IPS Signature Database Version: 5.15.89 IPS Signature Database Release Notesth Version 5.15.89 ------Release Notes Date:14 May------, 2019

Release Information

Upgrade Applicable on

IPS Signature Release Version 5.15.87 Cyberoam Appliance Models CR35wi, CR35ia, CR25wi, CR25ia, CR25i, CR15wi, CR15i

Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances

Compatibility Annotations: None

Introduction

The Release Note document for IPS Signature Database Version 5.15.89 includes support for the new signatures. The following sections describe the release in detail.

New IPS Signatures

The Cyberoam Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms.

Report false positives at [email protected] along with the application details.

This IPS Release includes Two Thousand Two Hundred And Forty Three(2243) signatures to address One Thousand One Hundred And Forty Five(1145) vulnerabilities.

Page 1 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Name CVE–ID Rev No. Category Severity Applicable from Version 3CX Phone System Web VAD_Deploy.aspx Arbitrary NA 1 Services and 1 10.06.1 Build 631 File Upload Applications Adobe Acrobat and Reader CVE- AcroForm Encoding Code 2017- 1 Multimedia 2 10.06.1 Build 631 Execution 11263 Adobe Acrobat and Reader CVE- docID Stack Buffer Overflow 1 Office Tools 1 10.06.1 Build 631 2018-4901 CVE-2018-4901 Adobe Acrobat and Reader CVE- JPEG2000 Out of Bounds 1 Office Tools 2 10.06.1 Build 631 2017-2946 Read Adobe Acrobat and Reader CVE- JPEG2000 Parsing Heap- 1 Office Tools 1 10.06.1 Build 631 2017-3055 based Buffer Overflow Adobe Acrobat and Reader CVE- JPEG2000 Parsing Out of 2017- 1 Office Tools 1 10.06.1 Build 631 Bounds Read 16374 Adobe Acrobat and Reader CVE- JPEG2000 Parsing Out of 1 Office Tools 1 10.06.1 Build 631 2017-3045 Bounds Read Adobe Acrobat CVE- ImageConversion EMF 2017- 1 Office Tools 1 10.06.1 Build 631 EmfPlus Heap-based Buffer 16416 Overflow Adobe Acrobat Application ImageConversion EMF CVE- 1 and 2 10.06.1 Build 631 EmfPlus Heap-based Buffer 2018-4895 Overflow Adobe Acrobat ImageConversion EMF CVE- 1 Office Tools 2 10.06.1 Build 631 EMR_STRETCHBLT Out of 2018-4886 Bounds Read Adobe Acrobat CVE- ImageConversion EMF 2017- 1 Office Tools 1 10.06.1 Build 631 EMR_STRETCHDIBITS 16397 Heap-based Buffer Overflow Adobe Acrobat CVE- ImageConversion EMF 2017- 1 Office Tools 1 10.06.1 Build 631 Integer Overflow CVE-2017- 11308 11308 Adobe Acrobat CVE- ImageConversion EMF 2017- 1 Misc 2 10.06.1 Build 631 Parsing Integer Overflow 11227 Adobe Acrobat CVE- 1 Office Tools 1 10.06.1 Build 631 ImageConversion EMF 2017-

Page 2 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Parsing Out-Of-Bounds 11249 Read Adobe Acrobat CVE- ImageConversion JPEG 1 Office Tools 1 10.06.1 Build 631 2017-2959 Heap-based Buffer Overflow Adobe Acrobat CVE- ImageConversion JPEG 1 Multimedia 1 10.06.1 Build 631 2017-2960 Out-of-Bounds Read Adobe Acrobat ImageConversion PCX CVE- 1 Office Tools 1 10.06.1 Build 631 Parsing Out-Of-Bounds 2017-3036 Write Adobe Acrobat CVE- ImageConversion TIFF 1 Office Tools 2 10.06.1 Build 631 2017-2966 Heap-based Buffer Overflow Adobe Acrobat Reader CVE- JPEG2000 Information 1 Office Tools 3 10.06.1 Build 631 2016-1078 Disclosure Adobe ColdFusion RMI CVE- Registry Insecure 2017- 1 Misc 1 10.06.1 Build 631 Deserialization 11284 MP3 ID3 Heap CVE- 1 Multimedia 3 10.06.1 Build 631 Buffer Overflow 2015-8446 Adobe Flash Player LocaleID CVE- 1 Office Tools 1 10.06.1 Build 631 determinePreferredLocales 2017-3114 Out-Of-Bounds Access Adobe JPEG 2000 Processing CVE-2017-3046 CVE- 1 Office Tools 1 10.06.1 Build 631 Memory Corruption 2017-3046 Vulnerability Adobe PDF Processing CVE- CVE-2017-3037 Memory 1 Office Tools 1 10.06.1 Build 631 2017-3037 Corruption Vulnerability Adobe PDF Reader CVE- 2016-6944 Use-After-Free CVE- 1 Office Tools 1 10.06.1 Build 631 Remote Code Execution 2016-6944 Vulnerability Adobe PDF Reader CVE- 2016-6945 Use-After-Free CVE- 1 Office Tools 1 10.06.1 Build 631 Remote Code Execution 2016-6945 Vulnerability Adobe PDF Reader CVE- 2016-6950 Use-After-Free CVE- 1 Office Tools 1 10.06.1 Build 631 Remote Code Execution 2016-6950 Vulnerability Adobe PDF Reader CVE- CVE- 1 Office Tools 1 10.06.1 Build 631 2016-6952 Use-After-Free 2016-6952

Page 3 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Remote Code Execution Vulnerability Adobe PDF Reader CVE- 2016-6953 Use-After-Free CVE- 1 Office Tools 1 10.06.1 Build 631 Remote Code Execution 2016-6953 Vulnerability Adobe PDF Reader CVE- 2016-6958 Use-After-Free CVE- 1 Office Tools 1 10.06.1 Build 631 Remote Code Execution 2016-6958 Vulnerability Adobe PDF Reader CVE- 2016-6972 Use-After-Free CVE- 1 Office Tools 1 10.06.1 Build 631 Remote Code Execution 2016-6972 Vulnerability Adobe PDF Reader CVE- 2016-6988 Use-After-Free CVE- 1 Office Tools 1 10.06.1 Build 631 Remote Code Execution 2016-6988 Vulnerability Adobe Reader and Acrobat CVE- XSLT function-available 1 Misc 1 10.06.1 Build 631 2017-2949 Buffer Overflow Adobe Reader DC CVE- JPEG2000 CVE-2016-7854 1 Multimedia 1 10.06.1 Build 631 2016-7854 Out-of-Bounds Read Adobe Reader PDF Engine CVE- CVE-2017-3014 Use-After- 1 Office Tools 1 10.06.1 Build 631 2017-3014 Free Vulnerability Adobe Reader PDF Engine CVE- CVE-2017-3017 Memory 1 Office Tools 1 10.06.1 Build 631 2017-3017 Corruption Vulnerability Adobe Reader PDF Engine CVE- CVE-2017-3021 Memory 1 Office Tools 1 10.06.1 Build 631 2017-3021 Corruption Vulnerability Adobe Reader PDF Engine CVE- CVE-2017-3023 Memory 1 Office Tools 1 10.06.1 Build 631 2017-3023 Corruption Vulnerability Adobe Reader PDF Engine CVE- CVE-2017-3026 Memory 1 Office Tools 1 10.06.1 Build 631 2017-3026 Corruption Vulnerability II Adobe Reader PDF Engine CVE- CVE-2017-3026 Memory 1 Office Tools 1 10.06.1 Build 631 2017-3026 Corruption Vulnerability I Adobe Reader PDF Engine CVE- CVE-2017-3027 Memory 1 Office Tools 1 10.06.1 Build 631 2017-3027 Corruption Vulnerability Adobe TIFF File Processing CVE- CVE-2017-3048 Memory 1 Office Tools 1 10.06.1 Build 631 2017-3048 Corruption Vulnerability

Page 4 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Adobe TIFF File Processing CVE- CVE-2017-3049 Heap 1 Office Tools 1 10.06.1 Build 631 2017-3049 Overflow Vulnerability Adobe TIFF Pixel Processing CVE-2017-3028 CVE- 1 Office Tools 1 10.06.1 Build 631 Memory Corruption 2017-3028 Vulnerability Advantech WebAccess Application CVE- Dashboard openWidget 1 and 2 10.06.1 Build 631 2016-0855 Directory Traversal Software Advantech WebAccess Application CVE- Dashboard removeFile 1 and 1 10.06.1 Build 631 2016-0855 Directory Traversal Software Advantech WebAccess Application CVE- Dashboard removeFolder 1 and 3 10.06.1 Build 631 2016-0855 Directory Traversal Software Advantech WebAccess Application CVE- Dashboard uploadFile 1 and 2 10.06.1 Build 631 2016-0854 Arbitrary File Upload Software Advantech WebAccess Application Dashboard CVE- 1 and 1 10.06.1 Build 631 uploadImageCommon 2016-0854 Software Arbitrary File Upload Advantech WebAccess Application datacore Service Function CVE- 1 and 1 10.06.1 Build 631 0x5228 strcpy Heap Buffer 2016-0857 Software Overflow Advantech WebAccess Application datacore Service Function CVE- 1 and 2 10.06.1 Build 631 0x523a strcpy Buffer 2016-0856 Software Overflow Advantech WebAccess CVE- Apache Node chkLogin2 SQL 1 2 10.06.1 Build 631 2018-5443 HTTP Server Injection Advantech WebAccess CVE- Web rmTemplate.aspx SQL 2017- 1 Services and 2 10.06.1 Build 631 Injection 12710 Applications Advantech WebAccess Web SCADA certUpdate.asp CVE- 1 Services and 1 10.06.1 Build 631 filename Directory Traversal 2018-5445 Applications CVE-2018-5445 Advantech WebAccess CVE- Web SCADA gmicons.asp picfile 2017- 1 Services and 1 10.06.1 Build 631 Arbitrary File Upload CVE- 16736 Applications 2017-16736 Advantech WebAccess Web CVE- updateTemplate.aspx SQL 1 Services and 2 10.06.1 Build 631 2017-5154 Injection Applications

Page 5 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Advantech WebAccess Application webvrpcs Service CVE- 1 and 1 10.06.1 Build 631 BwWebSvc.dll Buffer 2016-0856 Software Overflow Advantech WebAccess Industrial CVE- webvrpcs Service Function 1 Control 1 10.06.1 Build 631 2016-0856 0x013C71 Buffer Overflow System Advantech WebAccess Industrial CVE- webvrpcs Service Function 1 Control 1 10.06.1 Build 631 2016-0856 0x013C80 Buffer Overflow System Advantech WebAccess Industrial CVE- webvrpcs Service strncpy 1 Control 1 10.06.1 Build 631 2016-0856 Buffer Overflow System Adylkuzz Cryptocurrency Malware Botnet Suspicious Requests NA 1 Communicati 1 10.06.1 Build 631 III on Adylkuzz Cryptocurrency Malware Botnet Suspicious Requests NA 1 Communicati 1 10.06.1 Build 631 II on Adylkuzz Cryptocurrency Malware Botnet Suspicious Requests NA 1 Communicati 1 10.06.1 Build 631 I on Adylkuzz Cryptocurrency Malware Botnet Suspicious Requests NA 1 Communicati 1 10.06.1 Build 631 IV on Adylkuzz Cryptocurrency Malware Botnet Suspicious Requests NA 1 Communicati 1 10.06.1 Build 631 VII on Adylkuzz Cryptocurrency Malware Botnet Suspicious Requests NA 1 Communicati 1 10.06.1 Build 631 VI on Adylkuzz Cryptocurrency Malware Botnet Suspicious Requests NA 1 Communicati 1 10.06.1 Build 631 V on Aerospike Database Server CVE- as_sindex__simatch_by_ina 1 Misc 1 10.06.1 Build 631 2016-9052 me Stack Buffer Overflow Aerospike Database Server as_sindex__simatch_list_by CVE- 1 Misc 2 10.06.1 Build 631 _set_binid Stack Buffer 2016-9054 Overflow Alienvault Unified Security Application Management and OSSIM CVE- 1 and 1 10.06.1 Build 631 gauge.php SQL Injection 2016-8582 Software (Decrypted Traffic) AlienVault USM and OSSIM Web fqdn get_fqdn Command NA 1 Services and 1 10.06.1 Build 631 Injection (Decrypted Traffic) Applications

Page 6 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

AlienVault USM and OSSIM Application get_directive_kdb.php NA 1 and 1 10.06.1 Build 631 directive_id SQL Injection Software (Decrypted Traffic) Web Alucar php shell download NA 1 Services and 3 10.06.1 Build 631 attempt Applications Apache ActiveMQ Fileserver CVE- Apache File Upload Directory 1 1 10.06.1 Build 631 2016-3088 HTTP Server Traversal Apache ActiveMQ Fileserver CVE- Apache 1 1 10.06.1 Build 631 MOVE Directory Traversal 2016-3088 HTTP Server CVE- Apache FileUpload Boundary Denial 1 3 10.06.1 Build 631 2016-3092 HTTP Server of Service Apache Continuum Apache saveInstallation.action NA 1 1 10.06.1 Build 631 HTTP Server Command Injection Apache CouchDB JSON CVE- Remote Privilege Escalation 2017- 1 Misc 1 10.06.1 Build 631 CVE-2017-12635 12635 Apache httpd ap_find_token CVE- 1 Misc 2 10.06.1 Build 631 Out of Bounds Read 2017-7668 Apache httpd FilesMatch CVE- Apache Directive Security Restriction 2017- 1 2 10.06.1 Build 631 HTTP Server Bypass 15715 Apache httpd CVE- mod_auth_digest Memory 1 Misc 1 10.06.1 Build 631 2017-9788 Access Denial of Service Apache httpd CVE- Apache mod_cache_socache Denial 1 2 10.06.1 Build 631 2018-1303 HTTP Server of Service Apache HTTPD mod_http2 CVE- Null Pointer Dereference 1 Misc 1 10.06.1 Build 631 2017-7659 CVE-2017-7659 Apache HTTP Server CVE- mod_http2 Module Denial of 1 Misc 1 10.06.1 Build 631 2016-8740 Service (Published Exploit) Apache Jetspeed Application CVE- PageManagementService 1 and 2 10.06.1 Build 631 2016-0711 Cross-Site Scripting Software Apache Jetspeed Portal Site CVE- Apache Manager ZIP File Upload 1 2 10.06.1 Build 631 2016-0709 HTTP Server Directory Traversal Apache Jetspeed Portal URI CVE- Apache 1 2 10.06.1 Build 631 Path Cross-Site Scripting 2016-0712 HTTP Server Apache OpenMeetings CVE- 1 Apache 4 10.06.1 Build 631

Page 7 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Event Description Cross-Site 2016-2163 HTTP Server Scripting Apache OpenMeetings ZIP CVE- Apache 1 3 10.06.1 Build 631 File Path Traversal 2016-0784 HTTP Server Data Import Handler XML External Entity CVE- Apache 1 2 10.06.1 Build 631 Expansion Information 2018-1308 HTTP Server Disclosure Apache Solr xmlparser XML CVE- Web External Entity Expansion 2017- 1 Services and 1 10.06.1 Build 631 Remote Code Execution 12629 Applications Operating Apache Struts2 Jakarta CVE- 1 System and 1 10.06.1 Build 631 Multipart Parser RCE 2017-5638 Services REST Operating CVE- Plugin XStreamHandler 1 System and 1 10.06.1 Build 631 2017-9805 Insecure Deserialization Services Apache Struts 2 Struts 1 Web CVE- Plugin Remote Code 1 Services and 1 10.06.1 Build 631 2017-9791 Execution Applications Apache Struts Jakarta Operating CVE- Multipart Parser Remote 1 System and 1 10.06.1 Build 631 2017-5638 Code Execution Services Apache Struts REST Plugin CVE- Apache 1 1 10.06.1 Build 631 DMI Code Execution 2016-3087 HTTP Server Apache Struts URLValidator CVE- Apache 1 1 10.06.1 Build 631 Denial of Service 2016-4465 HTTP Server Apache Struts XSLTResult CVE- Apache 1 1 10.06.1 Build 631 File Inclusion 2016-3082 HTTP Server CVE- Apache mod_authz_svn COPY 1 1 10.06.1 Build 631 2016-2168 HTTP Server MOVE Denial of Service Apache Subversion svn-ssh CVE- 1 Misc 2 10.06.1 Build 631 URL Command Execution 2017-9800 CVE-2017- CVE- Apache 12617 HTTP PUT Remote 2017- 1 2 10.06.1 Build 631 HTTP Server Code Execution 12617 Apache Tomcat HTTP PUT CVE- Windows Remote Code 2017- 1 Misc 1 10.06.1 Build 631 Execution 12615 Apple QuickTime MP4 Application CVE- Absent stbl Box Memory 1 and 2 10.06.1 Build 631 2015-3667 Corruption Software Apple QuickTime PSD File CVE- Parsing CVE-2016-1769 1 Misc 3 10.06.1 Build 631 2016-1769 Memory Corruption

Page 8 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Asterisk CVE- cdr_object_update_party_b_ 2017- 1 Misc 3 10.06.1 Build 631 userfield_cb Buffer Overflow 16671 VoIP and Asterisk Register with no NA 1 Instant 2 10.06.1 Build 631 URI or Version DOS Attempt Messaging Atlassian FishEye and Web Crucible CVE- 1 Services and 2 10.06.1 Build 631 mostActiveCommitters 2017-9512 Applications Information Disclosure ATTACK-RESPONSES Application CVE- successful gobbles ssh 1 and 2 10.06.1 Build 631 2002-0390 exploit uname Software Autodesk Design Review BMP biClrUsed Buffer NA 1 Misc 1 10.06.1 Build 631 Overflow Web base64-encoded c99 shell NA 1 Services and 3 10.06.1 Build 631 download Applications Brocade Network Advisor Web CliMonitorReportServlet CVE- 1 Services and 2 10.06.1 Build 631 FILENAME Directory 2016-8207 Applications Traversal CVE-2016-8207 Brocade Network Advisor Web CliMonitorReportServlet CVE- 1 Services and 2 10.06.1 Build 631 FILENAME Directory 2016-8207 Applications Traversal Brocade Network Advisor Web DashboardFileReceiveServl CVE- 1 Services and 1 10.06.1 Build 631 et filename Directory 2016-8205 Applications Traversal Brocade Network Advisor Web CVE- SoftwareImageUpload name 1 Services and 2 10.06.1 Build 631 2016-8206 filename Directory Traversal Applications BROWSER-FIREFOX Mozilla NNTP URL CVE- CVE- 1 Browsers 2 10.06.1 Build 631 2004-1316 Handling Buffer 2004-1316 Overflow II BROWSER-IE Internet Explorer WeakMap Freeze CVE- 1 Browsers 2 10.06.1 Build 631 memory corruption attempt 2017-8750 CVE-2017-8750 BROWSER-IE Internet CVE- Explorer WeakMap Freeze 1 Browsers 2 10.06.1 Build 631 2017-8750 memory corruption attempt BROWSER-IE Microsoft CVE- Edge 2017-11916 Array 2017- 1 Browsers 2 10.06.1 Build 631 Type Confusion Attempt 11916

Page 9 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

BROWSER-IE Microsoft CVE- 1 Browsers 2 10.06.1 Build 631 Edge App-v vbs Command 2018-8495 BROWSER-IE Microsoft Edge Browser CVE-2018- CVE- 1 Browsers 1 10.06.1 Build 631 8618 Chakra Script Type 2018-8618 Confusion Exploit BROWSER-IE Microsoft CVE- Edge Chakra CVE-2018- 1 Browsers 2 10.06.1 Build 631 2018-8367 8367 engine Use After Free BROWSER-IE Microsoft Edge Chakra CVE-2018- CVE- 1 Browsers 1 10.06.1 Build 631 8583 Scripting Engine 2018-8583 Memory Corruption BROWSER-IE Microsoft Edge Chakra Scripting CVE- 1 Browsers 2 10.06.1 Build 631 Engine memory corruption 2018-8266 attempt BROWSER-IE Microsoft Edge Chakra scripting CVE- 1 Browsers 1 10.06.1 Build 631 engine type confusion 2018-8229 attempt BROWSER-IE Microsoft Edge Chakra Scripting CVE- 1 Browsers 2 10.06.1 Build 631 Engine type confusion 2018-8372 attempt BROWSER-IE Microsoft Edge CSS animation style CVE- 1 Browsers 2 10.06.1 Build 631 information disclosure 2017-0011 attempt BROWSER-IE Microsoft Edge CVE-2017-0066 CVE- 1 Browsers 2 10.06.1 Build 631 Scripting Engine Security 2017-0066 Bypass css BROWSER-IE Microsoft CVE- Edge CVE-2017-11841 2017- 1 Browsers 2 10.06.1 Build 631 Chakra Closure use after 11841 free attempt BROWSER-IE Microsoft CVE- Edge CVE-2017-11858 2017- 1 Browsers 2 10.06.1 Build 631 scripting engine memory 11858 corruption attempt BROWSER-IE Microsoft Edge CVE-2017-11889 CVE- Scripting Engine 1 Browsers 2 10.06.1 Build 631 2017-0236 postMessage Use After Free Attempt BROWSER-IE Microsoft CVE- Edge CVE-2017-11893 2017- 1 Browsers 2 10.06.1 Build 631 Memory Corruption Attempt 11893

Page 10 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

BROWSER-IE Microsoft CVE- Edge CVE-2017-11914 2017- 1 Browsers 2 10.06.1 Build 631 defineGetter Type Confusion 11914 Attempt BROWSER-IE Microsoft CVE- Edge CVE-2017-11930 2017- 1 Browsers 2 10.06.1 Build 631 Memory Corruption Attempt 11930 BROWSER-IE Microsoft Edge CVE-2018-0858 CVE- 1 Browsers 2 10.06.1 Build 631 Scripting Engine Memory 2018-0858 Corruption Attempt BROWSER-IE Microsoft Edge CVE-2018-0874 CVE- 1 Browsers 1 10.06.1 Build 631 Uninitialized Memory Use 2018-0874 vulnerability BROWSER-IE Microsoft Edge CVE-2018-0893 CVE- 1 Browsers 1 10.06.1 Build 631 Uninitialized Memory Use 2018-0893 vulnerability BROWSER-IE Microsoft CVE- Edge CVE-2018-8456 Type 1 Browsers 2 10.06.1 Build 631 2018-8456 Confusion BROWSER-IE Microsoft Edge CVE-2018-8459 Empty CVE- 1 Browsers 2 10.06.1 Build 631 Prototype Use-After-Free 2018-8459 Attempt BROWSER-IE Microsoft Edge CVE-2018-8466 CVE- 1 Browsers 2 10.06.1 Build 631 scripting engine memory 2018-8466 corruption attempt BROWSER-IE Microsoft Edge CVE-2018-8467 Type CVE- 1 Browsers 2 10.06.1 Build 631 Confusion Code Execution 2018-8467 Attempt BROWSER-IE Microsoft Edge CVE-2018-8555 JIT CVE- 1 Browsers 2 10.06.1 Build 631 Floating Point Value Type 2018-8555 Confusion Attempt BROWSER-IE Microsoft Edge CVE-2018-8556 CVE- 1 Browsers 3 10.06.1 Build 631 bailOnImplicitCall Type 2018-8556 Confusion Attempt BROWSER-IE Microsoft CVE- Edge CVE-2018-8629 out of 1 Browsers 2 10.06.1 Build 631 2018-8629 bounds write attempt BROWSER-IE Microsoft CVE- Edge CVE-2018-8634 buffer 1 Browsers 2 10.06.1 Build 631 2018-8634 overflow attempt BROWSER-IE Microsoft CVE- 1 Browsers 2 10.06.1 Build 631

Page 11 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Edge CVE-2019-0539 2019-0539 remote code execution BROWSER-IE Microsoft CVE- Edge CVE-2019-0541 1 Browsers 2 10.06.1 Build 631 2019-0541 remote code execution BROWSER-IE Microsoft CVE- Edge CVE-2019-0565 1 Browsers 2 10.06.1 Build 631 2019-0565 remote code execution BROWSER-IE Microsoft CVE- Edge CVE-2019-0567 1 Browsers 2 10.06.1 Build 631 2019-0565 remote code execution BROWSER-IE Microsoft Edge CVE-2019-0591 CVE- 1 Browsers 2 10.06.1 Build 631 scripting engine memory 2019-0591 corruption attempt BROWSER-IE Microsoft Edge CVE-2019-0607 CVE- 1 Browsers 2 10.06.1 Build 631 scripting engine memory 2019-0607 corruption attempt BROWSER-IE Microsoft Edge CVE-2019-0644 CVE- 1 Browsers 2 10.06.1 Build 631 scripting engine memory 2019-0644 corruption attempt BROWSER-IE Microsoft CVE- Edge CVE-2019-0645 1 Browsers 2 10.06.1 Build 631 2019-0645 memory corruption attempt BROWSER-IE Microsoft CVE- Edge CVE-2019-0648 1 Browsers 2 10.06.1 Build 631 2019-0648 Information Disclosure BROWSER-IE Microsoft Edge CVE-2019-0652 CVE- 1 Browsers 2 10.06.1 Build 631 scripting engine memory 2019-0652 corruption attempt BROWSER-IE Microsoft Edge CVE-2019-0655 CVE- 1 Browsers 2 10.06.1 Build 631 scripting engine memory 2019-0655 corruption attempt BROWSER-IE Microsoft CVE- Edge CVE-2019-0676 1 Browsers 2 10.06.1 Build 631 2019-0676 Information Disclosure BROWSER-IE Microsoft CVE- Edge CVE-2019-0926 1 Browsers 2 10.06.1 Build 631 2019-0926 Memory Corruption BROWSER-IE Microsoft CVE- Edge CVE-2019-0930 1 Browsers 2 10.06.1 Build 631 2019-0930 Information Disclosure BROWSER-IE Microsoft CVE- 1 Browsers 2 10.06.1 Build 631 Edge CVE-2019-0938 2019-0938

Page 12 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Elevation of Privilege Vulnerability BROWSER-IE Microsoft CVE- Edge CVE-2019-0940 1 Browsers 2 10.06.1 Build 631 2019-0926 Memory Corruption BROWSER-IE Microsoft CVE- Edge DomAttrModified Use- 1 Browsers 2 10.06.1 Build 631 2018-8460 After-Free BROWSER-IE Microsoft Edge EntrySimpleSlotGetter CVE- 1 Browsers 2 10.06.1 Build 631 use after free attempt CVE- 2017-0070 2017-0070 BROWSER-IE Microsoft CVE- Edge EntrySimpleSlotGetter 1 Browsers 2 10.06.1 Build 631 2017-0070 use after free attempt BROWSER-IE Microsoft CVE- Edge Media Foundation use- 1 Browsers 1 10.06.1 Build 631 2018-8251 after-free attempt BROWSER-IE Microsoft CVE- Edge OP_Memset Type 1 Browsers 2 10.06.1 Build 631 2018-8505 Confusion BROWSER-IE Microsoft Edge Scripting Engine CVE- CVE- 1 Browsers 2 10.06.1 Build 631 2019-0752 Memory 2019-0752 Corruption Vulnerability BROWSER-IE Microsoft Edge Scripting Engine CVE- CVE- 1 Browsers 2 10.06.1 Build 631 2019-0753 Memory 2019-0753 Corruption Vulnerability BROWSER-IE Microsoft Edge Scripting Engine CVE- CVE- 1 Browsers 2 10.06.1 Build 631 2019-0884 Memory 2019-0884 Corruption BROWSER-IE Microsoft Edge Scripting Engine CVE- CVE- 1 Browsers 2 10.06.1 Build 631 2019-0911 Memory 2019-0911 Corruption BROWSER-IE Microsoft Edge Scripting Engine CVE- CVE- 1 Browsers 2 10.06.1 Build 631 2019-0918 Memory 2019-0918 Corruption BROWSER-IE Microsoft CVE- Edge Scripting Engine 1 Browsers 2 10.06.1 Build 631 2018-0834 memory corruption attempt BROWSER-IE Microsoft CVE- Edge scripting engine 1 Browsers 2 10.06.1 Build 631 2018-0946 memory corruption attempt BROWSER-IE Microsoft CVE- 1 Browsers 2 10.06.1 Build 631

Page 13 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Edge scripting engine type 2018-0860 confusion attempt BROWSER-IE Microsoft CVE- Edge transform type 1 Browsers 2 10.06.1 Build 631 2018-8403 confusion attempt BROWSER-IE Microsoft Edge Type Confusion CVE- CVE- 1 Browsers 2 10.06.1 Build 631 2018-8391 Memory 2018-8391 Corruption BROWSER-IE Microsoft CVE- Edge web address spoofing 1 Browsers 2 10.06.1 Build 631 2017-0069 attempt BROWSER-IE Microsoft CVE- Edge xlink type confusion 1 Browsers 2 10.06.1 Build 631 2017-0200 memory corruption attempt BROWSER-IE Microsoft IE CVE- CVE-2016-3324 Remote 1 Browsers 1 10.06.1 Build 631 2018-3324 Code Execution Vulnerability BROWSER-IE Microsoft Internet Explorer 11 CVE- CVE- 1 Browsers 1 10.06.1 Build 631 2018-8619 VBScript 2018-8619 Execution Policy Bypass BROWSER-IE Microsoft CVE- Internet Explorer 11 JScript 1 Browsers 1 10.06.1 Build 631 2018-8267 use-after-free attempt BROWSER-IE Microsoft Internet Explorer CVE- 1 Office Tools 1 10.06.1 Build 631 ConvertStringFromUnicodeE 2016-0154 x Out Of Bounds Write BROWSER-IE Microsoft Internet Explorer CSS CVE- 1 Browsers 2 10.06.1 Build 631 padding property memory 2017-8747 corruption attempt BROWSER-IE Microsoft Internet Explorer CVE-2016- CVE- 1 Browsers 1 10.06.1 Build 631 3382 Remote Code 2016-3382 Execution Vulnerability BROWSER-IE Microsoft Internet Explorer CVE-2017- CVE- 1 Browsers 2 10.06.1 Build 631 0130 Arguments Type 2017-0130 Confusion Attempt BROWSER-IE Microsoft Internet Explorer CVE-2017- CVE- 1 Browsers 2 10.06.1 Build 631 11886 VBScript engine Use 2016-0002 After Free Attempt BROWSER-IE Microsoft CVE- Internet Explorer CVE-2017- 2017- 1 Browsers 2 10.06.1 Build 631 11888 Use After Free 11888 Attempt

Page 14 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

BROWSER-IE Microsoft CVE- Internet Explorer CVE-2017- 2017- 1 Browsers 2 10.06.1 Build 631 11903 Scripting Engine 11903 Memory Corruption Attempt BROWSER-IE Microsoft CVE- Internet Explorer CVE-2017- 2017- 1 Browsers 2 10.06.1 Build 631 11907 Array Out Of Bounds 11907 Write Attempt BROWSER-IE Microsoft CVE- Internet Explorer CVE-2017- 2017- 1 Browsers 2 10.06.1 Build 631 11911 Out Of Bounds Read 11911 Attempt BROWSER-IE Microsoft Internet Explorer CVE-2018- CVE- 1 Browsers 1 10.06.1 Build 631 0935 Use-After-Free 2018-0935 Vulnerability BROWSER-IE Microsoft Internet Explorer CVE-2018- CVE- 1 Browsers 2 10.06.1 Build 631 8345 Remote Code 2018-8345 Execution Vulnerability BROWSER-IE Microsoft CVE- Internet Explorer CVE-2018- 1 Browsers 2 10.06.1 Build 631 2018-8420 8420 MSXML Use After Free BROWSER-IE Microsoft CVE- Internet Explorer CVE-2018- 1 Browsers 2 10.06.1 Build 631 2018-8447 8447 Memory Corruption BROWSER-IE Microsoft Internet Explorer CVE-2018- CVE- 8544 VBScript Engine 1 Browsers 2 10.06.1 Build 631 2018-8544 Remote Code Execution Attempt BROWSER-IE Microsoft Internet Explorer CVE-2018- CVE- 1 Browsers 2 10.06.1 Build 631 8563 DirectX information 2018-8563 disclosure attempt BROWSER-IE Microsoft Internet Explorer CVE-2018- CVE- 1 Browsers 1 10.06.1 Build 631 8624 Chakra Engine 2018-8624 Memory Corruption BROWSER-IE Microsoft Internet Explorer CVE-2018- CVE- 1 Browsers 2 10.06.1 Build 631 8631 Jscript.Encode out-of- 2018-8631 bounds read attempt BROWSER-IE Microsoft CVE- Internet Explorer FTP 1 Browsers 2 10.06.1 Build 631 2004-1166 command injection attempt BROWSER-IE Microsoft CVE- Internet Explorer import key 1 Browsers 2 10.06.1 Build 631 2018-8491 Use-After-Free

Page 15 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

BROWSER-IE Microsoft CVE- Internet Explorer memory 1 Browsers 2 10.06.1 Build 631 2018-8461 corruption attempt BROWSER-IE Microsoft CVE- Internet Explorer use after 1 Browsers 2 10.06.1 Build 631 2018-8123 free attempt BROWSER-IE Microsoft Internet Explorer VBScript CVE- 1 Browsers 2 10.06.1 Build 631 Engine remote code 2018-8552 execution attempt BROWSER-IE Edge memory CVE- 1 Browsers 2 10.06.1 Build 631 corruption attempt CVE- 2017-8731 2018-15991 BROWSER-IE Microsoft CVE- Windows Edge memory 1 Browsers 2 10.06.1 Build 631 2017-8731 corruption attempt BROWSER-IE VBScript CVE-2017-11913 CVE- 1 Browsers 2 10.06.1 Build 631 ADODB.Connection Object 2016-3375 Use After Free Attempt BROWSER-OTHER 2001- NA 1 Browsers 1 10.06.1 Build 631 0241-1 BROWSER-OTHER Microsoft Edge CVE-2016- CVE- 1 Browsers 1 10.06.1 Build 631 3244 Remote Code 2016-3244 Execution Vulnerability BROWSER-OTHER Microsoft Edge CVE-2016- CVE- 1 Browsers 1 10.06.1 Build 631 3277 Remote Code 2016-3277 Execution Vulnerability BROWSER-OTHER Microsoft Windows Chakra CVE- 1 Office Tools 1 10.06.1 Build 631 CVE-2016-0208 Integer 2016-0208 Overflow Vulnerability BROWSER-PLUGINS Microsoft Silverlight CVE- CVE- 1 Browsers 2 10.06.1 Build 631 2016-0034 String Decoder 2016-0034 Memory Corruption BROWSER-PLUGINS CVE- Microsoft Silverlight GetChar 1 Browsers 2 10.06.1 Build 631 2016-0034 out of bounds read attempt Web c99shell.php upload NA 1 Services and 3 10.06.1 Build 631 command request Applications CVE- Cacti spikekill.php Cross- 2017- 1 Misc 2 10.06.1 Build 631 Site Scripting 12927

Page 16 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

CA Unified Infrastructure Application Management CVE- 1 and 1 10.06.1 Build 631 download_lar.jsp Directory 2016-5803 Software Traversal CGI Script a1stats Web CVE- a1disp3.cgi directory 1 Services and 2 10.06.1 Build 631 2001-0561 traversal Attempt Applications Web CVE- CGI Script agora.cgi Attempt 1 Services and 2 10.06.1 Build 631 2001-1199 Applications CGI Script AltaVista Intranet Web CVE- Search directory traversal 1 Services and 2 10.06.1 Build 631 2000-0039 Attempt Applications Web CGI Script anaconda CVE- 1 Services and 2 10.06.1 Build 631 directory transversal Attempt 2000-0975 Applications CGI Script Armada Style Web CVE- Master Index directory 1 Services and 2 10.06.1 Build 631 2000-0924 traversal Applications CGI Script cached_feed.cgi Web CVE- moreover shopping cart 1 Services and 2 10.06.1 Build 631 2000-0906 directory traversal Applications CGI Script Web CVE- calendar_admin.pl arbitrary 1 Services and 2 10.06.1 Build 631 2000-0432 command execution Attempt Applications Web CGI Script commerce.cgi CVE- 1 Services and 2 10.06.1 Build 631 arbitrary file access Attempt 2001-0210 Applications CGI Script csSearch.cgi Web CVE- arbitrary command execution 1 Services and 2 10.06.1 Build 631 2002-0495 Attempt Applications Web CGI Script dcforum.cgi CVE- 1 Services and 2 10.06.1 Build 631 directory traversal Attempt 2001-0436 Applications Web CGI Script eshop.pl arbitrary CVE- 1 Services and 2 10.06.1 Build 631 commane execution Attempt 2001-1014 Applications Web CGI Script eXtropia CVE- 1 Services and 2 10.06.1 Build 631 webstore directory traversal 2000-1005 Applications Web CGI Script htmlscript CVE- 1 Services and 2 10.06.1 Build 631 Attempt 1999-0264 Applications Web CVE- CGI Script htsearch Access 1 Services and 2 10.06.1 Build 631 2000-0208 Applications CGI Script htsearch arbitrary CVE- 1 Web 2 10.06.1 Build 631

Page 17 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

configuration file Attempt 2000-0208 Services and Applications CGI Script HyperSeek Web CVE- hsx.cgi directory traversal 1 Services and 2 10.06.1 Build 631 2001-0253 Attempt Applications Web CGI Script loadpage.cgi CVE- 1 Services and 2 10.06.1 Build 631 directory traversal Attempt 2000-1092 Applications Application CGI Script mrtg.cgi directory CVE- 1 and 2 10.06.1 Build 631 traversal Attempt 2002-0232 Software Web CGI Script pals-cgi arbitrary CVE- 1 Services and 2 10.06.1 Build 631 file access Attempt 2001-0217 Applications Application CGI Script phf arbitrary CVE- 1 and 2 10.06.1 Build 631 command execution Attempt 1999-0067 Software Web CGI Script SGI InfoSearch CVE- 1 Services and 2 10.06.1 Build 631 fname Attempt 2000-0207 Applications Web CGI Script shopping cart CVE- 1 Services and 2 10.06.1 Build 631 directory traversal 2000-0921 Applications Web CGI Script sojourn.cgi File CVE- 1 Services and 2 10.06.1 Build 631 Attempt 2000-0180 Applications Web CGI Script store.cgi directory CVE- 1 Services and 2 10.06.1 Build 631 traversal Attempt 2001-0305 Applications CGI Script technote main.cgi Web CVE- file directory traversal 1 Services and 2 10.06.1 Build 631 2001-0075 Attempt Applications Web CGI Script ttawebtop.cgi CVE- 1 Services and 2 10.06.1 Build 631 arbitrary file Attempt 2001-0805 Applications Web CGI Script view-source CVE- 1 Services and 2 10.06.1 Build 631 directory traversal 1999-0174 Applications Application CGI Script webdist.cgi CVE- 1 and 2 10.06.1 Build 631 arbitrary command Attempt 1999-0039 Software Web CGI Script webplus version CVE- 1 Services and 2 10.06.1 Build 631 Access 2000-0282 Applications Web CGI Script Web Shopper CVE- 1 Services and 2 10.06.1 Build 631 shopper.cgi Access 2000-0922 Applications

Page 18 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Web CGI Script Web Shopper CVE- 1 Services and 2 10.06.1 Build 631 shopper.cgi Attempt 2000-0922 Applications Web CGI Script webspirs.cgi CVE- 1 Services and 2 10.06.1 Build 631 directory traversal Attempt 2001-0211 Applications CGI Script whois_raw.cgi Web CVE- arbitrary command execution 1 Services and 2 10.06.1 Build 631 1999-1063 Attempt Applications Web CVE- CGI Script zml.cgi Attempt 1 Services and 2 10.06.1 Build 631 2001-1209 Applications Cisco Adaptive Security CVE- Appliance IKEv1 and IKEv2 1 Misc 1 10.06.1 Build 631 2016-1287 Heap Buffer Overflow Cisco Adaptive Security Web CVE- Appliance SNMP Buffer 1 Services and 1 10.06.1 Build 631 2016-6366 Overflow Applications Cisco ASA 5500 Series VoIP and Appliance Remote SIP CVE- 1 Instant 2 10.06.1 Build 631 Inspection Device Reload 2010-0569 Messaging DoS Cisco License Manager CVE- Web Server ReportCSV Directory 2017- 1 Services and 1 10.06.1 Build 631 Traversal 12263 Applications Cisco Prime Collaboration Provisioning Web CVE- licensestatus.jsp Arbitrary 1 Services and 2 10.06.1 Build 631 2017-6635 File Deletion (Decrypted Applications Traffic) Cisco Prime Collaboration Provisioning Web CVE- logconfigtracer.jsp Arbitrary 1 Services and 1 10.06.1 Build 631 2017-6637 File Deletion (Decrypted Applications Traffic) Cisco Prime Collaboration Web Provisioning CVE- 1 Services and 2 10.06.1 Build 631 logconfigtracer.jsp Directory 2017-6621 Applications Traversal (Decrypted Traffic) Cisco Prime Collaboration Web Provisioning ScriptMgr CVE- 1 Services and 1 10.06.1 Build 631 Authentication Bypass 2017-6622 Applications (Decrypted Traffic) Cisco Prime Data Center Application Network Manager CVE- 1 and 2 10.06.1 Build 631 FileUploadServlet Arbitrary 2013-5486 Software File Upload Cisco Prime Infrastructure CVE- Web 1 2 10.06.1 Build 631 and EPNM 2017-6662 Services and

Page 19 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

DashboardRenderer XML Applications External Entity Injection (Decrypted Traffic) Cisco Prime Infrastructure Web and EPNM Deserialization CVE- 1 Services and 1 10.06.1 Build 631 Code Execution (Decrypted 2016-1291 Applications Traffic) Cisco Prime Infrastructure Application CVE- and EPNM Deserialization 1 and 1 10.06.1 Build 631 2016-1291 Code Execution Software Cisco Prime Infrastructure Web CVE- and EPNM Deserialization 1 Services and 1 10.06.1 Build 631 2016-1291 Code Execution Applications Cisco Prime Infrastructure and EPNM Web CVE- ImportJobResults.jsp Cross 1 Services and 1 10.06.1 Build 631 2017-6699 Site Scripting (Decrypted Applications Traffic) Corosync Cluster Engine CVE- totemcrypto.c Integer 1 Misc 3 10.06.1 Build 631 2018-1084 Overflow Malware CryptoLocker Download NA 1 Communicati 1 10.06.1 Build 631 on Malware CryptoLocker Ransomware NA 1 Communicati 1 10.06.1 Build 631 on Dell EMC Storage Manager EmConfigMigration Servlet CVE- Web Directory 2017- 1 Services and 1 10.06.1 Build 631 Traversal(Decrypted Traffic) 14384 Applications CVE-2017-14384 Dell EMC VMAX Virtual Web CVE- Appliance Manager Directory 1 Services and 2 10.06.1 Build 631 2018-1215 Traversal (Decrypted Traffic) Applications Dell SonicWALL GMS- Web Analyzer license.jsp NA 1 Services and 1 10.06.1 Build 631 Information Disclosure Applications Dell SonicWALL Universal Web Management Suite NA 1 Services and 1 10.06.1 Build 631 ImagePreviewServlet SQL Applications Injection Dell Storage Manager CVE- Web EmWebsiteServlet Directory 2017- 1 Services and 1 10.06.1 Build 631 Traversal (Decrypted Traffic) 10949 Applications Diasoft File Replication Pro Application ExecCommand Command NA 1 and 2 10.06.1 Build 631 Execution Software

Page 20 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Digium Asterisk app_minivm CVE- Caller-ID Command 2017- 1 Misc 2 10.06.1 Build 631 Execution 14100 Digium Asterisk CDR CVE- ast_cdr_setuserfield Buffer 1 Misc 1 10.06.1 Build 631 2017-7617 Overflow Digium Asterisk chan_skinny Web SCCP packet Denial of NA 1 Services and 1 10.06.1 Build 631 Service Applications Digium Asterisk Oversized VoIP and CVE- Content-Length Memory 1 Instant 2 10.06.1 Build 631 2012-5976 Corruption Messaging Digium Asterisk PJSIP VoIP and Channel Driver REGISTER NA 1 Instant 1 10.06.1 Build 631 Denial of Service Messaging Digium Asterisk PJSIP CVE- Contact Header Denial of 2017- 1 Misc 1 10.06.1 Build 631 Service 17850 Digium Asterisk Application res_pjsip_pubsub Out-of- CVE- 1 and 3 10.06.1 Build 631 Bounds Write CVE-2018- 2018-7284 Software 7284 Web Digium Asterisk SIP CSeq NA 1 Services and 1 10.06.1 Build 631 Heap Buffer Overflow Applications Digium Asterisk WebSocket VoIP and CVE- Frame Empty Payload 1 Instant 2 10.06.1 Build 631 2018-7287 Denial of Service Messaging Disk Pulse Enterprise Server Application HttpParser Buffer Overflow NA 1 and 1 10.06.1 Build 631 (Published Exploit) Software DNS isc.org DDoS NA 1 DNS 2 10.06.1 Build 631 CVE- DNSmasq DHCPv6 Stack 2017- 1 Misc 1 10.06.1 Build 631 Buffer Overflow 14493 CVE- DNSmasq icmp6_packet 2017- 1 DNS 1 10.06.1 Build 631 Heap Buffer Overflow 14492 CVE- DNS zone transfer UDP 1 DNS 2 10.06.1 Build 631 1999-0532 Dovecot CVE- rfc822_parse_domain Out of 2017- 1 Misc 2 10.06.1 Build 631 Bounds Read 14461 Dovecot SASL Web CVE- Authentication Component 1 Services and 2 10.06.1 Build 631 2016-8652 Denial of Service Applications Drupal Coder Module NA 1 Application 1 10.06.1 Build 631

Page 21 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

coder_upgrade.run.php and Remote Code Execution Software Drupal Core Form Web CVE- Rendering Remote Code 1 Services and 2 10.06.1 Build 631 2018-7600 Execution Applications Drupal Core Form Web CVE- Rendering Remote Code 1 Services and 2 10.06.1 Build 631 2018-7602 Execution Applications EFS Software Easy File Web Sharing Web Server NA 1 Services and 1 10.06.1 Build 631 sendemail.ghp Stack Buffer Applications Overflow EFS Software Easy File Sharing Web Server NA 1 Misc 2 10.06.1 Build 631 vfolder.ghp Stack Buffer Overflow Elastic Elasticsearch Web CVE- Snapshot API Directory 1 Services and 2 10.06.1 Build 631 2015-5531 Traversal Applications Elastic Elasticsearch CVE- ThrowableObjectInputStrea 1 Misc 2 10.06.1 Build 631 2015-5377 m Insecure Deserialization Electron CVE- setAsDefaultProtocolClient 2018- 1 Misc 1 10.06.1 Build 631 Command Injection 1000006 EmbedThis GoAhead Web CVE- Server CGI Remote Code 2017- 1 Misc 1 10.06.1 Build 631 Execution CVE-2017-17562 17562 EMC Data Protection Web Advisor Application Service CVE- 1 Services and 1 10.06.1 Build 631 Static Credentials 2017-8013 Applications Authentication Bypass EMC VMAX3 VASA Provider Web UploadConfigurator CVE- 1 Services and 1 10.06.1 Build 631 Directory Traversal 2017-4997 Applications (Decrypted Traffic) ESF pfSense Web squid_clwarn.php Cross Site NA 1 Services and 3 10.06.1 Build 631 Scripting Applications ESF pfSense Web status_rrd_graph_img.php NA 1 Services and 1 10.06.1 Build 631 Command Injection Applications ESF pfSense Web system_groupmanager.php NA 1 Services and 2 10.06.1 Build 631 Command Injection Applications ET EXPLOIT Possible Malware DOUBLEPULSAR Beacon NA 1 Communicati 1 10.06.1 Build 631 Response on

Page 22 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Malware ET EXPLOIT Possible NA 1 Communicati 1 10.06.1 Build 631 ECLIPSEDWING MS08-067 on ET EXPLOIT Possible Malware ECLIPSEDWING NA 1 Communicati 1 10.06.1 Build 631 RPCTOUCH MS08-067 on ET EXPLOIT Possible Malware ETERNALBLUE MS17-010 NA 1 Communicati 1 10.06.1 Build 631 Echo Request (set) on ET EXPLOIT Possible Malware ETERNALBLUE MS17-010 NA 1 Communicati 1 10.06.1 Build 631 Echo Response on ET EXPLOIT Possible Malware ETERNALCHAMPION NA 1 Communicati 1 10.06.1 Build 631 MS17-010 Sync Request on (set) ET EXPLOIT Possible Malware ETERNALCHAMPION NA 1 Communicati 1 10.06.1 Build 631 MS17-010 Sync Response on ET EXPLOIT Possible Malware ETERNALROMANCE NA 1 Communicati 1 10.06.1 Build 631 MS17-010 on ET EXPLOIT Possible Successful Malware ETERNALROMANCE NA 1 Communicati 1 10.06.1 Build 631 MS17-010 - Windows on Executable Observed Malware ET TROJAN Possible NA 1 Communicati 1 10.06.1 Build 631 WannaCry DNS Lookup II on ET TROJAN Possible Malware WannaCry DNS Lookup kill- NA 1 Communicati 1 10.06.1 Build 631 switch.a on ET TROJAN Possible Malware WannaCry DNS Lookup kill- NA 1 Communicati 1 10.06.1 Build 631 switch.b on ET TROJAN Possible Malware WannaCry DNS Lookup kill- NA 1 Communicati 1 10.06.1 Build 631 switch.c on Malware ET TROJAN Possible NA 1 Communicati 1 10.06.1 Build 631 WannaCry DNS Lookup on ET TROJAN Malware Win32/Hilgild!gen.A CnC NA 1 Communicati 1 10.06.1 Build 631 Communication on CVE- Exim BDAT Denial of 2017- 1 Misc 1 10.06.1 Build 631 Service CVE-2017-16944 16944

Page 23 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

VoIP and EXPLOIT EXPLOIT SIP CVE- 1 Instant 2 10.06.1 Build 631 UDP spoof attempt 2005-2182 Messaging VoIP and EXPLOIT SIP UDP CVE- 1 Instant 2 10.06.1 Build 631 Softphone overflow attempt 2006-0189 Messaging Fatek Automation PLC Industrial CVE- WinProladder Stack Buffer 1 Control 3 10.06.1 Build 631 2016-8377 Overflow System FFmpeg mov_read_keys CVE- 1 Misc 1 10.06.1 Build 631 Integer Overflow 2016-5199 FILE-FLASH Adobe Acrobat CVE- Flash Player version.dll dll- 1 Multimedia 1 10.06.1 Build 631 2012-0756 load exploit attempt FILE-FLASH Adobe Flash CVE- CVE-2018-4934 Access 1 Multimedia 2 10.06.1 Build 631 2018-4934 Violation Vulnerability FILE-FLASH Adobe Flash CVE- Player AVM type confusion 2018- 1 Multimedia 2 10.06.1 Build 631 attempt 15981 FILE-FLASH Adobe Flash CVE- Player ClbCatQ.dll dll-load 1 Multimedia 1 10.06.1 Build 631 2016-1014 exploit attempt FILE-FLASH Adobe Flash CVE- Player custom toString 1 Multimedia 2 10.06.1 Build 631 2017-3075 function attempt FILE-FLASH Adobe Flash CVE- Player CVE-2018-12824 2018- 1 Multimedia 2 10.06.1 Build 631 Information Disclosure 12827 Vulnerability FILE-FLASH Adobe Flash CVE- Player CVE-2018-12826 2018- 1 Multimedia 2 10.06.1 Build 631 Information Disclosure 12826 Vulnerability FILE-FLASH Adobe Flash CVE- Player CVE-2018-15982 2018- 1 Multimedia 2 10.06.1 Build 631 Arbitrary Code Injection 15982 Vulnerability FILE-FLASH Adobe Flash CVE- Player CVE-2018-2848 Use 1 Multimedia 1 10.06.1 Build 631 2018-4878 After Free II FILE-FLASH Adobe Flash CVE- Player CVE-2018-2848 Use 1 Multimedia 1 10.06.1 Build 631 2018-4878 After Free I FILE-FLASH Adobe Flash CVE- Player CVE-2018-4919 Use- 1 Misc 1 10.06.1 Build 631 2018-4919 After-Free Vulnerability

Page 24 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

FILE-FLASH Adobe Flash CVE- Player CVE-2018-4920 Use- 1 Misc 1 10.06.1 Build 631 2018-4920 After-Free Vulnerability FILE-FLASH Adobe Flash CVE- Player CVE-2018-5000 1 Multimedia 1 10.06.1 Build 631 2018-5000 Memory Address Disclosure FILE-FLASH Adobe Flash CVE- Player HNetCfg.dll dll-load 1 Multimedia 1 10.06.1 Build 631 2016-1014 exploit attempt FILE-FLASH Adobe Flash CVE- Player malformed ATF buffer 1 Multimedia 2 10.06.1 Build 631 2018-4871 overflow attempt FILE-FLASH Adobe Flash CVE- Player MSIMG32.dll dll-load 1 Multimedia 2 10.06.1 Build 631 2016-4116 exploit attempt FILE-FLASH Adobe Flash CVE- Player out of bounds read 2018- 1 Multimedia 2 10.06.1 Build 631 attempt 15978 FILE-FLASH Adobe Flash CVE- Player out of bounds write 1 Multimedia 1 10.06.1 Build 631 2018-5002 attempt FILE-FLASH Adobe Flash CVE- Player RASMan.dll dll-load 1 Multimedia 1 10.06.1 Build 631 2016-1014 exploit attempt FILE-FLASH Adobe Flash CVE- Player setupapi.dll dll-load 1 Multimedia 1 10.06.1 Build 631 2016-1014 exploit attempt FILE-IDENTIFY Adobe Operating Director Movie file NA 1 System and 1 10.06.1 Build 631 attachment detected Services FILE-IDENTIFY Adobe Application Flash Player embedded NA 1 and 4 10.06.1 Build 631 compact font detected Software FILE-IDENTIFY Adobe LZMA compressed Flash file NA 1 Multimedia 4 10.06.1 Build 631 attachment detected FILE-IDENTIFY Adobe Shockwave Flash file NA 1 Multimedia 4 10.06.1 Build 631 attachment detected FILE-IDENTIFY Adobe Application Shockwave Flash file NA 1 and 4 10.06.1 Build 631 download request Software Operating FILE-IDENTIFY CSV file NA 1 System and 1 10.06.1 Build 631 attachment detected Services FILE-IDENTIFY CSV file CVE- Application 1 4 10.06.1 Build 631 download request 2008-0112 and

Page 25 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Software Application FILE-IDENTIFY EMF file NA 1 and 4 10.06.1 Build 631 magic detected Software FILE-IDENTIFY FLV file NA 1 Multimedia 4 10.06.1 Build 631 attachment detected Application FILE-IDENTIFY JPEG file NA 1 and 4 10.06.1 Build 631 download request Software FILE-IDENTIFY JPG file NA 1 Multimedia 4 10.06.1 Build 631 attachment detected FILE-IDENTIFY Microsoft Operating Office Excel file attachment NA 1 System and 1 10.06.1 Build 631 detected Services FILE-IDENTIFY Microsoft Application Office Excel file download NA 1 and 2 10.06.1 Build 631 request Software FILE-IDENTIFY Microsoft Application Office Excel file download NA 1 and 4 10.06.1 Build 631 request Software FILE-IDENTIFY Microsoft Operating Office Excel xlw file NA 1 System and 1 10.06.1 Build 631 attachment detected Services FILE-IDENTIFY Microsoft Application Office Excel xlw file magic NA 1 and 4 10.06.1 Build 631 detected Software FILE-IDENTIFY Microsoft Application CVE- SYmbolic LinK file download 1 and 4 10.06.1 Build 631 2008-0112 request Software FILE-IDENTIFY Microsoft Application CVE- SYmbolic LinK file magic 1 and 4 10.06.1 Build 631 2008-0112 detected Software FILE-IDENTIFY Microsoft Application Windows EMF metafile file NA 1 and 4 10.06.1 Build 631 attachment detected Software FILE-IDENTIFY Microsoft Windows EMF metafile file NA 1 Misc 1 10.06.1 Build 631 attachment detected Application FILE-IDENTIFY MOV file NA 1 and 4 10.06.1 Build 631 magic detected Software FILE-IDENTIFY MP4 file NA 1 Multimedia 4 10.06.1 Build 631 attachment detected FILE-IDENTIFY PDF file NA 1 Multimedia 4 10.06.1 Build 631 attachment detected FILE-IDENTIFY PDF file NA 1 Application 4 10.06.1 Build 631

Page 26 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

download request and Software FILE-IDENTIFY QuickDraw/PICT file NA 1 Office Tools 1 10.06.1 Build 631 attachment detected FILE-IDENTIFY TIFF file NA 1 Multimedia 4 10.06.1 Build 631 attachment detected Application FILE-IDENTIFY XPS file NA 1 and 4 10.06.1 Build 631 attachment detected Software FILE-IDENTIFY XPS file NA 1 Misc 1 10.06.1 Build 631 attachment detected Application FILE-IDENTIFY XPS file NA 1 and 4 10.06.1 Build 631 download request Software FILE-IMAGE Acrobat Application Reader CVE-2018-5058 CVE- 1 and 1 10.06.1 Build 631 Information Disclosure 2018-5058 Software Vulnerability FILE-IMAGE Adobe Acrobat CVE- Pro CVE-2017-16381 2017- 1 Office Tools 2 10.06.1 Build 631 SampleFormat heap 16381 overflow attempt FILE-IMAGE Adobe Acrobat CVE- Application Pro CVE-2017-16396 2017- 1 and 2 10.06.1 Build 631 malformed TIFF memory 11234 Software corruption attempt FILE-IMAGE Adobe Acrobat CVE- Application Pro CVE-2018-12843 EMF 2018- 1 and 2 10.06.1 Build 631 Out Of Bounds Read 12843 Software FILE-IMAGE Adobe Acrobat CVE- Application Pro EMF+ GIF CVE-2018- 2018- 1 and 2 10.06.1 Build 631 12834 Parsing Out Of 12834 Software Bounds Read FILE-IMAGE Adobe Acrobat CVE- Application Pro malformed TIFF memory 2017- 1 and 2 10.06.1 Build 631 corruption attempt 16413 Software FILE-IMAGE Adobe Reader Application CVE- CVE-2018-5029 Out Of 1 and 2 10.06.1 Build 631 2018-5029 Bounds Read Software FILE-MULTIMEDIA GD Library CVE-2016-3074 libgd CVE- 1 Multimedia 1 10.06.1 Build 631 gd_gd2.c Heap Buffer 2016-3074 Overflow FILE-MULTIMEDIA Microsoft Windows CVE- CVE- 1 Multimedia 2 10.06.1 Build 631 2007-3034 wmf file arbitrary 2005-4560 code execution attempt

Page 27 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

FILE-MULTIMEDIA Microsoft Windows wmf file CVE- 1 Multimedia 2 10.06.1 Build 631 arbitrary code execution 2005-4560 attempt FILE-OFFICE Microsoft CVE- CVE-2016-7230 PowerPoint 1 Office Tools 1 10.06.1 Build 631 2016-7230 ntdll Out Of Bounds Read FILE-OFFICE Microsoft CVE- Excel remote code execution 1 Office Tools 2 10.06.1 Build 631 2018-8147 attempt FILE-OFFICE Microsoft CVE- Excel remote code execution 1 Office Tools 2 10.06.1 Build 631 2018-8148 attempt FILE-OFFICE Microsoft Internet Explorer CVE-2018- CVE- 1 Office Tools 2 10.06.1 Build 631 8414 Remote Code 2018-8414 Execution Vulnerability FILE-OFFICE Microsoft CVE- Office CVE-2018-0922 Use- 1 Office Tools 1 10.06.1 Build 631 2018-0922 After-Free FILE-OFFICE Microsoft CVE- Office CVE-2018-8628 Use 1 Office Tools 2 10.06.1 Build 631 2018-8628 After Free FILE-OFFICE Microsoft Office dde field code NA 1 Office Tools 1 10.06.1 Build 631 execution attempt FILE-OFFICE Microsoft CVE- Office Excel BOF memory 1 Office Tools 3 10.06.1 Build 631 2018-8162 disclosure attempt FILE-OFFICE Microsoft Office Excel CVE-2016-3381 CVE- 1 Office Tools 1 10.06.1 Build 631 Remote Code Execution 2016-3381 Vulnerability FILE-OFFICE Microsoft CVE- Office Word PrcData Out Of 1 Office Tools 1 10.06.1 Build 631 2016-7232 Bounds Read FILE-OFFICE Microsoft CVE- Office Word wwlib Out Of 1 Office Tools 1 10.06.1 Build 631 2016-7233 Bounds Read FILE-OFFICE Microsoft CVE- Office Word wwlib Out Of 1 Office Tools 1 10.06.1 Build 631 2016-7235 Bounds Read FILE-OFFICE Microsoft CVE- Outlook CVE-2016-0204 1 Office Tools 1 10.06.1 Build 631 2016-0204 Security Bypass Vulnerability FILE-OFFICE Microsoft CVE- PowerPoint slide show type 1 Office Tools 2 10.06.1 Build 631 2018-8376 confusion attempt

Page 28 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

FILE-OFFICE Microsoft Windows 10 Word CVE- CVE- 1 Office Tools 1 10.06.1 Build 631 2016-0053 Remote Code 2016- Execution Vulnerability FILE-OFFICE Microsoft Word CVE-2018-0797 CVE- 1 Office Tools 2 10.06.1 Build 631 Memory Corruption Exploit 2018-0797 Attempt FILE-OFFICE MS XML CVE- CVE-2019-0793 Remote 1 Office Tools 2 10.06.1 Build 631 2019-0793 Code Execution Vulnerability FILE-OTHER Acrobat CVE- Application Reader CVE-2018-12833 2018- 1 and 2 10.06.1 Build 631 Information Disclosure 12833 Software Vulnerability FILE-OTHER Acrobat CVE- Application Reader CVE-2018-12838 2018- 1 and 2 10.06.1 Build 631 Information Disclosure 12838 Software Vulnerability FILE-OTHER Acrobat CVE- Application Reader CVE-2018-12845 2018- 1 and 2 10.06.1 Build 631 Information Disclosure 12845 Software Vulnerability FILE-OTHER Acrobat CVE- Application Reader CVE-2018-15948 2018- 1 and 2 10.06.1 Build 631 Information Disclosure 15948 Software Vulnerability FILE-OTHER Acrobat Application Reader CVE-2018-5062 CVE- 1 and 1 10.06.1 Build 631 Information Disclosure 2018-5062 Software Vulnerability FILE-OTHER Acrobat Application Reader CVE-2018-5067 CVE- 1 and 1 10.06.1 Build 631 Information Disclosure 2018-5067 Software Vulnerability FILE-OTHER Adobe Acrobat CVE-2017-16395 EMF CVE- 1 Office Tools 2 10.06.1 Build 631 conversion heap buffer 2014-0529 overflow attempt FILE-OTHER Adobe Acrobat CVE- Application CVE-2018-15934 Out Of 2018- 1 and 2 10.06.1 Build 631 Bounds Read 15934 Software FILE-OTHER Adobe Acrobat CVE- Application EMF out-of-bounds read 2018- 1 and 2 10.06.1 Build 631 attempt 16022 Software FILE-OTHER Adobe Acrobat CVE- Application EMFPlus out of bounds 2017- 1 and 1 10.06.1 Build 631 buffer overflow attempt 16404 Software FILE-OTHER Adobe Acrobat CVE- 1 Application 2 10.06.1 Build 631

Page 29 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

HTML invalid pointer CVE- 2018- and 2018-12778 Out-Of-Bounds 12778 Software Read FILE-OTHER Adobe Acrobat CVE- ImageConversion EMF 2017- 1 Office Tools 2 10.06.1 Build 631 EMR_STRETCHDIBITS 16397 Heap-based Buffer Overflow FILE-OTHER Adobe Acrobat CVE- Application Pro EMF Alphablend 2018- 1 and 2 10.06.1 Build 631 memory corruption attempt 12789 Software FILE-OTHER Adobe Acrobat CVE- Application Pro EMF Alphablend 2018- 1 and 1 10.06.1 Build 631 Memory Corruption 15935 Software Vulnerability FILE-OTHER Adobe Acrobat CVE- Application Pro U3D CVE-2018-15952 2018- 1 and 2 10.06.1 Build 631 IFF Out Of Bounds Read 15952 Software FILE-OTHER Adobe Acrobat CVE- Application Pro XPS file embedded 2017- 1 and 2 10.06.1 Build 631 JPEG invalid SOS data 16412 Software memory corruption attempt FILE-OTHER Adobe Acrobat CVE- Application Pro XPS out of bounds read 2017- 1 and 2 10.06.1 Build 631 attempt 16418 Software FILE-OTHER Adobe Acrobat CVE- RARfsClientNP.dll dll-load 1 Multimedia 1 10.06.1 Build 631 2017-3013 exploit attempt FILE-OTHER BitDefender Application CVE- Internet Security script code 1 and 2 10.06.1 Build 631 2009-0850 execution attempt Software FILE-OTHER BitDefender Application CVE- Internet Security script code 1 and 2 10.06.1 Build 631 2009-0850 execution Software FILE-OTHER Microsoft CVE- Application Graphics CVE-2017-11763 2017- 1 and 1 10.06.1 Build 631 Remote Code Execution 11763 Software Attempt FILE-OTHER Microsoft Jet Application CVE- 4.0 CVE-2016-0250 Access 1 and 1 10.06.1 Build 631 2016-0250 Violation Vulnerability Software FILE-OTHER Microsoft CVE- Office OneNote 2007 dll-load 1 Office Tools 1 10.06.1 Build 631 2017-0197 exploit attempt FILE-OTHER Microsoft Application CVE- wimgapi LoadIntegrityInfo 1 and 1 10.06.1 Build 631 2018-8210 heap buffer overflow attempt Software FILE-OTHER Microsoft CVE- Application 1 2 10.06.1 Build 631 Windows 2018-8413 and

Page 30 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Malformed .themepack Software Theme API Remote Code Execution FILE-OTHER Multiple CVE- products dwmapi.dll dll-load 1 Office Tools 2 10.06.1 Build 631 2010-3127 exploit attempt FILE-PDF Acrobat Reader CVE- Application CVE-2018-12754 2018- 1 and 1 10.06.1 Build 631 Information Disclosure 12754 Software Vulnerability FILE-PDF Acrobat Reader CVE- Application CVE-2018-12756 2018- 1 and 1 10.06.1 Build 631 Information Disclosure 12756 Software Vulnerability FILE-PDF Acrobat Reader CVE- Application CVE-2018-12757 2018- 1 and 1 10.06.1 Build 631 Information Disclosure 12757 Software Vulnerability FILE-PDF Acrobat Reader CVE- Application CVE-2018-12758 2018- 1 and 1 10.06.1 Build 631 Information Disclosure 12758 Software Vulnerability FILE-PDF Acrobat Reader CVE- Application CVE-2018-12760 2018- 1 and 1 10.06.1 Build 631 Information Disclosure 12760 Software Vulnerability FILE-PDF Acrobat Reader CVE- Application CVE-2018-12761 2018- 1 and 1 10.06.1 Build 631 Information Disclosure 12761 Software Vulnerability FILE-PDF Acrobat Reader CVE- Application CVE-2018-12764 2018- 1 and 1 10.06.1 Build 631 Information Disclosure 12764 Software Vulnerability FILE-PDF Acrobat Reader CVE- Application CVE-2018-12765 2018- 1 and 1 10.06.1 Build 631 Information Disclosure 12765 Software Vulnerability FILE-PDF Acrobat Reader CVE- Application CVE-2018-12766 2018- 1 and 1 10.06.1 Build 631 Information Disclosure 12766 Software Vulnerability FILE-PDF Acrobat Reader CVE- Application CVE-2018-12767 2018- 1 and 1 10.06.1 Build 631 Information Disclosure 12767 Software Vulnerability FILE-PDF Acrobat Reader CVE- Application CVE-2018-12768 2018- 1 and 1 10.06.1 Build 631 Information Disclosure 12768 Software

Page 31 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Vulnerability FILE-PDF Acrobat Reader CVE- Application CVE-2018-12770 Remote 2018- 1 and 1 10.06.1 Build 631 Code Execution Vulnerability 12770 Software FILE-PDF Acrobat Reader CVE- Application CVE-2018-12771 Remote 2018- 1 and 1 10.06.1 Build 631 Code Execution Vulnerability 12771 Software FILE-PDF Acrobat Reader CVE- Application CVE-2018-12772 Remote 2018- 1 and 1 10.06.1 Build 631 Code Execution Vulnerability 12772 Software FILE-PDF Acrobat Reader CVE- Application CVE-2018-12773 Use-After- 2018- 1 and 1 10.06.1 Build 631 Free Vulnerability 12773 Software FILE-PDF Acrobat Reader CVE- Application CVE-2018-12774 2018- 1 and 1 10.06.1 Build 631 Information Disclosure 12774 Software Vulnerability FILE-PDF Acrobat Reader CVE- Application CVE-2018-12776 Use-After- 2018- 1 and 1 10.06.1 Build 631 Free Vulnerability 12776 Software FILE-PDF Acrobat Reader CVE- Application CVE-2018-12852 Use-After- 2018- 1 and 2 10.06.1 Build 631 Free Vulnerability 12852 Software FILE-PDF Acrobat Reader CVE- Application CVE-2018-15924 Use-After 2018- 1 and 2 10.06.1 Build 631 Free Vulnerability 15924 Software FILE-PDF Acrobat Reader Application CVE- CVE-2018-5050 Information 1 and 1 10.06.1 Build 631 2018-5050 Disclosure Vulnerability Software FILE-PDF Acrobat Reader Application CVE- CVE-2018-5054 Information 1 and 1 10.06.1 Build 631 2018-5054 Disclosure Vulnerability Software FILE-PDF Acrobat Reader Application CVE- CVE-2018-5056 Information 1 and 1 10.06.1 Build 631 2018-5056 Disclosure Vulnerability Software FILE-PDF Acrobat Reader Application CVE- CVE-2018-5057 Information 1 and 1 10.06.1 Build 631 2018-5057 Disclosure Vulnerability Software FILE-PDF Acrobat Reader Application CVE- CVE-2018-5063 Information 1 and 1 10.06.1 Build 631 2018-5063 Disclosure Vulnerability Software FILE-PDF Acrobat Reader Application CVE- CVE-2018-5064 Information 1 and 1 10.06.1 Build 631 2018-5064 Disclosure Vulnerability Software FILE-PDF Acrobat Reader Application CVE- CVE-2018-5065 Information 1 and 1 10.06.1 Build 631 2018-5065 Disclosure Vulnerability Software

Page 32 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

FILE-PDF Acrobat Reader Application CVE- CVE-2018-5066 Information 1 and 1 10.06.1 Build 631 2018-5066 Disclosure Vulnerability Software FILE-PDF Acrobat Reader Application CVE- CVE-2018-5069 Information 1 and 1 10.06.1 Build 631 2018-5069 Disclosure Vulnerability Software FILE-PDF Acrobat Reader Application CVE- CVE-2018-5070 Information 1 and 1 10.06.1 Build 631 2018-5070 Disclosure Vulnerability Software FILE-PDF Adobe Acrobat CVE- Application and Reader CVE-2018- 2018- 1 and 3 10.06.1 Build 631 12790 JPEG2000 Parsing 12790 Software Out of Bounds Read FILE-PDF Adobe Acrobat CVE- Application Pro CVE-2018-12847 heap 2018- 1 and 2 10.06.1 Build 631 overflow attempt 12847 Software FILE-PDF Adobe Acrobat CVE- Application Pro U3D IFF out of bounds 2018- 1 and 2 10.06.1 Build 631 read attempt 15930 Software FILE-PDF Adobe Acrobat Application CVE- Reader CVE-2018-4947 1 and 2 10.06.1 Build 631 2018-4947 Heap Overflow Attempt Software FILE-PDF Adobe Acrobat Application CVE- Reader CVE-2018-4948 1 and 2 10.06.1 Build 631 2018-4948 Heap Overflow Attempt Software FILE-PDF Adobe Acrobat Application CVE- Reader CVE-2018-4950 1 and 2 10.06.1 Build 631 2018-4950 Overflow Attempt Software FILE-PDF Adobe Acrobat Application CVE- Reader CVE-2018-4953 1 and 2 10.06.1 Build 631 2018-4953 Overflow Attempt Software FILE-PDF Adobe Acrobat Application CVE- Reader CVE-2018-4969 1 and 2 10.06.1 Build 631 2018-4969 Overflow Attempt Software FILE-PDF Adobe Acrobat Application CVE- Reader field flags exploit 1 and 2 10.06.1 Build 631 2011-0589 attempt Software FILE-PDF Adobe Acrobat CVE- Application Reader U3D CVE-2018- 2018- 1 and 3 10.06.1 Build 631 15953 Information 15953 Software Disclosure FILE-PDF Adobe Acrobat Application CVE- Reader xfa subform use 1 and 2 10.06.1 Build 631 2017-2951 after free attempt Software FILE-PDF Adobe Acrobat CVE- Application Reader XLST CVE-2018- 2018- 1 and 2 10.06.1 Build 631 12853 Parsing Engine Use 12853 Software After Free

Page 33 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

FILE-PDF Adobe Reader CVE- Application CVE-2018-12799 2018- 1 and 2 10.06.1 Build 631 Information Disclosure 12799 Software FILE-PDF Adobe Reader CVE- Application CVE-2018-12803 2018- 1 and 2 10.06.1 Build 631 Information Disclosure 12803 Software FILE-PDF Adobe Reader CVE- Application CVE-2018-12808 Remote 2018- 1 and 2 10.06.1 Build 631 Code Execution Corruption 12808 Software FILE-PDF Adobe Reader CVE- Application CVE-2018-15923 Malformed 2018- 1 and 2 10.06.1 Build 631 JavaScript Input Out Of 15923 Software Bounds FILE-PDF Adobe Reader Application CVE- CVE-2018-4955 Information 1 and 2 10.06.1 Build 631 2018-4955 Disclosure Software FILE-PDF Adobe Reader Application CVE- CVE-2018-4957 Information 1 and 2 10.06.1 Build 631 2018-4957 Disclosure Software FILE-PDF Adobe Reader Application CVE- CVE-2018-4960 Information 1 and 2 10.06.1 Build 631 2018-4960 Disclosure Software FILE-PDF Adobe Reader Application CVE- CVE-2018-4962 Information 1 and 2 10.06.1 Build 631 2018-4962 Disclosure Software FILE-PDF Adobe Reader Application CVE- CVE-2018-4973 Information 1 and 2 10.06.1 Build 631 2018-4973 Disclosure Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5009 Use After 1 and 2 10.06.1 Build 631 2018-5009 Free Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5011 Use After 1 and 2 10.06.1 Build 631 2018-5011 Free Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5014 Out Of 1 and 2 10.06.1 Build 631 2018-5014 Bounds Read Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5015 Heap 1 and 2 10.06.1 Build 631 2018-5015 Overflow Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5017 Out Of 1 and 2 10.06.1 Build 631 2018-5017 Bounds Read Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5018 Out Of 1 and 2 10.06.1 Build 631 2018-5018 Bounds Read Software FILE-PDF Adobe Reader CVE- 1 Application 2 10.06.1 Build 631

Page 34 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

CVE-2018-5019 Out Of 2018-5019 and Bounds Read Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5021 Out Of 1 and 2 10.06.1 Build 631 2018-5021 Bounds Read Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5023 Out Of 1 and 2 10.06.1 Build 631 2018-5023 Bounds Read Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5024 Out Of 1 and 2 10.06.1 Build 631 2018-5024 Bounds Read Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5025 Out Of 1 and 2 10.06.1 Build 631 2018-5025 Bounds Read Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5026 Out Of 1 and 2 10.06.1 Build 631 2018-5026 Bounds Read Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5031 Out Of 1 and 2 10.06.1 Build 631 2018-5031 Bounds Read Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5033 Out Of 1 and 2 10.06.1 Build 631 2018-5033 Bounds Read Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5036 Heap 1 and 2 10.06.1 Build 631 2018-5036 Overflow Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5037 Heap 1 and 2 10.06.1 Build 631 2018-5037 Overflow Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5038 Heap 1 and 2 10.06.1 Build 631 2018-5038 Overflow Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5039 Heap 1 and 2 10.06.1 Build 631 2018-5039 Overflow Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5041 Heap 1 and 2 10.06.1 Build 631 2018-5041 Overflow Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5042 Out Of 1 and 2 10.06.1 Build 631 2018-5042 Bounds Write Software Application FILE-PDF Adobe Reader CVE- 1 and 2 10.06.1 Build 631 CVE-2018-5043 Overflow 2018-5043 Software Application FILE-PDF Adobe Reader CVE- 1 and 2 10.06.1 Build 631 CVE-2018-5045 Overflow 2018-5045 Software

Page 35 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

FILE-PDF Adobe Reader Application CVE- CVE-2018-5046 Out Of 1 and 2 10.06.1 Build 631 2018-5046 Bounds Read Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5047 Out Of 1 and 2 10.06.1 Build 631 2018-5047 Bounds Read Software FILE-PDF Adobe Reader Application CVE- CVE-2018-5048 Out Of 1 and 2 10.06.1 Build 631 2018-5048 Bounds Read Software Application FILE-PDF Adobe Reader CVE- 1 and 2 10.06.1 Build 631 Information Disclosure 2018-4967 Software FILE-PDF Adobe Reader Application CVE- JavaScript CVE-2018-4946 1 and 2 10.06.1 Build 631 2018-4946 API Use After Free Software FILE-PDF Adobe Reader Application CVE- JavaScript CVE-2018-4954 1 and 2 10.06.1 Build 631 2018-4954 Use After Free Software FILE-PDF Adobe Reader Application CVE- JavaScript CVE-2018-4961 1 and 2 10.06.1 Build 631 2018-4961 API Use After Free Software FILE-PDF Adobe Reader Application CVE- JavaScript CVE-2018-4971 1 and 2 10.06.1 Build 631 2018-4971 API Use After Free Software FILE-PDF Adobe Reader Application CVE- PDF CVE-2019-7089 1 and 2 10.06.1 Build 631 2019-7089 Information Disclosure Software FILE-PDF JavaScript Application CVE- contained in an xml template 1 and 2 10.06.1 Build 631 2018-4952 embedded in a pdf attempt Software FILE-PDF Multiple Products CVE-2018-8464 malformed CVE- 1 Browsers 2 10.06.1 Build 631 JP2K codestream out of 2018-8464 bounds read attempt Malware First Pass Flag for NA 1 Communicati 1 10.06.1 Build 631 WannaCry Ransomware on First Pass Flag MS17-010 CVE- 1 Misc 1 10.06.1 Build 631 EternalBlue Metasploit 2017-0144 Flexense DiskPulse Enterprise Server Web ParseHttpHeader Stack NA 1 Services and 1 10.06.1 Build 631 Buffer Overflow (Published Applications Exploit) Flexense SyncBreeze CVE- Web Enterprise ParseHttpHeader 2017- 1 Services and 2 10.06.1 Build 631 Stack Buffer Overflow 17099 Applications (Published Exploit) CVE-

Page 36 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

2017-17099 Flexense VX Search Web Enterprise add_command NA 1 Services and 1 10.06.1 Build 631 Buffer Overflow Applications Flexera FlexNet Publisher Web CVE- License Server Buffer 1 Services and 1 10.06.1 Build 631 2015-8277 Overflow Applications Flexera FlexNet Publisher Web CVE- License Server Heap Buffer 1 Services and 1 10.06.1 Build 631 2015-8277 Overflow Applications Foxit Reader and CVE- PhantonPDF XFA gotoURL 2017- 1 Misc 1 10.06.1 Build 631 Command Injection 10953 CVE- Foxit Reader BMP biWidth 2017- 1 Misc 2 10.06.1 Build 631 Heap-based Buffer Overflow 17557 Application Foxit Reader phoneinfo.dll CVE- 1 and 3 10.06.1 Build 631 Insecure Library Loading 2016-0041 Software FreePBX Framework hotelwakeup Module NA 1 Misc 2 10.06.1 Build 631 Directory Traversal FreePBX Framework Web modulefunctions.class.php NA 1 Services and 1 10.06.1 Build 631 display SQL Injection Applications FreePBX Framework Web Recordings Module Remote NA 1 Services and 1 10.06.1 Build 631 Command Execution Applications FreePBX Framework Web remotemod Remote NA 1 Services and 1 10.06.1 Build 631 Command Execution Applications CVE- FreeRADIUS rad_coalesce 2017- 1 Misc 1 10.06.1 Build 631 Out of Bounds Read 10979 FTP Brute force attack NA 1 FTP 3 10.06.1 Build 631 Application FTP CWD Root directory CVE- 1 and 2 10.06.1 Build 631 transversal attempt 2003-0392 Software FTP LIST directory traversal CVE- 1 FTP 2 10.06.1 Build 631 attempt 2001-0680 GD Library libgd Web CVE- _gd2GetHeader Integer 1 Services and 1 10.06.1 Build 631 2016-5766 Overflow Applications GD Library libgd gd_gd2.c Web CVE- Heap Buffer Overflow 1 Services and 1 10.06.1 Build 631 2016-3074 (Published Exploit) Applications

Page 37 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Web GNU C Library getaddrinfo CVE- 1 Services and 1 10.06.1 Build 631 Buffer Overflow 2015-7547 Applications GnuTLS libtasn1 ASN.1 Application CVE- DER Infinite Loop Denial of 1 and 2 10.06.1 Build 631 2016-4008 Service Software GnuTLS Proxy Certificate CVE- Information Extension 1 Misc 1 10.06.1 Build 631 2017-5334 Memory Corruption GNU wget HTTP Redirect CVE- 1 Misc 1 10.06.1 Build 631 Arbitrary File Overwrite 2016-4971 Google Golang Get CVE- Command Injection CVE- 1 Misc 1 10.06.1 Build 631 2018-7187 2018-7187 Hewlett Packard Enterprise Application Vertica validateAdminConfig CVE- 1 and 1 10.06.1 Build 631 Remote Command Injection 2016-2002 Software (Decrypted Traffic) Web HOIC Attack Double Spaced NA 1 Services and 3 10.06.1 Build 631 UserAgent Applications HPE Data Protector Application CVE- EXEC_BAR domain Buffer 1 and 1 10.06.1 Build 631 2016-2006 Overflow Software HPE Data Protector CVE- EXEC_BAR username 1 Misc 1 10.06.1 Build 631 2016-2005 Buffer Overflow HPE Intelligent Management Application CVE- Center accessMgrServlet 1 and 1 10.06.1 Build 631 2017-5790 Insecure Deserialization Software HPE Intelligent Management Application CVE- Center CommonUtils ZIP 1 and 1 10.06.1 Build 631 2017-5793 Directory Traversal Software HPE Intelligent Management CVE- Center dbman FileTrans 1 Misc 1 10.06.1 Build 631 2017-5822 Arbitrary File Write HPE Intelligent Management Application CVE- Center dbman RestartDB 1 and 1 10.06.1 Build 631 2017-5816 Command Injection Software HPE Intelligent Management Center dbman CVE- 1 Misc 2 10.06.1 Build 631 RestoreZipFile Command 2017-5821 Injection HPE Intelligent Management Application CVE- Center dbman Stack Buffer 1 and 1 10.06.1 Build 631 2017-8956 Overflow Software HPE Intelligent Management CVE- 1 Web 1 10.06.1 Build 631

Page 38 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Center FileDownloadServlet 2017-5795 Services and fileName Directory Traversal Applications HPE Intelligent Management Web Center FileDownloadServlet CVE- 1 Services and 2 10.06.1 Build 631 filePath Information 2017-5797 Applications Disclosure HPE Intelligent Management Application CVE- Center FileUploadServlet 1 and 1 10.06.1 Build 631 2017-5794 Directory Traversal Software HPE Intelligent Management CVE- Web Center getSelInsBean 2017- 1 Services and 3 10.06.1 Build 631 Expression Language 12490 Applications Injection HPE Intelligent Management CVE- Web Center ictExpertDownload 2017- 1 Services and 1 10.06.1 Build 631 Expression Language 12500 Applications Injection CVE-2017-12500 HPE Intelligent Management CVE- Center imcwlandm Stack 1 Misc 1 10.06.1 Build 631 2017-5804 Buffer Overflow HPE Intelligent Management Application Center imcwlandm CVE- 1 and 1 10.06.1 Build 631 UserName Stack Buffer 2017-5805 Software Overflow HPE Intelligent Management CVE- Web Center mibFileServlet file 2017- 1 Services and 1 10.06.1 Build 631 Directory Traversal 12559 Applications HPE Intelligent Management Center Web CVE- perfAccessMgrServlet 1 Services and 2 10.06.1 Build 631 2017-8962 Insecure Deserialization Applications CVE-2017-8962 HPE Intelligent Management Web CVE- Center PLAT flexFileUpload 1 Services and 1 10.06.1 Build 631 2017-8961 Arbitrary File Upload Applications HPE Intelligent Management Application CVE- Center PLAT RedirectServlet 1 and 1 10.06.1 Build 631 2016-8530 parafile Directory Traversal Software HPE Intelligent Management CVE- Center RMI Registry 1 Misc 1 10.06.1 Build 631 2017-5792 Insecure Deserialization HPE Intelligent Management CVE- Web Center saveSelectedDevices 2017- 1 Services and 1 10.06.1 Build 631 Expression Language 12491 Applications Injection CVE-2017-12491 HPE Intelligent Management Application CVE- Center UrlAccessController 1 and 1 10.06.1 Build 631 2017-5791 Authentication Bypass Software

Page 39 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

HPE Intelligent Management Center CVE- Web userSelectPagingContent 2017- 1 Services and 2 10.06.1 Build 631 Expression Language 12521 Applications Injection HPE Intelligent Management CVE- Web Center WebDMServlet 2017- 1 Services and 1 10.06.1 Build 631 Insecure Deserialization 12558 Applications CVE-2017-12558 HPE Intelligent Management CVE- Web Center wmiConfigContent 2017- 1 Services and 1 10.06.1 Build 631 Expression Language 12526 Applications Injection CVE-2017-12526 HPE LoadRunner and Application Performance Center CVE- 1 and 1 10.06.1 Build 631 libxdrutil.dll mxdr_string 2017-5789 Software Heap Buffer Overflow HPE Moonshot Provisioning Web Manager Appliance CVE- 1 Services and 2 10.06.1 Build 631 khuploadfile.cgi Directory 2017-8976 Applications Traversal (Decrypted Traffic) HPE Moonshot Provisioning Web Manager Appliance CVE- 1 Services and 1 10.06.1 Build 631 server_response Directory 2017-8977 Applications Traversal (Decrypted Traffic) HPE Network Automation Web PermissionFilter CVE- 1 Services and 2 10.06.1 Build 631 Authentication Bypass 2017-5812 Applications (Decrypted Traffic) HPE Network Automation Application CVE- RedirectServlet SQL 1 and 1 10.06.1 Build 631 2017-5810 Injection (Decrypted Traffic) Software HPE Network Automation Web CVE- RMI Registry Insecure 1 Services and 1 10.06.1 Build 631 2016-4385 Deserialization Applications HPE Operations Orchestration backwards- Web CVE- compatibility beanutils 1 Services and 1 10.06.1 Build 631 2017-8994 Insecure Deserialization Applications CVE-2017-8994 HPE Operations Web Orchestration central- CVE- 1 Services and 1 10.06.1 Build 631 remoting Insecure 2017-8994 Applications Deserialization HPE Operations Application CVE- Orchestration Insecure 1 and 2 10.06.1 Build 631 2016-8519 Deserialization Software HTTP 403 Brute Force Reconnaissa NA 1 3 10.06.1 Build 631 Attack nce

Page 40 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Malware HTTP EternalRocks C2 NA 1 Communicati 1 10.06.1 Build 631 Server Malicious Request I on Web HTTPS/SSL Renegotiation NA 1 Services and 3 10.06.1 Build 631 DoS Applications Application IBM Domino IMAP Mailbox CVE- 1 and 1 10.06.1 Build 631 Name Stack Buffer Overflow 2017-1274 Software IBM Informix Dynamic Web CVE- Server index.php testconn 1 Services and 1 10.06.1 Build 631 2017-1092 Heap Buffer Overflow Applications IBM Tivoli Storage Manager Application CVE- FastBack Server Opcode 1 and 1 10.06.1 Build 631 2015-4931 4115 Buffer Overflow Software Application ImageMagick Delegate CVE- 1 and 1 10.06.1 Build 631 Command Injection 2016-3714 Software ImageMagick Ephemeral CVE- Protocol Arbitrary File 1 Misc 1 10.06.1 Build 631 2016-3715 Deletion ImageMagick Application CVE- SyncExifProfile Out Of 1 and 1 10.06.1 Build 631 2016-7799 Bounds Array Indexing Software Application IMAP authenticate overflow CVE- 1 and 2 10.06.1 Build 631 Attempt 1999-0005 Software Web Incoming LOIC DDOS Tool NA 1 Services and 2 10.06.1 Build 631 Applications Intel Active Management CVE- Technology Remote 1 Misc 1 10.06.1 Build 631 2017-5689 Privilege Escalation IPFire ids.cgi OINKCODE Web CVE- Parameter Command 1 Services and 2 10.06.1 Build 631 2017-9757 Injection (Decrypted Traffic) Applications ISC BIND ANY Query Web CVE- Response Assertion Failure 1 Services and 1 10.06.1 Build 631 2016-9131 Denial of Service Applications ISC BIND apl_42.c INSIST CVE- Assertion Failure Denial of 1 Misc 1 10.06.1 Build 631 2015-8704 Service ISC BIND buffer.c Assertion CVE- 1 Misc 1 10.06.1 Build 631 Failure Denial of Service 2016-2776 ISC BIND DNAME CVE- Response Processing Denial 1 Misc 1 10.06.1 Build 631 2016-8864 of Service

Page 41 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

ISC BIND DNAME RRSIG CVE- Assertion Failure Denial of 1 Misc 3 10.06.1 Build 631 2016-1286 Service ISC BIND DNS Cookie CVE- Assertion Failure Denial of 1 Misc 3 10.06.1 Build 631 2016-2088 Service ISC BIND DNS options Application CVE- Assertion Failure Denial of 1 and 1 10.06.1 Build 631 2016-2848 Service Software ISC BIND lwresd Query CVE- 1 Misc 3 10.06.1 Build 631 Name Denial of Service 2016-2775 ISC BIND Referral CNAME CVE- and DNAME Assertion 1 DNS 1 10.06.1 Build 631 2017-3137 Failure Denial of Service ISC BIND rndc Control Malware CVE- Channel Assertion Failure 1 Communicati 1 10.06.1 Build 631 2016-1285 Denial of Service on ISC BIND rndc Control CVE- Channel Assertion Failure 1 Misc 1 10.06.1 Build 631 2017-3138 Denial of Service ISC DHCP dhclient CVE- pretty_print_option Stack 1 Misc 1 10.06.1 Build 631 2018-5732 Buffer Overflow ISC DHCP UDP Payload CVE- 1 Misc 1 10.06.1 Build 631 Length Denial of Service 2015-8605 JasPer jp2_decode Out of CVE- 1 Misc 1 10.06.1 Build 631 Bounds Read 2017-9782 CVE- Web Jenkins CI Server Multiple 2017- 1 Services and 2 10.06.1 Build 631 Cross-Site Request Forgery 1000356 Applications Jenkins Plugin Resources CVE- Directory Traversal CVE- 1 Misc 1 10.06.1 Build 631 2018-6356 2018-6356 Joomla! CMS Policy Bypass Web CVE- and Privilege Escalation 1 Services and 2 10.06.1 Build 631 2016-8869 Vulnerabilities Applications Web Joomla! CMS User Notes CVE- 1 Services and 2 10.06.1 Build 631 List View SQL Injection 2018-8045 Applications Web Joomla! com_fields SQL CVE- 1 Services and 1 10.06.1 Build 631 Injection 2017-8917 Applications Web Joomla! HTTP User Agent CVE- 1 Services and 1 10.06.1 Build 631 Object Injection 2015-8562 Applications Kaspersky Anti-Virus for CVE- Application 1 1 10.06.1 Build 631 Linux File Server 2017-9812 and

Page 42 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

getReportStatus Directory Software Traversal Kerberos Multi-realm KDC Operating CVE- NULL Pointer Dereference 1 System and 2 10.06.1 Build 631 2013-1418 Denial of Service Services Application Liferay Portal User Account CVE- 1 and 3 10.06.1 Build 631 Stored Cross Site Scripting 2016-3670 Software Linux Kernel Operating CVE- ipv4_pktinfo_prepare Denial 1 System and 1 10.06.1 Build 631 2017-5970 of Service Services Linux Kernel NFSv4 nfsd CVE- 1 DNS 1 10.06.1 Build 631 PNFS denial of Service 2017-8797 Linux Kernel SCTP Operating CVE- sctp_sf_ootb Out of Bounds 1 System and 1 10.06.1 Build 631 2016-9555 Read Services Web LOIC DoS Tool (HTTP NA 1 Services and 2 10.06.1 Build 631 Traffic) Applications Web LOIC DoS Tool JS Version NA 1 Services and 2 10.06.1 Build 631 Applications Web LOIC DoS Tool (UDP NA 1 Services and 2 10.06.1 Build 631 Traffic) threshold Applications Web Magento API unserialize CVE- 1 Services and 1 10.06.1 Build 631 Remote Code Execution 2016-4010 Applications Magento Vimeo Invalid Image Cross Site Request NA 1 Misc 1 10.06.1 Build 631 Forgery MailStore Server search- Web result Reflected Cross-Site NA 1 Services and 1 10.06.1 Build 631 Scripting Applications Malware Malware Backdoor.MSIL.Founserv.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Backdoor.MSIL.Nuovoscor.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Backdoor.Python.DrukSkript. NA 1 Communicati 1 10.06.1 Build 631 A Runtime Detection on Malware Malware Backdoor.Shell.Cobrike.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware NA 1 Malware 1 10.06.1 Build 631

Page 43 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Backdoor.VBS.Iniduoh.A Communicati Runtime Detection on Malware Malware Backdoor.Win32.DNSChang NA 1 Communicati 1 10.06.1 Build 631 er.JJ Runtime Detection on Malware Malware Backdoor.Win32.Dorkbot.AR NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Backdoor.Win32.Dorkbot.AR NA 1 Communicati 4 10.06.1 Build 631 Runtime Detection on Malware Malware Backdoor.Win32.Dorkbot.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Backdoor.Win32.Dorkbot.A NA 1 Communicati 4 10.06.1 Build 631 Runtime Detection on Malware Malware Backdoor.Win32.Dorkbot.B NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Backdoor.Win32.Dorkbot.B NA 1 Communicati 4 10.06.1 Build 631 Runtime Detection on Malware Malware Backdoor.Win32.Dorkbot.I NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection (Generic) on Malware Malware Backdoor.Win32.Dorkbot.I NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Backdoor.Win32.Dorkbot.I NA 1 Communicati 4 10.06.1 Build 631 Runtime Detection on Malware Malware Backdoor.Win32.Korgapam. NA 1 Communicati 1 10.06.1 Build 631 A Runtime Detection on Malware Malware Backdoor.Win32.Ptiger.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Backdoor.Win32.Sapertilz.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Backdoor.Win32.Squida.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Backdoor.Win32.Stonedrill.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on

Page 44 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

MALWARE-CNC IoT Reaper Malware botnet outbound NA 1 Communicati 2 10.06.1 Build 631 communication attempt on Malware MALWARE-CNC IoT Reaper NA 1 Communicati 2 10.06.1 Build 631 botnet on MALWARE-CNC Malex Malware outbound communication NA 1 Communicati 1 10.06.1 Build 631 attempt on MALWARE-CNC Malex Malware outbound communication NA 1 Communicati 2 10.06.1 Build 631 attempt on MALWARE-CNC Malware Malware Trojan- NA 1 Communicati 1 10.06.1 Build 631 Downloader.Win32.Ismdoor. on A Runtime Detection MALWARE-CNC Malware Malware Trojan.MSIL.DarkNeuron.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection - on (DECRYPTED TRAFFIC) MALWARE-CNC Malware Malware Worm.MSIL.Disttrack.D NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on MALWARE-CNC Malware Malware Worm.MSIL.Disttrack.D NA 1 Communicati 4 10.06.1 Build 631 Runtime Detection on MALWARE-CNC Malware Malware Worm.Win32.Disttrack.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on MALWARE-CNC Malware Win.Trojan.Kwampirs NA 1 Communicati 2 10.06.1 Build 631 outbound connection attempt on MALWARE-OTHER Malware BadRabbit Ransomware NA 2 Communicati 1 10.06.1 Build 631 Payment Onion Domain on Request Attempt VI Malware Trojan- Malware Downloader.JS.Vrexygen.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Trojan- Malware Downloader.Win32.Recodler NA 1 Communicati 1 10.06.1 Build 631 .A Runtime Detection on Malware Malware Trojan.Linux.Mirai.VWIOW NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.Linux.VPNFilter.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection - on

Page 45 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

DECRYPTED TRAFFIC Malware Malware Trojan.Linux.VPNFilter.B NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection - on DECRYPTED TRAFFIC Malware Malware Trojan.MSIL.CobianRAT.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.MSIL.Cryptolocker.A NA 1 Communicati 1 10.06.1 Build 631 R Runtime Detection on Malware Malware Trojan.MSIL.Cryptolocker.I NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.MSIL.Delifeta.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.MSIL.Embeecrypt.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection - on (DECRYPTED TRAFFIC) Malware Malware Trojan.MSIL.KeyLogger.AW NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.MSIL.Ownymi.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.MSIL.Pasiem.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.MSIL.Precovelog.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.MSIL.Ragiztrat.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.MSIL.Sevalosip.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.MSIL.Sylifda.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.MSIL.SyseeStealer.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection - on (DECRYPTED TRAFFIC) Malware NA 1 Malware 1 10.06.1 Build 631

Page 46 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Trojan.MSIL.Troloscup.A Communicati Runtime Detection on Malware Malware Trojan.VBS.Zombrari.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.Win32.Adylkuzz.B NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.Win32.Alphaleonbt.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.Win32.Cryptolocker.A NA 1 Communicati 1 10.06.1 Build 631 W Runtime Detection on Malware Malware Trojan.Win32.Locky.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.Win32.Marten.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.Win32.Nitovel.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection - on (DECRYPTED TRAFFIC) Malware Malware Trojan.Win32.Popyerd.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Trojan.Win32.Viebyspy.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware W32.Conficker.worm NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection (RPC on Request Buffer Overflow) Malware Win32.Conficker.C Malware Runtime Detection (FTP NA 1 Communicati 1 10.06.1 Build 631 download) on Malware Win32.Conficker.C Malware Runtime Detection (Remote NA 1 Communicati 1 10.06.1 Build 631 Shellcode Commands) on Malware Win32.Conficker.C Malware Runtime Detection (RPC NA 1 Communicati 1 10.06.1 Build 631 Bind) on Malware Win32.Conficker.C Malware Runtime Detection (RPC NA 1 Communicati 1 10.06.1 Build 631 DCOM Vulnerability) on Malware Win32.Conficker.C NA 1 Malware 1 10.06.1 Build 631

Page 47 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Runtime Detection (RPC Communicati Request Buffer Overflow) on Malware Malware Worm.MSIL.Frconm.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Worm.VBS.Iniduoh.B NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Worm.Win32.BadRabbit.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Worm.Win32.Disttrack.B NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Worm.Win32.Mirai.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Worm.Win32.PetyaWrap.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Worm.Win32.Ultramine.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Worm.Win32.Zorenium.A NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on Malware Malware Worm.Win64.Disttrack.C NA 1 Communicati 1 10.06.1 Build 631 Runtime Detection on ManageEngine Applications Application Manager Apache Commons CVE- 1 and 1 10.06.1 Build 631 Collections Insecure 2016-9498 Software Deserialization ManageEngine Applications Web Manager CVE- 1 Services and 2 10.06.1 Build 631 MenuHandlerServlet SQL 2016-9488 Applications Injection ManageEngine Firewall Application Analyzer runQuery guest NA 1 and 1 10.06.1 Build 631 user SQL Injection Software ManageEngine OpManager Application APMIntegBusinessViewHan NA 1 and 2 10.06.1 Build 631 dler OPM_BVNAME SQL Software Injection ManageEngine ServiceDesk CVE- Web DownloadFileServlet 2017- 1 Services and 1 10.06.1 Build 631 Information Disclosure 11511 Applications

Page 48 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

ManageEngine ServiceDesk CVE- Web DownloadSnapshotServlet 2017- 1 Services and 1 10.06.1 Build 631 Directory Traversal 11512 Applications Mantis Bug Tracker Filter Application CVE- API view_type Cross Site 1 and 2 10.06.1 Build 631 2016-6837 Scripting Software Mantis Bug Tracker CVE- verify.php confirm_hash 1 Misc 2 10.06.1 Build 631 2017-7615 Remote Password Reset Mantis MantisBT Bug Tracker Web CVE- adm_config_report.php 1 Services and 1 10.06.1 Build 631 2017-7309 move_attachments_page.ph Applications p XSS McAfee ePolicy Orchestrator Application CVE- DataChannel GUID SQL 1 and 1 10.06.1 Build 631 2016-8027 Injection (Decrypted Traffic) Software Memcached CVE- process_bin_append_prepe 1 Misc 1 10.06.1 Build 631 2016-8704 nd Integer Overflow Memcached Operating CVE- process_bin_sasl_auth 1 System and 1 10.06.1 Build 631 2016-8706 Integer Underflow Services Memcached CVE- process_bin_update 1 Misc 2 10.06.1 Build 631 2016-8705 body_len Integer Overflow Web Metasploit meterpreter NA 1 Services and 3 10.06.1 Build 631 stub .php file upload Applications Micro Focus GroupWise Application Admin Console index.jsp CVE- 1 and 1 10.06.1 Build 631 PoaCmd Cross Site 2016-5760 Software Scripting (Decrypted Traffic) Micro Focus GroupWise Malware Admin Console install CVE- 1 Communicati 1 10.06.1 Build 631 login.jsp Cross Site Scripting 2016-5760 on (Decrypted Traffic) Micro Focus GroupWise Application CVE- Post Office Agent Integer 1 and 1 10.06.1 Build 631 2016-5762 Overflow Software Micro Focus NetIQ Access CVE- Web Manager Identity Server 2017- 1 Services and 1 10.06.1 Build 631 OspUIBasicSSODownload 14803 Applications Directory Traversal Micro Focus NetIQ Sentinel Application CVE- Server ReportViewServlet 1 and 1 10.06.1 Build 631 2016-1605 Directory Traversal Software Micro Focus NetIQ Sentinel CVE- 1 Misc 1 10.06.1 Build 631

Page 49 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Server SentinelContext 2016-1605 Authentication Bypass Micro Focus Rumba WallData.Macro PlayMacro NA 1 Misc 1 10.06.1 Build 631 Memory Corruption Microsoft Edge Chakra CVE- CVE- 2017-0010 Remote Code 1 Browsers 1 10.06.1 Build 631 2017-0010 Execution Microsoft Edge CVE-2017- CVE- 0034 Remote Code 1 Browsers 1 10.06.1 Build 631 2017-0034 Execution Microsoft Edge CVE-2017- CVE- 0208 repeat Sign Extension 1 Browsers 1 10.06.1 Build 631 2017-0208 Information Disclosure II Microsoft Edge CVE-2017- CVE- 0208 repeat Sign Extension 1 Browsers 1 10.06.1 Build 631 2017-0208 Information Disclosure I Microsoft Edge Application document.domain Same CVE- 1 and 1 10.06.1 Build 631 Origin Policy Bypass 2017-0002 Software (Published Exploit) Application Microsoft Excel File CVE- 1 and 2 10.06.1 Build 631 Importing Code Execution 2008-0112 Software Application Microsoft Excel File CVE- 1 and 4 10.06.1 Build 631 Importing Code Execution 2008-0112 Software Microsoft Graphics Component Web CVE- CREATECOLORSPACE 1 Services and 1 10.06.1 Build 631 2016-0168 Filesystem Information Applications Disclosure Microsoft Graphics Web CVE- Component CVE-2016-0169 1 Services and 1 10.06.1 Build 631 2016-0169 Information Disclosure Applications Microsoft IE8 CGeneric CVE- Element Use After Free 1 Browsers 2 10.06.1 Build 631 2013-1347 (CVE-2013-1347) Microsoft IIS ScStoragePathFromUrl CVE- Microsoft IIS 1 1 10.06.1 Build 631 Function Remote Code 2017-7269 web server Execution Microsoft IIS WebDAV CVE- Microsoft IIS ScStoragePathFromUrl 1 1 10.06.1 Build 631 2017-7269 web server Buffer Overflow Microsoft Internet Explorer CVE- jscript9.dll TypedArray Use 1 Browsers 1 10.06.1 Build 631 2016-3210 After Free (Published

Page 50 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Exploit) Microsoft Internet Explorer CVE- Zero Day Malicious Script 1 Browsers 2 10.06.1 Build 631 2013-1347 Request Microsoft Internet Explorer CVE- 1 Browsers 2 10.06.1 Build 631 Zero Day Payload Request 2013-1347 Microsoft Internet Explorer CVE- Zero Day Script Client 1 Browsers 2 10.06.1 Build 631 2013-1347 Reporting Installed Software Microsoft MSXML CVE- Database CVE- 2017-0022 Information 1 Management 1 10.06.1 Build 631 2017-0022 Disclosure System Microsoft MSXML CVE- CVE- 2017-0022 Information 1 Office Tools 1 10.06.1 Build 631 2017-0022 Disclosure Microsoft .NET Framework Operating CVE- mscoreei.dll Insecure Library 1 System and 1 10.06.1 Build 631 2016-0148 Loading Services Operating Microsoft .NET Framework CVE- 1 System and 1 10.06.1 Build 631 Remote Code Execution 2017-8759 Services Microsoft Network Policy Operating CVE- Server RADIUS Denial of 1 System and 3 10.06.1 Build 631 2016-0050 Service Services Microsoft Office Composite CVE- Moniker CVE-2017-8570 1 Misc 2 10.06.1 Build 631 2017-8570 Code Execution Microsoft Office CVE-2016- CVE- 1 Office Tools 3 10.06.1 Build 631 3234 Information Disclosure 2016-3234 Application Microsoft Office CVE-2016- CVE- 1 and 1 10.06.1 Build 631 7264 Out of Bounds Read 2016-7264 Software Microsoft Office EQNEDT32 Application CVE- CVE-2018-0802 FONT 1 and 1 10.06.1 Build 631 2018-0802 Stack Buffer Overflow Software Microsoft Office EQNEDT32 CVE- CVE-2018-0802 MATRIX 1 Misc 1 10.06.1 Build 631 2018-0802 Stack Buffer Overflow Microsoft Office WordPerfect CVE- Document Converter Heap- 1 Misc 1 10.06.1 Build 631 2017-8744 based Buffer Overflow Microsoft SQL RDBMS Engine UNC Path Injection CVE- Privilege Escalation 1 Misc 1 10.06.1 Build 631 2016-7250 (Published Exploit) CVE- 2016-7250 Microsoft Windows CredSSP CVE- 1 Operating 2 10.06.1 Build 631

Page 51 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

MITM Code Execution 2018-0886 System and Services Microsoft Windows CVE- CVE- 2017-8710 XXE Information 1 Misc 1 10.06.1 Build 631 2017-8710 Disclosure Application Microsoft Windows Domain CVE- 1 and 1 10.06.1 Build 631 User Code Execution 2016-3368 Software Microsoft Windows EOT Operating Font Engine Information CVE- 1 System and 1 10.06.1 Build 631 Disclosure Vulnerability 2018-0855 Services CVE-2018-0855 Microsoft Windows Graphics CVE- Component CVE-2016-7272 1 Multimedia 1 10.06.1 Build 631 2016-7272 Remote Code Execution Microsoft Windows Graphics CVE- Component CVE-2017-8676 1 Misc 1 10.06.1 Build 631 2017-8676 Information Disclosure Microsoft Windows Graphics Operating CVE- Component CVE-2017-8676 1 System and 2 10.06.1 Build 631 2017-8676 Information Disclosure Services Microsoft Windows Graphics Application CVE- Device Interface Integer 1 and 1 10.06.1 Build 631 2016-0170 Overflow Software Microsoft Windows LNK CVE- CVE-2017-8464 Remote 1 Misc 1 10.06.1 Build 631 2017-8464 Code Execution Microsoft Windows LSASS CVE- Authenticate Message 1 Misc 1 10.06.1 Build 631 2016-7237 Denial of Service Microsoft Windows LSASS CVE- Authentication Denial of 1 Misc 1 10.06.1 Build 631 2017-0004 Service Microsoft Windows Media CVE- Center MCL CVE-2016-0185 1 Multimedia 1 10.06.1 Build 631 2016-0185 Code Execution Microsoft Windows Operating CVE- msdaora.dll Insecure Library 1 System and 3 10.06.1 Build 631 2016-0041 Loading Services Microsoft Windows OLE Operating CVE- CVE-2016-0091 Code 1 System and 3 10.06.1 Build 631 2016-0091 Execution Services Microsoft Windows OLE Operating CVE- CVE-2016-0092 Code 1 System and 1 10.06.1 Build 631 2016-0092 Execution Services Microsoft Windows OLE CVE- Operating 1 2 10.06.1 Build 631 CVE-2016-0153 Code 2016-0153 System and

Page 52 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Execution Services Microsoft Windows OLE CVE-2017-8487 Global CVE- 1 Misc 1 10.06.1 Build 631 Buffer Overflow (Published 2017-8487 Exploit) Microsoft Windows PDF CVE- Library JPEG2000 1 Misc 1 10.06.1 Build 631 2016-3215 Information Disclosure Microsoft Windows PDF CVE- Library JPEG2000 Parsing 1 Misc 1 10.06.1 Build 631 2017-0291 Out of Bounds Write Microsoft Windows Print Operating CVE- Spooler Service Arbitrary 1 System and 2 10.06.1 Build 631 2010-2729 File Upload Services Microsoft Windows Print Operating CVE- Spooler Service Arbitrary 1 System and 4 10.06.1 Build 631 2010-2729 File Upload Services Microsoft Windows Remote Operating CVE- Assistance XXE Injection 1 System and 2 10.06.1 Build 631 2018-0878 Information Disclosure Services Application Microsoft Windows Shell Zip CVE- 1 and 2 10.06.1 Build 631 File Remote Code Execution 2018-0883 Software Microsoft Windows SMB Operating EternalBlue MS17-010 CVE- 1 System and 1 10.06.1 Build 631 Remote Windows Kernel 2017-0143 Services Pool Corruption Microsoft Windows SMB Operating CVE- Server SMBv1 CVE-2017- 1 System and 1 10.06.1 Build 631 2017-0143 0144 Memory Corruption Services Microsoft Windows SMB Operating CVE- Server SMBv1 CVE-2017- 1 System and 1 10.06.1 Build 631 2017-0144 0144 Memory Corruption Services Microsoft Windows SMB Operating CVE- Server SMBv1 CVE-2017- 1 System and 2 10.06.1 Build 631 2017-0147 0147 Information Disclosure Services Microsoft Windows SMB Operating CVE- Server SMBv1 Information 1 System and 1 10.06.1 Build 631 2017-0271 Disclosure Services Microsoft Windows SMB CVE- Server SMBv1 Information 2017- 1 Misc 1 10.06.1 Build 631 Disclosure 11815 Microsoft Windows SMB Operating CVE- Server SMBv1 Out of 1 System and 1 10.06.1 Build 631 2017-0267 Bounds Read Services Microsoft Windows SMB CVE- 1 Misc 1 10.06.1 Build 631 Server SMBv1 Out of 2017-

Page 53 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Bounds Read 11781 Microsoft Windows SMB Operating CVE- Tree Connect Response 1 System and 1 10.06.1 Build 631 2017-0016 Denial of Service Services Microsoft Windows SNMP CVE- CVE-2018-0967 Denial of 1 Misc 2 10.06.1 Build 631 2018-0967 Service Microsoft Windows System Operating Information Console XXE CVE- 1 System and 1 10.06.1 Build 631 Injection Information 2017-8557 Services Disclosure Microsoft Word CVE-2017- CVE- 0031 Remote Code 1 Office Tools 1 10.06.1 Build 631 2017-0031 Execution Operating MISC bootp hardware CVE- 1 System and 2 10.06.1 Build 631 address length overflow 1999-0798 Services MISC Microsoft PPTP Start Operating CVE- Control Request buffer 1 System and 2 10.06.1 Build 631 2002-1214 overflow Attempt Services Application CVE- MISC xfs overflow attempt 1 and 2 10.06.1 Build 631 2002-1317 Software Mitsubishi Electric E- Designer BEComliSlave CVE- 1 Misc 2 10.06.1 Build 631 Status_bit Stack Buffer 2017-9638 Overflow Mitsubishi Electric E- CVE- Designer SetupAlarm Font 1 Misc 2 10.06.1 Build 631 2017-9638 Stack Buffer Overflow Moxa SoftCMS CGI CVE- 1 Misc 2 10.06.1 Build 631 Program SQL Injection 2016-5792 Database MS-SQL Worm propagation CVE- 1 Management 2 10.06.1 Build 631 attempt 2002-0649 System Database MS-SQL Worm propagation CVE- 1 Management 2 10.06.1 Build 631 Attempt 2002-0649 System Multiple Products Application CVE- HTTP_PROXY Traffic 1 and 2 10.06.1 Build 631 2016-5386 Redirection Software Multiple vendor Antivirus CVE- magic byte detection evasion 1 Misc 1 10.06.1 Build 631 2005-3370 attempt III Multiple vendor Antivirus CVE- magic byte detection evasion 1 Misc 1 10.06.1 Build 631 2005-3370 attempt II

Page 54 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Multiple vendor Antivirus CVE- magic byte detection evasion 1 Misc 1 10.06.1 Build 631 2005-3370 attempt I VoIP and CVE- MultiTech SIP UDP Overflow 1 Instant 2 10.06.1 Build 631 2005-4050 Messaging Nagios Network Analyzer Application Report Generator Command NA 1 and 2 10.06.1 Build 631 Injection Software Nagios XI Incident Manager Application Integration Component SQL NA 1 and 2 10.06.1 Build 631 Injection Software NETBIOS MikroTik Operating CVE- RouterOS buffer overflow 1 System and 2 10.06.1 Build 631 2018-7445 attempt Services NETBIOS MikroTik CVE- Other Web RouterOS buffer overflow 1 2 10.06.1 Build 631 2018-7445 Server attempt NETBIOS SMB Operating SMB_COM_TRANSACTION CVE- 1 System and 2 10.06.1 Build 631 Max Parameter and Max 2002-0724 Services Count of 0 DOS Attempt NetGain Systems Enterprise CVE- Web Manager exec_jsp 2017- 1 Services and 2 10.06.1 Build 631 Command Execution 16602 Applications NetGain Systems Enterprise CVE- Web Manager misc.sample_jsp 2017- 1 Services and 2 10.06.1 Build 631 type Directory Traversal 16599 Applications NetGain Systems Enterprise CVE- Web Manager snmpwalk ip 2017- 1 Services and 2 10.06.1 Build 631 Directory Traversal 16598 Applications NetGain Systems Enterprise CVE- Manager TFtpServer 2017- 1 Misc 2 10.06.1 Build 631 Filename Directory Traversal 16597 Netgear ProSAFE NMS300 Application CVE- fileUpload.do Arbitrary File 1 and 1 10.06.1 Build 631 2016-1524 Upload Software Network Time Protocol CVE- Daemon crypto-NAK Denial 1 Misc 1 10.06.1 Build 631 2016-4957 of Service Network Time Protocol Operating CVE- Daemon peer_xmit mode 1 System and 1 10.06.1 Build 631 2017-6464 Denial of Service Services Network Time Protocol Operating CVE- Daemon read_mru_list 1 System and 2 10.06.1 Build 631 2016-7434 Denial of Service Services Network Time Protocol ntpq CVE- 1 Misc 2 10.06.1 Build 631

Page 55 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

decodearr Stack-based 2018-7183 Buffer Overflow Reconnaissa NMAP SCAN -sO NA 1 5 10.06.1 Build 631 nce NMAP SCAN -sS window Reconnaissa NA 1 5 10.06.1 Build 631 1024 nce NMAP SCAN -sS window Reconnaissa NA 1 5 10.06.1 Build 631 2048 nce NMAP SCAN -sS window Reconnaissa NA 1 5 10.06.1 Build 631 3072 nce NMAP SCAN -sS window Reconnaissa NA 1 5 10.06.1 Build 631 4096 nce Node.js Foundation Node.js CVE- Web zlib windowBits Denial of 2017- 1 Services and 2 10.06.1 Build 631 Service 14919 Applications Novell Service Desk Application CVE- clientImportUploadForm 1 and 1 10.06.1 Build 631 2016-1593 Directory Traversal Software Novell ZENworks Mobile Web Management Cross-Site NA 1 Services and 1 10.06.1 Build 631 Scripting Applications Novell ZENworks Mobile Web Management Cross-Site NA 1 Services and 3 10.06.1 Build 631 Scripting Applications ntp.org Network Time Operating Protocol Windows Daemon CVE- 1 System and 1 10.06.1 Build 631 getEndptFromIoCtx Denial of 2016-9312 Services Service Nullsoft Winamp Advanced Module Format File Buffer NA 1 Multimedia 1 10.06.1 Build 631 Overflow OMRON CX-One CX-FLnet CVE- Node Name Heap-based 1 Misc 2 10.06.1 Build 631 2018-8834 Buffer Overflow OMRON CX-One CX-FLnet CVE- Version Heap-based Buffer 1 Misc 2 10.06.1 Build 631 2018-8834 Overflow op5 Monitor Web command_test.php NA 1 Services and 2 10.06.1 Build 631 Command Injection Applications (Decrypted Traffic) OpenLDAP ldapsearch Application CVE- pagesize Double Free Denial 1 and 1 10.06.1 Build 631 2017-9287 of Service Software Open SIP Relay scanner Reconnaissa Fake Eyebeam User-Agent NA 1 5 10.06.1 Build 631 nce Detected

Page 56 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

OpenSSL ChaCha20- CVE- Poly1305 and RC4-MD5 1 Misc 1 10.06.1 Build 631 2017-3731 Integer Underflow OpenSSL CVE- Other Web ChangeCipherSpec MITM 1 2 10.06.1 Build 631 2014-0224 Server Security Bypass OpenSSL CVE- Other Web ChangeCipherSpec MITM 1 4 10.06.1 Build 631 2014-0224 Server Security Bypass OpenSSL TLS DTLS CVE- Other Web Heartbeat Information 1 2 10.06.1 Build 631 2014-0160 Server Disclosure OpenSSL TLS DTLS CVE- Other Web Heartbeat Information 1 4 10.06.1 Build 631 2014-0160 Server Disclosure OpenSSL X.509 CVE- IPAddressFamily Extension 1 Misc 1 10.06.1 Build 631 2017-3735 Parsing Out-of-Bounds Read Application OpenVPN P_CONTROL CVE- 1 and 1 10.06.1 Build 631 Denial of Service 2017-7478 Software OpenVPN P_CONTROL CVE- 1 Misc 1 10.06.1 Build 631 Denial of Service 2017-7478 Oracle Application Testing Web Suite DownloadServlet OTM CVE- 1 Services and 1 10.06.1 Build 631 reportName Directory 2016-0485 Applications Traversal Oracle Application Testing Application CVE- Suite DownloadServlet 1 and 1 10.06.1 Build 631 2016-0477 scenario Directory Traversal Software Oracle Application Testing Application Suite DownloadServlet CVE- 1 and 1 10.06.1 Build 631 scriptPath Directory 2016-0484 Software Traversal Oracle Application Testing Application CVE- Suite UploadServlet filename 1 and 1 10.06.1 Build 631 2016-0490 Directory Traversal Software Oracle ATS Application DownloadServlet CVE- 1 and 2 10.06.1 Build 631 exportFileName Directory 2016-0486 Software Traversal Oracle ATS Application CVE- DownloadServlet scriptName 1 and 1 10.06.1 Build 631 2016-0478 Directory Traversal Software Oracle ATS Malware DownloadServlet CVE- 1 Communicati 1 10.06.1 Build 631 TMAPReportImage Directory 2016-0480 on Traversal

Page 57 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Oracle Fusion Middleware MapViewer Web CVE- FileUploaderServlet 1 Services and 1 10.06.1 Build 631 2017-3230 fileName Directory Traversal Applications CVE-2017-3230 Oracle Fusion Middleware Database MapViewer CVE- 1 Management 1 10.06.1 Build 631 FileUploaderServlet 2017-3230 System fileName Directory Traversal Oracle GlassFish Server Application ThemeServlet Directory NA 1 and 1 10.06.1 Build 631 Traversal Software Oracle Identity Manager CVE- Web CVE-2017-10151 Default 2017- 1 Services and 1 10.06.1 Build 631 Credentials 10151 Applications Oracle MySQL CVE- sql_authentication Integer 1 Misc 1 10.06.1 Build 631 2017-3599 Overflow RPC CVE- CVE- 2017-3623 Heap Buffer 1 Misc 1 10.06.1 Build 631 2017-3623 Overflow Oracle Tuxedo Jolt Protocol CVE- CVE-2017-10278 Heap 2017- 1 Misc 1 10.06.1 Build 631 Buffer Overflow CVE-2017- 10278 10278 Oracle WebLogic Remote Web Diagnosis Assistant CVE- 1 Services and 1 10.06.1 Build 631 rda_tfa_hrs Command 2018-2616 Applications Injection CVE-2018-2616 Oracle WebLogic Server Apache-Commons- CVE- 1 Misc 1 10.06.1 Build 631 FileUpload Library Insecure 2013-2186 Deserialization Oracle WebLogic Server Web CVE- UnicastRef Insecure 1 Services and 1 10.06.1 Build 631 2017-3248 Deserialization Applications Oracle WebLogic Server CVE- Web WorkContextXmlInputAdapte 2017- 1 Services and 1 10.06.1 Build 631 r Insecure Deserialization 10271 Applications OS-OTHER Intel x64 side- Operating CVE- channel analysis information 1 System and 2 10.06.1 Build 631 2017-5715 leak attempt Services OS-OTHER Intel x86 side- Operating CVE- channel analysis information 1 System and 2 10.06.1 Build 631 2017-5715 leak attempt Services OS-WINDOWS DCERPC Operating NCACN-IP-TCP srvsvc CVE- 1 System and 1 10.06.1 Build 631 NetrpPathCanonicalize path 2008-4250 Services canonicalization stack

Page 58 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

overflow attempt OS-WINDOWS DCERPC NCACN-IP-TCP wkssvc Operating CVE- NetrUseAdd/NetrUseGetInfo 1 System and 1 10.06.1 Build 631 2008-4250 /NetrUseDel overflow Services attempt OS-WINDOWS DCERPC NCADG-IP-UDP srvsvc Operating CVE- NetrpPathCanonicalize path 1 System and 1 10.06.1 Build 631 2008-4250 canonicalization stack Services overflow attempt OS-WINDOWS Microsoft Operating CVE- LSASS Buffer Overflow 1 System and 2 10.06.1 Build 631 2003-0533 Vulnerability Services OS-WINDOWS Microsoft Operating CVE- LSASS Buffer Overflow 1 System and 4 10.06.1 Build 631 2003-0533 Vulnerability Services OS-WINDOWS Microsoft Operating LSASS Buffer Overflow NA 1 System and 4 10.06.1 Build 631 Vulnerability Services OS-WINDOWS Microsoft Windows CVE-2017-11885 CVE- RRAS Service Arbitrary 2017- 1 Browsers 2 10.06.1 Build 631 Pointer Dereference Attempt 11885 II OS-WINDOWS Microsoft Windows CVE-2017-11885 CVE- RRAS service arbitrary 2017- 1 Browsers 2 10.06.1 Build 631 pointer dereference attempt 11885 IV OS-WINDOWS Microsoft Operating CVE- Windows CVE-2018-0817 1 System and 1 10.06.1 Build 631 2018-0817 Integer Overflow Services OS-WINDOWS Microsoft Operating CVE- Windows CVE-2018-0877 1 System and 1 10.06.1 Build 631 2018-0877 Integer Overflow Services OS-WINDOWS Microsoft Operating CVE- Windows CVE-2018-0889 1 System and 1 10.06.1 Build 631 2018-0889 Remote Code Execution Services OS-WINDOWS Microsoft Operating CVE- Windows empty RDP cookie 1 System and 3 10.06.1 Build 631 2017-0176 negotiation attempt Services OS-WINDOWS Microsoft Operating Windows Font Subsetting CVE- 1 System and 2 10.06.1 Build 631 Integer Overflow CVE-2018- 2018-8344 Services 8344 OS-WINDOWS Microsoft Operating CVE- Windows GDI CVE-2019- 1 System and 2 10.06.1 Build 631 2019-0758 0758 Information Disclosure Services

Page 59 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

OS-WINDOWS Microsoft Operating CVE- Windows GDI CVE-2019- 1 System and 2 10.06.1 Build 631 2019-0882 0882 Information Disclosure Services OS-WINDOWS Microsoft Operating Windows GDI CVE-2019- CVE- 1 System and 1 10.06.1 Build 631 0903 Remote Code 2019-0903 Services Execution OS-WINDOWS Microsoft Operating Windows GDI WMF out of CVE- 1 System and 2 10.06.1 Build 631 bounds read attempt CVE- 2017-0073 Services 2017-0073 OS-WINDOWS Microsoft Operating CVE- Windows hidparse.sys 1 System and 1 10.06.1 Build 631 2018-8169 privilege escalation attempt Services OS-WINDOWS Microsoft Operating Windows LSARPC CVE- 1 System and 2 10.06.1 Build 631 LsapLookupSids denial of 2016-0135 Services service attempt OS-WINDOWS Microsoft Operating CVE- Windows Print Spooler 1 System and 1 10.06.1 Build 631 2010-2729 arbitrary file write attempt Services OS-WINDOWS Microsoft Operating CVE- Windows Print Spooler 1 System and 2 10.06.1 Build 631 2010-2729 arbitrary file write attempt Services OS-WINDOWS Microsoft Operating Windows SMB malformed CVE- 1 System and 1 10.06.1 Build 631 process ID high field denial 2009-2532 Services of service attempt OS-WINDOWS Microsoft Operating Windows SMB malformed CVE- 1 System and 1 10.06.1 Build 631 process ID high field remote 2009-2532 Services code execution attempt OS-WINDOWS Microsoft Operating CVE- Windows SMB NTLM NULL 1 System and 1 10.06.1 Build 631 2000-0347 session attempt Services OS-WINDOWS Microsoft Operating Windows SMBv2 integer CVE- 1 System and 1 10.06.1 Build 631 overflow denial of service 2009-2526 Services attempt OS-WINDOWS Microsoft Operating Windows UDDI Services CVE- 1 System and 2 10.06.1 Build 631 CVE-2015-2475 Cross Site 2015-2475 Services Scripting Vulnerability OS-WINDOWS Microsoft Operating Windows User Hive CVE- 1 System and 1 10.06.1 Build 631 Impersonation Privelege 2016-0073 Services Escalation OS-WINDOWS Microsoft CVE- Operating 1 2 10.06.1 Build 631 Windows VBScript Engine 2018-8174 System and

Page 60 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

CVE-2018-8174 Use After Services Free OS-WINDOWS Microsoft Operating Windows Vista Word 2010 CVE- 1 System and 1 10.06.1 Build 631 CVE-2016-0031 Remote 2016-0031 Services Code Execution Vulnerability OS-WINDOWS VBScipt Operating CVE- CVE-2019-0794 Remote 1 System and 2 10.06.1 Build 631 2019-0794 Code Execution Vulnerability Services OS-WINDOWS Windows 10 Operating CVE- access control privilege 1 System and 1 10.06.1 Build 631 2018-1036 escalation attempt Services OS-WINDOWS Windows 7 Operating CVE- Elevation Of Privilege 1 System and 1 10.06.1 Build 631 2016-0108 Vulnerability Services OS-WINDOWS Windows Operating CVE- Desktop Bridge privilege 1 System and 1 10.06.1 Build 631 2018-8214 escalation attempt Services Outgoing LOIC Tool NA 1 Misc 2 10.06.1 Build 631 Participating in DDOS Operating Petya Malware OPTS NA 1 System and 1 10.06.1 Build 631 Suspicious HTTP Request II Services Operating Petya Malware PROP NA 1 System and 1 10.06.1 Build 631 Suspicious HTTP Request I Services Web PHP exception toString CVE- 1 Services and 1 10.06.1 Build 631 Denial of Service 2016-7478 Applications PHPMailer mail CVE- Operating escapeshellarg Command 2016- 1 System and 1 10.06.1 Build 631 Injection (Published Exploit) 10045 Services PHPMailer mail Sender CVE- Operating Command Injection 2016- 1 System and 1 10.06.1 Build 631 (Published Exploit) 10033 Services PHP phar 404 page Web CVE- Reflected Cross-Site 1 Services and 2 10.06.1 Build 631 2018-5712 Scripting Applications PHP phar_parse_pharfile CVE- Operating Function filename_len 2016- 1 System and 2 10.06.1 Build 631 Property Integer Overflow 10159 Services Web php-shell remote command NA 1 Services and 3 10.06.1 Build 631 shell upload attempt Applications PHP TAR File Parsing CVE- 1 Misc 1 10.06.1 Build 631 Uninitialized Reference 2016-4343 php tiny shell upload attempt NA 1 Web 3 10.06.1 Build 631

Page 61 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Services and Applications PHP zend_hash_destroy Web Uninitialized Pointer Code CVE- 1 Services and 2 10.06.1 Build 631 Execution (Published 2017-5340 Applications Exploit) PHP ZipArchive Web getFromIndex and CVE- 1 Services and 1 10.06.1 Build 631 getFromName Integer 2016-3078 Applications Overflow POP3 Login Brute Force Other Mail NA 1 3 10.06.1 Build 631 Attack Server POP3 PASS overflow CVE- Other Web 1 2 10.06.1 Build 631 Attempt 1999-1511 Server Application POP3 USER overflow CVE- 1 and 2 10.06.1 Build 631 attempt 1999-0494 Software Application POP3 USER overflow CVE- 1 and 2 10.06.1 Build 631 Attempt 1999-0494 Software Possible IE EIP Control CVE- 1 Browsers 2 10.06.1 Build 631 Technique 2012-4792 PostgreSQL Database Core CVE- Server non-libpq Client 1 Misc 1 10.06.1 Build 631 2017-7546 Policy Bypass PowerDNS Authoritative Application CVE- Server Long qname Denial 1 and 1 10.06.1 Build 631 2016-5426 of Service Software PROTOCOL-TELNET login CVE- 1 Misc 4 10.06.1 Build 631 buffer overflow attempt 2001-0797 Operating [PT Open] SMB2 Create NA 1 System and 1 10.06.1 Build 631 PSEXESVC.EXE Services Application PT OPEN SVN-Git Malicious CVE- 1 and 1 10.06.1 Build 631 URI RCE III 2017-9800 Software Application PT OPEN SVN-Git Malicious CVE- 1 and 1 10.06.1 Build 631 URI RCE II 2017-9800 Software Application PT OPEN SVN-Git Malicious CVE- 1 and 1 10.06.1 Build 631 URI RCE I 2017-9800 Software [PT Open] Unimplemented Operating Trans2 Sub-Command code. NA 1 System and 1 10.06.1 Build 631 Possible ETERNALBLUE Services (WannaCry, Petya) tool Quagga VTY Interface CVE- 1 Misc 1 10.06.1 Build 631

Page 62 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Denial of Service 2017-5495 Quest NetVault Backup Web Multipart Request CVE- 1 Services and 1 10.06.1 Build 631 checksession Authentication 2018-1163 Applications Bypass Quest NetVault Backup CVE- Web NVBUBackup Count Method 2017- 1 Services and 2 10.06.1 Build 631 SQL Injection 17652 Applications Quest NetVault Backup CVE- Web NVBUEventHistory Get 2017- 1 Services and 1 10.06.1 Build 631 Method SQL Injection 17412 Applications Red5 Server Apache Commons Collections NA 1 Misc 1 10.06.1 Build 631 Insecure Deserialization Red Hat JBoss Application CVE- Web Server doFilter Insecure 2017- 1 Services and 1 10.06.1 Build 631 Deserialization CVE-2017- 12149 Applications 12149 Red Hat JBoss BPM Suite CVE- BRMS Tasks List Cross-Site 1 Misc 1 10.06.1 Build 631 2017-2674 Scripting Red Hat JBoss Data Grid CVE- Application Hotrod Client Insecure 2017- 1 and 2 10.06.1 Build 631 Deserialization 15089 Software Roundcube Webmail Web CVE- archive.php IMAP Command 1 Services and 2 10.06.1 Build 631 2018-9846 Injection Applications Operating RPC portmap cachefsd CVE- 1 System and 2 10.06.1 Build 631 request TCP 2002-0033 Services Operating RPC portmap cachefsd CVE- 1 System and 2 10.06.1 Build 631 request UDP 2002-0033 Services Application RPC portmap kcms_server CVE- 1 and 2 10.06.1 Build 631 request TCP 2003-0027 Software Application RPC portmap kcms_server CVE- 1 and 2 10.06.1 Build 631 request UDP 2003-0027 Software Application RPC portmap nlockmgr CVE- 1 and 2 10.06.1 Build 631 request TCP 2000-0508 Software Application RPC portmap nlockmgr CVE- 1 and 2 10.06.1 Build 631 request UDP 2000-0508 Software Samba LDAP AD DC CVE- 1 Misc 2 10.06.1 Build 631 Privilege Escalation 2018-1057

Page 63 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

(Decrypted Traffic) Samba NDR Parsing CVE- ndr_pull_dnsp_name Integer 1 Misc 1 10.06.1 Build 631 2016-2123 Overflow CVE- Samba SMB1 Information 2017- 1 Misc 1 10.06.1 Build 631 Disclosure 12163 Samba SMB1 CVE- Operating smb_request_done Use 2017- 1 System and 1 10.06.1 Build 631 After Free CVE-2017-14746 14746 Services Operating Samba Writeable Share CVE- 1 System and 1 10.06.1 Build 631 Insecure Library Loading 2017-7494 Services Schneider Electric GP-Pro Industrial EX ParseAPI Heap Buffer NA 1 Control 1 10.06.1 Build 631 Overflow System Schneider Electric ProClima Industrial CVE- F1BookView Attach Memory 1 Control 3 10.06.1 Build 631 2015-7918 Corruption System Schneider Electric ProClima Industrial F1BookView CopyRange CVE- 1 Control 3 10.06.1 Build 631 SwapTables Memory 2015-8561 System Corruption Schneider Electric SoMachine HVAC CVE- AxEditGrid ActiveX 1 Misc 2 10.06.1 Build 631 2016-4529 Untrusted Pointer Dereference Schneider Electric U.motion Industrial Builder css.inc.php Arbitrary NA 1 Control 1 10.06.1 Build 631 File Inclusion System Schneider Electric U.motion Industrial Builder loadtemplate.php NA 1 Control 1 10.06.1 Build 631 SQL Injection System Schneider Electric U.motion Web Builder localize.php SQL NA 1 Services and 1 10.06.1 Build 631 Injection Applications Schneider Electric U.motion Web CVE- Builder nfcserver.php SQL 1 Services and 2 10.06.1 Build 631 2017-7973 Injection Applications Schneider Electric U.motion Industrial Builder runscript.php NA 1 Control 2 10.06.1 Build 631 Directory Traversal System Schneider Electric U.motion Web Builder CVE- 1 Services and 1 10.06.1 Build 631 track_import_export.php 2017-7973 Applications SQL Injection

Page 64 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

SERVER-APACHE Apache CVE- Apache Killer denial of service tool 1 2 10.06.1 Build 631 2011-3192 HTTP Server exploit attempt SERVER-APACHE Apache CVE- Apache Struts2 CVE-2017-9791 1 1 10.06.1 Build 631 2017-9791 HTTP Server Remote Code Execution II SERVER-APACHE Apache Operating Struts2 CVE-2017-9805 CVE- 1 System and 1 10.06.1 Build 631 REST Plugin XStream Input 2017-9805 Services Deserialization RCE SERVER-APACHE Apache CVE- Apache Struts remote code 1 2 10.06.1 Build 631 2017-5638 HTTP Server execution attempt SERVER-IIS Alternate Data CVE- Microsoft IIS streams ASP file access 1 2 10.06.1 Build 631 1999-0278 web server attempt CVE-1999-0278 SERVER-IIS ASP contents CVE- Microsoft IIS 1 2 10.06.1 Build 631 view CVE-2000-0302 2000-0302 web server SERVER-IIS ASP contents CVE- Microsoft IIS 1 2 10.06.1 Build 631 view CVE-2000-0942 2000-0942 web server SERVER-IIS +.htr code CVE- Microsoft IIS 1 2 10.06.1 Build 631 fragment Attempt 2000-0630 web server SERVER-IIS Printer Protocol ISAPI CVE-2001-0241 CVE- Microsoft IIS 1 2 10.06.1 Build 631 Header Overflow Jill Beavuh 2001-0241 web server III SERVER-IIS Printer Protocol CVE- Microsoft IIS ISAPI CVE-2001-0241 1 2 10.06.1 Build 631 2001-0241 web server Header Overflow Meta I SERVER-IIS Printer Protocol CVE- Microsoft IIS ISAPI CVE-2001-0241 1 2 10.06.1 Build 631 2001-0241 web server Header Overflow Storm II SERVER-IIS RSA CVE- Microsoft IIS authentication Agent Web 1 2 10.06.1 Build 631 2005-1471 web server Redirect Buffer Overflow SERVER-IIS web agent CVE- Microsoft IIS chunked encoding overflow 1 2 10.06.1 Build 631 2005-1471 web server attempt SERVER-MAIL Exim BDAT CVE- Other Mail CVE-2017-16943 Use After 2017- 1 3 10.06.1 Build 631 Server Free 16943 SERVER-MAIL Exim BDAT CVE- CVE-2017-16944 Use After 2017- 1 Misc 1 10.06.1 Build 631 Free 16944 SERVER-OTHER Adobe CVE- Other Web Coldfusion cfcache.map 1 2 10.06.1 Build 631 2000-0057 Server access CVE-2000-0057

Page 65 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

SERVER-OTHER Adobe CVE- Other Web Coldfusion exprcalc access 1 2 10.06.1 Build 631 1999-0455 Server CVE-1999-0455 SERVER-OTHER Arkeia Application Network Backup Client CVE- 1 and 1 10.06.1 Build 631 Buffer Overflow (Published 2005-0491 Software Exploit) SERVER-OTHER CGI Script Application CVE- auktion.cgi Directory 1 and 2 10.06.1 Build 631 2001-0212 Traversal Attempt Software SERVER-OTHER CGI Script Application CVE- book.cgi arbitrary command 1 and 2 10.06.1 Build 631 2001-1114 execution Attempt Software SERVER-OTHER CGI Script Application CVE- cal_make.pl Directory 1 and 2 10.06.1 Build 631 2001-0463 Traversal Software Application SERVER-OTHER CGI Script CVE- 1 and 2 10.06.1 Build 631 Campas URI Access 1999-0146 Software Application SERVER-OTHER CGI Script CVE- 1 and 2 10.06.1 Build 631 emumail.cgi NULL Attempt 2002-1526 Software SERVER-OTHER CGI Script Application CVE- hello.bat Arbitrary Command 1 and 2 10.06.1 Build 631 2000-0213 Exec Software Application SERVER-OTHER CGI Script CVE- 1 and 2 10.06.1 Build 631 perl command Attempt 1999-0509 Software Application SERVER-OTHER CGI Script CVE- 1 and 2 10.06.1 Build 631 perl.exe command Attempt 1999-0509 Software SERVER-OTHER CGI Script Application CVE- pfdispaly.cgi arbitrary 1 and 2 10.06.1 Build 631 1999-0270 command execution Attempt Software SERVER-OTHER CGI Script Application CVE- story.pl arbitrary file read 1 and 2 10.06.1 Build 631 2001-0804 Attempt Software SERVER-OTHER CGI Script Application CVE- ustorekeeper.pl Directory 1 and 2 10.06.1 Build 631 2001-0466 Traversal Software Application SERVER-OTHER IMAP CVE- 1 and 2 10.06.1 Build 631 auth literal overflow Attempt 1999-0005 Software SERVER-OTHER libupnp CVE- Microsoft IIS command buffer overflow 1 2 10.06.1 Build 631 2012-5958 web server attempt CVE-2012-5962 SERVER-OTHER libupnp CVE- 1 Other Web 2 10.06.1 Build 631

Page 66 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

command buffer overflow 2012-5958 Server attempt SERVER-OTHER Microsoft CVE- Other Web Frontpage authors.pwd 1 2 10.06.1 Build 631 1999-0386 Server access CVE-1999-0386 SERVER-OTHER Microsoft CVE- Other Web Frontpage dvwssr.dll access 1 2 10.06.1 Build 631 2000-0260 Server CVE-2000-0260 SERVER-OTHER Microsoft JET Database Engine CVE- CVE- Other Web 1 2 10.06.1 Build 631 2018-8423 Remote Code 2018-8423 Server Execution Vulnerability SERVER-OTHER Mikrotik CVE- Microsoft IIS RouterOS denial of service 1 2 10.06.1 Build 631 2012-6050 web server attempt CVE-2012-6050 SERVER-OTHER Mikrotik CVE- Other Web RouterOS denial of service 1 2 10.06.1 Build 631 2012-6050 Server attempt SERVER-OTHER OpenSSL SSL ChangeCipherSpec CVE- Other Mail 1 4 10.06.1 Build 631 man-in-the-middle 2014-0224 Server exploitation attempt Application SERVER-PHP Blahz-DNS CVE- 1 and 2 10.06.1 Build 631 dostuff.php Modify User 2002-0599 Software Web SERVER-WEBAPP 1999- NA 1 Services and 1 10.06.1 Build 631 0070 Applications SERVER-WEBAPP Amaya Web templates sendtemp.pl CVE- 1 Services and 2 10.06.1 Build 631 directory traversal attempt 2001-0272 Applications CVE-2001-0272 SERVER-WEBAPP CGI Web Script anaconda directory CVE- 1 Services and 2 10.06.1 Build 631 transversal Attempt CVE- 2000-0975 Applications 2000-0975 SERVER-WEBAPP CGit CVE- Web CVE-2018-14912 2018- 1 Services and 2 10.06.1 Build 631 cgit_clone_objects function 14912 Applications directory traversal attempt SERVER-WEBAPP GD Web Library libgd gd_gd2.c Heap CVE- 1 Services and 1 10.06.1 Build 631 Buffer Overflow (Published 2016-3074 Applications Exploit) CVE-2016-3074 SERVER-WEBAPP Web HyperSeek hsx.cgi directory CVE- 1 Services and 2 10.06.1 Build 631 traversal attempt CVVE- 2001-0253 Applications 2001-0253

Page 67 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

SERVER-WEBAPP Web CVE- imagemap.exe overflow 1 Services and 2 10.06.1 Build 631 1999-0951 attempt CVE-1999-0951 Applications SERVER-WEBAPP Joomla Web restore.php PHP object CVE- 1 Services and 2 10.06.1 Build 631 injection attempt CVE-2014- 2014-7228 Applications 7228 SERVER-WEBAPP Web CVE- mmstdod.cgi access CVE- 1 Services and 2 10.06.1 Build 631 2001-0021 2001-0021 Applications SERVER-WEBAPP Netgear Web DGN1000 series routers NA 1 Services and 2 10.06.1 Build 631 arbitrary command execution Applications attempt SERVER-WEBAPP Netgear Web DGN1000 series routers NA 1 Services and 2 10.06.1 Build 631 authentication bypass Applications attempt SERVER-WEBAPP Netgear Web CVE- DGN2200 ping.cgi command 1 Services and 2 10.06.1 Build 631 2017-6077 injection attempt Applications SERVER-WEBAPP Netgear CVE- Web WNR2000 hidden_lang_avi 2016- 1 Services and 2 10.06.1 Build 631 stack buffer overflow attempt 10174 Applications CVE-2016-10174 SERVER-WEBAPP Netgear CVE- Web WNR2000 hidden_lang_avi 2016- 1 Services and 2 10.06.1 Build 631 stack buffer overflow attempt 10174 Applications SERVER-WEBAPP Netgear CVE- Web WNR2000 information leak 2016- 1 Services and 2 10.06.1 Build 631 attempt CVE-2016-10175 10175 Applications SERVER-WEBAPP UPnP Web CVE- AddPortMapping SOAP 1 Services and 2 10.06.1 Build 631 2014-8361 Action Command Injection Applications SERVER-WEBAPP view- Web CVE- source directory traversal 1 Services and 2 10.06.1 Build 631 1999-0174 CVE-1999-0174 Applications SERVER-WEBAPP webplus Web CVE- version access CVE-2000- 1 Services and 2 10.06.1 Build 631 2000-0282 0282 Applications SERVER-WEBAPP Web webspirs.cgi directory CVE- 1 Services and 2 10.06.1 Build 631 traversal attempt CVE-2001- 2001-0211 Applications 0211 SERVER-WEBAPP Web whois_raw.cgi arbitrary CVE- 1 Services and 2 10.06.1 Build 631 command execution attempt 1999-1063 Applications CVE-1999-1063

Page 68 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Shopware Application CVE- getTemplateName Local File 1 and 3 10.06.1 Build 631 2016-3109 Inclusion Software SIP erase_registrations-add Reconnaissa NA 1 2 10.06.1 Build 631 registrations attempt nce Reconnaissa Sipsak SIP scan NA 1 5 10.06.1 Build 631 nce Reconnaissa sipscan probe NA 1 5 10.06.1 Build 631 nce SIP UDP Softphone INVITE CVE- Reconnaissa 1 2 10.06.1 Build 631 message overflow 2006-0189 nce Reconnaissa Sipvicious OPTIONS Scan NA 1 5 10.06.1 Build 631 nce Sipvicious User-Agent Reconnaissa NA 1 5 10.06.1 Build 631 friendly-scanner nce Sipvicious User-Agent Reconnaissa NA 1 5 10.06.1 Build 631 sundayddr nce Sirefef Fake Opera 10 User- Reconnaissa NA 1 5 10.06.1 Build 631 Agent nce Sivus VOIP Vulnerability Reconnaissa Scanner SIP Components NA 1 5 10.06.1 Build 631 nce Scan Reconnaissa Smap VOIP Device Scan NA 1 5 10.06.1 Build 631 nce Application SMTP From comment CVE- 1 and 2 10.06.1 Build 631 overflow Attempt 2002-1337 Software Application SNMP missing community CVE- 1 and 2 10.06.1 Build 631 string attempt 1999-0517 Software Application SNMP null community string CVE- 1 and 2 10.06.1 Build 631 attempt 1999-0517 Software SolarWinds SRM Profiler Application CVE- BackupAssociationServlet 1 and 1 10.06.1 Build 631 2016-4350 add SQL Injection Software SolarWinds SRM Profiler Application CVE- BackupExceptionsServlet 1 and 1 10.06.1 Build 631 2016-4350 SQL Injection Software SolarWinds SRM Profiler Application CVE- BexDriveUsageSummarySer 1 and 1 10.06.1 Build 631 2016-4350 vlet SQL Injection Software SolarWinds SRM Profiler Application CVE- DuplicateFilesServlet SQL 1 and 1 10.06.1 Build 631 2016-4350 Injection Software SolarWinds SRM Profiler CVE- 1 Application 2 10.06.1 Build 631

Page 69 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

FileActionAssignmentServlet 2016-4350 and assignedNames SQL Software Injection SolarWinds SRM Profiler Application CVE- HostStorageServlet state 1 and 1 10.06.1 Build 631 2016-4350 FileSystem ID SQL Injection Software SolarWinds SRM Profiler Operating CVE- NbuErrorMessageServlet 1 System and 1 10.06.1 Build 631 2016-4350 exitCode SQL Injection Services SolarWinds SRM Profiler Web RulesMetaData addNewRule NA 1 Services and 1 10.06.1 Build 631 SQL Injection Applications SolarWinds SRM Profiler Application CVE- ScriptServlet ScriptSchedule 1 and 1 10.06.1 Build 631 2016-4350 SQL Injection Software SolarWinds SRM Profiler Application CVE- ScriptServlet state SQL 1 and 1 10.06.1 Build 631 2016-4350 Injection Software SolarWinds SRM Profiler Application CVE- ScriptServlet state upload 1 and 2 10.06.1 Build 631 2016-4350 SQL Injection Software SolarWinds SRM Profiler Operating CVE- UserDefinedFieldConfigServl 1 System and 1 10.06.1 Build 631 2016-4350 et saveUDF SQL Injection Services SolarWinds SRM Profiler Application CVE- XiotechMonitorServlet 1 and 2 10.06.1 Build 631 2016-4350 saveSite SQL Injection Software Solarwinds Virtualization Malware Manager Apache Commons CVE- 1 Communicati 1 10.06.1 Build 631 Collections Insecure 2016-3642 on Deserialization Solarwinds Virtualization Operating Manager Apache Commons CVE- 1 System and 1 10.06.1 Build 631 Collections Insecure 2016-3642 Services Deserialization Splunk Enterprise alerts alerts_id Server-Side NA 1 Misc 1 10.06.1 Build 631 Request Forgery Application Squid HTTP Response CVE- 1 and 2 10.06.1 Build 631 Processing Denial of Service 2016-3948 Software Application Squid Proxy ESI Component CVE- 1 and 1 10.06.1 Build 631 Stack Buffer Overflow 2016-4054 Software Application Squid Proxy ESI Response CVE- 1 and 2 10.06.1 Build 631 Processing Denial of Service 2016-4555 Software

Page 70 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Squid Proxy ESI Response NA 1 DNS 1 10.06.1 Build 631 Processing Denial of Service Squid Proxy log_uses_indirect_client NA 1 DNS 1 10.06.1 Build 631 Denial of Service Reconnaissa SSH Brute Force Attack NA 1 3 10.06.1 Build 631 nce Web SugarCRM rest_data PHP NA 1 Services and 2 10.06.1 Build 631 Object Deserialization Applications Suspicious WannaCry Ransomware Binary NA 1 Misc 1 10.06.1 Build 631 Download Activity III Suspicious WannaCry Ransomware Binary NA 1 Misc 1 10.06.1 Build 631 Download Activity II Suspicious WannaCry Ransomware Binary NA 1 Misc 1 10.06.1 Build 631 Download Activity I Suspicious WannaCry Ransomware Binary NA 1 Misc 1 10.06.1 Build 631 Download Activity IV Suspicious WannaCry Ransomware Binary NA 1 Misc 1 10.06.1 Build 631 Download Activity V Symantec Messaging Web Gateway performRestore CVE- 1 Services and 1 10.06.1 Build 631 Command Injection 2017-6327 Applications (Decrypted Traffic) Symantec Web Gateway OS Operating CVE- Command Injection 1 System and 1 10.06.1 Build 631 2016-5313 (Decrypted Traffic) Services Symantec Workspace Application Streaming XML-RPC CVE- 1 and 2 10.06.1 Build 631 Arbitrary File Upload 2014-1649 Software (Published Exploit) Symantec Workspace Application Streaming XML-RPC CVE- 1 and 2 10.06.1 Build 631 Arbitrary File Upload 2014-1649 Software Vulnerability II Tarantool CVE- xrow_header_decode Out of 1 Misc 1 10.06.1 Build 631 2016-9037 Bounds Read Teampass upload.files.php NA 1 Misc 3 10.06.1 Build 631 Arbitrary File Upload Telnet Server Brute Force Reconnaissa NA 1 3 10.06.1 Build 631 Attack nce

Page 71 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Trend Micro Antivirus Operating Password Manager Code NA 1 System and 2 10.06.1 Build 631 Injection (Published Exploit) Services Trend Micro Control Manager Application AdHocQuery_Processor.asp NA 1 and 2 10.06.1 Build 631 x SQL Injection (Decrypted Software Traffic) Trend Micro Control CVE- Manager 2017- 1 Misc 2 10.06.1 Build 631 cmdHandlerLicenseManager 11384 SQL Injection Trend Micro Control CVE- Manager 2017- 1 Misc 1 10.06.1 Build 631 cmdHandlerStatusMonitor 11385 SQL Injection Trend Micro Control CVE- Manager 2017- 1 Misc 2 10.06.1 Build 631 cmdHandlerTVCSCommand 11383 er SQL Injection Trend Micro Control Manager Application CVE- DeploymentPlan_Event_Han 1 and 3 10.06.1 Build 631 2016-6220 dler Information Disclosure Software (Decrypted Traffic) Trend Micro Control Web Manager dlp_policy.php NA 1 Services and 1 10.06.1 Build 631 Directory Traversal Applications (Decrypted Traffic) Trend Micro Control Application Manager download.php NA 1 and 2 10.06.1 Build 631 Information Disclosure Software (Decrypted Traffic) Trend Micro Control Web Manager importFile.php NA 1 Services and 1 10.06.1 Build 631 Directory Traversal Applications (Decrypted Traffic) Trend Micro Control Web Manager lang Parameter NA 1 Services and 1 10.06.1 Build 631 Arbitrary File Inclusion Applications (Decrypted Traffic) Trend Micro Control Malware Manager ProductTree NA 1 Communicati 1 10.06.1 Build 631 Information Disclosure on (Decrypted Traffic) Trend Micro Control Manager Application ProductTree_RightWindow NA 1 and 1 10.06.1 Build 631 XML External Entity Software Processing (Decrypted

Page 72 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Traffic) Trend Micro Control Application Manager task_controller NA 1 and 1 10.06.1 Build 631 Information Disclosure Software (Decrypted Traffic) Trend Micro Control Manager Application TreeUserControl_process_tr NA 1 and 1 10.06.1 Build 631 ee_event Information Software Disclosure (Decrypted Traffic) Trend Micro Control Web Manager Widget NA 1 Services and 1 10.06.1 Build 631 importFile.php Directory Applications Traversal (Decrypted Traffic) Trend Micro Control Web Manager XML External NA 1 Services and 1 10.06.1 Build 631 Entity Processing (Decrypted Applications Traffic) Trend Micro IMSVA Management Portal Web CVE- Authentication Bypass 1 Services and 1 10.06.1 Build 631 2018-3609 (Decrypted Traffic) CVE- Applications 2018-3609 Trend Micro InterScan CVE- Web Messaging Security 2017- 1 Services and 1 10.06.1 Build 631 modTMCSS Command 11391 Applications Injection (Decrypted Traffic) Trend Micro InterScan Web Web Security Virtual Appliance NA 1 Services and 2 10.06.1 Build 631 VerboseLog Directory Applications Traversal (Decrypted Traffic) Trend Micro IWSVA DeploymentWizardAction NA 1 Misc 1 10.06.1 Build 631 GetClusterInfo Command Injection (Decrypted Traffic) Trend Micro IWSVA DomainList Web TestingADKerberos NA 1 Services and 2 10.06.1 Build 631 Command Injection Applications (Decrypted Traffic) Application Trend Micro IWSVA NA 1 and 2 10.06.1 Build 631 domains Command Injection Software Trend Micro IWSVA Web LogSettingHandler NA 1 Services and 1 10.06.1 Build 631 doPostMountDevice Applications Command Injection Trend Micro IWSVA NA 1 Application 1 10.06.1 Build 631

Page 73 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

ManagePatches filename and Command Injection Software Trend Micro IWSVA Web ManageSRouteSettings NA 1 Services and 2 10.06.1 Build 631 HttpServlet Command Applications Injection (Decrypted Traffic) Trend Micro IWSVA Web PacFileManagement NA 1 Services and 1 10.06.1 Build 631 delete_pac_files Command Applications Injection Trend Micro IWSVA Web ReportHandler DoCmd NA 1 Services and 1 10.06.1 Build 631 Command Injection Applications (Decrypted Traffic) Trend Micro IWSVA testConfiguration Command NA 1 Misc 2 10.06.1 Build 631 Injection (Decrypted Traffic) Trend Micro IWSVA Application testConfiguration Command NA 1 and 2 10.06.1 Build 631 Injection Software Trend Micro IWSVA Application wmi_domain_controllers NA 1 and 1 10.06.1 Build 631 Command Injection Software Trend Micro Mobile Security Enterprise CVE- Web eas_agent_sync_client_info 2017- 1 Services and 1 10.06.1 Build 631 slink_id SQL Injection 14078 Applications (Decrypted Traffic) Trend Micro Mobile Security Enterprise CVE- Web eas_agent_unregister 2017- 1 Services and 1 10.06.1 Build 631 slink_id SQL Injection 14078 Applications (Decrypted Traffic) Trend Micro Mobile Security CVE- Web Enterprise get_dep_profile id 2017- 1 Services and 1 10.06.1 Build 631 SQL Injection (Decrypted 14078 Applications Traffic) Trend Micro OfficeScan CVE- Proxy.php Command 2017- 1 Misc 2 10.06.1 Build 631 Injection (Decrypted Traffic) 11394 Trend Micro SafeSync for Application Enterprise ad.pm id Remote NA 1 and 1 10.06.1 Build 631 Command Execution Software (Decrypted Traffic) Trend Micro SafeSync for Enterprise Web check_nfs_server_status NA 1 Services and 1 10.06.1 Build 631 Command Injection Applications (Decrypted Traffic)

Page 74 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Trend Micro SafeSync for Enterprise Web dead_local_device NA 1 Services and 1 10.06.1 Build 631 Command Injection Applications (Decrypted Traffic) Trend Micro SafeSync for Web Enterprise deviceTool.pm NA 1 Services and 2 10.06.1 Build 631 devid Command Injection Applications (Decrypted Traffic) Trend Micro SafeSync for Application Enterprise deviceTool.pm NA 1 and 3 10.06.1 Build 631 get_device_info SQL Software Injection (Decrypted Traffic) Trend Micro SafeSync for Operating Enterprise deviceTool.pm NA 1 System and 1 10.06.1 Build 631 get_nic_device SQL Services Injection (Decrypted Traffic) Trend Micro SafeSync for Application Enterprise license Command NA 1 and 1 10.06.1 Build 631 Injection (Decrypted Traffic) Software Trend Micro SafeSync for Enterprise Web replace_local_disk NA 1 Services and 2 10.06.1 Build 631 Command Injection Applications (Decrypted Traffic) Trend Micro SafeSync for Web Enterprise restartService NA 1 Services and 2 10.06.1 Build 631 Command Injection Applications (Decrypted Traffic) Trend Micro SafeSync for Web Enterprise rollback NA 1 Services and 2 10.06.1 Build 631 Command Injection Applications (Decrypted Traffic) Trend Micro SafeSync for Application Enterprise storage.pm NA 1 and 3 10.06.1 Build 631 device_id role Command Software Injection (Decrypted Traffic) Trend Micro SafeSync for Enterprise storage.pm Malware discovery_iscsi_device NA 1 Communicati 1 10.06.1 Build 631 Command Injection on (Decrypted Traffic) Trend Micro Smart Protection Server CVE- admin_notification.php 1 Misc 2 10.06.1 Build 631 2016-6267 Command Injection (Decrypted Traffic) Trend Micro Smart Web CVE- Protection Server 1 Services and 3 10.06.1 Build 631 2016-6266 ccca_ajaxhandler.php Applications

Page 75 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Command Injection (Decrypted Traffic) Trend Micro Smart Protection Server Application wcs_bwlists_handler.php NA 1 and 1 10.06.1 Build 631 Command Injection Software (Decrypted Traffic) Trend Micro Virtual Mobile Infrastructure Web CVE- apns_worker.py Command 1 Services and 2 10.06.1 Build 631 2016-6270 Injection (Decrypted Traffic) Applications (Published Exploit) Trihedral VTScada WAP CVE- 1 Misc 2 10.06.1 Build 631 Directory Traversal 2016-4532 Trihedral VTScada WAP CVE- 1 Misc 2 10.06.1 Build 631 Filter Bypass 2016-4510 Web Trihedral VTScada WAP Out CVE- 1 Services and 1 10.06.1 Build 631 of Bounds Indexing 2016-4523 Applications Unitronics VisiLogic OPLC Industrial CVE- IDE TeePreviewer ChartLink 1 Control 3 10.06.1 Build 631 2015-6478 Memory Corruption System vBulletin routestring Local NA 1 Misc 3 10.06.1 Build 631 File Inclusion Application VegaDNS axfr_get.php NA 1 and 2 10.06.1 Build 631 Command Injection Software VIPA Controls WinPLC7 Industrial CVE- recv Stack-based Buffer 1 Control 1 10.06.1 Build 631 2017-5177 Overflow System VMware VNC CVE- VMWDynResolution Heap 1 Misc 1 10.06.1 Build 631 2017-4933 Buffer Overflow Reconnaissa Voiper Toolkit Torturer Scan NA 1 5 10.06.1 Build 631 nce Malware W32/Dapato.Downloader NA 1 Communicati 1 10.06.1 Build 631 CnC Beacon on Malware WannaCry Ransomware NA 1 Communicati 1 10.06.1 Build 631 Binary Download on Web WEB-FRONTPAGE CVE- 1 Services and 2 10.06.1 Build 631 dvwssr.dll Access 2000-0260 Applications CVE- Microsoft IIS WEB-IIS ASP contents view 1 2 10.06.1 Build 631 2000-0302 web server WEB-IIS ASP contents view CVE- 1 Microsoft IIS 2 10.06.1 Build 631

Page 76 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

2000-0942 web server WEB-IIS Battleaxe Forum CVE- Microsoft IIS 1 2 10.06.1 Build 631 login.asp Access 2003-0215 web server Web WEB-IIS cross-site scripting CVE- 1 Services and 2 10.06.1 Build 631 Attempt 2000-0746 Applications Web CVE- WEB-IIS global.asa Access 1 Services and 2 10.06.1 Build 631 2000-0778 Applications WEB-IIS .htr chunked CVE- Microsoft IIS 1 2 10.06.1 Build 631 Transfer-Encoding 2002-0364 web server CVE- Microsoft IIS WEB-IIS pbserver Access 1 2 10.06.1 Build 631 2000-1089 web server Application WEB-IIS WEBDAV nessus CVE- 1 and 2 10.06.1 Build 631 safe scan Attempt 2003-0109 Software Web CVE- WEB-IIS webhits Access 1 Services and 2 10.06.1 Build 631 2000-0097 Applications WEB-MISC ALT-N Reconnaissa WebAdmin user param NA 1 3 10.06.1 Build 631 nce overflow attempt Web CVE- WEB-MISC ans.pl Access 1 Services and 2 10.06.1 Build 631 2002-0306 Applications WEB-MISC Apache CVE- Apache Chunked-Encoding worm 1 2 10.06.1 Build 631 2002-0071 HTTP Server Attempt Web WEB-MISC Cisco IOS HTTP CVE- 1 Services and 2 10.06.1 Build 631 configuration Attempt 2001-0537 Applications WEB-MISC CISCO PIX Operating CVE- Firewall Manager directory 1 System and 2 10.06.1 Build 631 1999-0158 traversal Attempt Services Web CVE- WEB-MISC ftp.pl Attempt 1 Services and 2 10.06.1 Build 631 2000-0674 Applications WEB-MISC HP OpenView CVE- Manager DOS CVE-2001- 1 Misc 4 10.06.1 Build 631 2001-0552 0552 Web WEB-MISC Lotus EditDoc NA 1 Services and 2 10.06.1 Build 631 Attempt Applications Web WEB-MISC musicat CVE- 1 Services and 2 10.06.1 Build 631 empower Attempt 2001-0224 Applications

Page 77 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

WEB-MISC Netscape Web CVE- Enterprise directory listing 1 Services and 2 10.06.1 Build 631 2001-0250 Attempt Applications WEB-MISC Novell Web CVE- Groupwise gwweb.exe 1 Services and 2 10.06.1 Build 631 1999-1005 Attempt Applications Application WEB-MISC perl post CVE- 1 and 2 10.06.1 Build 631 Attempt 2002-1436 Software WEB-MISC RBS ISP Web CVE- newuser directory traversal 1 Services and 2 10.06.1 Build 631 2000-1036 Attempt Applications Web WEB-MISC ROADS CVE- 1 Services and 2 10.06.1 Build 631 search.pl Attempt 2001-0215 Applications Web WEB-MISC SWEditServlet CVE- 1 Services and 2 10.06.1 Build 631 directory traversal Attempt 2001-0555 Applications WEB-MISC Tomcat null byte CVE- Apache 1 2 10.06.1 Build 631 directory listing Attempt 2003-0042 HTTP Server WEB-MISC Tomcat servlet Application CVE- mapping cross site scripting 1 and 2 10.06.1 Build 631 2002-0682 Attempt Software Web WEB-MISC Trend Micro NA 1 Services and 2 10.06.1 Build 631 OfficeScan Attempt Applications Application WEB-MISC WEB-INF CVE- 1 and 2 10.06.1 Build 631 Access 2000-1050 Software WebNMS Framework Server Web CVE- FileUploadServlet Arbitrary 1 Services and 2 10.06.1 Build 631 2016-6600 File Upload Applications Application WEB-PHP directory.php CVE- 1 and 2 10.06.1 Build 631 arbitrary command Attempt 2002-0434 Software Application WEB-PHP edit_image.php CVE- 1 and 2 10.06.1 Build 631 Access 2001-1020 Software Application WEB-PHP read_body.php CVE- 1 and 2 10.06.1 Build 631 access Attempt 2002-1341 Software WECON LeviStudio Address NA 1 Misc 2 10.06.1 Build 631 Name Heap Buffer Overflow WECON LeviStudio BaseSet Application BgOnOffBitAddr Stack Buffer NA 1 and 1 10.06.1 Build 631 Overflow Software WECON LeviStudio NA 1 Misc 1 10.06.1 Build 631

Page 78 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

CurScrIDAddr Stack Buffer Overflow WECON LeviStudio HmiSet NA 1 Misc 1 10.06.1 Build 631 Style Stack Buffer Overflow WECON LeviStudio HmiSet NA 1 Misc 1 10.06.1 Build 631 Type Stack Buffer Overflow WECON LeviStudio PLC NA 1 Misc 1 10.06.1 Build 631 Type Heap Buffer Overflow WECON LeviStudio ScreenInfo ScrnName Heap NA 1 Misc 1 10.06.1 Build 631 Buffer Overflow WECON LeviStudio String Content Heap Buffer NA 1 Misc 1 10.06.1 Build 631 Overflow Malware Win32/Hilgild!gen.A CnC NA 1 Communicati 1 10.06.1 Build 631 Communication on Web WordPress Admin API CVE- 1 Services and 3 10.06.1 Build 631 Directory Traversal 2016-6896 Applications WordPress REST API Posts Application Controller Privilege NA 1 and 1 10.06.1 Build 631 Escalation Software Web Zabbix Server Active Proxy CVE- 1 Services and 1 10.06.1 Build 631 Trapper Command Injection 2017-2824 Applications

Page 79 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

• Name: Name of the Signature.

• CVE–ID: CVE Identification Number. Common Vulnerabilities and Exposures (CVE) provides reference of CVE Identifiers for publicly known information security vulnerabilities.

• Rev No.: Threat signature revision number.

• Category: Class type according to threat.

• Severity: Degree of severity. The levels of severity are described in the table below:

Severity Level Severity Criteria 1 Low 2 Moderate 3 High 4 Critical

• Applicable from Version: Threat Signatures are available in a specified Cyberoam Firmware Version and above.

Page 80 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved. IPS Signature Database Release Notes Version 5.15.89 ------

Important Notice Cyberoam Technologies Pvt. Ltd. has supplied this Information believing it to be accurate and reliable at the time of printing, but is presented without warranty of any kind, expressed or implied. Users must take full responsibility for their application of any products. Cyberoam Technologies Pvt. Ltd. assumes no responsibility for any errors that may appear in this document. Cyberoam Technologies Pvt. Ltd. reserves the right, without notice to make changes in product design or specifications. Information is subject to change without notice.

USER’S LICENSE Use of this product and document is subject to acceptance of the terms and conditions of Cyberoam End User License Agreement (EULA) and Warranty Policy for Cyberoam UTM Appliances.

You will find the copy of the EULA at http://www.cyberoam.com/documents/EULA.html and the Warranty Policy for Cyberoam UTM Appliances at http://kb.cyberoam.com.

RESTRICTED RIGHTS Copyright 1999 - 2015 Cyberoam Technologies Pvt. Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Cyberoam Technologies Pvt. Ltd.

Corporate Headquarters Cyberoam Technologies Pvt. Ltd. 901, Silicon Tower, Off. C.G. Road, Ahmedabad – 380006, INDIA Phone: +91-79-66065606 Fax: +91-79-26407640 Web site: www.cyberoam.com

Page 81 of 81 Document Version – 1.0- 14/05/2019

© Copyright 2019 Cyberoam Technologies Pvt. Ltd. All Rights Reserved.