-1734 || FTP USER overflow attempt || bugtraq,10078 || bugtraq,10720 || bugtraq,1227 || bugtraq,1504 || bugtraq,1690 || bugtraq,22044 || bugtraq,22045 || bugtraq,4638 || bugtraq,7307 || bugtraq,8376 || cve,1999-1510 || cve,1999-1514 || cve,1999-1519 || cve,1999-1539 || cve,2000-0479 || cve,2000-0656 || cve,2000-0761 || cve,2000-0943 || cve,2000-1035 || cve,2000-1194 || cve,2001-0256 || cve,2001-0794 || cve,2001-0826 || cve,2002-0126 || cve,2002-1522 || cve,2003-0271 || cve,2004-0286
+1734 || FTP USER overflow attempt || bugtraq,10078 || bugtraq,10720 || bugtraq,1227 || bugtraq,1504 || bugtraq,15352 || bugtraq,1690 || bugtraq,22044 || bugtraq,22045 || bugtraq,4638 || bugtraq,7307 || bugtraq,8376 || cve,1999-1510 || cve,1999-1514 || cve,1999-1519 || cve,1999-1539 || cve,2000-0479 || cve,2000-0656 || cve,2000-0761 || cve,2000-0943 || cve,2000-1035 || cve,2000-1194 || cve,2001-0256 || cve,2001-0794 || cve,2001-0826 || cve,2002-0126 || cve,2002-1522 || cve,2003-0271 || cve,2004-0286 || cve,2005-2123 || cve,2005-3683
 1735 || WEB-CLIENT XMLHttpRequest attempt || bugtraq,4628 || cve,2002-0354
 1736 || WEB-PHP squirrel mail spell-check arbitrary command attempt || bugtraq,3952
 1737 || WEB-PHP squirrel mail theme arbitrary command attempt || bugtraq,4385 || cve,2002-0516
@@ -1690,7 +1690,7 @@
 1862 || WEB-CGI mrtg.cgi directory traversal attempt || bugtraq,4017 || cve,2002-0232 || nessus,11001
 1864 || FTP SITE NEWER attempt || cve,1999-0880 || nessus,10319
 1865 || WEB-CGI webdist.cgi arbitrary command attempt || bugtraq,374 || cve,1999-0039 || nessus,10299
-1866 || POP3 USER overflow attempt || bugtraq,11256 || bugtraq,789 || cve,1999-0494 || nessus,10311
+1866 || POP3 USER overflow attempt || bugtraq,11256 || bugtraq,19651 || bugtraq,789 || cve,1999-0494 || cve,2006-4364 || nessus,10311
 1867 || MISC xdmcp info query || nessus,10891
 1868 || WEB-CGI story.pl arbitrary file read attempt || bugtraq,3028 || cve,2001-0804 || nessus,10817
 1869 || WEB-CGI story.pl access || bugtraq,3028 || cve,2001-0804 || nessus,10817
@@ -1765,7 +1765,7 @@
 1938 || POP3 XTND overflow attempt
 1939 || MISC bootp hardware address length overflow || cve,1999-0798
 1940 || MISC bootp invalid hardware type || cve,1999-0798
-1941 || TFTP GET filename overflow attempt || bugtraq,22923 || bugtraq,5328 || cve,2002-0813 || nessus,18264
+1941 || TFTP GET filename overflow attempt || bugtraq,22923 || bugtraq,36121 || bugtraq,5328 || cve,2002-0813 || cve,2009-2957 || nessus,18264
 1942 || FTP RMDIR overflow attempt || bugtraq,819
 1943 || WEB-MISC /Carello/add.exe access || bugtraq,1245 || cve,2000-0396 || nessus,11776
 1944 || WEB-MISC /ecscripts/ecware.exe access || bugtraq,6066
@@ -1796,11 +1796,11 @@
 1969 || WEB-MISC ion-p access || bugtraq,6091 || cve,2002-1559 || nessus,11729
 1970 || WEB-IIS MDAC Content-Type overflow attempt || bugtraq,6214 || cve,2002-1142 || nessus,11161 || url,www.foundstone.com/knowledge/randd-advisories-display.html?id=337 || url,www.microsoft.com/technet/security/bulletin/MS02-065.mspx || url,www.microsoft.com/technet/security/bulletin/MS98-004.mspx
 1971 || FTP SITE EXEC format string attempt || bugtraq,1387 || bugtraq,1505
-1972 || FTP PASS overflow attempt || bugtraq,10078 || bugtraq,10720 || bugtraq,1690 || bugtraq,22045 || bugtraq,3884 || bugtraq,8601 || bugtraq,9285 || cve,1999-1519 || cve,1999-1539 || cve,2000-1035 || cve,2002-0126 || cve,2002-0895
-1973 || FTP MKD overflow attempt || bugtraq,11772 || bugtraq,39041 || bugtraq,612 || bugtraq,7278 || bugtraq,9872 || cve,1999-0911 || cve,2009-3023 || cve,2010-0625 || nessus,12108 || url,www.kb.cert.org/vuls/id/276653 || url,www.microsoft.com/technet/security/bulletin/MS09-053
+1972 || FTP PASS overflow attempt || bugtraq,10078 || bugtraq,10720 || bugtraq,15457 || bugtraq,1690 || bugtraq,22045 || bugtraq,3884 || bugtraq,8601 || bugtraq,9285 || cve,1999-1519 || cve,1999-1539 || cve,2000-1035 || cve,2002-0126 || cve,2002-0895 || cve,2005-3683
+1973 || FTP MKD overflow attempt || bugtraq,11772 || bugtraq,15457 || bugtraq,39041 || bugtraq,612 || bugtraq,7278 || bugtraq,9872 || cve,1999-0911 || cve,2005-3683 || cve,2009-3023 || cve,2010-0625 || nessus,12108 || url,www.kb.cert.org/vuls/id/276653 || url,www.microsoft.com/technet/security/bulletin/MS09-053.mspx
 1974 || FTP REST overflow attempt || bugtraq,2972 || cve,2001-0826 || nessus,11755
-1975 || FTP DELE overflow attempt || bugtraq,2972 || cve,2001-0826 || cve,2001-1021 || nessus,11755
-1976 || FTP RMD overflow attempt || bugtraq,2972 || bugtraq,39041 || cve,2000-0133 || cve,2001-0826 || cve,2001-1021 || cve,2010-0625
+1975 || FTP DELE overflow attempt || bugtraq,15457 || bugtraq,2972 || cve,2001-0826 || cve,2001-1021 || cve,2005-3683 || nessus,11755
+1976 || FTP RMD overflow attempt || bugtraq,15457 || bugtraq,2972 || bugtraq,39041 || cve,2000-0133 || cve,2001-0826 || cve,2001-1021 || cve,2005-3683 || cve,2010-0625
 1977 || WEB-MISC xp_regwrite attempt
 1978 || WEB-MISC xp_regdeletekey attempt
 1979 || WEB-MISC perl post attempt || bugtraq,5520 || cve,2002-1436 || nessus,11158
@@ -1817,7 +1817,7 @@
 1990 || CHAT MSN user search
 1991 || CHAT MSN login attempt
 1992 || FTP LIST directory traversal attempt || bugtraq,2618 || cve,2001-0680 || cve,2002-1054 || nessus,11112
-1993 || IMAP login literal buffer overflow attempt || bugtraq,21724 || bugtraq,6298 || cve,2002-1580 || cve,2006-6424 || nessus,12532
+1993 || IMAP login literal buffer overflow attempt || bugtraq,14718 || bugtraq,21724 || bugtraq,6298 || cve,2002-1580 || cve,2005-1758 || cve,2006-6424 || nessus,12532
 1994 || WEB-CGI vpasswd.cgi access || bugtraq,6038 || nessus,11165
 1995 || WEB-CGI alya.cgi access || nessus,11118
 1996 || WEB-CGI viralator.cgi access || bugtraq,3495 || cve,2001-0849 || nessus,11107
@@ -1912,7 +1912,7 @@
 2085 || WEB-CGI parse_xml.cgi access || bugtraq,6960 || cve,2003-0054
 2086 || WEB-CGI streaming server parse_xml.cgi access || bugtraq,6960 || cve,2003-0054 || nessus,11278
 2087 || SMTP From comment overflow attempt || bugtraq,6991 || cve,2002-1337 || url,www.kb.cert.org/vuls/id/398025
-2088 || RPC ypupdated arbitrary command attempt UDP || bugtraq,1749 || cve,1999-0208
+2088 || RPC ypupdated arbitrary command attempt UDP || bugtraq,1749 || bugtraq,28383 || cve,1999-0208
 2089 || RPC ypupdated arbitrary command attempt TCP || bugtraq,1749 || cve,1999-0208
 2090 || WEB-IIS WEBDAV exploit attempt || bugtraq,7116 || bugtraq,7716 || cve,2003-0109 || nessus,11413 || url,www.microsoft.com/technet/security/bulletin/ms03-007.mspx
 2091 || WEB-IIS WEBDAV nessus safe scan attempt || bugtraq,7116 || cve,2003-0109 || nessus,11412 || nessus,11413 || url,www.microsoft.com/technet/security/bulletin/ms03-007.mspx
@@ -1926,7 +1926,7 @@
 2103 || NETBIOS SMB Trans2 OPEN2 unicode maximum param count overflow attempt || cve,2003-0201
 2104 || ATTACK-RESPONSES rexec username too long response || bugtraq,7459 || cve,2003-1097
 2105 || IMAP authenticate literal overflow attempt || bugtraq,21724 || cve,1999-0042 || cve,2006-6424 || nessus,10292
-2106 || IMAP lsub overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
+2106 || IMAP lsub overflow attempt || bugtraq,1110 || bugtraq,15006 || cve,2000-0284 || cve,2005-3155 || nessus,10374
 2107 || IMAP create buffer overflow attempt || bugtraq,7446
 2108 || POP3 CAPA overflow attempt
 2109 || POP3 TOP overflow attempt
@@ -1938,7 +1938,7 @@
 2115 || WEB-CGI album.pl access || bugtraq,7444 || nessus,11581
 2116 || WEB-CGI chipcfg.cgi access || bugtraq,2767 || cve,2001-1341 || url,archives.neohapsis.com/archives/bugtraq/2001-05/0233.html
 2117 || WEB-IIS Battleaxe Forum login.asp access || bugtraq,7416 || cve,2003-0215 || nessus,11548
-2118 || IMAP list overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
+2118 || IMAP list overflow attempt || bugtraq,1110 || bugtraq,15006 || cve,2000-0284 || cve,2005-3155 || nessus,10374
 2119 || IMAP rename literal overflow attempt || bugtraq,1110 || cve,2000-0284 || nessus,10374
 2120 || IMAP create literal buffer overflow attempt || bugtraq,7446
 2121 || POP3 DELE negative argument attempt || bugtraq,6053 || bugtraq,7445 || cve,2002-1539 || nessus,11570
@@ -2006,10 +2006,10 @@
 2183 || SMTP Content-Transfer-Encoding overflow attempt || cve,2003-0161 || url,www.cert.org/advisories/CA-2003-12.html
 2184 || RPC mountd TCP mount path overflow attempt || bugtraq,8179 || cve,2003-0252 || nessus,11800
 2185 || RPC mountd UDP mount path overflow attempt || bugtraq,8179 || cve,2003-0252 || nessus,11800
-2186 || BAD-TRAFFIC IP Proto 53 SWIPE || bugtraq,8211 || cve,2003-0567 || nessus,11791
-2187 || BAD-TRAFFIC IP Proto 55 IP Mobility || bugtraq,8211 || cve,2003-0567 || nessus,11791
-2188 || BAD-TRAFFIC IP Proto 77 Sun ND || bugtraq,8211 || cve,2003-0567 || nessus,11791
-2189 || BAD-TRAFFIC IP Proto 103 PIM || bugtraq,8211 || cve,2003-0567 || nessus,11791
+2186 || DELETED BAD-TRAFFIC IP Proto 53 SWIPE || bugtraq,8211 || cve,2003-0567 || nessus,11791
+2187 || DELETED BAD-TRAFFIC IP Proto 55 IP Mobility || bugtraq,8211 || cve,2003-0567 || nessus,11791
+2188 || DELETED BAD-TRAFFIC IP Proto 77 Sun ND || bugtraq,8211 || cve,2003-0567 || nessus,11791
+2189 || DELETED BAD-TRAFFIC IP Proto 103 PIM || bugtraq,8211 || cve,2003-0567 || nessus,11791
 2190 || NETBIOS DCERPC invalid bind attempt
 2191 || NETBIOS SMB DCERPC invalid bind attempt
 2192 || DELETED NETBIOS SMB ISystemActivator unicode alter context attempt
@@ -2098,7 +2098,7 @@
 2275 || SMTP AUTH LOGON brute force attempt
 2276 || WEB-MISC oracle portal demo access || nessus,11918
 2277 || WEB-MISC PeopleSoft PeopleBooks psdoccgi access || bugtraq,9037 || bugtraq,9038 || cve,2003-0626 || cve,2003-0627
-2278 || WEB-MISC client negative Content-Length attempt || bugtraq,17879 || bugtraq,9098 || bugtraq,9476 || bugtraq,9576 || cve,2004-0095 || cve,2006-2162
+2278 || WEB-MISC client negative Content-Length attempt || bugtraq,16354 || bugtraq,17879 || bugtraq,9098 || bugtraq,9476 || bugtraq,9576 || cve,2004-0095 || cve,2005-3653 || cve,2006-2162
 2279 || WEB-PHP UpdateClasses.php access || bugtraq,9057
 2280 || WEB-PHP Title.php access || bugtraq,9057
 2281 || WEB-PHP Setup.php access || bugtraq,9057 || cve,2009-1151
@@ -2158,7 +2158,7 @@
 2335 || FTP RMD / attempt || bugtraq,9159
 2336 || DELETED TFTP NULL command attempt || bugtraq,7575
 2337 || TFTP PUT filename overflow attempt || bugtraq,22923 || bugtraq,7819 || bugtraq,8505 || cve,2003-0380 || nessus,18264
-2338 || FTP LIST buffer overflow attempt || bugtraq,10181 || bugtraq,33454 || bugtraq,6869 || bugtraq,7251 || bugtraq,7861 || bugtraq,8486 || bugtraq,9675 || cve,1999-0349 || cve,1999-1510 || cve,2000-0129 || cve,2007-0019 || url,www.microsoft.com/technet/security/bulletin/MS99-003.mspx
+2338 || FTP LIST buffer overflow attempt || bugtraq,10181 || bugtraq,33454 || bugtraq,6869 || bugtraq,7251 || bugtraq,7861 || bugtraq,8486 || bugtraq,9675 || cve,1999-0349 || cve,1999-1510 || cve,2000-0129 || cve,2007-0019 || cve,2009-0351 || url,www.microsoft.com/technet/security/bulletin/MS99-003.mspx
 2339 || TFTP NULL command attempt || bugtraq,7575
 2340 || FTP SITE CHMOD overflow attempt || bugtraq,10181 || bugtraq,9483 || bugtraq,9675 || cve,1999-0838 || nessus,12037
 2341 || WEB-PHP DCP-Portal remote file include editor script attempt || bugtraq,6525
@@ -2169,7 +2169,7 @@
 2346 || WEB-PHP myPHPNuke chatheader.php access || bugtraq,6544
 2347 || WEB-PHP myPHPNuke partner.php access || bugtraq,6544
 2348 || DELETED NETBIOS SMB-DS DCERPC print spool bind attempt
-2349 || NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters attempt
+2349 || NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters attempt || bugtraq,21220 || cve,2006-6114
 2350 || DELETED NETBIOS SMB-DS ISystemActivator alter context attempt
 2351 || DELETED NETBIOS SMB ISystemActivator RemoteCreateInstance unicode little endian attempt || bugtraq,8205 || cve,2003-0352 || url,www.microsoft.com/technet/security/bulletin/MS03-026.asp
 2352 || DELETED NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance unicode attempt || bugtraq,8205 || cve,2003-0352 || url,www.microsoft.com/technet/security/bulletin/MS03-026.asp
@@ -2209,10 +2209,10 @@
 2386 || WEB-IIS NTLM ASN1 vulnerability scan attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12055 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx
 2387 || WEB-CGI view_broadcast.cgi access || bugtraq,8257 || cve,2003-0422
 2388 || WEB-CGI streaming server view_broadcast.cgi access || bugtraq,8257 || cve,2003-0422
-2389 || FTP RNTO overflow attempt || bugtraq,8315 || cve,2000-0133 || cve,2001-1021 || cve,2003-0466
+2389 || FTP RNTO overflow attempt || bugtraq,15457 || bugtraq,8315 || cve,2000-0133 || cve,2001-1021 || cve,2003-0466 || cve,2005-3683
 2390 || FTP STOU overflow attempt || bugtraq,8315 || cve,2003-0466
 2391 || FTP APPE overflow attempt || bugtraq,8315 || bugtraq,8542 || cve,2000-0133 || cve,2003-0466 || cve,2003-0772
-2392 || FTP RETR overflow attempt || bugtraq,23168 || bugtraq,8315 || cve,2003-0466 || cve,2004-0287 || cve,2004-0298
+2392 || FTP RETR overflow attempt || bugtraq,15457 || bugtraq,23168 || bugtraq,8315 || cve,2003-0466 || cve,2004-0287 || cve,2004-0298 || cve,2005-3683
 2393 || WEB-PHP /_admin access || bugtraq,9537 || nessus,12032
 2394 || WEB-MISC Compaq web-based management agent denial of service attempt || bugtraq,8014
 2395 || WEB-MISC InteractiveQuery.jsp access || bugtraq,8938 || cve,2003-0624
@@ -2237,7 +2237,7 @@
 2414 || EXPLOIT ISAKMP initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164
 2415 || EXPLOIT ISAKMP second payload initial contact notification without SPI attempt || bugtraq,9416 || bugtraq,9417 || cve,2004-0164
 2416 || FTP invalid MDTM command attempt || bugtraq,9751 || cve,2001-1021 || cve,2004-0330
-2417 || FTP format string attempt || bugtraq,9800 || cve,2002-2074
+2417 || FTP format string attempt || bugtraq,15352 || bugtraq,30993 || bugtraq,9800 || cve,2002-2074 || cve,2005-2123
 2418 || MISC MS Terminal Server no encryption session initiation attempt || url,www.microsoft.com/technet/security/bulletin/MS01-052.mspx
 2419 || MULTIMEDIA realplayer .ram playlist download attempt
 2420 || MULTIMEDIA realplayer .rmp playlist download attempt
@@ -2255,12 +2255,12 @@
 2432 || NNTP article post without path attempt
 2433 || WEB-CGI MDaemon form2raw.cgi overflow attempt || bugtraq,9317 || cve,2003-1200 || url,secunia.com/advisories/10512/
 2434 || WEB-CGI MDaemon form2raw.cgi access || bugtraq,9317 || cve,2003-1200 || url,secunia.com/advisories/10512/
-2435 || WEB-CLIENT Microsoft emf metafile access || bugtraq,10120 || bugtraq,9707 || cve,2003-0906 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || url,www.microsoft.com/technet/security/bulletin/MS04-032.mspx || url,www.microsoft.com/technet/security/bulletin/MS05-053.mspx || url,www.microsoft.com/technet/security/bulletin/MS06-001.mspx
+2435 || WEB-CLIENT Microsoft emf metafile access || bugtraq,10120 || bugtraq,28819 || bugtraq,9707 || cve,2003-0906 || cve,2007-5746 || url,www.microsoft.com/technet/security/bulletin/MS04-011.mspx || url,www.microsoft.com/technet/security/bulletin/MS04-032.mspx || url,www.microsoft.com/technet/security/bulletin/MS05-053.mspx || url,www.microsoft.com/technet/security/bulletin/MS06-001.mspx
 2436 || WEB-CLIENT Microsoft wmf metafile access
 2437 || DELETED WEB-CLIENT RealPlayer arbitrary javascript commnad attempt || bugtraq,8453 || bugtraq,9378 || cve,2003-0726
-2438 || WEB-CLIENT RealPlayer playlist file URL overflow attempt || bugtraq,9579 || cve,2004-0258
-2439 || WEB-CLIENT RealPlayer playlist http URL overflow attempt || bugtraq,9579 || cve,2004-0258
-2440 || WEB-CLIENT RealPlayer playlist rtsp URL overflow attempt || bugtraq,9579 || cve,2004-0258
+2438 || WEB-CLIENT RealPlayer playlist file URL overflow attempt || bugtraq,13264 || bugtraq,9579 || cve,2004-0258 || cve,2005-0755
+2439 || WEB-CLIENT RealPlayer playlist http URL overflow attempt || bugtraq,13264 || bugtraq,9579 || cve,2004-0258 || cve,2005-0755
+2440 || WEB-CLIENT RealPlayer playlist rtsp URL overflow attempt || bugtraq,13264 || bugtraq,9579 || cve,2004-0258 || cve,2005-0755
 2441 || WEB-MISC NetObserve authentication bypass attempt || bugtraq,9319
 2442 || WEB-MISC Quicktime User-Agent buffer overflow attempt || bugtraq,9735 || cve,2004-0169
 2443 || DELETED EXPLOIT ICQ SRV_MULTI/SRV_META_USER first name overflow attempt || url,www.eeye.com/html/Research/Advisories/AD20040318.html
@@ -2390,7 +2390,7 @@
 2567 || WEB-CGI Emumail init.emu access || bugtraq,9861 || nessus,12095
 2568 || WEB-CGI Emumail emumail.fcgi access || bugtraq,9861 || nessus,12095
 2569 || WEB-MISC cPanel resetpass access || bugtraq,9848 || cve,2004-1769
-2570 || WEB-MISC Invalid HTTP Version String || bugtraq,9809 || nessus,11593
+2570 || WEB-MISC Invalid HTTP Version String || bugtraq,34240 || bugtraq,9809 || cve,2009-0478 || nessus,11593
 2571 || WEB-IIS SmarterTools SmarterMail frmGetAttachment.aspx access || bugtraq,9805
 2572 || WEB-IIS SmarterTools SmarterMail login.aspx buffer overflow attempt || bugtraq,9805
 2573 || WEB-IIS SmarterTools SmarterMail frmCompose.asp access || bugtraq,9805
@@ -2431,7 +2431,7 @@
 2608 || ORACLE sysdbms_repcat_rgt.check_ddl_text buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
 2609 || ORACLE dbms_repcat.cancel_statistics buffer overflow attempt
 2610 || DELETED ORACLE cancel_statistics ordered sname/oname buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck633.html
-2611 || ORACLE LINK metadata buffer overflow attempt || bugtraq,7453 || cve,2003-0222 || nessus,11563 || url,archives.neohapsis.com/archives/bugtraq/2003-04/0360.html
+2611 || ORACLE LINK metadata buffer overflow attempt || bugtraq,12296 || bugtraq,7453 || cve,2003-0222 || cve,2005-0297 || nessus,11563 || url,archives.neohapsis.com/archives/bugtraq/2003-04/0360.html
 2612 || ORACLE sys.dbms_repcat_auth.revoke_surrogate_repcat buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
 2613 || DELETED ORACLE revoke_surrogate_repcat ordered userid buffer overflow attempt || url,www.appsecinc.com/Policy/PolicyCheck97.html
 2614 || ORACLE time_zone buffer overflow attempt || bugtraq,9587 || cve,2003-1208 || nessus,12047 || url,www.nextgenss.com/advisories/ora_time_zone.txt
@@ -2826,7 +2826,7 @@
 3004 || NETBIOS SMB-DS Session Setup NTMLSSP andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx
 3005 || NETBIOS SMB-DS Session Setup NTMLSSP unicode andx asn1 overflow attempt || bugtraq,9633 || bugtraq,9635 || cve,2003-0818 || nessus,12052 || nessus,12065 || url,www.microsoft.com/technet/security/bulletin/MS04-007.mspx
 3006 || EXPLOIT Volition Freespace 2 buffer overflow attempt || bugtraq,9785
-3007 || IMAP delete overflow attempt || bugtraq,11675 || cve,2004-1520 || nessus,15771
+3007 || IMAP delete overflow attempt || bugtraq,11675 || bugtraq,15006 || cve,2004-1520 || cve,2005-3155 || nessus,15771
 3008 || IMAP delete literal overflow attempt || bugtraq,11675 || cve,2004-1520 || nessus,15771
 3009 || BACKDOOR NetBus Pro 2.0 connection request
 3010 || BACKDOOR RUX the Tick get windows directory attempt
@@ -2887,13 +2887,13 @@
 3065 || IMAP append literal overflow attempt || bugtraq,11775 || cve,2004-1211 || nessus,15867
 3066 || IMAP append overflow attempt || bugtraq,11775 || bugtraq,21729 || cve,2004-1211 || cve,2006-6425 || nessus,15867
 3067 || IMAP examine literal overflow attempt || bugtraq,11775 || cve,2004-1211 || nessus,15867
-3068 || IMAP examine overflow attempt || bugtraq,11775 || cve,2004-1211 || nessus,15867
+3068 || IMAP examine overflow attempt || bugtraq,11775 || bugtraq,15006 || cve,2004-1211 || cve,2005-3155 || nessus,15867
 3069 || IMAP fetch literal overflow attempt || bugtraq,11775 || cve,2004-1211 || nessus,15867
 3070 || IMAP fetch overflow attempt || bugtraq,11775 || cve,2004-1211 || nessus,15867
 3071 || IMAP status literal overflow attempt || bugtraq,11775 || bugtraq,15491 || cve,2004-1211 || nessus,15867
-3072 || IMAP status overflow attempt || bugtraq,11775 || bugtraq,13727 || bugtraq,14243 || bugtraq,15491 || cve,2004-1211 || cve,2005-1256 || cve,2005-2278 || nessus,15867
+3072 || IMAP status overflow attempt || bugtraq,11775 || bugtraq,13727 || bugtraq,14243 || bugtraq,15491 || cve,2004-1211 || cve,2005-1256 || cve,2005-2278 || cve,2005-3314 || nessus,15867
 3073 || IMAP SUBSCRIBE literal overflow attempt || bugtraq,11775 || bugtraq,15488 || bugtraq,23050 || bugtraq,26219 || cve,2004-1211 || cve,2005-3189 || cve,2007-3510 || nessus,15867
-3074 || IMAP SUBSCRIBE overflow attempt || bugtraq,11775 || bugtraq,15488 || bugtraq,23050 || bugtraq,26219 || cve,2004-1211 || cve,2005-3189 || cve,2007-3510 || nessus,15867
+3074 || IMAP SUBSCRIBE overflow attempt || bugtraq,11775 || bugtraq,15488 || bugtraq,23050 || bugtraq,26219 || cve,2004-1211 || cve,2005-3189 || cve,2007-1579 || cve,2007-3510 || nessus,15867
 3075 || IMAP unsubscribe literal overflow attempt || bugtraq,11775 || cve,2004-1211 || nessus,15867
 3076 || IMAP UNSUBSCRIBE overflow attempt || bugtraq,11775 || bugtraq,15488 || cve,2004-1211 || cve,2005-3189 || nessus,15867
 3077 || FTP RNFR overflow attempt || bugtraq,14339
@@ -3236,7 +3236,7 @@
 3514 || ORACLE utl_file.fopen directory traversal attempt || bugtraq,12749
 3515 || ORACLE utl_file.fremove directory traversal attempt || bugtraq,12749
 3516 || ORACLE utl_file.frename directory traversal attempt || bugtraq,12749
-3517 || EXPLOIT Computer Associates license PUTOLF overflow attempt || bugtraq,12705 || cve,2005-0581
+3517 || EXPLOIT Computer Associates license PUTOLF overflow attempt || bugtraq,12705 || cve,2005-0582
 3518 || WEB-MISC MySQL MaxDB WebSQL wppassword buffer overflow || bugtraq,12265 || cve,2005-0111 || url,www.osvdb.org/displayvuln.php?osvdb_id=12919
 3519 || WEB-MISC MySQL MaxDB WebSQL wppassword buffer overflow default port || bugtraq,12265 || cve,2005-0111 || url,www.osvdb.org/displayvuln.php?osvdb_id=12919
 3520 || EXPLOIT Computer Associates license GCR NETWORK overflow attempt || bugtraq,12705 || cve,2005-0581
@@ -3398,14 +3398,14 @@
 3676 || WEB-MISC newsscript.pl admin attempt || bugtraq,12761 || cve,2005-0735 || nessus,17309
 3677 || EXPLOIT Ethereal SIP UDP CSeq overflow attempt || bugtraq,13504 || cve,2005-1461 || nessus,18986 || url,www.ethereal.com/news/item_20050504_01.html
 3678 || EXPLOIT Ethereal SIP UDP CSeq overflow attempt || bugtraq,13504 || cve,2005-1461 || nessus,18986 || url,www.ethereal.com/news/item_20050504_01.html
-3679 || WEB-CLIENT Firefox IFRAME src javascript code execution || bugtraq,13544 || cve,2005-1476 || nessus,18243
+3679 || WEB-CLIENT Web-client IFRAME src javascript code execution || bugtraq,13544 || bugtraq,30560 || cve,2005-1476 || cve,2008-2939 || nessus,18243
 3680 || P2P AOL Instant Messenger file send attempt
 3681 || P2P AOL Instant Messenger file receive attempt
 3682 || SMTP spoofed MIME-Type auto-execution attempt || bugtraq,2524 || cve,2001-0154 || url,www.microsoft.com/technet/security/bulletin/MS01-020.mspx
 3683 || WEB-CLIENT spoofed MIME-Type auto-execution attempt || bugtraq,2524 || cve,2001-0154 || url,www.microsoft.com/technet/security/bulletin/MS01-020.mspx
 3684 || DELETED WEB-CLIENT Bitmap Transfer
 3685 || WEB-CLIENT bitmap BitmapOffset multipacket integer overflow attempt || bugtraq,9663 || cve,2004-0566 || url,www.microsoft.com/technet/security/bulletin/ms04-025.mspx
-3686 || WEB-CLIENT Microsoft Internet Explorer Content Advisor attempted overflow || bugtraq,13117 || cve,2005-0555 || nessus,10861 || url,www.microsoft.com/technet/security/bulletin/ms05-020.mspx
+3686 || WEB-CLIENT Microsoft Internet Explorer Content Advisor memory corruption attempt || cve,2005-0555 || url,www.microsoft.com/technet/security/Bulletin/MS05-020.mspx
 3687 || TELNET client ENV OPT USERVAR information disclosure || bugtraq,13940 || cve,2005-1205 || url,www.microsoft.com/technet/Security/bulletin/ms05-033.mspx
 3688 || TELNET client ENV OPT VAR information disclosure || bugtraq,13940 || cve,2005-1205 || url,www.microsoft.com/technet/Security/bulletin/ms05-033.mspx
 3689 || WEB-CLIENT Internet Explorer tRNS overflow attempt || bugtraq,13941 || cve,2005-1211 || nessus,18490 || url,www.microsoft.com/technet/security/bulletin/MS05-025.mspx
@@ -3413,7 +3413,7 @@
 3691 || CHAT Yahoo Messenger Message
 3692 || CHAT Yahoo Messenger File Transfer Initiation Request
 3693 || WEB-MISC IBM WebSphere j_security_check overflow attempt || bugtraq,13853 || cve,2005-1872
-3694 || WEB-MISC Squid content length cache poisoning attempt || bugtraq,12412 || cve,2005-0174
+3694 || WEB-MISC Squid content length cache poisoning attempt || bugtraq,12412 || bugtraq,13956 || cve,2005-0174 || cve,2005-1215
 3695 || EXPLOIT Veritas Backup Agent password overflow attempt || cve,2005-0773
 3696 || EXPLOIT Veritas Backup Agent DoS attempt || bugtraq,14201 || cve,2005-0772
 3697 || NETBIOS DCERPC NCACN-IP-TCP veritas bind attempt || bugtraq,14020 || cve,2005-0771 || url,www.idefense.com/application/poi/display?id=269&type=vulnerabilities
@@ -3537,7 +3537,7 @@
 3815 || SMTP eXchange POP3 mail server overflow attempt || bugtraq,10180 || cve,2004-1945
 3816 || WEB-MISC BadBlue ext.dll buffer overflow attempt || bugtraq,12673 || cve,2005-0595
 3817 || TFTP GET transfer mode overflow attempt || bugtraq,13821 || cve,2005-1812
-3818 || TFTP PUT transfer mode overflow attempt || bugtraq,13821 || cve,2005-1812
+3818 || TFTP PUT transfer mode overflow attempt || bugtraq,13821 || bugtraq,21301 || cve,2005-1812 || cve,2006-6183
 3819 || WEB-CLIENT multipacket CHM file transfer start
 3820 || WEB-CLIENT multipacket CHM file transfer attempt || bugtraq,13953 || cve,2005-1208 || nessus,18482 || url,www.microsoft.com/technet/security/bulletin/ms05-026.mspx
 3821 || WEB-CLIENT CHM file transfer attempt || bugtraq,13953 || cve,2005-1208 || nessus,18482 || url,www.microsoft.com/technet/security/bulletin/ms05-026.mspx
@@ -3845,7 +3845,7 @@
 4123 || DELETED NETBIOS SMB-DS v4 umpnpmgr PNP_DetectResourceConflict unicode little endian andx attempt || bugtraq,14513 || cve,2005-1983 || url,www.microsoft.com/technet/security/bulletin/ms05-039.mspx
 4124 || DELETED NETBIOS SMB-DS v4 umpnpmgr PNP_DetectResourceConflict unicode little endian attempt || bugtraq,14513 || cve,2005-1983 || url,www.microsoft.com/technet/security/bulletin/ms05-039.mspx
 4125 || DELETED NETBIOS-DG SMB v4 umpnpmgr PNP_DetectResourceConflict unicode little endian andx attempt || url,www.microsoft.com/technet/security/bulletin/ms05-039.mspx
-4126 || EXPLOIT Veritas Backup Exec root connection attempt using default password hash || bugtraq,14551
+4126 || EXPLOIT Veritas Backup Exec root connection attempt using default password hash || bugtraq,14551 || cve,2005-2611
 4127 || EXPLOIT Novell eDirectory Server iMonitor overflow attempt || bugtraq,14548 || cve,2005-2551
 4128 || WEB-CGI 4DWebstar ShellExample.cgi information disclosure || bugtraq,10721 || url,www.atstake.com/research/advisories/2004/a071304-1.txt
 4129 || EXPLOIT Novell ZenWorks Remote Management Agent large login packet DoS attempt || bugtraq,13678 || cve,2005-1543
@@ -3858,7 +3858,7 @@
 4136 || WEB-CLIENT IE JPEG heap overflow multipacket attempt || bugtraq,14282 || bugtraq,14284 || cve,2005-1988 || url,www.microsoft.com/technet/security/bulletin/MS05-038.mspx
 4140 || DOS tcpdump tcp LDP print zero length message denial of service attempt || bugtraq,13389 || cve,2005-1279 || url,www.frsirt.com/english/advisories/2005/0410
 4141 || DOS tcpdump udp LDP print zero length message denial of service attempt || bugtraq,13389 || cve,2005-1279 || url,www.frsirt.com/english/advisories/2005/0410
-4142 || ORACLE reports servlet command execution attempt || url,www.red-database-security.com/advisory/oracle_forms_run_any_os_command.html || url,www.red-database-security.com/advisory/oracle_reports_run_any_os_command.html
+4142 || ORACLE reports servlet command execution attempt || bugtraq,14316 || cve,2005-2371 || url,www.red-database-security.com/advisory/oracle_forms_run_any_os_command.html || url,www.red-database-security.com/advisory/oracle_reports_run_any_os_command.html
 4143 || EXPLOIT lpd receive printer job cascade adaptor protocol request
 4144 || EXPLOIT lpd Solaris control file upload attempt
 4145 || WEB-ACTIVEX Windows Trouble Shooter ActiveX Object Access || bugtraq,8833 || cve,2003-0662 || url,www.microsoft.com/technet/security/bulletin/MS03-042.mspx
@@ -3886,7 +3886,7 @@
 4167 || WEB-ACTIVEX MSN Heartbeat ActiveX clsid access || bugtraq,11367 || url,www.microsoft.com/technet/security/bulletin/MS04-038.mspx || url,www.microsoft.com/technet/security/bulletin/MS07-069.mspx
 4168 || WEB-ACTIVEX Shell Automation Service ActiveX Object Access || bugtraq,9335
 4169 || WEB-ACTIVEX Internet Explorer Active Setup ActiveX Object Access || bugtraq,667 || url,www.microsoft.com/technet/security/bulletin/MS99-037.mspx
-4170 || WEB-ACTIVEX Office 2000 and 2002 Web Components Data Source Control ActiveX clsid access || bugtraq,4449 || cve,2002-0727 || cve,2007-1201 || url,www.microsoft.com/technet/security/Bulletin/MS08-017.mspx || url,www.microsoft.com/technet/security/bulletin/MS02-044.mspx
+4170 || WEB-ACTIVEX Office 2000 and 2002 Web Components Data Source Control ActiveX clsid access || bugtraq,28136 || bugtraq,4449 || cve,2002-0727 || cve,2007-1201 || url,www.microsoft.com/technet/security/Bulletin/MS08-017.mspx || url,www.microsoft.com/technet/security/bulletin/MS02-044.mspx
 4171 || WEB-ACTIVEX Registration Wizard ActiveX Object Access || bugtraq,671 || url,www.microsoft.com/technet/security/bulletin/MS99-037.mspx
 4172 || WEB-ACTIVEX Microsoft Agent v1.5 ActiveX clsid access || cve,2005-1214 || cve,2006-3445 || cve,2007-1205 || url,www.microsoft.com/technet/security/bulletin/MS05-032.mspx || url,www.microsoft.com/technet/security/bulletin/MS06-068.mspx || url,www.microsoft.com/technet/security/bulletin/MS07-020.mspx
 4173 || WEB-ACTIVEX MsnPUpld ActiveX Object Access || url,www.microsoft.com/technet/security/bulletin/MS05-025.mspx
@@ -4392,8 +4392,8 @@
 4673 || NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode DACL overflow attempt || cve,2004-1154
 4674 || NETBIOS-DG SMB NT Trans NT SET SECURITY DESC unicode andx DACL overflow attempt || cve,2004-1154
 4675 || WEB-CLIENT Macromedia swf DOACTION tag overflow attempt || url,www.macromedia.com/devnet/security/security_zone/mpsb05-07.html
-4676 || ORACLE enterprise manager application server control POST parameter overflow attempt || bugtraq,15146 || url,www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
-4677 || ORACLE enterprise manager application server control GET parameter overflow attempt || bugtraq,15146 || url,www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
+4676 || ORACLE Enterprise Manager Application Server Control POST Parameter Overflow Attempt || bugtraq,15146 || url,www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
+4677 || ORACLE Enterprise Manager Application Server Control GET Parameter Overflow Attempt || bugtraq,15146 || url,www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
 4678 || WEB-CLIENT quicktime movie file transfer
 4679 || WEB-CLIENT quicktime movie file component name integer overflow multipacket attempt || bugtraq,15308 || cve,2005-2754 || url,docs.info.apple.com/article.html?artnum=302772
 4680 || WEB-CLIENT quicktime movie file component name integer overflow attempt || bugtraq,15308 || cve,2005-2754 || url,docs.info.apple.com/article.html?artnum=302772
@@ -5420,8 +5420,8 @@
 5701 || IMAP status directory traversal attempt || bugtraq,15488 || cve,2005-3189
 5702 || IMAP SUBSCRIBE directory traversal attempt || bugtraq,11775 || bugtraq,15488 || bugtraq,23050 || bugtraq,26219 || cve,2004-1211 || cve,2005-3189 || cve,2007-3510 || nessus,15867
 5703 || IMAP unsubscribe directory traversal attempt || bugtraq,15488 || cve,2005-3189
-5704 || IMAP SELECT overflow attempt || bugtraq,15006 || cve,2006-1255
-5705 || IMAP CAPABILITY overflow attempt || bugtraq,15006
+5704 || IMAP SELECT overflow attempt || bugtraq,15006 || cve,2005-3155 || cve,2006-1255
+5705 || IMAP CAPABILITY overflow attempt || bugtraq,15006 || cve,2005-3155
 5706 || POLICY Namazu incoming namazu.cgi access || url,www.namazu.org/doc/manual.html
 5707 || POLICY Namazu outbound namazu.cgi access || url,www.namazu.org/doc/manual.html
 5708 || POLICY HTML File upload attempt || url,www.faqs.org/rfcs/rfc1867.html
@@ -6718,8 +6718,8 @@
 6999 || DELETED NETBIOS SMB rras RasRpcSetUserPreferences WriteAndX little endian andx callback number overflow attempt || bugtraq,18358 || cve,2006-2371 || url,www.microsoft.com/technet/security/bulletin/MS06-025.mspx
 7000 || DELETED NETBIOS SMB-DS rras RasRpcSetUserPreferences WriteAndX unicode little endian andx callback number overflow attempt || bugtraq,18358 || cve,2006-2371 || url,www.microsoft.com/technet/security/bulletin/MS06-025.mspx
 7001 || DELETED NETBIOS SMB v4 rras RasRpcSetUserPreferences WriteAndX andx callback number overflow attempt || bugtraq,18358 || cve,2006-2371 || url,www.microsoft.com/technet/security/bulletin/MS06-025.mspx
-7002 || WEB-CLIENT excel url unicode overflow attempt || bugtraq,18422 || bugtraq,18500 || cve,2006-3059 || url,www.microsoft.com/technet/security/bulletin/ms06-037.mspx
-7003 || WEB-ACTIVEX ADODB.Recordset ActiveX function call access || url,osvdb.org/26834
+7002 || WEB-CLIENT excel url unicode overflow attempt || bugtraq,18422 || bugtraq,18500 || cve,2006-3059 || cve,2006-3086 || url,www.microsoft.com/technet/security/bulletin/ms06-037.mspx
+7003 || WEB-ACTIVEX ADODB.Recordset ActiveX function call access || bugtraq,20704 || cve,2006-5559 || url,osvdb.org/26834
 7004 || WEB-ACTIVEX Internet.HHCtrl.1 ActiveX function call access || bugtraq,18769 || cve,2006-3357 || url,osvdb.org/26835 || url,www.microsoft.com/technet/security/bulletin/ms06-046.mspx
 7005 || WEB-ACTIVEX OutlookExpress.AddressBook ActiveX function call access
 7006 || WEB-ACTIVEX ASControls.InstallEngineCtl ActiveX function call access
@@ -6735,9 +6735,9 @@
 7016 || WEB-ACTIVEX Object.Microsoft.DXTFilter ActiveX function call access || bugtraq,18903 || cve,2006-3512
 7017 || WEB-ACTIVEX RDS.DataControl ActiveX function call access || bugtraq,18900 || cve,2006-3510
 7018 || WEB-ACTIVEX Sysmon ActiveX function call access
-7020 || WEB-CLIENT isComponentInstalled function buffer overflow || bugtraq,16870
+7020 || WEB-CLIENT isComponentInstalled function buffer overflow || bugtraq,16870 || cve,2006-1016
 7021 || DOS linux kernel SCTP chunkless packet denial of service attempt || bugtraq,18755 || cve,2006-2934
-7022 || WEB-CLIENT windows explorer invalid url file overflow attempt || bugtraq,18838
+7022 || WEB-CLIENT windows explorer invalid url file overflow attempt || bugtraq,18838 || cve,2006-3351
 7023 || DELETED WEB-CLIENT xls file download || url,sc.openoffice.org/excelfileformat.pdf
 7024 || WEB-CLIENT excel style handling overflow attempt || bugtraq,18872 || cve,2006-3431 || url,www.microsoft.com/technet/security/bulletin/ms06-059.mspx
 7025 || WEB-CLIENT excel url unicode overflow attempt || bugtraq,18583 || cve,2006-3014 || url,www.microsoft.com/technet/security/bulletin/ms06-069.mspx
@@ -6913,7 +6913,7 @@
 7195 || SPYWARE-PUT Hijacker shopprreports runtime detection - track/upgrade/report activities || url,vil.mcafeesecurity.com/vil/content/v_133312.htm
 7197 || WEB-CLIENT excel MSO.DLL malformed string parsing single byte buffer over attempt || bugtraq,17252 || cve,2006-1540 || url,www.microsoft.com/technet/security/bulletin/ms06-038.mspx
 7198 || WEB-CLIENT excel MSO.DLL malformed string parsing multi byte buffer over attempt || bugtraq,17252 || cve,2006-1540 || url,www.microsoft.com/technet/security/bulletin/ms06-038.mspx
-7199 || WEB-CLIENT excel label record overflow attempt || cve,2006-1309 || url,www.microsoft.com/technet/security/bulletin/ms06-037.mspx
+7199 || WEB-CLIENT excel label record overflow attempt || bugtraq,28166 || cve,2006-1309 || cve,2008-0114 || url,www.microsoft.com/technet/security/bulletin/ms06-037.mspx
 7200 || WEB-CLIENT microsoft word document summary information null string overflow attempt || cve,2006-1540 || url,www.microsoft.com/technet/security/bulletin/ms06-038.mspx
 7201 || WEB-CLIENT microsoft word summary information null string overflow attempt || cve,2006-1540 || url,www.microsoft.com/technet/security/bulletin/ms06-038.mspx
 7202 || WEB-CLIENT microsoft word document summary information string overflow attempt || cve,2006-1540 || url,www.microsoft.com/technet/security/bulletin/ms06-038.mspx
@@ -7149,8 +7149,8 @@
 7432 || WEB-ACTIVEX DirectFrame.DirectControl.1 ActiveX CLSID unicode access || cve,2006-3638 || url,www.microsoft.com/technet/security/bulletin/MS06-042.mspx
 7433 || WEB-ACTIVEX DirectX Transform Wrapper Property Page ActiveX CLSID access || cve,2006-3638 || url,www.microsoft.com/technet/security/bulletin/MS06-042.mspx
 7434 || WEB-ACTIVEX DirectX Transform Wrapper Property Page ActiveX CLSID unicode access || cve,2006-3638 || url,www.microsoft.com/technet/security/bulletin/MS06-042.mspx
-7435 || WEB-ACTIVEX Dynamic Casts ActiveX CLSID access || cve,2006-3638 || url,www.microsoft.com/technet/security/bulletin/MS06-042.mspx
-7436 || WEB-ACTIVEX Dynamic Casts ActiveX CLSID unicode access || cve,2006-3638 || url,www.microsoft.com/technet/security/bulletin/MS06-042.mspx
+7435 || WEB-ACTIVEX Dynamic Casts ActiveX clsid access || cve,2006-3638 || url,www.microsoft.com/technet/security/bulletin/MS06-042.mspx
+7436 || WEB-ACTIVEX Dynamic Casts ActiveX function call || cve,2006-3638 || url,www.microsoft.com/technet/security/bulletin/MS06-042.mspx
 7437 || WEB-ACTIVEX Frame Eater ActiveX CLSID access || cve,2006-3638 || url,www.microsoft.com/technet/security/bulletin/MS06-042.mspx
 7438 || WEB-ACTIVEX Frame Eater ActiveX CLSID unicode access || cve,2006-3638 || url,www.microsoft.com/technet/security/bulletin/MS06-042.mspx
 7439 || WEB-ACTIVEX HTML Help ActiveX clsid access || cve,2006-3357 || cve,2007-0214 || url,www.microsoft.com/technet/security/bulletin/MS06-046.mspx || url,www.microsoft.com/technet/security/bulletin/MS07-008.mspx
@@ -7216,8 +7216,8 @@
 7499 || WEB-ACTIVEX WM TV Out Smooth Picture Filter ActiveX CLSID unicode access || cve,2006-3638 || url,www.microsoft.com/technet/security/bulletin/MS06-042.mspx
 7500 || WEB-ACTIVEX WM VIH2 Fix ActiveX CLSID access || cve,2006-3638 || url,www.microsoft.com/technet/security/bulletin/MS06-042.mspx
 7501 || WEB-ACTIVEX WM VIH2 Fix ActiveX CLSID unicode access || cve,2006-3638 || url,www.microsoft.com/technet/security/bulletin/MS06-042.mspx
-7502 || WEB-ACTIVEX tsuserex.ADsTSUserEx.1 ActiveX CLSID access || url,www.xsec.org/index.php?module=Releases&act=view&type=1&id=14
-7503 || WEB-ACTIVEX tsuserex.ADsTSUserEx.1 ActiveX CLSID unicode access || url,www.xsec.org/index.php?module=Releases&act=view&type=1&id=14
+7502 || WEB-ACTIVEX tsuserex.ADsTSUserEx.1 ActiveX clsid access || bugtraq,19570 || cve,2006-4219 || url,www.xsec.org/index.php?module=Releases&act=view&type=1&id=14
+7503 || WEB-ACTIVEX tsuserex.ADsTSUserEx.1 ActiveX clsid unicode access || bugtraq,19570 || cve,2006-4219 || url,www.xsec.org/index.php?module=Releases&act=view&type=1&id=14
 7504 || SPYWARE-PUT Keylogger actualspy runtime detection - ftp-data || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453086496
 7505 || SPYWARE-PUT Keylogger actualspy runtime detection - smtp || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453086496
 7506 || SPYWARE-PUT Hacker-Tool coma runtime detection - init connection - flowbit set
@@ -7582,10 +7582,10 @@
 7865 || WEB-ACTIVEX McSubMgr ActiveX CLSID unicode access || bugtraq,19265 || cve,2006-3961
 7866 || WEB-ACTIVEX ADODB.Connection ActiveX clsid access || cve,2006-5559 || url,archives.neohapsis.com/archives/ntbugtraq/2004-q4/0083.html || url,www.microsoft.com/technet/security/bulletin/ms07-009.mspx
 7867 || WEB-ACTIVEX ADODB.Connection ActiveX clsid unicode access || cve,2006-5559 || url,archives.neohapsis.com/archives/ntbugtraq/2004-q4/0083.html || url,www.microsoft.com/technet/security/bulletin/ms07-009.mspx
-7868 || WEB-ACTIVEX ADODB.Recordset ActiveX CLSID access
-7869 || WEB-ACTIVEX ADODB.Recordset ActiveX CLSID unicode access
-7870 || WEB-ACTIVEX Microsoft Office Data Source Control 9.0 ActiveX clsid access || cve,2007-1201 || url,www.microsoft.com/technet/prodtechnol/office/office2000/proddocs/opg/part4/ch18.mspx || url,www.microsoft.com/technet/security/Bulletin/MS08-017.mspx
-7871 || WEB-ACTIVEX Microsoft Office Data Source Control 9.0 ActiveX clsid unicode access || cve,2007-1201 || url,www.microsoft.com/technet/prodtechnol/office/office2000/proddocs/opg/part4/ch18.mspx || url,www.microsoft.com/technet/security/Bulletin/MS08-017.mspx
+7868 || WEB-ACTIVEX ADODB.Recordset ActiveX CLSID access || bugtraq,20704 || cve,2006-5559
+7869 || WEB-ACTIVEX ADODB.Recordset ActiveX CLSID unicode access || bugtraq,20704 || cve,2006-5559
+7870 || WEB-ACTIVEX Microsoft Office Data Source Control 9.0 ActiveX clsid access || bugtraq,28136 || cve,2007-1201 || url,www.microsoft.com/technet/prodtechnol/office/office2000/proddocs/opg/part4/ch18.mspx || url,www.microsoft.com/technet/security/Bulletin/MS08-017.mspx
+7871 || WEB-ACTIVEX Microsoft Office Data Source Control 9.0 ActiveX clsid unicode access || bugtraq,28136 || cve,2007-1201 || url,www.microsoft.com/technet/prodtechnol/office/office2000/proddocs/opg/part4/ch18.mspx || url,www.microsoft.com/technet/security/Bulletin/MS08-017.mspx
 7872 || WEB-ACTIVEX Microsoft Office Spreadsheet 10.0 ActiveX clsid access || cve,2002-0727 || cve,2002-0861 || cve,2009-1136 || url,www.microsoft.com/technet/security/Bulletin/MS02-044.mspx || url,www.microsoft.com/technet/security/Bulletin/MS09-043.mspx
 7873 || WEB-ACTIVEX Microsoft Office Spreadsheet 10.0 ActiveX clsid unicode access || cve,2002-0727 || cve,2002-0861 || cve,2009-1136 || url,www.microsoft.com/technet/security/Bulletin/MS02-044.mspx || url,www.microsoft.com/technet/security/Bulletin/MS09-043.mspx
 7874 || WEB-ACTIVEX Microsoft Office PivotTable 10.0 ActiveX CLSID access || cve,2002-0727 || cve,2002-0861 || url,www.microsoft.com/technet/security/Bulletin/MS02-044.mspx
@@ -7699,7 +7699,7 @@
 7982 || WEB-ACTIVEX Snapshot Viewer General Property Page Object ActiveX clsid unicode access || cve,2008-2463 || url,www.microsoft.com/TechNet/security/advisory/955179.mspx || url,www.microsoft.com/technet/security/bulletin/ms08-041.mspx
 7983 || WEB-ACTIVEX SuperBuddy Class ActiveX CLSID access
 7984 || WEB-ACTIVEX SuperBuddy Class ActiveX CLSID unicode access
-7985 || WEB-ACTIVEX WebViewFolderIcon.WebViewFolderIcon.1 ActiveX CLSID access || bugtraq,19030 || cve,2006-3730 || url,browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html || url,www.microsoft.com/technet/security/bulletin/ms06-057.mspx
+7985 || WEB-ACTIVEX WebViewFolderIcon.WebViewFolderIcon.1 ActiveX clsid access || bugtraq,19030 || cve,2006-3730 || url,browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html || url,www.microsoft.com/technet/security/bulletin/ms06-057.mspx
 7986 || WEB-ACTIVEX WebViewFolderIcon.WebViewFolderIcon.1 ActiveX CLSID unicode access || bugtraq,19030 || cve,2006-3730 || url,browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html || url,www.microsoft.com/technet/security/bulletin/ms06-057.mspx
 7987 || WEB-ACTIVEX WebViewFolderIcon.WebViewFolderIcon.2 ActiveX CLSID access
 7988 || WEB-ACTIVEX WebViewFolderIcon.WebViewFolderIcon.2 ActiveX CLSID unicode access
@@ -7773,7 +7773,7 @@
 8056 || DOS ISC DHCP server 2 client_id length denial of service attempt || cve,2006-3122 || url,www.debian.org/security/2006/dsa-1143
 8057 || MYSQL Date_Format denial of service attempt || bugtraq,19032 || cve,2006-3469 || url,dev.mysql.com/doc/refman/5.0/en/news-5-0-21.html
 8058 || WEB-CLIENT Mozilla javascript navigator object access || bugtraq,19181 || cve,2006-3677 || url,www.mozilla.org/security/announce/2006/mfsa2006-45.html
-8059 || ORACLE SYS.KUPW-WORKER sql injection attempt || bugtraq,19054 || url,www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2006.html
+8059 || ORACLE SYS.KUPW-WORKER sql injection attempt || bugtraq,19054 || cve,2006-3698 || url,www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2006.html
 8060 || EXPLOIT UltraVNC VNCLog buffer overflow || bugtraq,17378
 8061 || DELETED WEB-CLIENT ADODB.Stream ActiveX CLSID access
 8062 || WEB-ACTIVEX ADODB.Stream ActiveX CLSID unicode access || bugtraq,10514 || cve,2004-0549 || url,support.microsoft.com/default.aspx?scid=kb\;en-us\;KB870669 || url,www.microsoft.com/technet/security/bulletin/ms04-025.mspx
@@ -7805,7 +7805,7 @@
 8088 || WEB-MISC HP Openview NNM connectedNodes.ovpl Unix command execution attempt || bugtraq,14662 || cve,2005-2773
 8089 || WEB-MISC HP Openview NNM cdpView.ovpl Unix command execution attempt || bugtraq,14662 || cve,2005-2773
 8090 || WEB-MISC HP Openview NNM freeIPaddrs.ovpl Unix command execution attempt || bugtraq,14662 || cve,2005-2773
-8091 || WEB-CLIENT RealPlayer Realpix file format string overflow attempt || bugtraq,14945 || cve,2005-2710 || url,www.frsirt.com/english/advisories/2005/1855
+8091 || WEB-CLIENT RealNetworks RealPlayer error message format string vulnerability attempt || bugtraq,14945 || cve,2005-2710
 8093 || DELETED NETBIOS SMB webdav unicode alter context attempt
 8094 || DELETED NETBIOS SMB webdav WriteAndX unicode alter context attempt
 8095 || DELETED NETBIOS SMB webdav alter context attempt
@@ -8126,12 +8126,12 @@
 8411 || WEB-ACTIVEX DocFind Command ActiveX CLSID access
 8412 || WEB-ACTIVEX DocFind Command ActiveX CLSID unicode access
 8413 || WEB-CLIENT HCP URI uplddrvinfo access || bugtraq,5478 || cve,2002-0974 || url,www.microsoft.com/technet/security/bulletin/ms02-060.mspx
-8414 || WEB-CLIENT GIF image width descriptor buffer overflow attempt || bugtraq,18915 || cve,2006-0007 || url,www.microsoft.com/technet/security/bulletin/ms06-039.mspx
+8414 || WEB-CLIENT GIF image descriptor memory corruption attempt || bugtraq,18915 || bugtraq,22630 || cve,2006-0007 || cve,2007-1071 || url,www.microsoft.com/technet/security/bulletin/ms06-039.mspx
 8415 || FTP SIZE overflow attempt || bugtraq,19617 || cve,2006-4318
 8416 || WEB-CLIENT VML fill method overflow attempt || bugtraq,20096 || cve,2006-4868 || url,www.microsoft.com/technet/security/bulletin/ms06-055.mspx
 8417 || WEB-ACTIVEX TriEditDocument.TriEditDocument ActiveX function call access || bugtraq,18946 || cve,2006-3591 || url,browserfun.blogspot.com/2006/07/mobb-12-trieditdocument-url.html || url,osvdb.org/27056
 8418 || WEB-ACTIVEX DXImageTransform.Microsoft.RevealTrans ActiveX function call access || url,browserfun.blogspot.com/2006/07/mobb-13-revealtrans-transition.html || url,osvdb.org/27057
-8419 || WEB-ACTIVEX WebViewFolderIcon.WebViewFolderIcon.1 ActiveX function call access || bugtraq,19030 || cve,2006-3730 || url,browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html || url,www.microsoft.com/technet/security/bulletin/ms06-057.mspx
+8419 || WEB-ACTIVEX WebViewFolderIcon.WebViewFolderIcon.1 ActiveX function call || bugtraq,19030 || cve,2006-3730 || url,browserfun.blogspot.com/2006/07/mobb-18-webviewfoldericon-setslice.html || url,www.microsoft.com/technet/security/bulletin/ms06-057.mspx
 8420 || WEB-ACTIVEX DXImageTransform.Microsoft.Gradient ActiveX function call access || url,browserfun.blogspot.com/2006/07/mobb-17-gradient-startcolorstr.html || url,osvdb.org/27109
 8421 || WEB-ACTIVEX OWC11.DataSourceControl.11 ActiveX function call access || url,browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html || url,osvdb.org/27111
 8422 || WEB-ACTIVEX Outlook View OVCtl ActiveX clsid access || bugtraq,3025 || bugtraq,3026 || cve,2001-0538 || url,browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html || url,osvdb.org/27112 || url,www.microsoft.com/technet/security/bulletin/MS01-038.mspx
@@ -8158,7 +8158,7 @@
 8443 || WEB-CLIENT Mozilla regular expression heap corruption attempt || bugtraq,20042 || cve,2006-4566
 8444 || WEB-MISC Trend Micro atxconsole format string server response attempt || bugtraq,20284 || cve,2006-5157
 8445 || WEB-CLIENT RTF file with embedded object package download attempt || cve,2006-4692 || url,www.microsoft.com/technet/security/bulletin/ms06-065.mspx
-8446 || POLICY IPv6 encapsulated in IPv4 activity
+8446 || POLICY IPv6 encapsulated in IPv4 activity || bugtraq,29235 || cve,2008-2136
 8447 || DELETED WEB-CLIENT Open document file transfer attempt
 8448 || WEB-CLIENT Excel colinfo XF record overflow attempt || cve,2006-3875 || url,www.microsoft.com/technet/security/bulletin/ms06-059.mspx
 8449 || NETBIOS SMB Rename invalid buffer type andx attempt || cve,2006-4696 || url,www.microsoft.com/technet/security/bulletin/MS06-063.mspx
@@ -8182,17 +8182,17 @@
 8467 || SPYWARE-PUT Keylogger netobserve runtime detection - remote login response || url,www.spywareguide.com/product_show.php?id=354 || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453073490
 8468 || SPYWARE-PUT Hijacker accoona runtime detection - collect info || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453096478
 8469 || SPYWARE-PUT Hijacker accoona runtime detection - open sidebar search url || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453096478
-8470 || BACKDOOR superspy 2.0 beta runtime detection - get system info
-8471 || BACKDOOR superspy 2.0 beta runtime detection - get system info 2 || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453083726
-8472 || BACKDOOR superspy 2.0 beta runtime detection - screen capture 2
-8473 || BACKDOOR superspy 2.0 beta runtime detection - screen capture || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453083726
-8474 || BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage 2
-8475 || BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453083726
+8470 || DELETED BACKDOOR superspy 2.0 beta runtime detection - get system info
+8471 || DELETED BACKDOOR superspy 2.0 beta runtime detection - get system info 2 || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453083726
+8472 || DELETED BACKDOOR superspy 2.0 beta runtime detection - screen capture 2
+8473 || DELETED BACKDOOR superspy 2.0 beta runtime detection - screen capture || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453083726
+8474 || DELETED BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage 2
+8475 || DELETED BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453083726
 8476 || DELETED BACKDOOR superspy 2.0 beta runtime detection - file management
 8477 || DELETED BACKDOOR superspy 2.0 beta runtime detection - file management || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453083726
 8478 || WEB-CLIENT Microsoft Publisher file download attempt || cve,2006-0001 || url,www.microsoft.com/technet/security/bulletin/ms06-054.mspx
 8479 || FTP HELP overflow attempt || bugtraq,2972 || cve,2001-0826
-8480 || FTP PORT overflow attempt || bugtraq,18711 || cve,2006-2226
+8480 || FTP PORT overflow attempt || bugtraq,15998 || bugtraq,18711 || cve,2005-4459 || cve,2006-2226
 8481 || FTP Microsoft NLST * dos attempt || bugtraq,2717 || cve,2001-0334 || url,www.microsoft.com/technet/security/bulletin/MS01-026.mspx
 8482 || POLICY Xfire session initiated || url,www.fryx.ch/xfire/protocol.html
 8483 || POLICY Xfire login attempted || url,www.fryx.ch/xfire/protocol.html
@@ -8253,7 +8253,7 @@
 8538 || SQL xp_updatecolvbm unicode vulnerable function attempt || bugtraq,2039 || cve,2000-1084 || url,www.microsoft.com/technet/security/bulletin/ms00-092.mspx
 8539 || SQL xp_updatecolvbm unicode vulnerable function attempt || bugtraq,2039 || cve,2000-1084 || url,www.microsoft.com/technet/security/bulletin/ms00-092.mspx
 8540 || SQL xp_updatecolvbm vulnerable function attempt || bugtraq,2039 || cve,2000-1084 || url,www.microsoft.com/technet/security/bulletin/ms00-092.mspx
-8541 || ORACLE sdo_cs.transform_layer buffer overflow attempt || bugtraq,20588 || cve,2006-5372 || url,www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html
+8541 || ORACLE sdo_cs.transform_layer buffer overflow attempt || bugtraq,20588 || cve,2006-5344 || cve,2006-5372 || url,www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html
 8542 || SPYWARE-PUT Trackware deluxecommunications runtime detection - collect info || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453099974
 8543 || SPYWARE-PUT Trackware deluxecommunications runtime detection - display popup ads || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453099974
 8544 || SPYWARE-PUT Keylogger nicespy runtime detection - smtp || url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453097309
@@ -8443,9 +8443,9 @@
 8728 || WEB-ACTIVEX XMLHTTP 4.0 ActiveX clsid unicode access || bugtraq,20915 || cve,2006-5745 || url,www.microsoft.com/technet/security/bulletin/ms06-071.mspx
 8729 || EXPLOIT Shixxnote font buffer overflow attempt || bugtraq,11409 || cve,2004-1595
 8730 || DOS record route rr denial of service attempt || bugtraq,870 || cve,1999-0986 || cve,1999-1339 || cve,2001-0752
-8731 || MISC IP option TS timestamp set
-8732 || MISC IP option SEC security set
-8733 || MISC IP option SATID stream_id set
+8731 || DELETED MISC IP option TS timestamp set
+8732 || DELETED MISC IP option SEC security set
+8733 || DELETED MISC IP option SATID stream_id set
 8734 || WEB-PHP Pajax arbitrary command execution attempt || bugtraq,17519 || cve,2006-1551 || cve,2006-1789
 8735 || WEB-ACTIVEX BOWebAgent.Webagent.1 ActiveX CLSID access
 8736 || WEB-ACTIVEX BOWebAgent.Webagent.1 ActiveX CLSID unicode access
@@ -8841,9 +8841,9 @@
 9126 || DELETED NETBIOS DCERPC DIRECT wkssvc NetrJoinDomain2 overflow attempt || cve,2006-4691 || nessus,11921 || url,www.microsoft.com/technet/security/Bulletin/MS06-070.mspx
 9127 || DELETED NETBIOS DCERPC DIRECT wkssvc NetrJoinDomain2 little endian object call overflow attempt || cve,2006-4691 || nessus,11921 || url,www.microsoft.com/technet/security/Bulletin/MS06-070.mspx
 9128 || DELETED NETBIOS DCERPC DIRECT wkssvc NetrJoinDomain2 object call overflow attempt || cve,2006-4691 || nessus,11921 || url,www.microsoft.com/technet/security/Bulletin/MS06-070.mspx
-9129 || WEB-ACTIVEX WinZip FileView 6.1 ActiveX CLSID access || bugtraq,21060 || cve,2006-5198 || url,www.winzip.com/wz7245.htm
-9130 || WEB-ACTIVEX WinZip FileView 6.1 ActiveX CLSID unicode access || bugtraq,21060 || cve,2006-5198 || url,www.winzip.com/wz7245.htm
-9131 || WEB-ACTIVEX WinZip FileView 6.1 ActiveX function call access || bugtraq,21060 || cve,2006-5198 || url,www.winzip.com/wz7245.htm
+9129 || WEB-ACTIVEX WinZip FileView 6.1 ActiveX clsid access || bugtraq,21060 || bugtraq,21108 || cve,2006-3890 || cve,2006-5198 || url,www.winzip.com/wz7245.htm
+9130 || WEB-ACTIVEX WinZip FileView 6.1 ActiveX clsid unicode access || bugtraq,21060 || bugtraq,21108 || cve,2006-3890 || cve,2006-5198 || url,www.winzip.com/wz7245.htm
+9131 || WEB-ACTIVEX WinZip FileView 6.1 ActiveX function call access || bugtraq,21060 || bugtraq,21108 || cve,2006-3890 || cve,2006-5198 || url,www.winzip.com/wz7245.htm
 9132 || NETBIOS DCERPC NCACN-IP-TCP netware_cs NwrOpenEnumNdsStubTrees_Any overflow attempt || cve,2006-4688 || cve,2006-4689 || url,www.microsoft.com/technet/security/bulletin/MS06-066.mspx
 9133 || DELETED NETBIOS SMB-DS netware_cs NwrOpenEnumNdsStubTrees_Any unicode overflow attempt || cve,2006-4688 || cve,2006-4689 || url,www.microsoft.com/technet/security/bulletin/MS06-066.mspx
 9134 || DELETED NETBIOS SMB-DS netware_cs NwrOpenEnumNdsStubTrees_Any unicode object call overflow attempt || cve,2006-4688 || cve,2006-4689 || url,www.microsoft.com/technet/security/bulletin/MS06-066.mspx
@@ -9338,14 +9338,14 @@
 9623 || RPC UNIX authentication machinename string overflow attempt TCP || bugtraq,20941 || cve,2006-5780
 9624 || RPC UNIX authentication machinename string overflow attempt UDP || bugtraq,20941 || cve,2006-5780
 9625 || WEB-CLIENT Windows Media Player ASX file ref href buffer overflow attempt || bugtraq,21247 || cve,2006-6134 || url,www.microsoft.com/technet/security/bulletin/ms06-078.mspx
-9626 || WEB-ACTIVEX AcroPDF.PDF ActiveX clsid access || bugtraq,21155 || cve,2006-6027 || url,www.adobe.com/support/security/advisories/apsa06-02.html
-9627 || WEB-ACTIVEX AcroPDF.PDF ActiveX clsid unicode access || bugtraq,21155 || cve,2006-6027 || url,www.adobe.com/support/security/advisories/apsa06-02.html
+9626 || WEB-ACTIVEX AcroPDF.PDF ActiveX clsid access || bugtraq,21155 || cve,2005-0035 || cve,2006-6027 || cve,2006-6236 || url,www.adobe.com/support/security/advisories/apsa06-02.html
+9627 || WEB-ACTIVEX AcroPDF.PDF ActiveX clsid unicode access || bugtraq,21155 || cve,2005-0035 || cve,2006-6027 || cve,2006-6236 || url,www.adobe.com/support/security/advisories/apsa06-02.html
 9628 || WEB-ACTIVEX javaprxy.dll ActiveX clsid unicode access || bugtraq,14087 || cve,2005-2087 || url,www.microsoft.com/technet/security/bulletin/ms05-037.mspx || url,www.osvdb.org/displayvuln.php?osvdb_id=17680
-9629 || WEB-ACTIVEX Citrix.ICAClient ActiveX clsid access || url,http//support.citrix.com/article/CTX111827
-9630 || WEB-ACTIVEX Citrix.ICAClient ActiveX clsid unicode access || url,http//support.citrix.com/article/CTX111827
-9631 || WEB-ACTIVEX Citrix.ICAClient ActiveX function call access
+9629 || WEB-ACTIVEX Citrix.ICAClient ActiveX clsid access || bugtraq,23246 || cve,2006-6334 || url,support.citrix.com/article/CTX111827
+9630 || WEB-ACTIVEX Citrix.ICAClient ActiveX clsid unicode access || bugtraq,23246 || cve,2006-6334 || url,support.citrix.com/article/CTX111827
+9631 || WEB-ACTIVEX Citrix.ICAClient ActiveX function call access || bugtraq,23246 || cve,2006-6334 || url,support.citrix.com/article/CTX111827
 9632 || EXPLOIT Tivoli Storage Manager command request buffer overflow attempt || bugtraq,21440 || cve,2006-5855
-9633 || EXPLOIT Computer Associates Product Discovery Service type 9B remote buffer overflow attempt TCP || bugtraq,21502 || cve,2006-6379
+9633 || EXPLOIT Computer Associates Product Discovery Service type 9B remote buffer overflow attempt TCP || bugtraq,12536 || bugtraq,21502 || cve,2005-2535 || cve,2006-6379
 9634 || EXPLOIT Computer Associates Product Discovery Service type 9C remote buffer overflow attempt TCP || bugtraq,21502 || cve,2006-6379
 9635 || EXPLOIT Computer Associates Product Discovery Service type 9B remote buffer overflow attempt UDP || bugtraq,21502 || cve,2006-6379
 9636 || EXPLOIT Computer Associates Product Discovery Service type 9C remote buffer overflow attempt UDP || bugtraq,21502 || cve,2006-6379
@@ -9532,7 +9532,7 @@
 9817 || WEB-ACTIVEX CEnroll.CEnroll.2 ActiveX clsid access || url,browserfun.blogspot.com/2006/07/mobb-21-cenroll-stringtobinary.html || url,osvdb.org/27230
 9818 || WEB-ACTIVEX CEnroll.CEnroll.2 ActiveX clsid unicode access || url,browserfun.blogspot.com/2006/07/mobb-21-cenroll-stringtobinary.html || url,osvdb.org/27230
 9819 || WEB-ACTIVEX Outlook View OVCtl ActiveX clsid unicode access || bugtraq,3025 || bugtraq,3026 || cve,2001-0538 || url,browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html || url,osvdb.org/27112 || url,www.microsoft.com/technet/security/bulletin/MS01-038.mspx
-9820 || WEB-ACTIVEX Microsoft Office Data Source Control 11.0 ActiveX function call access || bugtraq,19069 || bugtraq,24462 || cve,2006-3729 || url,browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html || url,osvdb.org/27111
+9820 || WEB-ACTIVEX OWC11.DataSourceControl.11 ActiveX function call access || bugtraq,19069 || cve,2006-3729 || url,browserfun.blogspot.com/2006/07/mobb-19-datasourcecontrol.html || url,osvdb.org/27111
 9821 || WEB-ACTIVEX TriEditDocument.TriEditDocument ActiveX clsid access || bugtraq,18946 || cve,2006-3591 || url,browserfun.blogspot.com/2006/07/mobb-12-trieditdocument-url.html || url,osvdb.org/27056
 9822 || WEB-ACTIVEX TriEditDocument.TriEditDocument ActiveX clsid unicode access || bugtraq,18946 || cve,2006-3591 || url,browserfun.blogspot.com/2006/07/mobb-12-trieditdocument-url.html || url,osvdb.org/27056
 9823 || WEB-CLIENT QuickTime RTSP URI overflow attempt || bugtraq,21829 || cve,2007-0015 || url,applefun.blogspot.com/2007/01/moab-01-01-2007-apple-quicktime-rtsp.html
@@ -9742,7 +9742,7 @@
 10027 || DELETED NETBIOS DCERPC DIRECT brightstor-arc ClientDBMiniAgentClose little endian attempt || bugtraq,22010 || cve,2007-0168 || url,www.kb.cert.org/vuls/id/662400 || url,www.lssec.com/advisories/LS-20061002.pdf
 10028 || DELETED NETBIOS DCERPC DIRECT brightstor-arc ClientDBMiniAgentClose object call attempt || bugtraq,22010 || cve,2007-0168 || url,www.kb.cert.org/vuls/id/662400 || url,www.lssec.com/advisories/LS-20061002.pdf
 10029 || DELETED NETBIOS DCERPC DIRECT brightstor-arc ClientDBMiniAgentClose little endian object call attempt || bugtraq,22010 || cve,2007-0168 || url,www.kb.cert.org/vuls/id/662400 || url,www.lssec.com/advisories/LS-20061002.pdf
-10030 || NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 attempt || bugtraq,20365 || cve,2006-5143 || url,www.lssec.com/advisories/LS-20060330.pdf
+10030 || NETBIOS DCERPC NCACN-IP-TCP brightstor QSIGetQueuePath_Function_45 overflow attempt || bugtraq,20365 || cve,2006-5143
 10031 || DELETED NETBIOS DCERPC DIRECT brightstor QSIGetQueuePath_Function_45 little endian attempt || bugtraq,20365 || cve,2006-5143 || url,www.lssec.com/advisories/LS-20060330.pdf
 10032 || DELETED NETBIOS DCERPC DIRECT brightstor QSIGetQueuePath_Function_45 attempt || bugtraq,20365 || cve,2006-5143 || url,www.lssec.com/advisories/LS-20060330.pdf
 10033 || DELETED NETBIOS DCERPC DIRECT v4 brightstor QSIGetQueuePath_Function_45 little endian attempt || bugtraq,20365 || cve,2006-5143 || url,www.lssec.com/advisories/LS-20060330.pdf
@@ -9924,9 +9924,9 @@
 10211 || DELETED NETBIOS DCERPC DIRECT v4 trend-serverprotect COMN_NetTestConnection little endian attempt || bugtraq,22639 || cve,2007-1070 || url,esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290
 10212 || DELETED NETBIOS DCERPC DIRECT trend-serverprotect COMN_NetTestConnection object call attempt || bugtraq,22639 || cve,2007-1070 || url,esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290
 10213 || DELETED NETBIOS DCERPC DIRECT trend-serverprotect COMN_NetTestConnection little endian object call attempt || bugtraq,22639 || cve,2007-1070 || url,esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290
-10214 || WEB-ACTIVEX Shockwave ActiveX Control ActiveX clsid access || bugtraq,22842
-10215 || WEB-ACTIVEX Shockwave ActiveX Control ActiveX clsid unicode access || bugtraq,22842
-10216 || WEB-ACTIVEX Shockwave ActiveX Control ActiveX function call access || bugtraq,22842
+10214 || WEB-ACTIVEX Shockwave ActiveX Control ActiveX clsid access || bugtraq,22067 || bugtraq,22842 || cve,2006-6885
+10215 || WEB-ACTIVEX Shockwave ActiveX Control ActiveX clsid unicode access || bugtraq,22067 || bugtraq,22842 || cve,2006-6885
+10216 || WEB-ACTIVEX Shockwave ActiveX Control ActiveX function call access || bugtraq,22067 || bugtraq,22842 || cve,2006-6885
 10217 || DELETED NETBIOS SMB svcctl alter context attempt || url,www.hsc.fr/ressources/articles/win_net_srv/msrpc_svcctl.html
 10218 || DELETED NETBIOS SMB svcctl unicode alter context attempt || url,www.hsc.fr/ressources/articles/win_net_srv/msrpc_svcctl.html
 10219 || DELETED NETBIOS SMB svcctl WriteAndX alter context attempt || url,www.hsc.fr/ressources/articles/win_net_srv/msrpc_svcctl.html
@@ -10194,7 +10194,7 @@
 10483 || RPC portmap CA BrightStor ARCserve udp request || bugtraq,23209 || cve,2007-1785
 10484 || RPC portmap CA BrightStor ARCserve tcp procedure 191 attempt || bugtraq,23209 || cve,2007-1785
 10485 || RPC portmap CA BrightStor ARCserve udp procedure 191 attempt || bugtraq,23209 || cve,2007-1785
-10486 || NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 15,16,17 attempt || bugtraq,22994 || cve,2007-1447 || url,www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
+10486 || NETBIOS DCERPC NCACN-IP-TCP brightstor-arc function 15,16,17 attempt || bugtraq,22994 || cve,2006-6076 || cve,2007-1447 || url,www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
 10487 || DELETED NETBIOS DCERPC DIRECT brightstor-arc function 15 attempt || bugtraq,22994 || cve,2007-1447 || url,www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
 10488 || DELETED NETBIOS DCERPC DIRECT v4 brightstor-arc function 15 little endian attempt || bugtraq,22994 || cve,2007-1447 || url,www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
 10489 || DELETED NETBIOS DCERPC DIRECT v4 brightstor-arc function 15 attempt || bugtraq,22994 || cve,2007-1447 || url,www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=101317
@@ -10712,7 +10712,7 @@
 11001 || ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt || bugtraq,23532 || cve,2007-2126 || url,www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
 11002 || ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt || bugtraq,23532 || cve,2007-2126 || url,www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
 11003 || ORACLE dbms_snap_internal.generate_refresh_operations buffer overflow attempt || bugtraq,23532 || cve,2007-2126 || url,www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
-11004 || IMAP CRAM-MD5 authentication method buffer overflow || bugtraq,11675 || bugtraq,23172 || cve,2004-1520 || cve,2007-1675
+11004 || IMAP CRAM-MD5 authentication method buffer overflow || bugtraq,11675 || bugtraq,14317 || bugtraq,23172 || cve,2004-1520 || cve,2007-1675
 11005 || DELETED NETBIOS SMB rpcss alter context attempt
 11006 || DELETED NETBIOS SMB rpcss unicode alter context attempt
 11007 || DELETED NETBIOS SMB rpcss WriteAndX alter context attempt
@@ -10889,10 +10889,10 @@
 11178 || WEB-ACTIVEX PowerPoint Viewer ActiveX function call access || bugtraq,23733 || bugtraq,33238 || bugtraq,33243 || url,moaxb.blogspot.com/2007/05/moaxb-01-powerpointviewerocx-31.html
 11179 || WEB-ACTIVEX PowerPoint Viewer ActiveX function call unicode access || bugtraq,23733 || bugtraq,33238 || bugtraq,33243 || url,moaxb.blogspot.com/2007/05/moaxb-01-powerpointviewerocx-31.html
 11180 || WEB-CLIENT quicktime movie ftyp buffer underflow || bugtraq,23652 || cve,2007-2296
-11181 || WEB-ACTIVEX Excel Viewer ActiveX clsid access || bugtraq,23755 || bugtraq,33222 || url,moaxb.blogspot.com/2007/05/moaxb-02-excelviewerocx-v-31-multiple.html
-11182 || WEB-ACTIVEX Excel Viewer ActiveX clsid unicode access || bugtraq,23755 || bugtraq,33222 || url,moaxb.blogspot.com/2007/05/moaxb-02-excelviewerocx-v-31-multiple.html
-11183 || WEB-ACTIVEX Excel Viewer ActiveX function call access || bugtraq,23755 || bugtraq,33222 || url,moaxb.blogspot.com/2007/05/moaxb-02-excelviewerocx-v-31-multiple.html
-11184 || WEB-ACTIVEX Excel Viewer ActiveX function call unicode access || bugtraq,23755 || bugtraq,33222 || url,moaxb.blogspot.com/2007/05/moaxb-02-excelviewerocx-v-31-multiple.html
+11181 || WEB-ACTIVEX Excel Viewer ActiveX clsid access || bugtraq,23755 || bugtraq,33222 || bugtraq,33243 || url,moaxb.blogspot.com/2007/05/moaxb-02-excelviewerocx-v-31-multiple.html
+11182 || WEB-ACTIVEX Excel Viewer ActiveX clsid unicode access || bugtraq,23755 || bugtraq,33222 || bugtraq,33243 || url,moaxb.blogspot.com/2007/05/moaxb-02-excelviewerocx-v-31-multiple.html
+11183 || WEB-ACTIVEX Excel Viewer ActiveX function call access || bugtraq,23755 || bugtraq,33222 || bugtraq,33243 || url,moaxb.blogspot.com/2007/05/moaxb-02-excelviewerocx-v-31-multiple.html
+11184 || WEB-ACTIVEX Excel Viewer ActiveX function call unicode access || bugtraq,23755 || bugtraq,33222 || bugtraq,33243 || url,moaxb.blogspot.com/2007/05/moaxb-02-excelviewerocx-v-31-multiple.html
 11185 || DOS CA eTrust key handling dos -- username || bugtraq,22743 || cve,2007-1005
 11186 || DOS CA eTrust key handling dos -- password || bugtraq,22743 || cve,2007-1005
 11187 || WEB-ACTIVEX Word Viewer ActiveX clsid access || bugtraq,23784 || bugtraq,33238 || bugtraq,33243 || url,moaxb.blogspot.com/2007/05/moaxb-03-wordviewerocx-32-multiple_03.html
@@ -11539,7 +11539,7 @@
 11831 || WEB-ACTIVEX Microsoft Direct Speech Recognition ActiveX clsid unicode access || cve,2007-2222 || url,www.microsoft.com/technet/security/bulletin/ms07-034.mspx
 11832 || WEB-ACTIVEX Microsoft Direct Speech Recognition ActiveX function call access || cve,2007-2222 || url,www.microsoft.com/technet/security/bulletin/ms07-034.mspx
 11833 || WEB-ACTIVEX Microsoft Direct Speech Recognition ActiveX function call unicode access || cve,2007-2222 || url,www.microsoft.com/technet/security/bulletin/ms07-034.mspx
-11834 || WEB-MISC Internet Explorer navcancl.htm url spoofing attempt || bugtraq,22966 || cve,2007-1499 || url,www.microsoft.com/technet/security/bulletin/MS07-033.mspx
+11834 || WEB-MISC Internet Explorer navcancl.htm url spoofing attempt || bugtraq,22966 || cve,2007-1499 || cve,2007-1752 || url,www.microsoft.com/technet/security/bulletin/MS07-033.mspx
 11835 || POLICY Visio file download || url,office.microsoft.com/en-us/visio/default.aspx
 11836 || MISC Visio version number anomaly || cve,2007-0934 || url,www.microsoft.com/technet/security/bulletin/MS07-030.mspx
 11837 || SMTP MS Windows Mail UNC navigation remote command execution || cve,2007-1658 || url,www.microsoft.com/technet/security/bulletin/MS07-034.mspx
@@ -11959,7 +11959,7 @@
 12253 || WEB-ACTIVEX Symantec NavComUI AxSysListView32OAA ActiveX function call unicode access || bugtraq,24983 || cve,2007-2955 || url,www.symantec.com/avcenter/security/Content/2007.08.09.html
 12254 || DELETED EXPLOIT CA message queuing erroneous length field || bugtraq,25051 || cve,2007-0060
 12255 || WEB-CGI CSGuestbook setup attempt || bugtraq,4448 || cve,2002-1750
-12256 || WEB-CLIENT Excel malformed FBI record || cve,2007-1203 || url,www.microsoft.com/technet/security/bulletin/ms07-023.mspx
+12256 || WEB-CLIENT Excel malformed FBI record || bugtraq,23826 || cve,2007-1203 || cve,2007-1747 || url,www.microsoft.com/technet/security/bulletin/ms07-023.mspx
 12257 || WEB-ACTIVEX Microsoft DirectX Media SDK ActiveX clsid access || bugtraq,25279 || cve,2007-4336
 12258 || WEB-ACTIVEX Microsoft DirectX Media SDK ActiveX clsid unicode access || bugtraq,25279 || cve,2007-4336
 12259 || WEB-ACTIVEX Microsoft DirectX Media SDK ActiveX function call access || bugtraq,25279 || cve,2007-4336
@@ -11981,7 +11981,7 @@
 12275 || WEB-ACTIVEX Microsoft Visual Basic 6 TypeLibInfo ActiveX function call access || cve,2007-2216 || url,www.microsoft.com/technet/security/bulletin/ms07-045.mspx
 12276 || WEB-ACTIVEX Microsoft Visual Basic 6 TypeLibInfo ActiveX function call unicode access || cve,2007-2216 || url,www.microsoft.com/technet/security/bulletin/ms07-045.mspx
 12277 || EXPLOIT Microsoft IE CSS memory corruption exploit || cve,2007-0943 || url,www.microsoft.com/technet/security/bulletin/ms07-045.mspx
-12278 || POLICY Microsoft Media Player compressed skin download || url,www.microsoft.com/technet/security/Bulletin/MS07-047.mspx
+12278 || POLICY Microsoft Media Player compressed skin download - .wmz || bugtraq,25305 || cve,2007-3037 || url,www.microsoft.com/technet/security/Bulletin/MS07-047.mspx
 12279 || WEB-CLIENT Microsoft XML substringData integer overflow attempt || cve,2007-2223 || cve,2007-2224 || cve,2008-1442 || url,www.microsoft.com/technet/security/Bulletin/MS07-042.mspx || url,www.microsoft.com/technet/security/Bulletin/MS07-043.mspx || url,www.microsoft.com/technet/security/Bulletin/MS08-031.mspx
 12280 || WEB-CLIENT VML source file memory corruption || bugtraq,25310 || cve,2007-1749 || url,www.microsoft.com/technet/security/Bulletin/MS07-050.mspx
 12281 || WEB-CLIENT VML source file memory corruption || bugtraq,25310 || cve,2007-1749 || url,www.microsoft.com/technet/security/Bulletin/MS07-050.mspx
@@ -12486,9 +12486,9 @@
 12783 || WEB-ACTIVEX Aurigma Image Uploader 4 Vulnerable Methods ActiveX function call unicode access || bugtraq,26537 || bugtraq,27577 || url,blogs.aurigma.com/post/2007/11/Security-issue-in-Image-Uploader.aspx || url,www.microsoft.com/technet/security/advisory/953839.mspx
 12784 || EXPLOIT CA ARCserve Backup for Laptops rsxGetBackupLog second argument overflow || bugtraq,24348 || cve,2007-3216
 12785 || EXPLOIT CA ARCserve Backup for Laptops rsxGetBackupComplete overflow attemp || bugtraq,24348 || cve,2007-3216
-12786 || EXPLOIT CA ARCserve Backup for Laptops rsxSetDataGrowthScheduleAndFilter overflow attempt || bugtraq,24348 || cve,2007-3216
-12787 || EXPLOIT CA ARCserve Backup for Laptops rsxSetDefaultConfigName overflow attempt || bugtraq,24348 || cve,2007-3216
-12788 || EXPLOIT CA ARCserve Backup for Laptops rsxSetDefaultConfigName overflow attempt || bugtraq,24348 || cve,2007-3216
+12786 || EXPLOIT CA ARCserve Backup for Laptops rxsSetDataGrowthScheduleAndFilter overflow attempt || bugtraq,24348 || cve,2007-3216
+12787 || EXPLOIT CA ARCserve Backup for Laptops rxsSetDefaultConfigName overflow attempt || bugtraq,24348 || cve,2007-3216
+12788 || EXPLOIT CA ARCserve Backup for Laptops rxsSetDefaultConfigName overflow attempt || bugtraq,24348 || cve,2007-3216
 12789 || SPYWARE-PUT Adware sunshine spy 1.0 runtime detection - check update || url,research.sunbelt-software.com/threatdisplay.aspx?name=Sunshine%20Spy&threatid=171191
 12790 || SPYWARE-PUT Trackware partypoker runtime detection || url,research.sunbelt-software.com/threatdisplay.aspx?name=PartyPoker&threatid=44086
 12791 || SPYWARE-PUT Adware gophoria toolbar runtime detection || url,spywaresignatures.com/details.php?spyware=gophoria || url,www.360zd.com/spyware/518.html || url,www.spywareguide.com/spydet_3093_gophoria_toolbar.html
@@ -12507,7 +12507,7 @@
 12804 || WEB-ACTIVEX VideoLAN VLC ActiveX clsid unicode access || bugtraq,26675 || cve,2007-6262 || url,www.videolan.org/sa0703.html
 12805 || WEB-ACTIVEX VideoLAN VLC ActiveX function call access || bugtraq,26675 || cve,2007-6262 || url,www.videolan.org/sa0703.html
 12806 || WEB-ACTIVEX VideoLAN VLC ActiveX function call unicode access || bugtraq,26675 || cve,2007-6262 || url,www.videolan.org/sa0703.html
-12807 || SMTP Lotus 123 file attachment || bugtraq,26200 || cve,2007-4222 || url,www-1.ibm.com/support/docview.wss?uid=swg21285600 || url,www.coresecurity.com/index.php5?action=item&id=2008
+12807 || SMTP Lotus 123 file attachment || bugtraq,26200 || bugtraq,27835 || cve,2007-4222 || cve,2007-6593 || url,www-1.ibm.com/support/docview.wss?uid=swg21285600 || url,www.coresecurity.com/index.php5?action=item&id=2008
 12808 || NETBIOS DCERPC NCACN-IP-TCP spoolss OpenPrinter overflow attempt || bugtraq,21220 || cve,2006-5854
 12809 || DELETED NETBIOS SMB spoolss OpenPrinter WriteAndX andx overflow attempt || bugtraq,21220 || cve,2006-5854
 12810 || DELETED NETBIOS SMB spoolss OpenPrinter WriteAndX little endian andx object call overflow attempt || bugtraq,21220 || cve,2006-5854
@@ -12862,7 +12862,7 @@
 13159 || WEB_CLIENT Microsoft Media Player asf streaming format audio error masking integer overflow attempt || cve,2007-0064 || url,www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
 13160 || WEB-CLIENT Microsft Media Player asf streaming audio spread error correction data length integer overflow attempt || cve,2007-0064 || url,www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
 13161 || EXPLOIT HP OpenView CGI parameter buffer overflow attempt || bugtraq,26741 || cve,2007-6204 || cve,2008-0067
-13162 || NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt || bugtraq,21220 || cve,2006-5854
+13162 || NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters overflow attempt || bugtraq,21220 || cve,2006-5854 || cve,2006-6114
 13163 || DELETED NETBIOS SMB v4 spoolss EnumPrinters little endian overflow attempt || bugtraq,21220 || cve,2006-5854
 13164 || DELETED NETBIOS SMB v4 spoolss EnumPrinters WriteAndX overflow attempt || bugtraq,21220 || cve,2006-5854
 13165 || DELETED NETBIOS SMB v4 spoolss EnumPrinters WriteAndX little endian overflow attempt || bugtraq,21220 || cve,2006-5854
@@ -12969,10 +12969,10 @@
 13266 || WEB-ACTIVEX SkyFex Client ActiveX clsid access || bugtraq,27059
 13267 || WEB-ACTIVEX SkyFex Client ActiveX clsid unicode access || bugtraq,27059
 13268 || RPC MIT Kerberos kadmind rpc library uninitialized pointer arbitrary code execution attempt || bugtraq,24655 || cve,2007-2442 || url,web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2007-004.txt
-13269 || MISC Microsoft Windows ShellExecute and IE7 nntp url handling code execution attempt || bugtraq,25945 || cve,2007-3896 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
-13270 || MISC Microsoft Windows ShellExecute and IE7 news url handling code execution attempt || bugtraq,25945 || cve,2007-3896 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
-13271 || MISC Microsoft Windows ShellExecute and IE7 telnet url handling code execution attempt || bugtraq,25945 || cve,2007-3896 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
-13272 || MISC Microsoft Windows ShellExecute and IE7 mailto url handling code execution attempt || bugtraq,25945 || cve,2007-3896 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
+13269 || EXPLOIT Multiple product nntp uri handling code execution attempt || bugtraq,25053 || bugtraq,25945 || cve,2007-3845 || cve,2007-3896 || cve,2007-4041 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
+13270 || EXPLOIT Multiple product news uri handling code execution attempt || bugtraq,25053 || bugtraq,25945 || cve,2007-3845 || cve,2007-3896 || cve,2007-4041 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
+13271 || EXPLOIT Multiple product telnet uri handling code execution attempt || bugtraq,25053 || bugtraq,25945 || cve,2007-3845 || cve,2007-3896 || cve,2007-4041 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
+13272 || EXPLOIT Multiple product mailto uri handling code execution attempt || bugtraq,25053 || bugtraq,25945 || cve,2007-3845 || cve,2007-3896 || cve,2007-4041 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
 13273 || WEB-ACTIVEX DivX Web Player ActiveX clsid access || bugtraq,27106
 13274 || WEB-ACTIVEX DivX Web Player ActiveX clsid unicode access || bugtraq,27106
 13275 || WEB-ACTIVEX DivX Web Player ActiveX function call access || bugtraq,27106
@@ -13012,11 +13012,11 @@
 13313 || WEB-ACTIVEX StreamAudio ProxyManager ActiveX clsid unicode access || bugtraq,27247 || cve,2008-0248
 13314 || WEB-ACTIVEX StreamAudio ProxyManager ActiveX function call access || bugtraq,27247 || cve,2008-0248
 13315 || WEB-ACTIVEX StreamAudio ProxyManager ActiveX function call unicode access || bugtraq,27247 || cve,2008-0248
-13316 || WEB-CLIENT 3ivx MP4 file parsing ART buffer overflow attempt || bugtraq,26773 || cve,2007-6401
-13317 || WEB-CLIENT 3ivx MP4 file parsing nam buffer overflow attempt || bugtraq,26773 || cve,2007-6401
-13318 || WEB-CLIENT 3ivx MP4 file parsing cmt buffer overflow attempt || bugtraq,26773 || cve,2007-6401
-13319 || WEB-CLIENT 3ivx MP4 file parsing des buffer overflow attempt || bugtraq,26773 || cve,2007-6401
-13320 || WEB-CLIENT 3ivx MP4 file parsing cpy buffer overflow attempt || bugtraq,26773 || cve,2007-6401
+13316 || WEB-CLIENT 3ivx MP4 file parsing ART buffer overflow attempt || bugtraq,19976 || bugtraq,26773 || cve,2006-4386 || cve,2007-6401
+13317 || WEB-CLIENT 3ivx MP4 file parsing nam buffer overflow attempt || bugtraq,19976 || bugtraq,26773 || cve,2006-4386 || cve,2007-6401
+13318 || WEB-CLIENT 3ivx MP4 file parsing cmt buffer overflow attempt || bugtraq,19976 || bugtraq,26773 || cve,2006-4386 || cve,2007-6401
+13319 || WEB-CLIENT 3ivx MP4 file parsing des buffer overflow attempt || bugtraq,19976 || bugtraq,26773 || cve,2006-4386 || cve,2007-6401
+13320 || WEB-CLIENT 3ivx MP4 file parsing cpy buffer overflow attempt || bugtraq,19976 || bugtraq,26773 || cve,2006-4386 || cve,2007-6401
 13321 || WEB-ACTIVEX Microsoft Package and Deployment Wizard ActiveX clsid access || bugtraq,25295 || cve,2007-3041 || url,www.microsoft.com/technet/security/bulletin/MS07-045.mspx
 13322 || WEB-ACTIVEX Microsoft Package and Deployment Wizard ActiveX clsid unicode access || bugtraq,25295 || cve,2007-3041 || url,www.microsoft.com/technet/security/bulletin/MS07-045.mspx
 13323 || WEB-ACTIVEX Microsoft Package and Deployment Wizard ActiveX function call access || bugtraq,25295 || cve,2007-3041 || url,www.microsoft.com/technet/security/bulletin/MS07-045.mspx
@@ -13143,6 +13143,7 @@
 13465 || WEB-CLIENT Microsoft Works file download request
 13467 || WEB-ACTIVEX Office 2000 and 2002 Web Components Spreadsheet ActiveX clsid unicode access || bugtraq,4453 || cve,2002-0860 || cve,2006-4695 || url,www.microsoft.com/technet/security/bulletin/MS02-044.mspx
 13468 || WEB-ACTIVEX Office 2000 and 2002 Web Components Data Source Control ActiveX clsid unicode access || bugtraq,4449 || cve,2002-0727 || cve,2007-1201 || url,www.microsoft.com/technet/security/Bulletin/MS08-017.mspx || url,www.microsoft.com/technet/security/bulletin/MS02-044.mspx
+13472 || EXPLOIT Microsoft Works invalid chunk size || cve,2008-0108 || url,www.microsoft.com/technet/security/bulletin/MS08-011.mspx
 13473 || WEB-MISC Microsoft Publisher file download
 13477 || SPECIFIC-THREATS Adobe PDF collab.collectEmailInfo exploit attempt - compressed || bugtraq,27641 || cve,2008-0655
 13478 || SPECIFIC-THREATS Adobe PDF collab.collectEmailInfo exploit attempt || bugtraq,27641 || cve,2008-0655
@@ -13188,10 +13189,10 @@
 13520 || EXPLOIT Winamp Ultravox streaming malicious metadata || cve,2008-0065
 13521 || EXPLOIT Winamp Ultravox streaming malicious metadata || cve,2008-0065
 13522 || EXPLOIT Firebird Database Server username handling buffer overflow || bugtraq,27467 || cve,2008-0467
-13523 || WEB-ACTIVEX Novell iPrint ActiveX clsid access || bugtraq,29736 || bugtraq,30813 || bugtraq,30986 || cve,2008-2431 || cve,2008-2432 || cve,2008-2908 || url,secunia.com/advisories/40782 || url,support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html
-13524 || WEB-ACTIVEX Novell iPrint ActiveX clsid unicode access || bugtraq,29736 || bugtraq,30813 || bugtraq,30986 || cve,2008-2431 || cve,2008-2432 || cve,2008-2908 || url,secunia.com/advisories/40782 || url,support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html
-13525 || WEB-ACTIVEX Novell iPrint ActiveX function call access || bugtraq,29736 || bugtraq,30813 || bugtraq,30986 || cve,2008-2431 || cve,2008-2432 || cve,2008-2908 || url,secunia.com/advisories/40782 || url,support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html
-13526 || WEB-ACTIVEX Novell iPrint ActiveX function call unicode access || bugtraq,29736 || bugtraq,30813 || bugtraq,30986 || cve,2008-2431 || cve,2008-2432 || cve,2008-2908 || url,secunia.com/advisories/40782 || url,support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html
+13523 || WEB-ACTIVEX Novell iPrint ActiveX clsid access || bugtraq,27939 || bugtraq,29736 || bugtraq,30813 || bugtraq,30986 || bugtraq,31370 || cve,2008-0935 || cve,2008-2431 || cve,2008-2432 || cve,2008-2436 || cve,2008-2908 || url,secunia.com/advisories/40782 || url,support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html
+13524 || WEB-ACTIVEX Novell iPrint ActiveX clsid unicode access || bugtraq,27939 || bugtraq,29736 || bugtraq,30813 || bugtraq,30986 || bugtraq,31370 || cve,2008-0935 || cve,2008-2431 || cve,2008-2432 || cve,2008-2436 || cve,2008-2908 || url,secunia.com/advisories/40782 || url,support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html
+13525 || WEB-ACTIVEX Novell iPrint ActiveX function call access || bugtraq,27939 || bugtraq,29736 || bugtraq,30813 || bugtraq,30986 || bugtraq,31370 || cve,2008-0935 || cve,2008-2431 || cve,2008-2432 || cve,2008-2436 || cve,2008-2908 || url,secunia.com/advisories/40782 || url,support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html
+13526 || WEB-ACTIVEX Novell iPrint ActiveX function call unicode access || bugtraq,27939 || bugtraq,29736 || bugtraq,30813 || bugtraq,30986 || bugtraq,31370 || cve,2008-0935 || cve,2008-2431 || cve,2008-2432 || cve,2008-2436 || cve,2008-2908 || url,secunia.com/advisories/40782 || url,support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html
 13527 || WEB-ACTIVEX D-Link MPEG4 SHM Audio Control ActiveX clsid access || bugtraq,28010
 13528 || WEB-ACTIVEX D-Link MPEG4 SHM Audio Control ActiveX clsid unicode access || bugtraq,28010
 13529 || WEB-ACTIVEX D-Link MPEG4 SHM Audio Control ActiveX function call access || bugtraq,28010
@@ -13218,9 +13219,9 @@
 13550 || WEB-ACTIVEX Sony ImageStation ActiveX function call unicode access || bugtraq,27715 || cve,2008-0748
 13551 || ORACLE Oracle XDB.XDB_PITRIG_PKG sql injection attempt || bugtraq,27229 || cve,2008-0339 || url,www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html
 13552 || EXPLOIT Symantec VERITAS Storage Foundation Suite buffer overflow attempt || bugtraq,25778 || cve,2008-0638 || url,www.symantec.com/avcenter/security/Content/2008.02.20a.html
-13553 || EXPLOIT Sybase SQL Anywhere Mobilink username string buffer overflow || bugtraq,27914 || url,aluigi.altervista.org/adv/mobilinkhof-adv.txt
-13554 || EXPLOIT Sybase SQL Anywhere Mobilink version string buffer overflow || bugtraq,27914 || url,aluigi.altervista.org/adv/mobilinkhof-adv.txt
-13555 || EXPLOIT Sybase SQL Anywhere Mobilink remoteID string buffer overflow || bugtraq,27914 || url,aluigi.altervista.org/adv/mobilinkhof-adv.txt
+13553 || EXPLOIT Sybase SQL Anywhere Mobilink username string buffer overflow || bugtraq,27914 || cve,2008-0912 || url,aluigi.altervista.org/adv/mobilinkhof-adv.txt
+13554 || EXPLOIT Sybase SQL Anywhere Mobilink version string buffer overflow || bugtraq,27914 || cve,2008-0912 || url,aluigi.altervista.org/adv/mobilinkhof-adv.txt
+13555 || EXPLOIT Sybase SQL Anywhere Mobilink remoteID string buffer overflow || bugtraq,27914 || cve,2008-0912 || url,aluigi.altervista.org/adv/mobilinkhof-adv.txt
 13556 || SPYWARE-PUT Hijacker kword interkey runtime detection - search traffic 1 || url,research.sunbelt-software.com/threatdisplay.aspx?name=Kword.InterKey&threatid=46477 || url,www.noadware.net/research/index2.php?item_id=2656&item_name=Kword.InterKey
 13557 || SPYWARE-PUT Hijacker kword interkey runtime detection - search traffic 2 || url,research.sunbelt-software.com/threatdisplay.aspx?name=Kword.InterKey&threatid=46477 || url,www.noadware.net/research/index2.php?item_id=2656&item_name=Kword.InterKey
 13558 || SPYWARE-PUT Hijacker kword interkey runtime detection - log user info || url,research.sunbelt-software.com/threatdisplay.aspx?name=Kword.InterKey&threatid=46477 || url,www.noadware.net/research/index2.php?item_id=2656&item_name=Kword.InterKey
@@ -13277,8 +13278,8 @@
 13623 || WEB-ACTIVEX CA BrightStor ListCtrl ActiveX function call access || bugtraq,28268 || cve,2008-1472
 13624 || WEB-ACTIVEX CA BrightStor ListCtrl ActiveX function call unicode access || bugtraq,28268 || cve,2008-1472
 13625 || BACKDOOR MBR rootkit HTTP POST activity detected || url,www.sophos.com/security/blog/2008/01/987.html
-13627 || WEB-CLIENT Microsoft Access file download request || url,support.microsoft.com/kb/925330
-13628 || WEB-CLIENT Microsoft Access file download request || url,support.microsoft.com/kb/925330
+13627 || DELETED WEB-CLIENT Microsoft Access file download request || url,support.microsoft.com/kb/925330
+13628 || DELETED WEB-CLIENT Microsoft Access file download request || url,support.microsoft.com/kb/925330
 13631 || MISC McAfee ePolicy Orchestrator Framework Services log handling format string attempt || bugtraq,28228 || cve,2008-1357 || url,knowledge.mcafee.com/article/234/615103_f.sal_public.html
 13632 || WEB-CLIENT Zango adware installation request || url,www.ftc.gov/os/caselist/0523130/index.shtm
 13635 || SPYWARE-PUT Trickler downloader trojan.gen runtime detection - get malicious link || url,ca.com/us/securityadvisor/pest/pest.aspx?id=453120536 || url,www.prevx.com/filenames/X1895686732762432147-0/LAF4.EXE.html
@@ -13501,8 +13502,8 @@
 13910 || DELETED WEB-ACTIVEX Microsoft Access Snapshot Viewer 2 ActiveX function call unicode access || cve,2008-2463 || url,www.microsoft.com/TechNet/security/advisory/955179.mspx || url,www.microsoft.com/technet/security/bulletin/ms08-041.mspx
 13911 || WEB-CLIENT Microsoft search file download attempt
 13912 || SPECIFIC-THREATS isComponentInstalled Metasploit attack attempt || bugtraq,16870
-13913 || WEB-ACTIVEX AcroPDF.PDF ActiveX function call access || bugtraq,21155 || cve,2006-6027 || url,www.adobe.com/support/security/advisories/apsa06-02.html
-13914 || WEB-ACTIVEX AcroPDF.PDF ActiveX function call unicode access || bugtraq,21155 || cve,2006-6027 || url,www.adobe.com/support/security/advisories/apsa06-02.html
+13913 || WEB-ACTIVEX AcroPDF.PDF ActiveX function call access || bugtraq,21155 || cve,2005-0035 || cve,2006-6027 || cve,2006-6236 || url,www.adobe.com/support/security/advisories/apsa06-02.html
+13914 || WEB-ACTIVEX AcroPDF.PDF ActiveX function call unicode access || bugtraq,21155 || cve,2005-0035 || cve,2006-6027 || cve,2006-6236 || url,www.adobe.com/support/security/advisories/apsa06-02.html
 13915 || WEB-MISC backup file download attempt
 13916 || EXPLOIT Alt-N SecurityGateway username buffer overflow attempt || cve,2008-4193 || url,secunia.com/advisories/30497/
 13917 || WEB-CLIENT Apple QuickTime MOV file string handling integer overflow attempt || bugtraq,15306 || cve,2005-2753
@@ -13514,7 +13515,7 @@
 13925 || FTP Computer Associates eTrust Secure Content Manager PASV stack overflow attempt || cve,2008-2541
 13926 || EXPLOIT Novell Groupwise HTTP response message parsing overflow || cve,2008-2703
 13927 || TFTP Server log generation buffer overflow attempt || cve,2008-2161
-13928 || WEB-MISC Adobe RoboHelp r0 SQL injection attempt || cve,2008-2991
+13928 || SPECIFIC-THREATS Adobe RoboHelp r0 SQL injection attempt || cve,2008-2991
 13929 || WEB-MISC Adobe RoboHelp rx SQL injection attempt || cve,2008-2991
 13930 || SPYWARE-PUT Trickler pc privacy cleaner runtime detection - order/register request || url,malware-remover.com/pcprivacycleaner-removal-tool-pc-privacy-cleaner/ || url,www.xp-vista.com/spyware-removal/pcprivacycleaner-pc-privacy-cleaner-removal-instructions
 13931 || SPYWARE-PUT Trickler pc privacy cleaner runtime detection - auto update || url,malware-remover.com/pcprivacycleaner-removal-tool-pc-privacy-cleaner/ || url,www.xp-vista.com/spyware-removal/pcprivacycleaner-pc-privacy-cleaner-removal-instructions
@@ -14192,8 +14193,8 @@
 14762 || WEB-ACTIVEX iseemedia LPViewer ActiveX function call access || bugtraq,31604 || cve,2008-4384
 14763 || WEB-ACTIVEX iseemedia LPViewer ActiveX function call unicode access || bugtraq,31604 || cve,2008-4384
 14764 || WEB-ACTIVEX Macrovision InstallShield Update Service Agent ActiveX clsid access || bugtraq,31235 || cve,2008-2470
-14765 || WEB-ACTIVEX Macrovision InstallShield Update Service Agent ActiveX clsid unicode access || bugtraq,31235 || cve,2008-2470
-14766 || WEB-ACTIVEX Macrovision InstallShield Update Service Agent ActiveX function call access || bugtraq,31235 || cve,2008-2470
+14765 || WEB-ACTIVEX Macrovision InstallShield Update Service Agent ActiveX function call || bugtraq,31235 || cve,2008-2470
+14766 || DELETED WEB-ACTIVEX Macrovision InstallShield Update Service Agent ActiveX function call access || bugtraq,31235 || cve,2008-2470
 14767 || WEB-ACTIVEX Macrovision InstallShield Update Service Agent ActiveX function call unicode access || bugtraq,31235 || cve,2008-2470
 14768 || MISC Symantec Veritas Storage Scheduler Service NULL Session auth bypass attempt || bugtraq,30596 || cve,2008-3703
 14769 || EXPLOIT DATAC RealWin SCADA System FC_INFOTAG/SET_CONTROL buffer overflow attempt || bugtraq,31418 || cve,2008-4322
@@ -14212,10 +14213,10 @@
 14897 || WEB-ACTIVEX HP Software Update RulesEngine.dll ActiveX function call access || bugtraq,26950 || cve,2007-6506
 14898 || WEB-ACTIVEX HP Software Update RulesEngine.dll ActiveX function call unicode access || bugtraq,26950 || cve,2007-6506
 14899 || DELETED NETBIOS SMB netdfs unicode little endian bind attempt
-14900 || NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt || bugtraq,24198 || cve,2007-2446
+14900 || NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum overflow attempt || bugtraq,24198 || cve,2007-2446
 14986 || SHELLCODE x86 fldz get eip shellcode
 14987 || DELETED NETBIOS SMB netdfs unicode little endian bind attempt
-14988 || NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt || bugtraq,24198 || cve,2007-2446
+14988 || NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum overflow attempt || bugtraq,24198 || cve,2007-2446
 14989 || WEB-MISC Novell eDirectory SOAP Accept Language header overflow attempt || cve,2008-4479
 14990 || WEB-MISC Novell eDirectory SOAP Accept Charset header overflow attempt || cve,2008-4479
 14991 || SQL IBM DB2 Universal Database xmlquery buffer overflow attempt || bugtraq,29601 || cve,2008-3854
@@ -14253,7 +14254,7 @@
 15080 || MULTIMEDIA VideoLAN VLC Media Player WAV processing integer overflow attempt || bugtraq,30058 || cve,2008-2430
 15081 || WEB-CLIENT Sun Java Web Start xml encoding buffer overflow attempt || bugtraq,28083 || cve,2008-1188 || url,sunsolve.sun.com/search/document.do?assetkey=1-66-233323-1
 15123 || WEB-CLIENT Rich Text Format file request
-15126 || WEB-CLIENT Internet Explorer nested span tag memory corruption attempt || bugtraq,32721 || cve,2008-4844 || url,www.microsoft.com/technet/security/bulletin/ms08-078.mspx
+15126 || WEB-CLIENT Internet Explorer nested tag memory corruption attempt || bugtraq,32721 || cve,2008-4844 || url,www.microsoft.com/technet/security/bulletin/ms08-078.mspx
 15127 || NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX andx attempt || bugtraq,32710 || cve,2008-5416 || url,www.microsoft.com/technet/security/bulletin/MS09-004.mspx
 15128 || NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX attempt || bugtraq,32710 || cve,2008-5416 || url,www.microsoft.com/technet/security/bulletin/MS09-004.mspx
 15129 || NETBIOS SMB sp_replwritetovarbin vulnerable function WriteAndX unicode andx attempt || bugtraq,32710 || cve,2008-5416 || url,www.microsoft.com/technet/security/bulletin/MS09-004.mspx
@@ -14274,15 +14275,15 @@
 15144 || SQL sp_replwritetovarbin vulnerable function attempt || bugtraq,32710 || cve,2008-5416 || url,www.microsoft.com/technet/security/bulletin/MS09-004.mspx
 15145 || EXPLOIT Apple CUPS TrueColor PNG filter overly large image height integer overflow attempt || bugtraq,32518 || cve,2008-5286 || url,www.cups.org/str.php?L2974
 15146 || EXPLOIT Apple CUPS RGB+Alpha PNG filter overly large image height integer overflow attempt || bugtraq,32518 || cve,2008-5286 || url,www.cups.org/str.php?L2974
-15147 || SPECIFIC-THREATS Microsoft IE malformed iframe buffer overflow attempt || cve,2004-1050
+15147 || WEB-CLIENT Microsoft IE malformed iframe buffer overflow attempt || cve,2004-1050
 15150 || CHAT Jive Software Openfire Jabber Server login Authentication bypass attempt || bugtraq,32189
 15151 || CHAT Jive Software Openfire Jabber Server logout Authentication bypass attempt || bugtraq,32189
 15152 || CHAT Jive Software Openfire Jabber Server setup-index Authentication bypass attempt || bugtraq,32189
-15153 || CHAT Jive Software Openfire Jabber Server setup Authentication bypass attempt || bugtraq,32189
+15153 || CHAT Jive Software Openfire Jabber Server setup Authentication bypass attempt || bugtraq,32189 || cve,2008-6509
 15154 || CHAT Jive Software Openfire Jabber Server gif Authentication bypass attempt || bugtraq,32189
 15155 || CHAT Jive Software Openfire Jabber Server png Authentication bypass attempt || bugtraq,32189
 15156 || CHAT Jive Software Openfire Jabber Server serverdown Authentication bypass attempt || bugtraq,32189
-15157 || WEB-CLIENT VideoLAN VLC Media Player XSPF memory corruption attempt || cve,2008-4558
+15157 || WEB-CLIENT VideoLAN VLC Media Player XSPF memory corruption attempt TEST || cve,2008-4558
 15158 || WEB-MISC XML Shareable Playlist Format file download attempt
 15159 || WEB-ACTIVEX Evans FTP ActiveX clsid access || bugtraq,32814
 15160 || WEB-ACTIVEX Evans FTP ActiveX clsid unicode access || bugtraq,32814
@@ -14315,7 +14316,7 @@
 15187 || MISC Multiple vendors CUPS HPGL filter remote code execution attempt || bugtraq,31688 || cve,2008-3641
 15188 || MISC Multiple vendors CUPS HPGL filter remote code execution attempt || bugtraq,31688 || cve,2008-3641 || url,www.cups.org/str.php?L2911
 15189 || MISC Multiple vendors CUPS HPGL filter remote code execution attempt || bugtraq,31688 || cve,2008-3641 || url,www.cups.org/str.php?L2911
-15190 || WEB-MISC Youngzsoft CCProxy CONNECT Request buffer overflow attempt || bugtraq,31416
+15190 || WEB-MISC Youngzsoft CCProxy CONNECT Request buffer overflow attempt || bugtraq,31416 || cve,2008-6415
 15191 || SPECIFIC-THREATS Mozilla Firefox animated PNG processing integer overflow || cve,2008-4064
 15192 || WEB-ACTIVEX SizerOne ActiveX clsid access || bugtraq,33148 || cve,2008-4827
 15193 || WEB-ACTIVEX SizerOne ActiveX clsid unicode access || bugtraq,33148 || cve,2008-4827
@@ -14396,10 +14397,10 @@
 15308 || WEB-ACTIVEX Microsoft Animation Control ActiveX clsid unicode access || url,support.microsoft.com/kb/960715
 15309 || WEB-ACTIVEX Microsoft Animation Control ActiveX function call access || url,support.microsoft.com/kb/960715
 15310 || WEB-ACTIVEX Microsoft Animation Control ActiveX function call unicode access || url,support.microsoft.com/kb/960715
-15311 || WEB-ACTIVEX Research In Motion AxLoader ActiveX clsid access || url,support.microsoft.com/kb/960715
-15312 || WEB-ACTIVEX Research In Motion AxLoader ActiveX clsid unicode access || url,support.microsoft.com/kb/960715
-15313 || WEB-ACTIVEX Research In Motion AxLoader ActiveX function call access || url,support.microsoft.com/kb/960715
-15314 || WEB-ACTIVEX Research In Motion AxLoader ActiveX function call unicode access || url,support.microsoft.com/kb/960715
+15311 || WEB-ACTIVEX Research In Motion AxLoader ActiveX clsid access || bugtraq,33663 || cve,2009-0305 || url,support.microsoft.com/kb/960715
+15312 || WEB-ACTIVEX Research In Motion AxLoader ActiveX clsid unicode access || bugtraq,33663 || cve,2009-0305 || url,support.microsoft.com/kb/960715
+15313 || WEB-ACTIVEX Research In Motion AxLoader ActiveX function call access || bugtraq,33663 || cve,2009-0305 || url,support.microsoft.com/kb/960715
+15314 || WEB-ACTIVEX Research In Motion AxLoader ActiveX function call unicode access || bugtraq,33663 || cve,2009-0305 || url,support.microsoft.com/kb/960715
 15315 || WEB-ACTIVEX Akamai DownloadManager ActiveX clsid access || url,support.microsoft.com/kb/960715
 15316 || WEB-ACTIVEX Akamai DownloadManager ActiveX clsid unicode access || url,support.microsoft.com/kb/960715
 15317 || WEB-ACTIVEX Akamai DownloadManager ActiveX function call access || url,support.microsoft.com/kb/960715
@@ -14508,9 +14509,9 @@
 15428 || WEB-CLIENT Mozilla Firefox SVG data processing memory corruption attempt || bugtraq,33990 || cve,2009-0771 || url,www.mozilla.org/security/announce/2009/mfsa2009-07.html
 15429 || CONTENT-REPLACE Yahoo Messenger deny outbound login attempt
 15430 || WEB-CLIENT Microsoft EMF+ GpFont.SetData buffer overflow attempt || bugtraq,34250 || cve,2009-1217
-15431 || SPECIFIC-THREATS Firefox 3 xsl parsing heap overflow attempt || bugtraq,34235 || cve,2009-1169
+15431 || SPECIFIC-THREATS Firefox 3 xsl parsing heap overflow attempt || bugtraq,34235 || cve,2009-1169 || url,www.mozilla.org/security/announce/2009/mfsa2009-12.html
 15432 || WEB-PHP wordpress cat parameter arbitrary file execution attempt || bugtraq,28845 || cve,2008-4769
-15434 || WEB-MISC HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt || bugtraq,34294 || cve,2009-0920
+15434 || WEB-MISC HP OpenView Network Node Manager OvOSLocale parameter buffer overflow attempt || bugtraq,34134 || cve,2009-0920
 15435 || EXPLOIT IBM Director CIM server consumer name handling denial of service attempt || bugtraq,34061 || cve,2009-0879
 15436 || EXPLOIT IBM Tivoli Storage Manager Express Backup counter heap corruption attempt || bugtraq,34077 || cve,2008-4563 || url,www-01.ibm.com/support/docview.wss?uid=swg21377388
 15437 || EXPLOIT IBM Tivoli Storage Manager Express Backup message length heap corruption attempt || bugtraq,34077 || cve,2008-4563 || url,www-01.ibm.com/support/docview.wss?uid=swg21377388
@@ -14518,18 +14519,18 @@
 15439 || CONTENT-REPLACE QQ 2009 deny tcp login
 15440 || CONTENT-REPLACE QQ 2008 deny udp login
 15441 || CONTENT-REPLACE QQ 2009 deny tcp login
-15442 || MYSQL XML Functions ExtractValue Scalar XPath denial of service attempt || cve,2009-0819 || url,dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html || url,secunia.com/advisories/34115
-15443 || MYSQL XML Functions UpdateXML Scalar XPath denial of service attempt || cve,2009-0819 || url,dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html || url,secunia.com/advisories/34115
+15442 || MYSQL XML Functions ExtractValue Scalar XPath denial of service attempt || bugtraq,33972 || cve,2009-0819 || url,dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html || url,secunia.com/advisories/34115
+15443 || MYSQL XML Functions UpdateXML Scalar XPath denial of service attempt || bugtraq,33972 || cve,2009-0819 || url,dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html || url,secunia.com/advisories/34115
 15444 || WEB-MISC Core Audio Format file download attempt
 15445 || ORACLE Oracle Application Server BPEL module cross site scripting attempt || cve,2008-4014
-15446 || WEB-MISC Novell eDirectory management console Accept-Language buffer overflow attempt || cve,2008-5094 || url,download.novell.com/Download?buildid=Cf15mVyA3GI~
+15446 || WEB-MISC Novell eDirectory management console Accept-Language buffer overflow attempt || bugtraq,31553 || cve,2008-4479 || cve,2008-5094 || url,download.novell.com/Download?buildid=Cf15mVyA3GI~
 15447 || DELETED WEB-CLIENT Firefox XML parser memory corruption attempt || cve,2009-1232
 15448 || NETBIOS DCERPC NCADG-IP-UDP srvsvc NetrShareEnum null policy handle attempt || arachnids,454
 15463 || WEB-CLIENT Microsoft Excel file request
 15464 || WEB-CLIENT Microsoft Excel file request
 15471 || WEB-CLIENT asp file upload
 15472 || WEB-CLIENT Nullsoft Winamp pls file player name handling buffer overflow attempt || bugtraq,16410 || cve,2006-0476
-15473 || WEB-CLIENT Multiple media players M3U playlist file handling buffer overflow attempt || bugtraq,16410 || bugtraq,21206 || cve,2006-0476 || cve,2006-6063
+15473 || WEB-CLIENT Multiple media players M3U playlist file handling buffer overflow attempt || bugtraq,16410 || bugtraq,16623 || bugtraq,21206 || cve,2006-0476 || cve,2006-0708 || cve,2006-6063
 15476 || SPYWARE-PUT Waledac spam bot HTTP POST request || url,blogs.technet.com/mmpc/archive/2009/04/14/wheres-waledac.aspx
 15477 || EXPLOIT Oracle BEA WebLogic overlong JESSIONID buffer overflow attempt || cve,2008-5457
 15478 || SPECIFIC-THREATS Adobe Flash Player invalid object reference code execution attempt || bugtraq,33880 || cve,2009-0520
@@ -14537,7 +14538,7 @@
 15481 || BOTNET-CNC Zeus/Zbot malware config file download request || url,www.viruslist.com/en/viruses/encyclopedia?virusid=21782783
 15482 || EXPLOIT Sun Java System sockd authentication buffer overflow attempt || cve,2007-2881
 15483 || WEB-MISC Adobe Shockwave Flash file request
-15484 || IMAP CRAM-MD5 authentication method buffer overflow || bugtraq,11675 || bugtraq,23172 || cve,2004-1520 || cve,2007-1675
+15484 || IMAP CRAM-MD5 authentication method buffer overflow || bugtraq,11675 || bugtraq,14317 || bugtraq,23172 || cve,2004-1520 || cve,2007-1675
 15485 || SPECIFIC-THREATS IBM Lotus Notes DOC attachment viewer buffer overflow || bugtraq,26146 || cve,2007-5544
 15486 || DELETED BACKDOOR Kraken command and control server search attempt || url,www.securityfocus.com/brief/743
 15487 || MULTIMEDIA Apple QuickTime SMIL qtnext redirect file execution attempt || bugtraq,29650 || cve,2008-1585
@@ -14604,7 +14605,7 @@
 15582 || WEB-MISC ARJ format file download attempt
 15583 || WEB-CLIENT F-Secure AntiVirus library heap overflow attempt || bugtraq,12515 || cve,2005-0350
 15584 || SQL char and sysobjects - possible sql injection recon attempt || url,isc.sans.org/diary.html?storyid=3823
-15585 || WEB-CLIENT Excel file download request
+15585 || DELETED WEB-CLIENT Excel file download request
 15586 || WEB-CLIENT Powerpoint file download request
 15587 || WEB-CLIENT Word file download request
 15588 || WEB-ACTIVEX Microsoft Video 1 ActiveX clsid access || cve,2008-0015 || url,www.microsoft.com/technet/security/Bulletin/MS09-032.mspx || url,www.microsoft.com/technet/security/advisory/972890.mspx
@@ -14692,14 +14693,14 @@
 15670 || WEB-ACTIVEX Microsoft Video 6 ActiveX clsid access || bugtraq,35558 || cve,2008-0015 || cve,2009-0901 || url,www.microsoft.com/technet/security/Bulletin/MS09-032.mspx || url,www.microsoft.com/technet/security/Bulletin/MS09-037.mspx || url,www.microsoft.com/technet/security/Bulletin/MS09-060.mspx || url,www.microsoft.com/technet/security/advisory/972890.mspx
 15671 || WEB-ACTIVEX Microsoft Video 6 ActiveX clsid unicode access || bugtraq,35558 || cve,2008-0015 || cve,2009-0901 || url,www.microsoft.com/technet/security/Bulletin/MS09-032.mspx || url,www.microsoft.com/technet/security/Bulletin/MS09-037.mspx || url,www.microsoft.com/technet/security/Bulletin/MS09-060.mspx || url,www.microsoft.com/technet/security/advisory/972890.mspx
 15672 || WEB-ACTIVEX Microsoft Video 7 ActiveX clsid access || cve,2008-0015 || url,www.microsoft.com/technet/security/Bulletin/MS09-032.mspx || url,www.microsoft.com/technet/security/advisory/972890.mspx
-15673 || WEB-ACTIVEX Microsoft Video 7 ActiveX clsid unicode access || cve,2008-0015 || url,www.microsoft.com/technet/security/Bulletin/MS09-032.mspx || url,www.microsoft.com/technet/security/advisory/972890.mspx
+15673 || DELETED WEB-ACTIVEX Microsoft Video 7 ActiveX clsid unicode access || cve,2008-0015 || url,www.microsoft.com/technet/security/Bulletin/MS09-032.mspx || url,www.microsoft.com/technet/security/advisory/972890.mspx
 15674 || WEB-ACTIVEX Microsoft Video 8 ActiveX clsid access || cve,2008-0015 || url,www.microsoft.com/technet/security/Bulletin/MS09-032.mspx || url,www.microsoft.com/technet/security/advisory/972890.mspx
 15675 || WEB-ACTIVEX Microsoft Video 8 ActiveX clsid unicode access || cve,2008-0015 || url,www.microsoft.com/technet/security/Bulletin/MS09-032.mspx || url,www.microsoft.com/technet/security/advisory/972890.mspx
 15676 || WEB-ACTIVEX Microsoft Video 9 ActiveX clsid access || cve,2008-0015 || url,www.microsoft.com/technet/security/Bulletin/MS09-032.mspx || url,www.microsoft.com/technet/security/advisory/972890.mspx
 15677 || WEB-ACTIVEX Microsoft Video 9 ActiveX clsid unicode access || cve,2008-0015 || url,www.microsoft.com/technet/security/Bulletin/MS09-032.mspx || url,www.microsoft.com/technet/security/advisory/972890.mspx
 15678 || SPECIFIC-THREATS Microsoft DirectShow ActiveX exploit via JavaScript || cve,2008-0015 || url,www.microsoft.com/technet/security/advisory/972890.mspx || url,www.microsoft.com/technet/security/bulletin/ms09-032.mspx
 15679 || SPECIFIC-THREATS Microsoft DirectShow ActiveX exploit via JavaScript - unicode encoding || cve,2008-0015 || url,www.microsoft.com/technet/security/advisory/972890.mspx || url,www.microsoft.com/technet/security/bulletin/ms09-032.mspx
-15684 || MISC Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt || bugtraq,25945 || cve,2007-3896 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
+15684 || EXPLOIT Multiple product snews uri handling code execution attempt || bugtraq,25053 || bugtraq,25945 || cve,2007-3845 || cve,2007-3896 || cve,2007-4041 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
 15696 || DELETED SPECIFIC-THREATS Mozilla Firefox 3.5 TraceMonkey JavaScript engine uninitialized memory corruption attempt || bugtraq,35660 || cve,2009-2477 || url,www.kb.cert.org/vuls/id/443060
 15697 || WEB-CLIENT Generic javascript obfuscation attempt || bugtraq,35660
 15698 || WEB-CLIENT Possible generic javascript heap spray attempt || bugtraq,35660
@@ -14767,7 +14768,7 @@
 15889 || EXPLOIT SAPLPD 0x32 command buffer overflow attempt || bugtraq,27613 || cve,2008-0621
 15890 || EXPLOIT SAPLPD 0x33 command buffer overflow attempt || bugtraq,27613 || cve,2008-0621
 15891 || EXPLOIT SAPLPD 0x34 command buffer overflow attempt || bugtraq,27613 || cve,2008-0621
-15892 || EXPLOIT SAPLPD 0x53 command buffer overflow attempt || bugtraq,27613 || cve,2008-0621
+15892 || DOS SAPLPD 0x53 command denial of service attempt || bugtraq,27613 || cve,2008-0621
 15893 || WEB-CLIENT fCreateShellLink function use - potential attack || bugtraq,29792 || cve,2008-2959
 15894 || SPECIFIC-THREATS Microsoft Color Management Module remote code execution attempt || cve,2005-1219 || url,www.microsoft.com/technet/security/bulletin/ms05-016.mspx
 15895 || DELETED CHAT Pidgin MSN P2P message 64bit integer overflow attempt || bugtraq,35067 || cve,2009-1376 || cve,2009-2694
@@ -14785,7 +14786,7 @@
 15907 || EXPLOIT Linux Kernel DCCP Protocol Handler dccp_setsockopt_change integer overflow attempt || bugtraq,30704 || cve,2008-3276
 15908 || WEB-MISC Trend Micro OfficeScan multiple CGI modules HTTP form processing buffer overflow attempt || cve,2008-3862
 15909 || WEB-CLIENT Apple QuickTime VR Track Header Atom heap corruption attempt || bugtraq,33384 || cve,2009-0002 || url,support.apple.com/kb/HT3403
-15910 || SPECIFIC-THREATS Microsoft IE objects handling memory corruption attempt || bugtraq,30614 || cve,2008-2254
+15910 || EXPLOIT Microsoft Internet Explorer getElementById object corruption || bugtraq,30614 || cve,2008-2254 || url,www.microsoft.com/technet/security/Bulletin/MS08-045.mspx
 15911 || NETBIOS DCERPC NCACN-IP-TCP spoolss RouteRefreshPrinterChangeNotification attempt || cve,2007-2446
 15921 || WEB-CLIENT Microsoft media format file download request
 15922 || WEB-CLIENT mp3 file download request
@@ -14825,7 +14826,6 @@
 15956 || ORACLE http Server mod_access restriction bypass attempt || bugtraq,13418 || cve,2005-1383
 15957 || WEB-CLIENT Sophos Anti-Virus zip file handling DoS attempt || bugtraq,14270 || cve,2005-1530
 15958 || WEB-MISC Novell ZENworks Remote Management overflow attempt || bugtraq,13678 || cve,2005-1543
-15959 || SPECIFIC-THREATS Microsoft ASP.NET viewstate DoS attempt || cve,2005-1665
 15960 || SPECIFIC-THREATS Novell eDirectory MS-DOS device name DoS attempt || cve,2005-1729
 15961 || SPECIFIC-THREATS 3Com Network Supervisor directory traversal attempt || bugtraq,14715 || cve,2005-2020
 15962 || SPECIFIC-THREATS Sybase EAServer WebConsole overflow attempt || bugtraq,14287 || cve,2005-2297
@@ -14851,8 +14851,8 @@
 15987 || WEB-MISC Microsoft Visio DXF file download request
 15988 || SPECIFIC-THREATS Microsoft ISA Server DNS spoofing attempt || bugtraq,11605 || cve,2004-0892
 15989 || EXPLOIT Squid ASN.1 header parsing denial of service attempt || bugtraq,11385 || cve,2004-0918
-15990 || WEB-MISC Macromedia JRun 4.x server file disclosure attempt || bugtraq,11245 || cve,2004-0928
-15991 || SPECIFIC-THREATS Multiple vendor DNS message decompression denial of service attempt || bugtraq,13729 || cve,2005-0036
+15990 || WEB-MISC Multiple Vendor server file disclosure attempt || bugtraq,11245 || bugtraq,19106 || cve,2004-0928 || cve,2006-3853
+15991 || DOS Multiple vendor DNS message decompression denial of service attempt || bugtraq,13729 || cve,2005-0036
 15992 || SPECIFIC-THREATS Trend Micro Products Antivirus Library overflow attempt || bugtraq,12643 || cve,2005-0533
 15993 || SPECIFIC-THREATS Adobe Flash Player ActionScript intrf_count integer overflow attempt || bugtraq,35907 || cve,2009-1869
 15994 || SPECIFIC-THREATS Squid strListGetItem denial of service attempt || bugtraq,36091 || cve,2009-2855
@@ -14868,7 +14868,7 @@
 16005 || SPECIFIC-THREATS Mozilla browsers JavaScript argument passing code execution attempt || bugtraq,22694 || cve,2007-0777
 16006 || SPECIFIC-THREATS Quicktime color table id memory corruption attempt || bugtraq,22839 || cve,2007-0718 || url,docs.info.apple.com/article.html?artnum=305149
 16007 || SPECIFIC-THREATS Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt || bugtraq,23771 || cve,2007-0944 || url,www.microsoft.com/technet/security/bulletin/ms07-027.mspx
-16008 || SPECIFIC-THREATS Microsoft Internet Explorer 7 html object memory corruption attempt || bugtraq,23772 || cve,2007-0947
+16008 || WEB-MISC Microsoft Internet Explorer 7 html object memory corruption attempt || cve,2007-0947
 16009 || SPECIFIC-THREATS Mozilla products overflow event handling memory corruption attempt || bugtraq,24376 || cve,2007-2876
 16010 || SPECIFIC-THREATS Microsoft Internet Explorer Javascript Page update race condition attempt || bugtraq,24283 || cve,2007-3091
 16011 || SPECIFIC-THREATS Microsoft Internet Explorer CSS property method handling memory corruption attempt || bugtraq,23769 || cve,2007-0945
@@ -14895,9 +14895,9 @@
 16032 || WEB-CLIENT Microsoft Internet Explorer HTML Decoding memory corruption attempt || bugtraq,18309 || cve,2006-2382
 16033 || SPECIFIC-THREATS Microsoft Internet Explorer compressed content attempt || bugtraq,19987 || cve,2006-3873
 16034 || SPECIFIC-THREATS Samba spools RPC smb_io_notify_option_type_data request handling buffer overflow attempt || cve,2007-2446
-16035 || SPECIFIC-THREATS Microsoft Internet Explorer createTextRange code execution attempt || bugtraq,17196 || cve,2006-1359
-16036 || SPECIFIC-THREATS Mozilla Products QueryInterface method memory corruption attempt || bugtraq,16476 || cve,2006-0295
-16037 || SPECIFIC-THREATS Mozilla products graphics and XML features integer overflows attempt || bugtraq,16476 || cve,2006-0297
+16035 || WEB-CLIENT Microsoft Internet Explorer createTextRange code execution attempt || bugtraq,17196 || cve,2006-1359
+16036 || WEB-CLIENT Mozilla Products QueryInterface method memory corruption attempt || bugtraq,16476 || cve,2006-0295
+16037 || WEB-CLIENT Mozilla products graphics and XML features integer overflows attempt || bugtraq,16476 || cve,2006-0297
 16038 || MISC Mozilla Thunderbird WYSIWIG engine filtering IFRAME JavaScript execution attempt || bugtraq,16770 || cve,2006-0884
 16039 || MISC EMC Dantz Retrospect Backup Agent denial of service attempt || cve,2006-0995
 16040 || EXPLOIT SpamAssassin spamd vpopmail and paranoid options code execution attempt || bugtraq,18290 || cve,2006-2447
@@ -14915,7 +14915,7 @@
 16052 || WEB-CLIENT Novell iManager Tomcat http post handling DoS attempt || bugtraq,20841 || cve,2006-4517
 16053 || WEB-CLIENT GNU tar PAX extended headers handling overflow attempt || bugtraq,16764 || cve,2006-0300
 16054 || WEB-CLIENT Quicktime bitmap multiple header overflow || bugtraq,17953 || cve,2006-2238
-16055 || SPECIFIC-THREATS Apple iTunes AAC file handling integer overflow attempt || bugtraq,18730 || cve,2006-1467
+16055 || WEB-CLIENT Apple iTunes AAC file handling integer overflow attempt || bugtraq,18730 || cve,2006-1467
 16056 || WEB-MISC Symantec Scan Engine authentication bypass attempt || bugtraq,17637 || cve,2006-0230
 16057 || SPECIFIC-THREATS sendmail smtp timeout buffer overflow attempt || bugtraq,17192 || cve,2006-0058
 16058 || SPECIFIC-THREATS Samba WINS Server Name Registration handling stack buffer overflow attempt || bugtraq,26455 || cve,2007-5398
@@ -15161,7 +15161,7 @@
 16406 || WEB-MISC JPEG file download attempt
 16407 || WEB-MISC JPEG file download attempt
 16424 || WEB-ACTIVEX Windows Script Host Shell Object ActiveX clsid access || url,www.exploit-db.com/exploits/11457
-16425 || WEB-CLIENT Portable Executable binary file transfer || url,www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
+16425 || WEB-CLIENT request for Portable Executable binary file || url,www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
 16426 || WEB-MISC Sun Java System Web Server 7.0 WebDAV format string exploit attempt - PROPFIND method || bugtraq,37910 || cve,2010-0388
 16427 || WEB-MISC Sun Java System Web Server 7.0 WebDAV format string exploit attempt - LOCK method || bugtraq,37910 || cve,2010-0388
 16428 || EXPLOIT Microsoft Outlook Express and Windows Mail NNTP handling buffer overflow attempt || cve,2007-3897 || url,www.microsoft.com/technet/security/Bulletin/MS07-056.mspx
@@ -15180,7 +15180,7 @@
 16441 || BOTNET-CNC Possible Zeus User-Agent - Download || url,en.wikipedia.org/wiki/Zeus_(trojan_horse)
 16442 || BOTNET-CNC Possible Zeus User-Agent - Mozilla || url,en.wikipedia.org/wiki/Zeus_(trojan_horse)
 16443 || CHAT deny Gmail chat DNS request
-16444 || SPECIFIC-THREAT HP StorageWorks storage mirroring double take service code execution attempt || cve,2008-1661 || url,h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01362558
+16444 || SPECIFIC-THREATS HP StorageWorks storage mirroring double take service code execution attempt || cve,2008-1661 || url,h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01362558
 16445 || SPECIFIC-THREATS Digium Asterisk IAX2 ack response denial of service attempt || bugtraq,28901 || cve,2008-1897 || url,downloads.digium.com/pub/security/AST-2008-006.html
 16446 || RPC portmap Solaris sadmin tcp request || bugtraq,31751 || cve,2008-4556
 16447 || RPC portmap Solaris sadmin udp request || bugtraq,31751 || cve,2008-4556
@@ -15225,7 +15225,7 @@
 16500 || NETBIOS DCERPC NCACN-IP-TCP dns R_DnssrvEnumRecords overflow attempt || bugtraq,23470 || cve,2007-1748 || url,www.microsoft.com/technet/security/Bulletin/MS07-029.mspx
 16501 || WEB-CLIENT Mozilla Firefox WOFF font processing integer overflow attempt - TrueType || bugtraq,38298 || cve,2010-1028 || url,www.kb.cert.org/vuls/id/964549
 16502 || WEB-CLIENT Mozilla Firefox WOFF font processing integer overflow attempt - CFF-based || bugtraq,38298 || cve,2010-1028 || url,www.kb.cert.org/vuls/id/964549
-16513 || SQL Jive Software Openfire Jabber Server SQL injection attempt || bugtraq,32189 || cve,2008-6509
+16513 || SQL Jive Software Openfire Jabber Server SQL injection attempt || bugtraq,32189 || cve,2008-6508 || cve,2008-6509 || cve,2008-6510
 16514 || CHAT Trillian AIM XML tag handling heap buffer overflow attempt || bugtraq,32645 || cve,2008-5403 || url,dev.aol.com/aim/oscar/
 16515 || SMTP Novell Groupwise Internet Agent RCPT command overflow attempt || bugtraq,33560 || cve,2009-0410
 16516 || ORACLE Database sys.olapimpl_t package odcitablestart overflow attempt || cve,2008-3974
@@ -15233,7 +15233,7 @@
 16518 || WEB-CLIENT Free Download Manager .torrent parsing announce overflow attempt || bugtraq,33555 || cve,2009-0184
 16519 || WEB-CLIENT Free Download Manager .torrent parsing name overflow attempt || bugtraq,33555 || cve,2009-0184
 16520 || WEB-CLIENT Free Download Manager .torrent parsing path overflow attempt || bugtraq,33555 || cve,2009-0184
-16521 || WEB-CLIENT Squid Proxy http version number overflow attempt || bugtraq,33604 || cve,2009-4562
+16521 || WEB-CLIENT Squid Proxy http version number overflow attempt || bugtraq,33604 || cve,2009-0478
 16522 || WEB-CLIENT Novell QuickFinder server cross-site-scripting attempt || cve,2009-0611
 16523 || POLICY PDF with click-to-launch executable || url,blog.didierstevens.com/2010/03/29/escape-from-pdf/ || url,blogs.adobe.com/adobereader/2010/04/didier_stevens_launch_function.html
 16524 || FTP ProFTPD username sql injection attempt || bugtraq,33722 || cve,2009-0542
@@ -15748,7 +15748,7 @@
 17100 || WEB-ACTIVEX CommuniCrypt Mail ANSMTP.dll/AOSMTP.dll ActiveX clsid unicode access || url,osvdb.org/show/osvdb/64839
 17101 || WEB-ACTIVEX CommuniCrypt Mail ANSMTP.dll/AOSMTP.dll ActiveX function call access || url,osvdb.org/show/osvdb/64839
 17102 || WEB-ACTIVEX CommuniCrypt Mail ANSMTP.dll/AOSMTP.dll ActiveX function call unicode access || url,osvdb.org/show/osvdb/64839
-17103 || WEB-IIS IIS 5.1 alternate data stream authentication bypass attempt || url,soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/ || url,www.vupen.com/english/advisories/2010/1681
+17103 || WEB-IIS IIS 5.1 alternate data stream authentication bypass attempt || cve,2010-2731 || url,www.microsoft.com/technet/security/bulletin/MS10-065.mspx
 17104 || WEB-CLIENT FeedDemon OPML file handling buffer overflow attempt || bugtraq,33630 || cve,2009-0546
 17105 || WEB-CLIENT FeedDemon unicode OPML file handling buffer overflow attempt || bugtraq,33630 || cve,2009-0546
 17106 || WEB-MISC download of RMF file - potentially malicious || bugtraq,39077 || cve,2010-0842
@@ -15803,4 +15803,908 @@
 17206 || RPC Multiple vendors librpc.dll stack buffer overflow attempt - tcp || bugtraq,38472 || cve,2009-2754
 17207 || EXPLOIT IBM Cognos Server backdoor account remote code execution attempt || bugtraq,38084 || cve,2010-0557
 17208 || EXPLOIT Squid Proxy HTCP packet processing denial of service attempt || bugtraq,38212 || cve,2010-0639
-17209 || SQL IBM DB2 DATABASE SERVER SQL REPEAT Buffer Overflow || bugtraq,37976
+17209 || SQL IBM DB2 DATABASE SERVER SQL REPEAT Buffer Overflow || bugtraq,37976 || cve,2010-0462
+17210 || POLICY Portable Executable binary file transfer over SMB
+17211 || WEB-CLIENT Quicktime marshaled punk remote code execution || cve,2010-1818
+17212 || WEB-CLIENT Mozilla Firefox JavaScript eval arbitrary code execution attempt || cve,2005-1532 || url,secunia.com/advisories/15528/
+17213 || WEB-CLIENT Mozilla Firefox Chrome Page Loading Restriction Bypass attempt || cve,2005-2706 || url,secunia.com/advisories/16911/
+17214 || SPECIFIC-THREATS Adobe Reader and Acrobat libtiff TIFFFetchShortPair stack buffer overflow attempt || cve,2006-3459 || cve,2010-0188
+17215 || SPECIFIC-THREATS Adobe Reader and Acrobat libtiff TIFFFetchShortPair stack buffer overflow attempt || cve,2006-3459 || cve,2010-0188
+17216 || WEB-CLIENT Apple Safari TABLE tag with large CELLSPACING attribute exploit attempt || bugtraq,17634 || cve,2006-1986
+17217 || WEB-CLIENT Apple Safari invalid FRAME tag remote code execution attempt || bugtraq,17634 || cve,2006-1987
+17218 || WEB-CLIENT Apple Safari LI tag with large VALUE attribute exploit attempt || bugtraq,17634 || cve,2006-1988
+17219 || SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt || bugtraq,14784 || cve,2005-2871
+17220 || SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt || bugtraq,14784 || cve,2005-2871
+17221 || SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt || bugtraq,14784 || cve,2005-2871
+17222 || SPECIFIC-THREATS Firefox domain name handling buffer overflow attempt || bugtraq,14784 || cve,2005-2871
+17223 || SPECIFIC-THREATS Adobe Flash Player navigateToURL cross-site scripting attempt || bugtraq,26960 || cve,2007-6244
+17224 || SMTP McAfee WebShield SMTP bounce message format string attempt || bugtraq,16742 || cve,2006-0559
+17225 || SPECIFIC-THREATS Alt-N MDaemon WorldClient invalid user || cve,2008-2631
+17226 || WEB-ACTIVEX AXIS Camera ActiveX initialization via script || bugtraq,33408 || cve,2008-5260
+17227 || WEB-CLIENT Microsoft Excel sheet name memory corruption attempt || bugtraq,24691 || cve,2007-3490
+17228 || SPECIFIC-THREATS Microsoft Windows Media Player skin decompression code execution attempt || bugtraq,25307 || cve,2007-3035
+17229 || WEB-CLIENT Tiff file download - little-endian
+17230 || WEB-CLIENT Tiff file download - big-endian
+17231 || WEB-CLIENT Microsoft Kodak Imaging small offset malformed tiff - little-endian || cve,2007-2217 || url,www.microsoft.com/technet/security/Bulletin/MS07-055.mspx
+17232 || WEB-CLIENT Microsoft Kodak Imaging large offset malformed tiff - big-endian || cve,2007-2217 || url,www.microsoft.com/technet/security/Bulletin/MS07-055.mspx
+17233 || SPECIFIC-THREATS Adobe Reader and Acrobat TTF SING table parsing remote code execution attempt || cve,2010-2883 || url,www.adobe.com/support/security/advisories/apsa10-02.html
+17234 || SPECIFIC-THREATS VBMania mass mailing worm activity || url,www.virustotal.com/file-scan/report.html?id=fedb7b404754cf85737fb7e50f33324b84eb4c0b98024c7d3302039a901b04b7-1284133892
+17235 || SPECIFIC-THREATS VBMania mass mailing worm download attempt || url,www.virustotal.com/file-scan/report.html?id=fedb7b404754cf85737fb7e50f33324b84eb4c0b98024c7d3302039a901b04b7-1284133892
+17236 || WEB-CLIENT Mozilla Firefox nsPropertyTable PropertyList memory corruption attempt || cve,2009-3070 || url,secunia.com/advisories/36671/
+17237 || DELETED WEB-CLIENT XBM file download
+17238 || WEB-CLIENT ACD Systems ACDSee Products XBM file handling buffer overflow attempt || bugtraq,37685 || url,osvdb.org/show/osvdb/63643
+17239 || IMAP Alt-N MDaemon IMAP server CREATE command buffer overflow attempt || bugtraq,14315
+17240 || IMAP Alt-N MDaemon IMAP server CREATE command buffer overflow attempt || bugtraq,14315
+17241 || WEB-CLIENT Microsoft wmv file download request
+17243 || EXPLOIT MIT Kerberos V5 krb5_recvauth double free attempt || bugtraq,14239 || cve,2005-1689
+17244 || SPECIFIC-THREATS Antivirus ACE file handling buffer overflow attempt || cve,2005-2385 || cve,2005-2720
+17245 || WEB-CLIENT Mozilla Firefox image dragging exploit attempt || cve,2005-0230
+17246 || DELETED SPECIFIC-THREATS Multiple vendor Antivirus magic byte detection evasion attempt || cve,2005-3370 || cve,2005-3371 || cve,2005-3372 || cve,2005-3373 || cve,2005-3374 || cve,2005-3375 || cve,2005-3376 || cve,2005-3377 || cve,2005-3378 || cve,2005-3379 || cve,2005-3380 || cve,2005-3381 || cve,2005-3382
+17247 || DELETED SPECIFIC-THREATS Multiple vendor Antivirus magic byte detection evasion attempt || cve,2005-3370 || cve,2005-3371 || cve,2005-3372 || cve,2005-3373 || cve,2005-3374 || cve,2005-3375 || cve,2005-3376 || cve,2005-3377 || cve,2005-3378 || cve,2005-3379 || cve,2005-3380 || cve,2005-3381 || cve,2005-3382
+17248 || DELETED SPECIFIC-THREATS Multiple vendor Antivirus magic byte detection evasion attempt || cve,2005-3370 || cve,2005-3371 || cve,2005-3372 || cve,2005-3373 || cve,2005-3374 || cve,2005-3375 || cve,2005-3376 || cve,2005-3377 || cve,2005-3378 || cve,2005-3379 || cve,2005-3380 || cve,2005-3381 || cve,2005-3382
+17257 || SPECIFIC-THREATS Adobe Flash Player and Reader remote code execution attempt || cve,2010-2884 || url,www.adobe.com/support/security/advisories/apsa10-03.html
+17258 || WEB-CLIENT Mozilla Firefox XUL tree element code execution attempt || bugtraq,34181 || cve,2009-1044
+17259 || WEB-CLIENT .mov file request
+17260 || SPECIFIC-THREATS Mozilla Firefox Javascript contentWindow in an iframe exploit attempt || bugtraq,17671 || cve,2006-1993
+17261 || WEB-CLIENT Microsoft Internet Explorer createTextRange code execution attempt || bugtraq,17196 || cve,2006-1359
+17262 || WEB-CLIENT Microsoft Internet Explorer createTextRange code execution attempt || bugtraq,17196 || cve,2006-1359
+17263 || SPECIFIC-THREATS Microsoft Internet Explorer createTextRange code execution attempt || bugtraq,17196 || cve,2006-1359
+17264 || ORACLE Permission declaration exploit attempt || bugtraq,38115 || cve,2010-0866
+17265 || WEB-CLIENT Mozilla Firefox plugin access control bypass attempt || bugtraq,12655 || cve,2005-0527
+17266 || SPECIFIC-THREATS Multiple vendor malformed ZIP archive Antivirus detection bypass attempt || bugtraq,12793 || url,ftp.aerasec.de/pub/advisories/unfiltered-escape-sequences/unfiltered-escape-sequences.txt || url,lists.grok.org.uk/pipermail/full-disclosure/2005-March/032530.html
+17267 || SPECIFIC-THREATS Multiple vendor malformed ZIP archive Antivirus detection bypass attempt || bugtraq,12793 || url,ftp.aerasec.de/pub/advisories/unfiltered-escape-sequences/unfiltered-escape-sequences.txt || url,lists.grok.org.uk/pipermail/full-disclosure/2005-March/032530.html
+17268 || SPECIFIC-THREATS Mozilla Firefox sidebar panel arbitrary code execution attempt || bugtraq,12884 || cve,2005-0402
+17269 || TELNET Client env_opt_add Buffer Overflow attempt || bugtraq,12919 || cve,2005-0468
+17270 || ORACLE DBMS_METADATA Package SQL Injection attempt || cve,2005-1197
+17271 || WEB-CLIENT Microsoft Windows Web View script injection attempt || bugtraq,13248 || cve,2005-1191
+17272 || WEB-CLIENT RealNetworks RealPlayer AVI parsing buffer overflow attempt || bugtraq,13530 || cve,2005-2052
+17273 || SPECIFIC-THREATS MIT Kerberos V5 KDC krb5_unparse_name overflow attempt || cve,2005-1174 || url,secunia.com/advisories/16041/
+17274 || SPECIFIC-THREATS MIT Kerberos V5 KDC krb5_unparse_name overflow attempt || cve,2005-1175 || url,secunia.com/advisories/16041/
+17275 || SPECIFIC-THREATS Symantec Brightmail AntiSpam nested Zip handling denial of service attempt || bugtraq,14757 || url,ftp.symantec.com/public/english_us_canada/products/sba/sba_60x/updates/release_notes_p157.txt
+17276 || MISC Multiple vendor Antivirus magic byte detection evasion attempt || cve,2005-3370 || cve,2005-3371 || cve,2005-3372 || cve,2005-3373 || cve,2005-3374 || cve,2005-3375 || cve,2005-3376 || cve,2005-3377 || cve,2005-3378 || cve,2005-3379 || cve,2005-3380 || cve,2005-3381 || cve,2005-3382
+17277 || WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt || cve,2005-3370 || cve,2005-3371 || cve,2005-3372 || cve,2005-3373 || cve,2005-3374 || cve,2005-3375 || cve,2005-3376 || cve,2005-3377 || cve,2005-3378 || cve,2005-3379 || cve,2005-3380 || cve,2005-3381 || cve,2005-3382
+17278 || WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt || cve,2005-3370 || cve,2005-3371 || cve,2005-3372 || cve,2005-3373 || cve,2005-3374 || cve,2005-3375 || cve,2005-3376 || cve,2005-3377 || cve,2005-3378 || cve,2005-3379 || cve,2005-3380 || cve,2005-3381 || cve,2005-3382
+17279 || WEB-MISC Ipswitch Whatsup Small Business directory traversal attempt || bugtraq,15291 || cve,2005-1939
+17280 || WEB-MISC Ipswitch Whatsup Small Business directory traversal attempt || bugtraq,15291 || cve,2005-1939
+17281 || SPECIFIC-THREATS Panda Antivirus ZOO archive decompression buffer overflow attempt || cve,2005-3922
+17282 || MISC Panda Antivirus ZOO archive decompression buffer overflow attempt || cve,2005-3922
+17283 || SMTP Mercury Mail Transport System Buffer Overflow attempt || bugtraq,16396 || cve,2005-4411
+17284 || WEB-CLIENT Microsoft Office malformed routing slip code execution attempt || bugtraq,17000 || cve,2006-0009
+17285 || WEB-CLIENT Microsoft Powerpoint PPT file parsing memory corruption attempt || bugtraq,18993 || cve,2006-3656
+17286 || SPECIFIC-THREATS Microsoft Visual Basic for Applications document properties overflow attempt || bugtraq,19414 || cve,2006-3649
+17287 || IMAP Cisco IOS HTTP service HTML injection attempt || bugtraq,15602 || cve,2005-3921
+17288 || SPECIFIC-THREATS Adobe Acrobat font parsing integer overflow attempt || bugtraq,44203 || cve,2010-2862
+17289 || SPECIFIC-THREATS GNU gzip LZH decompression make_table overflow attempt || cve,2006-4335 || url,secunia.com/advisories/21996/
+17290 || WEB-CLIENT Quicktime Plug-In Security Bypass || bugtraq,20138 || cve,2006-4965
+17291 || POLICY base64-encoded uri data object found || url,tools.ietf.org/html/rfc2397
+17292 || WEB-CLIENT Microsoft Powerpoint malformed data record code execution attempt || bugtraq,20322 || cve,2006-3876
+17293 || ORACLE sdo_lrs.convert_to_lrs_layer buffer overflow attempt || bugtraq,20588 || cve,2006-5340
+17294 || DOS Microsoft Windows NAT Helper DNS query denial of service attempt || bugtraq,20804 || cve,2006-5614
+17295 || WEB-MISC Trend Micro OfficeScan Console authentication buffer overflow attempt || bugtraq,24641 || bugtraq,24935 || cve,2007-3454 || cve,2007-3455
+17296 || WEB-MISC Outlook Web Access XSRF attempt || cve,2010-3213 || url,www.microsoft.com/technet/security/advisory/2401593.mspx
+17297 || SPECIFIC-THREATS McAfee VirusScan on-access scanner long unicode filename handling buffer overflow attempt || bugtraq,23543 || url,knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=612750&command=show&forward=nonthreadedKC
+17298 || MISC IBM Tivoli Monitoring Express Universal Agent Buffer Overflow || bugtraq,23558 || cve,2007-2137
+17299 || SPECIFIC-THREATS ISC BIND RRSIG query denial of service attempt || bugtraq,23738 || cve,2007-2241
+17301 || WEB-CLIENT Microsoft Word TextBox sub-document memory corruption attempt || bugtraq,23380 || cve,2007-1910
+17302 || DOS Linux kernel SCTP Unknown Chunk Types denial of service attempt || bugtraq,24376 || cve,2007-2876
+17303 || WEB-CLIENT Microsoft Internet Explorer clone object memory corruption attempt || bugtraq,26816 || cve,2007-3903
+17304 || WEB-CLIENT Microsoft Works file converter file section header index table stack overflow attempt || bugtraq,27658 || cve,2008-0105
+17305 || SPECIFIC-THREATS ClamAV libclamav PE file handling integer overflow attempt || cve,2008-0318
+17306 || SPECIFIC-THREATS Microsoft Malware Protection Engine file processing denial of service attempt || cve,2008-1437 || url,www.microsoft.com/technet/security/bulletin/MS08-029.mspx
+17307 || SPECIFIC-THREATS MS SQL Server INSERT Statement Buffer Overflow attempt || cve,2008-0106
+17308 || WEB-CLIENT Microsoft Word SmartTag record code execution attempt || bugtraq,30124 || cve,2008-2244
+17309 || SPECIFIC-THREATS CoolPlayer Playlist File Handling Buffer Overflow || bugtraq,30418 || cve,2008-3408
+17310 || SPECIFIC-THREATS Microsoft Powerpoint Viewer Memory Allocation Code Execution || bugtraq,30552 || cve,2008-0120
+17311 || SPECIFIC-THREATS Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt || bugtraq,15660 || cve,2005-4089
+17312 || SPECIFIC-THREATS Microsoft Internet Explorer CSS import cross-domain restriction bypass attempt || bugtraq,15660 || cve,2005-4089
+17313 || ORACLE database server crafted view privelege escalation attempt || bugtraq,17246 || cve,2006-1705
+17314 || WEB-CLIENT OLE Document file download
+17315 || WEB-CLIENT OpenOffice OLE File Stream Buffer Overflow || bugtraq,28819 || cve,2008-0320
+17316 || WEB-CLIENT Microsoft Windows Folder GUID Code Execution attempt || bugtraq,19389 || cve,2006-3281
+17317 || SPECIFIC-THREATS OpenSSH sshd Identical Blocks DOS attempt || bugtraq,20216 || cve,2006-4924
+17318 || WEB-CLIENT Microsoft Powerpoint MCAtom remote code execution attempt || bugtraq,20495 || cve,2006-5296
+17319 || WEB-CLIENT Microsoft Powerpoint MCAtom remote code execution attempt || bugtraq,20495 || cve,2006-5296
+17320 || WEB-CLIENT Microsoft Powerpoint MCAtom remote code execution attempt || bugtraq,20495 || cve,2006-5296
+17321 || NETBIOS DCERPC NCACN-IP-TCP spoolss EnumPrinters name overflow attempt || bugtraq,25092 || cve,2007-6701 || url,support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005400.html
+17322 || SHELLCODE x86 OS agnostic fnstenv geteip dword xor decoder
+17323 || SHELLCODE x86 OS agnostic fnstenv geteip dword xor decoder unescaped
+17324 || SHELLCODE x86 Linux reverse connect shellcode
+17325 || SHELLCODE x86 OS agnostic alpha numeric upper case decoder variant
+17326 || EXPLOIT Citrix Program Neighborhood Client buffer overflow attempt || bugtraq,15907 || cve,2005-3652
+17327 || IMAP Qualcomm WorldMail Server Response
+17328 || IMAP Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow || bugtraq,15980 || cve,2005-4267
+17329 || FTP EPRT overflow attempt || bugtraq,15998 || cve,2005-4459
+17330 || WEB-CLIENT Microsoft Windows GRE WMF Handling Memory Read Exception attempt || bugtraq,16167 || cve,2006-0143
+17331 || POP3 Lotus Notes HTML Speed Reader Long URL buffer overflow attempt || bugtraq,16576 || cve,2005-2618
+17332 || SMTP Content-Disposition attachment
+17333 || SMTP Lotus Notes Attachment Viewer UUE file buffer overflow attempt || bugtraq,16576 || cve,2005-2618
+17334 || SPECIFIC-THREATS RealPlayer SWF Flash File buffer overflow attempt || bugtraq,17202 || cve,2006-0323
+17335 || SHELLCODE x86 OS agnostic fnstenv geteip byte xor decoder
+17336 || SHELLCODE x86 OS agnostic call geteip byte xor decoder
+17337 || SHELLCODE x86 Win32 export table enumeration variant
+17338 || SHELLCODE x86 Windows 32-bit SEH get EIP technique
+17339 || SHELLCODE x86 generic OS alpha numeric mixed case decoder
+17340 || SHELLCODE x86 OS agnostic alpha numeric upper case decoder
+17341 || SHELLCODE x86 OS agnostic alpha UTF8 tolower avoidance decoder
+17342 || SHELLCODE x86 OS agnostic unicode mixed case decoder
+17343 || SHELLCODE x86 OS agnostic unicode upper case decoder
+17344 || SHELLCODE x86 OS agnostic xor dword decoder
+17345 || SHELLCODE x86 OS agnostic dword additive feedback decoder
+17346 || SPECIFIC-THREATS IBM Lotus Notes Cross Site Scripting attempt || bugtraq,14164 || cve,2005-2175
+17347 || WEB-CLIENT Microsoft Windows Color Management Module buffer overflow attempt || bugtraq,14214 || cve,2005-1219
+17348 || WEB-CLIENT Microsoft Windows Color Management Module buffer overflow attempt || bugtraq,14214 || cve,2005-1219
+17349 || WEB-CLIENT Microsoft Windows Color Management Module buffer overflow attempt || bugtraq,14214 || cve,2005-1219
+17350 || ORACLE Application Server Forms Arbitrary System Command Execution Attempt || bugtraq,14319 || cve,2005-2372
+17351 || WEB-CLIENT Winamp ID3v2 Tag Handling Buffer Overflow attempt || bugtraq,14276 || cve,2005-2310
+17352 || EXPLOIT ClamAV CHM File Handling Integer Overflow attempt || bugtraq,14359 || cve,2005-2450
+17353 || EXPLOIT Sun Solaris printd Daemon Arbitrary File Deletion attempt || bugtraq,14510 || cve,2005-4797
+17354 || SPECIFIC-THREATS Apache Byte-Range Filter denial of service attempt || bugtraq,14660 || cve,2005-2728
+17355 || WEB-CLIENT Microsoft Internet Explorer JPEG Decoder Vulnerabilities attempt || bugtraq,14282 || cve,2005-2308
+17356 || EXPLOIT NOD32 Anti-Virus ARJ Archive Handling Buffer Overflow attempt || bugtraq,14773 || cve,2005-2903
+17357 || CHAT Gaim AIM-ICQ Protocol Handling Buffer Overflow attempt || bugtraq,14531 || cve,2005-2103
+17358 || EXPLOIT ClamAV UPX File Handling Buffer Overflow attempt || bugtraq,14866 || cve,2005-2920
+17359 || WEB-CLIENT xbm image file download request
+17360 || WEB-CLIENT Mozilla Firefox XBM image processing buffer overflow attempt || bugtraq,14916 || cve,2005-2701
+17361 || SPECIFIC-THREATS Adobe Acrobat Reader PDF Catalog Handling denial of service attempt || bugtraq,21910 || cve,2007-0104 || url,projects.info-pull.com/moab/MOAB-06-01-2007.html
+17362 || WEB-CLIENT Microsoft Excel IMDATA buffer overflow attempt || bugtraq,21856 || cve,2007-0027
+17363 || WEB-CLIENT Apple computer finder DMG volume name memory corruption || cve,2007-0197
+17364 || WEB-CLIENT Microsoft Help Workshop CNT Help contents
+17365 || WEB-CLIENT Microsoft Help Workshop CNT Help contents buffer overflow attempt || bugtraq,22100 || cve,2007-0352
+17366 || WEB-CLIENT Microsoft Help Workshop HPJ OPTIONS section buffer overflow attempt || bugtraq,22135 || cve,2007-0427
+17367 || FTP Microsoft Internet Explorer FTP Response Parsing Memory Corruption || bugtraq,22489 || cve,2007-0217
+17368 || WEB-CLIENT Microsoft Word document stream handling code execution attempt || bugtraq,25567 || cve,2007-0870
+17369 || IMAP MailEnable Service APPEND Command Handling Buffer Overflow || bugtraq,22792 || cve,2007-0494
+17370 || WEB-MISC Squid authentication headers handling denial of service attempt || bugtraq,14977 || cve,2005-2917
+17371 || WEB-MISC Squid authentication headers handling denial of service attempt || bugtraq,14977 || cve,2005-2917
+17372 || WEB-CLIENT Apple QuickTime udta atom parsing heap overflow vulnerability || bugtraq,22844 || cve,2007-0714
+17373 || SPECIFIC-THREATS QuickTime panorama atoms buffer overflow attempt || bugtraq,26342 || cve,2007-4675 || url,docs.info.apple.com/article.html?artnum=306896
+17374 || SPECIFIC-THREATS Microsoft Windows HLP File Handling heap overflow attempt || bugtraq,23382 || cve,2007-1912
+17375 || DELETED ORACLE dbms_snap_internal.delete_refresh_operations buffer overflow attempt || bugtraq,23532 || cve,2007-2126 || url,www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
+17376 || WEB-MISC IBM Lotus Expeditor cai URI handler command execution attempt || cve,2008-1965 || url,www-01.ibm.com/support/docview.wss?uid=swg21303813
+17377 || SPECIFIC-THREATS Microsoft excel Malformed Filter Records Handling Code Execution attempt || bugtraq,23780 || cve,2007-1214
+17378 || WEB-CLIENT Mozilla Firefox Animated PNG Processing integer overflow || cve,2008-4064
+17379 || WEB-CLIENT Mozilla Firefox Animated PNG Processing integer overflow || cve,2008-4064
+17380 || WEB-CLIENT PNG file download request
+17381 || SPECIFIC-THREATS Apple QuickTime PDAT Atom parsing buffer overflow attempt || cve,2008-3625 || url,support.apple.com/kb/HT3027
+17382 || SPECIFIC-THREATS Microsoft Project Invalid Memory Pointer Code Execution attempt || bugtraq,28607 || cve,2008-1088
+17383 || SPECIFIC-THREATS Microsoft Publisher Object Handler Validation Code Execution attempted || bugtraq,29158 || cve,2008-0119
+17384 || WEB-CLIENT Microsoft Internet Explorer setRequestHeader overflow attempt || bugtraq,28379 || cve,2008-1544
+17385 || WEB-CLIENT Microsoft Internet Explorer setRequestHeader overflow attempt || bugtraq,28379 || cve,2008-1544
+17386 || SPECIFIC-THREATS Lighttpd mod_fastcgi Extension CGI Variable Overwriting Vulnerability attempt || bugtraq,25622 || cve,2007-4727
+17387 || WEB-MISC Apache Tomcat allowLinking URIencoding directory traversal attempt || bugtraq,30633 || cve,2008-2938
+17388 || WEB-CLIENT OpenOffice EMF file EMR record parsing integer overflow attempt || cve,2008-2238 || url,www.openoffice.org/security/cves/CVE-2008-2238.html
+17389 || SPECIFIC-THREATS mozilla firefox DOMNodeRemoved attack attempt || bugtraq,18228 || cve,2006-2779
+17390 || DOS ClamAV Antivirus Function Denial of Service attempt || bugtraq,32555 || cve,2008-5314
+17391 || WEB-MISC Tomcat UNIX platform directory traversal || bugtraq,22960 || cve,2007-0450 || url,tomcat.apache.org/tomcat-6.0-doc/changelog.html
+17392 || SHELLCODE JavaScript var shellcode
+17393 || SHELLCODE JavaScript var heapspray
+17394 || WEB-CLIENT GIF file download request
+17395 || SPECIFIC-THREATS Sun Java Web Start Splashscreen GIF decoding buffer overflow attempt || cve,2008-2086
+17396 || EXPLOIT VNC client authentication response
+17397 || EXPLOIT VNCViewer Authenticate buffer overflow attempt || bugtraq,33568 || cve,2009-0388
+17398 || WEB-CLIENT Mozilla Firefox Javascript array.splice memory corruption attempt || bugtraq,33990 || cve,2009-0773
+17399 || WEB-CLIENT Mozilla Firefox Javascript array.splice memory corruption attempt || bugtraq,33990 || cve,2009-0773
+17400 || WEB-CLIENT rename of JavaScript unescape function - likely malware obfuscation
+17401 || SPECIFIC-THREATS Internet Explorer nested tag memory corruption attempt - unescaped || bugtraq,32721 || cve,2008-4844 || url,www.microsoft.com/technet/security/bulletin/ms08-078.mspx
+17402 || SPECIFIC-THREATS Internet Explorer nested tag memory corruption attempt || bugtraq,32721 || cve,2008-4844 || url,www.microsoft.com/technet/security/bulletin/ms08-078.mspx
+17403 || WEB-CLIENT OpenOffice RTF File parsing heap buffer overflow attempt || bugtraq,24450 || cve,2007-0245
+17404 || EXPLOIT Microsoft Word Converter XST structure buffer overflow attempt || cve,2008-4841 || url,www.microsoft.com/technet/security/bulletin/ms09-010.mspx
+17405 || EXPLOIT Microsoft Word Converter XST structure buffer overflow attempt || cve,2008-4841 || url,www.microsoft.com/technet/security/bulletin/ms09-010.mspx
+17406 || EXPLOIT Microsoft Word Converter XST structure buffer overflow attempt || cve,2008-4841 || url,www.microsoft.com/technet/security/bulletin/ms09-010.mspx
+17407 || WEB-CLIENT Windows help file download request || cve,2006-3357 || cve,2006-4138
+17408 || WEB-CLIENT Microsoft DirectX Targa image file heap overflow attempt || bugtraq,24963 || cve,2006-4183
+17409 || WEB-CLIENT Mozilla Products IDN Spoofing Vulnerability Attempt || bugtraq,12470 || cve,2005-0233
+17410 || WEB-MISC Generic HyperLink Buffer Overflow attempt || bugtraq,13045 || bugtraq,14195 || cve,2005-0057 || cve,2005-0986
+17411 || SPECIFIC-THREATS Microsoft Internet Explorer CDF cross-domain scripting attempt || bugtraq,12427 || cve,2005-0056 || url,www.microsoft.com/technet/security/bulletin/ms05-014.mspx
+17412 || MYSQL CREATE FUNCTION mysql.func Arbitrary Library Injection attempt || bugtraq,12781 || cve,2005-0710
+17413 || SPECIFIC-THREATS Microsoft Jet DB Engine Buffer Overflow attempt || bugtraq,12960 || cve,2005-0944
+17414 || SPECIFIC-THREATS Mozilla Firefox Javascript Engine Information Disclosure attempt || bugtraq,12998 || cve,2005-0989
+17415 || SPECIFIC-THREATS Mozilla Firefox Javascript Engine Information Disclosure attempt || bugtraq,12998 || cve,2005-0989
+17416 || ORACLE Database Intermedia Denial of Service Attempt || bugtraq,14935
+17417 || ORACLE Database Intermedia Denial of Service Attempt || bugtraq,14935
+17418 || ORACLE Oracle connection established
+17419 || ORACLE Oracle database SQL compiler read-only join auth bypass attempt || cve,2007-3855
+17420 || WEB-MISC Citrix Program Neighborhood Agent Arbitrary Shortcut Creation attempt || bugtraq,13379 || cve,2004-1077
+17421 || WEB-CLIENT Microsoft OLE automation string manipulation overflow attempt || bugtraq,25282 || cve,2007-2224
+17422 || SPECIFIC-THREATS Firefox defineSetter function pointer memory corruption attempt || bugtraq,35758 || cve,2009-2469
+17423 || WEB-MISC Citrix Program Neighborhood Agent Buffer Overflow attempt || bugtraq,13373 || cve,2004-1078
+17424 || SPECIFIC-THREATS Mozilla Firefox IconURL Arbitrary Javascript Execution attempt || bugtraq,13544 || cve,2005-1477
+17425 || SPECIFIC-THREATS RealPlayer ActiveX Import playlist name buffer overflow attempt || bugtraq,26130 || cve,2007-5601
+17426 || WEB-CLIENT RAT file download request
+17427 || SPECIFIC-THREATS Oracle database DBMS_Scheduler privilege escalation attempt || bugtraq,13509 || cve,2005-1496
+17430 || SPECIFIC-THREATS BitDefender Antivirus PDF processing memory corruption attempt || bugtraq,32396 || cve,2008-5409
+17431 || EXPLOIT Microsoft IIS SChannel improper certificate verification || cve,2009-0085 || url,www.microsoft.com/technet/security/bulletin/ms09-007.mspx
+17432 || WEB-MISC Squid Gopher protocol handling buffer overflow attempt || bugtraq,12276 || cve,2005-0094
+17433 || EXPLOIT Sun Solaris DHCP Client Arbitrary Code Execution attempt || bugtraq,14687 || cve,2005-2870
+17434 || WEB-CLIENT Mozilla Firefox Unicode sequence handling stack corruption attempt || bugtraq,14918 || cve,2005-2702
+17435 || NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt || bugtraq,15065 || cve,2005-2120 || url,www.microsoft.com/technet/security/bulletin/ms05-047.mspx
+17436 || NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt || bugtraq,15065 || cve,2005-2120 || url,www.microsoft.com/technet/security/bulletin/ms05-047.mspx
+17437 || NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceList attempt || bugtraq,15065 || cve,2005-2120 || url,www.microsoft.com/technet/security/bulletin/ms05-047.mspx
+17438 || NETBIOS DCERPC NCACN-IP-TCP umpnpmgr PNP_GetDeviceListSize attempt || bugtraq,15065 || cve,2005-2120 || url,www.microsoft.com/technet/security/bulletin/ms05-047.mspx
+17439 || EXPLOIT Microsoft Distributed Transaction Controller TIP DoS attempt || bugtraq,15058 || cve,2005-1979
+17440 || WEB-MISC RSA authentication agent for web redirect buffer overflow attempt || bugtraq,26424 || cve,2005-4734
+17441 || WEB-MISC .lnk file download attempt
+17442 || POLICY download of Windows .lnk file that executes cmd.exe detected || bugtraq,15069 || cve,2005-2122 || url,www.microsoft.com/technet/security/Bulletin/MS05-049.mspx
+17443 || WEB-CLIENT Microsoft DirectShow AVI decoder buffer overflow attempt || bugtraq,15063 || cve,2005-2128
+17444 || SPECIFIC-THREATS Firefox 3 xsl parsing heap overflow attempt || bugtraq,34235 || cve,2009-1169 || url,www.mozilla.org/security/announce/2009/mfsa2009-12.html
+17445 || SPECIFIC-THREATS Symantec Backup Exec System Recovery Manager unauthorized file upload attempt || cve,2008-0457 || url,seer.entsupport.symantec.com/docs/297171.htm
+17446 || SPECIFIC-THREATS Microsoft Internet Explorer FTP client directory traversal attempt || cve,2004-1376
+17447 || WEB-MISC 407 Proxy Authentication Required
+17448 || SPECIFIC-THREATS Microsoft Internet Explorer HTTPS proxy information disclosure vulnerability || cve,2005-2830 || url,www.microsoft.com/technet/security/Bulletin/MS05-054.mspx
+17449 || WEB-MISC Novell ZENworks patch management SQL injection attempt || bugtraq,15220 || cve,2005-3315
+17450 || WEB-MISC CommuniGate Systems CommuniGate Pro LDAP Server buffer overflow attempt || bugtraq,16407 || cve,2006-0468 || url,www.gleg.net/cg_advisory.txt
+17451 || DELETED WEB-MISC Sun Directory Server LDAP denial of service attempt || cve,2006-0647 || url,lists.immunitysec.com/pipermail/dailydave/2006-February/002914.html
+17452 || DELETED WEB-MISC Sun Directory Server LDAP denial of service attempt || cve,2006-0647 || url,lists.immunitysec.com/pipermail/dailydave/2006-February/002914.html
+17453 || DELETED WEB-MISC Sun Directory Server LDAP denial of service attempt || cve,2006-0647 || url,lists.immunitysec.com/pipermail/dailydave/2006-February/002914.html
+17454 || DELETED WEB-MISC Sun Directory Server LDAP denial of service attempt || cve,2006-0647 || url,lists.immunitysec.com/pipermail/dailydave/2006-February/002914.html
+17455 || DELETED WEB-MISC Sun Directory Server LDAP denial of service attempt || cve,2006-0647 || url,lists.immunitysec.com/pipermail/dailydave/2006-February/002914.html
+17456 || DELETED WEB-MISC Sun Directory Server LDAP denial of service attempt || cve,2006-0647 || url,lists.immunitysec.com/pipermail/dailydave/2006-February/002914.html
+17457 || WEB-CLIENT Macromedia Flash ActionDefineFunction memory access vulnerability exploit attempt || bugtraq,15334 || cve,2005-2628
+17458 || WEB-CLIENT BitDefender Internet Security script code execution attempt || cve,2009-0850
+17459 || WEB-CLIENT BitDefender Internet Security script code execution attempt || cve,2009-0850
+17460 || WEB-CLIENT BitDefender Internet Security script code execution attempt || cve,2009-0850
+17461 || SPECIFIC-THREATS RealNetworks RealPlayer zipped skin file buffer overflow attempt || bugtraq,15382 || cve,2005-2630
+17462 || WEB-CLIENT Microsoft Internet Explorer marquee object handling memory corruption attempt || cve,2009-0554 || url,www.microsoft.com/technet/security/bulletin/ms09-014.mspx
+17463 || SPECIFIC-THREATS Internet Explorer File Download Dialog Box Manipulation || bugtraq,15823 || cve,2005-2829 || url,www.microsoft.com/technet/security/Bulletin/MS05-054.mspx
+17464 || WEB-ACTIVEX AOL Radio AmpX ActiveX clsid access || bugtraq,26396 || cve,2007-5755
+17465 || WEB-ACTIVEX AOL Radio AmpX ActiveX clsid unicode access || bugtraq,26396 || cve,2007-5755
+17466 || SPECIFIC-THREATS IBM Lotus Domino Web Access 7 ActiveX exploit attempt || bugtraq,26972 || cve,2007-4474
+17467 || WEB-CLIENT Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt || bugtraq,25945 || cve,2007-3896 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
+17468 || WEB-CLIENT Microsoft Windows ShellExecute and IE7 snews url handling code execution attempt || bugtraq,25945 || cve,2007-3896 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
+17469 || SPECIFIC-THREATS Mplayer Real Demuxer stream_read heap overflow attempt || bugtraq,31473 || cve,2008-3827
+17470 || SPECIFIC-THREATS Apple QuickTime STSD JPEG atom heap corruption attempt || bugtraq,33390 || cve,2009-0007
+17471 || SPECIFIC-THREATS Adobe Acrobat JavaScript getIcon method buffer overflow attempt || bugtraq,34169 || cve,2009-0927
+17472 || SPECIFIC-THREATS Adobe Acrobat JavaScript getIcon method buffer overflow attempt || bugtraq,34169 || cve,2009-0927
+17473 || ORACLE DBMS_CDC_SUBSCRIBE.EXTEND_WINDOW arbitrary command execution attempt || bugtraq,13236 || cve,2005-1197
+17474 || ORACLE DBMS_CDC_SUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt || bugtraq,13236 || cve,2005-1197
+17475 || ORACLE DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION arbitrary command execution attempt || bugtraq,13236 || cve,2005-1197
+17476 || ORACLE DBMS_CDC_SUBSCRIBE.PURGE_WINDOW arbitrary command execution attempt || bugtraq,13236 || cve,2005-1197
+17477 || ORACLE DBMS_CDC_SUBSCRIBE.DROP_SUBSCRIPTION arbitrary command execution attempt || bugtraq,13236 || cve,2005-1197
+17478 || ORACLE DBMS_CDC_SUBSCRIBE.SUBSCRIBE arbitrary command execution attempt || bugtraq,13236 || cve,2005-1197
+17479 || ORACLE DBMS_CDC_ISUBSCRIBE.SUBSCRIBE arbitrary command execution attempt || bugtraq,13236 || cve,2005-1197
+17480 || ORACLE DBMS_CDC_ISUBSCRIBE.CREATE_SUBSCRIPTION arbitrary command execution attempt || bugtraq,13236 || cve,2005-1197
+17481 || SPECIFIC-THREATS Microsoft Exchange and Outlook TNEF Decoding Integer Overflow attempt || bugtraq,16197 || cve,2006-0002
+17482 || WEB-CLIENT Mozilla NNTP URL Handling Buffer Overflow attempt || bugtraq,12131 || cve,2004-1316
+17483 || DNS squid proxy dns A record response denial of service attempt || bugtraq,12551 || cve,2005-0446
+17484 || DNS squid proxy dns PTR record response denial of service attempt || bugtraq,12551 || cve,2005-0446
+17485 || DNS Symantec Gateway products DNS cache poisoning attempt || cve,2005-0817
+17486 || WEB-MISC Trend Micro Control Manager Chunked overflow attempt || bugtraq,15865 || cve,2005-1929
+17487 || WEB-CLIENT Microsoft Internet Explorer Script Engine Stack Exhaustion Denial of Service attempt || bugtraq,16687 || cve,2006-0753
+17488 || SPECIFIC-THREATS Excel Malformed Range Code Execution attempt || bugtraq,15780 || cve,2005-4131
+17489 || SPECIFIC-THREATS Microsoft Windows Help File Heap Buffer Overflow attempt || bugtraq,17325 || cve,2006-1591
+17490 || SPECIFIC-THREATS Microsoft Windows itss.dll CHM File Handling Heap Corruption attempt || bugtraq,17926 || cve,2006-2297
+17491 || SPECIFIC-THREATS Microsoft Word mso.dll LsCreateLine Memory Corruption || bugtraq,18905 || cve,2006-3493
+17492 || SPECIFIC-THREATS Microsoft Excel Malformed SELECTION Record Code Execution attempt || bugtraq,18853 || cve,2006-1301
+17493 || SPECIFIC-THREATS ClamAV UPX FileHandling Heap overflow attempt || bugtraq,19381 || cve,2006-4018
+17494 || WEB-CLIENT Microsoft Internet Explorer Long URL Buffer Overflow attempt || bugtraq,19667 || cve,2006-3869
+17495 || SPECIFIC-THREATS Squid proxy DNS response spoofing attempt || bugtraq,13592 || cve,2005-1519
+17496 || WEB-CLIENT Microsoft Powerpoint malformed NamedShows record code execution attempt || bugtraq,20226 || cve,2006-4694
+17497 || WEB-CLIENT Microsoft Powerpoint malformed NamedShows record code execution attempt || bugtraq,20226 || cve,2006-4694
+17498 || WEB-MISC Tomcat UNIX platform directory traversal || bugtraq,22960 || cve,2007-0450 || url,tomcat.apache.org/tomcat-6.0-doc/changelog.html
+17499 || WEB-MISC Tomcat UNIX platform directory traversal || bugtraq,22960 || cve,2007-0450 || url,tomcat.apache.org/tomcat-6.0-doc/changelog.html
+17500 || WEB-MISC Tomcat UNIX platform directory traversal || bugtraq,22960 || cve,2007-0450 || url,tomcat.apache.org/tomcat-6.0-doc/changelog.html
+17501 || WEB-MISC Tomcat UNIX platform directory traversal || bugtraq,22960 || cve,2007-0450 || url,tomcat.apache.org/tomcat-6.0-doc/changelog.html
+17502 || WEB-MISC Tomcat UNIX platform directory traversal || bugtraq,22960 || cve,2007-0450 || url,tomcat.apache.org/tomcat-6.0-doc/changelog.html
+17503 || IMAP MailEnable IMAP Service Invalid Command Buffer Overlow LOGIN || bugtraq,21252
+17504 || EXPLOIT Novell ZENworks Asset Management buffer overflow attempt || bugtraq,21395 || cve,2006-6299
+17505 || WEB-CLIENT Microsoft Word formatted disk pages table memory corruption attempt || bugtraq,21589 || cve,2006-6561
+17506 || WEB-CLIENT Microsoft Word formatted disk pages table memory corruption attempt || bugtraq,21589 || cve,2006-6561
+17507 || WEB-CLIENT Microsoft Word formatted disk pages table memory corruption attempt || bugtraq,21589 || cve,2006-6561
+17508 || WEB-MISC Microsoft .NET Application download attempt || bugtraq,21688 || cve,2006-6696
+17509 || WEB-MISC Microsoft .NET Manifest download attempt || bugtraq,21688 || cve,2006-6696
+17510 || WEB-MISC Microsoft .NET Deploy download attempt || bugtraq,21688 || cve,2006-6696
+17511 || WEB-CLIENT Excel malformed Graphic Code Execution || bugtraq,16181 || cve,2006-0030
+17512 || WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt || bugtraq,17131 || cve,2006-1245
+17513 || WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt || bugtraq,17131 || cve,2006-1245
+17514 || WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt || bugtraq,17131 || cve,2006-1245
+17515 || WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt || bugtraq,17131 || cve,2006-1245
+17516 || WEB-CLIENT Microsoft Internet Explorer Script Action Handler buffer overflow attempt || bugtraq,17131 || cve,2006-1245
+17517 || WEB-CLIENT excel Malformed Record Code Execution attempt || bugtraq,17101 || cve,2006-0031
+17518 || FTP FlashGet PWD command stack buffer overflow attempt || bugtraq,30685 || cve,2008-4321
+17519 || SPECIFIC-THREATS Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow || bugtraq,31346 || cve,2008-0016
+17520 || EXPLOIT CA ARCserve Backup DB Engine Denial of Service || bugtraq,31684 || cve,2008-4399
+17521 || SPECIFIC-THREATS GoodTech SSH Server SFTP Processing Buffer Overflow || bugtraq,31879 || cve,2008-4726
+17522 || SPECIFIC-THREATS Sun Java Runtime Environment Pack200 Decompression Integer Overflow || bugtraq,31879 || cve,2008-4726
+17523 || SPECIFIC-THREATS Apple QuickTime H.264 Movie File Buffer Overflow || bugtraq,36328 || cve,2009-2799
+17524 || SPECIFIC-THREATS Fujitsu SystemcastWizard Lite PXEService UDP Handling Buffer Overflow || bugtraq,33342 || cve,2009-0270
+17525 || SPECIFIC-THREATS Microsoft IIS 5.0 WebDav Request Directory Security Bypass || bugtraq,35232 || cve,2009-1122
+17526 || SPECIFIC-THREATS Adobe Acrobat and Adobe Reader U3D RHAdobeMeta Buffer Overflow || bugtraq,35282 || cve,2009-1855
+17527 || SPECIFIC-THREATS VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow || bugtraq,35232 || cve,2009-1122
+17528 || SPECIFIC-THREATS nginx URI parsing buffer overflow attempt || bugtraq,36384 || cve,2009-2629
+17529 || SPECIFIC-THREATS Adobe RoboHelp Server Arbitrary File Upload and Execute || bugtraq,35282 || cve,2009-1855
+17530 || SPECIFIC-THREATS HP OpenView Storage Data Protector Stack Buffer Overflow || cve,2007-2280 || cve,2007-2881
+17531 || SPECIFIC-THREATS Apple Quicktime MOV File JVTCompEncodeFrame Heap Overflow || bugtraq,23650 || cve,2007-2295
+17532 || SPECIFIC-THREATS Microsoft Excel TXO and OBJ Records Parsing Stack Memory Corruption || bugtraq,32618 || cve,2008-4265
+17533 || WEB-MISC Apache Struts Information Disclosure Attempt || bugtraq,32104 || cve,2008-6505
+17534 || MISC IPP Application Content
+17535 || MISC Apple CUPS Text to PostScript Filter Integer Overflow attempt || bugtraq,31690 || cve,2008-3640
+17536 || WEB-MISC Free Download Manager Remote Control Server HTTP Auth Header buffer overflow attempt || bugtraq,33554 || cve,2009-0183
+17537 || SPECIFIC-THREATS Microsoft Excel Unspecified Null Page Name Memory Corruption Attempt || bugtraq,15926 || cve,2006-0031
+17538 || SPECIFIC-THREATS Microsoft Excel Unspecified Page Name Memory Corruption Attempt || bugtraq,15926 || cve,2006-0031
+17539 || SPECIFIC-THREATS Microsoft Excel Unspecified Grafic Pointer Memory Corruption Attempt || bugtraq,15926 || cve,2006-0030
+17540 || WEB-CLIENT LZH file download
+17541 || SPECIFIC-THREATS Avast! Antivirus Engine Remote LHA buffer overflow attempt || bugtraq,19903 || cve,2006-4626
+17542 || SPECIFIC-THREATS Excel MalformedPalete Record Memory Corruption attempt || bugtraq,21922 || cve,2007-0031
+17543 || WEB-CLIENT Excel Column Record Handling Memory Corruption attempt || bugtraq,21925 || cve,2007-0030
+17544 || SPECIFIC-THREATS Wireshark LWRES Dissector getaddrsbyname buffer overflow attempt || bugtraq,37985 || cve,2010-0304
+17545 || WEB-ACTIVEX Lotus Domino Web Access ActiveX Controls buffer overflow attempt || bugtraq,38457 || url,www-01.ibm.com/support/docview.wss?uid=swg21421808
+17546 || POLICY Microsoft Media Player compressed skin download - .wmd || bugtraq,25305 || cve,2007-3037 || url,www.microsoft.com/technet/security/Bulletin/MS07-047.mspx
+17547 || WEB-CLIENT Apple Quicktime SMIL transfer
+17548 || WEB-CLIENT Apple Quicktime SMIL File Handling Integer Overflow attempt || bugtraq,24873 || cve,2007-2394
+17549 || SPECIFIC-THREATS Internet Explorer Error Handling Code Execution || bugtraq,25916 || cve,2007-3892
+17550 || SPECIFIC-THREATS Microsoft Word Font Parsing Buffer Overflow attempt || bugtraq,14216 || cve,2005-0564
+17551 || CHAT MSN Messenger and Windows Live Messenger Code Execution attempt || bugtraq,25461 || cve,2007-2931
+17552 || WEB-CLIENT Adobe Pagemaker file request
+17553 || SPECIFIC-THREATS Adobe Pagemaker Font Name Buffer Overflow attempt || bugtraq,25989 || cve,2007-5169
+17554 || SPECIFIC-THREATS Microsoft Internet Explorer DOM object cache management memory corruption attempt || bugtraq,26817 || cve,2007-5344
+17555 || SPECIFIC-THREATS Macrovision InstallShield Update Service ActiveX exploit attempt || bugtraq,26280 || bugtraq,31235 || cve,2007-5660 || url,support.installshield.com/kb/view.asp?articleid=Q113602
+17556 || SPECIFIC-THREATS Firebird database invalid state memory corruption || bugtraq,27403 || cve,2008-0387
+17557 || WEB-ACTIVEX Novell iPrint ActiveX operation parameter overflow || bugtraq,27939 || bugtraq,29736 || bugtraq,30813 || bugtraq,30986 || cve,2008-0935 || cve,2008-2431 || cve,2008-2432 || cve,2008-2908 || url,secunia.com/advisories/40782 || url,support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5028061.html
+17558 || SPECIFIC-THREATS CUPS Gif Decoding Routine Buffer Overflow attempt || bugtraq,28544 || cve,2008-1373
+17559 || SPECIFIC-THREATS IBM Lotus Notes Applix Graphics Parsing Buffer Overflow || bugtraq,28454 || cve,2007-5405
+17560 || SPECIFIC-THREATS Microsoft Word Global Array Index Heap Overflow attempt || bugtraq,32583 || cve,2008-4026
+17561 || SPECIFIC-THREATS RealNetworks RealPlayer IVR Overly Long Filename Code Execution attempt || bugtraq,33652 || cve,2009-0375
+17562 || SPECIFIC-THREATS Sun Java Runtime Environment Pack200 Decompression Integer Overflow attempt || bugtraq,32608 || cve,2008-5352
+17563 || SPECIFIC-THREATS Sun Java Runtime Environment JAR File Processing Stack Buffer Overflow || bugtraq,32608 || cve,2008-5354
+17564 || WEB-IIS WebDAV Request Directory Security Bypass attempt || bugtraq,34993 || cve,2009-1535
+17565 || SPECIFIC-THREATS Microsoft Office PowerPoint PP7 File Handling Memory Corruption attempt || bugtraq,34880 || cve,2009-0225
+17566 || SPECIFIC-THREATS Microsoft Internet Explorer 7 Event Handler Memory Corruption || bugtraq,35224 || cve,2009-1530
+17567 || SPECIFIC-THREATS LANDesk Management Suite Alerting Service buffer overflow || bugtraq,23483 || cve,2007-1674
+17568 || WEB-MISC Microsoft Office XP URL Handling Buffer Overflow attempt || bugtraq,12480 || cve,2004-0848
+17569 || EXPLOIT BEA Weblogic Admin Console Cross Site Scripting Vulnerability attempt || bugtraq,13793 || cve,2005-1747
+17570 || SPECIFIC-THREATS Mozilla Firefox IFRAME style change handling code execution || bugtraq,28448 || cve,2008-1236 || url,secunia.com/advisories/29526 || url,www.mozilla.org/security/announce/2008/mfsa2008-15.html
+17571 || WEB-ACTIVEX obfuscated instantiation of ActiveX object - likely malicious || cve,2008-3558
+17572 || WEB-CLIENT Microsoft XML Core Services cross-site information disclosure attempt || bugtraq,32155 || cve,2008-4029 || url,www.microsoft.com/technet/security/Bulletin/MS08-069.mspx
+17573 || WEB-CLIENT ffdshow codec URL parsing buffer overflow attempt || bugtraq,32438 || cve,2008-5381
+17574 || SPECIFIC-THREATS Sophos Anti-Virus Visio File Parsing Buffer Overflow attempt || bugtraq,14362 || cve,2005-2768
+17575 || WEB-ACTIVEX SizerOne 2 ActiveX clsid access || bugtraq,33148 || cve,2008-4827
+17576 || WEB-ACTIVEX SizerOne 2 ActiveX clsid unicode access || bugtraq,33148 || cve,2008-4827
+17577 || POLICY CA BightStor ARCserver Backup possible insecure method attempt || cve,2007-5328 || url,secunia.com/advisories/27192/
+17578 || SPECIFIC-THREATS Microsoft Word Section Table Array Buffer Overflow attempt || bugtraq,22225 || cve,2007-0515
+17579 || SPECIFIC-THREATS Microsoft Office Drawing Record msofbtOPT Code Execution attempt || bugtraq,22383 || cve,2007-0671
+17580 || SPECIFIC-THREATS Microsoft Internet Explorer span tag memory corruption attempt || bugtraq,17468 || cve,2006-1188
+17581 || SPECIFIC-THREATS Mozilla Firefox tag order memory corruption attempt || bugtraq,17516 || cve,2006-0749
+17582 || WEB-ACTIVEX Symantec Norton AntiVirus CcErrDisp ActiveX function call access || bugtraq,12175
+17583 || WEB-ACTIVEX Symantec Norton AntiVirus CcErrDisp ActiveX function call unicode access || bugtraq,12175
+17584 || ORACLE UTL_FILE directory traversal attempt || bugtraq,12749 || cve,2005-0701
+17585 || SPECIFIC-THREATS Internet Explorer possible javascript onunload event memory corruption || bugtraq,22678 || cve,2007-1094
+17586 || WEB-CLIENT Sun Java Web Start malicious parameter value || bugtraq,11726 || cve,2004-1029
+17587 || SPECIFIC-THREATS AcroPDF.PDF ActiveX exploit attempt || bugtraq,12989 || bugtraq,21155 || cve,2005-0035 || cve,2006-6027 || url,www.adobe.com/support/security/advisories/apsa06-02.html
+17588 || WEB-ACTIVEX Microsoft Internet Explorer Install Engine ActiveX clsid access || bugtraq,11366 || cve,2004-0216 || url,www.microsoft.com/technet/security/Bulletin/MS04-038.mspx
+17589 || WEB-ACTIVEX Microsoft Internet Explorer Install Engine ActiveX clsid unicode access || bugtraq,11366 || cve,2004-0216 || url,www.microsoft.com/technet/security/Bulletin/MS04-038.mspx
+17590 || ORACLE DBMS_ASSERT.simple_sql_name double quote SQL injection attempt || bugtraq,19203
+17591 || WEB-CLIENT Microsoft Word Crafted Sprm memory corruption attempt  || bugtraq,32584 || cve,2008-4837
+17592 || WEB-ACTIVEX Microsoft MyInfo.dll ActiveX clsid access || bugtraq,19636 || cve,2006-4495 || url,www.xsec.org/index.php?module=Releases&act=view&type=1&id=16
+17593 || WEB-ACTIVEX Microsoft msdxm.ocx ActiveX clsid access || bugtraq,19636 || cve,2006-4495 || url,www.xsec.org/index.php?module=Releases&act=view&type=1&id=16
+17594 || WEB-ACTIVEX Microsoft creator.dll 1 ActiveX clsid access || bugtraq,19636 || cve,2006-4495 || url,www.xsec.org/index.php?module=Releases&act=view&type=1&id=16
+17595 || WEB-ACTIVEX Microsoft creator.dll 2 ActiveX clsid access || bugtraq,19636 || cve,2006-4495 || url,www.xsec.org/index.php?module=Releases&act=view&type=1&id=16
+17596 || WEB-ACTIVEX Microsoft ciodm.dll ActiveX clsid access || bugtraq,19636 || cve,2006-4495 || url,www.xsec.org/index.php?module=Releases&act=view&type=1&id=16
+17597 || WEB-PHP TikiWiki jhot.php script file upload attempt || bugtraq,19819 || url,tikiwiki.org/tiki-read_article.php?articleid=136
+17598 || SPECIFIC-THREATS IBM DB2 Universal Database accsec command without rdbnam || bugtraq,19586 || cve,2006-4257
+17599 || SPECIFIC-THREATS IBM DB2 Universal Database rdbname denial of service attempt || bugtraq,19586 || cve,2006-4257
+17600 || WEB-CLIENT .xul document retrieval
+17601 || WEB-CLIENT Mozilla Firefox file type memory corruption attempt || bugtraq,32281 || cve,2008-5016 || url,www.mozilla.org/security/announce/2008/mfsa2008-52.html
+17602 || WEB-CLIENT ClamAV antivirus CHM file handling denial of service || bugtraq,30994 || cve,2008-1389 || url,sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661
+17603 || WEB-CLIENT Mozilla Firefox file type memory corruption attempt || bugtraq,32281 || cve,2008-5021 || url,www.mozilla.org/security/announce/2008/mfsa2008-55.html
+17604 || SPECIFIC-THREATS Java AWT ConvolveOp memory corruption attempt || bugtraq,21675 || url,sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
+17605 || WEB-CGI Trend Micro OfficeScan CGI password decryption buffer overflow attempt || bugtraq,28020 || cve,2008-1365 || url,secunia.com/advisories/29124
+17606 || SPECIFIC-THREATS Adobe Flash ASnative command execution attempt || bugtraq,32896 || cve,2008-5499 || url,www.adobe.com/support/security/bulletins/apsb08-24.html
+17607 || SPECIFIC-THREATS Xi Software Net Transport eDonkey Protocol Buffer Overflow attempt || bugtraq,40617
+17609 || WEB-MISC Sun Java Web Server Webdav Stack Buffer Overflow attempt || bugtraq,37874 || cve,2010-0361
+17610 || WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt || bugtraq,33405 || cve,2009-0398
+17611 || WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt || bugtraq,33405 || cve,2009-0398
+17612 || WEB-CLIENT GStreamer QuickTime file parsing multiple heap overflow attempt || bugtraq,33405 || cve,2009-0398
+17613 || WEB-MISC Mozilla Firefox browser engine  memory corruption attempt || bugtraq,35326 || cve,2009-1392
+17614 || WEB-ACTIVEX SAP GUI SAPBExCommonResources ActiveX clsid access || url,securitytracker.com/alerts/2010/Mar/1023760.html
+17615 || WEB-ACTIVEX SAP GUI SAPBExCommonResources ActiveX clsid unicode access || url,securitytracker.com/alerts/2010/Mar/1023760.html
+17616 || WEB-ACTIVEX SAP GUI SAPBExCommonResources ActiveX function call access || url,securitytracker.com/alerts/2010/Mar/1023760.html
+17617 || WEB-ACTIVEX SAP GUI SAPBExCommonResources ActiveX function call unicode access || url,securitytracker.com/alerts/2010/Mar/1023760.html
+17618 || SPECIFIC-THREATS Microsoft Windows hraphics engine EMF rendering vulnerability || bugtraq,15352 || cve,2005-2123
+17619 || ORACLE database server crafted view privelege escalation attempt || bugtraq,17246 || cve,2006-1705
+17620 || SPECIFIC-THREATS Products Discovery Service Buffer Overflow || bugtraq,20364 || cve,2006-5143
+17621 || SPECIFIC-THREATS Products Discovery Service Buffer Overflow || bugtraq,20364 || cve,2006-5143
+17622 || SPECIFIC-THREATS Microsoft Internet Explorer object reference memory corruption attempt || cve,2007-3902 || url,www.securityfocus.com/bid/26506
+17623 || SPECIFIC-THREATS Sun Java Runtime Environment Type1 Font parsing integer overflow attempt || bugtraq,34240 || cve,2009-1099
+17624 || SPECIFIC-THREATS Sun Java Runtime Environment Type1 Font parsing integer overflow attempt || bugtraq,34240 || cve,2009-1099
+17625 || ORACLE Oracle Database Core RDBMS component denial of service attempt || bugtraq,26108 || cve,2007-5530
+17626 || SPECIFIC-THREATS Microsoft Windows embedded web font handling buffer overflow attempt || bugtraq,16194 || cve,2006-0010
+17627 || DELETED POLICY Possible Microsoft telnet NTLM reflection attempt || cve,2000-0834 || cve,2009-1930 || url,secunia.com/advisories/36222/
+17628 || SPECIFIC-THREATS Sun Microsystems Java gif handling memory corruption attempt || bugtraq,22085 || cve,2007-0243
+17629 || WEB-CLIENT Mozilla Firefox Chrome Page Loading Restriction Bypass attempt || bugtraq,14920 || cve,2005-2706
+17630 || WEB-CLIENT Mozilla multiple products CSSValue array memory corruption attempt || bugtraq,29802 || cve,2008-2785
+17631 || WEB-CLIENT Sun Java Web Start JNLP java-vm-args buffer overflow attempt || bugtraq,30148 || cve,2008-3111
+17633 || WEB-CLIENT RealNetworks RealPlayer SWF frame handling buffer overflow attempt || bugtraq,30370 || cve,2007-5400
+17634 || NETBIOS DCERPC NCACN-IP-TCPbrightstor-arc function 0 little endian object call overflow attempt || cve,2008-4398 || url,support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143
+17635 || NETBIOS DCERPC NCACN-IP-TCPbrightstor-arc function 0 little endian overflow attempt || cve,2008-4398 || url,support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143
+17636 || NETBIOS DCERPC NCACN-IP-TCPbrightstor-arc function 0 object call overflow attempt || cve,2008-4398 || url,support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143
+17637 || NETBIOS DCERPC NCACN-IP-TCPbrightstor-arc function 0 overflow attempt || cve,2008-4398 || url,support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143
+17638 || Oracle Secure Backup Administration Server login.php Cookies Command Injection attempt || bugtraq,33177 || cve,2008-4006
+17639 || NETBIOS Samba Root File System access bypass attempt || bugtraq,33118 || cve,2009-0022
+17640 || NETBIOS DCERPC NCACN-IP-TCP brightstor opnum 43 overflow attempt || bugtraq,22005 || cve,2007-0169 || url,www.kb.cert.org/vuls/id/180336
+17641 || SPECIFIC-THREATS CUPS and Xpdf JBIG2 symbol dictionary buffer overflow attempt || cve,2009-0195 || url,www.cups.org/str.php?L3129
+17642 || WEB-CLIENT Mozilla Firefox ConstructFrame with floating first-letter memory corruption attempt || bugtraq,35765 || cve,2009-2462
+17643 || EXPLOIT CA BrightStor ARCServe logger servie null-pointer dereference attempt || cve,2007-2772
+17644 || SPECIFIC-THREATS Internet Explorer object clone deletion memory corruption attempt || cve,2009-0075 || url,www.microsoft.com/technet/security/bulletin/MS09-002.mspx
+17645 || WEB-CLIENT Microsoft Internet Explorer CSS strings parsing memory corruption attempt || cve,2007-0943 || url,www.microsoft.com/technet/security/bulletin/ms07-045.mspx
+17646 || WEB-CLIENT Microsoft Powerpoint Legacy file format picture object code execution attempt || bugtraq,34834 || cve,2009-0223
+17648 || WEB-IIS source code disclosure attempt || bugtraq,14764
+17649 || WEB-CLIENT Microsoft Word array data handling buffer overflow attempt  || bugtraq,23804 || cve,2007-0035
+17650 || SPECIFIC-THREATS Adobe Pagemaker Key Strings Stack Buffer Overflow attempt || bugtraq,31999 || cve,2007-6432
+17651 || SPECIFIC-THREATS Multiple AV vendor invalid archive checksum bypass attempt || bugtraq,12771 || url,archives.neohapsis.com/archives/fulldisclosure/2005-03/0207.html
+17652 || WEB-MISC Microsoft IIS source code disclosure attempt || cve,2005-2678 || url,secunia.com/advisories/16548
+17653 || WEB-MISC Microsoft IIS source code disclosure attempt || cve,2005-2678 || url,secunia.com/advisories/16548
+17654 || SPECIFIC-THREATS Facebook Photo Uploader ActiveX exploit attempt || bugtraq,27534 || bugtraq,27756 || cve,2008-5711 || url,www.microsoft.com/technet/security/advisory/953839.mspx
+17656 || WEB-MISC Apache HTTP server mod_rewrite module LDAP scheme handling buffer overflow attempt || cve,2006-3747
+17657 || EXPLOIT Symantec NetBackup BPCD Daemon exploit attempt || bugtraq,21565 || cve,2006-6222
+17658 || SPECIFIC-THREATS Adobe Flash frame type identifier memory corruption attempt || bugtraq,15332 || cve,2005-2628
+17659 || ORACLE xdb.dbms_xmlschema buffer overflow attempt || bugtraq,16287 || cve,2006-0272
+17660 || SPECIFIC-THREATS Java Web Start arbitrary command execution attempt || bugtraq,39346 || cve,2010-0886 || cve,2010-1423
+17661 || EXPLOIT Samba send_mailslot buffer overflow attempt || bugtraq,26791 || cve,2007-6015
+17662 || DELETEC SPECIFIC-THREAT Sun Solaris DHCP Client Arbitrary Code Execution attempt || bugtraq,14687 || cve,2005-2870
+17664 || WEB-CLIENT GIF image descriptor memory corruption attempt || bugtraq,18915 || bugtraq,22630 || cve,2006-0007 || cve,2007-1071 || url,www.microsoft.com/technet/security/bulletin/ms06-039.mspx
+17666 || WEB-CLIENT RealNetworks RealPlayer invalid chunk size heap overflow attempt || bugtraq,17202 || cve,2005-2922
+17668 || POLICY attempted download of a PDF with embedded JavaScript || url,www.adobe.com/devnet/acrobat/javascript.html
+17669 || SPECIFIC-THREATS Oracle Application Server 10g OPMN service format string vulnerability exploit attempt || bugtraq,34461 || cve,2009-0993 || url,www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
+17670 || WEB-ACTIVEX BigAnt Office Manager ActiveX clsid access || bugtraq,39721
+17671 || WEB-ACTIVEX BigAnt Office Manager ActiveX clsid unicode access || bugtraq,39721
+17672 || WEB-ACTIVEX BigAnt Office Manager ActiveX function call access || bugtraq,39721
+17673 || WEB-ACTIVEX BigAnt Office Manager ActiveX function call unicode access || bugtraq,39721
+17674 || WEB-ACTIVEX Skype Extras Manager ActiveX clsid access || bugtraq,36459 || cve,2009-4741
+17675 || WEB-ACTIVEX Skype Extras Manager ActiveX clsid unicode access || bugtraq,36459 || cve,2009-4741
+17676 || WEB-ACTIVEX Skype Extras Manager ActiveX function call access || bugtraq,36459 || cve,2009-4741
+17677 || WEB-ACTIVEX Skype Extras Manager ActiveX function call unicode access || bugtraq,36459 || cve,2009-4741
+17678 || WEB-CLIENT Adobe BMP image handler buffer overflow attempt || bugtraq,28874 || cve,2008-1765
+17679 || WEB-MISC Apple disk image download request
+17680 || SPECIFIC-THREATS ISC BIND DNSSEC Validation Multiple RRsets DoS || bugtraq,22231 || cve,2007-0494
+17698 || SPECIFIC-THREATS RealNetworks RealPlayer wav chunk string overflow attempt in email || bugtraq,12697 || cve,2005-0611
+17701 || SPECIFIC-THREATS Office Viewer ActiveX arbitrary command execution attempt || bugtraq,23811 || bugtraq,33238 || bugtraq,33243 || bugtraq,33245 || cve,2007-2588 || url,moaxb.blogspot.com/2007/05/moaxb-04-office-viewer-oaocx-v-32.html
+17702 || NETBIOS DCERPC NCACN-IP-TCP srvsvc NetrDfsCreateExitPoint dos attempt || bugtraq,15460 || cve,2005-3644 || url,www.microsoft.com/technet/security/advisory/911052.mspx
+17703 || SPECIFIC-THREATS Internet Explorer popup title bar spoofing attempt || bugtraq,12602 || cve,2005-0500
+17704 || SPECIFIC-THREATS McAfee LHA file parsing buffer overflow attempt || bugtraq,10243 || cve,2005-0643
+17705 || WEB-IIS web agent chunked encoding overflow attempt || bugtraq,13524 || cve,2005-1471
+17706 || MISC Veritas NetBackup java user interface service format string attack attempt || cve,2005-2715
+17707 || NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect trend_req_num buffer overflow attempt || bugtraq,22639 || cve,2007-1070 || url,esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290
+17708 || EXPLOIT VNC password request URL buffer overflow attempt || bugtraq,17378 || cve,2006-1652
+17710 || EXPLOIT Veritas NetBackup vmd shared library buffer overflow attempt || bugtraq,15353 || cve,2005-3116
+17711 || WEB-CLIENT Microsoft Windows ASF parsing memory corruption attempt || cve,2007-0064 || url,www.microsoft.com/technet/security/bulletin/ms07-068.mspx
+17712 || SPECIFIC-THREATS TFTP PUT Microsoft RIS filename overwrite attempt || cve,2006-5584 || url,www.microsoft.com/technet/security/bulletin/ms06-077.mspx
+17713 || EXPLOIT Novell NetMail NMAP STOR buffer overflow attempt || bugtraq,21725 || cve,2006-6424
+17714 || NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt || bugtraq,22639 || cve,2007-1070 || url,esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290
+17715 || NETBIOS DCERPC NCACN-IP-TCP trend-serverprotect CMON_ActiveUpdate attempt || bugtraq,22639 || cve,2007-1070 || url,esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1034290
+17716 || SPECIFIC-THREATS IBM Lotus Notes DOC attachment viewer buffer overflow || bugtraq,26146 || cve,2007-5544
+17717 || SMTP IBM Lotus Notes HTML input tag buffer overflow attempt || bugtraq,26200 || cve,2007-4222 || url,www-1.ibm.com/support/docview.wss?rs=477&uid=swg21272930
+17718 || SPECIFIC-THREATS Oracle MDSYS drop table trigger injection attempt || bugtraq,33177 || cve,2008-3979
+17719 || SPECIFIC-THREATS Mozilla Firefox ClearTextRun exploit attempt || bugtraq,34743 || cve,2009-1313
+17722 || ORACLE Oracle XDB.XDB_PITRIG_PKG buffer overflow attempt || bugtraq,27229 || cve,2008-0339 || url,www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html
+17724 || SPECIFIC-THREATS malicious ASP file upload attempt || bugtraq,18858 || cve,2006-0026 || url,www.microsoft.com/technet/security/bulletin/ms06-034.mspx
+17725 || WEB-CLIENT Opera file URI handling buffer overflow || bugtraq,32323 || cve,2008-5178
+17726 || SPECIFIC-THREATS Internet Explorer address bar spoofing attempt || bugtraq,17404 || cve,2006-1626
+17727 || SPECIFIC-THREATS Sun JDK image parsing library ICC buffer overflow attempt || bugtraq,24004 || cve,2007-2788 || url,scary.beasts.org/security/CESA-2006-004.html
+17728 || MISC Panda Antivirus ZOO archive decompression buffer overflow attempt || cve,2005-3922
+17729 || SPECIFIC-THREATS Microsoft Internet Explorer EMBED element memory corruption attempt || bugtraq,34424 || cve,2009-0553 || url,www.microsoft.com/technet/security/Bulletin/MS09-014.mspx
+17730 || WEB-CLIENT Microsoft XML Core Services MIME Viewer memory corruption attempt || cve,2007-0099 || url,www.microsoft.com/technet/security/bulletin/MS08-069.mspx
+17732 || WEB-CLIENT TIFF file request
+17733 || WEB-MISC XML file download request
+17734 || WEB-MISC Excel REPT integer underflow attempt || bugtraq,31706 || cve,2008-4019
+17735 || SPECIFIC-THREATS Adobe Pagemaker Font Name Buffer Overflow attempt || bugtraq,25989 || cve,2007-5169
+17736 || SPECIFIC-THREATS McAfee LHA Type-2 file handling overflow attempt || bugtraq,12832 || cve,2005-0644
+17737 || SPECIFIC-THREATS Microsoft collaboration data objects buffer overflow attempt || bugtraq,15067 || cve,2005-1987
+17738 || SPECIFIC-THREATS Linux Kernel SNMP Netfilter Memory Corruption attempt || bugtraq,18081 || cve,2006-2444
+17739 || POLICY FlashPix file download request
+17740 || SPECIFIC-THREATS Apple Quicktime FlashPix processing overflow attempt || bugtraq,36328 || cve,2009-2798
+17745 || NETBIOS SMB TRANS2 Find_First2 request attempt
+17746 || NETBIOS SMB client TRANS response Find_First2 filesize overflow attempt || cve,2005-0045 || url,www.microsoft.com/technet/security/bulletin/MS05-011.mspx
+17748 || WEB-MISC TLSv1 Client_Certificate handshake
+17749 || RPC Linux Kernel nfsd v4 CAP_MKNOD security bypass attempt || bugtraq,34205 || cve,2009-1072
+17751 || WEB-CLIENT OpenType Font file download request
+17776 || WEB-CLIENT Sun Java HsbParser.getSoundBank stack buffer overflow attempt || bugtraq,36881 || cve,2009-3867
+17777 || SPECIFIC-THREATS IBM Lotus Notes WPD attachment handling buffer overflow || bugtraq,34086 || cve,2008-4564
+17778 || SPECIFIC-THREATS BitDefender Internet Security script code execution attempt || cve,2009-0850
+17779 || DELETED SPECIFIC-THREATS Adobe RoboHelp r0 SQL injection attempt || cve,2008-2991
+17780 || SPECIFIC-THREATS CBO CBL CBM buffer overflow attempt || bugtraq,13944 || cve,2005-1212 || cve,2006-3448 || nessus,18492 || url,www.microsoft.com/technet/security/Bulletin/MS07-005.mspx || url,www.microsoft.com/technet/security/bulletin/MS05-031.mspx
+17781 || SPECIFIC-THREATS Microsoft Internet Explorer createTextRange code execution attempt || bugtraq,17196 || cve,2006-1359
+17782 || SCADA Modbus write multiple registers from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17783 || SCADA Modbus write single register from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17784 || SCADA Modbus write single coil from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17785 || SCADA Modbus write multiple coils from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17786 || SCADA Modbus write file record from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17787 || SCADA Modbus read discrete inputs from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17788 || SCADA Modbus read coils from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17789 || SCADA Modbus read input register from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17790 || SCADA Modbus read holding registers from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17791 || SCADA Modbus read/write multiple registers from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17792 || SCADA Modbus read fifo queue from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17793 || SCADA Modbus read file record from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17794 || SCADA Modbus read exception status from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17795 || SCADA Modbus initiate diagnostic from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17796 || SCADA Modbus get com event counter from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17797 || SCADA Modbus get com event log from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17798 || SCADA Modbus report slave id from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17799 || SCADA Modbus read device identification from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17800 || SCADA Modbus mask write register from external source || url,www.modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf
+17801 || WEB-CLIENT Director Movie File Embeded
+17802 || WEB-CLIENT Director Movie File Download
+17803 || WEB-CLIENT Adobe Shockwave Director rcsL chunk memory corruption attempt || bugtraq,42682 || cve,2010-2873 || url,www.adobe.com/support/security/bulletins/apsb10-20.html
+17804 || WEB-CLIENT Mozilla Firefox html tag attributes memory corruption || cve,2010-3765
+17805 || SPYWARE-PUT Worm.Win32.Neeris.BF contact to server attempt || url,www.virustotal.com/latest-report.html?resource=968470dd871f3047cf48b23f0c83985f
+17806 || SPECIFIC-THREATS Adobe Shockwave Director rcsL chunk remote code execution attempt || bugtraq,44291 || cve,2010-3653
+17807 || SPECIFIC-THREATS Adobe Shockwave Director rcsL chunk remote code execution attempt || bugtraq,44291 || cve,2010-3653
+17808 || SPECIFIC-THREATS Adobe Flash authplay.dll memory corruption attempt || cve,2010-3654 || url,www.adobe.com/support/security/advisories/apsa10-05.html
+17809 || WEB-CLIENT quicktime movie file transfer
+17810 || WEB-MISC potential malware - download of server32.exe || url,en.wikipedia.org/wiki/Zeus_(trojan_horse)
+17811 || WEB-MISC potential malware - download of svchost.exe
+17812 || WEB-MISC potential malware - download of iexplore.exe
+17813 || WEB-MISC potential malware - download of iprinp.dll
+17814 || WEB-MISC potential malware - download of winzf32.dll
+17815 || SPYWARE-PUT Thinkpoint fake antivirus - user display || url,www.symantec.com/security_response/writeup.jsp?docid=2010-090610-2408-99
+17816 || SPYWARE-PUT Thinkpoint fake antivirus - credit card submission || url,www.symantec.com/security_response/writeup.jsp?docid=2010-090610-2408-99
+17817 || SPECIFIC-THREATS Thinkpoint fake antivirus binary download || url,www.symantec.com/security_response/writeup.jsp?docid=2010-090610-2408-99
+17818 || BLACKLIST DNS request for known malware domain ktr.t134.net || url,labs.snort.org/docs/17818.html
+17819 || BLACKLIST DNS request for known malware domain motuh.com || url,labs.snort.org/docs/17819.html
+17820 || BLACKLIST DNS request for known malware domain myanimalclips.com || url,labs.snort.org/docs/17820.html
+17821 || BLACKLIST DNS request for known malware domain ketsymbol.com || url,labs.snort.org/docs/17821.html
+17822 || BLACKLIST DNS request for known malware domain ics.hotbar.com || url,labs.snort.org/docs/17822.html
+17823 || BLACKLIST DNS request for known malware domain www.myroitracking.com || url,labs.snort.org/docs/17823.html
+17824 || BLACKLIST DNS request for known malware domain teenxmovs.net || url,labs.snort.org/docs/17824.html
+17825 || BLACKLIST DNS request for known malware domain px.smowtion.com || url,labs.snort.org/docs/17825.html
+17826 || BLACKLIST DNS request for known malware domain cheaps1.info || url,labs.snort.org/docs/17826.html
+17827 || BLACKLIST DNS request for known malware domain sexmoviesland.net || url,labs.snort.org/docs/17827.html
+17828 || BLACKLIST DNS request for known malware domain 67.201.36.16 || url,labs.snort.org/docs/17828.html
+17829 || BLACKLIST DNS request for known malware domain c7.zxxds.net || url,labs.snort.org/docs/17829.html
+17830 || BLACKLIST DNS request for known malware domain dickvsclit.net || url,labs.snort.org/docs/17830.html
+17831 || BLACKLIST DNS request for known malware domain edrichfinearts.com || url,labs.snort.org/docs/17831.html
+17832 || BLACKLIST DNS request for known malware domain img100.xvideos.com || url,labs.snort.org/docs/17832.html
+17833 || BLACKLIST DNS request for known malware domain www.dsnextgen.com || url,labs.snort.org/docs/17833.html
+17834 || BLACKLIST DNS request for known malware domain 343.boolans.com || url,labs.snort.org/docs/17834.html
+17835 || BLACKLIST DNS request for known malware domain xpresdnet.com || url,labs.snort.org/docs/17835.html
+17836 || BLACKLIST DNS request for known malware domain gbsup.com || url,labs.snort.org/docs/17836.html
+17837 || BLACKLIST DNS request for known malware domain xxsmovies.com || url,labs.snort.org/docs/17837.html
+17838 || BLACKLIST DNS request for known malware domain vc.iwriteweb.com || url,labs.snort.org/docs/17838.html
+17839 || BLACKLIST DNS request for known malware domain js.222233.com || url,labs.snort.org/docs/17839.html
+17840 || BLACKLIST DNS request for known malware domain www.grannyplanet.com || url,labs.snort.org/docs/17840.html
+17841 || BLACKLIST DNS request for known malware domain coop.crwdcntrl.net || url,labs.snort.org/docs/17841.html
+17842 || BLACKLIST DNS request for known malware domain extrahotx.net || url,labs.snort.org/docs/17842.html
+17843 || BLACKLIST DNS request for known malware domain extralargevideos.com || url,labs.snort.org/docs/17843.html
+17844 || BLACKLIST DNS request for known malware domain www.derquda.com || url,labs.snort.org/docs/17844.html
+17845 || BLACKLIST DNS request for known malware domain aahydrogen.com || url,labs.snort.org/docs/17845.html
+17846 || BLACKLIST DNS request for known malware domain trumpetlicks.com || url,labs.snort.org/docs/17846.html
+17847 || BLACKLIST DNS request for known malware domain mskla.com || url,labs.snort.org/docs/17847.html
+17848 || BLACKLIST DNS request for known malware domain play.unionsky.cn || url,labs.snort.org/docs/17848.html
+17849 || BLACKLIST DNS request for known malware domain fuckersucker.com || url,labs.snort.org/docs/17849.html
+17850 || BLACKLIST DNS request for known malware domain pornfucklist.com || url,labs.snort.org/docs/17850.html
+17851 || BLACKLIST DNS request for known malware domain game.685faiudeme.com || url,labs.snort.org/docs/17851.html
+17852 || BLACKLIST DNS request for known malware domain 447.cc || url,labs.snort.org/docs/17852.html
+17853 || BLACKLIST DNS request for known malware domain dommonview.com || url,labs.snort.org/docs/17853.html
+17854 || BLACKLIST DNS request for known malware domain www.lamiaexragazza.com || url,labs.snort.org/docs/17854.html
+17855 || BLACKLIST DNS request for known malware domain acofinder.com || url,labs.snort.org/docs/17855.html
+17856 || BLACKLIST DNS request for known malware domain fuckfuckvids.com || url,labs.snort.org/docs/17856.html
+17857 || BLACKLIST DNS request for known malware domain www.cnhack.cn || url,labs.snort.org/docs/17857.html
+17858 || BLACKLIST DNS request for known malware domain kingsizematures.com || url,labs.snort.org/docs/17858.html
+17859 || BLACKLIST DNS request for known malware domain promotds.com || url,labs.snort.org/docs/17859.html
+17860 || BLACKLIST DNS request for known malware domain mejac.com || url,labs.snort.org/docs/17860.html
+17861 || BLACKLIST DNS request for known malware domain zq2.9wee.com || url,labs.snort.org/docs/17861.html
+17862 || BLACKLIST DNS request for known malware domain 122.770304123.cn || url,labs.snort.org/docs/17862.html
+17863 || BLACKLIST DNS request for known malware domain rpt2.21civ.com || url,labs.snort.org/docs/17863.html
+17864 || BLACKLIST DNS request for known malware domain tubexxxmatures.com || url,labs.snort.org/docs/17864.html
+17865 || BLACKLIST DNS request for known malware domain 110.770304123.cn || url,labs.snort.org/docs/17865.html
+17866 || BLACKLIST DNS request for known malware domain aebankonline.com || url,labs.snort.org/docs/17866.html
+17867 || BLACKLIST DNS request for known malware domain utm.trk.myfuncards.com || url,labs.snort.org/docs/17867.html
+17868 || BLACKLIST DNS request for known malware domain a.qq2233.com || url,labs.snort.org/docs/17868.html
+17869 || BLACKLIST DNS request for known malware domain px.mgplatform.com || url,labs.snort.org/docs/17869.html
+17870 || BLACKLIST DNS request for known malware domain trojan8.com || url,labs.snort.org/docs/17870.html
+17871 || BLACKLIST DNS request for known malware domain brutalxvideos.com || url,labs.snort.org/docs/17871.html
+17872 || BLACKLIST DNS request for known malware domain www3.sexown.com || url,labs.snort.org/docs/17872.html
+17873 || BLACKLIST DNS request for known malware domain mummimpegs.com || url,labs.snort.org/docs/17873.html
+17874 || BLACKLIST DNS request for known malware domain f19dd4abb8b8bdf2.cn || url,labs.snort.org/docs/17874.html
+17875 || BLACKLIST DNS request for known malware domain www.very-young-boys.com || url,labs.snort.org/docs/17875.html
+17876 || BLACKLIST DNS request for known malware domain 91629.com || url,labs.snort.org/docs/17876.html
+17877 || BLACKLIST DNS request for known malware domain animal36.com || url,labs.snort.org/docs/17877.html
+17878 || BLACKLIST DNS request for known malware domain ayb.host127-0-0-1.com || url,labs.snort.org/docs/17878.html
+17879 || BLACKLIST DNS request for known malware domain cfg.353wanwan.com || url,labs.snort.org/docs/17879.html
+17880 || BLACKLIST DNS request for known malware domain www.027dj.com || url,labs.snort.org/docs/17880.html
+17881 || BLACKLIST DNS request for known malware domain fucktosky.com || url,labs.snort.org/docs/17881.html
+17882 || BLACKLIST DNS request for known malware domain procca.com || url,labs.snort.org/docs/17882.html
+17883 || BLACKLIST DNS request for known malware domain autouploaders.net || url,labs.snort.org/docs/17883.html
+17884 || BLACKLIST DNS request for known malware domain gimmemyporn.com || url,labs.snort.org/docs/17884.html
+17885 || BLACKLIST DNS request for known malware domain waytoall.com || url,labs.snort.org/docs/17885.html
+17886 || BLACKLIST DNS request for known malware domain www.spamature.com || url,labs.snort.org/docs/17886.html
+17887 || BLACKLIST DNS request for known malware domain info.collectionerrorreport.com || url,labs.snort.org/docs/17887.html
+17888 || BLACKLIST DNS request for known malware domain bn.xp1.ru4.com || url,labs.snort.org/docs/17888.html
+17889 || BLACKLIST DNS request for known malware domain www.ajie520.com || url,labs.snort.org/docs/17889.html
+17890 || BLACKLIST DNS request for known malware domain 114search1.118114.cn || url,labs.snort.org/docs/17890.html
+17891 || BLACKLIST DNS request for known malware domain bestkind.ru || url,labs.snort.org/docs/17891.html
+17892 || BLACKLIST DNS request for known malware domain clickpotato.tv || url,labs.snort.org/docs/17892.html
+17893 || BLACKLIST DNS request for known malware domain www.zxc0001.com || url,labs.snort.org/docs/17893.html
+17894 || BLACKLIST DNS request for known malware domain streq.cn || url,labs.snort.org/docs/17894.html
+17895 || BLACKLIST DNS request for known malware domain pyow.prixi-soft.ir || url,labs.snort.org/docs/17895.html
+17896 || BLACKLIST DNS request for known malware domain 113552url.cptgt.com || url,labs.snort.org/docs/17896.html
+17897 || BLACKLIST DNS request for known malware domain www.moneytw8.com || url,labs.snort.org/docs/17897.html
+17898 || BLACKLIST URI request for known malicious URI - /get2.php?c=VTOXUGUI&d=26606B6739343F216560 || url,labs.snort.org/docs/17898.html
+17899 || BLACKLIST URI request for known malicious URI - /reques0.asp?kind=006&mac= || url,labs.snort.org/docs/17899.html
+17900 || BLACKLIST URI request for known malicious URI - /basic/cn3c2/c.*dll || url,labs.snort.org/docs/17900.html
+17901 || BLACKLIST URI request for known malicious URI - /mybackup21.rar || url,labs.snort.org/docs/17901.html
+17902 || BLACKLIST URI request for known malicious URI - /?getexe=loader.exe || url,labs.snort.org/docs/17902.html
+17903 || BLACKLIST URI request for known malicious URI - stid= || url,labs.snort.org/docs/17903.html
+17904 || BLACKLIST URI request for known malicious URI - /tongji.js || url,labs.snort.org/docs/17904.html
+17905 || BLACKLIST URI request for known malicious URI - 1de49069b6044785e9dfcd4c035cfd0c.php || url,labs.snort.org/docs/17905.html
+17906 || BLACKLIST URI request for known malicious URI - 2x/.*php || url,labs.snort.org/docs/17906.html
+17907 || BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF|DATADIR|Download || url,labs.snort.org/docs/17907.html
+17908 || BLACKLIST URI request for known malicious URI - /images/crypt_22.exe || url,labs.snort.org/docs/17908.html
+17909 || BLACKLIST URI request for known malicious URI - /images/css/1.exe || url,labs.snort.org/docs/17909.html
+17910 || BLACKLIST URI request for known malicious URI - /7xdown.exe || url,labs.snort.org/docs/17910.html
+17911 || BLACKLIST URI request for known malicious URI - /winhelper.exe || url,labs.snort.org/docs/17911.html
+17912 || BLACKLIST URI request for known malicious URI - /upopwin/count.asp?mac= || url,labs.snort.org/docs/17912.html
+17913 || BLACKLIST URI request for known malicious URI - /ok.exe || url,labs.snort.org/docs/17913.html
+17914 || BLACKLIST URI request for known malicious URI - /LjBin/Bin.Dll || url,labs.snort.org/docs/17914.html
+17915 || BLACKLIST URI request for known malicious URI - /1001ns/cfg3n.bin || url,labs.snort.org/docs/17915.html
+17916 || BLACKLIST URI request for known malicious URI - /dh/stats.bin || url,labs.snort.org/docs/17916.html
+17917 || BLACKLIST URI request for known malicious URI - /zeus/config.bin || url,labs.snort.org/docs/17917.html
+17918 || PHISHING-SPAM aaof.onlinelewiss22r.ru known spam email attempt
+17919 || PHISHING-SPAM akiq.onlinetommie54y.ru known spam email attempt
+17920 || PHISHING-SPAM aobuii.onlinelewiss22r.ru known spam email attempt
+17921 || PHISHING-SPAM argue.medrayner44c.ru known spam email attempt
+17922 || PHISHING-SPAM ava.refilleldredge89r.ru known spam email attempt
+17923 || PHISHING-SPAM axoseb.medicdrugsxck.ru known spam email attempt
+17924 || PHISHING-SPAM azo.onlinetommie54y.ru known spam email attempt
+17925 || PHISHING-SPAM back.pharmroyce83b.ru known spam email attempt
+17926 || PHISHING-SPAM by.pharmroyce83b.ru known spam email attempt
+17927 || PHISHING-SPAM cardinals.refilldud86o.ru known spam email attempt
+17928 || PHISHING-SPAM chemist.onlineruggiero33q.ru known spam email attempt
+17929 || PHISHING-SPAM chula.pharmroyce83b.ru known spam email attempt
+17930 || PHISHING-SPAM classification.refillreade47j.ru known spam email attempt
+17931 || PHISHING-SPAM compensate.refilldud86o.ru known spam email attempt
+17932 || PHISHING-SPAM cswjlxey.ru known spam email attempt
+17933 || PHISHING-SPAM current.refillreade47j.ru known spam email attempt
+17934 || PHISHING-SPAM cyacaz.pilltodd73p.ru known spam email attempt
+17935 || PHISHING-SPAM deepcenter.ru known spam email attempt
+17936 || PHISHING-SPAM delegate.refillreade47j.ru known spam email attempt
+17937 || PHISHING-SPAM diet.medrayner44c.ru known spam email attempt
+17938 || PHISHING-SPAM direct.refillreade47j.ru known spam email attempt
+17939 || PHISHING-SPAM divyo.pillking74s.ru known spam email attempt
+17940 || PHISHING-SPAM drugsgeorge65g.ru known spam email attempt
+17941 || PHISHING-SPAM dux.erectnoll24k.ru known spam email attempt
+17942 || PHISHING-SPAM dypoh.erectjefferey85n.ru known spam email attempt
+17943 || PHISHING-SPAM eaihar.refilleldredge89r.ru known spam email attempt
+17944 || PHISHING-SPAM eeez.onlinehamel83i.ru known spam email attempt
+17945 || PHISHING-SPAM egi.refilleldredge89r.ru known spam email attempt
+17946 || PHISHING-SPAM ehyw.cumedicdrugsx.ru known spam email attempt
+17947 || PHISHING-SPAM eka.onlinehamel83i.ru known spam email attempt
+17948 || PHISHING-SPAM election.refillreade47j.ru known spam email attempt
+17949 || PHISHING-SPAM elik.drugslevy46b.ru known spam email attempt
+17950 || PHISHING-SPAM epeno.onlinelewiss22r.ru known spam email attempt
+17951 || PHISHING-SPAM erectgodart30s.ru known spam email attempt
+17952 || PHISHING-SPAM erol.camedicdrugsx.ru known spam email attempt
+17953 || PHISHING-SPAM exa.drugslevy46b.ru known spam email attempt
+17954 || PHISHING-SPAM eyu.onlinehamel83i.ru known spam email attempt
+17955 || PHISHING-SPAM fashionchannel.ru known spam email attempt
+17956 || PHISHING-SPAM fauxy.pillking74s.ru known spam email attempt
+17957 || PHISHING-SPAM food.refillreade47j.ru known spam email attempt
+17958 || PHISHING-SPAM generality.onlinehill21q.ru known spam email attempt
+17959 || PHISHING-SPAM goyry.ramedicdrugsx.ru known spam email attempt
+17960 || PHISHING-SPAM gueepa.erectnoll24k.ru known spam email attempt
+17961 || PHISHING-SPAM has.refillreade47j.ru known spam email attempt
+17962 || PHISHING-SPAM have.medrayner44c.ru known spam email attempt
+17963 || PHISHING-SPAM headtest.ru known spam email attempt
+17964 || PHISHING-SPAM huhuh.pilltodd73p.ru known spam email attempt
+17965 || PHISHING-SPAM hyem.pilltodd73p.ru known spam email attempt
+17966 || PHISHING-SPAM icysa.refilleldredge89r.ru known spam email attempt
+17967 || PHISHING-SPAM iiy.refilleldredge89r.ru known spam email attempt
+17968 || PHISHING-SPAM iki.onlinetommie54y.ru known spam email attempt
+17969 || PHISHING-SPAM iner.medicdrugsxdl.ru known spam email attempt
+17970 || PHISHING-SPAM in.onlinehill21q.ru known spam email attempt
+17971 || PHISHING-SPAM intelpost.ru known spam email attempt
+17972 || PHISHING-SPAM inunuw.medicdrugsxpo.ru known spam email attempt
+17973 || PHISHING-SPAM ipiig.drugslevy46b.ru known spam email attempt
+17974 || PHISHING-SPAM iqor.pilltodd73p.ru known spam email attempt
+17975 || PHISHING-SPAM is.medrayner44c.ru known spam email attempt
+17976 || PHISHING-SPAM itaca.erectnoll24k.ru known spam email attempt
+17977 || PHISHING-SPAM ive.pilltodd73p.ru known spam email attempt
+17978 || PHISHING-SPAM iweqyz.erectjefferey85n.ru known spam email attempt
+17979 || PHISHING-SPAM iycyde.medicdrugsxco.ru known spam email attempt
+17980 || PHISHING-SPAM iyw.refilleldredge89r.ru known spam email attempt
+17981 || PHISHING-SPAM jaecoh.erectnoll24k.ru known spam email attempt
+17982 || PHISHING-SPAM jael.pillking74s.ru known spam email attempt
+17983 || PHISHING-SPAM jex.remedicdrugsx.ru known spam email attempt
+17984 || PHISHING-SPAM john.onlinehill21q.ru known spam email attempt
+17985 || PHISHING-SPAM joseph.refillreade47j.ru known spam email attempt
+17986 || PHISHING-SPAM jyn.medicdrugsxdl.ru known spam email attempt
+17987 || PHISHING-SPAM jyzyv.refilleldredge89r.ru known spam email attempt
+17988 || PHISHING-SPAM koosaf.erectnoll24k.ru known spam email attempt
+17989 || PHISHING-SPAM lybah.pilltodd73p.ru known spam email attempt
+17990 || PHISHING-SPAM manila.onlinephilbert42f.ru known spam email attempt
+17991 || PHISHING-SPAM masa.erectjefferey85n.ru known spam email attempt
+17992 || PHISHING-SPAM medpenny17j.ru known spam email attempt
+17993 || PHISHING-SPAM minionspre.ru known spam email attempt
+17994 || PHISHING-SPAM nazuwu.onlinelewiss22r.ru known spam email attempt
+17995 || PHISHING-SPAM negotiations.refilldud86o.ru known spam email attempt
+17996 || PHISHING-SPAM niqiv.erectjefferey85n.ru known spam email attempt
+17997 || PHISHING-SPAM odimys.medicdrugsxlb.ru known spam email attempt
+17998 || PHISHING-SPAM odoog.onlinelewiss22r.ru known spam email attempt
+17999 || PHISHING-SPAM oekaka.aimedicdrugsx.ru known spam email attempt
+18000 || PHISHING-SPAM oeqio.erectnoll24k.ru known spam email attempt
+18001 || PHISHING-SPAM of.onlinephilbert42f.ru known spam email attempt
+18002 || PHISHING-SPAM of.refilldud86o.ru known spam email attempt
+18003 || PHISHING-SPAM of.refillreade47j.ru known spam email attempt
+18004 || PHISHING-SPAM oipek.onlinehamel83i.ru known spam email attempt
+18005 || PHISHING-SPAM oji.medicdrugsxto.ru known spam email attempt
+18006 || PHISHING-SPAM onotye.onlinelewiss22r.ru known spam email attempt
+18007 || PHISHING-SPAM opy.erectjefferey85n.ru known spam email attempt
+18008 || PHISHING-SPAM orderbuzz.ru known spam email attempt
+18009 || PHISHING-SPAM ouu.almedicdrugsx.ru known spam email attempt
+18010 || PHISHING-SPAM oxuc.pillking74s.ru known spam email attempt
+18011 || PHISHING-SPAM pillrolfe64l.ru known spam email attempt
+18012 || PHISHING-SPAM recently.refilldud86o.ru known spam email attempt
+18013 || PHISHING-SPAM records.onlinephilbert42f.ru known spam email attempt
+18014 || PHISHING-SPAM reobaj.onlinehamel83i.ru known spam email attempt
+18015 || PHISHING-SPAM research.onlinehill21q.ru known spam email attempt
+18016 || PHISHING-SPAM returning.refillreade47j.ru known spam email attempt
+18017 || PHISHING-SPAM right.refillreade47j.ru known spam email attempt
+18018 || PHISHING-SPAM riwaro.erectjefferey85n.ru known spam email attempt
+18019 || PHISHING-SPAM ruuav.erectnoll24k.ru known spam email attempt
+18020 || PHISHING-SPAM ryhux.medicdrugsxpa.ru known spam email attempt
+18021 || PHISHING-SPAM software-buyshop-7.ru known spam email attempt
+18022 || PHISHING-SPAM specialyou.ru known spam email attempt
+18023 || PHISHING-SPAM starring.pharmroyce83b.ru known spam email attempt
+18024 || PHISHING-SPAM store-softwarebuy-7.ru known spam email attempt
+18025 || PHISHING-SPAM sya.onlinehamel83i.ru known spam email attempt
+18026 || PHISHING-SPAM tabdarin80s.ru known spam email attempt
+18027 || PHISHING-SPAM tabgordan13n.ru known spam email attempt
+18028 || PHISHING-SPAM tablangston19a.ru known spam email attempt
+18029 || PHISHING-SPAM tabwebster77c.ru known spam email attempt
+18030 || PHISHING-SPAM tanuen.dimedicdrugsx.ru known spam email attempt
+18031 || PHISHING-SPAM the.onlinehill21q.ru known spam email attempt
+18032 || PHISHING-SPAM the.onlineruggiero33q.ru known spam email attempt
+18033 || PHISHING-SPAM to.medrayner44c.ru known spam email attempt
+18034 || PHISHING-SPAM trails.pharmroyce83b.ru known spam email attempt
+18035 || PHISHING-SPAM trusting-me.ru known spam email attempt
+18036 || PHISHING-SPAM twodays.ru known spam email attempt
+18037 || PHISHING-SPAM tyqaja.pilltodd73p.ru known spam email attempt
+18038 || PHISHING-SPAM uboi.onlinehamel83i.ru known spam email attempt
+18039 || PHISHING-SPAM uf.drugslevy46b.ru known spam email attempt
+18040 || PHISHING-SPAM uielij.pillking74s.ru known spam email attempt
+18041 || PHISHING-SPAM unasu.medicdrugsxto.ru known spam email attempt
+18042 || PHISHING-SPAM upazo.pilltodd73p.ru known spam email attempt
+18043 || PHISHING-SPAM utuqaj.pillking74s.ru known spam email attempt
+18044 || PHISHING-SPAM uuji.refilleldredge89r.ru known spam email attempt
+18045 || PHISHING-SPAM variation.refilldud86o.ru known spam email attempt
+18046 || PHISHING-SPAM via.refillreade47j.ru known spam email attempt
+18047 || PHISHING-SPAM voiceless.pharmroyce83b.ru known spam email attempt
+18048 || PHISHING-SPAM was.medrayner44c.ru known spam email attempt
+18049 || PHISHING-SPAM word.onlinephilbert42f.ru known spam email attempt
+18050 || PHISHING-SPAM world.onlinehill21q.ru known spam email attempt
+18051 || PHISHING-SPAM www.buhni.ru known spam email attempt
+18052 || PHISHING-SPAM www.visitcover.ru known spam email attempt
+18053 || PHISHING-SPAM xob.erectnoll24k.ru known spam email attempt
+18054 || PHISHING-SPAM ygy.onlinetommie54y.ru known spam email attempt
+18055 || PHISHING-SPAM yit.medicdrugsxor.ru known spam email attempt
+18056 || PHISHING-SPAM ylum.onlinelewiss22r.ru known spam email attempt
+18057 || PHISHING-SPAM ymyuto.onlinelewiss22r.ru known spam email attempt
+18058 || PHISHING-SPAM yomy.pillking74s.ru known spam email attempt
+18059 || PHISHING-SPAM yzugez.pillking74s.ru known spam email attempt
+18060 || PHISHING-SPAM zeroprices.ru known spam email attempt
+18061 || PHISHING-SPAM zueuz.onlinehamel83i.ru known spam email attempt
+18077 || SPECIFIC-THREATS Mozilla products CSS rendering out-of-bounds array write attempt || cve,2006-1739 || url,osvdb.org/show/osvdb/24660
+18078 || SPECIFIC-THREATS Mozilla products CSS rendering out-of-bounds array write attempt || cve,2006-1739 || url,osvdb.org/show/osvdb/24660
+18079 || BLACKLIST DNS request for known malware domain jsshmz.gotoip4.com
+18080 || BLACKLIST DNS request for known malware domain netrand.house.sina.com.cn
+18081 || BLACKLIST DNS request for known malware domain wenyixuan.3322.org
+18082 || BLACKLIST DNS request for known malware domain 3q.sbwanwan.com
+18083 || BLACKLIST DNS request for known malware domain 863.dclsba.com
+18084 || BLACKLIST DNS request for known malware domain drs317a.gotoip4.com
+18085 || BLACKLIST DNS request for known malware domain jsshmz.gotoip4.com
+18086 || BLACKLIST DNS request for known malware domain qq.sbwanwan.com
+18087 || BLACKLIST DNS request for known malware domain tiantianzaixian.gotoip1.com
+18088 || BLACKLIST DNS request for known malware domain wenyixuan.3322.org
+18089 || BLACKLIST DNS request for known malware domain www.auto328.com
+18090 || BLACKLIST DNS request for known malware domain www.comstelecom.com
+18091 || BLACKLIST DNS request for known malware domain www.goodfriends.or.kr
+18092 || BLACKLIST DNS request for known malware domain www.hao1345.com
+18093 || BLACKLIST DNS request for known malware domain www.opusgame.com
+18094 || BLACKLIST DNS request for known malware domain www.theoffstage.com
+18095 || BLACKLIST DNS request for known malware domain www.wwmei.com
+18096 || WEB-MISC Apache Tomcat username enumeration attempt || bugtraq,35196 || cve,2009-0580
+18097 || WEB-ACTIVEX VMWare Remote Console Plug-In ActiveX clsid access || cve,2009-3732
+18098 || BLACKLIST URI request for known malicious URI - /set/first.html || url,www.trustdefender.com/blog/2010/10/06/carberp-%E2%80%93-a-new-trojan-in-the-making/
+18099 || BLACKLIST URI request for known malicious URI - /cfg/*.plug || url,www.trustdefender.com/blog/2010/10/06/carberp-%E2%80%93-a-new-trojan-in-the-making/
+18100 || BOTNET-CNC Tidserv malware command and control channel traffic || url,www.threatexpert.com/report.aspx?uid=cffa846b-93ba-438d-8715-0665b6cd9627
+18103 || BLACKLIST DNS request for known malware domain 5yvod.net || cve,2010-3962
+18104 || BLACKLIST DNS request for known malware domain b.9s3.info || cve,2010-3962
+18105 || BLACKLIST DNS request for known malware domain baidutaobao.gotoip55.com || cve,2010-3962
+18106 || BLACKLIST DNS request for known malware domain e.msssm.com || cve,2010-3962
+18107 || BLACKLIST DNS request for known malware domain jsshmz.gotoip4.com || cve,2010-3962
+18108 || BLACKLIST DNS request for known malware domain phoroshop.es || cve,2010-3962
+18109 || BLACKLIST DNS request for known malware domain talk.cetizen.com || cve,2010-3962
+18110 || BLACKLIST DNS request for known malware domain tiantianzaixian.gotoip1.com || cve,2010-3962
+18111 || BLACKLIST DNS request for known malware domain v.9y9c.co.cc || cve,2010-3962
+18112 || BLACKLIST DNS request for known malware domain wenyixuan.3322.org. || cve,2010-3962
+18113 || BLACKLIST DNS request for known malware domain wusheng03.3322.org || cve,2010-3962
+18114 || BLACKLIST DNS request for known malware domain www.5fqq.com || cve,2010-3962
+18115 || BLACKLIST DNS request for known malware domain www.ajs2002.com || cve,2010-3962
+18116 || BLACKLIST DNS request for known malware domain www.bnbsoft.co.kr || cve,2010-3962
+18117 || BLACKLIST DNS request for known malware domain www.cineseoul.com || cve,2010-3962
+18118 || BLACKLIST DNS request for known malware domain www.hao1345.com || cve,2010-3962
+18119 || BLACKLIST DNS request for known malware domain www.ilbondrama.net || cve,2010-3962
+18120 || BLACKLIST DNS request for known malware domain www.iwebdy.net || cve,2010-3962
+18121 || BLACKLIST DNS request for known malware domain www.linzhiling123.com || cve,2010-3962
+18122 || BLACKLIST DNS request for known malware domain www.opusgame.com || cve,2010-3962
+18123 || BLACKLIST DNS request for known malware domain www.phoroshop.es || cve,2010-3962
+18124 || BLACKLIST DNS request for known malware domain www.sijianfeng.com || cve,2010-3962
+18125 || BLACKLIST DNS request for known malware domain www.tpydb.com || cve,2010-3962
+18126 || BLACKLIST DNS request for known malware domain www.tpydb.com || cve,2010-3962
+18127 || BLACKLIST DNS request for known malware domain www.univus.co.kr || cve,2010-3962
+18128 || BLACKLIST DNS request for known malware domain www.uwonderfull.com || cve,2010-3962
+18129 || BLACKLIST DNS request for known malware domain www.w22rt.com || cve,2010-3962
+18130 || BLACKLIST DNS request for known malware domain www.wwmei.com || cve,2010-3962
+18131 || BLACKLIST DNS request for known malware domain www.ybtour.co.kr || cve,2010-3962
+18132 || SPECIFIC-THREATS malware-associated JavaScript obfuscation function || url,labs.snort.org/docs/18132.html
+18133 || BLACKLIST DNS request for known malware domain www.001zs.com || cve,2010-3962
+18134 || BLACKLIST DNS request for known malware domain www.551sf.com || cve,2010-3962
+18135 || BLACKLIST DNS request for known malware domain www.555hd.com || cve,2010-3962
+18136 || BLACKLIST DNS request for known malware domain www.66xihu.com || cve,2010-3962
+18137 || BLACKLIST DNS request for known malware domain www.9292cs.cn || cve,2010-3962
+18138 || BLACKLIST DNS request for known malware domain www.chateaulegend.com || cve,2010-3962
+18139 || BLACKLIST DNS request for known malware domain www.china-aoben.com || cve,2010-3962
+18140 || BLACKLIST DNS request for known malware domain www.cqtjg.com || cve,2010-3962
+18141 || BLACKLIST DNS request for known malware domain www.dspenter.com || cve,2010-3962
+18142 || BLACKLIST DNS request for known malware domain www.eastadmin.com || cve,2010-3962
+18143 || BLACKLIST DNS request for known malware domain www.fp0755.cn || cve,2010-3962
+18144 || BLACKLIST DNS request for known malware domain www.fp0769.com || cve,2010-3962
+18145 || BLACKLIST DNS request for known malware domain www.fp360.net || cve,2010-3962
+18146 || BLACKLIST DNS request for known malware domain www.gdfp365.cn || cve,2010-3962
+18147 || BLACKLIST DNS request for known malware domain www.gev.cn || cve,2010-3962
+18148 || BLACKLIST DNS request for known malware domain www.haoleyou.com || cve,2010-3962
+18149 || BLACKLIST DNS request for known malware domain www.haosf08.com || cve,2010-3962
+18150 || BLACKLIST DNS request for known malware domain www.jxbaike.com || cve,2010-3962
+18151 || BLACKLIST DNS request for known malware domain www.kingsoftduba2009.com || cve,2010-3962
+18152 || BLACKLIST DNS request for known malware domain www.mainhu.com || cve,2010-3962
+18153 || BLACKLIST DNS request for known malware domain www.maoyiren.com || cve,2010-3962
+18154 || BLACKLIST DNS request for known malware domain www.nc57.com || cve,2010-3962
+18155 || BLACKLIST DNS request for known malware domain www.pplog.cn || cve,2010-3962
+18156 || BLACKLIST DNS request for known malware domain www.pxflm.com || cve,2010-3962
+18157 || BLACKLIST DNS request for known malware domain www.quyou365.com || cve,2010-3962
+18158 || BLACKLIST DNS request for known malware domain www.shzhaotian.cn || cve,2010-3962
+18159 || BLACKLIST DNS request for known malware domain www.soanala.com || cve,2010-3962
+18160 || BLACKLIST DNS request for known malware domain www.stony-skunk.com || cve,2010-3962
+18161 || BLACKLIST DNS request for known malware domain www.street08.com || cve,2010-3962
+18162 || BLACKLIST DNS request for known malware domain www.weilingcy.com || cve,2010-3962
+18163 || BLACKLIST DNS request for known malware domain www.yisaa.com || cve,2010-3962
+18164 || BLACKLIST DNS request for known malware domain www.yx240.com || cve,2010-3962
+18165 || BLACKLIST DNS request for known malware domain e.mssm.com || cve,2010-3962
+18166 || BLACKLIST DNS request for known malware domain dfgdd.9y6c.co.cc || cve,2010-3962
+18167 || WEB-CLIENT Possible generic javascript heap spray attempt || bugtraq,35660
+18168 || WEB-CLIENT Possible generic javascript heap spray attempt || bugtraq,35660
+18169 || WEB-ACTIVEX WinZip FileView 6.1 ActiveX function call unicode access || bugtraq,21060 || bugtraq,21108 || cve,2006-3890 || cve,2006-5198 || url,www.winzip.com/wz7245.htm
+18170 || SPECIFIC-THREATS Mozilla Firefox and SeaMonkey onUnload event handler memory corruption attempt || bugtraq,22679 || cve,2007-1092
+18171 || EXPLOIT Multiple product mailto uri handling code execution attempt || bugtraq,25053 || bugtraq,25945 || cve,2007-3845 || cve,2007-3896 || cve,2007-4041 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
+18172 || EXPLOIT Multiple product mailto uri handling code execution attempt || bugtraq,25053 || bugtraq,25945 || cve,2007-3845 || cve,2007-3896 || cve,2007-4041 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
+18173 || EXPLOIT Multiple product mailto uri handling code execution attempt || bugtraq,25053 || bugtraq,25945 || cve,2007-3845 || cve,2007-3896 || cve,2007-4041 || url,www.microsoft.com/technet/security/advisory/943521.mspx || url,www.microsoft.com/technet/security/bulletin/ms07-057.mspx
+18174 || SPECIFIC-THREATS Microsoft Internet Explorer CSS memory corruption attempt || bugtraq,10816 || cve,2004-0842
+18175 || SPECIFIC-THREATS Microsoft Internet Explorer CSS memory corruption attempt || bugtraq,10816 || cve,2004-0842
+18176 || SPECIFIC-THREATS Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt || bugtraq,19197 || cve,2006-3113
+18177 || SPECIFIC-THREATS Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt || bugtraq,19197 || cve,2006-3113
+18178 || SPECIFIC-THREATS Mozilla browsers memory corruption simultaneous XPCOM events code execution attempt || bugtraq,19197 || cve,2006-3113
+18179 || SCAN Proxyfire.net anonymous proxy scan || url,www.proxyfire.net/index.php
+18181 || SPECIFIC-THREATS ProFTPd 1.3.3c backdoor activity || url,sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org || url,xorl.wordpress.com/2010/12/02/news-proftpd-owned-and-backdoored/
+18182 || SPECIFIC-THREATS ProFTPd 1.3.3c backdoor help access attempt || url,sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org || url,xorl.wordpress.com/2010/12/02/news-proftpd-owned-and-backdoored/
+18183 || BLACKLIST DNS request for known malware domain mailzou.com || cve,2010-3962
+18184 || BLACKLIST DNS request for known malware domain dnf.gametime.co.kr || cve,2010-3962
+18185 || BLACKLIST DNS request for known malware domain www.dd0415.net || cve,2010-3962
+18186 || SPECIFIC-THREATS Mozilla products -moz-grid and -moz-grid-group display styles code execution attempt || bugtraq,17516 || cve,2006-1738
+18187 || SPECIFIC-THREATS Mozilla Firefox InstallTrigger.install memory corruption attempt || bugtraq,17516 || cve,2006-1790
+18188 || SPECIFIC-THREATS Multiple browser marquee tag denial of service attempt || bugtraq,18165 || cve,2006-2723
+18189 || NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt || bugtraq,24198 || cve,2007-2446
+18190 || NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt || bugtraq,24198 || cve,2007-2446
+18191 || NETBIOS DCERPC NCACN-IP-TCP netdfs NetrDfsEnum attempt || bugtraq,24198 || cve,2007-2446
+18192 || NETBIOS DCERPC NCADG-IP-UDP netdfs NetrDfsEnum attempt || bugtraq,24198 || cve,2007-2446
+18193 || SPECIFIC-THREATS Microsoft Internet Explorer cross domain information disclosure attempt || bugtraq,18682 || cve,2006-3280
+18194 || SPECIFIC-THREATS Microsoft Internet Explorer cross domain information disclosure attempt || bugtraq,18682 || cve,2006-3280
+18195 || SPECIFIC-THREATS SMB Negotiate Protocol response DoS attempt || cve,2009-3676 || url,www.microsoft.com/technet/security/bulletin/MS10-020.mspx
+18196 || WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt || url,seclists.org/fulldisclosure/2010/Dec/110 || url,www.vupen.com/english/advisories/2010/3156
+18228 || DELETED WEB-MISC Microsoft FlashPix file download
+18232 || DELETED WEB-MISC Microsoft OpenType Font file download
+18234 || WEB-MISC QuickDraw/PICT file download request
+18239 || WEB-CLIENT known malicious JavaScript decryption routine
+18240 || WEB-CLIENT Microsoft Internet Explorer CSS importer use-after-free attempt || url,seclists.org/fulldisclosure/2010/Dec/110 || url,www.vupen.com/english/advisories/2010/3156
+18241 || WEB-ACTIVEX Microsoft WMI Administrator Tools Object Viewer ActiveX clsid access || url,secunia.com/advisories/42693/
+18242 || WEB-ACTIVEX Microsoft WMI Administrator Tools Object Viewer ActiveX function call access || url,secunia.com/advisories/42693/
+18243 || SPECIFIC-THREATS Microsoft Windows 7 IIS7.5 FTPSVC buffer overflow attempt || bugtraq,45542